I forgot to add: I'd recommend using your own self-signed TLS client and server certificates for authentication, if you can. That is probably the mostly clearly supported option across all gRPC implementations, IMO. There is easy sample code available for all languages.
On Wednesday, March 15, 2017 at 5:55:41 PM UTC-4, Evan Jones wrote: > > Clients that talk to Google using an OAuth credential are pretty > straightforward, see the following document for sample code of how to use > it. > > > https://github.com/grpc/grpc-go/blob/master/Documentation/grpc-auth-support.md > > > If you want to create a *server* that uses Google OAuth tokens, or OAuth > from some other authority, you are going to need to write some code, and it > seems fairly complicated. I investigated some alternatives, but they ended > up requiring a fair amount of fiddling with keys. Since I was hoping to > avoid that, I'm now using a stupid "shared secret" authentication mechanism > which is good enough for my application for the moment. > > > Some stuff that I think can work, but which require some work: > > * Client A gets an OAuth Access token from Google, with some scopes, and > passes it to Service B. Service B then can pass that token to Google to use > the service, on behalf of Client A. I think this will "just work" with the > NewApplicationDefault credentials. On the server, you'll have to dig the > token out of the Metadata "authentication" header > > * Client A does the work to create a signed OAuth JWT token, and pass it > to Service B. Service B can then verify Client A's identity by verifying > the OAuth JWT. There are some Python code examples buried in Google Cloud > Endpoints and Google Cloud IAP Proxy that explain how this can work: > > > https://cloud.google.com/endpoints/docs/using-service-to-service-authentication-grpc > https://cloud.google.com/iap/docs/authentication-howto > > > If you want a server that uses token from some other authority, you are > definitely going to need to glue together the various JWT/OAuth > implementations into GRPC. > > I hope this helps. Let me know if you figure out anything easy here, > > Evan > > > On Wednesday, March 15, 2017 at 7:37:57 AM UTC-4, Aakarshit Naga Sai > Batchu wrote: >> >> grpc-go has a library credentials/oauth. Link provided below >> >> https://godoc.org/google.golang.org/grpc/credentials/oauth >> >> Can anyone write a Simple Golang GRPC Server and Client program using >> OAuth over TLS for security? >> > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/cf46d8ed-c3d0-445f-ab9c-9347a8e4e6ff%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
