grpc_service_account_jwt_access_credentials::get_request_metadata calls
jwt = grpc_jwt_encode_and_sign(&key_, context.service_url, jwt_lifetime_, nullptr); https://github.com/grpc/grpc/blob/79c129472060b4142be97aba62c37d19cc79d5a8/src/core/lib/security/credentials/jwt/jwt_credentials.cc#L86 and the second parameter (context.service_url) is the audience char* grpc_jwt_encode_and_sign(const grpc_auth_json_key* json_key, const char* audience, gpr_timespec token_lifetime, const char* scope) https://github.com/grpc/grpc/blob/79c129472060b4142be97aba62c37d19cc79d5a8/src/core/lib/security/credentials/jwt/json_token.cc#L265 On Thu, Jul 23, 2020 at 3:21 PM 'Jiangtao Li' via grpc.io < [email protected]> wrote: > Bogdan, > > Could you please point me the code where "the grpc c++ library assumes > that the audience is based on service address and service name"? > > On Wednesday, April 8, 2020 at 1:51:38 PM UTC-7 Bogdan Dinulica wrote: > >> Hi, >> >> I'm using a grpc c++ client to make calls to a grpc serve using Google >> token based authentication. >> The problem that I'm facing is that the grpc c++ library assumes that >> the audience is based on service address and service name: >> https://service.com/service.name <https://service.com/service.name.Rpc> >> while the service uses the default Cloud Endpoints audience of the form >> https://service.endpoints.project.cloud.goog >> >> Looking at the code >> <https://github.com/grpc/grpc/blob/master/src/core/lib/security/credentials/jwt/jwt_credentials.cc#L81> >> seems that my only options are: >> 1) have the service owner add the audience that the grpc c++ library uses >> 2) use the MetadataCredentialsPlugin and generate the token in the >> GetMetadata (basically, have the same implementation as the library >> <https://github.com/grpc/grpc/blob/master/src/core/lib/security/credentials/jwt/jwt_credentials.cc#L81> >> but use the right audience). >> >> Am I missing something, is there any other way around? >> >> Thanks, >> Bogdan >> >> -- > You received this message because you are subscribed to a topic in the > Google Groups "grpc.io" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/grpc-io/o0Kkwc2JDa4/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/grpc-io/df28c885-2b42-4e88-8c7d-701190af9789n%40googlegroups.com > <https://groups.google.com/d/msgid/grpc-io/df28c885-2b42-4e88-8c7d-701190af9789n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CAMWeFqV76atwrFcTXxX%3DsM%3DN%3DySbNnbiWy0ejp8fhMBi8i7F%2Bg%40mail.gmail.com.
