I'm working on a solution that involves a gRPC connection authenticated using OAUTH.
I pretty quickly discovered several things: - gRPC will not allow you to use OAUTH over an http connection. You must use an https connection. - There is quite a lot of infrastructure involved - There are lots of hints out there about how to do all this, but I couldn't find any worked examples. The first of those points is obviously sensible. To use OAUTH you put a token into the authorization header of each gRPC request. You use the same token for many requests, so if you use an http connection, somebody could easily intercept your requests, copy your OAUTH token and create fake requests of their own. You need to send the traffic over an encrypted connection to prevent that. However, this has a side effect: you can't get anywhere with gRPC and OAUTH until you have got your HTTPS connection running, and that takes a bit of work. So, my first worked example shows how to run gRPC over HTTPS and how to generate the necessary keys and certificate to make that work. It's a reworked version of Google's helloworld greeter server, which uses an http connection. The readme explains all the gory details and there are comments in the source code. https://github.com/goblimey/grpc Now I will go away and get the OAUTH bit working. Once I've got that done I will post part 2, but I'm doing this in my spare time, so don't hold your breath. Simon -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
