[grpc-io] Re: Guidance on implementing support for authenticated and secure client connections
I was able to get this working by simply calling AddMetadata on the client context to set the authorization header. This appears to work for both secure and insecure connections, so I'll go with this approach rather than using the custom authenticator. On Wednesday, 7 February 2018 12:20:11 UTC-8, chris@gmail.com wrote: > > I'm looking into how to support client connections to disparate services > using custom oAuth2 tokens. The services may or may not support SSL/TLS. > > I have created a custom authenticator plugin following the sample code at > https://grpc.io/docs/guides/auth.html. > > I build my custom call credentials and store them using a > CompositeChannelCredientials object > > auto call_creds = > grpc::MetadataCredentialsFromPlugin(std::unique_ptr(new > > MyCustomAuthenticator(accessToken))); > > if (secure) > mCredentials = > grpc::CompositeChannelCredentials(grpc::SslCredentials(opts), call_creds); > else > mCredentials = > grpc::CompositeChannelCredentials(grpc::InsecureChannelCredentials(), > call_creds); > > However, I noticed during debugging that mCredentials is nullptr when > connecting to a service that doesn't support SSL/TLS. It looks like > CompositeChannelCredentials attempts to cast the InsecureChannelCredentials > to SecureChannelCredentials, with this cast returning NULL. > > Is there any documentation or sample code of how to make an authenticated > call over an insecure channel? Is this something that's currently supported > in the C++ API? > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/ef391109-95d8-4a1b-af5f-b0d5b46e4207%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[grpc-io] Guidance on implementing support for authenticated and secure client connections
I'm looking into how to support client connections to disparate services using custom oAuth2 tokens. The services may or may not support SSL/TLS. I have created a custom authenticator plugin following the sample code at https://grpc.io/docs/guides/auth.html. I build my custom call credentials and store them using a CompositeChannelCredientials object auto call_creds = grpc::MetadataCredentialsFromPlugin(std::unique_ptr(new MyCustomAuthenticator(accessToken))); if (secure) mCredentials = grpc::CompositeChannelCredentials(grpc::SslCredentials(opts), call_creds); else mCredentials = grpc::CompositeChannelCredentials(grpc::InsecureChannelCredentials(), call_creds); However, I noticed during debugging that mCredentials is nullptr when connecting to a service that doesn't support SSL/TLS. It looks like CompositeChannelCredentials attempts to cast the InsecureChannelCredentials to SecureChannelCredentials, with this cast returning NULL. Is there any documentation or sample code of how to make an authenticated call over an insecure channel? Is this something that's currently supported in the C++ API? -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/02cc8891-fac1-4101-9aad-938772f8b59e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[grpc-io] Re: Does gRPC support password protected SSL keys?
They keys are in PEM format. I'm unsure if they were converted from PKCS12 prior to that. On Friday, 5 January 2018 10:35:58 UTC-8, Carl Mastrangelo wrote: > > And just to clarify, I think you are talking about PKCS 12 for the key > encryption? I am more familiar with Java so my experience is limitted. > That said, in Java you can pass a keystore into into your SSL context when > creating the Server (or channel).Also IIRC, Go got support for > encrypted keys a while back. > > On Thursday, January 4, 2018 at 4:45:53 PM UTC-8, chris@gmail.com > wrote: >> >> For my needs specifically, C++, though ideally this would be supported >> across all languages as part of general SSL support in gRPC. >> >> On Thursday, 4 January 2018 16:37:40 UTC-8, Carl Mastrangelo wrote: >>> >>> What language? >>> >>> On Tuesday, December 19, 2017 at 10:23:54 AM UTC-8, chris@gmail.com >>> wrote: Looking to use SSL in my client application. The SSL keys we use are often passphrase encrypted. Libcurl supports passing in the passphrase as an option, but I've been unable to find any such option in gRPC. >>> -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/bf5572e8-cc59-4ac1-b30f-eaa888abe344%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[grpc-io] Re: Does gRPC support password protected SSL keys?
For my needs specifically, C++, though ideally this would be supported across all languages as part of general SSL support in gRPC. On Thursday, 4 January 2018 16:37:40 UTC-8, Carl Mastrangelo wrote: > > What language? > > On Tuesday, December 19, 2017 at 10:23:54 AM UTC-8, chris@gmail.com > wrote: >> >> Looking to use SSL in my client application. The SSL keys we use are >> often passphrase encrypted. Libcurl supports passing in the passphrase as >> an option, but I've been unable to find any such option in gRPC. >> > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/a9a22ba9-9224-4ef2-a51b-292030398564%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[grpc-io] Does gRPC support password protected SSL keys?
Looking to use SSL in my client application. The SSL keys we use are often passphrase encrypted. Libcurl supports passing in the passphrase as an option, but I've been unable to find any such option in gRPC. -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/fea7536a-142c-441f-8912-ec615e76e37f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.