Re: [grpc-io] [java] Challenge-Response / Digest Auth for GRPC
Hi Eric/William, I am very new to gRPC(just 5 days baby), We have planned and working on multiple services in gRPC. We have gateway to all the services, used Eureka for service discovery and SPRING BASED backend and Angular4 for UI. Here challenge I am facing is implementing OAuth2.0 for all requests. How can I implement Authorization server, secure my resource service and generating jwt token based on custom claims, just like OAuth2.0 with Spring Security. Could you please help me with your great ideas and suggestion to implement it. Your suggestions are most valuable and highly appreciated. Eagerly waiting to hear from you guys. Thanks & Regards, Nanda On Wednesday, September 20, 2017 at 5:29:58 AM UTC+5:30, Eric Anderson wrote: > > On Mon, Sep 18, 2017 at 3:51 AM, William Shallum > wrote: > >> * Is this a good way of doing challenge/response over GRPC? >> > > Yeah, an interceptor seems like a good approach. > > >> * Is it possible in the Java API to have an interceptor that can retry >> requests transparently? >> > > Yes. It can be a bit painful, but essentially you call channel.newCall() > more than once. You have to save the request in order to replay it though. > I think there are some retrying interceptors floating around; you may > search for one. > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/652f204d-7274-4d07-ba54-d84c8f93ab99%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [grpc-io] [java] Challenge-Response / Digest Auth for GRPC
Thank you for the tips. I found an implementation here https://github.com/grpc/grpc-java/pull/1570 and will study it for inspiration. Regards, William On 20 September 2017 at 06:59, Eric Anderson wrote: > On Mon, Sep 18, 2017 at 3:51 AM, William Shallum > wrote: >> >> * Is this a good way of doing challenge/response over GRPC? > > > Yeah, an interceptor seems like a good approach. > >> >> * Is it possible in the Java API to have an interceptor that can retry >> requests transparently? > > > Yes. It can be a bit painful, but essentially you call channel.newCall() > more than once. You have to save the request in order to replay it though. I > think there are some retrying interceptors floating around; you may search > for one. -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CADExRQb7Tq0%3Diw_8_XFGHXbGej%2BjcwevJs-4xXRzDcb6CzVUug%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [grpc-io] [java] Challenge-Response / Digest Auth for GRPC
On Mon, Sep 18, 2017 at 3:51 AM, William Shallum wrote: > * Is this a good way of doing challenge/response over GRPC? > Yeah, an interceptor seems like a good approach. > * Is it possible in the Java API to have an interceptor that can retry > requests transparently? > Yes. It can be a bit painful, but essentially you call channel.newCall() more than once. You have to save the request in order to replay it though. I think there are some retrying interceptors floating around; you may search for one. -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CA%2B4M1oOMUJa4bfvFS68br2we8oaJJpTzbRoGnEiddnp4ABxTiw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout. smime.p7s Description: S/MIME Cryptographic Signature
[grpc-io] [java] Challenge-Response / Digest Auth for GRPC
Hi, Has anyone attempted to do a challenge-response / digest authentication implementation for GRPC? Our current services use a token and HTTP Digest authentication to prove ownership of the token's associated secret without passing it over the wire. >From what I see in the examples, most of the available authentication samples is using bearer tokens. We have locally built a server side interceptor (using the Java API) that does digest authentication based on metadata in headers. The client side interceptor also has been created but it does not have transparent retry capability (e.g. if the nonce expires or on initial request). My questions are: * Is this a good way of doing challenge/response over GRPC? * Is it possible in the Java API to have an interceptor that can retry requests transparently? Your input is greatly appreciated. Thanks, William -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscr...@googlegroups.com. To post to this group, send email to grpc-io@googlegroups.com. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/CADExRQaCjmLk7jAvn5fUq9hm%3DhYVRBeBpWSMbqMoJdR6YinNbg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.