-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add JWT client/server support for gRPC #49
Conversation
bd703ce
to
46df214
Compare
I have now completed the refactor and changed the implementation to use I can add more tests and additional docs but would like feedback first. I'll start using the API in the meanwhile and see whether I run in any major roadblocks. |
Sorry I haven't see this on my radar yet |
|
Compare parseAuthorization(req, requireAuthentication, parseAuthorization -> { to protected final void parseAuthorization(GrpcServerRequest req, boolean optional, Handler<AsyncResult<String>> handler) {
final String authorization = req.headers().get(HttpHeaders.AUTHORIZATION);
if (authorization == null) {
if (optional) {
// this is allowed
handler.handle(Future.succeededFuture());
} else {
handler.handle(Future.failedFuture(UNAUTHENTICATED));
}
return;
} |
The more I try to use this, the more work it needs 👀 I really expect the following to actually do authentication on everything that is bound JWTGrpcServer.create(GrpcServer.server(vertx), JWTAuth.create(vertx, new JwtAuthOptions(...))); instead it does nothing, it's my responsibility to call auth handler. It might as well be a static method, so that I can turn it into something useful. I'm really worried with the direction |
@doctorpangloss And yes. Of course this implementation needs work. I did not want to invest any more time into it without getting some feedback first. I initially created the PR to outline a potential way to improve the auth handling. |
I created a shim (artifact with patches for Vert.x 4.4.5) using the code of this PR and wrapped it in a dedicated artifact.
The issue with I think the API can still be improved. I would like to see official JWT support for gRPC in Vert.x. I don't mind if the outlined implementation is not suitable. Any pointers in the right direction are welcome. For now I'll use my shim to provide the functionality. |
we do have a contributor hangout in community every friday, perhaps we can discuss this during this meeting @Jotschi ? |
I ended up exposing RoutingContext to the stubs, which solved everything! |
QA from todays meeting in discord:
I moved the bulk of the code in a dedicated package:
The client / server code uses
Client auth code can be moved but thats only a very small amout of code. (Basically just setting the TokenCredentials in the header). Thats a one-liner.
The current Additional questions for next meeting:
Extra branches: |
f7effc2
to
949a0e9
Compare
This PR is now obsolete and will be replaced by #75 |
This PR adds JWT support to the GrpcServer / GrpcClient and it improves the client error handling.
The PR contains the initial work which includes the implementation and an integration test + preliminary doc changes.
I would like to get some feedback on this before I continue since I'm not sure whether JWT support in gRPC is something you want to have. I need it for my own project and would like to contribute the implementation here instead of keeping it in my own repo.
I hope this is the right repo since I also found https://github.com/vert-x3/vertx-grpc which also has a 4.4.0 tag. Is
vertx-grpc
deprecated?NOTE: I use a patched
vertx-dependencies
to set the versions for the managed dependencies for the maven submodules of this repo.JWT Server support
For the server a
JWTAuthInterceptor
has been added which can be added infront of the actual service. It extracts the token from the headers and adds the user to the gRPC context.The Vert.x user can be accessed via the gRPC context:
TODOS:
JWTAuthInterceptor.create
JWT Client support
I added a
JWTGrpcClient
which was inspired the way theOAuth2WebClient
is used. It is a wrapper for theGrpcClient
.Error handling
A
GrpcException
will now be thrown which provides access to the gRPC status and http response.This addresses #13
TODOS
GrpcException
can be thrown in other locations.Other TODOs
Questions
JWTGrpcClient
should be invertx-grpc-jwt-auth
. I could add it tovertx-grpc-client
but I would need to add thevertx-auth-common
dependency there. Should it be kept invertx-grpc-jwt-auth
?JWTAuthInterceptor
. I could add it tovertx-grpc-server
but I would again need to taint the module with thevertx-auth-jwt
dependency. Should it be kept invertx-grpc-jwt-auth
?