Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT token + getRequestMetadata(entry point) #30

Closed
ejona86 opened this issue Aug 12, 2015 · 2 comments · Fixed by #290
Closed

JWT token + getRequestMetadata(entry point) #30

ejona86 opened this issue Aug 12, 2015 · 2 comments · Fixed by #290
Assignees
@chingor13
Labels
type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Milestone
1.0

Comments

@ejona86
Copy link
Contributor

ejona86 commented Aug 12, 2015

Credentials.getRequestMetadata(URI) is passed a URI defined as "the entry point for the request". What does that mean?

To be in sync with grpc/grpc#2911 and work with the current ServiceAccountJwtAccessCredentials, the URI passed would need to exclude the gRPC method name. But given the credential API, I would more expect the URI to be the request URI, which would include the method name.

Is it possible for "entry point" to be better defined?
@anthmgoogle
Copy link
Contributor

Yes, I've been thinking about what we should do here. In the short run the Java library just passes the URI straight through as the Audience with no processing.

What I think we should do here:

  • Have the transport pass in the full URI of the method call.
  • Have the ServiceAccountJwtAccessCredentials trim this down the just the entry point to use as the Audience field.

The thinking is that while Jwt Access Credentials does not happen to use the method, a theoretical credential might. Also, the Jwt Accses Credential probably needs some caching, so it needs to truncate this as a key for the caching as well.

We should discuss with other implementers of the auth libraries. If this is the way to go, we should implement the truncation in the auth library first. When that version is consumed by grpc-java, the truncation can be removed from that layer.

@anthmgoogle anthmgoogle self-assigned this Aug 13, 2015
@garrettjonesgoogle
Copy link
Member

Is this a breaking change?

@JustinBeckwith JustinBeckwith added 🚨 This issue needs some love. triage me I really want to be triaged. labels Jun 8, 2018
@chingor13 chingor13 added the type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. label Jun 19, 2018
@JustinBeckwith JustinBeckwith removed triage me I really want to be triaged. 🚨 This issue needs some love. labels Jun 19, 2018
@chingor13 chingor13 mentioned this issue Jun 20, 2019
Closed
@chingor13 chingor13 mentioned this issue Jul 12, 2019
Merged
@chingor13 chingor13 added this to the 1.0 milestone Jul 31, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chingor13 chingor13

Labels
type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
1.0
Development

Successfully merging a pull request may close this issue.

feat: adds JwtCredentials with custom claims
5 participants
@chingor13 @JustinBeckwith @ejona86 @anthmgoogle @garrettjonesgoogle