douzhuang2570 2019-01-30 09:34
浏览 254

gRPC授权方法

I work on go grpc service and implementing authorization. Literally, have to allow or forbid access to gprc methods base on JWT claims.

I do JWT parsing on grpc.UnaryServerInterceptor level - extracting claims and populate context with value, unauthenticated if there is no jwt or it is incorrect.

func (s *Server) GetSomething(ctx context.Context, req *GetSomething Request) (*GetSomething Response, error) {
    if hasAccessTo(ctx, req.ID) {
        //some work here
    }
}

func hasAccessTo(ctx context.Context, string id) {
    value := ctx.Value(ctxKey).(MyStruct)
    //some work here

}

So I wonder if there is some common practice for authorization/authentication to avoid boilerplate code in each grpc server method?

  • 写回答

1条回答 默认 最新

  • dongyan1625 2019-02-01 18:23
    关注

    You can call a to a UnaryInterceptor like so if you want to verify the jwt on every request

    // middleware for each rpc request. This function verifies the client has the correct "jwt".
func authInterceptor(ctx context.Context, req interface{}, _ *grpc.UnaryServerInfo, handler grpc.UnaryHandler) (interface{}, error) {
    meta, ok := metadata.FromIncomingContext(ctx)
    if !ok {
        return nil, status.Error(codes.Unauthenticated, "INTERNAL_SERVER_ERROR")
    }
    if len(meta["jwt"]) != 1 {
        return nil, status.Error(codes.Unauthenticated, "INTERNAL_SERVER_ERROR")
    }

    // if code here to verify jwt is correct. if not return nil and error by accessing meta["jwt"][0]

    return handler(ctx, req) // go to function.
}

    In your context from the client use the metadata to pass the jwt string and verify.

    In Your main function remember to register it like so

    // register server
myService := grpc.NewServer(
    grpc.UnaryInterceptor(authInterceptor), // use auth interceptor middleware
)
pb.RegisterTheServiceServer(myService, &s)
reflection.Register(myService)

    Your client would need to call your server like this:

    // create context with token and timeout
ctx, cancel := context.WithTimeout(metadata.NewOutgoingContext(context.Background(), metadata.New(map[string]string{"jwt": "myjwtstring"})), time.Second*1)
defer cancel()
    评论

报告相同问题?

  • gRPC专用频道
    2018-03-12 08:01
    回答 1 已采纳 As per as i understood the question. You want to send the the message to the particular client in
  • 通过特定端口发送GRPC通信
    2019-07-30 19:28
    回答 1 已采纳 You can specify the source port like this: cc, err := grpc.Dial("127.0.0.1:6001", grpc.WithInsecu
  • 如何使用grpc方法处理程序解决此问题
    2015-11-03 18:12
    回答 3 已采纳 For anyone running into the same problem, what I did was simply change how I built the proto files
  • .NET 5 GRPC 认证和授权
    2021-04-10 19:45
    IIN22的博客 认证和授权一般是同时出现的,先做认证,认证的时候进行权限获取,进入接口之前根据接口的权限要求进行授权校验 假设有个接口,他需要的访问权限是用户年龄必须为18岁,采用jwt进行认证 接口访问流程:用户先获取到...
  • 如何在Go中启用GRPC压缩
    2018-01-09 16:28
    回答 2 已采纳 grpc.WithCompressor as DialOption is deprecated, according to the docs. You can use the grpc.UseC
  • Golang中的GRPC连接管理
    2019-05-09 20:27
    回答 2 已采纳 Yes, it's fine to have single GRPC client connection per service. Moreover, I don't see any other
  • 代理如何访问grpc服务中的请求标头。 Golang的grpc-gateway
    2019-08-28 07:22
    回答 1 已采纳 HTTP headers are stored in metadata. md, ok := metadata.FromIncomingContext(ctx) should work for
  • .netcore grpc身份验证和授权
    2023-08-18 09:21
    双叶红于二月花的博客 1)引入IdentityServer4、IdentityServer4.AccessTokenValidation、Microsoft.AspNetCore.Authentication....(grpc专栏结束后会开启鉴权授权专栏欢迎大家关注)1)调用鉴权中心获取token。第三步:WPF客户端。
  • 如何响应多个gRPC客户端?
    2019-09-17 21:00
    回答 2 已采纳 There are two ways to read this question. One way is to read it as the auth problem as answered be
  • gRPC服务器错误处理程序golang http
    2017-08-02 08:13
    回答 2 已采纳 You need to return empty model.Model object in order for protobufs to be able to properly serialis
  • gRPC客户端流式流控制如何进行?
    2019-08-06 11:46
    回答 1 已采纳 gRPC flow control is based on http2 flow control: https://http2.github.io/http2-spec/#FlowControl
  • grpc-jwt-spring-boot-starter:具有JWT授权gRPC框架的Spring Boot Starter
    2021-03-28 20:40
    具有Spring Boot Starter-gRPC Java JWT 使用Auth模块扩展出色的。 使用类似于Spring Security模块中使用的简单注释的简单实现。 快速开始 (尝试示例项目:Kotlin中的。) 简单的开始仅由3个简单的步骤组成。 ...
  • 使用gRPC服务器使集成测试失败
    2018-08-13 09:26
    回答 1 已采纳 grpcServer.Serve(lis) is a blocking call. So like what you did with HTTP server go server.ListenAn
  • gRPC四种模式、认证和授权实战演示
    2021-07-14 08:00
    dotNET跨平台的博客 前言上一篇对gRPC进行简单介绍,并通过示例体验了一下开发过程。接下来说说实际开发常用功能,如:gRPC的四种模式、gRPC集成JWT做认证和授权等。正文1. gRPC四种模式服务以下案例...
  • gRPC基础概念
    2021-02-06 11:26
    小朋友2D的博客 在服务端,需要实现RPC服务中定义的方法,并运行gRPC服务器来处理客户端的调用。gRPC的底层会对请求(requests)进行解码,执行服务端方法,然后再编码成响应数据。 在客户端,客户端拥有一个本地的对象成为stub,也...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥88 找成都本地经验丰富懂小程序开发的技术大咖
  • ¥15 如何处理复杂数据表格的除法运算
  • ¥15 如何用stc8h1k08的片子做485数据透传的功能?(关键词-串口)
  • ¥15 有兄弟姐妹会用word插图功能制作类似citespace的图片吗?
  • ¥200 uniapp长期运行卡死问题解决
  • ¥15 请教:如何用postman调用本地虚拟机区块链接上的合约?
  • ¥15 为什么使用javacv转封装rtsp为rtmp时出现如下问题:[h264 @ 000000004faf7500]no frame?
  • ¥15 乘性高斯噪声在深度学习网络中的应用
  • ¥15 关于docker部署flink集成hadoop的yarn,请教个问题 flink启动yarn-session.sh连不上hadoop,这个整了好几天一直不行,求帮忙看一下怎么解决
  • ¥15 深度学习根据CNN网络模型,搭建BP模型并训练MNIST数据集