Infrastructure for generic JWT authentication

[augi]

Is your feature request related to a problem?

The problem I see is that it is described in documentation how to implement JWT authentication for a custom (non-Google) server so everyone has to repeat the same code that is shown in the documentation and it could lead to invalid implementations.

Describe the solution you'd like

It would be great if the grpc-java project offered an infrastructure (like set of interfaces/classes) that would drive gRPC users to the right implementation of JWT implementation, for both client and server.

#5915 introduces a new example on JWT but I still believe that a set of interfaces/classes to use is a better way.

Describe alternatives you've considered

Keep all as is.

Additional context

I'm author of the grpc-java-jwt library that contains two modules:

• core with the basic infrastructure for any JWT-based authentication
  • depends on io.grpc:grpc-core and org.slf4j:slf4j-api only.
• keycloak with implementation for Keycloak.

It would be great if grpc-core contained basically the same as the core.

If you show me where I should place the new code, I could prepare a new PR, if you want.

[voidzcy]

In general, we would prefer application layer authentication to be implemented with custom interceptors than builtin APIs in gRPC, as we think this is something built on top of gRPC. That's also one of the purposes of having interceptors in our design. A lot of similar things can be done with custom interceptors such as connection timeout or any client-server sharing scoped data. Majority logics in these implementations are considered to be custom. Also, in general those custom interceptors are relatively easy to implement by users themselves and put as a thin layer on top of gRPC. Examples give good enough information for users to do things they want. We would try to merge #5915 soon.

[voidzcy]

#5915 is merged. Closing.