You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The problem I see is that it is described in documentation how to implement JWT authentication for a custom (non-Google) server so everyone has to repeat the same code that is shown in the documentation and it could lead to invalid implementations.
Describe the solution you'd like
It would be great if the grpc-java project offered an infrastructure (like set of interfaces/classes) that would drive gRPC users to the right implementation of JWT implementation, for both client and server.
#5915 introduces a new example on JWT but I still believe that a set of interfaces/classes to use is a better way.
Describe alternatives you've considered
Keep all as is.
Additional context
I'm author of the grpc-java-jwt library that contains two modules:
core with the basic infrastructure for any JWT-based authentication
depends on io.grpc:grpc-core and org.slf4j:slf4j-api only.
keycloak with implementation for Keycloak.
It would be great if grpc-core contained basically the same as the core.
If you show me where I should place the new code, I could prepare a new PR, if you want.
The text was updated successfully, but these errors were encountered:
In general, we would prefer application layer authentication to be implemented with custom interceptors than builtin APIs in gRPC, as we think this is something built on top of gRPC. That's also one of the purposes of having interceptors in our design. A lot of similar things can be done with custom interceptors such as connection timeout or any client-server sharing scoped data. Majority logics in these implementations are considered to be custom. Also, in general those custom interceptors are relatively easy to implement by users themselves and put as a thin layer on top of gRPC. Examples give good enough information for users to do things they want. We would try to merge #5915 soon.
Is your feature request related to a problem?
The problem I see is that it is described in documentation how to implement JWT authentication for a custom (non-Google) server so everyone has to repeat the same code that is shown in the documentation and it could lead to invalid implementations.
Describe the solution you'd like
It would be great if the
grpc-java
project offered an infrastructure (like set of interfaces/classes) that would drive gRPC users to the right implementation of JWT implementation, for both client and server.#5915 introduces a new example on JWT but I still believe that a set of interfaces/classes to use is a better way.
Describe alternatives you've considered
Keep all as is.
Additional context
I'm author of the grpc-java-jwt library that contains two modules:
core
with the basic infrastructure for any JWT-based authenticationio.grpc:grpc-core
andorg.slf4j:slf4j-api
only.keycloak
with implementation for Keycloak.It would be great if
grpc-core
contained basically the same as the core.If you show me where I should place the new code, I could prepare a new PR, if you want.
The text was updated successfully, but these errors were encountered: