(I am pretty new in grpc and golang)
I have a website that uses grpc-web package to communicate to a banckend grpc api server in golang. I need user authentication with github. But I am having difficulties in understanding how to use oauth2 token based authentication in grpc. I will appreciate if you can share your idea.
It looks like the way to use OAuth2 with grpc-web is to add the header to the metadata object which is the second argument to each rpc call.
my_grpc_web_client.MyMethod(myRequestProto, {Authorization: "Bearer <token>"});
References: https://github.com/grpc/grpc-web/issues/351 , specifically https://github.com/grpc/grpc-web/issues/351#issuecomment-436050409
Related
I have created a Twitter-developer account and also a project and an app to be able to invoke web services endpoints.
I would like to know if anyone has ever managed to successfully retrieve expected response from the endpoints, and in that case, what authentication methods is the simplest and most effective to use and in what order?
Thank you for your help and advice
As per Twitter API documentation the possible methods are in:
OAuth 1.0a
OAuth 2.0 Bearer Token
Basic authentication
The latter one is the easiest to implement as all you need to do is to add HTTP Authorization Manager and provide your credentials there and JMeter will automatically add the relevant Authorization header to all your HTTP Request samplers
More information: How to Use HTTP Basic Authentication in JMeter
I am new to Micronaut and trying to develop a gateway that connects on the client side to a REST API. The API requires an authentication token which is obtained by first sending a POST requests with credentials in the body. The API is then responding with a valid token which needs to be refreshed from time to time. I am able to inject a bearer token in the headers to authenticate my requests but I do not understand whether I have to handle the whole authentification process myself or if the Micronaut framework can manage it on its own?
Thank you very much for your help.
You could create an HttpClientFilter to handle authentication, refresh and the header. You can find an example here which cover basic authentication.
Yours will be more complicated since you need to refresh etc.
Also doing this way, allow you to decouple your authentication code from your API.
Ok I do some reaserch and I try once more explain what I am looking for.
So my question is can I make OAuth provider server using Lambda and API gateway? I didn't found any solution like this, and I don't even know how to start so any ideas are valuable.And then I want to use API custom authentication to validade my bearer token.
I try to be specific as I can:
I have my application where I store my log users. I want to OAuth 2.0 authorization code grant flow using only Lambda and API Gateway (something like Google oAuth but my app want to be an authentication provider). I found couple solutions like this: https://www.authlete.com/documents/article/custom_authorizer/index but I want to use my own authorization server implementation, and I don't want to specific in Lambda auth impl. api_key and secret_key. So there are my questions:
1. Can I make my own authorization server using only Lambda and API
gateway? (I know there is a implementation in Spring but for now I
want serwerless solution)
2. If I can I will be pleased for any tips because I really stuck.
There is a possibility that in my reasoning are mistakes.
In API Gateway you can create custom authorizers to be invoked before the API method is executed. Normally you can create a Lambda function to receive the authentication details and return a Policyt Document authorizing or denying the API method execution.
You can create a Lambda to make the OAuth provider authentication and generate the Policy Document, based on authentication flow. You can get more information here.
I have a web api application which implements the Resource Owner Password flow from OAuth specification. Everything works correctly.
Actually I configure everything in my WebApiConfig class by using an Authentication filter like this
// Configure Web API to use only bearer token authentication.
config.SuppressDefaultHostAuthentication();
config.Filters.Add( new HostAuthenticationFilter( OAuthDefaults.AuthenticationType ) );
As some of my customer asked for a different method of authentication I am evaluating to add a couple of features to my services but stil did not have clear how those features can work together.
In particular I cam across a link which explain in very easy words how to implement a HMAC authentication in web api.
Can I implement this authentication method and let the client to choose which one he want to use? Do they can cohesist together?
Yes, your web api service can send back multiple schemes in the WWW-Authenticate challenge. In your case it can send back 'bearer' and 'hmac' for example.
See also this question for more info on using multiple schemes.
BTW, it's not your web api service that supports Resource Owner Password flow. The client uses this flow to get a token from the authorization server that it can use in a bearer scheme with your service (resource server). HTH.
I am new to wso2 api, I have created api using api publisher,I am generated api client_id and client_secrete,It works fine fine wso2 api rest client,my question is How to call rest service using restful client?(to use wso2 client_id and client_secret)
Thanks,
Ram
Generally we don't use client_id and client_secret for calling REST APIs. Those are used to generate an OAuth token to invoke REST APIs. What you have to do is get the generated OAuth token in API Store and invoke the API. For that you need to set "Authorization" header in your HTTP request as below.
"Authorization" : "Bearer Generated_OAuth_Token"
This is just a basic OAuth scenario. I strongly recommend you to research more on OAuth protocol.