Auth support

[GoogleCodeExporter]

Description of feature:

Some sort of authorization support.

Why do you think this feature/enhancement is needed:

Currently the server is open, i.e. Anyone who knows the host:port can
connect and execute the rpc.

Implementation suggestions (optional):

Must be generic enough. Ideally this library should not have any auth
implementation itself, all it should do is pass an auth token in the
request and server will call some configured authorizer with it and return
error if it is not authorized.

Original issue reported on code.google.com by sdeo.code@gmail.com on 4 Oct 2009 at 6:32

[GoogleCodeExporter]

I think autorisation is something that should be handling in your protocol 
definition. For example: add the authorisation-token (together with additional 
info like request-id etc, which you undoubtly already have..) in a common 
'Header' message. Use login/logout rpc calls to obtain/expire an authorisation 
token.

Sending the authorisation token 'out-of-band' is kind of backwards to me.
Second, it would introduce code, wire-bytes and need-to-know-how to developers 
which do not need authorisation (on a closed network, for example). Don't get 
me wrong: authorisation is indeed a separate layer and it should be treated as 
such in your app, but is just not low enough a layer to be send outside the 
protocol. 
Besides, there are always 'functions' on the server which are callable without 
authorisation. 'login' being the best example.

Original comment by knifter@gmail.com on 15 Aug 2012 at 10:58