search

grpc / grpc-web

gRPC for Web Clients
https://grpc.io
Apache License 2.0
8.46k stars 762 forks source link

Best practices for gRPC web token authentication #732

Open blockspacer opened 4 years ago

blockspacer commented 4 years ago

Related to

Best practices for gRPC web token authentication would be pretty cool rather than trying to hack at it myself. Like yes, put it in metadata, but then how do you protect routes? is there an intercepter of sorts? where it captures and validates that token before the actual gRPC requested is returned?

https://github.com/grpc/grpc-web/issues/207#issuecomment-528088109

(reopen as separate issue)

daviderenger commented 4 years ago

https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/http/jwt_authn/v2alpha/config.proto

Is a pretty nice way to do it, let Envoy handle the validation and then just pass the metadata to the grpc-provider.

idelvall commented 3 years ago

OAuth 2.0 Authorization Code with PKCE

https://developer.okta.com/blog/2019/08/22/okta-authjs-pkce