search

kzemek / macaroons

An Erlang Macaroons library compatible with libmacaroons
BSD 3-Clause "New" or "Revised" License
29 stars 3 forks source link

Erlang/Elixir GRPC or Http2 client library with macaroons support? #5

Closed sezaru closed 6 years ago

sezaru commented 6 years ago

Sorry if this is a dumb question, but does you know any http2 client that supports your macaroons library as a means to do authentication?

In my specific case, I'm trying to connect to a GRPC server which uses macaroon (LND), if I disable macaroon authentication I can connect with it using this GRPC library for elixir https://github.com/tony612/grpc-elixir which uses gun internally to do the http2 connection.

Looking at gun documentation, It seems I would need to provide the macaroon in the transport_opt (same place I put my ca_cert). But since the documentation doesn't say anything about macaroon, I'm not sure how to use it with gun (or another http2 client).

Do you know how or plan to add support to one of these http2 (or GRPC directly) libraries?

It would be nice to be able to do something like that (nodejs code):

const lndCert = fs.readFileSync("/home/administrator/.lnd/tls.cert")
const credentials = grpc.credentials.createSsl(lndCert)
const lnrpcDescriptor = grpc.load("rpc.proto")
const lnrpc = lnrpcDescriptor.lnrpc

var metadata = new grpc.Metadata();
const macaroonHex = fs.readFileSync("/home/administrator/.lnd/admin.macaroon").toString("hex");
metadata.add('macaroon', macaroonHex);

const macaroonCreds = grpc.credentials.createFromMetadataGenerator((params, callback) =>
    callback(null, metadata)
)

const creds = grpc.credentials.combineChannelCredentials(credentials, macaroonCreds);

const lightning = new lnrpc.Lightning('localhost:10009', creds)
kzemek commented 6 years ago

Sorry for the late reply, I stopped receiving mail notifications for some reason.

Basically, there's no standard on how to pass macaroons around. Normally when using HTTP you'd either put them in HTTP header or in the query string, and the macaroon itself is opaque to the transport protocol and thus requires no explicit support.

I can see that lnd gRPC suggests that you pass the macaroon in request's metadata. So it seems that using grpc-elixir you'd just make a request as follows:

Your.Stub.call(channel, request, metadata: %{macaroon: :macaroon.serialize(m)})
sezaru commented 6 years ago

Wow @kzemek ,Thanks a lot for that explanation and for the code of how to use it with LND that was much appreciated!

That totally answers my question, so I will close the issue.

Thanks again!