yusefnapora
commented
8 years ago I found some code that uses client certificates for mutual TLS/SSL authentication in gRPC: - it's a test case to reproduce a bug, but the bug has since been fixed.
So that's an option if we don't need scoped access rules and all the other OAuth stuff... but we'd basically need to act as a certificate authority and issue client certs, which seems like its own headache...
I think this is pretty much at parity with the spray branch; I included the merge operation as well, but we may want to consider removing it, as it doesn't really fit with the transactor design.
Authentication is a bit of a question mark as well... gRPC supports OAuth2 for client authentication, but setting up an OAuth provider seems like a hassle... At the moment the merge operation has no authentication / authorization.
The docs briefly refer to an optional use of client certificates to authenticate the TLS connection, but I can't find any code for it in the grpc java implementation.
The docs also mention custom auth metadata plugins, but that seems to be only accessible from the C++ api...