Closed mejohnnaylor closed 2 months ago
... and as middle ware, it'd be good if it could pass some of the work done to the next layer - e.g. the interceptor is going to have to get a ParamAccessor to do it's job, based on the oid in GetValue. This work should be reused, probably by altering the request that gets passed to the next layer to include the relevant ParamAccessor*
good progress - need to finish ahead of NAB.
@johndanenRV reported that gRPC has better built-in authz features that we should consider using. It works directly in the server context which is much easier than in the interceptor.
let's start with GetValue.
expected behavior:
authorize
method to see how to get and unpack the bearer tokenA parameter's access scope is specified by:
How I'd do this...
The main work here is reading up on grpc interceptors and figuring out how to use them. They're basically middleware.