I'm wondering how auth works in grpc-web.
I searched for auth and token in the repo and didn't find anything.
Thanks!
I don't think grpc-web has anything to do with your authentication setup. If you are wanting to pass a token to your server or receive a token from your server you could send and receive it with metadata.
Auth is orthogonal to gRPC-Web. Depending on your auth scheme, you obtain a token or a key separately and set them as key:value in the metadata argument per-RPC call.
We might have to provide a way to turn WithCredentials to true in the underlying transport but so far we haven't found a compelling and common use case yet.
how to work with social auth like facebook/twitter...? Nowadays, almost every web client requires social login feature along with typical username/password auth...
Auth is orthogonal to gRPC-Web. Depending on your auth scheme, you obtain a token or a key separately and set them as key:value in the
metadataargument per-RPC call.We might have to provide a way to turn
WithCredentialstotruein the underlying transport but so far we haven't found a compelling and common use case yet.
So, how to implement it with metadata .? any example?
Best practices for gRPC web token authentication would be pretty cool rather than trying to hack at it myself. Like yes, put it in metadata, but then how do you protect routes? is there an intercepter of sorts? where it captures and validates that token before the actual gRPC requested is returned?
Most helpful comment
Best practices for gRPC web token authentication would be pretty cool rather than trying to hack at it myself. Like yes, put it in metadata, but then how do you protect routes? is there an intercepter of sorts? where it captures and validates that token before the actual gRPC requested is returned?