Comments (7)
@xiaoyijun do you mind taking a look at it?
from logto.
you might also check grpc-gateway
https://github.com/grpc-ecosystem/grpc-gateway
from logto.
Hi @Gictorbit ,
In web app frameworks, the user access token is passed by the HTTP request headers (Always Authorization
header with Bearer <access_token>
as its content).
In gRPC, you can retrieve the related header from the gRPC metadata (It's a supported feature, you can map HTTP headers to gRPC metadata, see Supported features).
![image](https://private-user-images.githubusercontent.com/10806653/309622656-1b4a6a92-6df0-4c90-ac60-49df9eeacd2e.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTAxMDk5NjgsIm5iZiI6MTcxMDEwOTY2OCwicGF0aCI6Ii8xMDgwNjY1My8zMDk2MjI2NTYtMWI0YTZhOTItNmRmMC00YzkwLWFjNjAtNDlkZjllZWFjZDJlLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDAzMTAlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwMzEwVDIyMjc0OFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWRkZWY5Y2RlM2Q2YmU0MmI1ZWQ3MDU0MThhZWYzODZiNzIzZWExYjU1MjQyYWI5ZTlkM2QzNjdiZDlhNGQ1NjYmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.Nl1sq6WylI8FqYiaUsXC_NZyBeD7rJP6zgBhpNlCYDU)
from logto.
Hi @xiaoyijun xiaoyijun
Thank you for your response! I'm curious about Google OAuth. Does it utilize cookies or header tokens for authentication?
Could you please provide a code example using gRPC?
from logto.
@Gictorbit
Using OAuth only helps you obtain a token; how you use the obtained token depends on you (it can be in the cookie or the auth header).
If you want to protect your gRPC API, simply validate the token you obtained when the API receives a request (refer to https://docs.logto.io/docs/recipes/protect-your-api/).
This is a code example from ChatGPT (Note the 'Todo' comments):
- Client Code:
package main
import (
"context"
"log"
"google.golang.org/grpc"
"google.golang.org/grpc/metadata"
pb "path/to/your/proto/package"
)
func main() {
conn, err := grpc.Dial("localhost:50051", grpc.WithInsecure())
if err != nil {
log.Fatalf("Failed to dial: %v", err)
}
defer conn.Close()
client := pb.NewMyServiceClient(conn)
// Todo: Get this token from OAuth service (Logto or Google OAuth)
token := "your_token_here"
ctx := metadata.AppendToOutgoingContext(context.Background(), "authorization", "Bearer "+token)
response, err := client.MyRPCMethod(ctx, &pb.MyRequest{Message: "Hello!"})
if err != nil {
log.Fatalf("Failed to call MyRPCMethod: %v", err)
}
log.Printf("Response received: %s", response.Message)
}
- Server Code:
package main
import (
"context"
"log"
"net"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/metadata"
"google.golang.org/grpc/status"
pb "path/to/your/proto/package"
)
type server struct{}
func (s *server) MyRPCMethod(ctx context.Context, req *pb.MyRequest) (*pb.MyResponse, error) {
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return nil, status.Errorf(codes.Unauthenticated, "missing metadata")
}
tokens := md.Get("authorization")
// Todo: validate tokens before processing
if len(tokens) == 0 {
return nil, status.Errorf(codes.Unauthenticated, "missing token")
}
token := tokens[0]
if token != "your_expected_token" {
return nil, status.Errorf(codes.PermissionDenied, "invalid token")
}
return &pb.MyResponse{Message: "Hello back!"}, nil
}
func main() {
lis, err := net.Listen("tcp", ":50051")
if err != nil {
log.Fatalf("Failed to listen: %v", err)
}
s := grpc.NewServer()
pb.RegisterMyServiceServer(s, &server{})
if err := s.Serve(lis); err != nil {
log.Fatalf("Failed to serve: %v", err)
}
}
Hope this helps!
from logto.
Related Issues (20)
- bug: no applicable key found in the JSON Web Key Set HOT 8
- feature request: api to create first management m2m application HOT 4
- feature request: anonymous users HOT 5
- feature request: NextJs 13 app folder API route support HOT 1
- feature request: MFA email otp HOT 8
- feature request: Better M2M Serect transmission HOT 7
- bug: HOT 1
- feature request: Redirect uri for hybrid apps that involve both a web version and a native app HOT 9
- bug: UX navigation loading state HOT 1
- feature request: Postgres 16 HOT 6
- feature request: Augment `IdTokenClaims` in LogToClient configuration in order to include custom data HOT 6
- bug: It conflicts with postgis HOT 3
- bug: CloudFlare Captcha in Admin Panel `is not valid JSON` error HOT 2
- feature request: WebAuthn as passwordless HOT 13
- bug:
- bug: logto in docker compose not working HOT 4
- bug: First access registration issues in private network deployment environment HOT 5
- bug: Inconsistency in Storing MFA Setup Skip Flag between custom_data and logto_config Fields HOT 1
- bug: enterprise connector OIDC Issuer error HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from logto.