forked from mystiq/dex
42 lines
1.3 KiB
Markdown
42 lines
1.3 KiB
Markdown
|
# Authentication
|
||
|
|
|
||
|
|
As outlined in the [gRPC authentication guide](http://www.grpc.io/docs/guides/auth.html) there are a number of different mechanisms for asserting identity between an client and server. We'll present some code-samples here demonstrating how to provide TLS support encryption and identity assertions as well as passing OAuth2 tokens to services that support it.
|
||
|
|
|
||
|
|
# Enabling TLS on a gRPC client
|
||
|
|
|
||
|
|
```Go
|
||
|
|
conn, err := grpc.Dial(serverAddr, grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, "")))
|
||
|
|
```
|
||
|
|
|
||
|
|
# Enabling TLS on a gRPC server
|
||
|
|
|
||
|
|
```Go
|
||
|
|
creds, err := credentials.NewServerTLSFromFile(certFile, keyFile)
|
||
|
|
if err != nil {
|
||
|
|
log.Fatalf("Failed to generate credentials %v", err)
|
||
|
|
}
|
||
|
|
lis, err := net.Listen("tcp", ":0")
|
||
|
|
server := grpc.NewServer(grpc.Creds(creds))
|
||
|
|
...
|
||
|
|
server.Serve(lis)
|
||
|
|
```
|
||
|
|
|
||
|
|
# Authenticating with Google
|
||
|
|
|
||
|
|
## Google Compute Engine (GCE)
|
||
|
|
|
||
|
|
```Go
|
||
|
|
conn, err := grpc.Dial(serverAddr, grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, ""), grpc.WithPerRPCCredentials(oauth.NewComputeEngine())))
|
||
|
|
```
|
||
|
|
|
||
|
|
## JWT
|
||
|
|
|
||
|
|
```Go
|
||
|
|
jwtCreds, err := oauth.NewServiceAccountFromFile(*serviceAccountKeyFile, *oauthScope)
|
||
|
|
if err != nil {
|
||
|
|
log.Fatalf("Failed to create JWT credentials: %v", err)
|
||
|
|
}
|
||
|
|
conn, err := grpc.Dial(serverAddr, grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, ""), grpc.WithPerRPCCredentials(jwtCreds)))
|
||
|
|
```
|
||
|
|
|