Sorry for the late reply. I've just recently had a bit more time to study gRPC and yes I see what you mean.
If I use SslCredentials and SslServerCredentials, would I still need to setup the SSL certificat ? On Friday, March 1, 2019 at 3:25:20 AM UTC+8, Jan Tattermusch wrote: > > I'm not sure I fully understand, but it seems there's a bit of trying to > reinvent the wheel. > what options you have: > > - You can create a mutual authenticated secure channel with gRPC. That > means both client and server will authenticate each other with a public and > private key (under "normal" circumstances, only the client checks that the > server knows the private key). This can be setup using additional arguments > in SslCredentials and SslServerCredentials. > > - if you decide to use "custom" authentication, the usual way to do that > is to create a secure channel (this time without mutual authentication) and > then the client send an authentication token (e.g. a JWT) along with each > request in the RPC headers. > > > On Monday, February 25, 2019 at 12:35:18 PM UTC+1, BobFrancis wrote: >> >> >> Hi, >> >> I’ve been using gRPC, in C#, for one of my projects and trying to achieve >> the following: an authentified P2P link (essentially a 2-way connection) >> between 2 nodes. >> >> This is currently how I set up the connection: one node has the listening >> address of the other peers gRPC server and when this node starts it creates >> a channel to the other. Right after creating the Channel it calls an “Auth( >> )” method exposed by the other peers service, which will also create a >> Channel to the first node, so: >> >> 1. Dial peer. >> 2. Call Auth ( auth data ) method >> 3. On the other node, create a channel to the caller (he transmits >> his listening address) >> >> Note that the Auth method takes a pub key and a signature that will be >> verified by the other peer: this is my custom auth logic. One problem is >> that I’m not sure how to link subsequent calls to the authentified channel >> (actually the channel doesn’t matter to much, what’s more important is to >> know that the sender of a message has already been authentified), because >> the only info I seem to have is ServerCallContext.Peer and I seriously >> doubt that it can be used. >> >> So my questions: >> 1 - Is it ok to create a Channel inside one of the servers service >> methods ? >> > > Yes, that's fine. > > >> 2 - How can I securely link the Channel to auth data ? In other words >> when someone calls one of the peers service methods, I need to able to link >> it to a peer has previously been autentified. >> >> Thanks in advance >> > -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/grpc-io. To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/c31fa474-82ea-439b-bc08-d1afe4999d47%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
