How can I implement custom user authentication provider/service and forward response to backend using gRPC in API Gateway on Google Cloud?

huangapple go评论70阅读模式
英文:

How can I implement custom user authentication provider/service and forward response to backend using gRPC in API Gateway on Google Cloud?

问题

抱歉,我只会为您提供中文翻译,以下是您提供的内容的翻译:

我正在阅读有关API GATEWAY的文档,但我找不到解决问题的方法:

我正在努力实现的目标是,我在Cloud Run上有多个服务,其中一个服务是身份验证服务,我希望所有访问API GATEWAY的客户端请求都被重定向到这个自定义身份验证服务,我将在那里访问令牌和会话ID,并根据需要使用它们验证从会话数据中获取用户数据,并将这些数据转发到调用它的适当服务。

我在API调用中使用gRPC,因此我想知道如何使用GCP API Gateway来实现这一目标。

谢谢!

我在文档中找不到任何可以解释如何实现这一目标的信息。

英文:

I was reading the docs on API GATEWAY, but I couldn't find the solution for the problem:

What I am struggling to achieve is, I have multiple services on cloud run, and one service is the authentication, I want all the requests from clients that hit API GATEWAY to be redirected to this custom authentication service where I will access a token and session Id and use them accordingly to validate get user data from session data and froward these data to appropriate service it was calling.

I use gRPC in my API calls, so I would like to know how I can achieve this using GCP API Gateway.

Thanks!

I couldn't find anything in the docs that would explain me how I could achieve this.

答案1

得分: 0

Posting DazWilkin's answer in the comments as a community wiki for everyone's visibility.

gRPC doesn't give a redirect mechanism. Your gRPC client should

  1. Invoke an authentication request method on your auth service and receive an auth response;

  2. Invoke the other gRPC service passing the credentials;

  3. Each gRPC service will authenticate the incoming credentials, pass through if valid and reject if invalid/expired.

  4. gRPC clients will need to deal with invalid and expired credentials.

You can check the official documentation of gRPC for more information.

英文:

Posting DazWilkin's answer in the comments as a community wiki for everyone's visibility. <br><br>gRPC doesn't give a redirect mechanism. Your gRCP client should<br><br>1. Invoke an authentication request method on your auth service and receive an auth response; <br>2. Invoke the other gRPC service passing the credentials; <br>3. Each gRCP service will authenticate the incoming credentials, pass through if valid and reject if invalid/expired. <br>4. gRCP clients will need to deal with invalid and expired credentials.<br><br>You can check the official documentation of gRPC for more information.<br><br>

huangapple
  • 本文由 发表于 2023年6月15日 06:09:48
  • 转载请务必保留本文链接:https://go.coder-hub.com/76477890.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定