README
¶
gRPC Token Authentication
Code for gRPC token authentication blog posts
Quick Start
Open two terminal windows, in the first one, run the server:
$ go run ./cmd/svc serve
In the second one, run client commands. First attempt to get the secure message without logging in as follows:
$ go run ./cmd/svc secure
You should see an error message! Now login:
$ go run ./cmd/svc login -u secretagent -p supersecret
This will write a file called "token.txt" to your current working directory; you should now be able to get the secure message:
$ go run ./cmd/svc secure
If you wait 10 minutes the token will expire and you'll automatically be logged out; however you can also use the logout command directly:
$ go run ./cmd/svc logout
Note this will not delete the "token.txt" file; go ahead and try to get the secure message again:
$ go run ./cmd/svc secure
Documentation
¶
Index ¶
- func CreateDerivedKey(password string) (_ string, err error)
- func ParseDerivedKey(encoded string) (dk, salt []byte, time, memory uint32, threads uint8, err error)
- func VerifyDerivedKey(dk, password string) (_ bool, err error)
- type Server
- func (s *Server) Login(ctx context.Context, in *api.LoginRequest) (out *api.LoginReply, err error)
- func (s *Server) Logout(ctx context.Context, in *api.Empty) (out *api.LogoutReply, err error)
- func (s *Server) Secure(ctx context.Context, in *api.Empty) (out *api.SecureReply, err error)
- func (s *Server) Serve(addr string) (err error)
- func (s *Server) Shutdown() (err error)
- type TokenCredentials
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateDerivedKey ¶
CreateDerivedKey creates an encoded derived key with a random hash for the password.
func ParseDerivedKey ¶
func ParseDerivedKey(encoded string) (dk, salt []byte, time, memory uint32, threads uint8, err error)
ParseDerivedKey returns the parts of the encoded derived key string.
func VerifyDerivedKey ¶
VerifyDerivedKey checks that the submitted password matches the derived key.
Types ¶
type Server ¶
type Server struct {
api.UnimplementedAuthenticatorServer
// contains filtered or unexported fields
}
func (*Server) Login ¶
func (s *Server) Login(ctx context.Context, in *api.LoginRequest) (out *api.LoginReply, err error)
Login the user with the specified username and password. Login uses argon2 derived key comparisons to verify the user without storing the password in plain text. It returns JWT access and refresh tokens that can be used to access the secure endpoint.
func (*Server) Logout ¶
Logout removes the authorization token from the list of logged-in tokens, which means that it cannot be used again as a login-token.
type TokenCredentials ¶
type TokenCredentials struct {
Token string
}
TokenCredentials implements per-RPC credentials to be provided by the client as a dial or call option to authenticate the user via the Authorization: Bearer header in the request.
func (TokenCredentials) GetRequestMetadata ¶
func (c TokenCredentials) GetRequestMetadata(ctx context.Context, uri ...string) (map[string]string, error)
GetRequestMetadata implements credentials.PerRPCCredentials to set the token header.
func (TokenCredentials) RequireTransportSecurity ¶
func (c TokenCredentials) RequireTransportSecurity() bool
RequireTransportSecurity should be True for this authentication mechanism, since anyone with the access token will be authorized. However, for the purposes of this demo, it's set to False for testing and development.
Source Files
Directories