kotlinx-rpc
kotlinx-rpc copied to clipboard
Kotlin
Is it possible to add an Authentication header to the RPC client?
Is it possible to add an Authentication header to the RPC client?
Like this:
// App.kt
suspend fun setupRPC(): NewsService = client.rpc {
url {
host = DEV_SERVER_HOST
port = 8080
encodedPath = "/api"
}
headers {
append(HttpHeaders.Authorization, "Basic YWRtaW46YWRtaW4=")
}
rpcConfig {
serialization {
json { }
}
}
}.withService()
I tried this, and the header is not being added to the requests.
If this is not the correct functionality, is the work-around to send the authentication along with the RPC calls as a parameter?
I'm a RPC newbie... but is it considered safe to pass an Auth string as a parameter, as a temporary workaround? Or would this be a security vulnerability?
I think it's doable but need huge refactoring of code
What exactly? Passing a authetntication string as a parameter? My ask is if sending this kind of payload would result in a security vulnerability? Or is sending an data in RPC considered secure as its traveling over https?
It's same secure as how https is secure. I mean when you need to pass a parameter whenever your function need authentication, this cause huge amount of code modification. I would usually use "aspect" for this kind of task. In client-server case, it is header authentication.
OK, thank you for confirming it’s secure via HTTPS. The parameter passing is acceptable for now, since header authentication is not available yet...
On Aug 23, 2024, at 9:01 AM, Eric Deng @.***> wrote:
It's same secure as how https is secure. I mean when you need to pass a parameter whenever your function need authentication, this cause huge amount of code modification. I would usually use "aspect" for this kind of task. In client-server case, it is header authentication.
— Reply to this email directly, view it on GitHub https://github.com/Kotlin/kotlinx-rpc/issues/160#issuecomment-2307162129, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABHLEYVGGBA72UZ347H4E4LZS46DJAVCNFSM6AAAAABMLLBOSWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGMBXGE3DEMJSHE. You are receiving this because you authored the thread.
@realityexpander I looked into the code and found that headers function you use is the wrong one in Ktor. (public fun headers(builder: HeadersBuilder.() -> Unit): Headers = Headers.build(builder)). It does not add headers, but creates and returns a Headers instance. The correct way would be the write headers.append(HttpHeaders.Authorization, "Basic YWRtaW46YWRtaW4=") or headers[HttpHeaders.Authorization] = "Basic YWRtaW46YWRtaW4="
Ah, I see.
Confirming: is this the standard pattern for setting up headers?
Probably yes, though it's better to ask in the ktor slack, for example, or refer to their docs
Probably yes, though it's better to ask in the ktor slack, for example, or refer to their docs
OK thank you!