go-grpc-middleware icon indicating copy to clipboard operation
go-grpc-middleware copied to clipboard

Published 20 hours ago verified publisher icon grpc-ecosystem

[Question] Auth middleware example

Open hotrush opened this issue 2 years ago • 2 comments

Hello, checking auth middleware example (https://github.com/grpc-ecosystem/go-grpc-middleware/tree/master/auth#L36) and have several questions:

  • what does this line do? grpc_ctxtags.Extract(ctx).Set("auth.sub", userClaimFromToken(tokenInfo))
  • also // WARNING: in production define your own type to avoid context collisions - do you suggest to define custom context type? but why? as i know it is a bad practice

hotrush avatar Feb 08 '23 14:02 hotrush

Hey,

  1. Adding token information to tags, so e.g. logger will use this info as field (if you add logging interceptor). Here is better example in upcoming v2 (https://github.com/grpc-ecosystem/go-grpc-middleware/blob/v2/interceptors/auth/examples_test.go#L41)
  2. This if you want further interceptors OR gRPC service code to use certain information about that token (e.g often it's needed to communicate with downstream services or so). From interceptor the only "request" state is through context, thus you need to create your own context key in some form. What exactly is bad practice? If you mean using context keys - I agree, but there is nothing better to put some state to the context.

bwplotka avatar Mar 17 '23 23:03 bwplotka

Using v2, if the auth interceptor is added after the logging interceptor, no auth.sub is available in the default grpc server logs. When adding auth first, no logs will show if the auth function fails.

Wouldn't it make sense if PostCall somehow had access to the context of previous handlers/middlewares?

Multiply avatar Mar 07 '24 05:03 Multiply