grpc
/
grpc.io
mirror of https://github.com/grpc/grpc.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auth page description adj., and markdown cleanup (#212)

This commit is contained in:
Patrice Chalin 2020-04-23 19:12:39 -04:00 committed by GitHub
parent 2750f043db
commit 0a198d69fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
content/docs/guides/auth.md
View File

@ -1,8 +1,9 @@
--- ---
layout: guides layout: guides
title: Authentication title: Authentication
description: | description: >
This document provides an overview of gRPC authentication, including our built-in supported auth mechanisms, how to plug in your own authentication systems, and examples of how to use gRPC auth in our supported languages. An overview of gRPC authentication, including built-in auth mechanisms, and
how to plug in your own authentication systems.
--- ---
### Overview ### Overview
@ -21,21 +22,23 @@ making a call.
The following authentication mechanisms are built-in to gRPC: The following authentication mechanisms are built-in to gRPC:
- **SSL/TLS**: gRPC has SSL/TLS integration and promotes the use of SSL/TLS - **SSL/TLS**: gRPC has SSL/TLS integration and promotes the use of SSL/TLS
to authenticate the server, and to encrypt all the data exchanged between to authenticate the server, and to encrypt all the data exchanged between
the client and the server. Optional mechanisms are available for clients to the client and the server. Optional mechanisms are available for clients to
provide certificates for mutual authentication. provide certificates for mutual authentication.
- **Token-based authentication with Google**: gRPC provides a generic - **Token-based authentication with Google**: gRPC provides a generic
mechanism (described below) to attach metadata based credentials to requests mechanism (described below) to attach metadata based credentials to requests
and responses. Additional support for acquiring access tokens and responses. Additional support for acquiring access tokens
(typically OAuth2 tokens) while accessing Google APIs through gRPC is (typically OAuth2 tokens) while accessing Google APIs through gRPC is
provided for certain auth flows: you can see how this works in our code provided for certain auth flows: you can see how this works in our code
examples below. In general this mechanism must be used *as well as* SSL/TLS examples below. In general this mechanism must be used *as well as* SSL/TLS
on the channel - Google will not allow connections without SSL/TLS, and on the channel - Google will not allow connections without SSL/TLS, and
most gRPC language implementations will not let you send credentials on an most gRPC language implementations will not let you send credentials on an
unencrypted channel. unencrypted channel.
{{< warning >}} {{< warning >}}
Google credentials should only be used to connect to Google services. Sending a Google issued OAuth2 token to a non-Google service could result in this token being stolen and used to impersonate the client to Google services. Google credentials should only be used to connect to Google services. Sending
a Google issued OAuth2 token to a non-Google service could result in this
token being stolen and used to impersonate the client to Google services.
{{< /warning >}} {{< /warning >}}
### Authentication API ### Authentication API