-
Notifications
You must be signed in to change notification settings - Fork 303
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add on-demand jwt credentials #136
Comments
@jonparrott That looks about right to me. I assume that the |
correct. @jboeuf is there any external (or internal) documentation you can share with me on this behavior? one of my biggest goals with this library is that it's well-researched and documented with references. Anything helps. |
Would this work?
https://github.com/grpc/grpc/blob/master/doc/load-balancing.md
It explains how load balancing works on how the client opens different
connections to the balancers and to the backends but is not very specific
about the credentials story.
…On Wed, Mar 22, 2017 at 4:30 PM, Jon Wayne Parrott ***@***.*** > wrote:
I assume that the from_signing_credentials class method for this new class
would not take an audience parameter just like the constructor.
correct.
@jboeuf <https://github.com/jboeuf> is there any external (or internal)
documentation you can share with me on this behavior? one of my biggest
goals with this library is that it's well-researched and documented with
references. Anything helps.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#136 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AF-P7QtmpWOcTmdl31KUf6araWvgqMLmks5roa8DgaJpZM4MkwMQ>
.
|
@jboeuf this helps but i was specifically talking about the auth metadata callback stuff. |
Ah, OK.
This
http:https://www.grpc.io/docs/guides/auth.html#extending-grpc-to-support-other-authentication-mechanisms
documents the C++ interface but you have a similar one in python which is
not documented here.
This issue tracked the python implementation:
grpc/grpc#3908
…On Wed, Mar 22, 2017 at 5:05 PM, Jon Wayne Parrott ***@***.*** > wrote:
@jboeuf <https://github.com/jboeuf> this helps but i was specifically
talking about the auth metadata callback stuff.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#136 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AF-P7f9Rw8EX-qrZmpCrJyE6U6AXGuE8ks5robdegaJpZM4MkwMQ>
.
|
Thanks!
…On Wed, Mar 22, 2017, 10:20 PM jboeuf ***@***.***> wrote:
Ah, OK.
This
http:https://www.grpc.io/docs/guides/auth.html#extending-grpc-to-support-other-authentication-mechanisms
documents the C++ interface but you have a similar one in python which is
not documented here.
This issue tracked the python implementation:
grpc/grpc#3908
On Wed, Mar 22, 2017 at 5:05 PM, Jon Wayne Parrott <
***@***.***
> wrote:
> @jboeuf <https://github.com/jboeuf> this helps but i was specifically
> talking about the auth metadata callback stuff.
>
> —
> You are receiving this because you were mentioned.
> Reply to this email directly, view it on GitHub
> <
#136 (comment)
>,
> or mute the thread
> <
https://github.com/notifications/unsubscribe-auth/AF-P7f9Rw8EX-qrZmpCrJyE6U6AXGuE8ks5robdegaJpZM4MkwMQ
>
> .
>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#136 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAPUc2TnN5_pcB9csMwR0lmw4Ilyv9IHks5rogEagaJpZM4MkwMQ>
.
|
jwt.Credentials
only works for a single audience at a time and must have knowledge of the audience beforehand. gRPC APIs, however, may not be able to determine the audience beforehand so JWTs should be generated on-demand during thebefore_request
callback.We previously had this behavior as part of
jwt.Credentials
, but it was removed because it made the behavior of the class ambiguous. This feature request is to bring that functionality back as a separate classjwt.OnDemandCredentials
.This class:
audience
argument in its constructor.from_signing_credentials
.cachetools.LRUCache
.before_request
or uses an existing cached JWT.token
.Context.
@dhermes @lukesneeringer any concerns about the name or dependency on
cachetools
?@jboeuf any concerns on the behavior here?
The text was updated successfully, but these errors were encountered: