protoc-gen-authenticate

command module
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 3, 2023 License: Apache-2.0 Imports: 3 Imported by: 0

README ยถ

protoc-gen-authenticate ๐Ÿ›ก๏ธ

GoDoc

protoc-gen-authenticate is an innovative protoc plugin and library ๐ŸŒŸ designed to simplify and secure gRPC request authentication. It seamlessly integrates authentication providers directly within your proto files ๐Ÿ“, reducing the need to clutter your application code with complex authentication logic. Perfect for developers ๐Ÿ‘จโ€๐Ÿ’ป๐Ÿ‘ฉโ€๐Ÿ’ป looking to streamline their security workflows in gRPC applications. In this README, you'll find easy installation instructions ๐Ÿ“ฅ, examples ๐Ÿ’ก, and all you need to harness the power of expression-based rules for robust and efficient request handling ๐Ÿ’ผ.

Features

  • Generated code can be used with Unary and Stream interceptors in github.com/autom8ter/protoc-gen-authenticate/authenticator
  • Highly configurable JWT authentication
  • Supports multiple authentication providers
  • Support for Remote JWKS (JSON Web Key Set) endpoints
  • Support for different providers based on environment

Installation

The plugin can be installed with the following command:

    go install github.com/autom8ter/protoc-gen-authenticate

Code Generation

buf.gen.yaml example:

version: v1
plugins:
  - plugin: buf.build/protocolbuffers/go
    out: gen
    opt: paths=source_relative
  - plugin: buf.build/grpc/go
    out: gen
    opt:
      - paths=source_relative
  - plugin: authenticate
    out: gen
    opt:
      - paths=source_relative

Example

// GoogleService service is an example of how to authenticate with Google's OAuth2 service
service GoogleService {
  option (authenticate.config) = {
    environment: "TEST"
    providers: [{
      name: "google",
      jwt: {
        algorithm: RS256,
        jwks_uri: "https://www.googleapis.com/oauth2/v3/certs",
        issuer: "https://accounts.google.com",
        audience: "https://example.com",
        require_claims: ["email_verified", "email"],
      },
    }]
    whitelist_methods: ["Login"]
  };
  rpc Login(google.protobuf.Empty) returns (google.protobuf.Empty);
  rpc Logout(google.protobuf.Empty) returns (google.protobuf.Empty);
}

service PrivateService {
  option (authenticate.config) = {
    environment: "TEST"
    whitelist_methods: ["Unauthenticated"]
    providers: [
      {
        name: "custom",
        jwt: {
          algorithm: HS256,
          secret_env: "JWT_DEV_SECRET",
        }
      }
    ]
  };
  option (authenticate.config) = {
    // only enabled when GRPC_AUTH=PROD env var is set
    environment: "PROD"
    whitelist_methods: ["Unauthenticated"]
    providers: [{
      name: "custom",
      jwt: {
        algorithm: HS256,
        secret_env: "JWT_PROD_SECRET",
      }
    }]
  };
  rpc RequireAuthentication(google.protobuf.Empty) returns (google.protobuf.Empty);
  rpc Unauthenticated(google.protobuf.Empty) returns (google.protobuf.Empty);
}

    // create a new authenticator from the generated function(protoc-gen-authenticate)
	auth, err := example.NewAuthentication("TEST")
	if err != nil {
		return err
	}
	// create a new grpc server with the authorizer interceptors
	srv := grpc.NewServer(
		grpc.UnaryInterceptor(
			grpc_auth.UnaryServerInterceptor(auth),
		),
		grpc.StreamInterceptor(
			grpc_auth.StreamServerInterceptor(auth),
		),
	)

See example for the full example.

Documentation ยถ

The Go Gopher

There is no documentation for this package.

Source Files ยถ

View all Source files

Directories ยถ

Path Synopsis
gen/authenticate
gen/example/v1
server

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.