dex/vendor/google.golang.org/grpc/Documentation/grpc-auth-support.md

# Authentication

As outlined in the [gRPC authentication guide](http://www.grpc.io/docs/guides/auth.html) there are a number of different mechanisms for asserting identity between an client and server. We'll present some code-samples here demonstrating how to provide TLS support encryption and identity assertions as well as passing OAuth2 tokens to services that support it.

# Enabling TLS on a gRPC client

```Go
conn, err := grpc.Dial(serverAddr, grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, "")))
```

# Enabling TLS on a gRPC server

```Go
creds, err := credentials.NewServerTLSFromFile(certFile, keyFile)
if err != nil {
  log.Fatalf("Failed to generate credentials %v", err)
}
lis, err := net.Listen("tcp", ":0")
server := grpc.NewServer(grpc.Creds(creds))
...
server.Serve(lis)
```

# Authenticating with Google

## Google Compute Engine (GCE)

```Go
conn, err := grpc.Dial(serverAddr, grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, ""), grpc.WithPerRPCCredentials(oauth.NewComputeEngine())))
```

## JWT

```Go
jwtCreds, err := oauth.NewServiceAccountFromFile(*serviceAccountKeyFile, *oauthScope)
if err != nil {
  log.Fatalf("Failed to create JWT credentials: %v", err)
}
conn, err := grpc.Dial(serverAddr, grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, ""), grpc.WithPerRPCCredentials(jwtCreds)))
```
*: revendor 2016-10-04 07:28:50 +00:00			`# Authentication`

			`As outlined in the [gRPC authentication guide](http://www.grpc.io/docs/guides/auth.html) there are a number of different mechanisms for asserting identity between an client and server. We'll present some code-samples here demonstrating how to provide TLS support encryption and identity assertions as well as passing OAuth2 tokens to services that support it.`

			`# Enabling TLS on a gRPC client`

			```Go
			`conn, err := grpc.Dial(serverAddr, grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, "")))`
			```

			`# Enabling TLS on a gRPC server`

			```Go
			`creds, err := credentials.NewServerTLSFromFile(certFile, keyFile)`
			`if err != nil {`
			`log.Fatalf("Failed to generate credentials %v", err)`
			`}`
			`lis, err := net.Listen("tcp", ":0")`
			`server := grpc.NewServer(grpc.Creds(creds))`
			`...`
			`server.Serve(lis)`
			```

			`# Authenticating with Google`

			`## Google Compute Engine (GCE)`

			```Go
			`conn, err := grpc.Dial(serverAddr, grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, ""), grpc.WithPerRPCCredentials(oauth.NewComputeEngine())))`
			```

			`## JWT`

			```Go
			`jwtCreds, err := oauth.NewServiceAccountFromFile(serviceAccountKeyFile, oauthScope)`
			`if err != nil {`
			`log.Fatalf("Failed to create JWT credentials: %v", err)`
			`}`
			`conn, err := grpc.Dial(serverAddr, grpc.WithTransportCredentials(credentials.NewClientTLSFromCert(nil, ""), grpc.WithPerRPCCredentials(jwtCreds)))`
			```