1*e07d83d3SAndroid Build Coastguard WorkerAuthentication Example 2*e07d83d3SAndroid Build Coastguard Worker============================================== 3*e07d83d3SAndroid Build Coastguard Worker 4*e07d83d3SAndroid Build Coastguard WorkerThis example illustrates a simple JWT-based authentication implementation in gRPC using 5*e07d83d3SAndroid Build Coastguard Worker server interceptor. It uses the JJWT library to create and verify JSON Web Tokens (JWTs). 6*e07d83d3SAndroid Build Coastguard Worker 7*e07d83d3SAndroid Build Coastguard WorkerThe example requires grpc-java to be pre-built. Using a release tag will download the relevant binaries 8*e07d83d3SAndroid Build Coastguard Workerfrom a maven repository. But if you need the latest SNAPSHOT binaries you will need to follow 9*e07d83d3SAndroid Build Coastguard Worker[COMPILING](../../COMPILING.md) to build these. 10*e07d83d3SAndroid Build Coastguard Worker 11*e07d83d3SAndroid Build Coastguard WorkerThe source code is [here](src/main/java/io/grpc/examples/jwtauth). 12*e07d83d3SAndroid Build Coastguard WorkerTo build the example, run in this directory: 13*e07d83d3SAndroid Build Coastguard Worker``` 14*e07d83d3SAndroid Build Coastguard Worker$ ../gradlew installDist 15*e07d83d3SAndroid Build Coastguard Worker``` 16*e07d83d3SAndroid Build Coastguard WorkerThe build creates scripts `auth-server` and `auth-client` in the `build/install/example-jwt-auth/bin/` directory 17*e07d83d3SAndroid Build Coastguard Workerwhich can be used to run this example. The example requires the server to be running before starting the 18*e07d83d3SAndroid Build Coastguard Workerclient. 19*e07d83d3SAndroid Build Coastguard Worker 20*e07d83d3SAndroid Build Coastguard WorkerRunning auth-server is similar to the normal hello world example and there are no arguments to supply: 21*e07d83d3SAndroid Build Coastguard Worker 22*e07d83d3SAndroid Build Coastguard Worker**auth-server**: 23*e07d83d3SAndroid Build Coastguard Worker 24*e07d83d3SAndroid Build Coastguard WorkerThe auth-server accepts optional argument for port on which the server should run: 25*e07d83d3SAndroid Build Coastguard Worker 26*e07d83d3SAndroid Build Coastguard Worker```text 27*e07d83d3SAndroid Build Coastguard WorkerUSAGE: auth-server [port] 28*e07d83d3SAndroid Build Coastguard Worker``` 29*e07d83d3SAndroid Build Coastguard Worker 30*e07d83d3SAndroid Build Coastguard WorkerThe auth-client accepts optional arguments for server-host, server-port, user-name and client-id: 31*e07d83d3SAndroid Build Coastguard Worker 32*e07d83d3SAndroid Build Coastguard Worker**auth-client**: 33*e07d83d3SAndroid Build Coastguard Worker 34*e07d83d3SAndroid Build Coastguard Worker```text 35*e07d83d3SAndroid Build Coastguard WorkerUSAGE: auth-client [server-host [server-port [user-name [client-id]]]] 36*e07d83d3SAndroid Build Coastguard Worker``` 37*e07d83d3SAndroid Build Coastguard Worker 38*e07d83d3SAndroid Build Coastguard WorkerThe `user-name` value is simply passed in the `HelloRequest` message as payload and the value of 39*e07d83d3SAndroid Build Coastguard Worker`client-id` is included in the JWT claims passed in the metadata header. 40*e07d83d3SAndroid Build Coastguard Worker 41*e07d83d3SAndroid Build Coastguard Worker 42*e07d83d3SAndroid Build Coastguard Worker#### How to run the example: 43*e07d83d3SAndroid Build Coastguard Worker 44*e07d83d3SAndroid Build Coastguard Worker```bash 45*e07d83d3SAndroid Build Coastguard Worker# Run the server: 46*e07d83d3SAndroid Build Coastguard Worker./build/install/example-jwt-auth/bin/auth-server 50051 47*e07d83d3SAndroid Build Coastguard Worker# In another terminal run the client 48*e07d83d3SAndroid Build Coastguard Worker./build/install/example-jwt-auth/bin/auth-client localhost 50051 userA clientB 49*e07d83d3SAndroid Build Coastguard Worker``` 50*e07d83d3SAndroid Build Coastguard Worker 51*e07d83d3SAndroid Build Coastguard WorkerThat's it! The client will show the user-name reflected back in the message from the server as follows: 52*e07d83d3SAndroid Build Coastguard Worker``` 53*e07d83d3SAndroid Build Coastguard WorkerINFO: Greeting: Hello, userA 54*e07d83d3SAndroid Build Coastguard Worker``` 55*e07d83d3SAndroid Build Coastguard Worker 56*e07d83d3SAndroid Build Coastguard WorkerAnd on the server side you will see the message with the client's identifier: 57*e07d83d3SAndroid Build Coastguard Worker``` 58*e07d83d3SAndroid Build Coastguard WorkerProcessing request from clientB 59*e07d83d3SAndroid Build Coastguard Worker``` 60*e07d83d3SAndroid Build Coastguard Worker 61*e07d83d3SAndroid Build Coastguard Worker## Maven 62*e07d83d3SAndroid Build Coastguard Worker 63*e07d83d3SAndroid Build Coastguard WorkerIf you prefer to use Maven follow these [steps](../README.md#maven). You can run the example as follows: 64*e07d83d3SAndroid Build Coastguard Worker 65*e07d83d3SAndroid Build Coastguard Worker``` 66*e07d83d3SAndroid Build Coastguard Worker$ # Run the server 67*e07d83d3SAndroid Build Coastguard Worker$ mvn exec:java -Dexec.mainClass=io.grpc.examples.authentication.AuthServer -Dexec.args="50051" 68*e07d83d3SAndroid Build Coastguard Worker$ # In another terminal run the client 69*e07d83d3SAndroid Build Coastguard Worker$ mvn exec:java -Dexec.mainClass=io.grpc.examples.authentication.AuthClient -Dexec.args="localhost 50051 userA clientB" 70*e07d83d3SAndroid Build Coastguard Worker``` 71