Channels
#support-questions
Title
r
Ren Lynro
06/16/2022, 2:54 PMHello
How can I validate authen with supertokens in gRPC in Go (Gin-gonic)?
Thank you
r
rp
06/16/2022, 2:56 PMhey! So supertokens sessions only works with http. For grpc, you can enable JWT with our sessions, extract the JWT on the frontend from the sessions, and pass that in the gRPC requests.
r
Ren Lynro
06/16/2022, 2:57 PMOkie, I will try it. Thank you ~~
r
rp
06/16/2022, 2:57 PMfeel free to ask more questions if you get stuck 🙂
r
Ren Lynro
06/16/2022, 3:00 PMCertainly ~~
hello @rp , can we retrieve the "Access token" from the requests manually?
Currently we have another services that need to validate their received request, we want to get the access token and send it to the auth service to validate it, how can we achieve it? Thank you
r
rp
06/19/2022, 7:59 AMhey @Ren Lynro
So this is backend to backend communication right?
r
Ren Lynro
06/19/2022, 7:59 AMCorrect, we communicate through gRPC 😻
r
rp
06/19/2022, 8:00 AMOkay. And do you have the session object in your APIs?
that you get from using VerifySession middleware
r
Ren Lynro
06/19/2022, 8:01 AMNo the other services don't have the session, only the auth service got access to the supertokens
we intend to deploy using the same domain though
r
rp
06/19/2022, 8:03 AMSo when you say "we want to get the access token" -> which API is this from? Does that API recieve a JWT or a supertokens cookie access token?
r
Ren Lynro
06/19/2022, 8:03 AMIt's the supertokens cookie access token
If i understand correctly, Supertokens will attach the access token to each api in need of authorize right?
r
rp
06/19/2022, 8:04 AMYes.
right. So then you do have access to the session object in that API which receives the cookie?
if you do have that, then you can do
session.GetAccessToken()Or, are you talking about the JWT (since in our previous conversation, I had asked you to enable JWT feature)
r
Ren Lynro
06/19/2022, 8:11 AMI mean the other services don't get access to the supertokens service, only the auth service have the config and lib, so they can't use any helper from supertokens lib
So I want to manually retrieve the session of supertokens
r
rp
06/19/2022, 8:12 AMBut the cookie are sent to those services?
I mean, the API which the frontend queries, does that get the supertokens' cookies? If yes, how do you verify those if you don't use our lib?
r
Ren Lynro
06/19/2022, 8:21 AMI intend to do something like this
Did i misunderstand anything? @@
r
rp
06/19/2022, 8:22 AMAlright yea! So the front to auth makes sense. The front to others is grpc?
r
Ren Lynro
06/19/2022, 8:23 AMAh no, the other is restful as normal, just backend communication is gRPC
r
rp
06/19/2022, 8:23 AMI see. So the front to other also makes sense. And it will be cookie based.
Now, to verify the session in other, you will have to use our golang lib and initialise the session recipe there
And then we have a middleware like VerifySession which you can use to verify the session from the cookies. That function does everything that’s required to check if a session is fine or not
Once that function runs successfully, it will attach a session object in the context which you can get in your API logic. Using that session object, you can get the JWT from it (as shown in the link above) and send that to other micro services which can go about doing normal JWT verification.
So for the “others” part, you may wanna check out our sessions only recipe setup: https://supertokens.com/docs/session/quick-setup/backend
Hope this clarifies things
r
Ren Lynro
06/19/2022, 8:27 AMso i need to init the super token for all the service in need of session verify, right?
r
rp
06/19/2022, 8:28 AMYes. Cookies based that is. So essentially all the services that the frontend talks to directly.
r
Ren Lynro
06/19/2022, 8:28 AMOkay, thank you ~~ 😻
r
rp
06/19/2022, 8:28 AM👍
(Renamed this thread to be more appropriate)