New issue
Advanced search Search tips

Issue 910785 link

Starred by 1 user
Status: Fixed
Owner:
vadimsh@chromium.org
Closed: Dec 4
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug

Blocking:
issue 900006



Sign in to add a comment

Add a method to auth client to forward user auth cookies to outbound rpc calls

Project Member Reported by pprabhu@chromium.org, Dec 1 
Use case:

User talks to Service A via prpc
Service A wants to talk to Service B on user's behalf.

Service A should be able to forward auth access_token received from the user to Service B

Comment 1 by pprabhu@chromium.org, Dec 1

Blocking: 900006

Comment 2 by pprabhu@chromium.org, Dec 1 

Want to extend this: https://cs.chromium.org/chromium/infra/go/src/go.chromium.org/luci/server/auth/client.go?l=40

Don't have name suggestions as AsUser is already taken.

Comment 3 by vadimsh@chromium.org, Dec 1 

I'm naming it AsCredentialsForwarder (and explaining the difference from AsUser in the comments).

Comment 4 by vadimsh@chromium.org, Dec 1

Labels: -OS-Mac
Project Member

Comment 5 by bugdroid1@chromium.org, Dec 4 

The following revision refers to this bug:
  https://chromium.googlesource.com/infra/luci/luci-go.git/+/17e2167306120023769b875c27d3242dc5d3a619

commit 17e2167306120023769b875c27d3242dc5d3a619
Author: Vadim Shtayura <vadimsh@chromium.org>
Date: Tue Dec 04 01:46:02 2018

[auth] Implement AsCredentialsForwarder RPC auth method.

It just takes an inbound OAuth2 token and forwards it along in outbound RPCs. If
the inbound call is anonymous, outbound calls are anonymous too. If the inbound
call was authenticated with something other than raw OAuth2 token, outbound
calls fail with ErrNoForwardableCreds.

R=tandrii@chromium.org, pprabhu@chromium.org
BUG= 910785 

Change-Id: Ib67d4092c24964d28a2e4f66a1c59125a2ced640
Reviewed-on: https://chromium-review.googlesource.com/c/1357332
Reviewed-by: Andrii Shyshkalov <tandrii@chromium.org>
Commit-Queue: Vadim Shtayura <vadimsh@chromium.org>

[modify] https://crrev.com/17e2167306120023769b875c27d3242dc5d3a619/appengine/gaeauth/server/oauth.go
[add] https://crrev.com/17e2167306120023769b875c27d3242dc5d3a619/appengine/gaeauth/server/oauth_test.go
[modify] https://crrev.com/17e2167306120023769b875c27d3242dc5d3a619/server/auth/auth.go
[modify] https://crrev.com/17e2167306120023769b875c27d3242dc5d3a619/server/auth/auth_test.go
[modify] https://crrev.com/17e2167306120023769b875c27d3242dc5d3a619/server/auth/authtest/state.go
[modify] https://crrev.com/17e2167306120023769b875c27d3242dc5d3a619/server/auth/client.go
[modify] https://crrev.com/17e2167306120023769b875c27d3242dc5d3a619/server/auth/client_test.go
[modify] https://crrev.com/17e2167306120023769b875c27d3242dc5d3a619/server/auth/oauth.go
[modify] https://crrev.com/17e2167306120023769b875c27d3242dc5d3a619/server/auth/oauth_test.go
[modify] https://crrev.com/17e2167306120023769b875c27d3242dc5d3a619/server/auth/state.go

Comment 6 by vadimsh@chromium.org, Dec 4

Status: Fixed (was: Assigned)

Sign in to add a comment