To call authenticated RPCs from other services, we have to support providing s2s token.
Modified the interceptor to look for the token, in addition to traditional Auth Metadata (uid + did + csat).
Details
Details
Tested locally, using GUI gRPC client and default localstack-stored service-to-service token.
Diff Detail
Diff Detail
- Repository
- rCOMM Comm
- Lint
No Lint Coverage - Unit
No Test Coverage
Event Timeline
| services/identity/src/grpc_services/authenticated.rs | ||
|---|---|---|
| 101–107 | Why are we not using verify_auth_credential here? It seems to be doing the same thing as for AuthorizationCredential::UserToken. Maybe this could make the code simpler. | |
| services/identity/src/grpc_services/authenticated.rs | ||
|---|---|---|
| 101–107 | verify_auth_credential is for non-Identity services. It calls the VerifyUserAccessToken Identity RPC which does this DDB call internally. It would create an unnecessary network call to self. | |