Bookmark this to keep an eye on my project updates!
by
I have always been a fan of the “contract first” approach that gRPC and protobuf provides. There are plenty of tutorials that explain how to use gRPC with Dart, but they mostly gloss over the problem of authentication and session management.
To that end, I created a proof of concept on how to implement gRPC authentication between a Flutter client and a Dart gRPC service.
The Fig provides server (fig_auth
) and client (fig_flutter
) libraries to
provide authentication and session management using gRPC.
The basic gist of Fig (Firebase Identity for Flutter using gRPC) is this:
Authenticate
gRPC method provided by fig_auth
, passing along the OIDC token.fig_auth
package validates the OIDC token using PKI.Session
for the user, and returns an opaque session cookie
to the client in the response.Authorization
header. This
is injected into gRPC calls by a client interceptor.fig_auth
looks for a valid session cookie. If the cookie is valid, and
the session has not timed out, the call will be allowed to proceed to your gRPC method. If the
session is not valid, or a cookie is not provided, a gRPC error will be returned to the client.