xref: /aosp_15_r20/external/grpc-grpc/include/grpcpp/security/auth_metadata_processor.h (revision cc02d7e222339f7a4f6ba5f422e6413f4bd931f2) 
1 //
2 //
3 // Copyright 2015 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 //     http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18 
19 #ifndef GRPCPP_SECURITY_AUTH_METADATA_PROCESSOR_H
20 #define GRPCPP_SECURITY_AUTH_METADATA_PROCESSOR_H
21 
22 #include <map>
23 
24 #include <grpcpp/security/auth_context.h>
25 #include <grpcpp/support/status.h>
26 #include <grpcpp/support/string_ref.h>
27 
28 namespace grpc {
29 
30 /// Interface allowing custom server-side authorization based on credentials
31 /// encoded in metadata.  Objects of this type can be passed to
32 /// \a ServerCredentials::SetAuthMetadataProcessor().
33 /// Please also check out \a grpc::experimental::Interceptor for another way to
34 /// do customized operations on the information provided by a specific call.
35 class AuthMetadataProcessor {
36  public:
37   typedef std::multimap<grpc::string_ref, grpc::string_ref> InputMetadata;
38   typedef std::multimap<std::string, std::string> OutputMetadata;
39 
~AuthMetadataProcessor()40   virtual ~AuthMetadataProcessor() {}
41 
42   /// If this method returns true, the \a Process function will be scheduled in
43   /// a different thread from the one processing the call.
IsBlocking()44   virtual bool IsBlocking() const { return true; }
45 
46   /// Processes a Call associated with a connection.
47   /// auth_metadata: the authentication metadata associated with the particular
48   ///   call
49   /// context: contains the connection-level info, e.g. the peer identity. This
50   ///   parameter is readable and writable. Note that since the information is
51   ///   shared for all calls associated with the connection, if the
52   ///   implementation updates the info in a specific call, all the subsequent
53   ///   calls will see the updates. A typical usage of context is to use
54   ///   |auth_metadata| to infer the peer identity, and augment it with
55   ///   properties.
56   /// consumed_auth_metadata: contains the metadata that the implementation
57   ///   wants to remove from the current call, so that the server application is
58   ///   no longer able to see it anymore. A typical usage would be to do token
59   ///   authentication in the first call, and then remove the token information
60   ///   for all subsequent calls.
61   /// response_metadata(CURRENTLY NOT SUPPORTED): the metadata that will be sent
62   ///   as part of the response.
63   /// return: if the return value is not Status::OK, the rpc call will be
64   ///   aborted with the error code and error message sent back to the client.
65   virtual grpc::Status Process(const InputMetadata& auth_metadata,
66                                grpc::AuthContext* context,
67                                OutputMetadata* consumed_auth_metadata,
68                                OutputMetadata* response_metadata) = 0;
69 };
70 
71 }  // namespace grpc
72 
73 #endif  // GRPCPP_SECURITY_AUTH_METADATA_PROCESSOR_H
74