Jiangtao Li

@murgatroid99 Any plan to implement interceptors on grpc-node server side?

The token change from JWT server account creds to OAuth token is via https://accounts.google.com/o/oauth2/token. @ejona86 Could you point the grpc core change that you refer? I think it makes sense...

Sorry for delay. I took some time to research cloud auth APIs and related gRPC codes. When using service account key, one can either obtain an oauth2 access token from...

@ejona86 I check all c core code. The only place that uses scopes is [StsTokenFetcherCredentials](https://github.com/grpc/grpc/blob/master/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc#L543).

gRPC returning UNAVAILABLE is a fine choice for this particular use case. Downloading service account key is a bad choice, posing security risks to customers and to Google. Customers shall...

I would treat as working as intended. @meltsufin Have you try to use [Secure Token Service](https://cloud.google.com/iam/docs/reference/sts/rest)? That is a better alternative than service account key.

+Mark Roth ***@***.***> The plan is to update grpc.io with concrete examples once new TLS credentials is stable. Thanks, Jiangtao On Sat, Mar 27, 2021 at 11:23 PM ZhenLian ***@***.***>...

@dsyzhu We are designing a gRPC SSL utility library that can handle - Credential reloading - Root certificate reloading - SPIFFE identity support - Server authorization check plugin Would you...

Supporting Kerberbos GSSAPI authentication in gRPC seems a good feature from security point of view. +@nicolasnoble on build system changes.

https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security/ Application Layer Transport Security (ALTS)