Does Thrift have a mechanism for passing tokens (e.g. auth token strings) when making a remote call? The only option I can see is to include the auth token string in the method signature?
Does Thrift have a mechanism for passing tokens (e.g. auth token strings) when making a remote call? The only option I can see is to include the auth token string in the method signature?
Its possible to do this over HTTP - the HTTP server and client can talk userid and token in the http(s) headers.
On the client side, subclass the thrift http client. Register key-value pairs with it, to be supplied in subsequent requests.
On the server side, write a filter that receives then stores the http request header variable before passing it onto the handling thrift code. Now, what to do with the token on the server is your business. You might -- allow/disallow access to whole interface based on the token (useful for internal, developer services), or communicate the userid-token to service objects via a thread-local object (ugly but workable).