Thrift RPC headers

4k views Asked by At

Does Thrift have a mechanism for passing tokens (e.g. auth token strings) when making a remote call? The only option I can see is to include the auth token string in the method signature?

2

There are 2 answers

4
user48956 On

Its possible to do this over HTTP - the HTTP server and client can talk userid and token in the http(s) headers.

On the client side, subclass the thrift http client. Register key-value pairs with it, to be supplied in subsequent requests.

On the server side, write a filter that receives then stores the http request header variable before passing it onto the handling thrift code. Now, what to do with the token on the server is your business. You might -- allow/disallow access to whole interface based on the token (useful for internal, developer services), or communicate the userid-token to service objects via a thread-local object (ugly but workable).

1
JensG On

No, unlike e.g. WS-Security with SOAP, that's considered as being out of scope for Thrift. This part is left to be implemented by the higher level layers of your application, or other mechanisms, depending on what transport you are using.