GrpcCallCredentials
Available in a dev version: 0․11․0-grpc-186
How to configure
Provides per-call authentication credentials for gRPC calls.
Call credentials are used to attach authentication information (such as tokens, API keys, or signatures) to individual gRPC calls through metadata headers. Unlike client credentials, which establish the transport security layer (e.g., TLS), call credentials operate at the application layer and can be dynamically generated for each request.
Usage
Implement this interface to create custom authentication mechanisms:
class BearerTokenCredentials(private val token: String) : GrpcCallCredentials {
override suspend fun Context.getRequestMetadata(): GrpcMetadata {
return GrpcMetadata {
append("Authorization", "Bearer $token")
}
}
}Context-Aware Credentials
Use the Context to implement sophisticated authentication strategies:
class MethodScopedCredentials : GrpcCallCredentials {
override suspend fun Context.getRequestMetadata(): GrpcMetadata {
val scope = when (methodName) {
"GetUser" -> "read:users"
"UpdateUser" -> "write:users"
else -> "default"
}
val token = fetchTokenWithScope(scope)
return GrpcMetadata {
append("Authorization", "Bearer $token")
}
}
}Combining Credentials
Credentials can be combined using the plus operator or combine function:
val credentials = TlsClientCredentials(...) + BearerTokenCredentials("my-token")Transport Security
By default, call credentials require transport security (TLS) to prevent credential leakage. Override requiresTransportSecurity to false only for testing or non-production environments.