Back to Examples
- Binding patterns
- Typed binding pattern
- Wildcard binding pattern
- List binding patterns
- Rest binding pattern in list binding pattern
- Mapping binding pattern
- Rest binding pattern in mapping binding pattern
- Error binding pattern
- Rest binding pattern in error binding pattern
- Single use of typed binding patterns
- Single use of typed binding patterns with on fail clause
- Iterative use of typed binding patterns
- List binding pattern in match statement
- Mapping binding pattern in match statement
- Error binding pattern in match statement
- Query expressions
- Sort iterable objects
- Let clause
- Limit clause
- Join iterable objects
- Outer Join clause
- Query tables
- Create tables with a query
- Create maps with a query
- Create streams with a query
- On conflict clause
- Advanced conflict handling
- Iterate over XML with a query
- Nested query expressions
- Destructure records using a query
- Querying streams
- Aggregation
- JSON type
- Access JSON elements
- Access optional JSON elements
- Match statement with maps
- Convert from user-defined type to JSON
- Convert from table and XML to JSON
- Convert from JSON to user-defined type
- Cast JSON to user-defined type
- Resource method typing
- JSON numbers
- JSON to record
- JSON to record with projection
- JSONPath expressions
- Asynchronous function calls
- Named workers
- Sequence diagrams
- Wait for workers
- Strands
- Named worker return values
- Alternate wait
- Multiple wait
- Named workers and futures
- Inter-worker message passing
- Alternate receive
- Multiple receive
- Conditional send
- Inter-worker failure propagation
- Named worker with on fail clause
- Synchronize message passing
- Asynchronize message passing
- Flush
- Fork
gRPC service - OAuth2
A gRPC service can be secured with OAuth2 and additionally, scopes can be added to enforce fine-grained authorization. It validates the OAuth2 token sent in the Authorization metadata against the provided configurations. This calls the configured introspection endpoint to validate.
Ballerina uses the concept of scopes for authorization. The scope can be included in the introspection response using a custom claim attribute. That custom claim attribute also can be configured as the scopeKey. In the authorization phase, the scopes of the service are compared against the scope included in the introspection response for at least one match between the two sets.
import ballerina/grpc;
listener grpc:Listener securedEP = new (9090,
secureSocket = {
key: {
certFile: "../resource/path/to/public.crt",
keyFile: "../resource/path/to/private.key"
}
}
);
@grpc:ServiceConfig {
auth: [
{
oauth2IntrospectionConfig: {
url: "https://localhost:9445/oauth2/introspect",
tokenTypeHint: "access_token",
scopeKey: "scp",
clientConfig: {
customHeaders: {"Authorization": "Basic YWRtaW46YWRtaW4="},
secureSocket: {
cert: "../resource/path/to/public.crt"
}
}
},
scopes: ["admin"]
}
]
}
@grpc:Descriptor {
value: GRPC_SIMPLE_DESC
}
service "HelloWorld" on securedEP {
remote function hello(string request) returns string {
return "Hello " + request;
}
}
Setting up the service is the same as setting up the simple RPC service with additional configurations. For information on implementing the service, see gRPC service - Simple RPC.
Run the service by executing the command below.
$ bal run serviceTip: You can invoke the above service via the clients below.