Part 1: Defining the GRPC scheme

In this post, I’ll explain how to develop an authentication API in Rust using the gRPC protocol. The authentication will be based on JWT tokens, and we’ll also create a docker file to deploy the application in a docker container. Lastly, I’ll provide i…


This content originally appeared on DEV Community and was authored by Neeraj Sharma

In this post, I'll explain how to develop an authentication API in Rust using the gRPC protocol. The authentication will be based on JWT tokens, and we'll also create a docker file to deploy the application in a docker container. Lastly, I'll provide instructions on how to deploy the app.

How to follow this guide

  • I will use the full pathname for each file I create, relative to the root of the project /, for example, /src/main.rs.

  • I will use append path-to-symbol to describe I am writing new content in a file/module/etc. for example:

    append /proto/auth.proto/MyService describe I am writing a new rpc method in the MyService service.

    rpc MyMethod(MyRequest) returns (MyResponse);
    
  • create /path/to/filename.ext : describe I am creating a new file with name filename and extension ext.

Features

  • User Registration
  • User login
  • Password reset/FORGOT password
  • OTP verification
  • Password Hashing with salt

Crate a new project and open it in vs code editor

cargo new auth_api && cd auth_api && code . 

Defining the GRPC scheme for the API

create /proto/auth.proto
append /proto/auth.proto

syntax = "proto3";
package tutorial.api.auth;

service AuthService {
}

Methods to create new account

I will break down the account creation into three methods

  1. User sends a request to initiate the new user account signup.
  2. User sends the OTP to verify the email.
  3. User creates the account with the username, password and other details such as full name gender, birth date, etc.

Let's start with the first method:

First, we need to define the RequestCreateAccount method to initiate the new user account signup.

append /proto/auth.proto/AuthService

rpc RequestCreateAccount(RequestCreateAccountParams) returns (RequestCreateAccountResponse);

Let's define the request and response message body for this method

append /proto/auth.proto


message RequestCreateAccountParams { 
    string email_id = 1;
}

message RequestCreateAccountResponse { 
    bool success = 1;
    string message = 2;
    string token = 3;
}

Following describes the success response message for the RequestCreateAccount method

{
    "success": true,
    "message": "Otp was sent to your email",
    "token": {
        // issuer
        "iss": "auth_api",
        // subject
        "sub": "<email_id>",
        // this token should be short lived may be 2 minutes
        "exp": <epoch-time>,
        // issued at
        "iat": <epoch-time>,
        // requested permissions this would be granted by the VerifyOtp method
        "req_perms": ["CreateAccount"]
    }
} 

This account creation flow make sure that the user is using his valid email id to create an account.
we can also use phone number for this, but for now, let's keep it simple.

Next define the VerifyOtp method to verify the email and grant the requested permissions defined in the input token.

append /proto/auth.proto/AuthService

rpc VerifyOtp(VerifyOtpParams) returns (VerifyOtpResponse);

Let's define the request and response message body for this method

append /proto/auth.proto


message VerifyOtpParams { 
    string token = 1;
    string otp = 2;
}

message VerifyOtpResponse { 
    bool success = 1;
    string message = 2;
    string token = 3;
}

Following describes the success response message for the VerifyOtp method

{
    "success": true,
    "message": "Your email is verified",
        "token":  { 
        // issuer
        "iss": "auth_api",
        // subject
        "sub": "<email_id>",
        // this token should be short lived may be 2 minutes 
        "exp": <epoch-time>,
        // issued at
        "iat": <epoch-time>,

        // permissions granted to the user
        "perms": ["CreateAccount"]
    }
}

This method will be used to grant the permissions asked in req_perms claim of the input token.
Actully this mutate the token with perms claim. And return it to the client user.

Next create a CreateAccount method to create the user account with the username, password and other details.

append /proto/auth.proto/AuthService

rpc CreateAccount(CreateAccountParams) returns (CreateAccountResponse);

let's define the request and response message body for this method

append /proto/auth.proto


message CreateAccountParams { 
    string username = 1;
    string password = 2;
    // other details
    string full_name = 3;
    Gender gender = 4;
    string birth_date = 5;
}

message CreateAccountResponse { 
    bool success = 1;
    string message = 2;
    string session_token = 3;
    User user = 4;
}

message User {
    string username = 1;
    string email = 2;
    string full_name = 3;
    Gender gender = 4;
    string birth_date = 5;
}

enum Gender {
    MALE = 0;
    FEMALE = 1;
    OTHER = 2;
}

Following describes the success response message for the CreateAccount method

{
    "success": true,
    "message": "Account created successfully",
    "session_token": {
        "iss": "auth_api",
        "sub": "<username>",
        "exp": <epoch-time>,
        "iat": <epoch-time>,
        "perms": ["ApiAccess"]
    }, 
    "user": {
        "username": "<username>",
        "email": "<email>",
        "full_name": "<full_name>",
        "gender": "<gender>",
        "birth_date": "<birth_date>"
    }
}

Now we have created all the methods for creating a new account.

Methods to login to the account

Next, we need to define the Login method to login to the account.
User can use either their email or username to login to their account.

First, we need to define the Login method to login to the account.

append /proto/auth.proto/AuthService

rpc Login(LoginParams) returns (LoginResponse);

Let's define the request and response message body for this method

append /proto/auth.proto


message LoginParams { 
    string email_or_username = 1;
    string password = 2;
}
message LoginResponse { 
    bool success = 1;
    string message = 2;
    string session_token = 3;
    User user = 4;
}

Success response would have a session token as follows

{
    "success": true,
    "message": "Login successful",
    "session_token": {
        "iss": "auth_api",
        "sub": "<username>",
        "exp": <epoch-time>,
        "iat": <epoch-time>,
        "perms": ["Session"]
    }, 
    "user": {
        "username": "<username>",
        "email": "<email>",
        "full_name": "<full_name>",
        "gender": "<gender>",
        "birth_date": "<birth_date>"
    }
}

Methods to reset the user password

First I will define the InitiateResetPassword method to initiate the password reset process.
This method will accept the email id and send a password reset token to the user's email id.
Also, server will send a otp code to the user's email id.

append /proto/auth.proto/AuthService

rpc InitiateResetPassword(InitiateResetPasswordParams) returns (InitiateResetPasswordResponse);

Let's define the parameters and response message body for this method

append /proto/auth.proto


message InitiateResetPasswordParams { 
    string email_id = 1;
}

message InitiateResetPasswordResponse { 
    bool success = 1;
    string message = 2;
    string token = 3;
}

A success response for the InitiateResetPassword method will have a password reset token as follows

{
    "success": true,
    "message": "Password reset token sent to your email",
    "token":  { 
        "iss": "auth_api",
        "sub": "<email_id>",
        "exp": <epoch-time>,
        "iat": <epoch-time>,
        "req_perms": ["ResetPassword"]
    }
}

the req_perms claim in the token describes that the user will be granted the permission to reset the password after giving right otp code to the VerifyOtp method. We already have VerifyOtp method in the previous section.

Let's define the ResetPassword method to reset the user password.
ResetPassword method will accept the password reset token and the new password.

append /proto/auth.proto/AuthService

rpc ResetPassword(ResetPasswordParams) returns (ResetPasswordResponse);

Let's define the parameters and response message body for this method

append /proto/auth.proto


message ResetPasswordParams { 
    string token = 1;
    string new_password = 2;
}

message ResetPasswordResponse { 
    bool success = 1;
    string message = 2;
}

A success response for the ResetPassword method will have a message as follows

{
    "success": true,
    "message": "Password reset successful"
}

Conclusion

We have defined the GRPC scheme for the authentication API. For now it supports create account, login, reset password in case if the user forgot their password. This also includes the OTP verification to make sure the user is using the valid email id.

In the next part, we will start coding the API in Rust.
See you in the next part.
Bye.


This content originally appeared on DEV Community and was authored by Neeraj Sharma


Print Share Comment Cite Upload Translate Updates
APA

Neeraj Sharma | Sciencx (2024-09-03T00:00:00+00:00) Part 1: Defining the GRPC scheme. Retrieved from https://www.scien.cx/2024/09/03/part-1-defining-the-grpc-scheme/

MLA
" » Part 1: Defining the GRPC scheme." Neeraj Sharma | Sciencx - Tuesday September 3, 2024, https://www.scien.cx/2024/09/03/part-1-defining-the-grpc-scheme/
HARVARD
Neeraj Sharma | Sciencx Tuesday September 3, 2024 » Part 1: Defining the GRPC scheme., viewed ,<https://www.scien.cx/2024/09/03/part-1-defining-the-grpc-scheme/>
VANCOUVER
Neeraj Sharma | Sciencx - » Part 1: Defining the GRPC scheme. [Internet]. [Accessed ]. Available from: https://www.scien.cx/2024/09/03/part-1-defining-the-grpc-scheme/
CHICAGO
" » Part 1: Defining the GRPC scheme." Neeraj Sharma | Sciencx - Accessed . https://www.scien.cx/2024/09/03/part-1-defining-the-grpc-scheme/
IEEE
" » Part 1: Defining the GRPC scheme." Neeraj Sharma | Sciencx [Online]. Available: https://www.scien.cx/2024/09/03/part-1-defining-the-grpc-scheme/. [Accessed: ]
rf:citation
» Part 1: Defining the GRPC scheme | Neeraj Sharma | Sciencx | https://www.scien.cx/2024/09/03/part-1-defining-the-grpc-scheme/ |

Please log in to upload a file.




There are no updates yet.
Click the Upload button above to add an update.

You must be logged in to translate posts. Please log in or register.