This Go module implements a server-side gRPC interceptor designed for purpose-limiting data minimization, ensuring that only the necessary data as dictated by a JWT policy is exposed to service consumers. It dynamically modifies the gRPC response based on the permissions and data handling rules (allowed, generalized, noised, reduced) specified in the JWT claims. This approach enhances privacy by applying differential privacy techniques, generalizing, reducing, or suppressing fields as required. The interceptor leverages RSA public keys for JWT validation, ensuring secure and trustworthy communication.
To use this Go module run:
go get -u github.com/louisloechel/purpland add this imprt statement to yout Go file:
import (purposelimiter "github.com/louisloechel/purpl")The interceptor is called when starting a grpc Server & takes the path to the public key as an argument.
The public key is used to verify the signature of the token.
The token is expected to be a JWT in the metadata of the grpc request.
// path to public key
keyPath := "server/key.pem"
s := grpc.NewServer(
grpc.UnaryInterceptor(purposelimiter.UnaryServerInterceptor(keyPath)),
)For JWT generation use the purpl-jwt-go-rsa or purpl-jwt-go-ecdsa libraries.
-
purpl-examples: A simple example to quickly try out the interceptor.
-
purpl-pizza-boutique: A more complex use case using Google's Online Boutique microservice demo.