[Question] Auth middleware example

[hotrush]

Hello, checking auth middleware example (https://github.com/grpc-ecosystem/go-grpc-middleware/tree/master/auth#L36) and have several questions:

• what does this line do? grpc_ctxtags.Extract(ctx).Set("auth.sub", userClaimFromToken(tokenInfo))
• also // WARNING: in production define your own type to avoid context collisions - do you suggest to define custom context type? but why? as i know it is a bad practice

[bwplotka]

Hey,

1. Adding token information to tags, so e.g. logger will use this info as field (if you add logging interceptor). Here is better example in upcoming v2 (https://github.com/grpc-ecosystem/go-grpc-middleware/blob/v2/interceptors/auth/examples_test.go#L41)
2. This if you want further interceptors OR gRPC service code to use certain information about that token (e.g often it's needed to communicate with downstream services or so). From interceptor the only "request" state is through context, thus you need to create your own context key in some form. What exactly is bad practice? If you mean using context keys - I agree, but there is nothing better to put some state to the context.

[Multiply]

Using v2, if the auth interceptor is added after the logging interceptor, no auth.sub is available in the default grpc server logs.
When adding auth first, no logs will show if the auth function fails.

Wouldn't it make sense if PostCall somehow had access to the context of previous handlers/middlewares?