At Auth0 we’re responsible for responding to a large volume of queries within a relatively small period of time. For each API call that’s made we must perform a variety of tasks: authentication, rate limiting, data access, payload validation, and external API calls to name a few.
Hitting target response metrics while performing all of these calls requires a fair amount of thought with regard to service design. As part of a recent feature introduction, we added a new call into our authentication flow. Given the criticality of this flow, we needed to assure that the new functionality had minimal impact on response times and success rates.
During discovery, we analyzed what technologies would be the most effective in transforming and persisting our data, performing application logic, and what would be the most effective transport for the service.
When starting off with an API, it’s easy to go with defaults: HTTP/1.x and JSON, and these are entirely reasonable selections. HTTP is a well supported, tooled and observable protocol, and JSON is presently the de-facto standard for transferring payloads between services on the internet.
During the initial research of our new project, we looked into different technologies to see which fit our needs best. One of the technologies we looked into was gRPC, because of promising results we'd heard from our peers on how gRPC could provide the performance that we required for our use case.
In this post, we are going to take a quick look on how to get a gRPC service up and running using the Mali framework while explaining some of the engineering principles, technology, and goals behind the gRPC system. Let's get started.
What Is GRPC?
gRPC is a framework originally created by Google for internal use but has since been open sourced. It leverages an HTTP/2 transport, and Protocol Buffers as its service definition language (these are defaults, and can be changed).
One of the key characteristics of gRPC is that it supports a compressed, full duplex stream over HTTP2. As denoted by Google, HTTP2 was designed to enable a more efficient use of network resources and reduce latency by introducing header field compression and allowing multiple concurrent exchanges on the same connection. Once a client is connected to a server, either side is free to send and receive messages at will. This always-connected, full-duplex connection is ideal for our service, as it allows the calling service to utilize a pre-established stream to call into the downstream service without delay.
Read What is HTTP/2 All About? for more details on HTTP2.
Services are defined in a definition language called Protocol Buffers. Google defines Protocol Buffers as "language-neutral, platform-neutral, extensible mechanism for serializing structured data". They are positioned as a smaller, faster, and simpler version of XML. Protocol Buffers allows for strongly typed services (endpoints), messages (payloads) and fields (properties). These definitions enable messages to be marshaled in binary format over an existing connection very effectively and allow the consumer of the message to reduce the guesswork when unmarshalling them.
In contrast, HTTP is more oriented for request/response pairs. What is more significant than HTTP is the overhead of JSON. When comparing a well-structured message to a message whose format is undefined there are significant performance improvements.
Why Should You Use It?
It’s important to call out that we’re not suggesting gRPC in all of your services or even any of them. However, when performance is absolutely critical, and you have the ability to influence the service implementation, consumption, and infrastructure then gRPC is something you may want to look into.
Setting Up a GRPC App Using Node
First, we’re going to get our project configured:
mkdir grpc-demo cd $_ && npm init -y npm i "grpc"@"^1.15.1" "mali"@"^0.9.1" "@grpc/proto-loader"@"~0.3.0" # Initialize project
This command creates a directory for our project, initializes NPM, and installs the packages that we’ll be using:
- grpc: Node.js gRPC library.
- mali: A minimalistic gRPC microservice framework.
- @grpc/proto-loader: A utility package for loading
files for use with gRPC, using the latest Protobuf.js package..proto
To facilitate the implementation of gRPC service, we are going to use the Mali gRPC microservice framework as it offers the following benefits:
- It is designed to use modern JavaScript asynchronous constructors such as Promises and
/async
.await - It supports header, trailer, status, and error metadata.
- The minimal core of Mali can be extended to add features by composing and cascading middleware.
- Just a few lines of code give you a fully operational server.
“Learn how to set up a gRPC server in Node using the Mali framework.”
Tweet This
Service Definition
Our server will consume a
.protoprotos/hello.protomkdir protos touch protos/hello.proto
Populate the
hello.protosyntax = "proto3"; service Hello { rpc Echo (EchoRequest) returns (EchoResponse) {}; } message EchoRequest { string message = 1; } message EchoResponse { string message = 1; int32 timestamp = 2; }
Let's understand what's happening in this
.protohello.protoLet's break down what's happening in this file.
syntax = "proto3";
This line defines the syntax that the file is using. There are multiple versions of Protocol Buffer syntax. This syntax uses the latest version available at the time of writing.
service Hello { rpc Echo (EchoRequest) returns (EchoResponse) {}; }
This section defines a
serviceThis example only exposes the
EchoEchoRequestEchoResponseUnarymessage EchoRequest { string message = 1; } message EchoResponse { string message = 1; int32 timestamp = 2; }
EchoRequestmessagemessage1EchoResponsemessagetimestamp1EchoRequesttimestampWith our service in place, we are now ready to implement our server.
Server Implementation
Inside of our new directory, we'll create a file called
server.js// server.js const path = require("path"); const Mali = require("mali"); // Defines the path to a proto file that will hold the service definition const PROTO_PATH = path.resolve(__dirname, "./protos/hello.proto"); /** * Handler for the Echo RPC. * @param {object} ctx The request context provided by Mali. * @returns {Promise<void>} */ const echo = async ctx => { // Log that we received the request console.log("Received request."); // Set the response on the context ctx.res = { // Define the message, and time message: ctx.request.req.message, timestamp: Date.now() }; }; /** * Define the main entry point for the application. * From here, we stand up the server and do some light logging. */ const main = () => { /** * Create a new instance of the Mali server. * We pass in the path to our Protocol Buffer definition, * and provide a friendly name for the service. * @type {Mali} */ const app = new Mali(PROTO_PATH, "Hello", { // These are gRPC native options that Mali passes down // to the underlying gRPC loader. defaults: true }); // Create a listener for the Echo RPC using the echo function // as the handler. app.use({ echo }); // Start listening on localhost app.start("127.0.0.1:50051"); // Log out that we're listening and ready for connections console.log("Listening..."); }; // Start the service and listen for connections main();
This file is a very simple gRPC server that is implemented by using the Mali framework. Mali provides a way to implement gRPC services in a very simple way, in a design that's similar to how Koa handles HTTP services.
After our
requireproto// server.js const path = require("path"); const Mali = require("mali"); // Defines the path to a proto file that will hold the service definition const PROTO_PATH = path.resolve(__dirname, "./protos/hello.proto");
Next, we create a function called
echoctxctxrequestctx.request.req.<field name>// require's... // PROTO_PATH ... const echo = async ctx => { // Log that we received the request console.log("Received request."); // Set the response on the context ctx.res = { // Define the message, and time message: ctx.request.req.message, timestamp: Date.now() }; };
In our implementation of
echoctx.request.req.messagectx.res.messagetimestampDate.now()There's no need to return from the
echoctx.resWe use the
mainMali// require's... // PROTO_PATH ... // echo function definition const main = () => { const app = new Mali(PROTO_PATH, "Hello", { defaults: true }); };
All options for the loader are defined within the gRPC Protobuf Loader document.
We then tell Mali to use the
echouse()// require's... // PROTO_PATH ... // echo function definition const main = () => { // app... app.use({ echo }); };
Using JavaScript object shorthand,
app.use({ echo });echo()echoechoIn contrast to the REST architecture style, within the gRPC architecture style, there is no concept of "endpoint methods" such as
orGET. Instead, we'd use descriptive RPC names such asPOST,getUser, orcreateUser.updateUser
As a last step within the
main50051// require's... // PROTO_PATH ... // echo function definition const main = () => { // app... // handler mapping ... app.start("127.0.0.1:50051"); console.log("Listening..."); };
Finally, we need to call our
main()// require's... // PROTO_PATH ... // echo function definition // main main();
To run the server, we don't need to create an NPM script within
package.jsonmainserver.jspackage.json{ "name": "grpc-demo", "version": "1.0.0", "description": "", "main": "server.js", "scripts": { "test": "echo \"Error: no test specified\" && exit 1" }, "keywords": [], "author": "", "license": "ISC", "dependencies": { "@grpc/proto-loader": "^0.3.0", "grpc": "^1.17.0", "mali": "^0.9.2" } }
That's it. We're now able to start listening for service requests. Let's learn next how to run the server and make API calls.
Calling the API
At this point, we have enough to begin calling our
EchoTo do this easily, we'll use
, a flexible command-line client for any gRPC server designed to test APIs quickly without much setup. grpcc
grpccnpxInstalling grpcc
grpccgrpccGlobal Installation
To install the client globally, run the command:
npm i -g grpcc # Global installation
Local Installation
Run the following command:
npm i -D grpcc # Local installation
is the short form of theicommand.installis the short form of the-Dflag that saves the packages as--save-dev.devDependencies
With a local installation, you'd need to create an NPM script within
package.jsonNPX
As an alternative, we can use
npxgrpccnpxnpmv5.2node_modules/.binnpx grpccgrpccLearn more about everything you can do with
.npx
Running the Server
To run the server, open a terminal window and, from the project directory, execute the following command:
npm start
Node will automatically run
server.jsListening...Calling the Service RPC Endpoint
Follow one of the following steps depending on your chosen
grpccGlobal Installation
In another terminal, again from the project directory, run the following command:
grpcc -i -p protos/hello.proto -a 127.0.0.1:50051 # Running grpcc using the global install
Local Installation
Open
package.jsoncall{ "name": "grpc-demo", "version": "1.0.0", "description": "", "main": "server.js", "scripts": { "test": "echo \"Error: no test specified\" && exit 1", "call": "grpcc -i -p protos/hello.proto -a 127.0.0.1:50051" }, "keywords": [], "author": "", "license": "ISC", "dependencies": { "@grpc/proto-loader": "^0.3.0", "grpc": "^1.17.0", "mali": "^0.9.2" }, "devDependencies": { "grpcc": "^1.1.3" } }
In another terminal, again from the project directory, run the following command:
npm run call # Running grpcc using the local install
npx
Installation
npxIn another terminal, again from the project directory, run the following command:
npx grpcc -i -p protos/hello.proto -a 127.0.0.1:50051 # Use npx to pull grpcc from the NPM cloud
Using the grpcc
Client
grpccLet's breakdown the flags that are being used with the
grpcc
stands up an insecure client (we need this because our service is listening insecurely).-i
is the path to the proto definition.-p
specifies the address to the host and port that the service is listening on.-a
Running
grpccreplThe REPL will give you
as the CLI prompt.Hello@127.0.0.1:50051>
Within the REPL environment, run the following statement:
client.echo({message:"Hello"}, printReply)
The statement we provide to
grpccclientclientHelloclientechoThe first argument of the
echoEchoRequestmessageEchoRequestprintReplygrpccIf everything worked correctly, you should see this output from
grpcc{ "message": "Hello", "timestamp": "1546892703355" }
Here, we see the response provided by our server. Just like we expected, we can see the two fields that we defined within
EchoResponsemessagetimestamptimestampmessage“grpcc is a handy package that lets you easily test gRPC endpoints. Learn how to use it here.”
Tweet This
Conclusion
At Auth0, one of our core values is learning. We often refer to this value as
N + 1 > NAs such, we'll continue experimenting with technologies such as gRPC, to find out the best tool for the job. Right now, we are in need of responding to a massive volume of queries in a short time. We'll be using benchmarks to measure tool performance and analyzing the cost of migration of any tool that requires to shift from our existing architecture. That's another part of our values: we run data-driven experiments to gain insights and make informed decisions.
We'll see if our innovation projects lead us to integrate gRPC as part of our architecture. Stay tuned for more engineering insights from our team and future updates through this blog.
About Auth0
Auth0 by Okta takes a modern approach to customer identity and enables organizations to provide secure access to any application, for any user. Auth0 is a highly customizable platform that is as simple as development teams want, and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visit https://auth0.com.
About the author
Tim Ferrell
Engineer