diff --git a/c_glib/arrow-flight-glib/server.cpp b/c_glib/arrow-flight-glib/server.cpp index 62fe912ec7c..0df710df6f3 100644 --- a/c_glib/arrow-flight-glib/server.cpp +++ b/c_glib/arrow-flight-glib/server.cpp @@ -258,6 +258,65 @@ gaflight_record_batch_stream_new(GArrowRecordBatchReader *reader, } +typedef struct GAFlightServerCallContextPrivate_ { + arrow::flight::ServerCallContext *call_context; +} GAFlightServerCallContextPrivate; + +enum { + PROP_CALL_CONTEXT = 1, +}; + +G_DEFINE_TYPE_WITH_PRIVATE(GAFlightServerCallContext, + gaflight_server_call_context, + G_TYPE_OBJECT) + +#define GAFLIGHT_SERVER_CALL_CONTEXT_GET_PRIVATE(obj) \ + static_cast( \ + gaflight_server_call_context_get_instance_private( \ + GAFLIGHT_SERVER_CALL_CONTEXT(obj))) + +static void +gaflight_server_call_context_set_property(GObject *object, + guint prop_id, + const GValue *value, + GParamSpec *pspec) +{ + auto priv = GAFLIGHT_SERVER_CALL_CONTEXT_GET_PRIVATE(object); + + switch (prop_id) { + case PROP_CALL_CONTEXT: + priv->call_context = + static_cast( + g_value_get_pointer(value)); + break; + default: + G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec); + break; + } +} + +static void +gaflight_server_call_context_init(GAFlightServerCallContext *object) +{ +} + +static void +gaflight_server_call_context_class_init(GAFlightServerCallContextClass *klass) +{ + auto gobject_class = G_OBJECT_CLASS(klass); + + gobject_class->set_property = gaflight_server_call_context_set_property; + + GParamSpec *spec; + spec = g_param_spec_pointer("call-context", + "Call context", + "The raw arrow::flight::ServerCallContext", + static_cast(G_PARAM_WRITABLE | + G_PARAM_CONSTRUCT_ONLY)); + g_object_class_install_property(gobject_class, PROP_CALL_CONTEXT, spec); +} + + struct GAFlightServerAuthSenderPrivate { arrow::flight::ServerAuthSender *sender; }; @@ -507,15 +566,18 @@ namespace gaflight { } arrow::Status - Authenticate(arrow::flight::ServerAuthSender *sender, + Authenticate(const arrow::flight::ServerCallContext &context, + arrow::flight::ServerAuthSender *sender, arrow::flight::ServerAuthReader *reader) override { auto klass = GAFLIGHT_SERVER_CUSTOM_AUTH_HANDLER_GET_CLASS(handler_); - auto gsender = gaflight_server_auth_sender_new_raw(sender); - auto greader = gaflight_server_auth_reader_new_raw(reader); + auto gacontext = gaflight_server_call_context_new_raw(&context); + auto gasender = gaflight_server_auth_sender_new_raw(sender); + auto gareader = gaflight_server_auth_reader_new_raw(reader); GError *error = nullptr; - klass->authenticate(handler_, gsender, greader, &error); - g_object_unref(greader); - g_object_unref(gsender); + klass->authenticate(handler_, gacontext, gasender, gareader, &error); + g_object_unref(gareader); + g_object_unref(gasender); + g_object_unref(gacontext); if (error) { return garrow_error_to_status(error, arrow::StatusCode::Invalid, @@ -527,14 +589,17 @@ namespace gaflight { } arrow::Status - IsValid(const std::string &token, + IsValid(const arrow::flight::ServerCallContext &context, + const std::string &token, std::string *peer_identity) override { auto klass = GAFLIGHT_SERVER_CUSTOM_AUTH_HANDLER_GET_CLASS(handler_); + auto gacontext = gaflight_server_call_context_new_raw(&context); auto gtoken = g_bytes_new_static(token.data(), token.size()); GBytes *gpeer_identity = nullptr; GError *error = nullptr; - klass->is_valid(handler_, gtoken, &gpeer_identity, &error); + klass->is_valid(handler_, gacontext, gtoken, &gpeer_identity, &error); g_bytes_unref(gtoken); + g_object_unref(gacontext); if (gpeer_identity) { gsize gpeer_identity_size; auto gpeer_identity_data = g_bytes_get_data(gpeer_identity, @@ -580,6 +645,7 @@ gaflight_server_custom_auth_handler_class_init( /** * gaflight_server_custom_auth_handler_authenticate: * @handler: A #GAFlightServerCustomAuthHandler. + * @context: A #GAFlightServerCallContext. * @sender: A #GAFlightServerAuthSender. * @reader: A #GAFlightServerAuthReader. * @error: (nullable): Return location for a #GError or %NULL. @@ -592,6 +658,7 @@ gaflight_server_custom_auth_handler_class_init( void gaflight_server_custom_auth_handler_authenticate( GAFlightServerCustomAuthHandler *handler, + GAFlightServerCallContext *context, GAFlightServerAuthSender *sender, GAFlightServerAuthReader *reader, GError **error) @@ -599,9 +666,12 @@ gaflight_server_custom_auth_handler_authenticate( auto flight_handler = gaflight_server_auth_handler_get_raw( GAFLIGHT_SERVER_AUTH_HANDLER(handler)); + auto flight_context = gaflight_server_call_context_get_raw(context); auto flight_sender = gaflight_server_auth_sender_get_raw(sender); auto flight_reader = gaflight_server_auth_reader_get_raw(reader); - auto status = flight_handler->Authenticate(flight_sender, flight_reader); + auto status = flight_handler->Authenticate(*flight_context, + flight_sender, + flight_reader); garrow::check(error, status, "[flight-server-custom-auth-handler][authenticate]"); @@ -610,6 +680,7 @@ gaflight_server_custom_auth_handler_authenticate( /** * gaflight_server_custom_auth_handler_is_valid: * @handler: A #GAFlightServerCustomAuthHandler. + * @context: A #GAFlightServerCallContext. * @token: The client token. May be the empty string if the client does not * provide a token. * @peer_identity: (out): The identity of the peer, if this authentication @@ -623,6 +694,7 @@ gaflight_server_custom_auth_handler_authenticate( void gaflight_server_custom_auth_handler_is_valid( GAFlightServerCustomAuthHandler *handler, + GAFlightServerCallContext *context, GBytes *token, GBytes **peer_identity, GError **error) @@ -632,9 +704,12 @@ gaflight_server_custom_auth_handler_is_valid( GAFLIGHT_SERVER_AUTH_HANDLER(handler)); gsize token_size; auto token_data = g_bytes_get_data(token, &token_size); + auto flight_context = gaflight_server_call_context_get_raw(context); std::string flight_token(static_cast(token_data), token_size); std::string flight_peer_identity; - auto status = flight_handler->IsValid(flight_token, &flight_peer_identity); + auto status = flight_handler->IsValid(*flight_context, + flight_token, + &flight_peer_identity); if (garrow::check(error, status, "[flight-server-custom-auth-handler]" @@ -815,65 +890,6 @@ gaflight_server_options_new(GAFlightLocation *location) } -typedef struct GAFlightServerCallContextPrivate_ { - arrow::flight::ServerCallContext *call_context; -} GAFlightServerCallContextPrivate; - -enum { - PROP_CALL_CONTEXT = 1, -}; - -G_DEFINE_TYPE_WITH_PRIVATE(GAFlightServerCallContext, - gaflight_server_call_context, - G_TYPE_OBJECT) - -#define GAFLIGHT_SERVER_CALL_CONTEXT_GET_PRIVATE(obj) \ - static_cast( \ - gaflight_server_call_context_get_instance_private( \ - GAFLIGHT_SERVER_CALL_CONTEXT(obj))) - -static void -gaflight_server_call_context_set_property(GObject *object, - guint prop_id, - const GValue *value, - GParamSpec *pspec) -{ - auto priv = GAFLIGHT_SERVER_CALL_CONTEXT_GET_PRIVATE(object); - - switch (prop_id) { - case PROP_CALL_CONTEXT: - priv->call_context = - static_cast( - g_value_get_pointer(value)); - break; - default: - G_OBJECT_WARN_INVALID_PROPERTY_ID(object, prop_id, pspec); - break; - } -} - -static void -gaflight_server_call_context_init(GAFlightServerCallContext *object) -{ -} - -static void -gaflight_server_call_context_class_init(GAFlightServerCallContextClass *klass) -{ - auto gobject_class = G_OBJECT_CLASS(klass); - - gobject_class->set_property = gaflight_server_call_context_set_property; - - GParamSpec *spec; - spec = g_param_spec_pointer("call-context", - "Call context", - "The raw arrow::flight::ServerCallContext", - static_cast(G_PARAM_WRITABLE | - G_PARAM_CONSTRUCT_ONLY)); - g_object_class_install_property(gobject_class, PROP_CALL_CONTEXT, spec); -} - - G_DEFINE_INTERFACE(GAFlightServable, gaflight_servable, G_TYPE_OBJECT) @@ -1199,6 +1215,23 @@ gaflight_data_stream_get_raw(GAFlightDataStream *stream) return priv->stream; } +GAFlightServerCallContext * +gaflight_server_call_context_new_raw( + const arrow::flight::ServerCallContext *flight_call_context) +{ + return GAFLIGHT_SERVER_CALL_CONTEXT( + g_object_new(GAFLIGHT_TYPE_SERVER_CALL_CONTEXT, + "call-context", flight_call_context, + NULL)); +} + +const arrow::flight::ServerCallContext * +gaflight_server_call_context_get_raw(GAFlightServerCallContext *call_context) +{ + auto priv = GAFLIGHT_SERVER_CALL_CONTEXT_GET_PRIVATE(call_context); + return priv->call_context; +} + GAFlightServerAuthSender * gaflight_server_auth_sender_new_raw( arrow::flight::ServerAuthSender *flight_sender) @@ -1247,16 +1280,6 @@ gaflight_server_options_get_raw(GAFlightServerOptions *options) return &(priv->options); } -GAFlightServerCallContext * -gaflight_server_call_context_new_raw( - const arrow::flight::ServerCallContext *call_context) -{ - return GAFLIGHT_SERVER_CALL_CONTEXT( - g_object_new(GAFLIGHT_TYPE_SERVER_CALL_CONTEXT, - "call-context", call_context, - NULL)); -} - arrow::flight::FlightServerBase * gaflight_servable_get_raw(GAFlightServable *servable) { diff --git a/c_glib/arrow-flight-glib/server.h b/c_glib/arrow-flight-glib/server.h index 7218c8a69a1..3ad93d05d28 100644 --- a/c_glib/arrow-flight-glib/server.h +++ b/c_glib/arrow-flight-glib/server.h @@ -55,6 +55,19 @@ gaflight_record_batch_stream_new(GArrowRecordBatchReader *reader, GArrowWriteOptions *options); +#define GAFLIGHT_TYPE_SERVER_CALL_CONTEXT \ + (gaflight_server_call_context_get_type()) +G_DECLARE_DERIVABLE_TYPE(GAFlightServerCallContext, + gaflight_server_call_context, + GAFLIGHT, + SERVER_CALL_CONTEXT, + GObject) +struct _GAFlightServerCallContextClass +{ + GObjectClass parent_class; +}; + + #define GAFLIGHT_TYPE_SERVER_AUTH_SENDER \ (gaflight_server_auth_sender_get_type()) G_DECLARE_DERIVABLE_TYPE(GAFlightServerAuthSender, @@ -124,10 +137,12 @@ struct _GAFlightServerCustomAuthHandlerClass GAFlightServerAuthHandlerClass parent_class; void (*authenticate)(GAFlightServerCustomAuthHandler *handler, + GAFlightServerCallContext *context, GAFlightServerAuthSender *sender, GAFlightServerAuthReader *reader, GError **error); void (*is_valid)(GAFlightServerCustomAuthHandler *handler, + GAFlightServerCallContext *context, GBytes *token, GBytes **peer_identity, GError **error); @@ -137,6 +152,7 @@ GARROW_AVAILABLE_IN_12_0 void gaflight_server_custom_auth_handler_authenticate( GAFlightServerCustomAuthHandler *handler, + GAFlightServerCallContext *context, GAFlightServerAuthSender *sender, GAFlightServerAuthReader *reader, GError **error); @@ -145,6 +161,7 @@ GARROW_AVAILABLE_IN_12_0 void gaflight_server_custom_auth_handler_is_valid( GAFlightServerCustomAuthHandler *handler, + GAFlightServerCallContext *context, GBytes *token, GBytes **peer_identity, GError **error); @@ -166,19 +183,6 @@ GAFlightServerOptions * gaflight_server_options_new(GAFlightLocation *location); -#define GAFLIGHT_TYPE_SERVER_CALL_CONTEXT \ - (gaflight_server_call_context_get_type()) -G_DECLARE_DERIVABLE_TYPE(GAFlightServerCallContext, - gaflight_server_call_context, - GAFLIGHT, - SERVER_CALL_CONTEXT, - GObject) -struct _GAFlightServerCallContextClass -{ - GObjectClass parent_class; -}; - - #define GAFLIGHT_TYPE_SERVABLE (gaflight_servable_get_type()) G_DECLARE_INTERFACE(GAFlightServable, gaflight_servable, diff --git a/c_glib/arrow-flight-glib/server.hpp b/c_glib/arrow-flight-glib/server.hpp index 4c70437da89..4cd9b4cf344 100644 --- a/c_glib/arrow-flight-glib/server.hpp +++ b/c_glib/arrow-flight-glib/server.hpp @@ -27,6 +27,12 @@ arrow::flight::FlightDataStream * gaflight_data_stream_get_raw(GAFlightDataStream *stream); +GAFlightServerCallContext * +gaflight_server_call_context_new_raw( + const arrow::flight::ServerCallContext *flight_call_context); +const arrow::flight::ServerCallContext * +gaflight_server_call_context_get_raw(GAFlightServerCallContext *call_context); + GAFlightServerAuthSender * gaflight_server_auth_sender_new_raw( arrow::flight::ServerAuthSender *flight_sender); @@ -45,10 +51,6 @@ gaflight_server_auth_handler_get_raw(GAFlightServerAuthHandler *handler); arrow::flight::FlightServerOptions * gaflight_server_options_get_raw(GAFlightServerOptions *options); -GAFlightServerCallContext * -gaflight_server_call_context_new_raw( - const arrow::flight::ServerCallContext *flight_context); - struct _GAFlightServableInterface { diff --git a/c_glib/test/helper/flight-server.rb b/c_glib/test/helper/flight-server.rb index 3aa8f4dc219..8c47029d417 100644 --- a/c_glib/test/helper/flight-server.rb +++ b/c_glib/test/helper/flight-server.rb @@ -22,11 +22,11 @@ class FlightAuthHandler < ArrowFlight::ServerCustomAuthHandler type_register private - def virtual_do_authenticate(sender, reader) + def virtual_do_authenticate(context, sender, reader) true end - def virtual_do_is_valid(token) + def virtual_do_is_valid(context, token) "identity" end end diff --git a/cpp/src/arrow/flight/server_auth.cc b/cpp/src/arrow/flight/server_auth.cc index ae03c3d45e8..f7de79cfd7d 100644 --- a/cpp/src/arrow/flight/server_auth.cc +++ b/cpp/src/arrow/flight/server_auth.cc @@ -23,12 +23,14 @@ namespace flight { ServerAuthHandler::~ServerAuthHandler() {} NoOpAuthHandler::~NoOpAuthHandler() {} -Status NoOpAuthHandler::Authenticate(ServerAuthSender* outgoing, +Status NoOpAuthHandler::Authenticate(const ServerCallContext& context, + ServerAuthSender* outgoing, ServerAuthReader* incoming) { return Status::OK(); } -Status NoOpAuthHandler::IsValid(const std::string& token, std::string* peer_identity) { +Status NoOpAuthHandler::IsValid(const ServerCallContext& context, + const std::string& token, std::string* peer_identity) { *peer_identity = ""; return Status::OK(); } diff --git a/cpp/src/arrow/flight/server_auth.h b/cpp/src/arrow/flight/server_auth.h index b1ccb096d7b..3d4787c0c71 100644 --- a/cpp/src/arrow/flight/server_auth.h +++ b/cpp/src/arrow/flight/server_auth.h @@ -28,6 +28,8 @@ namespace arrow { namespace flight { +class ServerCallContext; + /// \brief A reader for messages from the client during an /// authentication handshake. class ARROW_FLIGHT_EXPORT ServerAuthReader { @@ -55,7 +57,46 @@ class ARROW_FLIGHT_EXPORT ServerAuthHandler { virtual ~ServerAuthHandler(); /// \brief Authenticate the client on initial connection. The server /// can send and read responses from the client at any time. - virtual Status Authenticate(ServerAuthSender* outgoing, ServerAuthReader* incoming) = 0; + /// \param[in] context The call context. + /// \param[in] outgoing The writer for messages to the client. + /// \param[in] incoming The reader for messages from the client. + /// \return Status OK if this authentication is succeeded. + virtual Status Authenticate(const ServerCallContext& context, + ServerAuthSender* outgoing, ServerAuthReader* incoming) { + // TODO: We can make this pure virtual function when we remove + // the deprecated version. + ARROW_SUPPRESS_DEPRECATION_WARNING + return Authenticate(outgoing, incoming); + ARROW_UNSUPPRESS_DEPRECATION_WARNING + } + /// \brief Authenticate the client on initial connection. The server + /// can send and read responses from the client at any time. + /// \param[in] outgoing The writer for messages to the client. + /// \param[in] incoming The reader for messages from the client. + /// \return Status OK if this authentication is succeeded. + /// \deprecated Deprecated in 13.0.0. Implement the Authentication() + /// with ServerCallContext version instead. + ARROW_DEPRECATED("Deprecated in 13.0.0. Use ServerCallContext overload instead.") + virtual Status Authenticate(ServerAuthSender* outgoing, ServerAuthReader* incoming) { + return Status::NotImplemented(typeid(this).name(), + "::Authenticate() isn't implemented"); + } + /// \brief Validate a per-call client token. + /// \param[in] context The call context. + /// \param[in] token The client token. May be the empty string if + /// the client does not provide a token. + /// \param[out] peer_identity The identity of the peer, if this + /// authentication method supports it. + /// \return Status OK if the token is valid, any other status if + /// validation failed + virtual Status IsValid(const ServerCallContext& context, const std::string& token, + std::string* peer_identity) { + // TODO: We can make this pure virtual function when we remove + // the deprecated version. + ARROW_SUPPRESS_DEPRECATION_WARNING + return IsValid(token, peer_identity); + ARROW_UNSUPPRESS_DEPRECATION_WARNING + } /// \brief Validate a per-call client token. /// \param[in] token The client token. May be the empty string if /// the client does not provide a token. @@ -63,15 +104,22 @@ class ARROW_FLIGHT_EXPORT ServerAuthHandler { /// authentication method supports it. /// \return Status OK if the token is valid, any other status if /// validation failed - virtual Status IsValid(const std::string& token, std::string* peer_identity) = 0; + /// \deprecated Deprecated in 13.0.0. Implement the IsValid() + /// with ServerCallContext version instead. + ARROW_DEPRECATED("Deprecated in 13.0.0. Use ServerCallContext overload instead.") + virtual Status IsValid(const std::string& token, std::string* peer_identity) { + return Status::NotImplemented(typeid(this).name(), "::IsValid() isn't implemented"); + } }; /// \brief An authentication mechanism that does nothing. class ARROW_FLIGHT_EXPORT NoOpAuthHandler : public ServerAuthHandler { public: ~NoOpAuthHandler() override; - Status Authenticate(ServerAuthSender* outgoing, ServerAuthReader* incoming) override; - Status IsValid(const std::string& token, std::string* peer_identity) override; + Status Authenticate(const ServerCallContext& context, ServerAuthSender* outgoing, + ServerAuthReader* incoming) override; + Status IsValid(const ServerCallContext& context, const std::string& token, + std::string* peer_identity) override; }; } // namespace flight diff --git a/cpp/src/arrow/flight/test_util.cc b/cpp/src/arrow/flight/test_util.cc index 0d6c28b2968..c34a1caa0d7 100644 --- a/cpp/src/arrow/flight/test_util.cc +++ b/cpp/src/arrow/flight/test_util.cc @@ -686,7 +686,8 @@ TestServerAuthHandler::TestServerAuthHandler(const std::string& username, TestServerAuthHandler::~TestServerAuthHandler() {} -Status TestServerAuthHandler::Authenticate(ServerAuthSender* outgoing, +Status TestServerAuthHandler::Authenticate(const ServerCallContext& context, + ServerAuthSender* outgoing, ServerAuthReader* incoming) { std::string token; RETURN_NOT_OK(incoming->Read(&token)); @@ -697,7 +698,8 @@ Status TestServerAuthHandler::Authenticate(ServerAuthSender* outgoing, return Status::OK(); } -Status TestServerAuthHandler::IsValid(const std::string& token, +Status TestServerAuthHandler::IsValid(const ServerCallContext& context, + const std::string& token, std::string* peer_identity) { if (token != password_) { return MakeFlightError(FlightStatusCode::Unauthenticated, "Invalid token"); @@ -714,7 +716,8 @@ TestServerBasicAuthHandler::TestServerBasicAuthHandler(const std::string& userna TestServerBasicAuthHandler::~TestServerBasicAuthHandler() {} -Status TestServerBasicAuthHandler::Authenticate(ServerAuthSender* outgoing, +Status TestServerBasicAuthHandler::Authenticate(const ServerCallContext& context, + ServerAuthSender* outgoing, ServerAuthReader* incoming) { std::string token; RETURN_NOT_OK(incoming->Read(&token)); @@ -727,7 +730,8 @@ Status TestServerBasicAuthHandler::Authenticate(ServerAuthSender* outgoing, return Status::OK(); } -Status TestServerBasicAuthHandler::IsValid(const std::string& token, +Status TestServerBasicAuthHandler::IsValid(const ServerCallContext& context, + const std::string& token, std::string* peer_identity) { if (token != basic_auth_.username) { return MakeFlightError(FlightStatusCode::Unauthenticated, "Invalid token"); diff --git a/cpp/src/arrow/flight/test_util.h b/cpp/src/arrow/flight/test_util.h index 679e04fa1b1..96d2e2e3414 100644 --- a/cpp/src/arrow/flight/test_util.h +++ b/cpp/src/arrow/flight/test_util.h @@ -203,8 +203,10 @@ class ARROW_FLIGHT_EXPORT TestServerAuthHandler : public ServerAuthHandler { explicit TestServerAuthHandler(const std::string& username, const std::string& password); ~TestServerAuthHandler() override; - Status Authenticate(ServerAuthSender* outgoing, ServerAuthReader* incoming) override; - Status IsValid(const std::string& token, std::string* peer_identity) override; + Status Authenticate(const ServerCallContext& context, ServerAuthSender* outgoing, + ServerAuthReader* incoming) override; + Status IsValid(const ServerCallContext& context, const std::string& token, + std::string* peer_identity) override; private: std::string username_; @@ -216,8 +218,10 @@ class ARROW_FLIGHT_EXPORT TestServerBasicAuthHandler : public ServerAuthHandler explicit TestServerBasicAuthHandler(const std::string& username, const std::string& password); ~TestServerBasicAuthHandler() override; - Status Authenticate(ServerAuthSender* outgoing, ServerAuthReader* incoming) override; - Status IsValid(const std::string& token, std::string* peer_identity) override; + Status Authenticate(const ServerCallContext& context, ServerAuthSender* outgoing, + ServerAuthReader* incoming) override; + Status IsValid(const ServerCallContext& context, const std::string& token, + std::string* peer_identity) override; private: BasicAuth basic_auth_; diff --git a/cpp/src/arrow/flight/transport/grpc/grpc_server.cc b/cpp/src/arrow/flight/transport/grpc/grpc_server.cc index a643111e3b2..a707e014b59 100644 --- a/cpp/src/arrow/flight/transport/grpc/grpc_server.cc +++ b/cpp/src/arrow/flight/transport/grpc/grpc_server.cc @@ -299,7 +299,8 @@ class GrpcServiceHandler final : public FlightService::Service { } else { token = std::string(auth_header->second.data(), auth_header->second.length()); } - GRPC_RETURN_NOT_OK(auth_handler_->IsValid(token, &flight_context.peer_identity_)); + GRPC_RETURN_NOT_OK( + auth_handler_->IsValid(flight_context, token, &flight_context.peer_identity_)); } return MakeCallContext(method, context, flight_context); @@ -352,8 +353,8 @@ class GrpcServiceHandler final : public FlightService::Service { } GrpcServerAuthSender outgoing{stream}; GrpcServerAuthReader incoming{stream}; - RETURN_WITH_MIDDLEWARE(flight_context, - auth_handler_->Authenticate(&outgoing, &incoming)); + RETURN_WITH_MIDDLEWARE(flight_context, auth_handler_->Authenticate( + flight_context, &outgoing, &incoming)); } ::grpc::Status ListFlights(ServerContext* context, const pb::Criteria* request,