would be grateful for directions. I'm a bit new to GCP. I want to secure the Cloud Run, which will be running some APIs. I was thinking of using the Identity Platform to create a set of users invoking the APIs with OAuth2.
The created are the Cloud Run service which is restricted from public access. As well the API endpoint which is currently publicly available and returns the response from the secured Cloud Run service. The Identity Platform with a test user is created as well and I can get the SecureToken back from the https://identitytoolkit.googleapis.com/v1.
The API endpoint config file is below:
swagger: '2.0'
host: *HOST*
schemes:
- https
produces:
- application/json
x-google-backend:
address: *https://HOST*
protocol: h2
paths:
/hello:
get:
operationId: hello
responses:
'200':
description: A successful response
schema:
type: string
security: #I presume I need to add security here
- auth0_jwt: []
#and here
securityDefinitions:
auth0_jwt:
authorizationUrl: "" #???
flow: "implicit"
type: "oauth2"
x-google-issuer: "https://securetoken.google.com/" #???
x-google-jwks_uri: "" #???
x-google-audiences: "" #???
How would I add secure authentication from Identity Platform to API Endpoint?
I'm under the impression I need to update the config with security sections, but not sure what values to use. Or maybe that's not the way it is supposed to be done?
a post request to https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=[KEY], with user:psw:returnSecureToken returns me a token.
I just needed to update the API gateway config yaml with correct security definitions.
securityDefinitions:
auth0_jwt:
authorizationUrl: ""
flow: "implicit"
type: "oauth2"
x-google-issuer: "https://securetoken.google.com/{google-project-ID}"
x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/metadata/x509/[email protected]"
x-google-audiences: "{google-project-ID}"