would be grateful for directions. I'm a bit new to GCP. I want to secure the Cloud Run
, which will be running some APIs. I was thinking of using the Identity Platform
to create a set of users invoking the APIs with OAuth2.
The created are the Cloud Run
service which is restricted from public access. As well the API endpoint which is currently publicly available and returns the response from the secured Cloud Run
service. The Identity Platform
with a test user is created as well and I can get the SecureToken
back from the https://identitytoolkit.googleapis.com/v1.
The API endpoint
config file is below:
swagger: '2.0'
host: *HOST*
schemes:
- https
produces:
- application/json
x-google-backend:
address: *https://HOST*
protocol: h2
paths:
/hello:
get:
operationId: hello
responses:
'200':
description: A successful response
schema:
type: string
security: #I presume I need to add security here
- auth0_jwt: []
#and here
securityDefinitions:
auth0_jwt:
authorizationUrl: "" #???
flow: "implicit"
type: "oauth2"
x-google-issuer: "https://securetoken.google.com/" #???
x-google-jwks_uri: "" #???
x-google-audiences: "" #???
How would I add secure authentication from Identity Platform
to API Endpoint
?
I'm under the impression I need to update the config with security sections, but not sure what values to use. Or maybe that's not the way it is supposed to be done?
a post request to https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=[KEY], with user:psw:returnSecureToken
returns me a token.
I just needed to update the API gateway config yaml
with correct security definitions.
securityDefinitions:
auth0_jwt:
authorizationUrl: ""
flow: "implicit"
type: "oauth2"
x-google-issuer: "https://securetoken.google.com/{google-project-ID}"
x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/metadata/x509/[email protected]"
x-google-audiences: "{google-project-ID}"