I have deployed both backend and frontend to Google Cloud run.
frontend - angular 16 with ssr.
backend - nodejs running express.
I am using ssr so the request should come from the frontend service and not the browser directly.
I have token validation inside the backend but the request fails before getting to the backend.
But every http request to the backend from the frontend returns unauthorized after deploying, it works locally.
The request was not authorized to invoke this service.
Thank you for your help
I tried to make the backend public, using identity platform, giving the service account Invoker permissions, but nothing worked.
The request from the frontend goes like this:
Inside angular, using HttpClient to post to the ssr server
await this._http.post("/api/example", data, {
headers: {
'Authorization': 'Bearer ' + firebaseIdToken
}
})
Then inside the ssr server:
router.post('/api/example', async (req, res) => {
// Getting backend url from gcp secret manager service
const backendUrl = await getBackendUrl();
// Posting to backend service via axios client
const result = await axios.post(backendUrl + '/example', req.body, {
headers: {
Authorization: req.headers.authorization
}
})
res.send(result);
})
You can't connect directly your Firebase user to a Cloud Run service deployed in "not allow unauthenticated".
If you have a look at the documentation, you can see that your Cloud Run service MUST be deployed publicly, and you check the user identity/token inside your Cloud Run service with the verify method.
Be careful, a common mistake is to say: "My Cloud Run front end service account is authorized to invoke the Backend, but it still does not work".
That's true because your frontend code does not run on the Cloud Run frontend service, but on your browser, the Cloud Run frontend service only serve the static files.