如何使用oauth/jwt保护我的http触发的GCP功能? [英] How to protect my http-triggered GCP Function with oauth/jwt?

问题描述

借助AWS Lambda和API网关，我可以部署使用http公开的功能.

With AWS Lambda and API Gateway, I can deploy a function exposed with http.

借助Cognito和API网关，我可以使用oauth2和jwt令牌保护该功能.

With Cognito and API Gateway, I can protect the function with oauth2 and a jwt token.

有了GCP功能和http-trigger选项，我可以部署使用http公开的功能.

With GCP Function and the http-trigger option, I can deploy a function exposed with http.

是否可以使用oauth2和jwt令牌保护"GCP Cognito替代方案"?

Is there a "GCP Cognito alternative" I can used to protect my function with oauth2 and a jwt token ?

我尝试使用身份平台".我可以通过以下方式获得(不是jwt)令牌: https://accounts.google.com/o/oauth2/v2/auth?client_id = [我的客户端ID]& redirect_uri = [我的重定向uri]& response_type = token& scope = openid

I have tried with "Identity Platform". I can obtain a (not jwt) token with : https://accounts.google.com/o/oauth2/v2/auth?client_id=[my client id]&redirect_uri=[my redirect uri]&response_type=token&scope=openid

但这给我一个401: curl -L -v -XGET --header授权:不记名[不是jwt令牌]" https://europe- west2- [my project] .cloudfunctions.net/my-hello-function"

But this give me a 401 : curl -L -v -XGET --header "Authorization: Bearer [the not jwt token]"https://europe-west2-[my project].cloudfunctions.net/my-hello-function"

谢谢！

推荐答案

如果您要使用Cloud Identity Platform(即Firebase Auth的Google Cloud打包)，则可以使用Cloud Endpoint，这是接受API的API网关密钥和Firebase身份验证OAuth2令牌.

If you want to use Cloud Identity Platform, that is a Google Cloud packaging of Firebase Auth, you can use Cloud Endpoint, which is an API Gateway that accept API Key and firebase auth OAuth2 token.

我安全性定义，然后应该工作！

I wrote an article to explain how to protect your serverless product (Cloud Function, Cloud Run and App Engine) with an API Key. But simply update the security definition with the firebase, and it should work!

这篇关于如何使用oauth/jwt保护我的http触发的GCP功能?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！