1

I am using Google ESP and on an endpoint I have authorisation with Auth0 like so:

securityDefinitions:
    auth0_jwk:
        authorizationUrl: "AUTH_URL"
        flow: "implicit"
        type: "oauth2"
        x-google-issuer: "AUTHO_URL"
        x-google-jwks_uri: "AUTH0_JWKS_URL"
        x-google-audiences: "AUTH0_AUDIENCE"
paths:
  /pluginviewservice/v1:
    post:
      summary: Submits a page to be analysed with auth.
      operationId: pluginviewservicev1
      x-google-backend:
        address: APP_ENGINE_URL
        path_translation: CONSTANT_ADDRESS
      responses:
        '200':
          description: A successful response
          schema:
            type: string
      x-security:
        - {}
        - auth0_jwk:
            audiences:
              - "AUTH0_AUDIENCE"

However what I want is, when the auth0 access token is available it populates "X-Endpoint-API-UserInfo", and when it isn't it lets it through anyway. The endpoint is designed to be accessible both to authorised and unauthorised users. I have tried adding a blank "x-security" as seen above, but that does not seem to work.

user293895
  • 1,465
  • 3
  • 22
  • 39
  • Hi, can you please give more context on this issue: what documentation did you follow? reproducible steps of the issue? does this [documentation](https://cloud.google.com/endpoints/docs/openapi/authenticating-users-custom) help – Methkal Khalawi Jul 27 '20 at 09:38
  • I'm unsure what more I can do beyond what I've already given, can you let me know what you would like? I followed that documentation and it did indeed allow me to add auth0 authentication. What I am looking to create is an endpoint that populates the userinfo if the access token is there, and otherwise lets it through, but does not return a 402 if no access token is present. – user293895 Jul 27 '20 at 16:29
  • I'm looking at your openapi.yaml here and it looks good. but the thing that I'm concerning about is "x-security". shouldn't this be a "security" as mentioned here https://github.com/go-swagger/go-swagger/tree/master/examples/composed-auth **and** https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#quota_examples – Methkal Khalawi Jul 28 '20 at 09:13

0 Answers0