2

Google Cloud allows serving static content from a bucket by adding a loadbalancer in front of it. So far I was able to successfully serve public content, but I would also like to be able to authenticate users before they can see some/all content in a bucket using an oauth provider, but do it as serverless.

I have found Grant project which might solve a part of it, but I could really use some guidance on the best way to configure GCP itself to do it, or if this is even possible?

If possible, google function should not be a proxy service for all traffic, but instead just instruct GCP to redirect traffic without proper credentials to oauth, and otherwise just serve the content from a bucket.

Yuri Astrakhan
  • 8,808
  • 6
  • 63
  • 97
  • Which type of authentication have your users? A Google Account? Other Identity provider? Many of them? – guillaume blaquiere Nov 19 '20 at 10:17
  • @guillaumeblaquiere for starters I would like to use Okta, but for the future would be interesting to see multiple providers (i.e. if some content should be available to all employees plus some customers, etc) – Yuri Astrakhan Nov 19 '20 at 19:19
  • Are you open to use App Engine instead of Cloud Storage Bucket? The base of the solution is the same as [this one](https://stackoverflow.com/questions/64835376/serving-static-page-from-gcs-with-access-restrictions/64844682). But for Okta (and other IDP) it's slightly more complex. If App Engine is acceptable for you, I could take time to describe how to achieve your requirements. – guillaume blaquiere Nov 19 '20 at 21:16
  • @guillaumeblaquiere using app engine would defeat the whole idea of a "system with almost no moving parts". For public content, I have zero custom services -- data is served by load balancer + bucket backend directly from a bucket. Adding App Engine is essentially building my own service - something I'm tying to avoid as it requires its own health monitoring, deployments, versioning, etc. I want GCP to be responsible for the system stability, not my own service. Serverless functions would provide bare minimum for oauth cookie, so if down, authenticated users can still see content. – Yuri Astrakhan Nov 19 '20 at 22:45
  • Arf no!!! It's a "hack"!! You use App Engine to serve only static content, you have no webserver to write, to code (...), just put your file and let App Engine serving them for you, for free (28H free for a standard instance (F1) per day) – guillaume blaquiere Nov 20 '20 at 09:23

0 Answers0