GCP API Gateway + Identity Platform second tenant

Asked Dec 06 '21 at 13:24

Active Dec 06 '21 at 13:24

Viewed 217 times

I have one question. I seted up a new tenant in my Identity Platform, and I need to set a security definition in a OpenAPI document for an API Gateway to authenticate users that ONLY belongs to this new tenant.

For example, for default firebase authentication would be something like this:

securityDefinitions:
  firebase:
    authorizationUrl: ""
    flow: "implicit"
    type: "oauth2"
    x-google-issuer: "https://securetoken.google.com/{projectID}"
    x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com"
    x-google-audiences: "{projectID}"

And for authenticating a service account would be like this:

securityDefinitions:
  saOAuth:
    authorizationUrl: ""
    flow: "implicit"
    type: "oauth2"
    x-google-issuer: "{saName}@{projectID}.iam.gserviceaccount.com"
    x-google-jwks_uri: "https://www.googleapis.com/robot/v1/metadata/x509/{saName}@{projectID}.iam.gserviceaccount.com"
    x-google-audiences: "{someAudience}"

So, how can I make a definition for a specific tenant??

asked Dec 06 '21 at 13:24

Oscar Ojeda

Do you have an issue when you try with a user from the 2nd tenant? – guillaume blaquiere Dec 06 '21 at 17:04
I haven't tested in deed with a user from a second tenant. But the real question is: how to allow ONLY the users from the default tenant and DENY access to the users from the second tenant – Oscar Ojeda Dec 07 '21 at 17:18
I think it's not possible. I didn't find an option for that – guillaume blaquiere Dec 07 '21 at 20:41

GCP API Gateway + Identity Platform second tenant

0 Answers0