1

I have a simple bussiness case, not real one, but common:

  1. We have an API to sell, maybe weather API.
  2. Users stored and managed with some identity provider.
  3. Users can generate JWT token to use for machine-to-machine communication. For example using client_id and client_secret.

Now what GCP offers for this scenario:

  1. API Gateway is the way to go, it has JWT auth available.
  2. Firebase or Identity platform are good options to store and manage users.
  3. Logged in users has JWT which can be used with API Gateway, but we need machine-to-machine flow to obtain the token. And both Firebase or Identity platform can't be used for this.

I am curious if this is a correct way to approach this case, because the only way to solve it is to use some third party identity provider like Auth0, or make inhouse solution to generate machine-to-machine JWT. I just can't believe GCP has nothing to offer for such common use case.

Ivan Stasiuk
  • 292
  • 6
  • 12
  • You can use an Google ID Token that you can generate with a service account. What's the problem with that? https://cloud.google.com/api-gateway/docs/authenticating-users-googleid – guillaume blaquiere May 06 '22 at 11:38
  • From the link you send I can see that users can authenticate in a similar manner like with Firebase, again not suitable for machine-to-machine communication. With service account, I have to maintain a custom piece of code to store and generate JWT correct? What I don't like in this approach is that I am not an expert in auth or security, and my code will be vulnerable if I mess up. That's why I prefer managed services. – Ivan Stasiuk May 07 '22 at 11:23
  • You have fallback solution by using API key, but it's not very secure and you have limitation (you can't authenticate account, only GCP projects) – guillaume blaquiere May 07 '22 at 12:01

0 Answers0