CODEWITHSUNDEEP
google-cloud-platformoauth-2.0swaggergoogle-cloud-endpointsopenapi
user
user

Reputation: 173

Scope not working in Google endpoint open yaml security definition

I have a JWT token that i want to validate with the open yaml security definition for a google endpoint. But it is checking only token from same issuer and audience.I dont see this checking anything else.So anyone with same issuer and audience is allowed to call the endpoint.I want to restrict it for my tenant may be with the client id/secret as it will be unique.I tried with the details mentioned in https://auth0.com/docs/integrations/google-cloud-endpoints .When tried with password or application,it still allows user with same issuer and audience although the scopes are different.I want to restrict for my tenant.How can i do that?

     security:
        - auth0_jwt:
            - openid
            - profile
            - email
securityDefinitions:
  auth0_jwt:
    tokenUrl: https://domain_name/oauth/token
    flow: application
    type: oauth2
    x-google-issuer: https://domain_name/
    x-google-jwkuri: https://jwks_uri
    x-google-audiences: https://audience_name/
    scopes:
       openid: test
       profile: test
       email: test

In above code,security is written inside the path .Same as mentioned in the above link. Also i have a question regarding the claims.How do i validate claims in a token for google endpoint using the opena api yaml ?

Upvotes: 0

Views: 389

Answers (1)

guillaume blaquiere
guillaume blaquiere

Reputation: 75735

Cloud Endpoint performs only authentication and not authorization. To achieve authorization checks, you have to implement the process in your API. In my company, we usually use Firestore to store and retrieve the link between the user email and their profiles (authorization).

Upvotes: 1

Related Questions