CODEWITHSUNDEEP
google-cloud-run
wagaru
wagaru

Reputation: 13

Test OAuth application in Google Cloud Run when Authorization Header is already used

I use Google Cloud Run to deploy my serverless API server, and it require the client to send access token in Authorization header for authentication.

However, Google Cloud Service is private at default, and I don't want to make it pubic accessible. So I have to request with my identity token in Authorization header.

Then, how should I test my serverless API server if Authorization header is already used?

Upvotes: 1

Views: 373

Answers (2)

ahmet alp balkan
ahmet alp balkan

Reputation: 45214

We recommend people to use another header to prevent them from colliding.

However, there is currently a workaround that is not guaranteed to work in the future: Send the actual IAM authentication (that you need to access the private Cloud Run application) header over the x-goog-iap-jwt-assertion header, and as long as that header is present, Cloud Run's IAM will not be using the Authorization header and your application can now read it to authenticate your app's clients the way you like.

I again would like to make it clear that this workaround may not work in the future, but it currently works since it empowers Cloud IAP to authenticate to Cloud Run while preserving the original Authorization header.

Upvotes: 1

guillaume blaquiere
guillaume blaquiere

Reputation: 75775

You need to use a custom header for your application, and to use the standard Authorization headers for Cloud Run (in fact for Google Front End which will check the header before forwarding the request to Cloud Run, if it is valid)

Upvotes: 1

Related Questions