I created a node.js sever inside the cloud shell. I can open the Web Preview and it will send a GET request to my server, but I also want to send a POST request to the server. If I try to call the same USL provided in Web Preview from anywhere outside of the current broswer which I am looged in with my google cloud, I will be redirected to login page.
Is there a way to Authenticate to google cloud by adding hedears in an API request?
To generate a token so that you can authenticate to google cloud follow the below steps:
Login to Google Cloud Console
In API & Services -> Credentials create an OAuth 2.0 client ID
Authorize the redirect URL
Login to Postman client/browser app
Use the settings mentioned in the document in the postman.
Related
During development I an able to login and logout just fine. I have deployed the Django app to Google cloud run. I am also able to login with the Service URL which has the syntax https://example-service-xxxxxxx-ey.a.run.app.
Furthermore, I have also connected a custom domain via Firebase to the cloud run service and everything works well apart when I signin in which case I am redirected back to the login page.
Currently, I am testing Google Cloud's Speech API and wondering how to pass dynamic Google Cloud API key to client app from server.
The speech function will be on client's app (React Native). Before every request to Google Cloud API or session, I am thinking to generate API key dynamically from server side (Nodejs) with a short lifetime and pass to client side. Only then, clients can use the Google service.
The main concern is that I do not want to embed Google Cloud API key on client app and I want to have control on which client can / cannot use the service. Is there a way to dynamically generate API keys on server side with short lifetime and pass to client? Thanks.
Update:
I was checking https://github.com/GoogleCloudPlatform/android-docs-samples/tree/master/speech/Speech and found the suggestion:
This Android app uses JSON credential file locally stored in the resources. You should not do this in your production app. Instead, you should set up your own backend server that authenticates app users. The server should delegate API calls from your client app. This way, you can enforce usage quota per user. Alternatively, you should get the access token on the server side, and supply client app with it. The access token will expire in a short while.
This is exactly what I want to do but can anyone suggest how can I achieve this? Thanks.
I am trying to find out how to get the API key for Step 2 on server backend side.
Never store credentials in users' browsers, luckily you are trying to adhere to this principle!
A setup that might be useful here has the following components:
Use an authentication mechanism in your client-side app, by means of an identity provider. You could use Okta, Auth0, Cognito, or any other authentication provider which supports Oauth2.
Use the same authentication provider to secure a custom-build endpoint, which could be a Google Cloud Function. This could be combined with Cloud Endpoints, but not necessarily.
In the same Cloud Function, after a user's identity is checked, you call the speech API.
The API key could be stored as a secret in Google Secret Manager.
The Cloud Function acts as a "serving hatch" to the API, passing back and forth requests from a user to the Google Cloud Speech API.
Your API key remains on the backend, stored as a secret. Users that are not authenticated using the authentication provider, will never have access to the Speech API.
I have an existing suite of postman tests that previously ran against REST services hosted in Azure using Azure AD for Auth. Using the token endpoint (https://login.microsoftonline.com/{{tenantId}}/oauth2/token), I was able to obtain an Oauth token for an enterprise app (test app) that had deligate permissions for the application under test.
The apps have been moved to AWS and are now secured with Cognito. I have been unable to find an equivalent workflow that allows me to obtain a token without manual data being entered by the user.
The login endpoint requires me to manually enter the user name and password:
How do i integrate amazon cognito login in postman
and
I can setup an app and get an acceess token it does not give me permissions to the APIs, as I can not add the app to the user group with permissions.
https://lobster1234.github.io/2018/05/31/server-to-server-auth-with-amazon-cognito/
I am trying to set up AWS API gateway in our env. I have created an api gateway with a resource and a cognito user pool for authentication. I created an app client in cognito and able to add users. But I am not clear on invoking the sign in page when accessing the endpoint using api gateway. Right now i am passing the JWT token in the Authorization header manually for testing purpose but in realtime, when I hit the api gateway endpoint i want to redirect to the signup/sign-in page programmatically add the auth header once the user authenticated.
Could you please help me understand what I am missing here?
An API is a backend service usually called through front end app or other backend service. An API should not assume the caller is a human using a front end, and should not assume the front end is a web app, it might be a mobile application, a watch app, a TV app etc ...
That being said, your API should not redirect to the user authentication page.
The normal workflow would be
Customers connect to you web page
Code on web page checks if the user is authenticated
When user is not authenticated, web page redirects to authentication system.
After authentication, authentication system redirects back to your web page
Web page collects token generated by authentication system
Web page call API, including token in header / query strings.
You can substitute web app here by mobile app or other type of front end.
Check an example here. https://github.com/dabit3/stockholm-loft-react-native
This is a React App, using Amplify it demonstrates how the app itself is managing the redirection to the authentication page and how it pass authentication token to the API. The example is using GraphQL API, but you can do something similar with REST API.
The workflow I need:
User authenticated via google to a g-apps spreadsheet with google-apps-script.
The script then calls an external service( a django app) which uses oauth for login with google backend - and authenticates with the user google credentials.
Searched from the G-apps api docs but couldn't find how to utlizlize the use existing google login to authenticate vs an external service also using google oauth login (there are docs to connecting to a google api, but that's a different use case)
Is this even possible? if so - How can I access the user credentials directly or preferably allow UrlFetchApp to use the credentials transparently.
Maybe my google foo is failing me, but I can't find examples/explanations for this scenario.