google cloud endpoints custom auth jwk - google-cloud-endpoints

I trying to implement a custom auth with google endpoints.
It work fine until one point, i don't know how i implement the jwk_uri, i'm new to openId.
For testing i have used this site to generate key pairs with the jwks file,
jwks Generator.After searching i think this is a special openIdConnect server, but i'm not sure in the details.
From Endpoints i get the error BAD_SIGANTURE.
Thank you for any explanation.

Related

Limit Google Functions to specific hostname in firebase?

I'm new to Firebase, and I'm not sure I'm going about what I'm trying to do the right way, but my question is essentially the title. For an app, I'd like to restrict my functions in Firebase to only be available on a custom hostname I've configured. I'm not sure if there is an easy enough way to do this without creating separate Firebase projects?
My main goal is to setup the functions to respond on a url like api.myapp.com while hooking into authentication that can have callback emails that are sent from myapp.com. I've done some digging and can't seem to find much on how to go about this. Thanks in advance!
The documentation says
The steps required to set up API Gateway to manage and secure a Cloud
Functions backend service are outlined in the API Gateway Quickstarts.
Documentation also says
API Gateway uses Identity and Access Management (IAM) to control
access to your API.
IAM is very granular and would allow you to specify domain names for allow action.

How do I connect my Firebase database to a Google script?

I am trying to put pictures that are on Firebase into a google Drive by using google App script. I've no code, I only tried reading the documentation, but it seems to be deprecated. There seems to be a way to use an Oauth token but I could not find a token on my firebase database.
I go into a lot of detail about using OAuth2 and service accounts with Google Apps Script in this story on Medium.
I suppose you want to use Firebase storage? The approach should be similar:
Create a service account
Use the OAuth2 library to generate a Bearer token
Use that token with the API call via UrlFetchApp
It would help if you shared more details on what you're trying to achieve, but this should set you on the right track.

I need to send product details to Google shopping Content API but first i need to generate oAuth token.How i will do it through function app

I need to send product details to Google shopping Content API but for using that i need to generate oAuth token with refresh token throgh Azure data factory.I have generated service account and client-secret json .How i will do it through function app?
Firstly, we need to understand that functions should not be used to do UI-related actions. In any app service the pop up for the login ( which allows to provide the credentials) will not be supported.
E.g. : To avoid this scenario , in case of AD auth we may use service principle where we feed the required credential to acquire the token. So if we want to use the google auth SDK we need to connect to the concerned team ( Google team) to understand if this is feasible at all.
For this you may check the Server-To-Server Service Account Authentication, as below:
https://cloud.google.com/docs/authentication/production
In case you need any assistance in this, we would recommend you to reach out to the concerned support team.

Is possible to integrate Auth0 to Firebase like this way?

I am building an app in VueJs and I am looking for the best way to do the authentication part, there is an API in progress as well that will need token verification for protected end points.
I would like to know if is possible to integrate Auth0 to Firebase in a way that Firebase is the main center of communication between the VueJs app and Auth0 (the same thing with the API -> Firebase -> Auth0).
I am asking this because I would like to know exactly if I can save some lines of code and performance using Firebase tools to get what I need from Auth0 without connecting directly to Auth0 API. Also I would like to use Fire Store to save the tokens I get from Auth0.
is possible to have this kind of architecture?
Here is a diagram for a better understanding of the wished result, hope is not confusing.
https://ibb.co/68tpw8L
Thank you!
These links are the closest solutions I found thru Google.
But according with the info I found you can do this but using Auth0 as my main gateway but I want all the contrary, using Firebase as the main gateway.
https://firebase.google.com/docs/auth/web/custom-auth#before-you-begin
https://auth0.com/docs/api/authentication#delegation
https://firebase.google.com/docs/web/setup
https://auth0.com/blog/developing-real-time-apps-with-firebase-and-firestore/
Auth0 has deprecated the /delegation endpoint which is used to get the token for third party vender.
https://auth0.com/docs/migrations#api-authorization-with-third-party-vendor-apis
As a workaround, use the firebase custom token authentication mechanism. https://firebase.google.com/docs/auth/admin/create-custom-tokens
https://firebase.google.com/docs/reference/js/firebase.auth.Auth.html#signinwithcustomtoken
To create a custom token, you can use the firebase function if you do not have a backend server.
The entire flow is described in the following auth0 blogs with a complete project.
https://auth0.com/blog/how-to-authenticate-firebase-and-angular-with-auth0-part-1/
https://auth0.com/blog/how-to-authenticate-firebase-and-angular-with-auth0-part-2/

Does Google Cloud Endpoints support incremental authentication?

I found documentation for adding incremental authorization when using the Google 2.0 Sign-in button here.
However Google Cloud Endpoints uses a pretty different sign in flow utilizing the methods documented here, with a tutorial for set up found here.
The gapi.auth.authorize (Endpoints schema) and the gapi.auth2.init method seem fairly different. However the gapi.auth2.init method has a documented means of achieving incremental authorization. Is this possible with Google Cloud Endpoints when using the built in authentication schema?
The JS client library handles the authentication for calls to your Google Cloud Endpoints no matter what authentication method (gapi.auth or gapi.auth2) you used. So everything should work as long as you are calling your endpoints via gapi.client.yourApi methods.
Only important thing is, that the email scope has been authorized before calling methods that require authentication, because access to the user's email address is required by Google Cloud Endpoints.

Resources