I've a cloud run in private mode with only authenticated users enabled, I'm not sure how'd I authenticate with firebase and where do you get the token from? As per other documents it looks like you need another layer for authentication and this model won't work in case cloud run is private and no-allow-unauthenticated and since cloud run supports IAM what'd be the use of this in that case?
@techd1984 sorry for getting back to you late, but the overall flow is like so
your web app (managing your users with the firebase js sdk for them to sign in etc.) get their firebase auth token --- http call with auth in header ---> api gateway (api gateway contains the auth definition to say to use firebase auth to verify access to the endpoint specified in the yaml file --- api gateway proxies request to your cloud run endpoint using service account credentials ---> your private cloud run endpoint.
this allows you to make sure native GCP iam is used to access the raw cloud run url, and only a subset of your endpoints is exposed to your users with firebase auth. As for auth with firebase... check out this video to get some more context around firebase youtube.com/watch?v=9kRgVxULbag at the end of the day you would just be calling api gateway with your end users tokens.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi Alex, Nice article @amammay
I've a cloud run in private mode with only authenticated users enabled, I'm not sure how'd I authenticate with firebase and where do you get the token from? As per other documents it looks like you need another layer for authentication and this model won't work in case cloud run is private and no-allow-unauthenticated and since cloud run supports IAM what'd be the use of this in that case?
@techd1984 sorry for getting back to you late, but the overall flow is like so
your web app (managing your users with the firebase js sdk for them to sign in etc.) get their firebase auth token --- http call with auth in header ---> api gateway (api gateway contains the auth definition to say to use firebase auth to verify access to the endpoint specified in the yaml file --- api gateway proxies request to your cloud run endpoint using service account credentials ---> your private cloud run endpoint.
this allows you to make sure native GCP iam is used to access the raw cloud run url, and only a subset of your endpoints is exposed to your users with firebase auth. As for auth with firebase... check out this video to get some more context around firebase youtube.com/watch?v=9kRgVxULbag at the end of the day you would just be calling api gateway with your end users tokens.