Configuration for GCP
Enable JWT Authentication in Cloud API Configuration for GCP.
When deploying the Cloud API on GCP, ensure that JWT authentication is properly configured by setting the following parameters:
Cloud Function Parameters (Can be set in terraform template or by GCP UI):
Set
authorizationtojwt:- This specifies that JWT authentication will be used to secure the API.
Set
jwt_verifyto1:- Enables verification of the JWT token during API requests.
Set
jwt_secret_base64to the Public Key (PEM Base64 Encoded):- Use the
jwt_signing_keypublic key obtained from Retrieve JWT Public Signing Key .
- Use the
Set
jwt_user_claimtoupnoremail:- Choose the claim used to identify the user. Typically, User Principal Name (upn) or
emailis selected based on your organization’s Entra ID configuration.
- Choose the claim used to identify the user. Typically, User Principal Name (upn) or
Configure GCP cloud protect function Authentication security setting:
By default, GCP cloud function might enforce IAM authentication for API methods. Since authentication is already handled within the Cloud API protect function, we can change the authentication setting to “allow for public access” as below:
- Navigate to the GCP cloud protect function
- On the service details screen, select the security tab
- In the Authentication section - ensure “allow public access” is selected.
Obtain the Gateway URL:
After deploying the Cloud API using terraform, retrieve the API endpoint URL for the service:
From Google Cloud Management console,
- Navigate to API Gateway.
- Select the deployed API Gateway instance.
- Under the “Gateway Details” section, copy the “Gateway URL” or “Managed Service URL”.
- Record the displayed URL for use in the Browser Protector configuration.
protector_endpoint_url: <>
example: https://{gateway-id}-{hash}.{region}.gateway.dev/api
Feedback
Was this page helpful?