GRPC with HTTP Gateway -- Firebase Security Definition?

[sean....@gmail.com]

I'm working on an API that is secured via Firebase ( multiple Firebase projects, actually ).

I've sorted out how to add Firebase to the YAML file that defines the GRPC service by adding the following:

authentication:

  providers:

    - id: project-1

      jwks_uri: https://www.googleapis.com/service_accounts/v1/metadata/x509/secur...@system.gserviceaccount.com

      issuer: https://securetoken.google.com/project-1

      audiences: aud-1

    - id: project-2

      jwks_uri: https://www.googleapis.com/service_accounts/v1/metadata/x509/secur...@system.gserviceaccount.com

      issuer: https://securetoken.google.com/project-2

      audiences: aud-2

    - id: project-3

      jwks_uri: https://www.googleapis.com/service_accounts/v1/metadata/x509/secur...@system.gserviceaccount.com

      issuer: https://securetoken.google.com/project-3

      audiences: aud-2

  rules:

    - selector: "*"

      requirements:

        - provider_id: project-1

        - provider_id: project-2

        - provider_id: project-3

In the proto file that defines the service, I'm using https://github.com/grpc-ecosystem/grpc-gateway/tree/master/protoc-gen-swagger to add annotations to describe the HTTP REST API.

However, in the auto-generated developer portal the REST API only shows requiring an API key, it doesn't show that it also requires an Authorization header. I know how to add security definitions to the proto file, but neither the google.api.http annotation or the protoc_gen_swagger.options.openapiv2_swagger annotation seem to support adding anything other than api key & oauth2 security definitions.

How do I set up the proto file so that the auto-generated Endpoints docs show that a user needs to provide the Authorization header?

For reference, here's the relevant part of my proto file:

syntax = "proto3";

package api;

import "google/api/annotations.proto";

import "github.com/mwitkow/go-proto-validators/validator.proto";

import "google/protobuf/timestamp.proto";

import "protoc-gen-swagger/options/annotations.proto";

option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = {

  host: "api.domain.com";

  info: {

    title: "The API";

    version: "v3.1.19";

    contact: {

      name: "Sean Hagen";

    };

  };

  schemes: HTTPS;

  consumes: "application/json";

  produces: "application/json";

};

service Thing {

  rpc List(ThingFilter) returns (ThingList){

    option (google.api.http) = {

      get: "/v2/things"

    };

  }

}

Is there some way to provide a OpenAPI JSON file that describes the HTTP REST endpoints to `gcloud endpoints services deploy` along with the descriptor.pb and grpc API YAML files so that I can better define the HTTP API in the docs?

[Andrew Gunsch]

Hi Sean,

Thanks for writing! That looks like a bug on our end in the developer portal --- I don't think that's about how you're specifying your auth.

We'll take an action on our end to look into it and follow up once we have more information.

- Andrew

--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/cb9c2ac9-9922-460a-84dc-961f9031ce10%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.