I have deployed a Gateway which routes traffic to Cloud Run containers and called from a web application with a service account credentials file. The gateway makes use of an API key and a JWT for authentication and, so far, all calls made with a JWT that was created from the p12 service account credentials file have successfully authenticated without issues or fail.
The problem I have is that I am expanding the applications that should be able to make requests, which now includes mobile applications and desktop applications. For security reasons, I do not want to distribute the credentials file with the applications. I was able to create an additional LogIn function in the Cloud Run backend, which retrieves a google generated JWT for the linked service account from the metadata. However, when I add a security profile for this generated JWT in the configuration file, Gateways complains that there is no JWT attached to the request.
Any advice regarding whether I am pursuing the wrong avenue for application authentication or whether this might actually be a bug in Gateways or a config file setup issue would be greatly appreciated.
You received this message because you are subscribed to the Google Groups "api-gateway-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to api-gateway-us...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/api-gateway-users/274f0a6d-a420-487d-b206-e55ee8247463n%40googlegroups.com.