Using Cloud run with custom domain

427 views
Skip to first unread message

Yoshinori Ishii

unread,
Dec 24, 2019, 12:05:29 AM12/24/19
to Google Cloud Pub/Sub Discussions
Hi,

I tried this tutorial and setup and authorized push subscriber, but it have a problem.
https://cloud.google.com/run/docs/tutorials/pubsub

When I use Cloud Run with custom domain, the service returns 401 error.
run.app domain that is automatically generated by GCP works fine, and I can access the custom domain if I allow unauthorized access (allUsers).

I've added the custom domain to verified domain list in GCP console, nothing has changed.

Is there someone who could help me?

Preston Holmes

unread,
Dec 24, 2019, 10:05:03 AM12/24/19
to Google Cloud Pub/Sub Discussions
Hello thanks for asking this

Currently the built in authorization provided by the Cloud Run Invoker IAM role will only validate a JWT token with an aud (audience) claim that is set to the domain issued by the Cloud run service (ending in run.app) and not custom domains.  You can still set the URL to the custom domain, but you will need to set the audience explicitly when configuring the push subscription (it defaults to the same as the URL if not set explicitly).

For fully automated system push subscriptions, what is the advantage to you of using the custom domain?

-Preston

Reply all
Reply to author
Forward
0 new messages