pub/sub - push endpoint JWT token

Ethiraj Krishna

unread,

Jul 9, 2018, 12:26:33 PM7/9/18

to Google Cloud Pub/Sub Discussions

Hi,

we are using pub/sub to push message to a API and the API expects JWT token in the headers. is there any way to set the JWT token in the headers? In other wards how can we push to an endpoint which expects token in the header?

Thanks.

Kir Titievsky

unread,

Jul 10, 2018, 9:32:53 AM7/10/18

to Ethiraj Krishna, Google Cloud Pub/Sub Discussions

Ethiraj, you would have to write your own proxy service that takes the push requests and amends them with a token before forwarding. App Engine standard or Cloud Functions are very convenient for this.

Here is an example to help you get started:

https://cloud.google.com/appengine/docs/standard/nodejs/writing-and-responding-to-pub-sub-messages

--
You received this message because you are subscribed to the Google Groups "Google Cloud Pub/Sub Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cloud-pubsub-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cloud-pubsub-discuss/38d1a798-bad6-4d50-ae69-fc9783444862%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Kir Titievsky | Product Manager | Google Cloud Pub/Sub

Ethiraj Krishna

unread,

Jul 10, 2018, 11:56:44 AM7/10/18

to Google Cloud Pub/Sub Discussions

Kir,

Thanks for the reply and example. I did review the below document but our service/API that process the message is already running in GKE and not sure how we can achieve the same without introducing additional layer of proxy.

I was trying to avoid additional proxy layer for just adding the JWT token.

Thanks.

On Tuesday, July 10, 2018 at 8:32:53 AM UTC-5, Kir Titievsky wrote:

Ethiraj, you would have to write your own proxy service that takes the push requests and amends them with a token before forwarding. App Engine standard or Cloud Functions are very convenient for this.

Here is an example to help you get started:
https://cloud.google.com/appengine/docs/standard/nodejs/writing-and-responding-to-pub-sub-messages

On Mon, Jul 9, 2018 at 12:26 PM Ethiraj Krishna <raj...@gmail.com> wrote:
Hi,

we are using pub/sub to push message to a API and the API expects JWT token in the headers. is there any way to set the JWT token in the headers? In other wards how can we push to an endpoint which expects token in the header?

Thanks.

--

Kir Titievsky | Product Manager | Google Cloud Pub/Sub

Kir Titievsky

unread,

Jul 10, 2018, 12:00:15 PM7/10/18

to Ethiraj Krishna, Google Cloud Pub/Sub Discussions

Adding a new proxy was precisely my suggestion. It is true that it is a new service to operate, but it is thin and stateless which should simplify operation.

Another thought: since your target is on GKE, why not rethink the system with a pull-based model?

--

You received this message because you are subscribed to the Google Groups "Google Cloud Pub/Sub Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cloud-pubsub-dis...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cloud-pubsub-discuss/0a655cf3-6a28-4628-83dd-6b3265d6bdf7%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Ethiraj Krishna

unread,

Jul 10, 2018, 1:10:23 PM7/10/18

to Google Cloud Pub/Sub Discussions

yes, we are considering to move to pull-based model but we not sure how to handle the multiple topics. With the push I can have multiple topic/subscription pushing to one single endpoint but with pull we are not sure how dynamically pulling from multiple topic/subscription.

For example : we have 2 topic today when we go to production this will grow dynamically(we invoke the Google API to create topics and subscriptions) but we are not sure how to pull from the new topic/subscription.

Thanks.

On Tuesday, July 10, 2018 at 11:00:15 AM UTC-5, Kir Titievsky wrote:

Adding a new proxy was precisely my suggestion. It is true that it is a new service to operate, but it is thin and stateless which should simplify operation.

Another thought: since your target is on GKE, why not rethink the system with a pull-based model?

On Tue, Jul 10, 2018 at 11:56 AM Ethiraj Krishna <raj...@gmail.com> wrote:

Kir,

Thanks for the reply and example. I did review the below document but our service/API that process the message is already running in GKE and not sure how we can achieve the same without introducing additional layer of proxy.

I was trying to avoid additional proxy layer for just adding the JWT token.

Thanks.

On Tuesday, July 10, 2018 at 8:32:53 AM UTC-5, Kir Titievsky wrote:
Ethiraj, you would have to write your own proxy service that takes the push requests and amends them with a token before forwarding. App Engine standard or Cloud Functions are very convenient for this.

Here is an example to help you get started:
https://cloud.google.com/appengine/docs/standard/nodejs/writing-and-responding-to-pub-sub-messages

On Mon, Jul 9, 2018 at 12:26 PM Ethiraj Krishna <raj...@gmail.com> wrote:
Hi,

we are using pub/sub to push message to a API and the API expects JWT token in the headers. is there any way to set the JWT token in the headers? In other wards how can we push to an endpoint which expects token in the header?

Thanks.

--
Kir Titievsky | Product Manager | Google Cloud Pub/Sub

--
You received this message because you are subscribed to the Google Groups "Google Cloud Pub/Sub Discussions" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cloud-pubsub-discuss+unsub...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cloud-pubsub-discuss/0a655cf3-6a28-4628-83dd-6b3265d6bdf7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Kir Titievsky

unread,

Jul 12, 2018, 1:04:27 PM7/12/18

to Ethiraj Krishna, Google Cloud Pub/Sub Discussions

Ah, fair point. You could do a thing where your proxy periodically reloads the set of subscriptions to read from a file or a DB. You can then populate that list out of band as part of the business logic that creates your topics or subscriptions. Or you can watch audit logs for new subscription creations, if there is a clear way to tell which subscriptions are relevant, to populate that set.

A simpler workaround would to be to stick with a push subscriber to app engine. For App Engine end points, there is a way to require callers to be authenticated so that gives you some way to authorize the calls without the JWT. See the App Engine topic here: https://cloud.google.com/pubsub/docs/push.

On Tue, Jul 10, 2018 at 1:10 PM Ethiraj Krishna <raj...@gmail.com> wrote:

yes, we are considering to move to pull-based model but we not sure how to handle the multiple topics. With the push I can have multiple topic/subscription pushing to one single endpoint but with pull we are not sure how dynamically pulling from multiple topic/subscription.

For example : we have 2 topic today when we go to production this will grow dynamically(we invoke the Google API to create topics and subscriptions) but we are not sure how to pull from the new topic/subscription.

Thanks.

On Tuesday, July 10, 2018 at 11:00:15 AM UTC-5, Kir Titievsky wrote:

Adding a new proxy was precisely my suggestion. It is true that it is a new service to operate, but it is thin and stateless which should simplify operation.

Another thought: since your target is on GKE, why not rethink the system with a pull-based model?

On Tue, Jul 10, 2018 at 11:56 AM Ethiraj Krishna <raj...@gmail.com> wrote:

Kir,

Thanks for the reply and example. I did review the below document but our service/API that process the message is already running in GKE and not sure how we can achieve the same without introducing additional layer of proxy.

I was trying to avoid additional proxy layer for just adding the JWT token.

Thanks.

On Tuesday, July 10, 2018 at 8:32:53 AM UTC-5, Kir Titievsky wrote:
Ethiraj, you would have to write your own proxy service that takes the push requests and amends them with a token before forwarding. App Engine standard or Cloud Functions are very convenient for this.

Here is an example to help you get started:
https://cloud.google.com/appengine/docs/standard/nodejs/writing-and-responding-to-pub-sub-messages

On Mon, Jul 9, 2018 at 12:26 PM Ethiraj Krishna <raj...@gmail.com> wrote:
Hi,

we are using pub/sub to push message to a API and the API expects JWT token in the headers. is there any way to set the JWT token in the headers? In other wards how can we push to an endpoint which expects token in the header?

Thanks.

--
Kir Titievsky | Product Manager | Google Cloud Pub/Sub

--
You received this message because you are subscribed to the Google Groups "Google Cloud Pub/Sub Discussions" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cloud-pubsub-dis...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cloud-pubsub-discuss/0a655cf3-6a28-4628-83dd-6b3265d6bdf7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Kir Titievsky | Product Manager | Google Cloud Pub/Sub

--

You received this message because you are subscribed to the Google Groups "Google Cloud Pub/Sub Discussions" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cloud-pubsub-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cloud-pubsub-discuss/157fb9a2-790e-40f0-89dc-35a2b65fe743%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward