Custom authentication with keycloak

hedi....@everysens.com

unread,

Oct 18, 2018, 11:43:50 AM10/18/18

to Google Cloud Endpoints

Hi,

Google Endpoints documentation mentionned that :

You can use other authentication platforms to authenticate users as long as it conforms to the JSON Web Token RFC 7519.

I'm trying to use Keycloak as a authetification method as shown in the doc

  securityDefinitions:
    custom_jwk:
      authorizationUrl: ""
      flow: "implicit"
      type: "oauth2"
      # The value below should be unique
      x-google-issuer: "https://mycompany.com"
      x-google-jwks_uri: "https://keycloak.mycompany.com/auth/realms/master/protocol/openid-connect/certs"
      # Optional. Replace YOUR-CLIENT-ID with your client ID
      x-google-audiences: "YOUR-CLIENT-ID"

but endpoints doesent like that. In dev portal i have this :

OAuth2 provider 'custom_jwk' is not supported by Google Cloud Endpoints.

is there missed configuration ?

Best Regards.

Andrew Gunsch

unread,

Oct 18, 2018, 12:31:05 PM10/18/18

to hedi....@everysens.com, Google Cloud Endpoints, John Boswell

Thanks for writing and trying out Cloud Endpoints!

It's true, you can authenticate using your own auth provider like so, and the Endpoints proxy should enforce that auth correctly. It's currently just the developer portal that doesn't support that auth for the interactive "Try this API" feature. We're working on a more generic OAuth support for the developer portal UI and can update when we have it.

- Andrew

--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/85806778-8cee-481d-ab4f-e88c01305653%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Hedi Abidi

unread,

Oct 22, 2018, 8:15:19 AM10/22/18

to gun...@google.com, google-clou...@googlegroups.com, jbos...@google.com

Great, thanks for the info!

Im waiting for this feature !

--

Hedi ABIDI

Solution Architect

xiaolingChen

unread,

Jan 21, 2019, 10:28:03 AM1/21/19

to Google Cloud Endpoints

HI, I am trying to use keycloak as a third party authentication server but get JWT validation failed: BAD_FORMAT error because of the nbf=0. Have you used keycloak successfully in cloud endpoints?

Andrew Gunsch

unread,

Jan 22, 2019, 10:32:26 AM1/22/19

to xiaolingChen, Google Cloud Endpoints

Re: that error message, it looks like this GitHub issue covers it directly and this documentation addresses "nbf". Values of "0" aren't supported by ESP.

--

You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/7997b7b2-eac0-4701-b065-48595650f7eb%40googlegroups.com.

xiaoli...@lavorotechnologies.com

unread,

Jan 22, 2019, 10:54:58 AM1/22/19

to Google Cloud Endpoints

Yes. I also saw that. Is it possible we set the nbf in keycloak jwt to bigger than 0? I try many different ways but fails.

To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endpoints+unsub...@googlegroups.com.

Andrew Gunsch

unread,

Jan 22, 2019, 10:58:46 AM1/22/19

to xiaolingChen, Google Cloud Endpoints

You'll have to ask keycloak about that.

To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/7997b7b2-eac0-4701-b065-48595650f7eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.

To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/a831acc2-cb88-464b-8cb8-0d552fe545b0%40googlegroups.com.

xiaoli...@lavorotechnologies.com

unread,

Jan 22, 2019, 11:05:08 AM1/22/19

to Google Cloud Endpoints

Thanks. I will ask keycloak and post the answer after.

To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endpoints+unsub...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/7997b7b2-eac0-4701-b065-48595650f7eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.

To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endpoints+unsub...@googlegroups.com.

Reply all

Reply to author

Forward