This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Enabling Okta-Authenticated User Access to Authenticated Cloud Run Service

Posted on 12-19-2024 01:02 AM
Nikita_G
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

We have deployed an authenticated Cloud Run service for a Streamlit application. The application already includes Okta authentication for user sign-in, and we wants to use only Okta for authentication.

we does not want to use Google Sign-In or any other external authentication mechanisms for accessing the Cloud Run service.

We tried using Identity-Aware Proxy (IAP) for securing the service, but it also requires Google Sign-In, which the we does not want.

Requirement:
We want only Okta-authenticated users to access the deployed authenticated Cloud Run service.

Are there any other approaches or configurations we can implement to achieve this?

Solved Solved
0 1 475
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ronnelg
Staff
Reply posted on --/--/---- --:-- AM

Hi @Nikita_G

Have you tried to use the Cloud Endpoints for Cloud Run? To authenticate a user, a client application must send a JSON Web Token (JWT) in the authorization header of the HTTP request to your backend API. The Extensible Service Proxy (ESP) validates the token on behalf of your API, so you don't have to add any code in your API to process the authentication. However, you do need to configure your OpenAPI document to support your chosen authentication methods. 

Have a look at this documentation for more details on how to authenticate users using Okta with ESP.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
ronnelg
Staff
Reply posted on --/--/---- --:-- AM

Hi @Nikita_G

Have you tried to use the Cloud Endpoints for Cloud Run? To authenticate a user, a client application must send a JSON Web Token (JWT) in the authorization header of the HTTP request to your backend API. The Extensible Service Proxy (ESP) validates the token on behalf of your API, so you don't have to add any code in your API to process the authentication. However, you do need to configure your OpenAPI document to support your chosen authentication methods. 

Have a look at this documentation for more details on how to authenticate users using Okta with ESP.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

Jump to Solution