This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Google Api Gateway Authorization Header

Posted on 03-10-2022 04:32 AM
sir_lancelot
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

My GCP API Gateway connects to a cloud run application that hosts a laravel container.

The application uses laravel sanctum for authentication which basically expects authenticated routes to have an authorization header set.

When sending the requests, I send it through axios and add the authorization header but the request always fails with authentication error. After examining the request headers on the cloud run service logs, I realized by default Api Gateway sends an Authorization header for each request whether I set an authorization header or not, hence my authorization header is forwarded as X-Forwarded-Authorization.

I am not able to modify the header in my api to expect the X-Forwarded-Authorization header instead, it always expects the header with the bearer token to be the Authorization header. This has made it difficult as I can't change the behaviour of the API to expect a different header. Is there a way I can override this default Authorization Bearer header sent by API gateway to rather send the value of the Authorization header added in the request instead of sending it as a forwarded value.

 

API Gateway Config:

# openapi2-run.yaml
swagger: "2.0"
info:
  title: my-api
  description: my custom api
  version: 1.0.0
schemes:
  - https
produces:
  - application/json
consumes:
  - application/json
x-google-backend:
  address: https://some-cloud-run-url
basePath: /api
host: my-api.nw.gateway.dev
x-google-endpoints:
  - name: "my-api.nw.gateway.dev"
    allowCors: True
paths:
  /user:
    get:
      summary: Requested user details.
      operationId: UserDetails
      responses:
        "200":
          description: Return Requested User Details.
          schema:
            type: string
        "default":
          description: Unexpected error
0 2 4,242
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
Bruno
Staff
Reply posted on --/--/---- --:-- AM

Hi, 

It appears that, at this time, the option to implement a custom authentication behavior by the API gateway is not supported. For authentications via the API Gateway, the only methods that can be used are the ones mentioned in this article.

It also appears that there is no existing feature request for custom authentication to be supported. My recommendation would be to submit a feature request for this use case so that the API gateway team can evaluate into the feasibility of adding support for custom authentication. 

0 Likes

Posted on --/--/---- --:-- AM
payon
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi,

please see the reply in this article, it might help you.

https://stackoverflow.com/questions/71417602/google-api-gateway-authorization-header-not-forwarded/7...

0 Likes