Re: How to secure Cloud Run service website?

J-Blake · 09-10-2021 09:55 AM

Not sure if I have posted this question at the correct location.

I have a website deployed at the Cloud Run. I want to restrict that website to certain users & I want to use Google Sign In method to authenticate them.

So I have followed https://cloud.google.com/run/docs/authenticating/end-users#google-sign-in.

Am I using the correct guide document above to achieve my goal?
Following step 1, I manage create credentials(oauth client id)? See the screenshot below
Regarding step 2, I am not able to set the correct Client ID for your cloud run service. How can I do it? For your info, I deploy the website at Cloud Run using Cloud Build from a GitHub repository. Where do I set the Client ID? I can share my GitHub repo with you if you like.

Thanks,

djacalesg

Hello, I think you are in the right path.

From what I see at your screen shot you have not configured your URI's and Authorized Origins. Here it is some information regardless this two parameters https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid, since both are important when authenticating using auth 2.0

J-Blake

@djacalesg ,

Thanks for the reply.

I am not sure what URL to provide for the Authorised JavaScript origins & Authorised redirect URIs

Am I right to add the URL given by the Cloud Run for both fields?

djacalesg

Authorized JS origins is the authorized domains the Auth2.0 server can accept requests from. If you don't have a custom domain the one given by cloud run should work, for testing purposes you can use http(https)://localhost:[port]. And redirects URI's is the path your client forwards traffic to after successful login. There are some restrictions for the format of the URIs , here .

Note: You can enter multiple origins to allow for your app to run on different protocols, domains, or subdomains. You cannot use wildcards.

I hope this can be helpful.

Regards,