Authentication Method¶
Overview¶
Specific disscussion for authentication in the service between FE with BE service.
Internal framework between 2 component of frontend and backend to sync the authentication
flowchart LR
subgraph uiteam[UI component]
ui[UI elements]
framework[Internal Framework]
end
subgraph data[Backend component]
idp[Identity Provider]
adapter[Adapter]
database[Internal Database]
end
ui <--> framework <--> idp <--> adapter <--> databaseDiscussion method¶
There are 2 methods can applied now into the service.
Method 1: Header check on the Request Incoming¶
-
Using IAP as the authetication service that handle request into the domain. The backend is Cloud Run
-
For UI implement:
(a) Required custom Auth UI with instruction from Google
(b) This required internal fetch the data through the headers of the request
IAP authenticates to Cloud Run using the X-Serverless-Authorization header. Cloud Run passes this header to your service after stripping its signature. If your service is designed to forward the request to another Cloud Run service that requires IAM authentication, update your service to remove this header first.
Example on Enabling Cloud Run
- Pros:
| Pros |
|---|
| BE team has been intergrated with the IAP service and domain control |
- Cons:
| Cons |
|---|
| FE required follow instruction for the implement |
Method 2: Implement internal OAuth from the UI side¶
- Internal design the OAuth internal within the service
Using IAP as the authetication service that handle request into the domain
- Pros:
| Pros |
|---|
| Multiple example on the FE side to implement the OAuth |
| FE can handle this directly |
- Cons:
| Cons |
|---|
| BE required verify the deployment checklist |
| BE expose the secret for local development |
Question¶
- Can also be used without a database (e.g. OAuth + JWT)
flowchart LR
iap --> ui[UI interface] --> api --> database