Assigned
Status Update
No update yet.
Comments
da...@google.com
da...@google.com
I have forwarded this request to the engineering team. We will update this issue with any progress updates and a resolution.
Best Regards,
Josh Moyer
Google Cloud Platform Support
Best Regards,
Josh Moyer
Google Cloud Platform Support
an...@pwc.com
This is not only useful for IP addresses, but also for many other resources. I understand that names are currently used as identifiers, so this request is probably not trivial to implement. Maybe distinguishing between a (numeric, automatically generated) identifier and a (textual) label is the way to go?
Description
I have previously tried App Engine with Google authentication enabled. Each HTTP request included the Google account user who made the request. Perfect!
However, it may not be an option for me to use Google authentication. Instead I may need to use OpenID Connect. I see that Cloud Endpoints supports this.
I worked from the following Cloud Endpoints example:
I edited the example to replace the firebase connection details with the details of my own authentication server (issuer, jwksUri, audiences).
It worked.
However I had expected Cloud Endpoints to log the user that made the call. Cloud Endpoints had all the information in needs to do this. But as far as I can see this isn't happening.
Cloud Endpoints handles logging.
Cloud Endpoints handles authentication.
Cloud Endpoints does not handle logging of authentication (I've opened a case with Enterprise Support (17470576) to confirm that this)
They suggested that I raise it as a feature request and I think it would be a good thing to have.
The feature request: When a Cloud Endpoint is configured to use authentication, it should extract the subject (or optionally another field?) from the JWT and log it with the request. Knowing who made each request is such a common requirement I believe this feature will be a useful addition to GCP.