API Gateway Custom Authorizer [226426383]

Assigned

Feature Request

Status Update

No update yet.

Description

bl...@gmail.com

created issue #1

Mar 24, 2022 01:35PM

Requesting a similar capability provided by AWS API Gateway Lambda authorizers (https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html) for GCP API Gateway. In short, provide the ability to support customize authorization at the API Gateway level via Cloud Function (or other). This would allow teams to use all of the powerful features of API Gateway without having to modify their current auth implementation if it’s not using JWT (e.g. opaque session token sent via cookie).

How this might work:

Developer creates a custom Cloud Function with the sole purpose of handling authorization (perhaps it expects a request as input and outputs a policy)
Developer attaches the Cloud Function to the API Gateway and provides all necessary configuration details
API Gateway intercepts a request, identifies that a custom authorizer has been attached and forwards the request
Custom authorizer executes and decides whether to permit/deny the request and returns the appropriate policy. Note: This function could enable any type of authorization (e.g. JWT integration with Auth0, opaque session token stored in Memorystore / Datastore / etc.).

If applicable, reasons why alternative solutions are not sufficient:

Teams that want to integrate API Gateway into their system architecture and use it to perform authorization are forced to do one of two things if they have an existing authorization system at their application level:
1. Redesign their authorization system to conform to the limitations of API Gateway
2. Use a subset of features provided by API Gateway but keep authorization at the application level

Other information (workarounds you have tried, documentation consulted, etc):

https://cloud.google.com/api-gateway/docs/authentication-method

Comments

am...@google.com <am...@google.com> #2Mar 25, 2022 12:20PM

Assigned to gc...@google.com.

Hello,

Thank you for reaching out to us!

I tried to reproduce this issue at my end. However, I am getting the intended behavior. Please check the official documentation referring configuration for the Oauth ClientID for Web applications.Also I would suggest you have a look at the validation rules for Authorized JavaScript origin mentioned.

Please let me know if that helped you with your use case and if there is anything else you would need assistance with.

Thank you

da...@nillio.com <da...@nillio.com> #3Jun 2, 2022 10:46AM

Hi, please read the documentation you linked:

> Scheme
> JavaScript origins must use the HTTPS scheme, not plain HTTP. Localhost URIs (including localhost IP address URIs) are exempt from this rule.

Subdomains of localhost (ie. foo.localhost) *are* "Localhost URIs" but are not currently exempt from the rule, contrary to the documentation.

48...@mail.muni.cz <48...@mail.muni.cz> #4Jun 2, 2022 11:17AM

Hello,

Thank you for reaching out to us with your request.

We have duly noted your feedback and will thoroughly validate it. While we cannot provide an estimated time of implementation or guarantee the fulfillment of the issue, please be assured that your input is highly valued. Your feedback enables us to enhance our products and services.

We appreciate your continued trust and support in improving our Google Cloud Platform products. In case you want to report a new issue, Please do not hesitate to create a new issue on the Issue Tracker providing a detailed description of your issue.

Once again, we sincerely appreciate your valuable feedback; Thank you for your understanding and collaboration.

se...@monetplus.cz <se...@monetplus.cz> #5Jun 14, 2022 11:40AM

We need this too

se...@gmail.com <se...@gmail.com> #6Jul 8, 2022 12:15AM

+1.

[Deleted User] <[Deleted User]> #7Aug 16, 2022 04:20PM

This feature is a must have, not only for custom user authentication, but also to authenticate/authorize applications that use custom JWTs signed with symmetric or asymmetric keys.

em...@springmerchant.com <em...@springmerchant.com> #8Sep 5, 2022 07:21PM

+1. Definitely a must have feature. It would help when doing custom user authentication for apps.

na...@gmail.com <na...@gmail.com> #9Sep 23, 2022 03:35PM

we would also like this. In addition to authentication, we need to run complicated logic to verify access based on multiple tenants.
It will be good to either have the capability to extend Google API Gateway with custom code (preferred) or have a way to call an API in the backend to perform this access control.

dr...@gmail.com <dr...@gmail.com> #10Nov 12, 2022 01:57PM

This is a feature our team would desire too

[Deleted User] <[Deleted User]> #11Nov 30, 2022 07:02PM

my team is also interested in this feature

ba...@gmail.com <ba...@gmail.com> #12Jan 31, 2023 04:57PM

al...@gmail.com <al...@gmail.com> #13Feb 10, 2023 01:44PM

pe...@gmail.com <pe...@gmail.com> #14Mar 12, 2023 02:08PM

ol...@orientedsoft.com <ol...@orientedsoft.com> #15Mar 31, 2023 11:55AM

Message last modified on Apr 3, 2023 07:29AM

ol...@orientedsoft.com <ol...@orientedsoft.com> #16Mar 31, 2023 01:24PM

Do you support any communication with your customers? It's been over a year, and we haven't received any response. This is an often-used feature that competitors have had for a long time, and it's not extremely difficult to implement. Your lack of support, slow response time, and delayed feature implementation have forced customers to switch to competitors. Are you sure you are customer-oriented?

su...@google.com <su...@google.com> May 22, 2023 07:15AM

Reassigned to su...@google.com.

su...@google.com <su...@google.com> #17Jun 7, 2023 08:38AM

Reassigned to gc...@google.com.

Hello,

Thank you for reaching us.

I have reported this again to the team. Any further update from the team will be notified here.Note that there are no ETAs or guarantees of implementation for feature requests. All communication regarding this feature request is to be done here.

mi...@gmail.com <mi...@gmail.com> #18Sep 12, 2023 01:35PM

Hello,

Are there any updates?

Best regards,

hi...@gmail.com <hi...@gmail.com> #19Jan 11, 2024 11:09AM

Hello,

Are there any updates?

rl...@minddoc.de <rl...@minddoc.de> #20Jan 17, 2024 10:42AM

vi...@orientedsoft.com <vi...@orientedsoft.com> #21Feb 16, 2024 12:19PM

Hi, any updates on this request?

ro...@fungiball.io <ro...@fungiball.io> #22Feb 21, 2024 02:37PM

That feature is indeed a must have.

Is there a workaround that you guys have put in place to do this ?
Or do you check the authorization in the cloud function ?

hu...@google.com <hu...@google.com> #23Jun 26, 2024 01:50AM

My customer also needs this feature

da...@uala.com.ar <da...@uala.com.ar> #24Feb 27, 2025 10:23PM

my team need this feature!

Issue 226426383

Description

Issue summary

Comments

am...@google.com <am...@google.com> #2Mar 25, 2022 12:20PM

da...@nillio.com <da...@nillio.com> #3Jun 2, 2022 10:46AM

48...@mail.muni.cz <48...@mail.muni.cz> #4Jun 2, 2022 11:17AM

se...@monetplus.cz <se...@monetplus.cz> #5Jun 14, 2022 11:40AM

se...@gmail.com <se...@gmail.com> #6Jul 8, 2022 12:15AM

[Deleted User] <[Deleted User]> #7Aug 16, 2022 04:20PM

em...@springmerchant.com <em...@springmerchant.com> #8Sep 5, 2022 07:21PM

na...@gmail.com <na...@gmail.com> #9Sep 23, 2022 03:35PM

dr...@gmail.com <dr...@gmail.com> #10Nov 12, 2022 01:57PM

[Deleted User] <[Deleted User]> #11Nov 30, 2022 07:02PM

ba...@gmail.com <ba...@gmail.com> #12Jan 31, 2023 04:57PM

al...@gmail.com <al...@gmail.com> #13Feb 10, 2023 01:44PM

pe...@gmail.com <pe...@gmail.com> #14Mar 12, 2023 02:08PM

ol...@orientedsoft.com <ol...@orientedsoft.com> #15Mar 31, 2023 11:55AM

ol...@orientedsoft.com <ol...@orientedsoft.com> #16Mar 31, 2023 01:24PM

su...@google.com <su...@google.com> May 22, 2023 07:15AM

su...@google.com <su...@google.com> #17Jun 7, 2023 08:38AM

mi...@gmail.com <mi...@gmail.com> #18Sep 12, 2023 01:35PM

hi...@gmail.com <hi...@gmail.com> #19Jan 11, 2024 11:09AM

rl...@minddoc.de <rl...@minddoc.de> #20Jan 17, 2024 10:42AM

vi...@orientedsoft.com <vi...@orientedsoft.com> #21Feb 16, 2024 12:19PM

ro...@fungiball.io <ro...@fungiball.io> #22Feb 21, 2024 02:37PM

hu...@google.com <hu...@google.com> #23Jun 26, 2024 01:50AM

da...@uala.com.ar <da...@uala.com.ar> #24Feb 27, 2025 10:23PM

Add comment

Issue metadata