Google Cloud Endpoints secure all paths with Auth0

0
votes

I try to secure all my paths with the security swagger object, with API key works this fine but how can i do this with auth0 or custom authentication?

security:
- api_key: []
securityDefinitions:
  api_key:
    type: "apiKey"
    name: "key"
    in: "query"

This is not working

    x-security:
        - auth0_jwk:
            audiences:
              - "xxxxxxxxxxxxxxxx"
    securityDefinitions:
        auth0_jwk:
          # Replace YOUR-ACCOUNT-NAME with your Auth0 account name.
          authorizationUrl: "https://YOUR-ACCOUNT-NAME.auth0.com/authorize"
          flow: "implicit"
          type: "oauth2"
          x-issuer: "https://YOUR-ACCOUNT-NAME.auth0.com/"
          # Replace YOUR-ACCOUNT-NAME with your service account's email address.
          x-jwks_uri: "https://YOUR-ACCOUNT-NAME.auth0.com/.well-known/jwks.json"

or this

    security:
        - auth0_jwk:[
           "xxxxxxxxxxxxxxxx"
          ]
    securityDefinitions:
        auth0_jwk:
          # Replace YOUR-ACCOUNT-NAME with your Auth0 account name.
          authorizationUrl: "https://YOUR-ACCOUNT-NAME.auth0.com/authorize"
          flow: "implicit"
          type: "oauth2"
          x-issuer: "https://YOUR-ACCOUNT-NAME.auth0.com/"
          # Replace YOUR-ACCOUNT-NAME with your service account's email address.
          x-jwks_uri: "https://YOUR-ACCOUNT-NAME.auth0.com/.well-known/jwks.json"
2
google-cloud-platformgoogle-cloud-endpoints

2 Answers

0
votes

The swagger configuration with "x-security" looks correct to me. Without the error message, I am not sure what exactly your problem is. However, one common mistake people often make with auth0 authentication is that, they did not set JWT signature algorithm correctly. By default, the JWT signature algorithm is set to "HS256" (symmetric key encryption). If you need to use "RS256" (asymmetric key encryption), you need to go to the app settings page, under advanced configuration, under OAuth, set the ‘JsonWebToken Signature Algorithm’ to RS256.

0
votes

The solution was simple, i use express-swaggerize for my apis and the validation don't know about x-security and give me the err is not allowed this was the problem.

Sorry about this post