API Authentication with Google Cloud Endpoints

1
votes

I have a GraphQL server using graphql-yoga based on an Node JS express server running on Google App Engine. Basically, the server exposes an HTTP endpoint with a single route accepting POST requests returning a JSON result, which is consumed by a mobile application.

It doesn't handle user authentication.

From what I understand, it is possible to use Google Cloud Endpoints to deploy an ESP (Extensible Service Proxy) in front of my server in App Engine. It exposes an API with a secure endpoint that handles user authentication via Firebase Auth, Auth0 or Google Sign In.

Are my assumptions correct? I've deployed both with an open API specification that contains the right secure parameters but, without any bearer token, all requests are accepted.

Reference documentation: https://cloud.google.com/endpoints/docs/openapi/authenticating-users

1
node.jsexpressgoogle-app-enginegraphqlgoogle-cloud-endpoints
Are you on App Engine Standard or Flexible?saiyr
App Engine Standard. I realized that it might not be possible, not sure why and as I'm developing for a startup, the pricing of the Flexible option doesn't make sense here.Patrick Samy

1 Answers

2
votes

ESP cannot run in front of your application on App Engine Standard the same way it can on App Engine Flex. That mostly has to do with the difference in architectures of those runtimes --- App Engine Flex is based on deploying containers (including multiple at a time), whereas App Engine Standard does not currently support multi-container deployments.

Because of this, we have the Endpoints Frameworks that add similar functionality as a library for applications based on App Engine Standard --- but this is only supported for the Python and Java runtimes.

Unfortunately, this means that if you're sticking with the combination of Node + App Engine Standard, there isn't currently a way to use Cloud Endpoints.