No X-Endpoint-API-UserInfo header forwarded by Extensible Service Proxy

0
votes

I'm setting up a pet project using Google Cloud Endpoints and Google Cloud Functions, with Google ID token authentication. I've followed this and this guides to set things up, however the X-Endpoint-API-UserInfo header is not passed to the cloud function.

I've have one POST endpoint set up in this OpenAPI yaml. It's deployed to Cloud Endpoints, and also an Extensible Service Proxy. When I call this from Postman with a token generated with gcloud auth application-default print-access-token, I find that the authentication does work, but only the following headers are present in the function: host, user-agent, transfer-encoding, accept, accept-encoding, authorization, cache-control, forwarded, function-execution-id, postman-token, x-appengine-city, x-appengine-citylatlong, x-appengine-country, x-appengine-default-version-hostname, x-appengine-https, x-appengine-region, x-appengine-request-log-id, x-appengine-user-ip, x-cloud-trace-context, x-forwarded-for, x-forwarded-proto, x-real-ip, connection

Can you help me why I don't get the user info from ESP in the function?

1
google-cloud-functionsgoogle-cloud-endpointsopenapi
hey @esgott, I have tried Wayne Zhang solution and it worked for me. Can you confirm if it works for you and this is what you really want to do?Daniel Ocando
Interesting, I've just tried it again, and I can't go through authentication any more. I get 401 Unauthorized with message JWT validation failed: Bad JWT format: Invalid JSON in header. I'm wondering if my way of generating access token is good.esgott
With the error you get make sure your JWT contains valid JSON. Here you can find an example of a decoded JWT token that is valid.Deniss Tsokarev

1 Answers

1
votes

I just verified that ESP does send X-Endpoint-Api-Userinfo header to the backend Function.

Here is my backend code

cat hello.go 
// Package helloworld provides a set of Cloud Functions samples.
package helloworld

import (
        "encoding/json"
        "fmt"
        "html"
        "net/http"
)

// HelloHTTP is an HTTP Cloud Function with a request parameter.
func HelloHTTP(w http.ResponseWriter, r *http.Request) {
        for key, vals := range r.Header {
                for _, val := range vals {
                        resp := fmt.Sprintf("request-headers: %s=%s\n", key, val)
                        w.Write([]byte(resp))
                }
        }
        var d struct {
                Name string `json:"name"`
        }
        if err := json.NewDecoder(r.Body).Decode(&d); err != nil {
                fmt.Fprint(w, "Hello, World!")
                return
        }
        if d.Name == "" {
                fmt.Fprint(w, "Hello, World!")
                return
        }
        fmt.Fprintf(w, "Hello, %s!\n", html.EscapeString(d.Name))
}

Here is the headers from the backend

request-headers: X-Appengine-Country=ZZ
request-headers: X-Appengine-Default-Version-Hostname=gef3fd9f75048d933-tp.appspot.com
request-headers: X-Appengine-Request-Log-Id=5db8910800ff043c9b1b0b1d300001737e67656633666439663735303438643933332d7470000161313837383661623961353931326664363534373361386233343137366433633a33000100
request-headers: X-Endpoint-Api-Userinfo=deducted
request-headers: X-Forwarded-Proto=https
request-headers: X-Real-Ip=100.117.29.55
request-headers: Connection=close
request-headers: User-Agent=curl/7.64.0
request-headers: Accept=*/*
request-headers: Authorization=Bearer deducted
request-headers: Forwarded=for="100.117.29.55";proto=https,for="107.178.206.195";proto=https
request-headers: X-Appengine-Https=on
request-headers: X-Appengine-User-Ip=107.178.206.195
request-headers: X-Endpoint-Api-Project-Id=402804073044
request-headers: X-Forwarded-For=100.117.29.55, 100.117.29.55,107.178.206.195
request-headers: Accept-Encoding=gzip
request-headers: Function-Execution-Id=fea3ox4erxsd
request-headers: X-Cloud-Trace-Context=db9bb39b72286dd6282f5319a18f72c8/9278156698602755161;o=1