> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.
# Sécuriser Google Cloud Endpoints avec Auth0
> Comment sécuriser un API Google Cloud Endpoints avec Auth0.
export const AuthCodeGroup = ({children, dropdown}) => {
const [processedChildren, setProcessedChildren] = useState(children);
useEffect(() => {
let unsubscribe = null;
function init() {
unsubscribe = window.autorun(() => {
const processChildren = node => {
if (typeof node === "string") {
let processedNode = node;
for (const [key, value] of window.rootStore.variableStore.values.entries()) {
const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`);
processedNode = processedNode.replaceAll(new RegExp(escapedKey, "g"), value);
}
return processedNode;
} else if (Array.isArray(node)) {
return node.map(processChildren);
} else if (node && node.props && node.props.children) {
return {
...node,
props: {
...node.props,
children: processChildren(node.props.children)
}
};
}
return node;
};
setProcessedChildren(processChildren(children));
});
}
if (window.rootStore) {
init();
} else {
window.addEventListener("adu:storeReady", init);
}
return () => {
window.removeEventListener("adu:storeReady", init);
unsubscribe?.();
};
}, [children]);
return {processedChildren};
};
export const AuthCodeBlock = ({filename, icon, language, highlight, children}) => {
const [displayText, setDisplayText] = useState(children);
const [copyText, setCopyText] = useState(children);
const wrapperRef = React.useRef(null);
useEffect(() => {
let unsubscribe = null;
function init() {
if (!window.autorun || !window.rootStore) {
return;
}
unsubscribe = window.autorun(() => {
let processedChildrenForDisplay = children;
let processedChildrenForCopy = children;
for (const [key, value] of window.rootStore.variableStore.values.entries()) {
const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`);
let displayValue = value;
if (key === "{yourClientSecret}" && value !== "{yourClientSecret}") {
displayValue = value.substring(0, 3) + "*****MASKED*****";
}
processedChildrenForDisplay = processedChildrenForDisplay.replaceAll(new RegExp(escapedKey, "g"), displayValue);
processedChildrenForCopy = processedChildrenForCopy.replaceAll(new RegExp(escapedKey, "g"), value);
}
setDisplayText(processedChildrenForDisplay);
setCopyText(processedChildrenForCopy);
});
}
if (window.rootStore) {
init();
} else {
window.addEventListener("adu:storeReady", init);
}
return () => {
window.removeEventListener("adu:storeReady", init);
unsubscribe?.();
};
}, [children]);
useEffect(() => {
if (!wrapperRef.current) return;
const originalWriteText = navigator.clipboard.writeText.bind(navigator.clipboard);
let isOverriding = false;
const handleClick = e => {
const button = e.target.closest('[data-testid="copy-code-button"]');
if (!button || !wrapperRef.current.contains(button)) return;
isOverriding = true;
navigator.clipboard.writeText = text => {
if (isOverriding) {
isOverriding = false;
navigator.clipboard.writeText = originalWriteText;
return originalWriteText(copyText);
}
return originalWriteText(text);
};
setTimeout(() => {
if (isOverriding) {
isOverriding = false;
navigator.clipboard.writeText = originalWriteText;
}
}, 100);
};
const wrapper = wrapperRef.current;
wrapper.addEventListener('click', handleClick, true);
return () => {
wrapper.removeEventListener('click', handleClick, true);
if (navigator.clipboard.writeText !== originalWriteText) {
navigator.clipboard.writeText = originalWriteText;
}
};
}, [copyText]);
return
{displayText}
;
};
[Google Cloud Endpoints (GCE)](https://cloud.google.com/endpoints/) est un système de gestion d’API offrant des fonctionnalités pour vous aider à créer, maintenir et sécuriser vos API. GCE utilise [OpenAPI](https://www.openapis.org/) pour définir les points de terminaison, les entrées et les sorties, les erreurs et la description de la sécurité de votre API.
Pour plus d’informations sur la spécification OpenAPI, voir le référentiel de spécification [OpenAPI](https://github.com/OAI/OpenAPI-Specification) sur GitHub.
Ce tutoriel explique comment sécuriser Google Cloud Endpoints avec Auth0.
## Prérequis
Avant de commencer, vous aurez besoin d’une API GCE déployée. Si vous n’avez pas encore créé d’API, suivez le [Guide de démarrage rapide de Cloud Endpoints](https://cloud.google.com/endpoints/docs/quickstart-endpoints) qui se trouve dans la documentation de Google.
Le guide de démarrage rapide vous guidera à travers la création d’une API GCE simple avec un seul point de terminaison, `/airportName`, qui renvoie le nom d’un aéroport à partir de son [code IATA](https://en.wikipedia.org/wiki/IATA_airport_code) de trois lettres.
```bash cURL lines theme={null}
curl --request GET \
--url 'https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO'
```
```csharp C# lines theme={null}
var client = new RestClient("https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO");
var request = new RestRequest(Method.GET);
IRestResponse response = client.Execute(request);
```
```go Go lines theme={null}
package main
import (
"fmt"
"net/http"
"io/ioutil"
)
func main() {
url := "https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO"
req, _ := http.NewRequest("GET", url, nil)
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
```
```java Java lines theme={null}
HttpResponse response = Unirest.get("https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO")
.asString();
```
```javascript Node.JS lines theme={null}
var axios = require("axios").default;
var options = {
method: 'GET',
url: 'https://%7ByourGceProject%7D.appspot.com/airportName',
params: {iataCode: 'SFO'}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});
```
```objc Obj-C lines theme={null}
#import
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"GET"];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];
```
```php PHP lines theme={null}
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
```
```python Python lines theme={null}
import http.client
conn = http.client.HTTPSConnection("")
conn.request("GET", "%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO")
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
```
```ruby Ruby lines theme={null}
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Get.new(url)
response = http.request(request)
puts response.read_body
```
```swift Swift lines theme={null}
import Foundation
let request = NSMutableURLRequest(url: NSURL(string: "https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "GET"
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()
```
## Définir l’API dans Auth0
Allez dans [Tableau de bord Auth0 > Applications > API](https://manage.auth0.com/#/apis), et créez une nouvelle API.
Notez l’identifiant d’**audience de l’API** (`http://google_api`dans la capture d’écran ci-dessus) à utiliser à l’étape suivante.
## Mettre à jour la configuration de l’API
Ensuite, nous mettrons à jour le fichier de configuration OpenAPI pour l’API GCE. Pour l’exemple d’API créé lors du démarrage rapide, ce fichier est `openapi.yaml`.
### Ajouter des définitions de sécurité
Ouvrez le fichier de configuration et ajoutez une nouvelle section `securityDefinitions`. Dans cette section, ajoutez une nouvelle définition (`auth0_jwt`) avec les champs suivants :
| Champ | Description |
| -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `authorizationUrl` | L’URL d’autorisation, doit être définie sur `"https://{yourDomain}/authorize"` |
| `flow` | Le flux utilisé par le schéma de sécurité OAuth2. Les valeurs valides sont `"implicit"`, `"password"`, `"application"` ou `"accessCode"`. |
| `type` | Le type du schéma de sécurité. Les valeurs valides sont `"basic"`, `"apiKey"` ou `"oauth2"` |
| `x-google-issuer` | L’émetteur d’un identifiant, doit être défini sur `"https://{yourDomain}/"` |
| `x-google-jwks_uri` | L’URI de la clé publique définie pour valider la signature JSON Web Token (JWT). Définissez ceci sur `"https://{yourDomain}/.well-known/jwks.json"` |
| `x-google-audiences` | L’identifiant de l’API, assurez-vous que cette valeur correspond à ce que vous avez défini dans Auth0 Dashboard pour l’API. |
export const codeExample1 = `securityDefinitions:
auth0_jwt:
authorizationUrl: "https://{yourDomain}/authorize"
flow: "implicit"
type: "oauth2"
x-google-issuer: "https://{yourDomain}/"
x-google-jwks_uri: "https://{yourDomain}/.well-known/jwks.json"
x-google-audiences: "{yourApiIdentifier}"`;
### Mettre à jour le point de terminaison
Maintenant, mettez à jour le point de terminaison en ajoutant un champ `security` avec la section `securityDefinition` que nous avons créée à l’étape précédente.
```yaml lines theme={null}
paths:
"/airportName":
get:
description: "Get the airport name for a given IATA code."
operationId: "airportName"
parameters:
-
name: iataCode
in: query
required: true
type: string
responses:
200:
description: "Success."
schema:
type: string
400:
description: "The IATA code is invalid or missing."
security:
- auth0_jwt: []
```
Dans l’exemple ci-dessus, le champ `security` indique au proxy GCE que notre chemin `/airportName` s’attend à être sécurisé avec la définition `auth0-jwt`.
Après la mise à jour de la configuration OpenAPI, elle devrait ressembler à ceci :
export const codeExample2 = `---
swagger: "2.0"
info:
title: "Airport Codes"
description: "Get the name of an airport from its three-letter IATA code."
version: "1.0.0"
host: "{yourGceProject}.appspot.com"
schemes:
- "https"
paths:
"/airportName":
get:
description: "Get the airport name for a given IATA code."
operationId: "airportName"
parameters:
-
name: iataCode
in: query
required: true
type: string
responses:
200:
description: "Success."
schema:
type: string
400:
description: "The IATA code is invalid or missing."
security:
- auth0_jwt: []
securityDefinitions:
auth0_jwt:
authorizationUrl: "https://{yourDomain}/authorize"
flow: "implicit"
type: "oauth2"
x-google-issuer: "https://{yourDomain}/"
x-google-jwks_uri: "https://{yourDomain}/.well-known/jwks.json"
x-google-audiences: "{yourApiIdentifier}"`;
### Redéployer l’API
Ensuite, redéployez votre API GCE pour appliquer les changements de configuration. Si vous avez suivi le [Guide de démarrage rapide de Cloud Endpoints](https://cloud.google.com/endpoints/docs/quickstart-endpoints), vous pouvez redéployer l’API en saisissant les éléments suivants dans le Cloud Shell de Google :
```bash lines theme={null}
cd endpoints-quickstart/scripts
./deploy_api.sh
```
## Tester l’API
Une fois que vous avez redéployé l’API, appelez à nouveau l’API sans sécurité.
```bash cURL lines theme={null}
curl --request GET \
--url 'https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO'
```
```csharp C# lines theme={null}
var client = new RestClient("https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO");
var request = new RestRequest(Method.GET);
IRestResponse response = client.Execute(request);
```
```go Go lines theme={null}
package main
import (
"fmt"
"net/http"
"io/ioutil"
)
func main() {
url := "https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO"
req, _ := http.NewRequest("GET", url, nil)
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
```
```java Java lines theme={null}
HttpResponse response = Unirest.get("https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO")
.asString();
```
```javascript Node.JS lines theme={null}
var axios = require("axios").default;
var options = {
method: 'GET',
url: 'https://%7ByourGceProject%7D.appspot.com/airportName',
params: {iataCode: 'SFO'}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});
```
```objc Obj-C lines theme={null}
#import
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"GET"];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];
```
```php PHP lines theme={null}
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
```
```python Python lines theme={null}
import http.client
conn = http.client.HTTPSConnection("")
conn.request("GET", "%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO")
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
```
```ruby Ruby lines theme={null}
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Get.new(url)
response = http.request(request)
puts response.read_body
```
```swift Swift lines theme={null}
import Foundation
let request = NSMutableURLRequest(url: NSURL(string: "https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "GET"
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()
```
Vous obtiendrez la réponse suivante :
```json lines theme={null}
{
"code": 16,
"message": "JWT validation failed: Missing or invalid credentials",
"details": [
{
"@type": "type.googleapis.com/google.rpc.DebugInfo",
"stackEntries": [],
"detail": "auth"
}
]
}
```
Et c’est exactement ce que l’on veut!
Accédez maintenant à la page **Test** de la définition de votre API Google Endpoints sur le [Auth0 Dashboard](https://manage.auth0.com/#/apis) et copiez le jeton d’accès sous la réponse :
Effectuez une demande `GET` à votre API avec un en-tête d’autorisation du `Bearer {ACCESS_TOKEN}` pour obtenir un accès autorisé :
```bash cURL lines theme={null}
curl --request GET \
--url 'https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO' \
--header 'authorization: Bearer {accessToken}'
```
```csharp C# lines theme={null}
var client = new RestClient("https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO");
var request = new RestRequest(Method.GET);
request.AddHeader("authorization", "Bearer {accessToken}");
IRestResponse response = client.Execute(request);
```
```go Go lines theme={null}
package main
import (
"fmt"
"net/http"
"io/ioutil"
)
func main() {
url := "https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO"
req, _ := http.NewRequest("GET", url, nil)
req.Header.Add("authorization", "Bearer {accessToken}")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
```
```java Java lines theme={null}
HttpResponse response = Unirest.get("https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO")
.header("authorization", "Bearer {accessToken}")
.asString();
```
```javascript Node.JS lines theme={null}
var axios = require("axios").default;
var options = {
method: 'GET',
url: 'https://%7ByourGceProject%7D.appspot.com/airportName',
params: {iataCode: 'SFO'},
headers: {authorization: 'Bearer {accessToken}'}
};
axios.request(options).then(function (response) {
console.log(response.data);
}).catch(function (error) {
console.error(error);
});
```
```objc Obj-C lines theme={null}
#import
NSDictionary *headers = @{ @"authorization": @"Bearer {accessToken}" };
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
[request setHTTPMethod:@"GET"];
[request setAllHTTPHeaderFields:headers];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSLog(@"%@", httpResponse);
}
}];
[dataTask resume];
```
```php PHP lines theme={null}
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_HTTPHEADER => [
"authorization: Bearer {accessToken}"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}
```
```python Python lines theme={null}
import http.client
conn = http.client.HTTPSConnection("")
headers = { 'authorization': "Bearer {accessToken}" }
conn.request("GET", "%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO", headers=headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))
```
```ruby Ruby lines theme={null}
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Get.new(url)
request["authorization"] = 'Bearer {accessToken}'
response = http.request(request)
puts response.read_body
```
```swift Swift lines theme={null}
import Foundation
let headers = ["authorization": "Bearer {accessToken}"]
let request = NSMutableURLRequest(url: NSURL(string: "https://%7ByourGceProject%7D.appspot.com/airportName?iataCode=SFO")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "GET"
request.allHTTPHeaderFields = headers
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()
```
Et voilà!