A small class that helps with authentication and CORS for HTTP-triggered cloud functions written in Python and hosted on GCP.
Please note: This is not an officially supported Google product.
If you are using OAuth to authenticate to a Cloud Function written in Python and hosted on GCP, and your client is running in a browser, this is for you. If not, you probably won't find this useful.
- Responds correctly and configurably to the HTTP OPTIONS method used by browsers to do pre-flight checks as part of CORS
- Retrieves an OAuth2 token supplied in the
Authorization
HTTP header, validates it, and then fetches the information encoded by the token - Gives you back either a valid token, or a response to send back to the user in case a valid token can't be found
Install using pip:
python3 -m pip install --user gcloud-flask-oauth-cors
To use this package:
- Create an OAuth client ID.
- Pass the OAuth client ID as an environment variable to your cloud function.
Then, you can use the following:
import gcloud_flask_oauth_cors as oauth
def my_function_name(request):
auth = oauth.Auth(os.getenv("OAUTH_CLIENT_ID"))
id_info = auth.get_id_info(request)
if id_info is None:
# If we were called with the HTTP OPTIONS method, this will return the relevant CORS headers.
# If another HTTP method was used and we can't authenticate, this will return a 401 (Unauthorized)
return auth.get_response()
# Do something with the id_info, for example:
print(id_info["sub"])
On the client side, you can use Google Sign-in. Make sure you pass your id_token
in any requests like this:
let xhr = new XMLHttpRequest();
xhr.setRequestHeader('Authorization', `Bearer ${id_token}`);