Auth0 JWT having issues with google cloud function

My project requires HIPAA compliance, so I chose Auth0 as it is HIPAA compliant for authentication.
The backend is firebase and their auth is not HIPAA compliant, however database and storage are.
I managed to use Auth0 JWT to create firebase custom tokens then I send back to the client so they login with firebase custom token.
It is working perfectly on localhost endpoint.

Once, I deploy the endpoint as google cloud function(HTTP triggered function), I am having 401 error, unauthorized.
This error only happens when I use authenticated user option, however, once I make the function public (Unauthenticated allowed), it works flawlessly.

Here is my question:
Is the cloud function (API) inherently protected by the fact I am using the middleware
(express-oauth2-jwt-bearer) to verify the tokens?

code snippet:

If protected then I keep the cloud function url public so everything works fine.

If this is not the best practice, then how to get google cloud to accept my Auth0 JWT to trigger the function?

I did use API gateway Authentication Auth0 protocol based on google documentation, but no luck.
May be I am missing something.

thank you
Rabee

I found the answer! :smiley:

google api gateway will verify Auth0 token for you, then it will forward (x-apigateway-api-userinfo) for your endpoint function/server.
This header is base64url encoded and contains the JWT payload. You have to decode and extract email or userId, sub, sid…etc from it and then one element like an email or sid # can be used to produce a custom token by firebase.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.