How-to auth a React app onto GCP Healthcare API throught Auth0?

Hi !

I’m building an SPA React app.
My users are authenticated through Auth0 SPA mode.

The goal here is to store some users’ data using a GCP Healthcare API, on behalf of users.
The GCP Healthcare API offer 2 solutions for auth :

  • OAuth 2.0 (but, if I understand well, for Google accounts, not for my Auth0 accounts)
  • Service Accounts (allowing to craft a Bearer JWT)
    There isn’t any other “backend”.

How I could wire everything together ?
I’ve tried to add the GCP JWT to Auth0 hooks/flow/rules … but I didn’t succeed to get it in the React App :confused:
I don’t really understand how to achieve this purpose …

You’re going to need to roll your own backend. In general, the GCP Healthcare API is not intended to be called on the client side as there is no real role based access control of the system.

I suggest writing a Google Cloud Function (or GKE, App Engine app, or Cloud Run, or even Compute instance) in your preferred language and use the Auth0 library for whatever language you choose. Configure your client application appropriately to authenticate against your new backend instead of using the implicit/client credentials with PKCS flows. Then expose some HTTP endpoints that expose the data you want to expose.

1 Like

Thanks for sharing that with the rest of community!