Hi,
I’m trying to get the Google Cloud Endpoints bookstore gRPC sample working with an auth0 authentication provider.
The only change that I’ve made to the api_config.yaml in the guide is to add the authentication stanza (apart from updating the service name of course).
authentication:
providers:
- id: auth0_jwk
issuer: https://myapp.auth0.com/
jwks_uri: "https://myapp.auth0.com/.well-known/jwks.json"
rules:
- selector: "*"
requirements:
- provider_id: auth0_jwk
I’ve acquired a bearer token from auth0 using the http interface:
curl --request POST \
--url https://myapp.auth0.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"...","client_secret":"...","audience":"myapp.endpoints.myapp-167610.cloud.goog","grant_type":"client_credentials"}'
which I’ve provided as an argument to the client script
python bookstore_client.py --host 35.187.160.23 --port 80 --auth_token $token
However, I only ever receive the following error when I try to call a protected api method:
grpc._channel._Rendezvous: <_Rendezvous of RPC that terminated with (StatusCode.UNAUTHENTICATED, JWT validation failed: Missing or invalid credentials)>
When I decode the auth token using jwt.io I see the following payload:
{
"iss": "https://myapp.auth0.com/",
"sub": "52KrE3Xvkfdsfsfsdfsdfsfdssl6HaQAOajO@clients",
"aud": "myapp.endpoints.myapp-167610.cloud.goog",
"exp": 1496173209,
"iat": 1496086809,
"scope": ""
}
However, I also get an Invalid Signature warning, even when putting the jwks x5c certificate chain in the RS256 certificate field.
Can anyone shed some light on what I’m doing wrong?
Thanks, Mark