GCP Authenticator

This topic describes the GCP Authenticator API.

Use the GCP Authenticator API to send an authentication request from a Google Cloud service to Conjur.

For more information about GCP authentication, see GCP Authenticator.

URI

  
POST https://{Conjur-server-hostname}/authn-gcp/{account}/authenticate

URI Parameters

account

The organization's account name

Request

Header

 
Accept-Encoding: base64
Content-Type: application/x-www-form-urlencoded
 

To encode the access token, you need to include base64 as the encoding format in the Accept-Encoding header. If base64 is not included in the header, a raw token is returned using application/json as the content type.

Body

The body must include the Google JWT identity token for the Google Cloud service, for example:

jwt=eyJhbGciOiJSUzI1NiIs......uTonCA

Example REST request

  
curl -k --request POST 'https://example.com/authn-gcp/myorg/authenticate' --header 'Content-Type: application/x-www-form-urlencoded' --header "Accept-Encoding: base64" --data-urlencode 'jwt=eyJ0e......jjjkl'

Response

Code

Description

200

The response body is the access token

401

The request lacks valid authentication credentials

Response 200 example

Header

  
Content-Encoding: base64
Content-Type: text/plain

Body

Returns a base 64 access token of the application on the Google Cloud service whose Google token is provided in the input:

  
eyJwcm90ZWN0ZWQiOiJleUpoYkdjaU9pSmpiMjVxZFhJdWIzSm5MM05zYjNOcGJHOHZkaklpTENKcmFXUWlPaUkyTXpka05HWTFZMlU1WVdJd05ESTVOR0ZpWkRNNFptTmhPV00zWW1Nek5qWTVaak16TWprNU5UUXdZamhsTm1ZeU5tRTBNVGM1T0RFeE1HSm1aRGcwSW4wPSIsInBheWxvYWQiOiJleUp6ZFdJaU9pSmhaRzFwYmlJc0ltbGhkQ0k2TVRVNU9EYzJPVFUwTUgwPSIsInNpZ25hdHVyZSI6Ik5ya25FQTc2MnoweC1GVmRRakZHZVRUbkJzeXFBdlBHSWEyZUxZV3IyYVVGZDU5dHk0aGMxSlRsVGptdmpGNWNtVDNMUnFGbDhYYzNwMDhabEhjbVc0cTdiVnFtM21odmZEdVNVaE13RzhKUk4yRFZQVHZKbkFiT1NPX0JGdWhKdmk2OGJEVGxZSFFmUF81WHY1VWtuWHlLUDR2dGNoSjloMHJuVXN0T0F1YWlkM0RyQW5RV1c2dDRaMzRQajJhT2JrTkZ1TlMxNDBsamNwZ1A1dHdfU19ISzB6d1dlSXF4cjh6eUpTbk5aNjJ1WlhZV25zU051WGZtSWdtVVo2cTJFeVZWWUJ1Zk5SZTNVUmFkU09OYjRIcnFyX21UaGctWHUzMjA2N1h3QmNWZ3lWQ0JrcWtybktuRW1vRzlMRWs2ZjdNQVpDX1BXZnA4NXQ1VFFhVm1iZFlqT2lDTW9GMFoxYkhyZGN2MC1LRnpNRGxHa0pCS1Jxb0xYYkFGakhjMCJ9

For more information about using the access token, see How to use the access token.

Troubleshooting the GCP Authenticator API

This section lists issues that may arise and recommended solutions:

Issue: The following error appears in the logs:

 

Authentication Error: #<NoMethodError: undefined method `<some_method>' for #<String:0x0000560784713130>>

Possible solution:

Run the request again without the host ID in the URL. The host ID is concluded by the token provided to the request.