Authenticate using GCP Authenticator

This topic describes the GCP Authenticator API.

Use the GCP Authenticator API to send an authentication request from a Google Cloud service to Conjur.

For more information about GCP authentication, see GCP Authenticator.

URI

  
POST https://{Conjur-server-hostname}/authn-gcp/{account}/authenticate

URI Parameters

account

The organization's account name

Request

Header

 
Accept-Encoding: base64
Content-Type: application/x-www-form-urlencoded
 

To encode the access token, you need to include base64 as the encoding format in the Accept-Encoding header. If base64 is not included in the header, a raw token is returned using application/json as the content type.

Body

The body must include the Google JWT identity token for the Google Cloud service, for example:

jwt=eyJhbGciOiJSUzI1NiIs......uTonCA

Example REST request

  
curl -k --request POST 'https://example.com/authn-gcp/myorg/authenticate' --header 'Content-Type: application/x-www-form-urlencoded' --header "Accept-Encoding: base64" --data-urlencode 'jwt=eyJ0e......jjjkl'

Response

Code

Description

200

The response body is the access token

401

The request lacks valid authentication credentials

Response 200 example

Header

  
Content-Encoding: base64
Content-Type: text/plain

Body

Returns a base 64 access token of the application on the Google Cloud service whose Google token is provided in the input:

  
eyJwcm90ZWN0ZWQiOiJleUpoYkdjaU9pSmpiMjVxZFhJdWIzSm5MM05zYjNOcGJHOHZkaklpTENKcmFXUWlPaUkyTXpka05HWTFZMlU1WVdJd05ESTVOR0ZpWkRNNFptTmhPV00zWW1Nek5qWTVaak16TWprNU5UUXdZamhsTm1ZeU5tRTBNVGM1T0RFeE1HSm1aRGcwSW4wPSIsInBheWxvYWQiOiJleUp6ZFdJaU9pSmhaRzFwYmlJc0ltbGhkQ0k2TVRVNU9EYzJPVFUwTUgwPSIsInNpZ25hdHVyZSI6Ik5ya25FQTc2MnoweC1GVmRRakZHZVRUbkJzeXFBdlBHSWEyZUxZV3IyYVVGZDU5dHk0aGMxSlRsVGptdmpGNWNtVDNMUnFGbDhYYzNwMDhabEhjbVc0cTdiVnFtM21odmZEdVNVaE13RzhKUk4yRFZQVHZKbkFiT1NPX0JGdWhKdmk2OGJEVGxZSFFmUF81WHY1VWtuWHlLUDR2dGNoSjloMHJuVXN0T0F1YWlkM0RyQW5RV1c2dDRaMzRQajJhT2JrTkZ1TlMxNDBsamNwZ1A1dHdfU19ISzB6d1dlSXF4cjh6eUpTbk5aNjJ1WlhZV25zU051WGZtSWdtVVo2cTJFeVZWWUJ1Zk5SZTNVUmFkU09OYjRIcnFyX21UaGctWHUzMjA2N1h3QmNWZ3lWQ0JrcWtybktuRW1vRzlMRWs2ZjdNQVpDX1BXZnA4NXQ1VFFhVm1iZFlqT2lDTW9GMFoxYkhyZGN2MC1LRnpNRGxHa0pCS1Jxb0xYYkFGakhjMCJ9

For more information about using the access token, see Authenticate.

Troubleshooting the GCP Authenticator API

This section lists issues that may arise and recommended solutions:

Issue: The following error appears in the logs:

 

Authentication Error: #<NoMethodError: undefined method `<some_method>' for #<String:0x0000560784713130>>

Possible solution:

Run the request again without the host ID in the URL. The host ID is concluded by the token provided to the request.