hands-on lab
Securing an API with Google Cloud API Gateway and OAuth 2.0
Difficulty: Intermediate
Duration: Up to 1 hour
Students: 261
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Description
In this lab, you will be securing access to an API with API Gateway and OAuth 2.0. The API is written in Python and you will deploy it using App Engine. Having API Gateway in front of your API provides several benefits, such as:
-
Centralized management of your APIs,
-
Monitoring and logging, and
- Centralized security, which is the focus of this lab.
OAuth 2.0 is an industry-standard protocol for authorization and is integrated with Google services, including as API Gateway. API Gateway support the OpenAPI definition format for API configuration. You will be using the OpenAPI definition to configure the API Gateway including a security definition using OAuth 2.0. To test the OAuth security mechanism, a simple JavaScript client application is used to authenticate with Google and securely request access to the protected API resource.
Learning Objectives
Upon completion of this lab you will be able to:
- Deploy API Gateway in front of your APIs
- Use OpenAPI to configure API Gateway
- Use OAuth 2.0 to secure your APIs
- Explain the basic concepts of OAuth 2.0
Intended Audience
This lab is intended for:
- Software Developers
- API Developers
- Security Engineers
Prerequisites
You should possess:
- A basic understanding of Python
- A basic understanding of JSON or YAML format is helpful but not required
Updates
June 13th, 2024 - Resolved IAM permission issue
April 27th, 2024 - Lab topic refactored to focus on OAuth 2.0 and API Gateway as the comparison with Cloud Endpoints became less relevant as the Cloud Endpoints Framework supports only deprecated runtimes (Python 2.7 and Java 8)
December 6th, 2023 - Addressed user ban issue and promptly added a warning
August 26th, 2022 - Resolved an issue causing the test application to not enable the sign in button
May 26th, 2022 - Correct error within VM instance
Environment before
Environment after
Covered topics
Lab steps
Signing In to the Google Cloud Console
Creating an OAuth Client Application for Google Authentication
Deploying the API to App Engine
Creating API Config and API Gateway
Testing API Gateway Output