0

I am developing an application with Python which consumes resources from Google Cloud. I would like to automate the authentication process (right now what I have is the authentication via an API Key which allows me to consume the resources the service account has access to).

However, what I want is the user to authenticate via my application to his Google account and only consume from the resources the user has access to. For example, if I am showing data from BigQuery table and the user doesn't have access to it, then he won't be able to work with my application.

I don't have to generate an API key for each user or client, neither I want all the users to consume the same API Key. I would like to have each user authenticated in my application so that I can know which user did what.

Is there any way to do this automatically? Prompt a login interface and have access to the users's Google Cloud resources.

By the way, I am new to the Google Cloud world, so maybe there is some trivial solution but I don't know which is the right way.

I saw in the documentation a lot of ways authenticating but most of the require downloading a json configuration for my own Google Cloud account and I guess this won't work for other users from other organizations, and I don't want to generate a json for each possible user using my application).

Improve this question
5
  • When do you talk about a python application, is it a standalone application or a web application? In addition, does all the user have a Google account (gmail, Workspace,...)? Commented Apr 15, 2024 at 10:50
  • @guillaumeblaquiere I am talking about a web application which uses Google services such as BigQuery (the user's available tables), Speech Recognition, Cloud Storage, ... Also, the user must have a Google account and the Cloud Console configured (I don't know the work required to configure it, but I must be able to, given the user's credentials, be able to create a table in his BigQuery) Commented Apr 15, 2024 at 20:29
  • WHere are you hosting your website? If on Google Cloud, on which service? Do you have a frontend (static HTML/javacript) and a backend -> and this Backend call the Google Cloud APIs? Or do you try to perform a direct call from the frontend to Google Cloud APIs Commented Apr 16, 2024 at 5:14
  • @guillaumeblaquiere it's a simple Python dockerized application using Dash so I guess Cloud Run will be fine. It's just one application, backend + frontend in a same project using Dash. This python + dash application call the Google Cloud APIs Commented Apr 16, 2024 at 7:05
  • In that case, I recommend to use IAP with Cloud Run. A little bit cumbersome to set up (and you have to deploy, and pay for a Load Balancer) but it's a great and secure solution: cloud.google.com/iap/docs/enabling-cloud-run Commented Apr 16, 2024 at 8:36
Related questions
214
How can I verify a Google authentication API access token?
452
What's the difference between Cloud Firestore and the Firebase Realtime Database?
9
Authentication in Google Cloud Platform
Load 5 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.