I’m trying to provide path-based access to a Google Cloud API and I’m trying to work out if this is doable in Tyk Cloud.
- The user will authenticate through Tyk using an Oauth token, that will be checked against an Auth0 provider.
- If they are authenticated, I need to check if they have access to the current resource before proceeding, by some kind of callback to our own API (??)
- Then pass them through to the Google Cloud API using a service account and JWT, which returns the resource.
Item 1 seems easy enough and is documented at Worked Example - API with OpenIDC Using Auth0.
Item 2 seems achievable with:
- a custom plugin, however I can’t tell how or if these will run on Tyk Cloud? The documentation is thin.
- a Tyk IDP?
Item 3 requires storing a JWT in Tyk to pass to Google, but I cant find anything on this topic.
Unfortunately, the third-party components we are using are not particularly well documented, so I can’t work out whether I’m trying to do stuff that isn’t possible, the architecture is wrong, or I just can’t find what I’m looking for.
Any help or advice appreciated.