How to authenticate/authorize cloud functions from Jfrog Artifactory webhooks

anonymous · April 11, 2022, 10:06am

Hello Team - I have a function app which is hosted in my GCP project with authentication turned on.

This app will be triggered from Jfrog artifactory event based webhook.

The issue I face here is to authenticate/authorize the HTTP request. I tried using “Authorization: bearer ” header, which works good. But that token seems to expire after 60 minutes.

Q: Is there a permanent way to authorize/authenticate the HTTP requests ? There isn’t any custom options available in Artifactory except adding additional headers. I am finding it hard to get a solution from GCP documentation. I do have the service account created with “roles/cloudfunctions.invoker” role.

Reference about Jfrog artifactory webhooks: https://www.jfrog.com/confluence/display/JFROG/Webhooks

ghayas_muhammad · April 14, 2022, 2:00pm

The solution downgrade the security level from a short lived token (1h) to long lived token (no limit). But you can use API Gateway to ensure the API Key check and query forward.

A much simpler pattern is to remove the authentication check on Cloud Functions (and make it public) and to perform that API key (in fact a random string comparison) in your functions itself.

Topic		Replies	Views
Webhook to Google Cloud Functions or Pub/Sub AppSheet Q&A admin	1	4	September 2, 2020
Firebase/google cloud functions, APIGee and api key auth Apigee api-runtime	4	16	April 17, 2019
Is there a way to authenticate webhooks? Apigee apigee-general	0	1	February 4, 2019

How to authenticate/authorize cloud functions from Jfrog Artifactory webhooks

AI Suggested topics