Authentication¶
Preview
This feature is not subject to our service terms. Pre-GA features are available as is and might have limited support.
Authenticate with Pub/Sub¶
To authenticate with Cloud Pub/Sub, your application will use the Application Account of its repository. See Custom Google Service Account.
The simplest way is to use the JSON key file of your Application Account.
- https://cloud.google.com/pubsub/docs/authentication
- https://cloud.google.com/docs/authentication/application-default-credentials
Depending on the hosting of your application, you may also have the option to use Workload Identity Federation.
- AWS
- Microsoft Entra ID
- GitHub
- GitLab
- Kubernetes clusters
- Okta
- On-premises Active Directory Federation Services (AD FS)
- Terraform
Learn more:
- https://cloud.google.com/iam/docs/workload-identity-federation
- https://cloud.google.com/iam/docs/workload-identity-federation-with-other-clouds
Verify pushed messages¶
If your application uses a push subscription for the delivery of messages from Modigie, it should verify the authenticity of the incoming requests.
All messages that the repository pushes to your application are signed with the Application Account. See Custom Google Service Account.
Learn how to verify a JSON Web Token (JWT): https://cloud.google.com/pubsub/docs/authenticate-push-subscriptions