esp-v2 icon indicating copy to clipboard operation
esp-v2 copied to clipboard
verified publisher icon GoogleCloudPlatform

Feature request: ability to configure rate limiting (quotas) when using custom authentication

Open botsman opened this issue 5 years ago • 6 comments

First of all, thanks for your work and for that product!

I am not sure if it is some limitation from GCP or it was just implemented that way.

We are using ESPv2 with Cloud Endpoints on App Engine. In order to authenticate our users we use custom authentication (https://cloud.google.com/endpoints/docs/openapi/authenticating-users-custom). Thus, we are able to identify client application which is calling our API.

It would be very handy for us to be able to specify quotas based on such client application.

Thanks!

botsman avatar Nov 05 '20 09:11 botsman

Hi @botsman,

JFYI, ESPv2 only has quota limit mechanism based on API key, which is used to get your identity(project) and do rate limiting. As you said, it would be limited to customs based on GCP project.

We don't support quota based on authn right now and though I agree it would be great to have, I don't think we will have plan for this.

TAOXUY avatar Nov 05 '20 17:11 TAOXUY

+1 to the response above. In general, Google APIs prefer to use API keys to identify the client application and ID tokens to identify the user. While you can use ID tokens to identify the client application, it doesn't fit in with Google's architecture. Reference: https://cloud.google.com/endpoints/docs/openapi/when-why-api-key

nareddyt avatar Nov 05 '20 17:11 nareddyt

@nareddyt @TAOXUY thanks for your responses! we are using ESPv2 for exposing API to client applications outside GCP, so we prefer to use JWT.

any ideas how we would organize quota limits in this case? is it smart to customize ESPv2 or would you implement this on the application level?

fed239 avatar Nov 05 '20 17:11 fed239

We heard you and many other users. It will be very useful that ESPv2 can support per-user quota. Actually, our Google backend already supports it, ESPv2 team just needs to hook it up. We just need to find resource to work on it.

qiwzhang avatar Nov 05 '20 18:11 qiwzhang

Thank you for the responses, guys!

Do you think it is possible for us to try to fork this repo and try to implement quotas as described above? If we succeed, then we could contribute.

botsman avatar Nov 05 '20 19:11 botsman

This feature needs to integrate with our internal Quota backend, it will be hard for an outsider to implement it.

qiwzhang avatar Nov 05 '20 21:11 qiwzhang