So we're building a RESTful service on google cloud running on GCE instances. This service is going to be consumed internally, i.e. web servers. I'm thinking about securing this service using Oauth.
Instead of maintaining our own database of consumer key/secrets tho, is it possible to leverage on what Google authentication already provide? So I'm envisioning the following:
- Web server authenticate with Google using service account and get some access token in response
- Web server makes request to Rest service with this access token
- Rest service validate this access token with Google, only return valid response if access token is validated
I couldn't find anything like this in Google cloud documentation, thought I throw it out here and see if SO knows better :)
Thanks!