Google App Engine Login required Flex

Question

I use Flex and Symfony I want to have a url behind authentication. I tried with

handlers:

- url: /.*
  script: app.php
  login: required
  secure: always

or

- url: /.*
  script: app.php
  login: admin

When I deploy my app, I can't login and i receive 403. How can I have an url for deployment behind auth? Thanks

Answer 1

The attempts you made are only applicable to the standard environment. Maybe useful: How to tell if a Google App Engine documentation page applies to the standard or the flexible environment

The login and secure configurations are deprecated in the flexible environment. From the app.yaml changes section of the Upgrading to the App Engine Flexible Environment Latest Release guide:

Authentication changes

You must also update the app.yaml file to remove or replace the other configuration setting that have been deprecated:

• Secure handlers

The secure setting under handlers is now deprecated for the App Engine flexible environment. If you need SSL redirection, you can update your application code and use the X-Forwarded-Proto header to redirect http traffic. You can also use the HTTP Strict Transport Security response header.

• Login handlers

The login setting under handlers is now deprecated for the App Engine flexible environment. You should follow the guidance for User service migration.

Also from Users section in the Migrating Services from the Standard Environment to the Flexible Environment guide (emphasis mine):

The Users service is not available outside of the standard environment. You can use any HTTP-based authentication mechanism in the flexible environment, such as:

• Google Identity Platform, which provides many options for authentication and authorization of Google user accounts.
• Firebase Authentication, which provides authentication using username/password and federated identity using Google, Facebook, Twitter, and more.
• Auth0, which provides authentication with various identity providers and single sign-on features.
• OAuth 2.0 and OpenID Connect which provide federated identity from the provider of your choice. Google is an OpenID Connect identity provider. There are also several other providers available.

Note that because the Users service is not available, it is not possible to use app.yaml to make URLs accessible only by administrators. You will need to handle this logic within your application.

You'll note that there is no mentioning of login/secure (or handlers for that matter) in the flexible environment app.yaml Configuration File doc.

So you need to take care of the authentication inside your app code instead.