Authentication of Tracker event streams

Is there a way to setup http basic authentication(using clientid/secret) or JWT token based authentication
i need it because my collector is on GCP behind IAP layer

If your IAP is in front of your collector then you can perform authentication at this step and then if successfully authenticated against the secured resource (collector) the end user can then send requests to this endpoint.

how can we perform at this step, can we send JWT token with events through emitter or any other way

You can send a JWT token - I don’t think I’d suggest this depending on what you are trying to achieve. IAP should be managing access to the collector - so the user will only be able to access the collector if they are logged in, so no need to send a JWT.

thanks mike suppose we are using android tracker on our app so how they can get access of collector IAP

Hey @Jitender_Attri generally speaking the Tracker sends data directly to the Collector - this is unauthenticated and there is no ability to add authentication in the middle here.

The Trackers have no way currently of sending any auth headers / payloads to the Collector either so even if you could implement a proxy upstream of the Collector to handle auth and then forward the event on this might not work.

Brief reading on IAP seems to indicate that once you are logged in in the browser this might work transparently without needing any updates to the Javascript Tracker but for other platforms this might not work.

Could you elaborate on your use-case here and why the Collector needs to be behind an IAP?

1 Like

@josh , If we do not have an auth mechanism then the collector will not have any protection. Data from all sources will come to this.