I am trying to setup cloud IAP for an application hosted in the Google cloud.
Logging in to the application works well via the web, and you are redirected to the Google authentication page, and redirected back to the website, with a session token set as a cookie.
Authenticating via a non-web interface, following the guide on programmatic authentication, trying both the command line way described there, and using the iOS SDK. In both cases, login works as it should, and I receive an id_token from the login process. BUT when I make an request like follows:
curl --verbose --header 'Authorization: Bearer ID_TOKEN' https://an-app.appspot.com/api/user
I ALWAYS receive the following response:
There was a problem with your request. Error code 13
It does not matter what the ID_TOKEN in the request is, the response is always Error code 13. If I do not specify the Authorization header, I am redirected to Google's login page.
Is there any setting or configuration I am missing?