5

I am trying to setup cloud IAP for an application hosted in the Google cloud.

Logging in to the application works well via the web, and you are redirected to the Google authentication page, and redirected back to the website, with a session token set as a cookie.

Authenticating via a non-web interface, following the guide on programmatic authentication, trying both the command line way described there, and using the iOS SDK. In both cases, login works as it should, and I receive an id_token from the login process. BUT when I make an request like follows:

curl --verbose --header 'Authorization: Bearer ID_TOKEN' https://an-app.appspot.com/api/user

I ALWAYS receive the following response:

There was a problem with your request. Error code 13

It does not matter what the ID_TOKEN in the request is, the response is always Error code 13. If I do not specify the Authorization header, I am redirected to Google's login page.

Is there any setting or configuration I am missing?

eddies
  • 5,179
  • 27
  • 36
Hampus Nilsson
  • 6,244
  • 22
  • 29

1 Answers1

1

TLDR;

The problem was a misconfiguration of the auth payload, in my case, it was the target audience that wasn't correct. Here's the appropriate format: 

const target_audience = "12345.apps.googleusercontent.com"; // this is the IAP client ID that can be obtained by clicking 3 dots -> Edit OAuth Client in IAP configuration page

Details

I had the same problem, that I resolved using a mix between this post: How to authenticate google cloud functions for access to secure app engine endpoints And this Gist: https://gist.github.com/plmrry/f78136bba68f810622bc2840497ef7e1

Mehdi Benmoha
  • 2,992
  • 3
  • 18
  • 37