I am trying to connect to an IAP secured service on Google AppEngine, and when I authenticate my service account, I get a 401 Unauthorized response from the server, and in the headers I get the x-goog-iap-generated-response header set to true. Does that mean that IAP authorized the communication and it's the server that is not allowing me to communicate with it or what ?
Asked
Active
Viewed 387 times
4
Mehdi Benmoha
- 2,992
- 3
- 18
- 37
1 Answers
5
The header is inserted whenever IAP itself generates a page. It is not inserted (at least, not by IAP: we don't stop applications from adding it! :>) when the application protected by IAP generates a page. It's intended for use in troubleshooting, e.g. distinguishing whether an error message or a redirect comes from IAP or the application. It can also be used in automation, e.g. if you have some scripting that wants to detect that an application redirected into an OAuth flow because of IAP (so that it can retry the request with added credentials.)
--Matthew, Google Cloud IAP engineering
Matthew Sachs
- 1,450
- 4
- 9
-
This is now documented here: https://cloud.google.com/iap/docs/special-urls-and-headers-howto#detecting_responses – Matthew Sachs Feb 01 '19 at 07:02