Stack Overflow
Stack Overflow

Questions tagged [google-iap]

Questions related to Google Cloud Identity Aware Proxy

114 questions
9
votes
4 answers

IAP tunnel to VM

I’ve a question regarding Compute VM and its associated privileges. I have ‘Owner’ privileges at Project level. I created a VM but was not able to assign an external IP address to it. Upon referring to google cloud docs, it appears that I’ll still…
Shiva
  • 91
  • 1
  • 1
  • 2
9
votes
2 answers

Serve content from a Google Cloud Storage bucket using Identity-Aware Proxy (IAP)

I have some content in a GCS bucket: $ gsutil ls gs://my-bucket index.html I'd like to serve this behind OAuth using Identity-Aware Proxy (IAP). I'm following these instructions. I've created a load balancer and and "backend bucket" like so: On…
danvk
  • 13,227
  • 3
  • 51
  • 86
8
votes
3 answers

Programmatic access from a service account to a Google IAP protected resource denied with invalid signature error

I recently enabled IAP in GKE cluster. Cluster Version: 1.15.11-gke.11 I followed the instructions here: https://cloud.google.com/iap/docs/enabling-kubernetes-howto Service config is as follows: --- apiVersion: cloud.google.com/v1beta1 kind:…
Byungjoon Lee
  • 890
  • 5
  • 16
6
votes
1 answer

Enable CORS with Google IAP

I'm are trying make an ajax call to my web api server from a third party JavaScript integration. However after enabling IAP on my API server, I'm unable to make the calls to my web apis from my integration server. I have added my integration server…
Feroz Shaikh
  • 61
  • 2
6
votes
1 answer

IAP Signed Headers & AppEngine Standard Python 3.7 Runtime

Is it necessary to validate signed headers from IAP in the AppEngine Standard Python 3.7 runtime? The IAP documentation is silent on specifics for the Python 3.7 runtime. The IAP documentation says: AppEngine Standard should use the Users…
rxs-bjw
  • 111
  • 7
6
votes
1 answer

Cookie or header to send own API to prevent Google Cloud Identity Aware Proxy (IAP) 302?

I have setup Cloud IAP on a development environment (spun up with Kubernetes and using Let's Encrypt) and everything is working fine. The setup is pretty basic for this app: 1) An API that has a number of REST endpoints and a persistent data store,…
Cameron
  • 1,421
  • 10
  • 20
5
votes
1 answer

Google Cloud IAP, authorisation with bearer token gives error code 13 and app engine instance is never reached

I am trying to setup cloud IAP for an application hosted in the Google cloud. Logging in to the application works well via the web, and you are redirected to the Google authentication page, and redirected back to the website, with a session token…
Hampus Nilsson
  • 6,244
  • 22
  • 29
5
votes
1 answer

How can I access an IAP protected resource using Python?

How can I access an IAP protected resource using Python? More specifically I'd like to generate the Bearer token needed in the Authorization header to make calls to the IAP protected resource. I have created a service account, given it "IAP-Secured…
Ztyx
  • 11,411
  • 11
  • 66
  • 105
4
votes
1 answer

What does the x-goog-iap-generated-response header mean?

I am trying to connect to an IAP secured service on Google AppEngine, and when I authenticate my service account, I get a 401 Unauthorized response from the server, and in the headers I get the x-goog-iap-generated-response header set to true. Does…
Mehdi Benmoha
  • 2,992
  • 3
  • 18
  • 37
4
votes
2 answers

How to authenticate programmatically to a Cloud Identity-Aware Proxy (Cloud IAP)-secured resource using user default credentials?

I would like to be able to programmatically generate an id token for iap using the user default credential on a dev environment (i.e. my own laptop with google cloud sdk installed and logged in). When following the documentation, I managed to…
Baptiste Desbiolles
  • 41
  • 1
  • 5
4
votes
0 answers

programatically enable IAP (Identity Aware Proxy) for google cloud

I'm trying to work out a way to programatically enable the IAP (Identity Aware Proxy) for our apps on GKE (Google Kubernetes Engine). In order to do this I first have to create an "OAuth 2.0 client ID". Using developer tools I was able to get this…
Andrew Holway
  • 137
  • 1
  • 9
3
votes
2 answers

Unable to enable CORS requests to a Google App Engine IAP

Signing in users with external identities from Safari and Brave is not working. The workaround for Safari is to disable Prevent cross-site tracking in the setting menu. There is another option using gcloud iap settings set as explained in…
Shi nik
  • 31
  • 1
3
votes
2 answers

Is it possible to provide a public access for a specific endpoint for a service under Identity aware proxy?

I have a service in Google Cloud App engine, which is behind IAP. It is accessible only to users within my organisation. I need to make a few endpoints of this service accessible for all users. Is it possible to achieve? I have found an instruction,…
Pavel Botsman
  • 596
  • 1
  • 5
  • 18
3
votes
2 answers

Connection to Compute Engine with No External IP Possible?

I am not sure if is a strange behavior of Google Compute Engine. I have a VM without External IP. Now, where I click the ssh button I can still connect to it and I see the log: External IP address was not found; defaulting to using IAP…
toto'
  • 892
  • 1
  • 9
  • 22
3
votes
3 answers

Can you use IAP to log in to Firebase?

I have an angular app that is protected with Identity Aware Proxy (IAP). I am trying to add Firebase to this app in order to use firestore for a component using AngularFire. I don't want to make the user log in twice, so I thought about using IAP to…
Andy
  • 352
  • 1
  • 14
1
2 3 4 5 6 7 8