Questions related to Google Cloud Identity Aware Proxy
Questions tagged [google-iap]
114 questions
1
vote
1 answer
Enable IAP on Ingress
I've follow the documentation about how to enable IAP on GKE.
I've:
configured the consent screen
Create OAuth credentials
Add the universal redirect URL
Add myself as IAP-secured Web App User
And write my deployment like this:
data:
client_id:…
![](../../users/profiles/532297.webp)
Djabx
- 385
- 3
- 14
1
vote
2 answers
Using Google IAP through custom domain on App Engine
Enabling a custom domain on an App Engine service is now a breeze, so is enabling IAP (Google Identity-Aware Proxy) But, I can't figure out how to get IAP and my custom domain to work together!
both https://myservice-dot-myapplication.appspot.com…
![](../../users/profiles/7206500.webp)
Clorichel
- 1,470
- 1
- 9
- 20
1
vote
2 answers
Access Google IAP protected API from Angular
My application has 2 modules
Spring boot back-end API
Angular front-end (SPA application)
Both were deployed in Google app engine (GAE).
I used Google IAP for authentication. After enabling the IAP is there any way to generate the IAP JWT token…
![](../../users/profiles/3103802.webp)
Saveendra Ekanayake
- 2,599
- 5
- 28
- 39
1
vote
1 answer
Using Salesforce Named Credentials Against Google IAP
Goal
I have built a REST API that is running on Google App Engine, protected by Google Cloud IAP (Identity Aware Proxy). My goal is to use a Service Account to make requests to this API from Salesforce (using the External Services…
![](../../users/profiles/603357.webp)
Adam Sherman
- 119
- 9
1
vote
1 answer
Authenticating Against an IAP Protected Resource with Bearer Header?
Is it possible to use an Authorization: Bearer … header to make a request through Identity Aware Proxy to my protected application? (Using a service account, of course. From outside GCP.)
I would like to not perform the OIDC token exchange, is this…
![](../../users/profiles/603357.webp)
Adam Sherman
- 119
- 9
1
vote
1 answer
Can I restrict access to specific Google Cloud IAP backends?
I'm protecting a number of backend services using Cloud IAP.
When a project member wants access to these services, I give them the IAP-secured Web App User permission and they then have access to all IAP protected backends.
Other than checking the…
![](../../users/profiles/198825.webp)
noamt
- 6,006
- 2
- 33
- 50
1
vote
2 answers
Using nested authentication with Google IAP
I deployed a 3rd party webapp which uses basic authentication for access on Google Cloud Run. I additionally wanted to protect the endpoint by allowing only Google-authenticated users of the organization access. Both these methods use the…
![](../../users/profiles/3206815.webp)
user3206815
- 11
- 1
1
vote
0 answers
Access IAP secured resource from JS using XHR requests?
I am trying to access Google APP engine which is secured using Google Cloud IAP(Identity Aware Proxy). I am able to access the resource using postman as well as any backend service like (Node or Python) by using the identity token. But as soon as I…
![](../../users/profiles/10406344.webp)
Sanket Tantia
- 9
- 3
1
vote
1 answer
Can you force SSH in browser to tunnel through IAP for instances with an external IP?
I have some compute engine instances with external IPs that have firewall rules blocking SSH. These instances also have internal IPs, that have firewall rules whitelisting SSH for the IAP netblock (although the IAP help in the console incorrectly…
![](../../users/profiles/1058558.webp)
jon_wu
- 883
- 7
- 21
1
vote
2 answers
GCP Cloud IAP OAuth2: Expected JWT to have 3 parts separated by a '.' but there are 2 parts
I've secured a Google App Engine Application behind Cloud IAP - the endpoint now requires Google Sign-in via the browser as expected and works fine once I've added the right permissions. However, when I try to use Postman / MS PowerApps OAuth2…
![](../../users/profiles/4803750.webp)
James Watkinson
- 11
- 1
1
vote
1 answer
Google Cloud Identity Aware Proxy (IAP) logout does not work in other tabs
When I logout the user in my application with Google IAP authentication by visiting the /_gcp_iap/clear_login_cookie the user is prompted to the Google account selection page, but if I open a new tab and visit my website, the user is still logged…
![](../../users/profiles/1419221.webp)
Gianclè Monna
- 385
- 1
- 4
- 12
1
vote
2 answers
Server Error on Enabling IAP - Am I Missing Something?
Whenever I try and enable IAP on a GKE Ingress via the console, I get the following error message:
Invalid value for field 'resource.iap.oauth2ClientSecret': ''. IAP
OAuth2 client secret must be set if IAP is enabled.
Does anyone know what…
![](../../users/profiles/11222235.webp)
Sam Gardner
- 31
- 3
1
vote
1 answer
Deleted oAuth client ID by mistake, how to re-enable IAP
I was playing around with IAP and somehow deleted its oAuth Client ID (IAP-App-Engine-app) which it created during IAP setup for App Engine.
Now, I am not able to use IAP. It is giving following error while enabling IAP on App Engine:
Failed to…
![](../../users/profiles/11069628.webp)
Bikram Sisodia
- 23
- 3
1
vote
1 answer
How do I use Google IAP for authenticating to JupyterHub?
I have Google's Identity-Aware Proxy configured for my JupyterHub application, and would like to use it to authenticate my users. How do I accomplish this?
![](../../users/profiles/1069833.webp)
FrozenFire
- 873
- 1
- 6
- 15
1
vote
1 answer
Google IAP keeps responding with 401 Unauthorized
Context:
I have two projects that are secured with IAP, and they need to communicate through rest API. I am using AppEngine standard in both side, with python27 as a runtime.
Problem:
Even though I authorized the service account in the destination…
![](../../users/profiles/2511384.webp)
Mehdi Benmoha
- 2,992
- 3
- 18
- 37