Questions related to Google Cloud Identity Aware Proxy
Questions tagged [google-iap]
114 questions
1
vote
1 answer
Google Identity Aware Proxy for Two Different Backend Service using same domain
I have the a use case where I need to integrate two different service using a fanout ingress (different path). I decide to do so because both services is actually related so I don't want to separate the domain. Another reason is I don't want to use…
irvifa
- 1,181
- 1
- 10
- 15
1
vote
1 answer
Does OAuth always use the HTTP Authorization header?
Have an app running in GCP using App Engine and secured by IAP. To the best of my knowledge IAP uses OAuth, but when I open the app in the browser and inspect the outgoing XHR requests I don't see the HTTP Authorization header on any of them. There…
Dandan
- 489
- 2
- 9
1
vote
1 answer
IAP: Restrict access to admin allowing open access to public website
I have a web application with a www.domain.tld/admin namespace, which I want to have protected with Google IAP.
However, I don't want to restrict access to our public-facing website, at www.domain.tld.
Is there any strategy to leave access fully…
Guillermo
- 853
- 3
- 8
- 21
1
vote
2 answers
Google Identity-Aware-Proxy and Firewall Rules for Google Kubernetes Engine
I want to configure Google Identity Aware Proxy for an application running on Google Kubernetes Engine. To do that i added an Ingress to my Kubernetes Configuration so i get a Load-Balancer to configure as an identity-aware-proxy.
Now GCP shows me a…
Laures
- 4,917
- 11
- 45
- 68
1
vote
1 answer
Replacing Google Sign-In for Websites with Cloud Identity-Aware Proxy
There's an open feature request for Metabase to support IAP. I took a stab at it, and have a Clojure implementation of the steps detailed in Securing your app with signed headers (i.e. verify token header, verify token payload, retrieve user…
eddies
- 5,179
- 27
- 36
1
vote
1 answer
Google Idenity Aware Proxy Authenticate with API on SPA
I'm curious what is the "best practice" for authenticating against a restful-api that is protected by Google IAP.
Allow me to break it down step by step to elucidate what I am trying to achieve:
Go to my dev environment's url: dev.blah.com. Here, I…
Random Name
- 11
- 1
1
vote
4 answers
Identity Aware Proxy and App Engine Services, One Per Service?
Is it possible to put more fine-grained access control on AppEngine services using Google Cloud IAP (Identity Aware Proxy)?
I have two services A and B, I want some users to be able to access A, and I would like to provide a different list of users…
Randy L
- 13,549
- 12
- 41
- 72
1
vote
1 answer
Google Identity-Aware Proxy (IAP) timeout error
I host a PHP web app on google cloud and protect it with Identity-Aware Proxy (IAP).
Now, I'm running into the timeout issue because IAP doesn't seems to follow php session time.
Following is the phpinfo() for session timeout.
The app only last…
Mg Thar
- 1,044
- 7
- 20
1
vote
1 answer
Granting access to Google Cloud Console's Panel for Cloud Identity Aware Proxy
It seems only a project with Owner role can toggle IAP for resources listed at Cloud Platform Console IAP Panel. What role in IAM can grant a member user access to make edits in this console panel? Or are project Owners the only users who have edit…
Brian Noguchi
- 1,789
- 2
- 10
- 10
1
vote
1 answer
Gcloud CLI Identity-Aware Proxy management
Is it possible to manage Identity-Aware Proxy in Google App Engine Flexible, only by using gcloud CLI?
I need to have dynamic domains with different app versions (eq https://0-2-1-1-dot-myproject-prod.appspot.com/ or later…
Dzinek
- 750
- 5
- 16
0
votes
1 answer
Service to service requests on App Engine with IAP
I'm using Google App Engine to host a couple of services (a NextJS SSR service and a backend API built on Express). I've setup my dispatch.yaml file to route /api/* requests to my API service and all other requests get routed to the default (NextJS)…
Matt Bise
- 33
- 1
- 4
0
votes
0 answers
Is there a way to change resource authentication method to external via API?
Say I've added a new resource to protect with IAP, and a new tenant. I want to do this for each new client that I onboard, to use external identities, and allow them to control their own users. I can't be logging into the cloud console each time to…
0
votes
0 answers
How to protect Google Cloud Functions with Identity-Aware-Proxy
I'm having trouble protecting my Google Cloud Function with the Identity-Aware-Proxy.
I'm still getting the "You don't have access" screen after the OAuth Consent screen even though I've done all steps as I understood them from the documentation…
Simon Knittel
- 1,446
- 2
- 13
- 23
0
votes
0 answers
Is anything beyond a valid OAuth 2.0 token required to pass IAP authentication?
I am having difficulty connecting to an IAP-protected resource after upgrading to the latest version of Postman. When making a request with a valid token, I am redirected to either the AccountChooser page or the ServiceLogin page depending on…
0
votes
1 answer
How to access already authenticated user from web application behind Google Identity Aware Proxy?
I have a web application which sits behind Google's Identity Aware Proxy (IAP). IAP authenticates the user before forwarding to my web application. How can I access the already authenticated user from my web application?
In Getting the user's…
Edward J. Stembler
- 1,556
- 3
- 22
- 44