This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Allowing third party access to an IAP secured Google App Engine with OAuthV2

Posted on 06-16-2023 05:45 AM
JipRGiga
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

We are hosting a Google App Engine with a Python Flask project to run our platform. This is secured using IAP, so employees register their work e-mail as a Google account and are appointed the IAP Secured Web App user role to access our platform.

Now however we want to open certain routes of our platform to a third-party. They want to use OAuthV2 to access certain routes and send requests to our server. Following this tutorial: https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_a_desktop_app I have manged to make an additional OAuth Crendential set that the thrid party can use.

However step 4 of the tutorial mentions the id_token to use in the header of the request. Using that header does indeed work, however if I understand OAuthV2 correctly you are supposed to use the access_token rather than your id_token to make an authenticated request to the server. Can somebody help me out how I can use the access_token rather than the id_token to make the authenticated request?

2 1 354
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
siegfredv
Staff
Reply posted on --/--/---- --:-- AM

There is already a submitted feature request for this. You can add your vote to the issue, so the Identity Aware Proxy engineering team would know how many users are impacted.

However, I cannot guarantee this feature’s implementation or give you an ETA as to when it would be developed and released. 

You can check this issue tracker link for updates

Top Labels in this Space