google-iap

Using Salesforce Named Credentials Against Google IAP

徘徊边缘 提交于 2020-03-21 05:48:17
问题 Goal I have built a REST API that is running on Google App Engine, protected by Google Cloud IAP (Identity Aware Proxy). My goal is to use a Service Account to make requests to this API from Salesforce (using the External Services feature). Context Thanks to a previous question, I understand that I will need to use JWT Token Exchange for this flow to request an OIDC token. So the next step is understanding how to fill out Salesforce's Named Credentials definition: The properties of a Named

Authenticating Against an IAP Protected Resource with Bearer Header?

久未见 提交于 2020-02-29 10:10:37
问题 Is it possible to use an Authorization: Bearer … header to make a request through Identity Aware Proxy to my protected application? (Using a service account, of course. From outside GCP.) I would like to not perform the OIDC token exchange, is this supported? If so, does anyone have any examples? So far, I have the following but it doesn't work: iat = time.time() exp = iat + 3600 payload = {'iss': account['client_email'], 'sub': account['client_email'], 'aud': '/projects/NNNNN/apps/XXXXXXX',

Authenticating Against an IAP Protected Resource with Bearer Header?

梦想与她 提交于 2020-02-29 10:09:37
问题 Is it possible to use an Authorization: Bearer … header to make a request through Identity Aware Proxy to my protected application? (Using a service account, of course. From outside GCP.) I would like to not perform the OIDC token exchange, is this supported? If so, does anyone have any examples? So far, I have the following but it doesn't work: iat = time.time() exp = iat + 3600 payload = {'iss': account['client_email'], 'sub': account['client_email'], 'aud': '/projects/NNNNN/apps/XXXXXXX',

Google Pub/Sub push subscription into IAP-protected App Engine

烈酒焚心 提交于 2020-01-15 01:50:05
问题 I am testing out a very basic Pub/Sub subscription. I have the push endpoint set to an App I have deployed through a Python Flex service in App Engine. The service is in a project with Identity-Aware Proxy enabled. The IAP is configured to allow through users authenticated with our domain. I do not see any of the push requests being processed by my app. I turned off the IAP protection and then I see that the requests are processed. I turn it back on and they are no longer processed. I had

Google Pub/Sub push subscription into IAP-protected App Engine

坚强是说给别人听的谎言 提交于 2020-01-15 01:49:05
问题 I am testing out a very basic Pub/Sub subscription. I have the push endpoint set to an App I have deployed through a Python Flex service in App Engine. The service is in a project with Identity-Aware Proxy enabled. The IAP is configured to allow through users authenticated with our domain. I do not see any of the push requests being processed by my app. I turned off the IAP protection and then I see that the requests are processed. I turn it back on and they are no longer processed. I had

Accessing Google Cloud IAP protected resource with bearer token gives error code 13

北城余情 提交于 2019-12-24 06:07:43
问题 I am trying to access a resource protected by Google Cloud IAP from my iOS app. I am able to login to my Google account from the app and receive an ID token, but I receive the following response with HTTP error code 401 when setting the ID token as Bearer token in the Authorization header for the resource I would like to request. "There was a problem with your request. Error code 13" I tried to send the request with Postman, but this also resulted with the same error. I use the following code

Replacing Google Sign-In for Websites with Cloud Identity-Aware Proxy

天大地大妈咪最大 提交于 2019-12-13 03:32:45
问题 There's an open feature request for Metabase to support IAP. I took a stab at it, and have a Clojure implementation of the steps detailed in Securing your app with signed headers (i.e. verify token header, verify token payload, retrieve user identity). But this question isn't necessarily specific to Metabase. The general idea is to replace Google Sign-In and only use only IAP signed headers for authentication and user creation in an application on Google App Engine (specifically, GAE flex

Google Pub/Sub push message not working for IAP enabled app engine

拈花ヽ惹草 提交于 2019-12-12 09:20:01
问题 I am testing out a very basic Pub/Sub subscription. I have the push endpoint set to an App I have deployed through a Python Flex service in App Engine. The service is in a project with Identity-Aware Proxy enabled. The IAP is configured to allow through users authenticated with our domain. I do not see any of the push requests being processed by my app. I turned off the IAP protection and then I see that the requests are processed. I turn it back on and they are no longer processed. 回答1: Note

Enable CORS with Google IAP

对着背影说爱祢 提交于 2019-12-06 07:53:32
问题 I'm are trying make an ajax call to my web api server from a third party JavaScript integration. However after enabling IAP on my API server, I'm unable to make the calls to my web apis from my integration server. I have added my integration server as Authorized JavaScript origins in the Client ID for Web application. Below is the error. Access to XMLHttpRequest at 'https://webapiserver.com/apiendpoint1' from origin 'https://myintegration.com' has been blocked by CORS policy: No 'Access