0

By default, the GCP IAP (enabled for an API resource) redirects to a google login screen - in case of an unauthenticated request. Instead I need to just return 403. Please advice if there a simple setting I'm missing? Alternatively please suggest the possible solution.

Alex M
  • 2,410
  • 1
  • 24
  • 37
  • Is it for a web access or an API access? – guillaume blaquiere Oct 31 '20 at 19:33
  • It is for API access purposes – Alex M Nov 01 '20 at 22:02
  • IAP returns a 302. If you follow it, you get a 200 with the login page HTML content. AFAIK, you can't customize this. Have a look to Cloud Run if you can! – guillaume blaquiere Nov 01 '20 at 22:26
  • @guillaumeblaquiere - what do you mean "if you follow it"? Is it maybe possible to overwrite where it redirects to login page and instead show own, which could be a 302? – Alex M Nov 02 '20 at 09:31
  • No, it's a built-in feature, you can't (or I don't know how). – guillaume blaquiere Nov 02 '20 at 09:46
  • You can try adding `HTTP Accept="text/html,*/*"` to your header. See [reference](https://cloud.google.com/iap/docs/faq#why_am_i_receiving_an_http_401_unauthorized_status_code_instead_of_an_http_302_redirect) for details. – Alex G Nov 03 '20 at 05:47
  • Edit your question. 1) How are you making your requests (code/REST API, browser, etc)? 2) What HTTP headers are included in your request? – John Hanley Nov 03 '20 at 06:45
  • @JohnHanley - postman or curl. But are you saying it will depend on request headers, whether response will have redirect content or not? – Alex M Nov 04 '20 at 14:47
  • IAP responds with a 302 Redirect status code when a client is configured to handle redirects. To indicate that your client can handle redirects, ensure that HTTP Accept="text/html,*/*" is in the header of requests. – John Hanley Nov 04 '20 at 16:51
  • so no way to remove redirect irrespective of the client and its headers? I would just like to return 403 if not authorized – Alex M Nov 04 '20 at 18:03
  • 1
    Have you tried adding the HTTP header `Accept: application/json`? – John Hanley Nov 04 '20 at 18:16

0 Answers0