0

I am using an IAP authenticated front end (running on react) and I want to make a request to a back end server using google cloud IAP authentication but I can't manage to authenticate with the service.

From what I have observed, the request attaches the cookies that are stored that look like "GCP-IAP_AUTH_TOKEN" etc. when I am making any requests to the front end. How can I use those cookies to authenticate with the back end?

I would like the solution to be as user friendly as possible, so ideally id like to extract these cookies or the authentication headers and attach them to my request to the back end service so that the solution does not require the user to use a service account etc.

Has anyone ran into this issue? Is there a definite solution?

Satania Chan
  • 43
  • 3

1 Answers1

0

As @guillaume blaquiere mentioned, You can't reuse the user IAP token to perform subsequent calls to Google Cloud services You can't perform operation on behalf of the user.That's why Google Cloud transfers you the user token, but without the signature to prevent any reuse.

To authenticate to an Identity-Aware Proxy (IAP)-secured resource from a user account or a service account.

  1. A user account belongs to an individual user. You authenticate a user account when your application requires access to IAP-secured resources on a user's behalf. Read about user account credentials.

  2. A service account belongs to an application instead of an individual user. You authenticate a service account when you want to allow an application to access your IAP-secured resources. Learn how to understand service accounts.

Fariya Rahmat
  • 2,123
  • 3
  • 11