1

I have an application behind cloud-IAP(https://cloud.google.com/iap/) which has an admin authentication via API keys passed using Authorization header. In this setup when the request reaches the application, after it has been authenticated by IAP, the Authorization header is stripped.

Any ideas how I can make the application work?

lahsivjar
  • 29
  • 5
  • Are you using signed headers? Take into accoun that your app must validate every request by checking the `x-goog-iap-jwt-assertion` HTTP request header. – vdenotaris Jun 03 '19 at 10:08
  • The validation logic to ensure that IAP is in place and is not bypassed is not the problem, that logic exists. The problem is that my app which is sitting behind a GLB with IAP enabled need to consume an `Authorization` header which is sent by the client but this header is overwritten in the IAP authentication process. – lahsivjar Jun 11 '19 at 03:46
  • Hello, did you find a way to do this ? – Kimor Jun 15 '22 at 07:47

0 Answers0