2

Background: I have an API that previously running behind VPN. The API it self implement JWT Authentication for some path, so we have to attach:

Authorization: Bearer <jwt_token xxxx>

We just update our API to run behind Google Identity Aware Proxy and we follow the official documentation here. Everything working perfectly except for every path that need the JWT Authentication. The IAP mechanism also use:

Authorization: Bearer xxxx

And will overide the existing Authentication: header. Any suggestions without changing the existing code?

Thank you.

roman
  • 788
  • 1
  • 10
  • 23
  • 1
    The Google recommendation is to use the **Proxy-Authorization** header for IAP which leaves the **Authorization** header for your app authorization. https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_proxy-authorization_header However, read the notes in my SO answer: https://stackoverflow.com/a/59297859/8016720 – John Hanley Aug 30 '21 at 18:40

1 Answers1

1

As suggested by John, you can use two separate headers for the tokens.
If you encounter this error, you can report it via Public Issue Tracker.
There is also a similar case being tracked here which you may find helpful.

Sergiusz
  • 1,175
  • 4
  • 13
  • Thanks guys for the answer, my bad for not reading the documentation carefully. The Proxy-Authorization solved this. Thanks again. Credits for @john-hanley – roman Sep 02 '21 at 05:08