How can I access an IAP protected resource using Python?

5
votes

How can I access an IAP protected resource using Python? More specifically I'd like to generate the Bearer token needed in the Authorization header to make calls to the IAP protected resource.

I have created a service account, given it "IAP-Secured Webapp User" permissions and have downloaded its JSON credentials to disk.

1
pythongoogle-app-enginegoogle-cloud-platformgoogle-iap

1 Answers

0
votes

Since you have created a service account for authentication, you can use an OIDC token for authentication into IAP-secured resources.

The steps to obtain and use the token for authentication are shown here, but here is a little summary:

  • Head to the Cloud IAP page in the console and edit the OAuth client of the resource you wish to access to.
  • With the client ID you get from the Credentials page, request an OIDC token.
  • Include the OIDC token in the Authorization: Bearer header, and that way you will have an authenticated request to the IAP-protected resource.