Comments (3)
@ravwojdyla thanks for reaching out.
I don't think the App Engine app works if you have IAP enabled.
You might be able to get your client-side requests through IAP, but the proxy agent has never been updated to support using OIDC tokens to authenticate instead of OAuth access tokens.
That means that your requests won't make it all the way through to your backend server.
I've sent out #94 to add a note about this to the README
There isn't any sort of fundamental reason that we can't support IAP, but it hasn't been a priority because no one is using it with IAP. That's a bit of a circular argument (no one uses this with IAP because we don't support it, and we don't support IAP because no one uses it with IAP...), but it does mean that this isn't a priority for anyone currently working on the inverting proxy.
That being said, a pull request to add support for OIDC tokens to the proxy agent would be welcome, as long as it's flag controlled (so that existing users can continue to rely on OAuth tokens).
from inverting-proxy.
@ojarjur that explains it, thank you!
You might be able to get your client-side requests through IAP, but the proxy agent has never been updated to support using OIDC tokens to authenticate instead of OAuth access tokens.
..
That being said, a pull request to add support for OIDC tokens to the proxy agent would be welcome, as long as it's flag controlled (so that existing users can continue to rely on OAuth tokens).
Do you foresee it would be something more than adding idtoken.NewClient(ctx, audience)
to
inverting-proxy/agent/agent.go
Line 212 in 6416861
+ flags for using IAP and audience
oauth client ID?
Edit: that was definitely, not enough, agent
GAE app fails with:
Failed to validate backend ID: "Failed to read the OAuth authorization header: "API error 3 (user: OAUTH_INVALID_TOKEN)""
from pendingHandler
in
Line 158 in 6416861
from inverting-proxy.
@ravwojdyla Yeah, it looks like the OIDC token auth and the OAuth user auth are incompatible because they both want to use the same "Authorization" header with different values.
We'd need to change checkBackendID
to support OIDC tokens as an alternative to OAuth.
I have no idea how much work that would be as I've never done anything with OIDC
from inverting-proxy.
Related Issues (20)
- Gracefully shutdown the agent HOT 2
- Cache cookies agent-side. HOT 1
- The first service (module) you upload to a new application must be the 'default' service
- App deployment fails - compute/metadata requires [email protected]: missing go.sum entry
- agent: Normalize URLs HOT 2
- agent: Error out if an agent request to the proxy results in a redirect that changes the request method HOT 1
- API: Validate Backend Attributes During Creation
- agent: Add support for wrapping/consolidating http-only cookies from backends
- Make the agent support connecting to backends over SSL
- Request headers for websocket requests are getting stripped
- Binary websocket messages come as text HOT 1
- Add support for Go Modules HOT 1
- Is Google App Engine required? HOT 2
- Need Clarification: Can an agent talk to multiple backends. HOT 3
- Repeating banner in Safari and Firefox HOT 2
- [feature] reduce proxy-agent image size HOT 3
- `make deploy` fails to properly deploy working app HOT 5
- Example of websocket setup (e.g. Jupyter Lab)? HOT 1
- make test is failing HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from inverting-proxy.