Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation: Using Proxy-Authorization in idtoken library. #1020

Closed
eahrend opened this issue May 12, 2021 · 3 comments
Closed

Documentation: Using Proxy-Authorization in idtoken library. #1020

eahrend opened this issue May 12, 2021 · 3 comments
Assignees
@codyoss
Labels
api: iap Issues related to the Identity-Aware Proxy API. type: docs Improvement to the documentation for an API.

Comments

@eahrend
Copy link

eahrend commented May 12, 2021

Currently the only documentation regarding Proxy-Authorization is listed here:
https://cloud.google.com/iap/docs/authentication-howto#authenticating_from_proxy-authorization_header

I'm not sure if it's just me but the documentation on GCP's page was kind of vague and I spent a decent amount of time seeing how I could prevent the idtoken http client from overriding my authorization header, and while I figured it out, I didn't see any explicit examples so if possible can we add an example for this? This was my solution, but if there is a more generic or better written example that would work too.

func main() {
	ctx := context.Background()
	audience := "longstring.apps.googleusercontent.com"
	ts, err := idtoken.NewTokenSource(ctx, audience)
	if err != nil {
		// handle error
	}
	// can't use the idtoken httpclient since it will override your authorization header
	client := &http.Client{}
	req, err := http.NewRequest("GET","https://iap-secured.example.com",nil)
	if err != nil {
		// handle error
	}
	token,err := ts.Token()
	if err != nil {
		// handle error
	}
	req.Header.Set("Proxy-Authorization", fmt.Sprintf("Bearer %s", token.AccessToken))
	req.SetBasicAuth("username", "password")
	resp, err := client.Do(req)
	if err != nil {
		// handle error
	}
	// do something with resp
}
@codyoss codyoss added type: docs Improvement to the documentation for an API. api: iap Issues related to the Identity-Aware Proxy API. labels May 12, 2021
@codyoss
Copy link
Member

codyoss commented May 12, 2021

@eahrend Thank you for the feedback. I think the best place for an example like this might be along side the IAP documentation. I will keep this issue open for tracking purposed for now, but may close and file an internal issue in the future. Thank you for bringing this use case up!

@eahrend
Copy link
Author

eahrend commented May 12, 2021

@codyoss No worries! Appreciate it.

@codyoss
Copy link
Member

codyoss commented Aug 9, 2021

This is now being tracked internally at b/195938959. Closing this issue. Thanks again for this feedback!

@codyoss codyoss closed this as completed Aug 9, 2021
@glindstedt glindstedt mentioned this issue Jul 26, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@codyoss codyoss

Labels
api: iap Issues related to the Identity-Aware Proxy API. type: docs Improvement to the documentation for an API.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@codyoss @eahrend