This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Identity Aware Proxy IAP with API Gateway using Identity Platform

Posted on 07-29-2022 01:34 AM
aabbas
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

I am trying to use IAP with API Gateway. It works well when IAP is using the IAM for authorization. But when I try to use the GCIP authorization (Microsoft) it returns "Invalid GCIP ID token: JWT signature is invalid"

I think the modification needs to be made on the openapi.yaml file but not sure how

0 1 2,831
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
cristianrm
Staff
Reply posted on --/--/---- --:-- AM

After finding this related Stack Overflow question, I have some inquiries on your question:

  • Are you creating an Access Token or Identity Token?
  • Tips. IAP requires an Identity Token in the HTTP header Authorization: Bearer <TOKEN>. 
  • The error JWT signature is invalid means that you are probably having an error in how you are using the token in your API/REST call.

As shown on this Stack Overflow answer,

The reason for the error Invalid GCIP ID token: JWT signature is invalid is caused by using a Google Identity Token which is signed by a Google RSA private key and not by a Google Identity Platform RSA private key.

From there, as shown in the same answer,

The solution to this problem is to exchange the Google Identity Token for an Identity Platform Identity Token.

More information can be found at these links:

0 Likes
Top Labels in this Space
Top Solution Authors
View all