Getting Users API access in nodejs AppEngine environment with Identity Aware Proxy

Question

I have a nodejs app deployed on AppEngine with IAP enabled, so right now access to its endpoints is protected against users outside of the project's IAM and I get the "x-goog-authenticated-user-id", "x-goog-authenticated-user-email" and another jwt assertion x-goog signed header, just like it should be (as detailed here https://cloud.google.com/iap/docs/identity-howto).

In certain AppEngine environments (so far Python, Java, Go) it seems you are able to use some already provided libraries to get more information about the user with Users API, however the nodejs page is disabled (here https://cloud.google.com/appengine/docs/standard/python/users/), there seems to be no indication of what should be done there. Any ideas?

If there is no straight forward way around it would I be able to have an app engine environment that also exposes for example the Python libraries for Users API so that I can wrap around them and use them in my nodejs app?

Answer 1

Update for the current state:

There is currently a Identity-Aware Proxy Documentation for Node JS.

Answer 2

The Users API isn't supported for Node.js. Instead, you can get the identity from the x-goog-iap-jwt-assertion header.

We don't currently have a code sample for Node.js, though this looks like one reasonable approach. (Disclaimer: I'm not a Node user, and don't know enough about Node JWT libraries to endorse any of them in particular.)