Reputation: 3313
Access Google IAP protected API from Angular
My application has 2 modules
- Spring boot back-end API
- Angular front-end (SPA application)
Both were deployed in Google app engine (GAE).
I used Google IAP for authentication. After enabling the IAP is there any way to generate the IAP JWT token for the different users within the organization to authenticate the APIs from the web client.
I tried token generating mechanism using the Service account. But for my scenario, I just want to authenticate and authorize users not service account. I found this reference to enable the web resource access for users, but it is using cookie based authorization. And it is not the recommended way for the application such as angular.
Upvotes: 2
Views: 3249
Answers (2)
Reputation: 1
Yes, You can generate a JWT token using angular-oauth2-oidc.
Get the default IAP Web App client ID and client secret. Use AuthConfig and redirect to your link after credentials are entered; you can capture the token after they are redirected.
This link has all the details:
You have told that you tried authenticating from service account. Were you able to generate JWT for service account? I am able to capture the JWT token for individual accounts and use it.
Please give more information on how you authenticated from service account.
Thanks, Bharath
Upvotes: 0
Reputation: 6290
If you're using IAP to protect your backend api, it means your users have a Google Account or an account managed in Cloud Identity.
In your Angular front-end app, you can retrieve JWT token of your user, with Google Sign-In for Websites.
To easily integrate Google Sign-in with Angular, I recommend you to use ng-gapi from Ruben.
Main lines of the workflow :
- Angular uses
ng-gapiwithGoogle Sign-inbehind the scene - Users are authenticated with their Google Account
- You're able to retrieve GoogleUser
idTokenwhich is a JWT token. - Each HttpRequest could be executed with
Authorization: Bearer JWT - IAP will accept request.
To better understand how to use ng-gapi, check this stackblitz Demo made by creator of lib.
I also suggest you theses resources :
My answer on Stackoverflow about Angular stateless authentication workflow. Just skip the Spring Boot JWT part if you're using IAP.
Google Sign-In for Websites official docs.
Note that you need to use the OAuth 2.0 Client ID configured by Identity-Aware Proxy for your app, and add the correct Authorized JavaScript origins.
Upvotes: 3
Related Questions
- Google login in Angular 7 with .NET Core API
- Service account request to IAP-protected app results in 'Invalid GCIP ID token: JWT signature is invalid'
- How to access GCP Secret Manager from Angular 9 web app service
- Accessing Google Cloud IAP protected resource with bearer token gives error code 13
- Sign-in with google user in an AngularJS app
- Google Authenticate in Angular 5
- Get access_token from Web API, when you have token, idToken, etc, from Google
- Cloud Endpoints + AngularJS authentication without gapi
- cant get access token from google using angularjs
- "Access not configured" when accessing google cloud endpoints from web app