Standard environment. Client app->App Engine App->Other services is the logic flow. Client is Python code. I am trying to use the service account key to request a token so that my client app and submit a request to my App Engine App (controller/proxy/etc). Code method below:
from google.auth.transport.requests import Request from google.oauth2 import id_token import requests def make_iap_request(url, client_id, method='GET', **kwargs): """Makes a request to an application protected by Identity-Aware Proxy. Args: url: The Identity-Aware Proxy-protected URL to fetch. client_id: The client ID used by Identity-Aware Proxy. method: The request method to use ('GET', 'OPTIONS', 'HEAD', 'POST', 'PUT', 'PATCH', 'DELETE') **kwargs: Any of the parameters defined for the request function: https://github.com/requests/requests/blob/master/requests/api.py If no timeout is provided, it is set to 90 by default. Returns: The page body, or raises an exception if the page couldn't be retrieved. """ # Set the default timeout, if missing if 'timeout' not in kwargs: kwargs['timeout'] = 90 # Obtain an OpenID Connect (OIDC) token from metadata server or using service # account. open_id_connect_token = id_token.fetch_id_token(Request(), client_id) # Fetch the Identity-Aware Proxy-protected URL, including an # Authorization header containing "Bearer " followed by a # Google-issued OpenID Connect token for the service account. resp = requests.request( method, url, headers={'Authorization': 'Bearer {}'.format( open_id_connect_token)}, **kwargs) if resp.status_code == 403: raise Exception('Service account does not have permission to ' 'access the IAP-protected application.') elif resp.status_code != 200: raise Exception( 'Bad response from application: {!r} / {!r} / {!r}'.format( resp.status_code, resp.headers, resp.text)) else: return resp.text data={ On Friday, May 6, 2022 at 11:53:15 AM UTC-5 Osvaldo Lopez Acuña wrote: > Please share if you’re using the Standard or Flex environment, in which > programming language is your App (including version), what type of service > account you have, any related code or settings that you have tried and the > complete error and logs. Meanwhile here’s the general App Engine’s > Troubleshooting guide > <https://cloud.google.com/appengine/docs/troubleshooting?hl=en#service-account-permissions> > > where you can find solutions to similar issues. Also, you can check App > Engine connectivity questions > <https://cloud.google.com/appengine/docs/troubleshooter/connectivity-questions?hl=en> > > and Specifying a service account > <https://cloud.google.com/appengine/docs/standard/python3/access-control#user-managed-service-account>. > > App Engine lets you use two types of service accounts. > > On Thursday, May 5, 2022 at 7:03:24 PM UTC-5 anat...@newventurevisions.com > wrote: > >> Usually you need to call google api to get token using your service >> account key. Then use token in https request header. >> It does depend on how your app engine app is configured though in terms >> of authentication. >> >> Sincerely, >> Anatoli Trifonov >> >> >> >> >> On Thu, May 5, 2022 at 12:06 AM 'David Brogdon' via Google App Engine < >> google-a...@googlegroups.com> wrote: >> >>> I am trying to figure out how to authenticate a desktop app to my App >>> Engine app in order to send HTTP requests to my App Engine App. I have read >>> all the documentation I can find but what I really need to know is, *how >>> do I feed my service account key info into my http request so that my App >>> Engine app will respond? Right now I am getting an error stating there are >>> no credentials. * >>> >>> Thanks >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Google App Engine" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to google-appengi...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/google-appengine/e6c4a60a-1451-43e0-b6a0-f5754c40e7c2n%40googlegroups.com >>> >>> <https://groups.google.com/d/msgid/google-appengine/e6c4a60a-1451-43e0-b6a0-f5754c40e7c2n%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to google-appengine+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/1c4a8d50-a902-4e16-a251-f388a29236dcn%40googlegroups.com.