I am not sure how did you set up your use case but I would recommend to
follow these two tutorials [1][2].
The target audience of the JWT has to be the oath2 client id form the IAP.
---
[1]. https://www.qwiklabs.com/focuses/5562?parent=catalog
[2].
I did all the steps which you provided but still getting the error
Invalid IAP credentials: JWT audience doesn't match this application ('aud'
claim (5940511.apps.googleusercontent.com) doesn't match expected value
(66074-l73bufqva111p0t76pfkam5.apps.googleusercontent.com))
Hi,
According to the official documentation :
"
allUsers
The value allUsers is a special identifier that represents anyone who is on
the internet, including authenticated and unauthenticated users." [1]
Also when you will add "allUsers" the following warning will be posted:
"Adding allUsers or
Thank, you. You were right!
I enable IAP and provide access for all my public services with `allUsers`
role access. But how I can call restricted service now? How do you
authenticate a request from my local computer (for example curl?)
I tried something like:
curl
Hi,
If you would like to protect certain "App Engine" services from outside
invocation, I would recommend using '' Google Cloud Identity Aware Proxy'.
Identity-Aware Proxy (IAP) lets you manage who has access to services
hosted on App Engine.
You can turn on IAP and this will allow only
