Does OAuth always use the HTTP Authorization header?
up vote
1
down vote
favorite
Have an app running in GCP using App Engine and secured by IAP. To the best of my knowledge IAP uses OAuth, but when I open the app in the browser and inspect the outgoing XHR requests I don't see the HTTP Authorization header on any of them. There does appear to be a token in the cookies though, something named GCP_IAAP_AUTH_TOKEN.
Just wondering if this is still considered OAuth or is it some other form of authentication?
oauth
google-cloud-platform asked Nov 7 at 18:27
Dandan
1808
add a comment |
up vote
1
down vote
favorite
Have an app running in GCP using App Engine and secured by IAP. To the best of my knowledge IAP uses OAuth, but when I open the app in the browser and inspect the outgoing XHR requests I don't see the HTTP Authorization header on any of them. There does appear to be a token in the cookies though, something named GCP_IAAP_AUTH_TOKEN.
Just wondering if this is still considered OAuth or is it some other form of authentication?
oauth
google-cloud-platform asked Nov 7 at 18:27
Dandan
1808
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
Have an app running in GCP using App Engine and secured by IAP. To the best of my knowledge IAP uses OAuth, but when I open the app in the browser and inspect the outgoing XHR requests I don't see the HTTP Authorization header on any of them. There does appear to be a token in the cookies though, something named GCP_IAAP_AUTH_TOKEN.
Just wondering if this is still considered OAuth or is it some other form of authentication?
oauth
google-cloud-platform asked Nov 7 at 18:27
Dandan
1808
Have an app running in GCP using App Engine and secured by IAP. To the best of my knowledge IAP uses OAuth, but when I open the app in the browser and inspect the outgoing XHR requests I don't see the HTTP Authorization header on any of them. There does appear to be a token in the cookies though, something named GCP_IAAP_AUTH_TOKEN.
Just wondering if this is still considered OAuth or is it some other form of authentication?
oauth
google-cloud-platform oauth
google-cloud-platform asked Nov 7 at 18:27
Dandan
1808
asked Nov 7 at 18:27
Dandan
1808
asked Nov 7 at 18:27
Dandan
1808
asked Nov 7 at 18:27
Dandan
1808
asked Nov 7 at 18:27
Dandan
1808
1808
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
Cloud IAP can use either the cookie GCP_IAAP_AUTH_TOKEN or Authorization: Bearer. Both are derived from OAuth2.
The credential that Cloud IAP relies on is an OpenID Connect (OIDC)
token. That token can come from either a cookieGCP_IAAP_AUTH_TOKEN
or anAuthorization: bearer header.
Authenticating with OpenID Connect
answered Nov 7 at 19:14
John Hanley
11.1k2527
Thanks. Do you know by any chance what scope I should specify for authenticating?
– Dandan
Nov 8 at 18:30
It depends on what permissions you need. To get started usehttps://www.googleapis.com/auth/cloud-platform. Reference: developers.google.com/identity/protocols/googlescopes
– John Hanley
Nov 8 at 18:34
Thanks! One other question, do you know if it'd be possible to use the Google API Client libraries to invoke it programmaticly?
– Dandan
Nov 8 at 23:50
Here are some how-to guides to get you started cloud.google.com/iap/docs/how-to
– John Hanley
Nov 8 at 23:54
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
Cloud IAP can use either the cookie GCP_IAAP_AUTH_TOKEN or Authorization: Bearer. Both are derived from OAuth2.
The credential that Cloud IAP relies on is an OpenID Connect (OIDC)
token. That token can come from either a cookieGCP_IAAP_AUTH_TOKEN
or anAuthorization: bearer header.
Authenticating with OpenID Connect
answered Nov 7 at 19:14
John Hanley
11.1k2527
Thanks. Do you know by any chance what scope I should specify for authenticating?
– Dandan
Nov 8 at 18:30
It depends on what permissions you need. To get started usehttps://www.googleapis.com/auth/cloud-platform. Reference: developers.google.com/identity/protocols/googlescopes
– John Hanley
Nov 8 at 18:34
Thanks! One other question, do you know if it'd be possible to use the Google API Client libraries to invoke it programmaticly?
– Dandan
Nov 8 at 23:50
Here are some how-to guides to get you started cloud.google.com/iap/docs/how-to
– John Hanley
Nov 8 at 23:54
add a comment |
up vote
0
down vote
accepted
Cloud IAP can use either the cookie GCP_IAAP_AUTH_TOKEN or Authorization: Bearer. Both are derived from OAuth2.
The credential that Cloud IAP relies on is an OpenID Connect (OIDC)
token. That token can come from either a cookieGCP_IAAP_AUTH_TOKEN
or anAuthorization: bearer header.
Authenticating with OpenID Connect
answered Nov 7 at 19:14
John Hanley
11.1k2527
Thanks. Do you know by any chance what scope I should specify for authenticating?
– Dandan
Nov 8 at 18:30
It depends on what permissions you need. To get started usehttps://www.googleapis.com/auth/cloud-platform. Reference: developers.google.com/identity/protocols/googlescopes
– John Hanley
Nov 8 at 18:34
Thanks! One other question, do you know if it'd be possible to use the Google API Client libraries to invoke it programmaticly?
– Dandan
Nov 8 at 23:50
Here are some how-to guides to get you started cloud.google.com/iap/docs/how-to
– John Hanley
Nov 8 at 23:54
add a comment |
up vote
0
down vote
accepted
up vote
0
down vote
accepted
Cloud IAP can use either the cookie GCP_IAAP_AUTH_TOKEN or Authorization: Bearer. Both are derived from OAuth2.
The credential that Cloud IAP relies on is an OpenID Connect (OIDC)
token. That token can come from either a cookieGCP_IAAP_AUTH_TOKEN
or anAuthorization: bearer header.
Authenticating with OpenID Connect
answered Nov 7 at 19:14
John Hanley
11.1k2527
Cloud IAP can use either the cookie GCP_IAAP_AUTH_TOKEN or Authorization: Bearer. Both are derived from OAuth2.
The credential that Cloud IAP relies on is an OpenID Connect (OIDC)
token. That token can come from either a cookieGCP_IAAP_AUTH_TOKEN
or anAuthorization: bearer header.
Authenticating with OpenID Connect
answered Nov 7 at 19:14
John Hanley
11.1k2527
answered Nov 7 at 19:14
John Hanley
11.1k2527
answered Nov 7 at 19:14
John Hanley
11.1k2527
answered Nov 7 at 19:14
John Hanley
11.1k2527
11.1k2527
Thanks. Do you know by any chance what scope I should specify for authenticating?
– Dandan
Nov 8 at 18:30
It depends on what permissions you need. To get started usehttps://www.googleapis.com/auth/cloud-platform. Reference: developers.google.com/identity/protocols/googlescopes
– John Hanley
Nov 8 at 18:34
Thanks! One other question, do you know if it'd be possible to use the Google API Client libraries to invoke it programmaticly?
– Dandan
Nov 8 at 23:50
Here are some how-to guides to get you started cloud.google.com/iap/docs/how-to
– John Hanley
Nov 8 at 23:54
add a comment |
Thanks. Do you know by any chance what scope I should specify for authenticating?
– Dandan
Nov 8 at 18:30
It depends on what permissions you need. To get started usehttps://www.googleapis.com/auth/cloud-platform. Reference: developers.google.com/identity/protocols/googlescopes
– John Hanley
Nov 8 at 18:34
Thanks! One other question, do you know if it'd be possible to use the Google API Client libraries to invoke it programmaticly?
– Dandan
Nov 8 at 23:50
Here are some how-to guides to get you started cloud.google.com/iap/docs/how-to
– John Hanley
Nov 8 at 23:54
Thanks. Do you know by any chance what scope I should specify for authenticating?
– Dandan
Nov 8 at 18:30
Thanks. Do you know by any chance what scope I should specify for authenticating?
– Dandan
Nov 8 at 18:30
It depends on what permissions you need. To get started use
https://www.googleapis.com/auth/cloud-platform. Reference: developers.google.com/identity/protocols/googlescopes– John Hanley
Nov 8 at 18:34
It depends on what permissions you need. To get started use
https://www.googleapis.com/auth/cloud-platform. Reference: developers.google.com/identity/protocols/googlescopes– John Hanley
Nov 8 at 18:34
Thanks! One other question, do you know if it'd be possible to use the Google API Client libraries to invoke it programmaticly?
– Dandan
Nov 8 at 23:50
Thanks! One other question, do you know if it'd be possible to use the Google API Client libraries to invoke it programmaticly?
– Dandan
Nov 8 at 23:50
Here are some how-to guides to get you started cloud.google.com/iap/docs/how-to
– John Hanley
Nov 8 at 23:54
Here are some how-to guides to get you started cloud.google.com/iap/docs/how-to
– John Hanley
Nov 8 at 23:54
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53195590%2fdoes-oauth-always-use-the-http-authorization-header%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
