Does OAuth always use the HTTP Authorization header?











up vote
1
down vote

favorite
1












Have an app running in GCP using App Engine and secured by IAP. To the best of my knowledge IAP uses OAuth, but when I open the app in the browser and inspect the outgoing XHR requests I don't see the HTTP Authorization header on any of them. There does appear to be a token in the cookies though, something named GCP_IAAP_AUTH_TOKEN.
Just wondering if this is still considered OAuth or is it some other form of authentication?










share|improve this question


























    up vote
    1
    down vote

    favorite
    1












    Have an app running in GCP using App Engine and secured by IAP. To the best of my knowledge IAP uses OAuth, but when I open the app in the browser and inspect the outgoing XHR requests I don't see the HTTP Authorization header on any of them. There does appear to be a token in the cookies though, something named GCP_IAAP_AUTH_TOKEN.
    Just wondering if this is still considered OAuth or is it some other form of authentication?










    share|improve this question
























      up vote
      1
      down vote

      favorite
      1









      up vote
      1
      down vote

      favorite
      1






      1





      Have an app running in GCP using App Engine and secured by IAP. To the best of my knowledge IAP uses OAuth, but when I open the app in the browser and inspect the outgoing XHR requests I don't see the HTTP Authorization header on any of them. There does appear to be a token in the cookies though, something named GCP_IAAP_AUTH_TOKEN.
      Just wondering if this is still considered OAuth or is it some other form of authentication?










      share|improve this question













      Have an app running in GCP using App Engine and secured by IAP. To the best of my knowledge IAP uses OAuth, but when I open the app in the browser and inspect the outgoing XHR requests I don't see the HTTP Authorization header on any of them. There does appear to be a token in the cookies though, something named GCP_IAAP_AUTH_TOKEN.
      Just wondering if this is still considered OAuth or is it some other form of authentication?







      oauth google-cloud-platform






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 7 at 18:27









      Dandan

      1808




      1808
























          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote



          accepted










          Cloud IAP can use either the cookie GCP_IAAP_AUTH_TOKEN or Authorization: Bearer. Both are derived from OAuth2.




          The credential that Cloud IAP relies on is an OpenID Connect (OIDC)
          token. That token can come from either a cookie GCP_IAAP_AUTH_TOKEN
          or an Authorization: bearer header.




          Authenticating with OpenID Connect






          share|improve this answer





















          • Thanks. Do you know by any chance what scope I should specify for authenticating?
            – Dandan
            Nov 8 at 18:30










          • It depends on what permissions you need. To get started use https://www.googleapis.com/auth/cloud-platform. Reference: developers.google.com/identity/protocols/googlescopes
            – John Hanley
            Nov 8 at 18:34










          • Thanks! One other question, do you know if it'd be possible to use the Google API Client libraries to invoke it programmaticly?
            – Dandan
            Nov 8 at 23:50










          • Here are some how-to guides to get you started cloud.google.com/iap/docs/how-to
            – John Hanley
            Nov 8 at 23:54











          Your Answer






          StackExchange.ifUsing("editor", function () {
          StackExchange.using("externalEditor", function () {
          StackExchange.using("snippets", function () {
          StackExchange.snippets.init();
          });
          });
          }, "code-snippets");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "1"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53195590%2fdoes-oauth-always-use-the-http-authorization-header%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote



          accepted










          Cloud IAP can use either the cookie GCP_IAAP_AUTH_TOKEN or Authorization: Bearer. Both are derived from OAuth2.




          The credential that Cloud IAP relies on is an OpenID Connect (OIDC)
          token. That token can come from either a cookie GCP_IAAP_AUTH_TOKEN
          or an Authorization: bearer header.




          Authenticating with OpenID Connect






          share|improve this answer





















          • Thanks. Do you know by any chance what scope I should specify for authenticating?
            – Dandan
            Nov 8 at 18:30










          • It depends on what permissions you need. To get started use https://www.googleapis.com/auth/cloud-platform. Reference: developers.google.com/identity/protocols/googlescopes
            – John Hanley
            Nov 8 at 18:34










          • Thanks! One other question, do you know if it'd be possible to use the Google API Client libraries to invoke it programmaticly?
            – Dandan
            Nov 8 at 23:50










          • Here are some how-to guides to get you started cloud.google.com/iap/docs/how-to
            – John Hanley
            Nov 8 at 23:54















          up vote
          0
          down vote



          accepted










          Cloud IAP can use either the cookie GCP_IAAP_AUTH_TOKEN or Authorization: Bearer. Both are derived from OAuth2.




          The credential that Cloud IAP relies on is an OpenID Connect (OIDC)
          token. That token can come from either a cookie GCP_IAAP_AUTH_TOKEN
          or an Authorization: bearer header.




          Authenticating with OpenID Connect






          share|improve this answer





















          • Thanks. Do you know by any chance what scope I should specify for authenticating?
            – Dandan
            Nov 8 at 18:30










          • It depends on what permissions you need. To get started use https://www.googleapis.com/auth/cloud-platform. Reference: developers.google.com/identity/protocols/googlescopes
            – John Hanley
            Nov 8 at 18:34










          • Thanks! One other question, do you know if it'd be possible to use the Google API Client libraries to invoke it programmaticly?
            – Dandan
            Nov 8 at 23:50










          • Here are some how-to guides to get you started cloud.google.com/iap/docs/how-to
            – John Hanley
            Nov 8 at 23:54













          up vote
          0
          down vote



          accepted







          up vote
          0
          down vote



          accepted






          Cloud IAP can use either the cookie GCP_IAAP_AUTH_TOKEN or Authorization: Bearer. Both are derived from OAuth2.




          The credential that Cloud IAP relies on is an OpenID Connect (OIDC)
          token. That token can come from either a cookie GCP_IAAP_AUTH_TOKEN
          or an Authorization: bearer header.




          Authenticating with OpenID Connect






          share|improve this answer












          Cloud IAP can use either the cookie GCP_IAAP_AUTH_TOKEN or Authorization: Bearer. Both are derived from OAuth2.




          The credential that Cloud IAP relies on is an OpenID Connect (OIDC)
          token. That token can come from either a cookie GCP_IAAP_AUTH_TOKEN
          or an Authorization: bearer header.




          Authenticating with OpenID Connect







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Nov 7 at 19:14









          John Hanley

          11.1k2527




          11.1k2527












          • Thanks. Do you know by any chance what scope I should specify for authenticating?
            – Dandan
            Nov 8 at 18:30










          • It depends on what permissions you need. To get started use https://www.googleapis.com/auth/cloud-platform. Reference: developers.google.com/identity/protocols/googlescopes
            – John Hanley
            Nov 8 at 18:34










          • Thanks! One other question, do you know if it'd be possible to use the Google API Client libraries to invoke it programmaticly?
            – Dandan
            Nov 8 at 23:50










          • Here are some how-to guides to get you started cloud.google.com/iap/docs/how-to
            – John Hanley
            Nov 8 at 23:54


















          • Thanks. Do you know by any chance what scope I should specify for authenticating?
            – Dandan
            Nov 8 at 18:30










          • It depends on what permissions you need. To get started use https://www.googleapis.com/auth/cloud-platform. Reference: developers.google.com/identity/protocols/googlescopes
            – John Hanley
            Nov 8 at 18:34










          • Thanks! One other question, do you know if it'd be possible to use the Google API Client libraries to invoke it programmaticly?
            – Dandan
            Nov 8 at 23:50










          • Here are some how-to guides to get you started cloud.google.com/iap/docs/how-to
            – John Hanley
            Nov 8 at 23:54
















          Thanks. Do you know by any chance what scope I should specify for authenticating?
          – Dandan
          Nov 8 at 18:30




          Thanks. Do you know by any chance what scope I should specify for authenticating?
          – Dandan
          Nov 8 at 18:30












          It depends on what permissions you need. To get started use https://www.googleapis.com/auth/cloud-platform. Reference: developers.google.com/identity/protocols/googlescopes
          – John Hanley
          Nov 8 at 18:34




          It depends on what permissions you need. To get started use https://www.googleapis.com/auth/cloud-platform. Reference: developers.google.com/identity/protocols/googlescopes
          – John Hanley
          Nov 8 at 18:34












          Thanks! One other question, do you know if it'd be possible to use the Google API Client libraries to invoke it programmaticly?
          – Dandan
          Nov 8 at 23:50




          Thanks! One other question, do you know if it'd be possible to use the Google API Client libraries to invoke it programmaticly?
          – Dandan
          Nov 8 at 23:50












          Here are some how-to guides to get you started cloud.google.com/iap/docs/how-to
          – John Hanley
          Nov 8 at 23:54




          Here are some how-to guides to get you started cloud.google.com/iap/docs/how-to
          – John Hanley
          Nov 8 at 23:54


















           

          draft saved


          draft discarded



















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53195590%2fdoes-oauth-always-use-the-http-authorization-header%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          這個網誌中的熱門文章

          Xamarin.form Move up view when keyboard appear

          Post-Redirect-Get with Spring WebFlux and Thymeleaf

          Anylogic : not able to use stopDelay()