These samples show how to use the Google Cloud Identity Aware Proxy. Cloud Identity-Aware Proxy (Cloud IAP) controls access to your cloud applications running on Google Cloud Platform. Cloud IAP works by verifying a user’s identity and determining if that user should be allowed to access the application.
If this is your first time using the Google Cloud Identity Aware Proxy, try out our quickstart tutorial.
Visit the Programmatic authentication and Securing your app with signed headers tutorials to learn more about how these code samples work.
You can also learn more by reading the Cloud IAP conceptual overview.
- Deploy this basic web application to App Engine.
- Once the application is deployed, enable Cloud IAP for it using the Enabling Cloud IAP section of this tutorial.
- Create a service account that you will later use to access your Cloud IAP protected site. Give it the role of 'Project > Owner' and check the box for 'Furnish a new private key'.
- Save the service account key you created in the previous step to your local computer.
- Grant your service account access to your Cloud IAP application.
- Visit the Cloud IAP admin page and click the ellipses button on the same row as 'App Engine app'. Click 'Edit OAuth Client' and note the Client ID.
- Install dependencies via Composer. Run
php composer.phar install(if composer is installed locally) orcomposer install(if composer is installed globally).
To run the IAP Samples, run any of the files in src/ on the CLI:
$ php src/make_iap_request.php
Usage: make_iap_request.php $url $clientId
@param string $url The Identity-Aware Proxy-protected URL to fetch.
@param string $clientId The client ID used by Identity-Aware Proxy.
$ php src/validate_jwt.php
Usage: validate_jwt.php $iapJwt $expectedAudience
@param string $iapJwt The contents of the X-Goog-IAP-JWT-Assertion header.
@param string $expectedAudience The expected audience of the JWT with the following formats: