I have an application which runs on a service in google cloud run. I use Identity-Aware Proxy (IAP) to ensure that only specific users can login to the app. I want that part of the application will only be visible to some of the users, and in order to do that I want to know who is the user that is currently trying to run something with the application. How can I do that?
I tried to do:
credentials = service_account.Credentials.from_service_account_file(
file,
scopes=[
"https://www.googleapis.com/auth/cloud-platform",
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile",
],
)
auth_req = google.auth.transport.requests.Request()
credentials.refresh(auth_req)
token = credentials.token
headers = {
"Authorization": f"Bearer {token}",
"Content-Type": "application/json",
}
url = "https://www.googleapis.com/oauth2/v3/userinfo"
response = py_requests.get(url=url, headers=headers).json()
The problem is that I'm sending the request to the wrong place (i.e not using the right file).
From what I understand, I want to send a request to the IAP and ask for the user email.
Thank you!