I am trying to use a cloud run endpoint through GCP's Identity Aware Proxy and all of a sudden the IAP endpoint started throwing an error:
Invalid IAP credentials: Unable to parse JWT
I am using the extension_google_sign_in_as_googleapis_auth extension to create a Google client out of my existing Google/Firebase login.
The IAP works fine if I access the api with the browser directly (using the same GCP credentials directly as I am logged into the app with)
I am using the following code, which seems to be connecting to the backend: I see the network inspector fire the CORS head and then the call to the endpoint. The first is fine, the second errors with a 401 and the message above in the body.
getIAPAPI(String path) async {
Uri uri;
// make sure the Identity Aware Proxy is addressed authenticated
var _signIn = GoogleSignIn(
scopes: <String>[CloudIAPApi.cloudPlatformScope],
);
await _signIn.signInSilently();
// create a GCP client
final _client = await _signIn.authenticatedClient();
print('fetching ${path} from api');
try {
uri = Uri.https('iapapi.example.com', path);
var response = await _client?.get(uri);
return response?.body;
} catch (e) {
// print errors and pass back an empty json result
print(e);
return "{}";
}
}
Am I doing something wrong in my code? The really weird thing is that it seemed to work a week ago. I don't see anything in the IAP console settings that could help either.