How does TestCafe authenticate to an IAP secured application

Question

Can someone guide on how can TestCafe authenticate to an IAP secured service/app please? I've tried to read this guide here but it seems a tad complicated for me. If anyone has done this before it will be great if you can share. Thank you in advance.

Answer 1

We've implemented it by using google-auth-library and extending the RequestHook in Testcafe.

• You need to have the Google IAP credentials (step 1 and 2 in your link) to get the JWT token.
• Once you got the JWT token, you add it as Authorization Header for each request you do to the application (achieved by extending RequestHook).

The code is approximately the following for the helper function:

import { RequestHook } from 'testcafe';

import { GoogleAuth } from 'google-auth-library';

export class GoogleIapJWTAuthorization extends RequestHook {

  constructor () {
    // No URL filtering applied to this hook
    // so it will be used for all requests.
    super();

    const auth = new GoogleAuth({
      credentials: serviceGoogleAccount
    });

    console.log('Google Authentication');

    console.log(`Loaded Service Account ${GoogleAccount.client_email}`);
    auth.getClient()
    .then(client => client.fetchIdToken(`${GoogleAccount.targetAudience}`))
    .then(token => {
        console.log(`Successfully authenticated with Identity Aware Proxy. Id Token: ${token}`);
        this._token = token;
        return token;
    })
    .catch(err => {
        console.log(`Identity Aware Proxy Authentication Failed. Id Token: ${token}`);
        console.log(JSON.stringify(err));
        process.exitCode = 1;
    });
}
  getGoogleJwtToken() {
    return this._token;
  }

  onRequest (e) {
    //Authorization header for authentication into Google Auth IAP
    e.requestOptions.headers['Authorization']= `Bearer ${this._token}`;
  }

  onResponse (e) {
      // This method must also be overridden,
      // but you can leave it blank.
  }
}