I am having a hard time making a Cloud Run app that would serve as an internal API for employees (no frontend).
This would have endpoints like: POST api.mydomain.com/post-some-data where i want to pass some body parameters.
After IAP is setup and applied through a Load Balancer, I can enter the url in a browser and a consent screen appears. I log in with an account that has permissions and the relevant code runs as expected.
BUT
When trying with Postman, having the OAuth2 set as Authentication, setting all the token configurations etc - I get a consent screen in the browser as expected. After authentication I get a Access Token back to Postman in the format ya28.a0 ... w0123. When clicking "SEND" it returns
Invalid IAP credentials: Unable to parse JWT
My question
What is required to reach the endpoint (code/app) with the given OAuth header after consent? It works from the browser directly but not through Postman after getting the Access Token from browser consent. The endpoint/app is not reached at all from my understanding. So I cant break down the header in the endpoint-code as far as I know.
The goal is to be able to pass body parameters and having a nice shared API collection in postman. And that cant be done in the same way directly through a browser.
Thanks,
I've set up all the necessary steps in GCP for a Cloud Run app secured by IAP. I've made sure a simple endpoint works as expected directly through a browser + consent screen. I've successfully made Postman OAuth2 go through my consent in GCP and ask for auth. I've got an Access Token back to Postman before sending the request.