README
¶
iapheaders
Displays GCP Identity-Aware Proxy headers and JWT for inspection.
Overview
iapheaders is a web application that allows you to inspect request headers for testing and understanding GCP's Identity-Aware Proxy (IAP).
Example for Valid IAP Headers
Example for Missing IAP Headers
Usage
The latest iapheaders Docker image is available for deployment from GitHub Packages at ghcr.io/unitvectory-labs/iapheaders.
Configuration
The application is configurable through environment variables. Below are the available configurations:
HIDE_SIGNATURE: If enabled, the signature of the JWT from IAP is removed (not displayed); the signature component of the JWT is replaced withSIGNATURE_REMOVED_BY_IAPHEADERS(default: false).PORT: The port on which the server listens (default: 8080).
IAP Headers
IAP sets the following headers:
x-goog-authenticated-user-email: Authenticated user's email address.x-goog-authenticated-user-id: Unique identifier of the authenticated user.x-goog-iap-jwt-assertion: JWT token for user identity verification.
iapheaders displays these headers and decodes the JWT token to show its contents. The JWT, signed by Google, can be verified using the public key from https://www.gstatic.com/iap/verify/public_key-jwk. iapheaders checks the signature and indicates the JWT's validity.
Limitations
- JWK caching is not implemented, and the public key is fetched from Google's servers for each request.
Documentation
¶
There is no documentation for this package.
Source Files