This page describes the Identity-Aware Proxy (IAP) properties that are available for App Engine API requests. Use this document with the App Engine API collection .
IAP properties
App Engine applications
use the iap
properties below. To learn how to set and get these properties,
read the sections that follow.
iap.enabled
bool
- The default value is false.
- If
iap.enabledistrue, theoauth2ClientIdandoauth2ClientSecretproperties must be set. - If
iap.enabledisfalse, theoauth2ClientIdandoauth2ClientSecretproperties aren't affected. You can temporarily disable IAP without unsetting those properties.
iap.oauth2ClientId
string
iap.oauth2ClientSecret
(Requests only)
string
- This value can't be read via the API. Instead, the
oauth2ClientSecretSha256field is returned.
iap.oauth2ClientSecretSha256
(Responses only)
string
oauth2ClientSecret
field is
redacted. Instead, iap.oauth2ClientSecretSha256
supplies the SHA256 hash of the secret.Setting IAP properties when creating an application
When you create an application, you can enable IAP and set
the client ID and secret. Use an application POST
request:
HTTP request
POST https://appengine.googleapis.com/v1/apps/ project ?alt=json&update_mask=iap
Parameters
project
string
Request body
In the request body, supply an application with the relevant IAP properties:
iap.enabled
bool
- The default value is false.
- If
iap.enabledistrue, theoauth2ClientIdandoauth2ClientSecretproperties must be set.
iap.oauth2ClientId
string
iap.oauth2ClientSecret
string
Example:
{
...
"backends": [
{
...
"iap": [
{
"enabled": true,
"oauth2ClientId": string,
"oauth2ClientSecret": string
}
],
...
}
],
...
}
The example above shows only the IAP properties. For additional properties including required properties, see the App Engine applications documentation.
Response
If successful, this method returns an application in the response body, including IAP properties.
If iap.enabled
is true
but the oauth2ClientId
and oauth2ClientSecret
properties aren't set, a BAD_REQUEST
response is returned.
Learn how to create an App Engine application .
Setting IAP properties by updating an application
To enable or disable IAP for an existing application and set
or replace the client ID and secret, update the application. Use an application PATCH
request:
HTTP request
PATCH https://appengine.googleapis.com/v1/apps/ project ?alt=json&update_mask=iap
Parameters
project
string
Request body
In the request body, supply the relevant portions of an App Engine application , according to the rules of patch semantics . Include the relevant IAP properties:
iap.enabled
bool
- The default value is false.
- If
iap.enabledistrue, theoauth2ClientIdandoauth2ClientSecretproperties must be set.
iap.oauth2ClientId
string
iap.oauth2ClientSecret
string
Example:
{
...
"backends": [
{
...
"iap": [
{
"enabled": true,
"oauth2ClientId": string,
"oauth2ClientSecret": string
}
],
...
}
],
...
}
The example above shows only the IAP properties. For additional properties including required properties, see the App Engine applications documentation.
Response
If successful, this method returns an application in the response body, including IAP properties.
If iap.enabled
is true
but you didn't set or supply new oauth2ClientId
and oauth2ClientSecret
properties, a BAD_REQUEST
response is returned.
Learn about Method: apps.patch
.
Getting the IAP properties of an application
To see the current IAP status of an existing application,
use a GET
request:
HTTP request
GET https://appengine.googleapis.com/v1/apps/ project ?alt=json
Parameters
Request body
Don't supply a request body with this method.
Response
If successful, this method returns an application in the response body that includes IAP properties .
Learn about Method: apps.get
.
