0

I built a rest api using flask restplus and I tested it using the swagger documentation, and it seems to be fully functional and working just fine. I now want to test the API using the python requests library, but I'm getting the following error:

Invalid IAP credentials: empty token

I imagine this is because I did not authorize using the credentials. I do have access to the service account credentials json file, but just wondering how I pass this into requests?

Code Example:

url = 'https://crosssellapi-project-id.appspot.com/auth/login'

r = requests.get(url, headers={'accept': 'application/json'})

Thanks in advance.

Improve this question

1 Answer 1

Reset to default
3

I think the best way to accomplish this is using the google-auth library for python.

$ pip install google-auth

I suggest to create a service account, give it the role IAP-secured Web App User and then download the JSON key for that service account.

Go to API's & Services > Credentials and copy the Client ID of the OAuth 2.0 client you want to use for your API.

Finally use this code snippet to make a request:

from google.oauth2 import service_account
from google.auth.transport.requests import AuthorizedSession

SERVICE_FILENAME = '/path/to/your/service_account_key.json'
API_URL = 'https://YOUR_API_URL'
AUDIENCE = 'YOUR_OAUTH_CLIENT_ID'

credentials = service_account.IDTokenCredentials.from_service_account_file(SERVICE_FILENAME, target_audience=AUDIENCE)

session = AuthorizedSession(credentials)

r = session.get(API_URL, headers={'accept': 'application/json'})

print(r.text)

If you want to know more about google-auth check this.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Thanks so much! I haven't yet tried this out, but where would one get the OAUTH CLIENT ID. I've never actually seen that before
Go to Security > Identity-Aware Proxy and select the resource where you want to grant access to your GAE app. Then, in the right pane that will appear click on Add Member. In New members paste your service account ([email protected]). Finally select the role IAP-secured Web App User and click on Save. Wait some minutes and try again.
Also, if you go to Security > Identity-Aware Proxy and the following message appears Before you can use IAP, you need to configure your OAuth consent screen. configure your consent screen that will provide the OAUTH CLIENT ID.
Thanks, that seemed to overcome the issue, but having trouble using one of the endpoints now. Example call: r = session.request('POST', api_url, headers={'accept': 'application/json'}, data={'email': <email>, 'password': <password>}) Now I'm getting the error: {"errors": {"": "None is not of type 'object'"}, "message": "Input payload validation failed"}
I think this a code issue in your server and not for how to create the request. Try to create a new question for it.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.