Hello Google Identity-Aware Proxy customer

141 views

Skip to first unread message

Ross Scroggs

unread,

Jan 28, 2025, 12:13:32 PM1/28/25

to google-ap...@googlegroups.com

Many of you recently received an email from Google that started like this:

***

Hello Google Identity-Aware Proxy customer,

We're writing to inform you about upcoming changes to the Identity-Aware Proxy (IAP) OAuth Admin APIs. Please keep the following dates in mind:

April 2025: Google will discontinue support for the IAP OAuth Admin APIs.

July 2025: The IAP OAuth Admin APIs will be permanently shut down. Access to this feature will no longer be available.

We understand that this change will directly impact you and your team, so we've provided additional information below to guide you through this change and its impact.

What you need to know

After July 2025, you will not be able to programmatically create and manage internal OAuth clients programmatic for IAP use.

***

How does this impact you?

When you create a GAM project, two things (among others), have to be configured/created:

* An Oauth Consent screen: this is what you see when you do: gam oauth create

* A Client ID; this identifies your project in GAM client access API calls.

In versions of GAM prior to 7.03.00, GAM used the Identity-Aware Proxy (IAP) OAuth Admin API

to configure the Oauth Consent screen. You created the Client ID by setting the Application Type and Name.

Now, since the API is being shut down, GAM versions 7.03.00 and higher don't create the Oauth Consent screen

with the API, you are instructed on how to do it yourself.

Here are the instructions displayed on the screen on how to do this.

Steps 2 through 13 configure the Oauth Consent screen; steps 14 through 27 create the Client ID.

Typically, you will see "Google Auth Platform not configured yet" on the screen and will start at step 2.

***

Please go to:

https://console.cloud.google.com/auth/clients?project=gam-project-a1b2c&authuser=ad...@domain.com

1. If "+ CREATE CLIENT" is on the screen, skip to step 14

2. Click "GET STARTED"

3. Under "App Information", enter GAM or another value in "App name *"

4. Under "App Information", enter ad...@domain.com in "User support email *"

5. Click "NEXT"

6. Under "Audience", choose INTERNAL

7. Click "NEXT"

8. Under, "Contact Information", enter an email address in "Email addresses *"

9. Click "NEXT"

10. Under "Finish", click "I agree to the Google API Services: User Data Policy."

11. Click "CONTINUE"

12. Click "CREATE"

13. Click "Clients" in the left-hand column

14. Click "+ CREATE CLIENT"

15. Choose "Desktop App" for "Application type"

16. Enter GAM or another value in "Name *"

17. Click "Create"

18. Under "Name", click your client name

19. Copy the "Client ID" value under "Additional information"

20. Paste it at the "Enter your Client ID: " prompt in your terminal

21. Press return/enter in your terminal

22. Switch back to the browser

23. Copy the "Client secret" value under "Client Secrets"

24. Paste it at the "Enter your Client Secret: " prompt in your terminal

25. Press return/enter in your terminal

26. Switch back to the browser

27. Click "CANCEL"

28. These steps are complete

***

That's it. Existing projects are not impacted, the change only affects new project creation.

Ross

----

Ross Scroggs

Ross.S...@gmail.com

Reply all

Reply to author

Forward

0 new messages