This page describes how to use Cloud Identity-Aware Proxy (Cloud IAP) special URLs to enhance your application UI or provide troubleshooting options.
Passing user identity
The following URL returns a JSON dictionary with the user's identity:
This URL is available from any signed-in Google account, even if the account doesn't have access to the app. You can navigate to the URL directly or you can reference it to make requests to the URL. Following is an example value returned by the URL:
You might find this value useful to personalize your app, such as by displaying the user's name, to pass identity to another page, or capture usage data in logs.
Clearing user login
The following URL clears the Cloud IAP login cookie:
By default, this URL is linked from the 403 page to help users who might be signed in to the wrong place. You can also provide the URL to a user who gets stuck, or use it to enable profile switching in your application.
Refreshing user sessions
Cloud IAP sessions are valid for one hour. When a session expires,
by default AJAX requests return an
HTTP 401: Unauthorized response code. This
is because of HTTPS Cross-Origin Resource Sharing (CORS) restrictions in the
Google OAuth server.
You can use the URLs below to avoid Cloud IAP session timeouts in your AJAX applications:
Force re-authentication and redirect to
Serves a page that refreshes to
For more information about how to implement these special URLs for your AJAX applications, see Managing Cloud IAP sessions.