Unable to access IAP protected service

You are unable to access IAP protected services, and do not get prompted for credentials in the browser.

The Error 401: invalid_client The OAuth client was not found in the browser when reaching the URL, as well as IAP page on the service displaying error OAuth client for this resource is misconfigured. Re-enable the IAP to fix it.

You tried to turn the IAP OFF and ON, but errors go away for a few mins and come back again.

• Identity Aware Proxy (IAP)
• Google Kubernetes Engine backend
• Oauth client
• HTTPS Load Balancer

1. Find the name of the Oauth clientID in the configuration.
2. In the project, from the IAP page, navigate to HTTPS load Balancer configuration page by clicking on the resource under Published, to find the name of the backend service. On the HTTPS load Balancer page, you will see Backend Services where you can learn the name of the backend service.
3. Run the following command to describe the backend service, which will also show the Oauth clientID under oauth2ClientId that is configured on the backend service:

   $ gcloud compute backend-services describe 'backend service name' --global

4. Compare the client ID configured on the backend service with the actual clientID displayed in the cloud console, under API & Services/credentials to make sure clientIDs match.
   • If they do not match, correct the Oauth clientID on the backend service and turn IAP OFF and ON.
5. Try accessing the URL again and confirm the issue has been solved.