I've created a google app engine project with a service protected by IAP.
I understand how to use the signed headers to get the authenticated user's identity. But how would I retrieve their OAuth 2.0 credentials?
Any suggestions of other ways of achieving this (using GCP) would also be appreciated.
There are three tokens that can be created using OAuth and OIDC: access, refresh, and identity. If you are using IAP, you can only fetch the user's identity.
You cannot access the OAuth Access and Refresh Tokens from IAP. If this is a requirement, turn off IAP and implement the Google OAuth flow in your application.