The claim set <https://developers.google.com/identity/protocols/OAuth2ServiceAccount#authorizingrequests> (found under the 'HTTP/REST' tab) of the Service Account JWT is identical to that of the claim set required by Cloud IAP Signed Headers <https://cloud.google.com/iap/docs/signed-headers-howto#securing_iap_headers>; the only difference being ' email' is 'iss' for the service account email address. So once you decode the JWT, if you see 'iss' instead of 'email' you know it is a program making a request via a service account.
-- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/701b0a1d-eb31-40d1-986a-84b0e4d0eb60%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
