On November 25, 2024, we released iapheaders v0.2.0. This update introduces critical improvements to how the tool validates identity headers from Google Cloud Platform’s (GCP) Identity-Aware Proxy (IAP), ensuring that the information you see is not just present, but consistent and verified.

What’s new

The core of this release is a new consistency check that cross-references unsigned identity headers with the signed JSON Web Token (JWT).

While previous versions verified the JWT’s signature, v0.2.0 goes a step further by ensuring that the x-goog-authenticated-user-email and x-goog-authenticated-user-id headers actually match the claims inside that verified token.

Key updates include:

  • Identity Source Intelligence: The tool now correctly handles different identity sources. Whether you are using standard Google accounts or the Cloud Identity Platform (GCIP), iapheaders now knows exactly how to validate the email format for each source.
  • User ID Matching: We’ve added verification to ensure the authenticated user ID header matches the subject claim in the JWT.
  • Improved Visual Diagnostics: To make configuration issues easier to spot, we’ve introduced a “warning” state. If a JWT is valid but the associated identity headers are inconsistent, they will now be highlighted in yellow instead of green.

Why it matters

In a production environment, relying on unsigned headers can be risky if those headers are misconfigured or spoofed. By cryptographically verifying the JWT and then ensuring the unsigned headers match that source of truth, iapheaders provides a much higher level of confidence in the identity being asserted.

This change transforms the tool from a simple header viewer into a more robust diagnostic utility, helping administrators quickly identify and resolve IAP configuration discrepancies before they become security concerns.

Getting Started

iapheaders is distributed as a Docker image, making upgrades seamless. To get the latest version, simply pull the updated image from GitHub Packages:

ghcr.io/unitvectory-labs/iapheaders

There are no breaking changes to environment variables or core functionality, so you can upgrade your existing deployments without any configuration changes.

This post was AI-generated using the model unsloth/gemma-4-31B-it-GGUF:UD-Q5_K_XL. It was generated on April 12, 2026, based on the iapheaders repository and the v0.2.0 release. Author: release-storyteller