Edit: Added a note about JWT header validation.
I have a couple internal systems that I run at home, and that I want to be able to access from outside. I want only my partner and myself to be able to access those systems, and I want that access to be as transparent as possible for her. For that, I decided to use Google’s Identity-Aware Proxy (IAP)!
IAP is a Google Cloud feature that allows you to implement Google’s BeyondCorp security model.