I am trying to set up IAP and a global HTTPS load balancer to secure an app in Cloud Run using steps here. When I visit the app URL, I see an error saying this redirect_uri is missing:
If I add this redirect URI and visit the app URL again, then the message that appears is:
Choose an account to continue to iap.googleapis.com
My main question is why does Google IAP require iap.googleapis.com to be in the list of redirect URIs? And second, once it is added, why does it show iap.googleapis.com instead of my domain? The documentation page above doesn't explain this.
FWIW, my oauth consent screen user type is "external", and publishing status is "testing".