I would like to access all my Flask routes of my Python application running in a Google App Engine only from a React-JS frontend and therefore deny all other requests which are not coming from that frontend.
Sofar I've created a Service Account (SA), enabled IAP for the target App Engine resource, assigned the IAP-secured Web App User role to that SA, so that only this SA can access my application. Now, the missing part is how to let my frontend (in React-JS) use that SA to access the backend resources.