What does the email_verified claim indicate in Google ID Tokens?

Posted on

When you authenticate a user by using OpenID Connect and request the email scope, most identity providers add two additional claims to the ID Token, email and email_verified. The email claim does not need much explanation – but what about email_verified, what does this claim indicate and how does Google populate it? Read more »

IAP Desktop 2.11

Posted on

Yesterday I released version 2.11 of IAP Desktop. This new version introduces multi-display support and more. Read more »

Compute Engine feature flags controlled by metadata

Posted on

When you create a VM instance on Google Cloud, you can optionally specify instance metadata. Instance metadata is a list of key/value pairs and the most common use case for using metadata is passing a startup or shutdown script to a VM. But startup and shutdown scripts are not the only platform features that rely on metadata. Read more »

Using PowerShell in Cloud Shell

Posted on

One of the less well known features of Google Cloud Shell is that it has PowerShell preinstalled. All it takes to convert your Cloud Shell session into a PowerShell session is to run a single command. Read more »

How IAP Desktop protects TCP tunnels

Posted on

In the last post, we looked at the risks of using local port forwarding and how it’s difficult to protect TCP tunnels in a multi-user environment. In this post, we take a look at how IAP Desktop protects its tunnels. Read more »