« Back to home

What does the email_verified claim indicate in Google ID Tokens?

Posted on

When you authenticate a user by using OpenID Connect and request the email scope, most identity providers add two additional claims to the ID Token, email and email_verified. The email claim does not need much explanation – but what about email_verified, what does this claim indicate and how does Google populate it? Read more »

Compute Engine feature flags controlled by metadata

Posted on

When you create a VM instance on Google Cloud, you can optionally specify instance metadata. Instance metadata is a list of key/value pairs and the most common use case for using metadata is passing a startup or shutdown script to a VM. But startup and shutdown scripts are not the only platform features that rely on metadata. Read more »

Using PowerShell in Cloud Shell

Posted on

One of the less well known features of Google Cloud Shell is that it has PowerShell preinstalled. All it takes to convert your Cloud Shell session into a PowerShell session is to run a single command. Read more »

How IAP Desktop protects TCP tunnels

Posted on

In the last post, we looked at the risks of using local port forwarding and how it’s difficult to protect TCP tunnels in a multi-user environment. In this post, we take a look at how IAP Desktop protects its tunnels. Read more »

Hijacking other user’s TCP tunnels

Posted on

If you are a frequent SSH user, then you’ll be familiar with local port forwarding. Creating tunnels by using local port forwarding is useful, easy, but also not without risks. Read more »

Onboarding workforce identities to Google Cloud

Posted on

In a company’s journey to the cloud, one of the topics that is important to sort out early is identity management. To do anything meaningful with Google Cloud, employees need to be able to sign in to the Cloud Console – but manually creating user accounts for each employee is rarely a good idea. Read more »