« Back to home

Google Cloud Doing service account things without a service account key

Before we deploy an application to Google Cloud, we typically want to test it locally. If the application uses Google Cloud APIs, then we somehow need to ensure that the application can authenticate. We could use a service account key for that, but there’s typically a better way. Continue »

Google Cloud Authenticating to Google Cloud using Integrated Windows Authentication, workload identity federation, and SAML-POST

Previously, we explored two ways of authenticating to Google Cloud using Kerberos and NTLM credentials. Both ways involved authenticating to AD FS using Integrated Windows Authentication, and then using workload identity federation. But there’s a third way that we haven’t cover yet – and it involves using the SAML HTTP-POST binding. Continue »

AWS Creating AWS request signatures

Instead of using OAuth and access tokens, AWS uses request signatures to authenticate API requests. Typically, we can let libraries do the request signing for us – but sometimes we have to do it ourselves. Continue »