-
Notifications
You must be signed in to change notification settings - Fork 40
Authentication
Authentication determines who you are, authorization determines what you can do, and auditing logs what you did.
A principal is an entity, also known as an identity, that can be granted access to a resource. Google Cloud APIs support two types of principals: user accounts and service accounts.
https://cloud.google.com/docs/authentication#principals
Application credentials provide the required information about the caller making a request to a Google Cloud API.
https://cloud.google.com/docs/authentication#applications
Best practices to securely authenticate applications in Google Cloud.
https://cloud.google.com/docs/authentication/best-practices-applications
https://cloud.google.com/docs/authentication/production
Google Cloud APIs support multiple authentication flows for different runtime environments.
IAP lets you establish a central authorization layer for applications accessed by HTTPS, so you can use an application-level access control model instead of relying on network-level firewalls.
https://tools.ietf.org/html/rfc6749
https://developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc
Cloud Endpoints supports APIs that are described using version 2.0 of the OpenAPI specification.
https://cloud.google.com/endpoints/docs/openapi/openapi-overview
https://cloud.google.com/endpoints/docs/openapi/authenticating-users-okta
https://cloud.google.com/endpoints/docs/openapi/authenticating-users-auth0
https://cloud.google.com/endpoints/docs/openapi/authenticating-users-firebase
https://cloud.google.com/endpoints/docs/openapi/authenticating-users-google-id
Managed Service for Microsoft Active Directory (AD) is a highly available, hardened Google Cloud service running actual Microsoft AD that enables you to manage authentication and authorization for your AD-dependent workloads, automate AD server maintenance and security configuration, and connect your on-premises AD domain to the cloud.
Access control for Google Cloud APIs encompasses authentication, authorization, and auditing.
Service accounts are managed by IAM and are intended for scenarios where your application needs to access resources or perform actions on its own, such as running App Engine apps or interacting with Compute Engine instances.
https://cloud.google.com/endpoints/docs/openapi/service-account-authentication
JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties.
https://developer.okta.com/blog/2019/10/17/a-thorough-introduction-to-paseto