Open in app

Sign in

Write

Sign in

Wow, this even more confusing
1

Zaar Hai

guillaume blaquiere
1 min readOct 3, 2020

You can use Directory API with ADC, but you can't use the Domain Wide delegation (used with the `with_subject`) with a user account, or with GCE/GKE not "prepared" for these GSuite scopes.

My opinion on the authentication part is: It's hard for beginners, and when it's hard, the "humans" go to the simplest solution, and, in terms of security, means the less secure.

It's my day to day toil to educate my colleagues on this and I really pray for a simplification about the security.

Impersonation is powerful, but, as you said, it's boilerplate for few things... And you alternative with KMS (or Secret manager) is great. I think you can share this story, it will be very interesting!!

The problem of impersonation is that only Java and Python Google Auth libraries implement them. The other languages have to implement this manually... Another 200 lines of boilerplate code!!

Anyway, I know that a IAM v2 is in progress and I put a lot on hope in this new evolution (I know a little about some features and it's exciting!). Maybe in 2021!!

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

guillaume blaquiere
guillaume blaquiere

Written by guillaume blaquiere

2.9K Followers
4 Following

GDE cloud platform, Group Data Architect @Carrefour, speaker, writer and polyglot developer, Google Cloud platform 3x certified, serverless addict and Go fan.

Responses (1)

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams