Security, software development and devops in a cloud world

Tag OAuth

Azure – OpenID Connect JSON Web Key Set

Introduction For a new project, I must validate Azure Access Tokens in PHP. This requires obtaining the public key to validate the JWT signature. This article shows the process of working with the Azure OpenID Connect Metadata Document to obtain… Continue Reading →

Google Cloud – Improving Security with Impersonation

Introduction A common practice in Google Cloud is to create one or more service accounts to authorize the Google Cloud CLI. Using service accounts is recommended by Google instead of user accounts. However, a service account JSON or P12 file… Continue Reading →

Never Implement Proxy TLS Interception

Introduction I was answering a question on StackOverflow. The questioner has implemented Proxy TLS Interception which is very dangerous. I am reposting this thread on my website to share the details of my answer. The Question: how to configure Google… Continue Reading →

Google OAuth 2.0 – Testing with Curl – Refresh Access Token

In my earlier article on how to test Google OAuth 2.0 flows from the command line I showed how to generate Google OAuth 2.0 Access Token, Refresh Token, and ID Token. In this article, I will show how to refresh… Continue Reading →

Google OAuth 2.0 – Testing with Curl – Version 2

If you have ever wanted to test Google OAuth 2.0 flows from the command line, you will like this short article. This article is the second version. I wrote a previous article on using curl, but that version did not… Continue Reading →

Google Cloud – Creating OAuth Access Tokens for REST API Calls

The following example shows several important steps to call Google Cloud APIs without using an SDK in Python. Similar code works in just about any language (c#, java, php, nodejs). Change the source code with the filename of your service… Continue Reading →

Google Cloud – Converting Service Account Credentials from P12 to Json Format

I have written a number of articles about Google Cloud Credentials. For Service Account credentials, there are two on-disk formats: P12 and Json. This article shows how to convert these credentials from P12 to Json.

  John HanleyI design… Continue Reading →

Google Cloud – Extracting Private Key from Service Account P12 Credentials

Google Service Account Credentials are available in two file formats: Json and P12. P12 is also known as PFX. The following code shows how to process a P12 file and split into Private Key and Certificate. This code also works… Continue Reading →

Google Cloud – Creating Access Tokens from Service Account P12 Credentials

Google Service Account Credentials are available in two file formats: Json and P12. P12 is also known as PFX. The following code shows how to use P12 credentials to list the buckets in Google Cloud Storage without using an SDK…. Continue Reading →

Google OAuth 2.0 – Testing with Curl

Introduction If you have ever wanted to test Google OAuth 2.0 flows from the command-line, you will like this short article. [Update: I thought about the problem below with the copy and paste requirement. I created a simple python web… Continue Reading →

© 2024 John Hanley — Powered by WordPress

Theme by Anders NorenUp ↑