Posts Tagged "IAM"

May 27, 2026

Google OAuth has two surprises that make every internal-service auth story uglier than it should be. The standard workaround involves domain-wide delegation and a service account JSON key shipped to every application that wants group-based authorization. There is a much better answer that doesn't require any of that.

November 20, 2017

How I built a system to impersonate the AWS metadata service on developer laptops, providing passwordless, expiring STS credentials linked to user identities via SSH key authentication.