201

In the OAuth 2.0 specification, a scope defines the limits of an access token. When applied to Google APIs, a scope specifies which APIs and resources the token can access. If you only take away one thing about OAuth 2.0 Scopes for Google APIs, it is: do not

This post aims to answer the question, 'What can go wrong when using Google Cloud services that leverage Service Agents/P4SAs?' For an introduction to Service Agents, see GCP IAM 201 - Service Agents. Below, you'll find an overview of possible threats to Google Cloud customers

Service Agents are nothing more than a type of a Service Account. Also known as a P4SA (Per-Project, Per-Product; Service Account), a Service Agent is typically created automatically whenever its associated Google API is enabled in a Project. Service Agent and Service Account Comparison Customer-managed SAs Google-managed SAs Colloquially called: