What do I mean by “Service Account Authentication on GCP via a Node.js app”?

It’s the process of authentication as a specific service account on GCP via your app so that for further requests to GCP the app can send an authentication token that identifies it as this service account. This also means that the app now has all rights/roles which are applied for this specific service account. This can range from invoking Cloud Functions to editing resources to deleting certain resources.

Possible use case

Of course, there is not this one and only use case for this. But the usual use case for this “technique” is that you want to ensure a secure server-to-server communication that only allows authorized requests to even reach your server.

Most of the time, when your server is open for the public, your servers accept ALL requests, and only after accepting they check the cookies or authorization headers if the sender of the request is even allowed to talk with the server and perform a certain action. But this approach makes your server vulnerable to DDoS attacks and of course, also costs way more resources even when your server is scalable and can handle the high amount of unauthorized requests. But besides DDoS attacks, you could have also simply forgotten some authentication code in one of your endpoints which can lead to security vulnerabilities.

But when you already ensure a certain authorization before the requests hit your servers you save resources, improve security, and let Google do its magic to protect your servers from unauthorized access.

#security #nodejs #javascript