Class: Google::Api::AuthProvider

Inherits:

Object

Object
Google::Api::AuthProvider

show all

Extended by:: Protobuf::MessageExts::ClassMethods

Includes:: Protobuf::MessageExts

Defined in:: proto_docs/google/api/auth.rb

Overview

Configuration for an authentication provider, including support for JSON Web Token (JWT).

Instance Attribute Summary collapse

#audiences ⇒ ::String
The list of JWT audiences.
#authorization_url ⇒ ::String
Redirect URL if JWT token is required but not present or is expired.
#id ⇒ ::String
The unique identifier of the auth provider.
#issuer ⇒ ::String
Identifies the principal that issued the JWT.
#jwks_uri ⇒ ::String
URL of the provider's public key set to validate signature of the JWT.
#jwt_locations ⇒ ::Array<::Google::Api::JwtLocation>
Defines the locations to extract the JWT.

Instance Attribute Details

#audiences ⇒ `::String`

Returns The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:

"https://[service.name]/[google.protobuf.Api.name]"
"https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService
https://library-example.googleapis.com/

Example:

audiences: bookstore_android.apps.googleusercontent.com,
           bookstore_web.apps.googleusercontent.com.

Returns:

(::String) —
The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:
- "https://[service.name]/[google.protobuf.Api.name]"
- "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService
- https://library-example.googleapis.com/
Example:
```
audiences: bookstore_android.apps.googleusercontent.com,
           bookstore_web.apps.googleusercontent.com
```

# File 'proto_docs/google/api/auth.rb', line 182

class AuthProvider
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#authorization_url ⇒ `::String`

Returns Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.

Returns:

(::String) —
Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.

# File 'proto_docs/google/api/auth.rb', line 182

class AuthProvider
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#id ⇒ `::String`

Returns The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id.

Example: "bookstore_auth".

Returns:

(::String) —
The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id.

Example: "bookstore_auth".

# File 'proto_docs/google/api/auth.rb', line 182

class AuthProvider
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#issuer ⇒ `::String`

Returns Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: [email protected].

Returns:

(::String) —
Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: [email protected]

# File 'proto_docs/google/api/auth.rb', line 182

class AuthProvider
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#jwks_uri ⇒ `::String`

Returns URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery. Optional if the key set document:

can be retrieved from OpenID Discovery of the issuer.
can be inferred from the email domain of the issuer (e.g. a Google service account).

Example: https://www.googleapis.com/oauth2/v1/certs.

Returns:

(::String) —
URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery. Optional if the key set document:
- can be retrieved from OpenID Discovery of the issuer.
- can be inferred from the email domain of the issuer (e.g. a Google service account).
Example: https://www.googleapis.com/oauth2/v1/certs

# File 'proto_docs/google/api/auth.rb', line 182

class AuthProvider
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

#jwt_locations ⇒ `::Array<::Google::Api::JwtLocation>`

Returns Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

header: Authorization value_prefix: "Bearer "
header: x-goog-iap-jwt-assertion
query: access_token.

Returns:

(::Array<::Google::Api::JwtLocation>) —
Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:
- header: Authorization value_prefix: "Bearer "
- header: x-goog-iap-jwt-assertion
- query: access_token

# File 'proto_docs/google/api/auth.rb', line 182

class AuthProvider
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods
end

Class: Google::Api::AuthProvider

Overview

Instance Attribute Summary collapse

Instance Attribute Details

#audiences ⇒ ::String

#authorization_url ⇒ ::String

#id ⇒ ::String

#issuer ⇒ ::String

#jwks_uri ⇒ ::String

#jwt_locations ⇒ ::Array<::Google::Api::JwtLocation>

#audiences ⇒ `::String`

#authorization_url ⇒ `::String`

#id ⇒ `::String`

#issuer ⇒ `::String`

#jwks_uri ⇒ `::String`

#jwt_locations ⇒ `::Array<::Google::Api::JwtLocation>`