Class AttributeContext.Auth (2.29.0)

This message defines request authentication attributes. Terminology is based on the JSON Web Token (JWT) standard, but the terms also correlate to concepts in other standards.

Protobuf type google.rpc.context.AttributeContext.Auth

A list of access level resource names that allow resources to be accessed by authenticated requester. It is part of Secure GCP processing for the incoming request. An access level string has the format: "//{api_service_name}/accessPolicies/{policy_id}/accessLevels/{short_name}"

Example: "//accesscontextmanager.googleapis.com/accessPolicies/MY_POLICY_ID/accessLevels/MY_LEVEL"

repeated string access_levels = 5;

A list of access level resource names that allow resources to be accessed by authenticated requester. It is part of Secure GCP processing for the incoming request. An access level string has the format: "//{api_service_name}/accessPolicies/{policy_id}/accessLevels/{short_name}"

Example: "//accesscontextmanager.googleapis.com/accessPolicies/MY_POLICY_ID/accessLevels/MY_LEVEL"

repeated string access_levels = 5;

A list of access level resource names that allow resources to be accessed by authenticated requester. It is part of Secure GCP processing for the incoming request. An access level string has the format: "//{api_service_name}/accessPolicies/{policy_id}/accessLevels/{short_name}"

Example: "//accesscontextmanager.googleapis.com/accessPolicies/MY_POLICY_ID/accessLevels/MY_LEVEL"

repeated string access_levels = 5;

A list of access level resource names that allow resources to be accessed by authenticated requester. It is part of Secure GCP processing for the incoming request. An access level string has the format: "//{api_service_name}/accessPolicies/{policy_id}/accessLevels/{short_name}"

Example: "//accesscontextmanager.googleapis.com/accessPolicies/MY_POLICY_ID/accessLevels/MY_LEVEL"

repeated string access_levels = 5;

The intended audience(s) for this authentication information. Reflects the audience (aud) claim within a JWT. The audience value(s) depends on the issuer, but typically include one or more of the following pieces of information:

• The services intended to receive the credential. For example, ["https://pubsub.googleapis.com/", "https://storage.googleapis.com/"].
• A set of service-based scopes. For example, ["https://www.googleapis.com/auth/cloud-platform"].

• The client id of an app, such as the Firebase project id for JWTs from Firebase Auth.

  Consult the documentation for the credential issuer to determine the information provided.

repeated string audiences = 2;

The intended audience(s) for this authentication information. Reflects the audience (aud) claim within a JWT. The audience value(s) depends on the issuer, but typically include one or more of the following pieces of information:

• The services intended to receive the credential. For example, ["https://pubsub.googleapis.com/", "https://storage.googleapis.com/"].
• A set of service-based scopes. For example, ["https://www.googleapis.com/auth/cloud-platform"].

• The client id of an app, such as the Firebase project id for JWTs from Firebase Auth.

  Consult the documentation for the credential issuer to determine the information provided.

repeated string audiences = 2;

The intended audience(s) for this authentication information. Reflects the audience (aud) claim within a JWT. The audience value(s) depends on the issuer, but typically include one or more of the following pieces of information:

• The services intended to receive the credential. For example, ["https://pubsub.googleapis.com/", "https://storage.googleapis.com/"].
• A set of service-based scopes. For example, ["https://www.googleapis.com/auth/cloud-platform"].

• The client id of an app, such as the Firebase project id for JWTs from Firebase Auth.

  Consult the documentation for the credential issuer to determine the information provided.

repeated string audiences = 2;

The intended audience(s) for this authentication information. Reflects the audience (aud) claim within a JWT. The audience value(s) depends on the issuer, but typically include one or more of the following pieces of information:

• The services intended to receive the credential. For example, ["https://pubsub.googleapis.com/", "https://storage.googleapis.com/"].
• A set of service-based scopes. For example, ["https://www.googleapis.com/auth/cloud-platform"].

• The client id of an app, such as the Firebase project id for JWTs from Firebase Auth.

  Consult the documentation for the credential issuer to determine the information provided.

repeated string audiences = 2;

Structured claims presented with the credential. JWTs include {key: value} pairs for standard and private claims. The following is a subset of the standard required and optional claims that would typically be presented for a Google-based JWT:

{'iss': 'accounts.google.com',
 'sub': '113289723416554971153',
 'aud': ['123456789012', 'pubsub.googleapis.com'],
 'azp': '123456789012.apps.googleusercontent.com',
 'email': 'jsmith@example.com',
 'iat': 1353601026,
 'exp': 1353604926}

SAML assertions are similarly specified, but with an identity provider dependent structure.

.google.protobuf.Struct claims = 4;

Structured claims presented with the credential. JWTs include {key: value} pairs for standard and private claims. The following is a subset of the standard required and optional claims that would typically be presented for a Google-based JWT:

{'iss': 'accounts.google.com',
 'sub': '113289723416554971153',
 'aud': ['123456789012', 'pubsub.googleapis.com'],
 'azp': '123456789012.apps.googleusercontent.com',
 'email': 'jsmith@example.com',
 'iat': 1353601026,
 'exp': 1353604926}

SAML assertions are similarly specified, but with an identity provider dependent structure.

.google.protobuf.Struct claims = 4;

The authorized presenter of the credential. Reflects the optional Authorized Presenter (azp) claim within a JWT or the OAuth client id. For example, a Google Cloud Platform client id looks as follows: "123456789012.apps.googleusercontent.com".

string presenter = 3;

The authorized presenter of the credential. Reflects the optional Authorized Presenter (azp) claim within a JWT or the OAuth client id. For example, a Google Cloud Platform client id looks as follows: "123456789012.apps.googleusercontent.com".

string presenter = 3;

The authenticated principal. Reflects the issuer (iss) and subject (sub) claims within a JWT. The issuer and subject should be / delimited, with / percent-encoded within the subject fragment. For Google accounts, the principal format is: "https://accounts.google.com/{id}"

string principal = 1;

The authenticated principal. Reflects the issuer (iss) and subject (sub) claims within a JWT. The issuer and subject should be / delimited, with / percent-encoded within the subject fragment. For Google accounts, the principal format is: "https://accounts.google.com/{id}"

string principal = 1;

Structured claims presented with the credential. JWTs include {key: value} pairs for standard and private claims. The following is a subset of the standard required and optional claims that would typically be presented for a Google-based JWT:

{'iss': 'accounts.google.com',
 'sub': '113289723416554971153',
 'aud': ['123456789012', 'pubsub.googleapis.com'],
 'azp': '123456789012.apps.googleusercontent.com',
 'email': 'jsmith@example.com',
 'iat': 1353601026,
 'exp': 1353604926}

SAML assertions are similarly specified, but with an identity provider dependent structure.

.google.protobuf.Struct claims = 4;