Class AuthProvider.Builder (2.41.0)

Configuration for an authentication provider, including support for JSON Web Token (JWT).

Protobuf type google.api.AuthProvider

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:

• "https://[service.name]/[google.protobuf.Api.name]"
• "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService

• https://library-example.googleapis.com/

  Example:

  audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com

string audiences = 4;

Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.

string authorization_url = 5;

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id.

Example: "bookstore_auth".

string id = 1;

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

string issuer = 2;

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery. Optional if the key set document:

• can be retrieved from OpenID Discovery of the issuer.

• can be inferred from the email domain of the issuer (e.g. a Google service account).

  Example: https://www.googleapis.com/oauth2/v1/certs

string jwks_uri = 3;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:

• "https://[service.name]/[google.protobuf.Api.name]"
• "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService

• https://library-example.googleapis.com/

  Example:

  audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com

string audiences = 4;

The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:

• "https://[service.name]/[google.protobuf.Api.name]"
• "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService

• https://library-example.googleapis.com/

  Example:

  audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com

string audiences = 4;

Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.

string authorization_url = 5;

Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.

string authorization_url = 5;

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id.

Example: "bookstore_auth".

string id = 1;

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id.

Example: "bookstore_auth".

string id = 1;

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

string issuer = 2;

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

string issuer = 2;

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery. Optional if the key set document:

• can be retrieved from OpenID Discovery of the issuer.

• can be inferred from the email domain of the issuer (e.g. a Google service account).

  Example: https://www.googleapis.com/oauth2/v1/certs

string jwks_uri = 3;

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery. Optional if the key set document:

• can be retrieved from OpenID Discovery of the issuer.

• can be inferred from the email domain of the issuer (e.g. a Google service account).

  Example: https://www.googleapis.com/oauth2/v1/certs

string jwks_uri = 3;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:

• "https://[service.name]/[google.protobuf.Api.name]"
• "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService

• https://library-example.googleapis.com/

  Example:

  audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com

string audiences = 4;

The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:

• "https://[service.name]/[google.protobuf.Api.name]"
• "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService

• https://library-example.googleapis.com/

  Example:

  audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com

string audiences = 4;

Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.

string authorization_url = 5;

Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.

string authorization_url = 5;

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id.

Example: "bookstore_auth".

string id = 1;

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id.

Example: "bookstore_auth".

string id = 1;

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

string issuer = 2;

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

string issuer = 2;

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery. Optional if the key set document:

• can be retrieved from OpenID Discovery of the issuer.

• can be inferred from the email domain of the issuer (e.g. a Google service account).

  Example: https://www.googleapis.com/oauth2/v1/certs

string jwks_uri = 3;

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery. Optional if the key set document:

• can be retrieved from OpenID Discovery of the issuer.

• can be inferred from the email domain of the issuer (e.g. a Google service account).

  Example: https://www.googleapis.com/oauth2/v1/certs

string jwks_uri = 3;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

repeated .google.api.JwtLocation jwt_locations = 6;