Reference documentation and code samples for the Service Management V1 API class Google::Api::AuthProvider.
Configuration for an authentication provider, including support for JSON Web Token (JWT).
Inherits
- Object
Extended By
- Google::Protobuf::MessageExts::ClassMethods
Includes
- Google::Protobuf::MessageExts
Methods
#audiences
def audiences() -> ::String
-
(::String) —
The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:
- "https://[service.name]/[google.protobuf.Api.name]"
- "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService
- https://library-example.googleapis.com/
Example:
audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com
#audiences=
def audiences=(value) -> ::String
-
value (::String) —
The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:
- "https://[service.name]/[google.protobuf.Api.name]"
- "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService
- https://library-example.googleapis.com/
Example:
audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com
-
(::String) —
The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:
- "https://[service.name]/[google.protobuf.Api.name]"
- "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService
- https://library-example.googleapis.com/
Example:
audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com
#authorization_url
def authorization_url() -> ::String
- (::String) — Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.
#authorization_url=
def authorization_url=(value) -> ::String
- value (::String) — Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.
- (::String) — Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.
#id
def id() -> ::String
-
(::String) — The unique identifier of the auth provider. It will be referred to by
AuthRequirement.provider_id
.Example: "bookstore_auth".
#id=
def id=(value) -> ::String
-
value (::String) — The unique identifier of the auth provider. It will be referred to by
AuthRequirement.provider_id
.Example: "bookstore_auth".
-
(::String) — The unique identifier of the auth provider. It will be referred to by
AuthRequirement.provider_id
.Example: "bookstore_auth".
#issuer
def issuer() -> ::String
-
(::String) — Identifies the principal that issued the JWT. See
https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1
Usually a URL or an email address.
Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com
#issuer=
def issuer=(value) -> ::String
-
value (::String) — Identifies the principal that issued the JWT. See
https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1
Usually a URL or an email address.
Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com
-
(::String) — Identifies the principal that issued the JWT. See
https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1
Usually a URL or an email address.
Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com
#jwks_uri
def jwks_uri() -> ::String
-
(::String) — URL of the provider's public key set to validate signature of the JWT. See
OpenID
Discovery.
Optional if the key set document:
- can be retrieved from OpenID Discovery of the issuer.
- can be inferred from the email domain of the issuer (e.g. a Google service account).
Example: https://www.googleapis.com/oauth2/v1/certs
#jwks_uri=
def jwks_uri=(value) -> ::String
-
value (::String) — URL of the provider's public key set to validate signature of the JWT. See
OpenID
Discovery.
Optional if the key set document:
- can be retrieved from OpenID Discovery of the issuer.
- can be inferred from the email domain of the issuer (e.g. a Google service account).
Example: https://www.googleapis.com/oauth2/v1/certs
-
(::String) — URL of the provider's public key set to validate signature of the JWT. See
OpenID
Discovery.
Optional if the key set document:
- can be retrieved from OpenID Discovery of the issuer.
- can be inferred from the email domain of the issuer (e.g. a Google service account).
Example: https://www.googleapis.com/oauth2/v1/certs
#jwt_locations
def jwt_locations() -> ::Array<::Google::Api::JwtLocation>
-
(::Array<::Google::Api::JwtLocation>) —
Defines the locations to extract the JWT.
JWT locations can be either from HTTP headers or URL query parameters. The rule is that the first match wins. The checking order is: checking all headers first, then URL query parameters.
If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter
Default locations can be specified as followings: jwt_locations:
- header: Authorization value_prefix: "Bearer "
- header: x-goog-iap-jwt-assertion
- query: access_token
#jwt_locations=
def jwt_locations=(value) -> ::Array<::Google::Api::JwtLocation>
-
value (::Array<::Google::Api::JwtLocation>) —
Defines the locations to extract the JWT.
JWT locations can be either from HTTP headers or URL query parameters. The rule is that the first match wins. The checking order is: checking all headers first, then URL query parameters.
If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter
Default locations can be specified as followings: jwt_locations:
- header: Authorization value_prefix: "Bearer "
- header: x-goog-iap-jwt-assertion
- query: access_token
-
(::Array<::Google::Api::JwtLocation>) —
Defines the locations to extract the JWT.
JWT locations can be either from HTTP headers or URL query parameters. The rule is that the first match wins. The checking order is: checking all headers first, then URL query parameters.
If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter
Default locations can be specified as followings: jwt_locations:
- header: Authorization value_prefix: "Bearer "
- header: x-goog-iap-jwt-assertion
- query: access_token