Class: Google::Apis::IamcredentialsV1::GenerateIdentityBindingAccessTokenRequest

Inherits:

Object

• Object
• Google::Apis::IamcredentialsV1::GenerateIdentityBindingAccessTokenRequest

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

generated/google/apis/iamcredentials_v1/classes.rb,
generated/google/apis/iamcredentials_v1/representations.rb,
generated/google/apis/iamcredentials_v1/representations.rb

Instance Attribute Summary

• #jwt ⇒ String

  Required.

• #scope ⇒ Array<String>

  Code to identify the scopes to be included in the OAuth 2.0 access token.

Instance Method Summary

• #initialize(**args) ⇒ GenerateIdentityBindingAccessTokenRequest constructor

  A new instance of GenerateIdentityBindingAccessTokenRequest.

• #update!(**args) ⇒ Object

  Update properties of this object.

Methods included from Core::JsonObjectSupport

#to_json

Methods included from Core::Hashable

process_value, #to_h

Constructor Details

#initialize(**args) ⇒ GenerateIdentityBindingAccessTokenRequest

Returns a new instance of GenerateIdentityBindingAccessTokenRequest

# File 'generated/google/apis/iamcredentials_v1/classes.rb', line 215

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#jwt ⇒ String

Required. Input token. Must be in JWT format according to RFC7523 (https://tools.ietf.org/html/rfc7523) and must have 'kid' field in the header. Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon). Mandatory payload fields (along the lines of RFC 7523, section 3):

• iss: issuer of the token. Must provide a discovery document at $iss/.well-known/openid-configuration . The document needs to be formatted according to section 4.2 of the OpenID Connect Discovery 1.0 specification.
• iat: Issue time in seconds since epoch. Must be in the past.
• exp: Expiration time in seconds since epoch. Must be less than 48 hours after iat. We recommend to create tokens that last shorter than 6 hours to improve security unless business reasons mandate longer expiration times. Shorter token lifetimes are generally more secure since tokens that have been exfiltrated by attackers can be used for a shorter time. you can configure the maximum lifetime of the incoming token in the configuration of the mapper. The resulting Google token will expire within an hour or at "exp", whichever is earlier.
• sub: JWT subject, identity asserted in the JWT.
• aud: Configured in the mapper policy. By default the service account email. Claims from the incoming token can be transferred into the output token accoding to the mapper configuration. The outgoing claim size is limited. Outgoing claims size must be less than 4kB serialized as JSON without whitespace. Example header: "alg": "RS256", "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8" Example payload: "iss": "https://accounts.google.com", "iat": 1517963104, "exp": 1517966704, "aud": "https://iamcredentials.googleapis.com/google.iam.credentials.v1. CloudGaia", "sub": "113475438248934895348", "my_claims": "additional_claim": "value" Corresponds to the JSON property jwt

Returns:

• (String)

# File 'generated/google/apis/iamcredentials_v1/classes.rb', line 205

def jwt
  @jwt
end

#scope ⇒ Array<String>

Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required. Corresponds to the JSON property scope

Returns:

• (Array<String>)

# File 'generated/google/apis/iamcredentials_v1/classes.rb', line 213

def scope
  @scope
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'generated/google/apis/iamcredentials_v1/classes.rb', line 220

def update!(**args)
  @jwt = args[:jwt] if args.key?(:jwt)
  @scope = args[:scope] if args.key?(:scope)
end