Class: Google::Apis::ServicemanagementV1::AuthProvider

Inherits:

Object

• Object
• Google::Apis::ServicemanagementV1::AuthProvider

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

generated/google/apis/servicemanagement_v1/classes.rb,
generated/google/apis/servicemanagement_v1/representations.rb,
generated/google/apis/servicemanagement_v1/representations.rb

Overview

Configuration for an authentication provider, including support for JSON Web Token (JWT).

Instance Attribute Summary

• #audiences ⇒ String

  The list of JWT audiences.

• #authorization_url ⇒ String

  Redirect URL if JWT token is required but not present or is expired.

• #id ⇒ String

  The unique identifier of the auth provider.

• #issuer ⇒ String

  Identifies the principal that issued the JWT.

• #jwks_uri ⇒ String

  URL of the provider's public key set to validate signature of the JWT.

• #jwt_locations ⇒ Array<Google::Apis::ServicemanagementV1::JwtLocation>

  Defines the locations to extract the JWT.

Instance Method Summary

• #initialize(**args) ⇒ AuthProvider constructor

  A new instance of AuthProvider.

• #update!(**args) ⇒ Object

  Update properties of this object.

Methods included from Core::JsonObjectSupport

#to_json

Methods included from Core::Hashable

process_value, #to_h

Constructor Details

#initialize(**args) ⇒ AuthProvider

Returns a new instance of AuthProvider.

# File 'generated/google/apis/servicemanagement_v1/classes.rb', line 321

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#audiences ⇒ String

The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, only JWTs with audience "https://Service_name/API_name" will be accepted. For example, if no audiences are in the setting, LibraryService API will only accept JWTs with the following audience "https://library-example.googleapis.com/google.example.library.v1. LibraryService". Example: audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com Corresponds to the JSON property audiences

Returns:

• (String)

# File 'generated/google/apis/servicemanagement_v1/classes.rb', line 263

def audiences
  @audiences
end

#authorization_url ⇒ String

Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec. Corresponds to the JSON property authorizationUrl

Returns:

• (String)

# File 'generated/google/apis/servicemanagement_v1/classes.rb', line 269

def authorization_url
  @authorization_url
end

#id ⇒ String

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id. Example: "bookstore_auth". Corresponds to the JSON property id

Returns:

• (String)

# File 'generated/google/apis/servicemanagement_v1/classes.rb', line 276

def id
  @id
end

#issuer ⇒ String

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address. Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com Corresponds to the JSON property issuer

Returns:

• (String)

# File 'generated/google/apis/servicemanagement_v1/classes.rb', line 285

def issuer
  @issuer
end

#jwks_uri ⇒ String

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery. Optional if the key set document:

• can be retrieved from [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html of the issuer.
• can be inferred from the email domain of the issuer (e.g. a Google service account). Example: https://www.googleapis.com/oauth2/v1/certs Corresponds to the JSON property jwksUri

Returns:

• (String)

# File 'generated/google/apis/servicemanagement_v1/classes.rb', line 301

def jwks_uri
  @jwks_uri
end

#jwt_locations ⇒ Array<Google::Apis::ServicemanagementV1::JwtLocation>

Defines the locations to extract the JWT. JWT locations can be either from HTTP headers or URL query parameters. The rule is that the first match wins. The checking order is: checking all headers first, then URL query parameters. If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token Corresponds to the JSON property jwtLocations

Returns:

• (Array<Google::Apis::ServicemanagementV1::JwtLocation>)

# File 'generated/google/apis/servicemanagement_v1/classes.rb', line 319

def jwt_locations
  @jwt_locations
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'generated/google/apis/servicemanagement_v1/classes.rb', line 326

def update!(**args)
  @audiences = args[:audiences] if args.key?(:audiences)
  @authorization_url = args[:authorization_url] if args.key?(:authorization_url)
  @id = args[:id] if args.key?(:id)
  @issuer = args[:issuer] if args.key?(:issuer)
  @jwks_uri = args[:jwks_uri] if args.key?(:jwks_uri)
  @jwt_locations = args[:jwt_locations] if args.key?(:jwt_locations)
end