public interface AuthProviderOrBuilder extends MessageOrBuilderImplements
MessageOrBuilderMethods
getAudiences()
public abstract String getAudiences()The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:
- "https://[service.name]/[google.protobuf.Api.name]"
- "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService
- https://library-example.googleapis.com/ Example: audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com
string audiences = 4;
| Type | Description |
| String | The audiences. |
getAudiencesBytes()
public abstract ByteString getAudiencesBytes()The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:
- "https://[service.name]/[google.protobuf.Api.name]"
- "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService
- https://library-example.googleapis.com/ Example: audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com
string audiences = 4;
| Type | Description |
| ByteString | The bytes for audiences. |
getAuthorizationUrl()
public abstract String getAuthorizationUrl()Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.
string authorization_url = 5;
| Type | Description |
| String | The authorizationUrl. |
getAuthorizationUrlBytes()
public abstract ByteString getAuthorizationUrlBytes()Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.
string authorization_url = 5;
| Type | Description |
| ByteString | The bytes for authorizationUrl. |
getId()
public abstract String getId() The unique identifier of the auth provider. It will be referred to by
AuthRequirement.provider_id.
Example: "bookstore_auth".
string id = 1;
| Type | Description |
| String | The id. |
getIdBytes()
public abstract ByteString getIdBytes() The unique identifier of the auth provider. It will be referred to by
AuthRequirement.provider_id.
Example: "bookstore_auth".
string id = 1;
| Type | Description |
| ByteString | The bytes for id. |
getIssuer()
public abstract String getIssuer()Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address. Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com
string issuer = 2;
| Type | Description |
| String | The issuer. |
getIssuerBytes()
public abstract ByteString getIssuerBytes()Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address. Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com
string issuer = 2;
| Type | Description |
| ByteString | The bytes for issuer. |
getJwksUri()
public abstract String getJwksUri()URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery. Optional if the key set document:
- can be retrieved from OpenID Discovery of the issuer.
- can be inferred from the email domain of the issuer (e.g. a Google service account). Example: https://www.googleapis.com/oauth2/v1/certs
string jwks_uri = 3;
| Type | Description |
| String | The jwksUri. |
getJwksUriBytes()
public abstract ByteString getJwksUriBytes()URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery. Optional if the key set document:
- can be retrieved from OpenID Discovery of the issuer.
- can be inferred from the email domain of the issuer (e.g. a Google service account). Example: https://www.googleapis.com/oauth2/v1/certs
string jwks_uri = 3;
| Type | Description |
| ByteString | The bytes for jwksUri. |
getJwtLocations(int index)
public abstract JwtLocation getJwtLocations(int index)Defines the locations to extract the JWT. JWT locations can be either from HTTP headers or URL query parameters. The rule is that the first match wins. The checking order is: checking all headers first, then URL query parameters. If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter Default locations can be specified as followings: jwt_locations:
- header: Authorization value_prefix: "Bearer "
- header: x-goog-iap-jwt-assertion
- query: access_token
repeated .google.api.JwtLocation jwt_locations = 6;
| Name | Description |
| index | int |
| Type | Description |
| JwtLocation |
getJwtLocationsCount()
public abstract int getJwtLocationsCount()Defines the locations to extract the JWT. JWT locations can be either from HTTP headers or URL query parameters. The rule is that the first match wins. The checking order is: checking all headers first, then URL query parameters. If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter Default locations can be specified as followings: jwt_locations:
- header: Authorization value_prefix: "Bearer "
- header: x-goog-iap-jwt-assertion
- query: access_token
repeated .google.api.JwtLocation jwt_locations = 6;
| Type | Description |
| int |
getJwtLocationsList()
public abstract List<JwtLocation> getJwtLocationsList()Defines the locations to extract the JWT. JWT locations can be either from HTTP headers or URL query parameters. The rule is that the first match wins. The checking order is: checking all headers first, then URL query parameters. If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter Default locations can be specified as followings: jwt_locations:
- header: Authorization value_prefix: "Bearer "
- header: x-goog-iap-jwt-assertion
- query: access_token
repeated .google.api.JwtLocation jwt_locations = 6;
| Type | Description |
| List<JwtLocation> |
getJwtLocationsOrBuilder(int index)
public abstract JwtLocationOrBuilder getJwtLocationsOrBuilder(int index)Defines the locations to extract the JWT. JWT locations can be either from HTTP headers or URL query parameters. The rule is that the first match wins. The checking order is: checking all headers first, then URL query parameters. If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter Default locations can be specified as followings: jwt_locations:
- header: Authorization value_prefix: "Bearer "
- header: x-goog-iap-jwt-assertion
- query: access_token
repeated .google.api.JwtLocation jwt_locations = 6;
| Name | Description |
| index | int |
| Type | Description |
| JwtLocationOrBuilder |
getJwtLocationsOrBuilderList()
public abstract List<? extends JwtLocationOrBuilder> getJwtLocationsOrBuilderList()Defines the locations to extract the JWT. JWT locations can be either from HTTP headers or URL query parameters. The rule is that the first match wins. The checking order is: checking all headers first, then URL query parameters. If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter Default locations can be specified as followings: jwt_locations:
- header: Authorization value_prefix: "Bearer "
- header: x-goog-iap-jwt-assertion
- query: access_token
repeated .google.api.JwtLocation jwt_locations = 6;
| Type | Description |
| List<? extends com.google.api.JwtLocationOrBuilder> |