Google API Common Protos Client - Class AuthProvider (4.8.3)

Reference documentation and code samples for the Google API Common Protos Client class AuthProvider.

Configuration for an authentication provider, including support for JSON Web Token (JWT).

Generated from protobuf message google.api.AuthProvider

Namespace

Google \ Api

Methods

__construct

Constructor.

Parameters
Name Description
data array

Optional. Data for populating the Message object.

↳ id string

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id. Example: "bookstore_auth".

↳ issuer string

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address. Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

↳ jwks_uri string

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery. Optional if the key set document: - can be retrieved from OpenID Discovery of the issuer. - can be inferred from the email domain of the issuer (e.g. a Google service account). Example: https://www.googleapis.com/oauth2/v1/certs

↳ audiences string

The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences: - "https://[service.name]/[google.protobuf.Api.name]" - "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService - https://library-example.googleapis.com/ Example: audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com

↳ authorization_url string

Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.

↳ jwt_locations array<JwtLocation>

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins. If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter Default locations can be specified as followings: jwt_locations: - header: Authorization value_prefix: "Bearer " - header: x-goog-iap-jwt-assertion - query: access_token

getId

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id.

Example: "bookstore_auth".

Returns
Type Description
string

setId

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id.

Example: "bookstore_auth".

Parameter
Name Description
var string
Returns
Type Description
$this

getIssuer

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

Returns
Type Description
string

setIssuer

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

Parameter
Name Description
var string
Returns
Type Description
$this

getJwksUri

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery.

Optional if the key set document:

Returns
Type Description
string

setJwksUri

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery.

Optional if the key set document:

Parameter
Name Description
var string
Returns
Type Description
$this

getAudiences

The list of JWT audiences.

that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:

Returns
Type Description
string

setAudiences

The list of JWT audiences.

that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:

Parameter
Name Description
var string
Returns
Type Description
$this

getAuthorizationUrl

Redirect URL if JWT token is required but not present or is expired.

Implement authorizationUrl of securityDefinitions in OpenAPI spec.

Returns
Type Description
string

setAuthorizationUrl

Redirect URL if JWT token is required but not present or is expired.

Implement authorizationUrl of securityDefinitions in OpenAPI spec.

Parameter
Name Description
var string
Returns
Type Description
$this

getJwtLocations

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter Default locations can be specified as followings: jwt_locations:

  • header: Authorization value_prefix: "Bearer "
  • header: x-goog-iap-jwt-assertion
  • query: access_token
Returns
Type Description
Google\Protobuf\Internal\RepeatedField

setJwtLocations

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter Default locations can be specified as followings: jwt_locations:

  • header: Authorization value_prefix: "Bearer "
  • header: x-goog-iap-jwt-assertion
  • query: access_token
Parameter
Name Description
var array<JwtLocation>
Returns
Type Description
$this