package auth
- Alphabetic
- Public
- Protected
Type Members
- final case class AuthProvider(id: String = "", issuer: String = "", jwksUri: String = "", audiences: String = "", authorizationUrl: String = "", unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[AuthProvider] with Product with Serializable
Configuration for an authentication provider, including support for [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
Configuration for an authentication provider, including support for [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
- id
The unique identifier of the auth provider. It will be referred to by
AuthRequirement.provider_id
. Example: "bookstore_auth".- issuer
Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address. Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com
- jwksUri
URL of the provider's public key set to validate signature of the JWT. See [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). Optional if the key set document:
- can be retrieved from [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html of the issuer.
- can be inferred from the email domain of the issuer (e.g. a Google service account). Example: https://www.googleapis.com/oauth2/v1/certs
- audiences
The list of JWT [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3). that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, only JWTs with audience "https://[Service_name][google.api.Service.name]/[API_name][google.protobuf.Api.name]" will be accepted. For example, if no audiences are in the setting, LibraryService API will only accept JWTs with the following audience "https://library-example.googleapis.com/google.example.library.v1.LibraryService". Example: audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com
- authorizationUrl
Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.
- Annotations
- @SerialVersionUID()
- final case class AuthRequirement(providerId: String = "", audiences: String = "", unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[AuthRequirement] with Product with Serializable
User-defined authentication requirements, including support for [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
User-defined authentication requirements, including support for [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
- providerId
[id][google.api.AuthProvider.id] from authentication provider. Example: provider_id: bookstore_auth
- audiences
NOTE: This will be deprecated soon, once AuthProvider.audiences is implemented and accepted in all the runtime components. The list of JWT [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3). that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, only JWTs with audience "https://[Service_name][google.api.Service.name]/[API_name][google.protobuf.Api.name]" will be accepted. For example, if no audiences are in the setting, LibraryService API will only accept JWTs with the following audience "https://library-example.googleapis.com/google.example.library.v1.LibraryService". Example: audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com
- Annotations
- @SerialVersionUID()
- final case class Authentication(rules: Seq[AuthenticationRule] = _root_.scala.Seq.empty, providers: Seq[AuthProvider] = _root_.scala.Seq.empty, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[Authentication] with Product with Serializable
Authentication
defines the authentication configuration for an API.Authentication
defines the authentication configuration for an API.Example for an API targeted for external use:
name: calendar.googleapis.com authentication: providers:
- id: google_calendar_auth jwks_uri: https://www.googleapis.com/oauth2/v1/certs issuer: https://securetoken.google.com rules:
- selector: "*" requirements: provider_id: google_calendar_auth
- rules
A list of authentication rules that apply to individual API methods. **NOTE:** All service configuration rules follow "last one wins" order.
- providers
Defines a set of authentication providers that a service supports.
- Annotations
- @SerialVersionUID()
- final case class AuthenticationRule(selector: String = "", oauth: Option[OAuthRequirements] = _root_.scala.None, allowWithoutCredential: Boolean = false, requirements: Seq[AuthRequirement] = _root_.scala.Seq.empty, unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[AuthenticationRule] with Product with Serializable
Authentication rules for the service.
Authentication rules for the service.
By default, if a method has any authentication requirements, every request must include a valid credential matching one of the requirements. It's an error to include more than one kind of credential in a single request.
If a method doesn't have any auth requirements, request credentials will be ignored.
- selector
Selects the methods to which this rule applies. Refer to [selector][google.api.DocumentationRule.selector] for syntax details.
- oauth
The requirements for OAuth credentials.
- allowWithoutCredential
If true, the service accepts API keys without any other credential.
- requirements
Requirements for additional authentication providers.
- Annotations
- @SerialVersionUID()
- final case class OAuthRequirements(canonicalScopes: String = "", unknownFields: UnknownFieldSet = _root_.scalapb.UnknownFieldSet.empty) extends GeneratedMessage with Updatable[OAuthRequirements] with Product with Serializable
OAuth scopes are a way to define data and permissions on data.
OAuth scopes are a way to define data and permissions on data. For example, there are scopes defined for "Read-only access to Google Calendar" and "Access to Cloud Platform". Users can consent to a scope for an application, giving it permission to access that data on their behalf.
OAuth scope specifications should be fairly coarse grained; a user will need to see and understand the text description of what your scope means.
In most cases: use one or at most two OAuth scopes for an entire family of products. If your product has multiple APIs, you should probably be sharing the OAuth scope across all of those APIs.
When you need finer grained OAuth consent screens: talk with your product management about how developers will use them in practice.
Please note that even though each of the canonical scopes is enough for a request to be accepted and passed to the backend, a request can still fail due to the backend requiring additional scopes or permissions.
- canonicalScopes
The list of publicly documented OAuth scopes that are allowed access. An OAuth token containing any of these scopes will be accepted. Example: canonical_scopes: https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/calendar.read
- Annotations
- @SerialVersionUID()
Value Members
- object AuthProto extends GeneratedFileObject
- object AuthProvider extends GeneratedMessageCompanion[AuthProvider] with JavaProtoSupport[AuthProvider, api.AuthProvider] with Serializable
- object AuthRequirement extends GeneratedMessageCompanion[AuthRequirement] with JavaProtoSupport[AuthRequirement, api.AuthRequirement] with Serializable
- object Authentication extends GeneratedMessageCompanion[Authentication] with JavaProtoSupport[Authentication, api.Authentication] with Serializable
- object AuthenticationRule extends GeneratedMessageCompanion[AuthenticationRule] with JavaProtoSupport[AuthenticationRule, api.AuthenticationRule] with Serializable
- object OAuthRequirements extends GeneratedMessageCompanion[OAuthRequirements] with JavaProtoSupport[OAuthRequirements, api.OAuthRequirements] with Serializable