AuthProvider

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id.

Example: "bookstore_auth".

Generated from protobuf field string id = 1;

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id.

Example: "bookstore_auth".

Generated from protobuf field string id = 1;

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

Generated from protobuf field string issuer = 2;

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

Generated from protobuf field string issuer = 2;

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery.

Optional if the key set document: - can be retrieved from [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html of the issuer. - can be inferred from the email domain of the issuer (e.g. a Google service account). Example: https://www.googleapis.com/oauth2/v1/certs

Generated from protobuf field string jwks_uri = 3;

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery.

Optional if the key set document: - can be retrieved from [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html of the issuer. - can be inferred from the email domain of the issuer (e.g. a Google service account). Example: https://www.googleapis.com/oauth2/v1/certs

Generated from protobuf field string jwks_uri = 3;

The list of JWT audiences.

that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, only JWTs with audience "https://[Service_name][google.api.Service.name]/[API_name][google.protobuf.Api.name]" will be accepted. For example, if no audiences are in the setting, LibraryService API will only accept JWTs with the following audience "https://library-example.googleapis.com/google.example.library.v1.LibraryService". Example: audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com

Generated from protobuf field string audiences = 4;

The list of JWT audiences.

that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, only JWTs with audience "https://[Service_name][google.api.Service.name]/[API_name][google.protobuf.Api.name]" will be accepted. For example, if no audiences are in the setting, LibraryService API will only accept JWTs with the following audience "https://library-example.googleapis.com/google.example.library.v1.LibraryService". Example: audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com

Generated from protobuf field string audiences = 4;

Redirect URL if JWT token is required but no present or is expired.

Implement authorizationUrl of securityDefinitions in OpenAPI spec.

Generated from protobuf field string authorization_url = 5;

Redirect URL if JWT token is required but no present or is expired.

Implement authorizationUrl of securityDefinitions in OpenAPI spec.

Generated from protobuf field string authorization_url = 5;