Package com.google.api

Class AuthProvider

  • All Implemented Interfaces:
    AuthProviderOrBuilder, com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, Serializable
    public final class AuthProvider
extends com.google.protobuf.GeneratedMessageV3
implements AuthProviderOrBuilder
     Configuration for an authentication provider, including support for
 [JSON Web Token
 (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
    Protobuf type google.api.AuthProvider
    See Also:
    Serialized Form

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  AuthProvider.Builder
      Configuration for an authentication provider, including support for [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).

      • Nested classes/interfaces inherited from class com.google.protobuf.GeneratedMessageV3

        com.google.protobuf.GeneratedMessageV3.BuilderParent, com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage,​BuilderType extends com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageType,​BuilderType>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage>, com.google.protobuf.GeneratedMessageV3.ExtendableMessageOrBuilder<MessageType extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage>, com.google.protobuf.GeneratedMessageV3.FieldAccessorTable, com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter

      • Nested classes/interfaces inherited from class com.google.protobuf.AbstractMessageLite

        com.google.protobuf.AbstractMessageLite.InternalOneOfEnum

    • Method Detail

      • newInstance

        protected Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
        Overrides:
        newInstance in class com.google.protobuf.GeneratedMessageV3

      • getUnknownFields

        public final com.google.protobuf.UnknownFieldSet getUnknownFields()
        Specified by:
        getUnknownFields in interface com.google.protobuf.MessageOrBuilder
        Overrides:
        getUnknownFields in class com.google.protobuf.GeneratedMessageV3

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

      • getId

        public String getId()
         The unique identifier of the auth provider. It will be referred to by
 `AuthRequirement.provider_id`.
 Example: "bookstore_auth".
        string id = 1;
        Specified by:
        getId in interface AuthProviderOrBuilder
        Returns:
        The id.

      • getIdBytes

        public com.google.protobuf.ByteString getIdBytes()
         The unique identifier of the auth provider. It will be referred to by
 `AuthRequirement.provider_id`.
 Example: "bookstore_auth".
        string id = 1;
        Specified by:
        getIdBytes in interface AuthProviderOrBuilder
        Returns:
        The bytes for id.

      • getIssuer

        public String getIssuer()
         Identifies the principal that issued the JWT. See
 https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1
 Usually a URL or an email address.
 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com
        string issuer = 2;
        Specified by:
        getIssuer in interface AuthProviderOrBuilder
        Returns:
        The issuer.

      • getIssuerBytes

        public com.google.protobuf.ByteString getIssuerBytes()
         Identifies the principal that issued the JWT. See
 https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1
 Usually a URL or an email address.
 Example: https://securetoken.google.com
 Example: 1234567-compute@developer.gserviceaccount.com
        string issuer = 2;
        Specified by:
        getIssuerBytes in interface AuthProviderOrBuilder
        Returns:
        The bytes for issuer.

      • getJwksUri

        public String getJwksUri()
         URL of the provider's public key set to validate signature of the JWT. See
 [OpenID
 Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
 Optional if the key set document:
  - can be retrieved from
    [OpenID
    Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html)
    of the issuer.
  - can be inferred from the email domain of the issuer (e.g. a Google
  service account).
 Example: https://www.googleapis.com/oauth2/v1/certs
        string jwks_uri = 3;
        Specified by:
        getJwksUri in interface AuthProviderOrBuilder
        Returns:
        The jwksUri.

      • getJwksUriBytes

        public com.google.protobuf.ByteString getJwksUriBytes()
         URL of the provider's public key set to validate signature of the JWT. See
 [OpenID
 Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
 Optional if the key set document:
  - can be retrieved from
    [OpenID
    Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html)
    of the issuer.
  - can be inferred from the email domain of the issuer (e.g. a Google
  service account).
 Example: https://www.googleapis.com/oauth2/v1/certs
        string jwks_uri = 3;
        Specified by:
        getJwksUriBytes in interface AuthProviderOrBuilder
        Returns:
        The bytes for jwksUri.

      • getAudiences

        public String getAudiences()
         The list of JWT
 [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
 that are allowed to access. A JWT containing any of these audiences will
 be accepted. When this setting is absent, JWTs with audiences:
   - "https://[service.name]/[google.protobuf.Api.name]"
   - "https://[service.name]/"
 will be accepted.
 For example, if no audiences are in the setting, LibraryService API will
 accept JWTs with the following audiences:
   -
   https://library-example.googleapis.com/google.example.library.v1.LibraryService
   - https://library-example.googleapis.com/
 Example:
     audiences: bookstore_android.apps.googleusercontent.com,
                bookstore_web.apps.googleusercontent.com
        string audiences = 4;
        Specified by:
        getAudiences in interface AuthProviderOrBuilder
        Returns:
        The audiences.

      • getAudiencesBytes

        public com.google.protobuf.ByteString getAudiencesBytes()
         The list of JWT
 [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
 that are allowed to access. A JWT containing any of these audiences will
 be accepted. When this setting is absent, JWTs with audiences:
   - "https://[service.name]/[google.protobuf.Api.name]"
   - "https://[service.name]/"
 will be accepted.
 For example, if no audiences are in the setting, LibraryService API will
 accept JWTs with the following audiences:
   -
   https://library-example.googleapis.com/google.example.library.v1.LibraryService
   - https://library-example.googleapis.com/
 Example:
     audiences: bookstore_android.apps.googleusercontent.com,
                bookstore_web.apps.googleusercontent.com
        string audiences = 4;
        Specified by:
        getAudiencesBytes in interface AuthProviderOrBuilder
        Returns:
        The bytes for audiences.

      • getAuthorizationUrl

        public String getAuthorizationUrl()
         Redirect URL if JWT token is required but not present or is expired.
 Implement authorizationUrl of securityDefinitions in OpenAPI spec.
        string authorization_url = 5;
        Specified by:
        getAuthorizationUrl in interface AuthProviderOrBuilder
        Returns:
        The authorizationUrl.

      • getAuthorizationUrlBytes

        public com.google.protobuf.ByteString getAuthorizationUrlBytes()
         Redirect URL if JWT token is required but not present or is expired.
 Implement authorizationUrl of securityDefinitions in OpenAPI spec.
        string authorization_url = 5;
        Specified by:
        getAuthorizationUrlBytes in interface AuthProviderOrBuilder
        Returns:
        The bytes for authorizationUrl.

      • getJwtLocationsList

        public List<JwtLocation> getJwtLocationsList()
         Defines the locations to extract the JWT.  For now it is only used by the
 Cloud Endpoints to store the OpenAPI extension [x-google-jwt-locations]
 (https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#x-google-jwt-locations)
 JWT locations can be one of HTTP headers, URL query parameters or
 cookies. The rule is that the first match wins.
 If not specified,  default to use following 3 locations:
    1) Authorization: Bearer
    2) x-goog-iap-jwt-assertion
    3) access_token query parameter
 Default locations can be specified as followings:
    jwt_locations:
    - header: Authorization
      value_prefix: "Bearer "
    - header: x-goog-iap-jwt-assertion
    - query: access_token
        repeated .google.api.JwtLocation jwt_locations = 6;
        Specified by:
        getJwtLocationsList in interface AuthProviderOrBuilder

      • getJwtLocationsOrBuilderList

        public List<? extends JwtLocationOrBuilder> getJwtLocationsOrBuilderList()
         Defines the locations to extract the JWT.  For now it is only used by the
 Cloud Endpoints to store the OpenAPI extension [x-google-jwt-locations]
 (https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#x-google-jwt-locations)
 JWT locations can be one of HTTP headers, URL query parameters or
 cookies. The rule is that the first match wins.
 If not specified,  default to use following 3 locations:
    1) Authorization: Bearer
    2) x-goog-iap-jwt-assertion
    3) access_token query parameter
 Default locations can be specified as followings:
    jwt_locations:
    - header: Authorization
      value_prefix: "Bearer "
    - header: x-goog-iap-jwt-assertion
    - query: access_token
        repeated .google.api.JwtLocation jwt_locations = 6;
        Specified by:
        getJwtLocationsOrBuilderList in interface AuthProviderOrBuilder

      • getJwtLocationsCount

        public int getJwtLocationsCount()
         Defines the locations to extract the JWT.  For now it is only used by the
 Cloud Endpoints to store the OpenAPI extension [x-google-jwt-locations]
 (https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#x-google-jwt-locations)
 JWT locations can be one of HTTP headers, URL query parameters or
 cookies. The rule is that the first match wins.
 If not specified,  default to use following 3 locations:
    1) Authorization: Bearer
    2) x-goog-iap-jwt-assertion
    3) access_token query parameter
 Default locations can be specified as followings:
    jwt_locations:
    - header: Authorization
      value_prefix: "Bearer "
    - header: x-goog-iap-jwt-assertion
    - query: access_token
        repeated .google.api.JwtLocation jwt_locations = 6;
        Specified by:
        getJwtLocationsCount in interface AuthProviderOrBuilder

      • getJwtLocations

        public JwtLocation getJwtLocations​(int index)
         Defines the locations to extract the JWT.  For now it is only used by the
 Cloud Endpoints to store the OpenAPI extension [x-google-jwt-locations]
 (https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#x-google-jwt-locations)
 JWT locations can be one of HTTP headers, URL query parameters or
 cookies. The rule is that the first match wins.
 If not specified,  default to use following 3 locations:
    1) Authorization: Bearer
    2) x-goog-iap-jwt-assertion
    3) access_token query parameter
 Default locations can be specified as followings:
    jwt_locations:
    - header: Authorization
      value_prefix: "Bearer "
    - header: x-goog-iap-jwt-assertion
    - query: access_token
        repeated .google.api.JwtLocation jwt_locations = 6;
        Specified by:
        getJwtLocations in interface AuthProviderOrBuilder

      • getJwtLocationsOrBuilder

        public JwtLocationOrBuilder getJwtLocationsOrBuilder​(int index)
         Defines the locations to extract the JWT.  For now it is only used by the
 Cloud Endpoints to store the OpenAPI extension [x-google-jwt-locations]
 (https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#x-google-jwt-locations)
 JWT locations can be one of HTTP headers, URL query parameters or
 cookies. The rule is that the first match wins.
 If not specified,  default to use following 3 locations:
    1) Authorization: Bearer
    2) x-goog-iap-jwt-assertion
    3) access_token query parameter
 Default locations can be specified as followings:
    jwt_locations:
    - header: Authorization
      value_prefix: "Bearer "
    - header: x-goog-iap-jwt-assertion
    - query: access_token
        repeated .google.api.JwtLocation jwt_locations = 6;
        Specified by:
        getJwtLocationsOrBuilder in interface AuthProviderOrBuilder

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessageV3
        Throws:
        IOException

      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessageV3

      • equals

        public boolean equals​(Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage

      • parseFrom

        public static AuthProvider parseFrom​(ByteBuffer data)
                              throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static AuthProvider parseFrom​(ByteBuffer data,
                                     com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                              throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static AuthProvider parseFrom​(com.google.protobuf.ByteString data)
                              throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static AuthProvider parseFrom​(com.google.protobuf.ByteString data,
                                     com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                              throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static AuthProvider parseFrom​(byte[] data)
                              throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static AuthProvider parseFrom​(byte[] data,
                                     com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                              throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static AuthProvider parseFrom​(com.google.protobuf.CodedInputStream input,
                                     com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                              throws IOException
        Throws:
        IOException

      • newBuilderForType

        public AuthProvider.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite

      • toBuilder

        public AuthProvider.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite

      • newBuilderForType

        protected AuthProvider.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
        Specified by:
        newBuilderForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstance

        public static AuthProvider getDefaultInstance()

      • parser

        public static com.google.protobuf.Parser<AuthProvider> parser()

      • getParserForType

        public com.google.protobuf.Parser<AuthProvider> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstanceForType

        public AuthProvider getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder