http4s-grpc-google-common-protos
2.18.0+0.0.5
API
Generated with
http4s-grpc-google-common-protos/com.google.api.auth

com.google.api.auth

package com.google.api.auth

Members list

Concise view

Type members

Classlikes

object AuthProto extends GeneratedFileObject

Attributes

Source:
AuthProto.scala
Graph
Supertypes
class GeneratedFileObject
class Object
trait Matchable
class Any
Self type
final case class AuthProvider(id: String, issuer: String, jwksUri: String, audiences: String, authorizationUrl: String, jwtLocations: Seq[JwtLocation], unknownFields: UnknownFieldSet) extends GeneratedMessage with Updatable[AuthProvider]

Configuration for an authentication provider, including support for JSON Web Token (JWT).

Configuration for an authentication provider, including support for JSON Web Token (JWT).

Attributes

audiences

The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:

  • "https://[service.name]/[google.protobuf.Api.name]"
  • "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences:

https://library-example.googleapis.com/google.example.library.v1.LibraryService

authorizationUrl

Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.

id

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id. Example: "bookstore_auth".

issuer

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address. Example: https://securetoken.google.com Example: [email protected]

jwksUri

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery. Optional if the key set document:

jwtLocations

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension [x-google-jwt-locations] (https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#x-google-jwt-locations) JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins. If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter Default locations can be specified as followings: jwt_locations: - header: Authorization value_prefix: "Bearer " - header: x-goog-iap-jwt-assertion - query: access_token

Companion:
object
Source:
AuthProvider.scala
Graph
Supertypes
trait Updatable[AuthProvider]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
object AuthProvider extends GeneratedMessageCompanion[AuthProvider]

Attributes

Companion:
class
Source:
AuthProvider.scala
Graph
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[AuthProvider]
trait Serializable
class Object
trait Matchable
class Any
Self type
final case class AuthRequirement(providerId: String, audiences: String, unknownFields: UnknownFieldSet) extends GeneratedMessage with Updatable[AuthRequirement]

User-defined authentication requirements, including support for JSON Web Token (JWT).

User-defined authentication requirements, including support for JSON Web Token (JWT).

Attributes

audiences

NOTE: This will be deprecated soon, once AuthProvider.audiences is implemented and accepted in all the runtime components. The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, only JWTs with audience "https://[Service_name][google.api.Service.name]/[API_name][google.protobuf.Api.name]" will be accepted. For example, if no audiences are in the setting, LibraryService API will only accept JWTs with the following audience "https://library-example.googleapis.com/google.example.library.v1.LibraryService". Example: audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com

providerId

[id][google.api.AuthProvider.id] from authentication provider. Example: provider_id: bookstore_auth

Companion:
object
Source:
AuthRequirement.scala
Graph
Supertypes
trait Updatable[AuthRequirement]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
object AuthRequirement extends GeneratedMessageCompanion[AuthRequirement]

Attributes

Companion:
class
Source:
AuthRequirement.scala
Graph
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[AuthRequirement]
trait Serializable
class Object
trait Matchable
class Any
Self type
final case class Authentication(rules: Seq[AuthenticationRule], providers: Seq[AuthProvider], unknownFields: UnknownFieldSet) extends GeneratedMessage with Updatable[Authentication]

Authentication defines the authentication configuration for API methods provided by an API service.

Authentication defines the authentication configuration for API methods provided by an API service.

Example:

name: calendar.googleapis.com authentication: providers: - id: google_calendar_auth jwks_uri: https://www.googleapis.com/oauth2/v1/certs issuer: https://securetoken.google.com rules: - selector: "*" requirements: provider_id: google_calendar_auth - selector: google.calendar.Delegate oauth: canonical_scopes: https://www.googleapis.com/auth/calendar.read

Attributes

providers

Defines a set of authentication providers that a service supports.

rules

A list of authentication rules that apply to individual API methods. NOTE: All service configuration rules follow "last one wins" order.

Companion:
object
Source:
Authentication.scala
Graph
Supertypes
trait Updatable[Authentication]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
object Authentication extends GeneratedMessageCompanion[Authentication]

Attributes

Companion:
class
Source:
Authentication.scala
Graph
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[Authentication]
trait Serializable
class Object
trait Matchable
class Any
Self type
final case class AuthenticationRule(selector: String, oauth: Option[OAuthRequirements], allowWithoutCredential: Boolean, requirements: Seq[AuthRequirement], unknownFields: UnknownFieldSet) extends GeneratedMessage with Updatable[AuthenticationRule]

Authentication rules for the service.

Authentication rules for the service.

By default, if a method has any authentication requirements, every request must include a valid credential matching one of the requirements. It's an error to include more than one kind of credential in a single request.

If a method doesn't have any auth requirements, request credentials will be ignored.

Attributes

allowWithoutCredential

If true, the service accepts API keys without any other credential. This flag only applies to HTTP and gRPC requests.

oauth

The requirements for OAuth credentials.

requirements

Requirements for additional authentication providers.

selector

Selects the methods to which this rule applies. Refer to [selector][google.api.DocumentationRule.selector] for syntax details.

Companion:
object
Source:
AuthenticationRule.scala
Graph
Supertypes
trait Updatable[AuthenticationRule]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
object AuthenticationRule extends GeneratedMessageCompanion[AuthenticationRule]

Attributes

Companion:
class
Source:
AuthenticationRule.scala
Graph
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[AuthenticationRule]
trait Serializable
class Object
trait Matchable
class Any
Self type
final case class JwtLocation(in: In, valuePrefix: String, unknownFields: UnknownFieldSet) extends GeneratedMessage with Updatable[JwtLocation]

Specifies a location to extract JWT from an API request.

Specifies a location to extract JWT from an API request.

Attributes

valuePrefix

The value prefix. The value format is "value_prefix{token}" Only applies to "in" header type. Must be empty for "in" query type. If not empty, the header value has to match (case sensitive) this prefix. If not matched, JWT will not be extracted. If matched, JWT will be extracted after the prefix is removed. For example, for "Authorization: Bearer {JWT}", value_prefix="Bearer " with a space at the end.

Companion:
object
Source:
JwtLocation.scala
Graph
Supertypes
trait Updatable[JwtLocation]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
object JwtLocation extends GeneratedMessageCompanion[JwtLocation]

Attributes

Companion:
class
Source:
JwtLocation.scala
Graph
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[JwtLocation]
trait Serializable
class Object
trait Matchable
class Any
Self type
final case class OAuthRequirements(canonicalScopes: String, unknownFields: UnknownFieldSet) extends GeneratedMessage with Updatable[OAuthRequirements]

OAuth scopes are a way to define data and permissions on data. For example, there are scopes defined for "Read-only access to Google Calendar" and "Access to Cloud Platform". Users can consent to a scope for an application, giving it permission to access that data on their behalf.

OAuth scopes are a way to define data and permissions on data. For example, there are scopes defined for "Read-only access to Google Calendar" and "Access to Cloud Platform". Users can consent to a scope for an application, giving it permission to access that data on their behalf.

OAuth scope specifications should be fairly coarse grained; a user will need to see and understand the text description of what your scope means.

In most cases: use one or at most two OAuth scopes for an entire family of products. If your product has multiple APIs, you should probably be sharing the OAuth scope across all of those APIs.

When you need finer grained OAuth consent screens: talk with your product management about how developers will use them in practice.

Please note that even though each of the canonical scopes is enough for a request to be accepted and passed to the backend, a request can still fail due to the backend requiring additional scopes or permissions.

Attributes

canonicalScopes

The list of publicly documented OAuth scopes that are allowed access. An OAuth token containing any of these scopes will be accepted. Example: canonical_scopes: https://www.googleapis.com/auth/calendar, https://www.googleapis.com/auth/calendar.read

Companion:
object
Source:
OAuthRequirements.scala
Graph
Supertypes
trait Updatable[OAuthRequirements]
trait GeneratedMessage
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
object OAuthRequirements extends GeneratedMessageCompanion[OAuthRequirements]

Attributes

Companion:
class
Source:
OAuthRequirements.scala
Graph
Supertypes
trait Product
trait Mirror
trait GeneratedMessageCompanion[OAuthRequirements]
trait Serializable
class Object
trait Matchable
class Any
Self type
Generated with