Class AuthProvider (2.2.0)

 public sealed class AuthProvider : Protobuf.IMessage<AuthProvider>, Protobuf.IBufferMessage 

Configuration for an authentication provider, including support for JSON Web Token (JWT) .

 public AuthProvider() 

 public AuthProvider(AuthProvider other) 

  public 
  
 const 
  
 int 
  
 AudiencesFieldNumber 
  
 = 
  
 4 
 

Field number for the "audiences" field.

  public 
  
 const 
  
 int 
  
 AuthorizationUrlFieldNumber 
  
 = 
  
 5 
 

Field number for the "authorization_url" field.

  public 
  
 const 
  
 int 
  
 IdFieldNumber 
  
 = 
  
 1 
 

Field number for the "id" field.

  public 
  
 const 
  
 int 
  
 IssuerFieldNumber 
  
 = 
  
 2 
 

Field number for the "issuer" field.

  public 
  
 const 
  
 int 
  
 JwksUriFieldNumber 
  
 = 
  
 3 
 

Field number for the "jwks_uri" field.

  public 
  
 const 
  
 int 
  
 JwtLocationsFieldNumber 
  
 = 
  
 6 
 

Field number for the "jwt_locations" field.

 public string Audiences { get; set; } 

The list of JWT audiences . that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:

• "https://[service.name]/[google.protobuf.Api.name]"
• "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences: - https://library-example.googleapis.com/google.example.library.v1.LibraryService
• https://library-example.googleapis.com/

Example:

audiences: bookstore_android.apps.googleusercontent.com, bookstore_web.apps.googleusercontent.com

 public string AuthorizationUrl { get; set; } 

Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.

 public static Protobuf.Reflection.MessageDescriptor Descriptor { get; } 

 public string Id { get; set; } 

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id .

Example: "bookstore_auth".

 public string Issuer { get; set; } 

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

 public string JwksUri { get; set; } 

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery . Optional if the key set document:

• can be retrieved from [OpenID Discovery]( https://openid.net/specs/openid-connect-discovery-1_0.html of the issuer.
• can be inferred from the email domain of the issuer (e.g. a Google service account).

Example: https://www.googleapis.com/oauth2/v1/certs

 public Protobuf.Collections.RepeatedField<JwtLocation> JwtLocations { get; } 

Defines the locations to extract the JWT.

JWT locations can be either from HTTP headers or URL query parameters. The rule is that the first match wins. The checking order is: checking all headers first, then URL query parameters.

If not specified, default to use following 3 locations: 1) Authorization: Bearer 2) x-goog-iap-jwt-assertion 3) access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: "Bearer "
• header: x-goog-iap-jwt-assertion
• query: access_token

 public static Protobuf.MessageParser<AuthProvider> Parser { get; } 

 public int CalculateSize() 

 public AuthProvider Clone() 

 public bool Equals(AuthProvider other) 

 public override bool Equals(object other) 

 public override int GetHashCode() 

 public void MergeFrom(AuthProvider other) 

 public void MergeFrom(Protobuf.CodedInputStream input) 

 public override string ToString() 

 public void WriteTo(Protobuf.CodedOutputStream output)