Update google/api/auth.proto to make AuthProvider to have JwtLocation
PiperOrigin-RevId: 297918498
This commit is contained in:
Google APIs
Copybara-Service
parent
e9e90a7877
commit
83c6f84035
|
|
@ -1,4 +1,4 @@
|
|||
// Copyright 2019 Google LLC.
|
||||
// Copyright 2020 Google LLC
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
|
|
@ -11,7 +11,6 @@
|
|||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
//
|
||||
|
||||
syntax = "proto3";
|
||||
|
||||
|
|
@ -72,6 +71,27 @@ message AuthenticationRule {
|
|||
repeated AuthRequirement requirements = 7;
|
||||
}
|
||||
|
||||
// Specifies a location to extract JWT from an API request.
|
||||
message JwtLocation {
|
||||
oneof in {
|
||||
// Specifies HTTP header name to extract JWT token.
|
||||
string header = 1;
|
||||
|
||||
// Specifies URL query parameter name to extract JWT token.
|
||||
string query = 2;
|
||||
}
|
||||
|
||||
// The value prefix. The value format is "value_prefix{token}"
|
||||
// Only applies to "in" header type. Must be empty for "in" query type.
|
||||
// If not empty, the header value has to match (case sensitive) this prefix.
|
||||
// If not matched, JWT will not be extracted. If matched, JWT will be
|
||||
// extracted after the prefix is removed.
|
||||
//
|
||||
// For example, for "Authorization: Bearer {JWT}",
|
||||
// value_prefix="Bearer " with a space at the end.
|
||||
string value_prefix = 3;
|
||||
}
|
||||
|
||||
// Configuration for an authentication provider, including support for
|
||||
// [JSON Web Token
|
||||
// (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
|
||||
|
|
@ -122,6 +142,25 @@ message AuthProvider {
|
|||
// Redirect URL if JWT token is required but not present or is expired.
|
||||
// Implement authorizationUrl of securityDefinitions in OpenAPI spec.
|
||||
string authorization_url = 5;
|
||||
|
||||
// Defines the locations to extract the JWT.
|
||||
//
|
||||
// JWT locations can be either from HTTP headers or URL query parameters.
|
||||
// The rule is that the first match wins. The checking order is: checking
|
||||
// all headers first, then URL query parameters.
|
||||
//
|
||||
// If not specified, default to use following 3 locations:
|
||||
// 1) Authorization: Bearer
|
||||
// 2) x-goog-iap-jwt-assertion
|
||||
// 3) access_token query parameter
|
||||
//
|
||||
// Default locations can be specified as followings:
|
||||
// jwt_locations:
|
||||
// - header: Authorization
|
||||
// value_prefix: "Bearer "
|
||||
// - header: x-goog-iap-jwt-assertion
|
||||
// - query: access_token
|
||||
repeated JwtLocation jwt_locations = 6;
|
||||
}
|
||||
|
||||
// OAuth scopes are a way to define data and permissions on data. For example,
|
||||
|
|
|
|||
Loading…
Reference in New Issue