Struct gapi_grpc::google::api::AuthProvider

pub struct AuthProvider {
    pub id: String,
    pub issuer: String,
    pub jwks_uri: String,
    pub audiences: String,
    pub authorization_url: String,
    pub jwt_locations: Vec<JwtLocation>,
}

Configuration for an authentication provider, including support for JSON Web Token (JWT).

Fields

id: String

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id.

Example: “bookstore_auth”.

issuer: String

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

jwks_uri: String

URL of the provider’s public key set to validate signature of the JWT. See OpenID Discovery. Optional if the key set document:

• can be retrieved from OpenID Discovery of the issuer.
• can be inferred from the email domain of the issuer (e.g. a Google service account).

Example: https://www.googleapis.com/oauth2/v1/certs

audiences: String

The list of JWT audiences. that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:

• “https://[service.name]/[google.protobuf.Api.name]”
• “https://[service.name]/” will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences:

https://library-example.googleapis.com/google.example.library.v1.LibraryService

• https://library-example.googleapis.com/

Example:

audiences: bookstore_android.apps.googleusercontent.com,
           bookstore_web.apps.googleusercontent.com

authorization_url: String

Redirect URL if JWT token is required but not present or is expired. Implement authorizationUrl of securityDefinitions in OpenAPI spec.

jwt_locations: Vec<JwtLocation>

Defines the locations to extract the JWT.

JWT locations can be either from HTTP headers or URL query parameters. The rule is that the first match wins. The checking order is: checking all headers first, then URL query parameters.

If not specified, default to use following 3 locations:

1. Authorization: Bearer
2. x-goog-iap-jwt-assertion
3. access_token query parameter

Default locations can be specified as followings: jwt_locations:

• header: Authorization value_prefix: “Bearer “
• header: x-goog-iap-jwt-assertion
• query: access_token

Trait Implementations

impl Clone for AuthProvider

fn clone(&self) -> AuthProvider

Returns a copy of the value.

pub fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for AuthProvider

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for AuthProvider

fn default() -> AuthProvider

Returns the “default value” for a type.

impl Message for AuthProvider

fn encode_raw<B>(&self, buf: &mut B) where
    B: BufMut, 

fn merge_field<B>(
    &mut self,
    tag: u32,
    wire_type: WireType,
    buf: &mut B,
    ctx: DecodeContext
) -> Result<(), DecodeError> where
    B: Buf, 

fn encoded_len(&self) -> usize

Returns the encoded length of the message without a length delimiter.

fn clear(&mut self)

Clears the message, resetting all fields to their default.

pub fn encode<B>(&self, buf: &mut B) -> Result<(), EncodeError> where
    B: BufMut, 

Encodes the message to a buffer.

pub fn encode_length_delimited<B>(&self, buf: &mut B) -> Result<(), EncodeError> where
    B: BufMut, 

Encodes the message with a length-delimiter to a buffer.

pub fn decode<B>(buf: B) -> Result<Self, DecodeError> where
    Self: Default,
    B: Buf, 

Decodes an instance of the message from a buffer.

pub fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError> where
    Self: Default,
    B: Buf, 

Decodes a length-delimited instance of the message from the buffer.

pub fn merge<B>(&mut self, buf: B) -> Result<(), DecodeError> where
    B: Buf, 

Decodes an instance of the message from a buffer, and merges it into self.

pub fn merge_length_delimited<B>(&mut self, buf: B) -> Result<(), DecodeError> where
    B: Buf, 

Decodes a length-delimited instance of the message from buffer, and merges it into self.

impl PartialEq<AuthProvider> for AuthProvider

fn eq(&self, other: &AuthProvider) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &AuthProvider) -> bool

This method tests for !=.

impl StructuralPartialEq for AuthProvider