PHPFUI/InstaDoc
 
Copied!

Configuration for an authentication provider, including support for JSON Web Token (JWT).

Generated from protobuf message google.api.AuthProvider

CloneableInstantiable
Methods
public __construct( $data = NULL)
 

Constructor.

  • param array $data { Optional. Data for populating the Message object. 
    @type string $id
      The unique identifier of the auth provider. It will be referred to by
      `AuthRequirement.provider_id`.
      Example: "bookstore_auth".
@type string $issuer
      Identifies the principal that issued the JWT. See
      https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1
      Usually a URL or an email address.
      Example: https://securetoken.google.com
      Example: 1234567-compute@developer.gserviceaccount.com
@type string $jwks_uri
      URL of the provider's public key set to validate signature of the JWT. See
      [OpenID
      Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
      Optional if the key set document:
       - can be retrieved from
         [OpenID
         Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html)
         of the issuer.
       - can be inferred from the email domain of the issuer (e.g. a Google
       service account).
      Example: https://www.googleapis.com/oauth2/v1/certs
@type string $audiences
      The list of JWT
      [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
      that are allowed to access. A JWT containing any of these audiences will
      be accepted. When this setting is absent, JWTs with audiences:
        - "https://[service.name]/[google.protobuf.Api.name]"
        - "https://[service.name]/"
      will be accepted.
      For example, if no audiences are in the setting, LibraryService API will
      accept JWTs with the following audiences:
        -
        https://library-example.googleapis.com/google.example.library.v1.LibraryService
        - https://library-example.googleapis.com/
      Example:
          audiences: bookstore_android.apps.googleusercontent.com,
                     bookstore_web.apps.googleusercontent.com
@type string $authorization_url
      Redirect URL if JWT token is required but not present or is expired.
      Implement authorizationUrl of securityDefinitions in OpenAPI spec.
@type array<\Google\Api\JwtLocation>|\Google\Protobuf\Internal\RepeatedField $jwt_locations
      Defines the locations to extract the JWT.  For now it is only used by the
      Cloud Endpoints to store the OpenAPI extension [x-google-jwt-locations]
      (https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#x-google-jwt-locations)
      JWT locations can be one of HTTP headers, URL query parameters or
      cookies. The rule is that the first match wins.
      If not specified,  default to use following 3 locations:
         1) Authorization: Bearer
         2) x-goog-iap-jwt-assertion
         3) access_token query parameter
      Default locations can be specified as followings:
         jwt_locations:
         - header: Authorization
           value_prefix: "Bearer "
         - header: x-goog-iap-jwt-assertion
         - query: access_token
    }
public Google\Protobuf\Internal\Message::__debugInfo()
public Google\Protobuf\Internal\Message::byteSize()
 
  • ignore
public Google\Protobuf\Internal\Message::clear()
 

Clear all containing fields.

  • return null
public Google\Protobuf\Internal\Message::discardUnknownFields()
 

Clear all unknown fields previously parsed.

  • return null
public getAudiences()
 

The list of JWT audiences.

that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:

  • "https://[service.name]/[google.protobuf.Api.name]"
  • "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences:

https://library-example.googleapis.com/google.example.library.v1.LibraryService

Generated from protobuf field string audiences = 4;

  • return string
public getAuthorizationUrl()
 

Redirect URL if JWT token is required but not present or is expired.

Implement authorizationUrl of securityDefinitions in OpenAPI spec.

Generated from protobuf field string authorization_url = 5;

  • return string
public getId()
 

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id.

Example: "bookstore_auth".

Generated from protobuf field string id = 1;

  • return string
public getIssuer()
 

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

Generated from protobuf field string issuer = 2;

  • return string
public getJwksUri()
 

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery.

Optional if the key set document:

Generated from protobuf field string jwks_uri = 3;

  • return string
public getJwtLocations()
 

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension [x-google-jwt-locations] (https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#x-google-jwt-locations) JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations:

  1. Authorization: Bearer
  2. x-goog-iap-jwt-assertion
  3. access_token query parameter Default locations can be specified as followings: jwt_locations:
  • header: Authorization value_prefix: "Bearer "
  • header: x-goog-iap-jwt-assertion
  • query: access_token

Generated from protobuf field repeated .google.api.JwtLocation jwt_locations = 6;

  • return \Google\Protobuf\Internal\RepeatedField
public Google\Protobuf\Internal\Message::jsonByteSize( $options = 0)
 
  • ignore
public Google\Protobuf\Internal\Message::mergeFrom( $msg)
 

Merges the contents of the specified message into current message.

This method merges the contents of the specified message into the current message. Singular fields that are set in the specified message overwrite the corresponding fields in the current message. Repeated fields are appended. Map fields key-value pairs are overwritten. Singular/Oneof sub-messages are recursively merged. All overwritten sub-messages are deep-copied.

  • param object $msg Protobuf message to be merged from.
  • return null
public Google\Protobuf\Internal\Message::mergeFromJsonString( $data, $ignore_unknown = false)
 

Parses a json string to protobuf message.

This function takes a string in the json wire format, matching the encoding output by serializeToJsonString(). See mergeFrom() for merging behavior, if the field is already set in the specified message.

  • param string $data Json protobuf data.
  • param bool $ignore_unknown
  • return null
  • throws \Exception Invalid data.
public Google\Protobuf\Internal\Message::mergeFromString( $data)
 

Parses a protocol buffer contained in a string.

This function takes a string in the (non-human-readable) binary wire format, matching the encoding output by serializeToString(). See mergeFrom() for merging behavior, if the field is already set in the specified message.

  • param string $data Binary protobuf data.
  • return null
  • throws \Exception Invalid data.
public Google\Protobuf\Internal\Message::parseFromJsonStream( $input, $ignore_unknown)
 
  • ignore
public Google\Protobuf\Internal\Message::parseFromStream( $input)
 
  • ignore
public Google\Protobuf\Internal\Message::serializeToJsonStream( $output)
 
  • ignore
public Google\Protobuf\Internal\Message::serializeToJsonString( $options = 0)
 

Serialize the message to json string.

  • return string Serialized json protobuf data.
public Google\Protobuf\Internal\Message::serializeToStream( $output)
 
  • ignore
public Google\Protobuf\Internal\Message::serializeToString()
 

Serialize the message to string.

  • return string Serialized binary protobuf data.
public setAudiences( $var)
 

The list of JWT audiences.

that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:

  • "https://[service.name]/[google.protobuf.Api.name]"
  • "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences:

https://library-example.googleapis.com/google.example.library.v1.LibraryService

Generated from protobuf field string audiences = 4;

  • param string $var
  • return $this
public setAuthorizationUrl( $var)
 

Redirect URL if JWT token is required but not present or is expired.

Implement authorizationUrl of securityDefinitions in OpenAPI spec.

Generated from protobuf field string authorization_url = 5;

  • param string $var
  • return $this
public setId( $var)
 

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id.

Example: "bookstore_auth".

Generated from protobuf field string id = 1;

  • param string $var
  • return $this
public setIssuer( $var)
 

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

Generated from protobuf field string issuer = 2;

  • param string $var
  • return $this
public setJwksUri( $var)
 

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery.

Optional if the key set document:

Generated from protobuf field string jwks_uri = 3;

  • param string $var
  • return $this
public setJwtLocations( $var)
 

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension [x-google-jwt-locations] (https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#x-google-jwt-locations) JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations:

  1. Authorization: Bearer
  2. x-goog-iap-jwt-assertion
  3. access_token query parameter Default locations can be specified as followings: jwt_locations:
  • header: Authorization value_prefix: "Bearer "
  • header: x-goog-iap-jwt-assertion
  • query: access_token

Generated from protobuf field repeated .google.api.JwtLocation jwt_locations = 6;

  • param \Google\Api\JwtLocation[]|\Google\Protobuf\Internal\RepeatedField $var
  • return $this
Properties
protected $audiences = ''
 

The list of JWT audiences.

that are allowed to access. A JWT containing any of these audiences will be accepted. When this setting is absent, JWTs with audiences:

  • "https://[service.name]/[google.protobuf.Api.name]"
  • "https://[service.name]/" will be accepted. For example, if no audiences are in the setting, LibraryService API will accept JWTs with the following audiences:

https://library-example.googleapis.com/google.example.library.v1.LibraryService

Generated from protobuf field string audiences = 4;

protected $authorization_url = ''
 

Redirect URL if JWT token is required but not present or is expired.

Implement authorizationUrl of securityDefinitions in OpenAPI spec.

Generated from protobuf field string authorization_url = 5;

protected $id = ''
 

The unique identifier of the auth provider. It will be referred to by AuthRequirement.provider_id.

Example: "bookstore_auth".

Generated from protobuf field string id = 1;

protected $issuer = ''
 

Identifies the principal that issued the JWT. See https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 Usually a URL or an email address.

Example: https://securetoken.google.com Example: 1234567-compute@developer.gserviceaccount.com

Generated from protobuf field string issuer = 2;

protected $jwks_uri = ''
 

URL of the provider's public key set to validate signature of the JWT. See OpenID Discovery.

Optional if the key set document:

Generated from protobuf field string jwks_uri = 3;

Methods
protected Google\Protobuf\Internal\Message::hasOneof( $number)
protected Google\Protobuf\Internal\Message::mergeFromArray(array $array)
 

Populates the message from a user-supplied PHP array. Array keys correspond to Message properties and nested message properties.

Example:

$message->mergeFromArray([
    'name' => 'This is a message name',
    'interval' => [
         'startTime' => time() - 60,
         'endTime' => time(),
    ]
]);

This method will trigger an error if it is passed data that cannot be converted to the correct type. For example, a StringValue field must receive data that is either a string or a StringValue object.

  • param array $array An array containing message properties and values.
  • return null
protected Google\Protobuf\Internal\Message::mergeFromJsonArray( $array, $ignore_unknown)
protected Google\Protobuf\Internal\Message::readOneof( $number)
protected Google\Protobuf\Internal\Message::readWrapperValue( $member)
protected Google\Protobuf\Internal\Message::whichOneof( $oneof_name)
protected Google\Protobuf\Internal\Message::writeOneof( $number, $value)
protected Google\Protobuf\Internal\Message::writeWrapperValue( $member, $value)
Properties
private $jwt_locations = NULL
 

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension [x-google-jwt-locations] (https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#x-google-jwt-locations) JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations:

  1. Authorization: Bearer
  2. x-goog-iap-jwt-assertion
  3. access_token query parameter Default locations can be specified as followings: jwt_locations:
  • header: Authorization value_prefix: "Bearer "
  • header: x-goog-iap-jwt-assertion
  • query: access_token

Generated from protobuf field repeated .google.api.JwtLocation jwt_locations = 6;

© 2025 Bruce Wells
Search Namespaces \ Classes
Configuration