1 // Code generated by protoc-gen-go. DO NOT EDIT.
2 // source: google/api/auth.proto
5 Package serviceconfig is a generated protocol buffer package.
7 It is generated from these files:
9 google/api/backend.proto
10 google/api/billing.proto
11 google/api/consumer.proto
12 google/api/context.proto
13 google/api/control.proto
14 google/api/documentation.proto
15 google/api/endpoint.proto
17 google/api/logging.proto
18 google/api/monitoring.proto
19 google/api/quota.proto
20 google/api/service.proto
21 google/api/source_info.proto
22 google/api/system_parameter.proto
23 google/api/usage.proto
25 It has these top-level messages:
60 import proto "github.com/golang/protobuf/proto"
63 import _ "google.golang.org/genproto/googleapis/api/annotations"
65 // Reference imports to suppress errors if they are not otherwise used.
70 // This is a compile-time assertion to ensure that this generated file
71 // is compatible with the proto package it is being compiled against.
72 // A compilation error at this line likely means your copy of the
73 // proto package needs to be updated.
74 const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
76 // `Authentication` defines the authentication configuration for an API.
78 // Example for an API targeted for external use:
80 // name: calendar.googleapis.com
83 // - id: google_calendar_auth
84 // jwks_uri: https://www.googleapis.com/oauth2/v1/certs
85 // issuer: https://securetoken.google.com
89 // provider_id: google_calendar_auth
90 type Authentication struct {
91 // A list of authentication rules that apply to individual API methods.
93 // **NOTE:** All service configuration rules follow "last one wins" order.
94 Rules []*AuthenticationRule `protobuf:"bytes,3,rep,name=rules" json:"rules,omitempty"`
95 // Defines a set of authentication providers that a service supports.
96 Providers []*AuthProvider `protobuf:"bytes,4,rep,name=providers" json:"providers,omitempty"`
99 func (m *Authentication) Reset() { *m = Authentication{} }
100 func (m *Authentication) String() string { return proto.CompactTextString(m) }
101 func (*Authentication) ProtoMessage() {}
102 func (*Authentication) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} }
104 func (m *Authentication) GetRules() []*AuthenticationRule {
111 func (m *Authentication) GetProviders() []*AuthProvider {
118 // Authentication rules for the service.
120 // By default, if a method has any authentication requirements, every request
121 // must include a valid credential matching one of the requirements.
122 // It's an error to include more than one kind of credential in a single
125 // If a method doesn't have any auth requirements, request credentials will be
127 type AuthenticationRule struct {
128 // Selects the methods to which this rule applies.
130 // Refer to [selector][google.api.DocumentationRule.selector] for syntax details.
131 Selector string `protobuf:"bytes,1,opt,name=selector" json:"selector,omitempty"`
132 // The requirements for OAuth credentials.
133 Oauth *OAuthRequirements `protobuf:"bytes,2,opt,name=oauth" json:"oauth,omitempty"`
134 // Whether to allow requests without a credential. The credential can be
135 // an OAuth token, Google cookies (first-party auth) or EndUserCreds.
137 // For requests without credentials, if the service control environment is
138 // specified, each incoming request **must** be associated with a service
139 // consumer. This can be done by passing an API key that belongs to a consumer
141 AllowWithoutCredential bool `protobuf:"varint,5,opt,name=allow_without_credential,json=allowWithoutCredential" json:"allow_without_credential,omitempty"`
142 // Requirements for additional authentication providers.
143 Requirements []*AuthRequirement `protobuf:"bytes,7,rep,name=requirements" json:"requirements,omitempty"`
146 func (m *AuthenticationRule) Reset() { *m = AuthenticationRule{} }
147 func (m *AuthenticationRule) String() string { return proto.CompactTextString(m) }
148 func (*AuthenticationRule) ProtoMessage() {}
149 func (*AuthenticationRule) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} }
151 func (m *AuthenticationRule) GetSelector() string {
158 func (m *AuthenticationRule) GetOauth() *OAuthRequirements {
165 func (m *AuthenticationRule) GetAllowWithoutCredential() bool {
167 return m.AllowWithoutCredential
172 func (m *AuthenticationRule) GetRequirements() []*AuthRequirement {
174 return m.Requirements
179 // Configuration for an anthentication provider, including support for
180 // [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
181 type AuthProvider struct {
182 // The unique identifier of the auth provider. It will be referred to by
183 // `AuthRequirement.provider_id`.
185 // Example: "bookstore_auth".
186 Id string `protobuf:"bytes,1,opt,name=id" json:"id,omitempty"`
187 // Identifies the principal that issued the JWT. See
188 // https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1
189 // Usually a URL or an email address.
191 // Example: https://securetoken.google.com
192 // Example: 1234567-compute@developer.gserviceaccount.com
193 Issuer string `protobuf:"bytes,2,opt,name=issuer" json:"issuer,omitempty"`
194 // URL of the provider's public key set to validate signature of the JWT. See
195 // [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
196 // Optional if the key set document:
197 // - can be retrieved from
198 // [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html
200 // - can be inferred from the email domain of the issuer (e.g. a Google service account).
202 // Example: https://www.googleapis.com/oauth2/v1/certs
203 JwksUri string `protobuf:"bytes,3,opt,name=jwks_uri,json=jwksUri" json:"jwks_uri,omitempty"`
205 // [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
206 // that are allowed to access. A JWT containing any of these audiences will
207 // be accepted. When this setting is absent, only JWTs with audience
208 // "https://[Service_name][google.api.Service.name]/[API_name][google.protobuf.Api.name]"
209 // will be accepted. For example, if no audiences are in the setting,
210 // LibraryService API will only accept JWTs with the following audience
211 // "https://library-example.googleapis.com/google.example.library.v1.LibraryService".
215 // audiences: bookstore_android.apps.googleusercontent.com,
216 // bookstore_web.apps.googleusercontent.com
217 Audiences string `protobuf:"bytes,4,opt,name=audiences" json:"audiences,omitempty"`
218 // Redirect URL if JWT token is required but no present or is expired.
219 // Implement authorizationUrl of securityDefinitions in OpenAPI spec.
220 AuthorizationUrl string `protobuf:"bytes,5,opt,name=authorization_url,json=authorizationUrl" json:"authorization_url,omitempty"`
223 func (m *AuthProvider) Reset() { *m = AuthProvider{} }
224 func (m *AuthProvider) String() string { return proto.CompactTextString(m) }
225 func (*AuthProvider) ProtoMessage() {}
226 func (*AuthProvider) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{2} }
228 func (m *AuthProvider) GetId() string {
235 func (m *AuthProvider) GetIssuer() string {
242 func (m *AuthProvider) GetJwksUri() string {
249 func (m *AuthProvider) GetAudiences() string {
256 func (m *AuthProvider) GetAuthorizationUrl() string {
258 return m.AuthorizationUrl
263 // OAuth scopes are a way to define data and permissions on data. For example,
264 // there are scopes defined for "Read-only access to Google Calendar" and
265 // "Access to Cloud Platform". Users can consent to a scope for an application,
266 // giving it permission to access that data on their behalf.
268 // OAuth scope specifications should be fairly coarse grained; a user will need
269 // to see and understand the text description of what your scope means.
271 // In most cases: use one or at most two OAuth scopes for an entire family of
272 // products. If your product has multiple APIs, you should probably be sharing
273 // the OAuth scope across all of those APIs.
275 // When you need finer grained OAuth consent screens: talk with your product
276 // management about how developers will use them in practice.
278 // Please note that even though each of the canonical scopes is enough for a
279 // request to be accepted and passed to the backend, a request can still fail
280 // due to the backend requiring additional scopes or permissions.
281 type OAuthRequirements struct {
282 // The list of publicly documented OAuth scopes that are allowed access. An
283 // OAuth token containing any of these scopes will be accepted.
287 // canonical_scopes: https://www.googleapis.com/auth/calendar,
288 // https://www.googleapis.com/auth/calendar.read
289 CanonicalScopes string `protobuf:"bytes,1,opt,name=canonical_scopes,json=canonicalScopes" json:"canonical_scopes,omitempty"`
292 func (m *OAuthRequirements) Reset() { *m = OAuthRequirements{} }
293 func (m *OAuthRequirements) String() string { return proto.CompactTextString(m) }
294 func (*OAuthRequirements) ProtoMessage() {}
295 func (*OAuthRequirements) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{3} }
297 func (m *OAuthRequirements) GetCanonicalScopes() string {
299 return m.CanonicalScopes
304 // User-defined authentication requirements, including support for
305 // [JSON Web Token (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32).
306 type AuthRequirement struct {
307 // [id][google.api.AuthProvider.id] from authentication provider.
311 // provider_id: bookstore_auth
312 ProviderId string `protobuf:"bytes,1,opt,name=provider_id,json=providerId" json:"provider_id,omitempty"`
313 // NOTE: This will be deprecated soon, once AuthProvider.audiences is
314 // implemented and accepted in all the runtime components.
317 // [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3).
318 // that are allowed to access. A JWT containing any of these audiences will
319 // be accepted. When this setting is absent, only JWTs with audience
320 // "https://[Service_name][google.api.Service.name]/[API_name][google.protobuf.Api.name]"
321 // will be accepted. For example, if no audiences are in the setting,
322 // LibraryService API will only accept JWTs with the following audience
323 // "https://library-example.googleapis.com/google.example.library.v1.LibraryService".
327 // audiences: bookstore_android.apps.googleusercontent.com,
328 // bookstore_web.apps.googleusercontent.com
329 Audiences string `protobuf:"bytes,2,opt,name=audiences" json:"audiences,omitempty"`
332 func (m *AuthRequirement) Reset() { *m = AuthRequirement{} }
333 func (m *AuthRequirement) String() string { return proto.CompactTextString(m) }
334 func (*AuthRequirement) ProtoMessage() {}
335 func (*AuthRequirement) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{4} }
337 func (m *AuthRequirement) GetProviderId() string {
344 func (m *AuthRequirement) GetAudiences() string {
352 proto.RegisterType((*Authentication)(nil), "google.api.Authentication")
353 proto.RegisterType((*AuthenticationRule)(nil), "google.api.AuthenticationRule")
354 proto.RegisterType((*AuthProvider)(nil), "google.api.AuthProvider")
355 proto.RegisterType((*OAuthRequirements)(nil), "google.api.OAuthRequirements")
356 proto.RegisterType((*AuthRequirement)(nil), "google.api.AuthRequirement")
359 func init() { proto.RegisterFile("google/api/auth.proto", fileDescriptor0) }
361 var fileDescriptor0 = []byte{
362 // 465 bytes of a gzipped FileDescriptorProto
363 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x64, 0x52, 0x5f, 0x6b, 0x13, 0x4f,
364 0x14, 0x65, 0x93, 0xa6, 0xcd, 0xde, 0x94, 0xb4, 0x1d, 0xf8, 0x95, 0xfd, 0xd5, 0xaa, 0x21, 0x4f,
365 0x11, 0x61, 0x03, 0xad, 0x88, 0x20, 0x28, 0xad, 0x88, 0xf4, 0xc9, 0x30, 0x52, 0x04, 0x5f, 0x96,
366 0x71, 0x76, 0xdc, 0x8c, 0x9d, 0xce, 0x5d, 0xe7, 0x4f, 0x03, 0x3e, 0xf8, 0x49, 0x7c, 0xf2, 0x93,
367 0xf9, 0x51, 0x64, 0x67, 0xb7, 0xc9, 0x6e, 0xfa, 0x78, 0xef, 0x39, 0xe7, 0xde, 0x7b, 0xce, 0x0c,
368 0xfc, 0x57, 0x20, 0x16, 0x4a, 0xcc, 0x59, 0x29, 0xe7, 0xcc, 0xbb, 0x65, 0x5a, 0x1a, 0x74, 0x48,
369 0xa0, 0x6e, 0xa7, 0xac, 0x94, 0x27, 0xa7, 0x6d, 0x8a, 0xd6, 0xe8, 0x98, 0x93, 0xa8, 0x6d, 0xcd,
370 0x9c, 0xfe, 0x82, 0xf1, 0x85, 0x77, 0x4b, 0xa1, 0x9d, 0xe4, 0x01, 0x20, 0x2f, 0x60, 0x60, 0xbc,
371 0x12, 0x36, 0xe9, 0x4f, 0xfa, 0xb3, 0xd1, 0xd9, 0x93, 0x74, 0x33, 0x2b, 0xed, 0x52, 0xa9, 0x57,
372 0x82, 0xd6, 0x64, 0xf2, 0x12, 0xe2, 0xd2, 0xe0, 0x9d, 0xcc, 0x85, 0xb1, 0xc9, 0x4e, 0x50, 0x26,
373 0xdb, 0xca, 0x45, 0x43, 0xa0, 0x1b, 0xea, 0xf4, 0x6f, 0x04, 0xe4, 0xe1, 0x54, 0x72, 0x02, 0x43,
374 0x2b, 0x94, 0xe0, 0x0e, 0x4d, 0x12, 0x4d, 0xa2, 0x59, 0x4c, 0xd7, 0x35, 0x39, 0x87, 0x01, 0x56,
375 0x5e, 0x93, 0xde, 0x24, 0x9a, 0x8d, 0xce, 0x1e, 0xb7, 0xd7, 0x7c, 0xac, 0x66, 0x51, 0xf1, 0xc3,
376 0x4b, 0x23, 0x6e, 0x85, 0x76, 0x96, 0xd6, 0x5c, 0xf2, 0x0a, 0x12, 0xa6, 0x14, 0xae, 0xb2, 0x95,
377 0x74, 0x4b, 0xf4, 0x2e, 0xe3, 0x46, 0xe4, 0xd5, 0x52, 0xa6, 0x92, 0xc1, 0x24, 0x9a, 0x0d, 0xe9,
378 0x71, 0xc0, 0x3f, 0xd7, 0xf0, 0xbb, 0x35, 0x4a, 0xde, 0xc2, 0xbe, 0x69, 0x0d, 0x4c, 0xf6, 0x82,
379 0xb9, 0x47, 0xdb, 0xe6, 0x5a, 0x4b, 0x69, 0x47, 0x30, 0xfd, 0x1d, 0xc1, 0x7e, 0xdb, 0x3e, 0x19,
380 0x43, 0x4f, 0xe6, 0x8d, 0xad, 0x9e, 0xcc, 0xc9, 0x31, 0xec, 0x4a, 0x6b, 0xbd, 0x30, 0xc1, 0x51,
381 0x4c, 0x9b, 0x8a, 0xfc, 0x0f, 0xc3, 0xef, 0xab, 0x1b, 0x9b, 0x79, 0x23, 0x93, 0x7e, 0x40, 0xf6,
382 0xaa, 0xfa, 0xda, 0x48, 0x72, 0x0a, 0x31, 0xf3, 0xb9, 0x14, 0x9a, 0x8b, 0x2a, 0xee, 0x0a, 0xdb,
383 0x34, 0xc8, 0x73, 0x38, 0xaa, 0x4c, 0xa3, 0x91, 0x3f, 0x43, 0xa4, 0x99, 0x37, 0xb5, 0xcb, 0x98,
384 0x1e, 0x76, 0x80, 0x6b, 0xa3, 0xa6, 0x6f, 0xe0, 0xe8, 0x41, 0x6a, 0xe4, 0x19, 0x1c, 0x72, 0xa6,
385 0x51, 0x4b, 0xce, 0x54, 0x66, 0x39, 0x96, 0xc2, 0x36, 0x07, 0x1f, 0xac, 0xfb, 0x9f, 0x42, 0x7b,
386 0xba, 0x80, 0x83, 0x2d, 0x39, 0x79, 0x0a, 0xa3, 0xfb, 0x17, 0xce, 0xd6, 0x4e, 0xe1, 0xbe, 0x75,
387 0x95, 0x77, 0xcf, 0xef, 0x6d, 0x9d, 0x7f, 0x79, 0x03, 0x63, 0x8e, 0xb7, 0xad, 0x80, 0x2f, 0xe3,
388 0x26, 0x3f, 0x87, 0x8b, 0xe8, 0xcb, 0xfb, 0x06, 0x28, 0x50, 0x31, 0x5d, 0xa4, 0x68, 0x8a, 0x79,
389 0x21, 0x74, 0xf8, 0xce, 0xf3, 0x1a, 0x62, 0xa5, 0xb4, 0xe1, 0xbf, 0x5b, 0x61, 0xee, 0x24, 0x17,
390 0x1c, 0xf5, 0x37, 0x59, 0xbc, 0xee, 0x54, 0x7f, 0x7a, 0x3b, 0x1f, 0x2e, 0x16, 0x57, 0x5f, 0x77,
391 0x83, 0xf0, 0xfc, 0x5f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xe5, 0xa3, 0x9d, 0xc6, 0x4a, 0x03, 0x00,