Class: Google::Apis::IamV1::Oidc

Inherits:

Object

• Object
• Google::Apis::IamV1::Oidc

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

lib/google/apis/iam_v1/classes.rb,
lib/google/apis/iam_v1/representations.rb,
lib/google/apis/iam_v1/representations.rb

Overview

Represents an OpenId Connect 1.0 identity provider.

Instance Attribute Summary

• #allowed_audiences ⇒ Array<String>

  Optional.

• #issuer_uri ⇒ String

  Required.

• #jwks_json ⇒ String

  Optional.

Instance Method Summary

• #initialize(**args) ⇒ Oidc constructor

  A new instance of Oidc.

• #update!(**args) ⇒ Object

  Update properties of this object.

Constructor Details

#initialize(**args) ⇒ Oidc

Returns a new instance of Oidc.

# File 'lib/google/apis/iam_v1/classes.rb', line 1814

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#allowed_audiences ⇒ Array<String>

Optional. Acceptable values for the aud field (audience) in the OIDC token. Token exchange requests are rejected if the token audience does not match one of the configured values. Each audience may be at most 256 characters. A maximum of 10 audiences may be configured. If this list is empty, the OIDC token audience must be equal to the full canonical resource name of the WorkloadIdentityPoolProvider, with or without the HTTPS prefix. For example: ` //iam.googleapis.com/projects//locations//workloadIdentityPools//providers/ https://iam.googleapis.com/projects//locations//workloadIdentityPools// providers/ Corresponds to the JSON propertyallowedAudiences`

Returns:

• (Array<String>)

# File 'lib/google/apis/iam_v1/classes.rb', line 1793

def allowed_audiences
  @allowed_audiences
end

#issuer_uri ⇒ String

Required. The OIDC issuer URL. Must be an HTTPS endpoint. Per OpenID Connect Discovery 1.0 spec, the OIDC issuer URL is used to locate the provider's public keys (via jwks_uri) for verifying tokens like the OIDC ID token. These public key types must be 'EC' or 'RSA'. Corresponds to the JSON property issuerUri

Returns:

• (String)

# File 'lib/google/apis/iam_v1/classes.rb', line 1801

def issuer_uri
  @issuer_uri
end

#jwks_json ⇒ String

Optional. OIDC JWKs in JSON String format. For details on the definition of a JWK, see https://tools.ietf.org/html/rfc7517. If not set, the jwks_uri from the discovery document(fetched from the .well-known path of the issuer_uri) will be used. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields: "keys": [ "kty": "RSA/EC", "alg": "", "use": "sig", "kid": "", "n": "", "e": "", "x": "", "y": "", "crv": "" ] Corresponds to the JSON property jwksJson

Returns:

• (String)

# File 'lib/google/apis/iam_v1/classes.rb', line 1812

def jwks_json
  @jwks_json
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'lib/google/apis/iam_v1/classes.rb', line 1819

def update!(**args)
  @allowed_audiences = args[:allowed_audiences] if args.key?(:allowed_audiences)
  @issuer_uri = args[:issuer_uri] if args.key?(:issuer_uri)
  @jwks_json = args[:jwks_json] if args.key?(:jwks_json)
end