Class: Google::Cloud::Dialogflow::CX::V3::Tool::Authentication

Inherits:

Object

• Object
• Google::Cloud::Dialogflow::CX::V3::Tool::Authentication

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/dialogflow/cx/v3/tool.rb

Overview

Authentication information required for API calls

Defined Under Namespace

Modules: RequestLocation Classes: ApiKeyConfig, BearerTokenConfig, OAuthConfig, ServiceAccountAuthConfig, ServiceAgentAuthConfig

Instance Attribute Summary

• #api_key_config ⇒ ::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::ApiKeyConfig

  Config for API key auth.

• #bearer_token_config ⇒ ::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::BearerTokenConfig

  Config for bearer token auth.

• #oauth_config ⇒ ::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::OAuthConfig

  Config for OAuth.

• #service_account_auth_config ⇒ ::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::ServiceAccountAuthConfig

  Configuration for service account authentication.

• #service_agent_auth_config ⇒ ::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::ServiceAgentAuthConfig

  Config for Diglogflow service agent auth.

Instance Attribute Details

#api_key_config ⇒ ::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::ApiKeyConfig

Returns Config for API key auth.

Note: The following fields are mutually exclusive: api_key_config, oauth_config, service_agent_auth_config, bearer_token_config, service_account_auth_config. If a field in that set is populated, all other fields in the set will automatically be cleared.

Returns:

• (::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::ApiKeyConfig) —

  Config for API key auth.

  Note: The following fields are mutually exclusive: api_key_config, oauth_config, service_agent_auth_config, bearer_token_config, service_account_auth_config. If a field in that set is populated, all other fields in the set will automatically be cleared.

# File 'proto_docs/google/cloud/dialogflow/cx/v3/tool.rb', line 241

class Authentication
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Config for authentication with API key.
  # @!attribute [rw] key_name
  #   @return [::String]
  #     Required. The parameter name or the header name of the API key.
  #     E.g., If the API request is "https://example.com/act?X-Api-Key=<API
  #     KEY>", "X-Api-Key" would be the parameter name.
  # @!attribute [rw] api_key
  #   @return [::String]
  #     Optional. The API key. If the `secret_version_for_api_key` field is
  #     set, this field will be ignored.
  # @!attribute [rw] secret_version_for_api_key
  #   @return [::String]
  #     Optional. The name of the SecretManager secret version resource storing
  #     the API key. If this field is set, the `api_key` field will be ignored.
  #     Format: `projects/{project}/secrets/{secret}/versions/{version}`
  # @!attribute [rw] request_location
  #   @return [::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::RequestLocation]
  #     Required. Key location in the request.
  class ApiKeyConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Config for authentication with OAuth.
  # @!attribute [rw] oauth_grant_type
  #   @return [::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::OAuthConfig::OauthGrantType]
  #     Required. OAuth grant types.
  # @!attribute [rw] client_id
  #   @return [::String]
  #     Required. The client ID from the OAuth provider.
  # @!attribute [rw] client_secret
  #   @return [::String]
  #     Optional. The client secret from the OAuth provider. If the
  #     `secret_version_for_client_secret` field is set, this field will be
  #     ignored.
  # @!attribute [rw] secret_version_for_client_secret
  #   @return [::String]
  #     Optional. The name of the SecretManager secret version resource storing
  #     the client secret. If this field is set, the `client_secret` field will
  #     be ignored. Format:
  #     `projects/{project}/secrets/{secret}/versions/{version}`
  # @!attribute [rw] token_endpoint
  #   @return [::String]
  #     Required. The token endpoint in the OAuth provider to exchange for an
  #     access token.
  # @!attribute [rw] scopes
  #   @return [::Array<::String>]
  #     Optional. The OAuth scopes to grant.
  class OAuthConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # OAuth grant types. Only [client credential
    # grant](https://oauth.net/2/grant-types/client-credentials) is
    # supported.
    module OauthGrantType
      # Default value. This value is unused.
      OAUTH_GRANT_TYPE_UNSPECIFIED = 0

      # Represents the [client credential
      # flow](https://oauth.net/2/grant-types/client-credentials).
      CLIENT_CREDENTIAL = 1
    end
  end

  # Config for auth using [Diglogflow service
  # agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
  # @!attribute [rw] service_agent_auth
  #   @return [::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::ServiceAgentAuthConfig::ServiceAgentAuth]
  #     Optional. Indicate the auth token type generated from the [Diglogflow
  #     service
  #     agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
  #     The generated token is sent in the Authorization header.
  class ServiceAgentAuthConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Indicate the auth token type generated from the [Diglogflow service
    # agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
    module ServiceAgentAuth
      # Service agent auth type unspecified. Default to ID_TOKEN.
      SERVICE_AGENT_AUTH_UNSPECIFIED = 0

      # Use [ID
      # token](https://cloud.google.com/docs/authentication/token-types#id)
      # generated from service agent. This can be used to access Cloud
      # Function and Cloud Run after you grant Invoker role to
      # `service-<PROJECT-NUMBER>@gcp-sa-dialogflow.iam.gserviceaccount.com`.
      ID_TOKEN = 1

      # Use [access
      # token](https://cloud.google.com/docs/authentication/token-types#access)
      # generated from service agent. This can be used to access other Google
      # Cloud APIs after you grant required roles to
      # `service-<PROJECT-NUMBER>@gcp-sa-dialogflow.iam.gserviceaccount.com`.
      ACCESS_TOKEN = 2
    end
  end

  # Config for authentication using bearer token.
  # @!attribute [rw] token
  #   @return [::String]
  #     Optional. The text token appended to the text `Bearer` to the request
  #     Authorization header.
  #     [Session parameters
  #     reference](https://cloud.google.com/dialogflow/cx/docs/concept/parameter#session-ref)
  #     can be used to pass the token dynamically, e.g.
  #     `$session.params.parameter-id`.
  # @!attribute [rw] secret_version_for_token
  #   @return [::String]
  #     Optional. The name of the SecretManager secret version resource storing
  #     the Bearer token. If this field is set, the `token` field will be
  #     ignored. Format:
  #     `projects/{project}/secrets/{secret}/versions/{version}`
  class BearerTokenConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Configuration for authentication using a service account.
  # @!attribute [rw] service_account
  #   @return [::String]
  #     Required. The email address of the service account used to authenticate
  #     the tool call. Dialogflow uses this service account to exchange an
  #     access token and the access token is then sent in the `Authorization`
  #     header of the tool request.
  #
  #     The service account must have the
  #     `roles/iam.serviceAccountTokenCreator` role granted to the
  #     [Dialogflow service
  #     agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
  class ServiceAccountAuthConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The location of the API key in the request.
  module RequestLocation
    # Default value. This value is unused.
    REQUEST_LOCATION_UNSPECIFIED = 0

    # Represents the key in http header.
    HEADER = 1

    # Represents the key in query string.
    QUERY_STRING = 2
  end
end

#bearer_token_config ⇒ ::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::BearerTokenConfig

Returns Config for bearer token auth.

Note: The following fields are mutually exclusive: bearer_token_config, api_key_config, oauth_config, service_agent_auth_config, service_account_auth_config. If a field in that set is populated, all other fields in the set will automatically be cleared.

Returns:

• (::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::BearerTokenConfig) —

  Config for bearer token auth.

  Note: The following fields are mutually exclusive: bearer_token_config, api_key_config, oauth_config, service_agent_auth_config, service_account_auth_config. If a field in that set is populated, all other fields in the set will automatically be cleared.

# File 'proto_docs/google/cloud/dialogflow/cx/v3/tool.rb', line 241

class Authentication
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Config for authentication with API key.
  # @!attribute [rw] key_name
  #   @return [::String]
  #     Required. The parameter name or the header name of the API key.
  #     E.g., If the API request is "https://example.com/act?X-Api-Key=<API
  #     KEY>", "X-Api-Key" would be the parameter name.
  # @!attribute [rw] api_key
  #   @return [::String]
  #     Optional. The API key. If the `secret_version_for_api_key` field is
  #     set, this field will be ignored.
  # @!attribute [rw] secret_version_for_api_key
  #   @return [::String]
  #     Optional. The name of the SecretManager secret version resource storing
  #     the API key. If this field is set, the `api_key` field will be ignored.
  #     Format: `projects/{project}/secrets/{secret}/versions/{version}`
  # @!attribute [rw] request_location
  #   @return [::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::RequestLocation]
  #     Required. Key location in the request.
  class ApiKeyConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Config for authentication with OAuth.
  # @!attribute [rw] oauth_grant_type
  #   @return [::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::OAuthConfig::OauthGrantType]
  #     Required. OAuth grant types.
  # @!attribute [rw] client_id
  #   @return [::String]
  #     Required. The client ID from the OAuth provider.
  # @!attribute [rw] client_secret
  #   @return [::String]
  #     Optional. The client secret from the OAuth provider. If the
  #     `secret_version_for_client_secret` field is set, this field will be
  #     ignored.
  # @!attribute [rw] secret_version_for_client_secret
  #   @return [::String]
  #     Optional. The name of the SecretManager secret version resource storing
  #     the client secret. If this field is set, the `client_secret` field will
  #     be ignored. Format:
  #     `projects/{project}/secrets/{secret}/versions/{version}`
  # @!attribute [rw] token_endpoint
  #   @return [::String]
  #     Required. The token endpoint in the OAuth provider to exchange for an
  #     access token.
  # @!attribute [rw] scopes
  #   @return [::Array<::String>]
  #     Optional. The OAuth scopes to grant.
  class OAuthConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # OAuth grant types. Only [client credential
    # grant](https://oauth.net/2/grant-types/client-credentials) is
    # supported.
    module OauthGrantType
      # Default value. This value is unused.
      OAUTH_GRANT_TYPE_UNSPECIFIED = 0

      # Represents the [client credential
      # flow](https://oauth.net/2/grant-types/client-credentials).
      CLIENT_CREDENTIAL = 1
    end
  end

  # Config for auth using [Diglogflow service
  # agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
  # @!attribute [rw] service_agent_auth
  #   @return [::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::ServiceAgentAuthConfig::ServiceAgentAuth]
  #     Optional. Indicate the auth token type generated from the [Diglogflow
  #     service
  #     agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
  #     The generated token is sent in the Authorization header.
  class ServiceAgentAuthConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Indicate the auth token type generated from the [Diglogflow service
    # agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
    module ServiceAgentAuth
      # Service agent auth type unspecified. Default to ID_TOKEN.
      SERVICE_AGENT_AUTH_UNSPECIFIED = 0

      # Use [ID
      # token](https://cloud.google.com/docs/authentication/token-types#id)
      # generated from service agent. This can be used to access Cloud
      # Function and Cloud Run after you grant Invoker role to
      # `service-<PROJECT-NUMBER>@gcp-sa-dialogflow.iam.gserviceaccount.com`.
      ID_TOKEN = 1

      # Use [access
      # token](https://cloud.google.com/docs/authentication/token-types#access)
      # generated from service agent. This can be used to access other Google
      # Cloud APIs after you grant required roles to
      # `service-<PROJECT-NUMBER>@gcp-sa-dialogflow.iam.gserviceaccount.com`.
      ACCESS_TOKEN = 2
    end
  end

  # Config for authentication using bearer token.
  # @!attribute [rw] token
  #   @return [::String]
  #     Optional. The text token appended to the text `Bearer` to the request
  #     Authorization header.
  #     [Session parameters
  #     reference](https://cloud.google.com/dialogflow/cx/docs/concept/parameter#session-ref)
  #     can be used to pass the token dynamically, e.g.
  #     `$session.params.parameter-id`.
  # @!attribute [rw] secret_version_for_token
  #   @return [::String]
  #     Optional. The name of the SecretManager secret version resource storing
  #     the Bearer token. If this field is set, the `token` field will be
  #     ignored. Format:
  #     `projects/{project}/secrets/{secret}/versions/{version}`
  class BearerTokenConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Configuration for authentication using a service account.
  # @!attribute [rw] service_account
  #   @return [::String]
  #     Required. The email address of the service account used to authenticate
  #     the tool call. Dialogflow uses this service account to exchange an
  #     access token and the access token is then sent in the `Authorization`
  #     header of the tool request.
  #
  #     The service account must have the
  #     `roles/iam.serviceAccountTokenCreator` role granted to the
  #     [Dialogflow service
  #     agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
  class ServiceAccountAuthConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The location of the API key in the request.
  module RequestLocation
    # Default value. This value is unused.
    REQUEST_LOCATION_UNSPECIFIED = 0

    # Represents the key in http header.
    HEADER = 1

    # Represents the key in query string.
    QUERY_STRING = 2
  end
end

#oauth_config ⇒ ::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::OAuthConfig

Returns Config for OAuth.

Note: The following fields are mutually exclusive: oauth_config, api_key_config, service_agent_auth_config, bearer_token_config, service_account_auth_config. If a field in that set is populated, all other fields in the set will automatically be cleared.

Returns:

• (::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::OAuthConfig) —

  Config for OAuth.

  Note: The following fields are mutually exclusive: oauth_config, api_key_config, service_agent_auth_config, bearer_token_config, service_account_auth_config. If a field in that set is populated, all other fields in the set will automatically be cleared.

# File 'proto_docs/google/cloud/dialogflow/cx/v3/tool.rb', line 241

class Authentication
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Config for authentication with API key.
  # @!attribute [rw] key_name
  #   @return [::String]
  #     Required. The parameter name or the header name of the API key.
  #     E.g., If the API request is "https://example.com/act?X-Api-Key=<API
  #     KEY>", "X-Api-Key" would be the parameter name.
  # @!attribute [rw] api_key
  #   @return [::String]
  #     Optional. The API key. If the `secret_version_for_api_key` field is
  #     set, this field will be ignored.
  # @!attribute [rw] secret_version_for_api_key
  #   @return [::String]
  #     Optional. The name of the SecretManager secret version resource storing
  #     the API key. If this field is set, the `api_key` field will be ignored.
  #     Format: `projects/{project}/secrets/{secret}/versions/{version}`
  # @!attribute [rw] request_location
  #   @return [::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::RequestLocation]
  #     Required. Key location in the request.
  class ApiKeyConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Config for authentication with OAuth.
  # @!attribute [rw] oauth_grant_type
  #   @return [::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::OAuthConfig::OauthGrantType]
  #     Required. OAuth grant types.
  # @!attribute [rw] client_id
  #   @return [::String]
  #     Required. The client ID from the OAuth provider.
  # @!attribute [rw] client_secret
  #   @return [::String]
  #     Optional. The client secret from the OAuth provider. If the
  #     `secret_version_for_client_secret` field is set, this field will be
  #     ignored.
  # @!attribute [rw] secret_version_for_client_secret
  #   @return [::String]
  #     Optional. The name of the SecretManager secret version resource storing
  #     the client secret. If this field is set, the `client_secret` field will
  #     be ignored. Format:
  #     `projects/{project}/secrets/{secret}/versions/{version}`
  # @!attribute [rw] token_endpoint
  #   @return [::String]
  #     Required. The token endpoint in the OAuth provider to exchange for an
  #     access token.
  # @!attribute [rw] scopes
  #   @return [::Array<::String>]
  #     Optional. The OAuth scopes to grant.
  class OAuthConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # OAuth grant types. Only [client credential
    # grant](https://oauth.net/2/grant-types/client-credentials) is
    # supported.
    module OauthGrantType
      # Default value. This value is unused.
      OAUTH_GRANT_TYPE_UNSPECIFIED = 0

      # Represents the [client credential
      # flow](https://oauth.net/2/grant-types/client-credentials).
      CLIENT_CREDENTIAL = 1
    end
  end

  # Config for auth using [Diglogflow service
  # agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
  # @!attribute [rw] service_agent_auth
  #   @return [::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::ServiceAgentAuthConfig::ServiceAgentAuth]
  #     Optional. Indicate the auth token type generated from the [Diglogflow
  #     service
  #     agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
  #     The generated token is sent in the Authorization header.
  class ServiceAgentAuthConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Indicate the auth token type generated from the [Diglogflow service
    # agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
    module ServiceAgentAuth
      # Service agent auth type unspecified. Default to ID_TOKEN.
      SERVICE_AGENT_AUTH_UNSPECIFIED = 0

      # Use [ID
      # token](https://cloud.google.com/docs/authentication/token-types#id)
      # generated from service agent. This can be used to access Cloud
      # Function and Cloud Run after you grant Invoker role to
      # `service-<PROJECT-NUMBER>@gcp-sa-dialogflow.iam.gserviceaccount.com`.
      ID_TOKEN = 1

      # Use [access
      # token](https://cloud.google.com/docs/authentication/token-types#access)
      # generated from service agent. This can be used to access other Google
      # Cloud APIs after you grant required roles to
      # `service-<PROJECT-NUMBER>@gcp-sa-dialogflow.iam.gserviceaccount.com`.
      ACCESS_TOKEN = 2
    end
  end

  # Config for authentication using bearer token.
  # @!attribute [rw] token
  #   @return [::String]
  #     Optional. The text token appended to the text `Bearer` to the request
  #     Authorization header.
  #     [Session parameters
  #     reference](https://cloud.google.com/dialogflow/cx/docs/concept/parameter#session-ref)
  #     can be used to pass the token dynamically, e.g.
  #     `$session.params.parameter-id`.
  # @!attribute [rw] secret_version_for_token
  #   @return [::String]
  #     Optional. The name of the SecretManager secret version resource storing
  #     the Bearer token. If this field is set, the `token` field will be
  #     ignored. Format:
  #     `projects/{project}/secrets/{secret}/versions/{version}`
  class BearerTokenConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Configuration for authentication using a service account.
  # @!attribute [rw] service_account
  #   @return [::String]
  #     Required. The email address of the service account used to authenticate
  #     the tool call. Dialogflow uses this service account to exchange an
  #     access token and the access token is then sent in the `Authorization`
  #     header of the tool request.
  #
  #     The service account must have the
  #     `roles/iam.serviceAccountTokenCreator` role granted to the
  #     [Dialogflow service
  #     agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
  class ServiceAccountAuthConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The location of the API key in the request.
  module RequestLocation
    # Default value. This value is unused.
    REQUEST_LOCATION_UNSPECIFIED = 0

    # Represents the key in http header.
    HEADER = 1

    # Represents the key in query string.
    QUERY_STRING = 2
  end
end

#service_account_auth_config ⇒ ::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::ServiceAccountAuthConfig

Returns Configuration for service account authentication.

Note: The following fields are mutually exclusive: service_account_auth_config, api_key_config, oauth_config, service_agent_auth_config, bearer_token_config. If a field in that set is populated, all other fields in the set will automatically be cleared.

Returns:

• (::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::ServiceAccountAuthConfig) —

  Configuration for service account authentication.

  Note: The following fields are mutually exclusive: service_account_auth_config, api_key_config, oauth_config, service_agent_auth_config, bearer_token_config. If a field in that set is populated, all other fields in the set will automatically be cleared.

# File 'proto_docs/google/cloud/dialogflow/cx/v3/tool.rb', line 241

class Authentication
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Config for authentication with API key.
  # @!attribute [rw] key_name
  #   @return [::String]
  #     Required. The parameter name or the header name of the API key.
  #     E.g., If the API request is "https://example.com/act?X-Api-Key=<API
  #     KEY>", "X-Api-Key" would be the parameter name.
  # @!attribute [rw] api_key
  #   @return [::String]
  #     Optional. The API key. If the `secret_version_for_api_key` field is
  #     set, this field will be ignored.
  # @!attribute [rw] secret_version_for_api_key
  #   @return [::String]
  #     Optional. The name of the SecretManager secret version resource storing
  #     the API key. If this field is set, the `api_key` field will be ignored.
  #     Format: `projects/{project}/secrets/{secret}/versions/{version}`
  # @!attribute [rw] request_location
  #   @return [::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::RequestLocation]
  #     Required. Key location in the request.
  class ApiKeyConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Config for authentication with OAuth.
  # @!attribute [rw] oauth_grant_type
  #   @return [::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::OAuthConfig::OauthGrantType]
  #     Required. OAuth grant types.
  # @!attribute [rw] client_id
  #   @return [::String]
  #     Required. The client ID from the OAuth provider.
  # @!attribute [rw] client_secret
  #   @return [::String]
  #     Optional. The client secret from the OAuth provider. If the
  #     `secret_version_for_client_secret` field is set, this field will be
  #     ignored.
  # @!attribute [rw] secret_version_for_client_secret
  #   @return [::String]
  #     Optional. The name of the SecretManager secret version resource storing
  #     the client secret. If this field is set, the `client_secret` field will
  #     be ignored. Format:
  #     `projects/{project}/secrets/{secret}/versions/{version}`
  # @!attribute [rw] token_endpoint
  #   @return [::String]
  #     Required. The token endpoint in the OAuth provider to exchange for an
  #     access token.
  # @!attribute [rw] scopes
  #   @return [::Array<::String>]
  #     Optional. The OAuth scopes to grant.
  class OAuthConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # OAuth grant types. Only [client credential
    # grant](https://oauth.net/2/grant-types/client-credentials) is
    # supported.
    module OauthGrantType
      # Default value. This value is unused.
      OAUTH_GRANT_TYPE_UNSPECIFIED = 0

      # Represents the [client credential
      # flow](https://oauth.net/2/grant-types/client-credentials).
      CLIENT_CREDENTIAL = 1
    end
  end

  # Config for auth using [Diglogflow service
  # agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
  # @!attribute [rw] service_agent_auth
  #   @return [::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::ServiceAgentAuthConfig::ServiceAgentAuth]
  #     Optional. Indicate the auth token type generated from the [Diglogflow
  #     service
  #     agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
  #     The generated token is sent in the Authorization header.
  class ServiceAgentAuthConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Indicate the auth token type generated from the [Diglogflow service
    # agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
    module ServiceAgentAuth
      # Service agent auth type unspecified. Default to ID_TOKEN.
      SERVICE_AGENT_AUTH_UNSPECIFIED = 0

      # Use [ID
      # token](https://cloud.google.com/docs/authentication/token-types#id)
      # generated from service agent. This can be used to access Cloud
      # Function and Cloud Run after you grant Invoker role to
      # `service-<PROJECT-NUMBER>@gcp-sa-dialogflow.iam.gserviceaccount.com`.
      ID_TOKEN = 1

      # Use [access
      # token](https://cloud.google.com/docs/authentication/token-types#access)
      # generated from service agent. This can be used to access other Google
      # Cloud APIs after you grant required roles to
      # `service-<PROJECT-NUMBER>@gcp-sa-dialogflow.iam.gserviceaccount.com`.
      ACCESS_TOKEN = 2
    end
  end

  # Config for authentication using bearer token.
  # @!attribute [rw] token
  #   @return [::String]
  #     Optional. The text token appended to the text `Bearer` to the request
  #     Authorization header.
  #     [Session parameters
  #     reference](https://cloud.google.com/dialogflow/cx/docs/concept/parameter#session-ref)
  #     can be used to pass the token dynamically, e.g.
  #     `$session.params.parameter-id`.
  # @!attribute [rw] secret_version_for_token
  #   @return [::String]
  #     Optional. The name of the SecretManager secret version resource storing
  #     the Bearer token. If this field is set, the `token` field will be
  #     ignored. Format:
  #     `projects/{project}/secrets/{secret}/versions/{version}`
  class BearerTokenConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Configuration for authentication using a service account.
  # @!attribute [rw] service_account
  #   @return [::String]
  #     Required. The email address of the service account used to authenticate
  #     the tool call. Dialogflow uses this service account to exchange an
  #     access token and the access token is then sent in the `Authorization`
  #     header of the tool request.
  #
  #     The service account must have the
  #     `roles/iam.serviceAccountTokenCreator` role granted to the
  #     [Dialogflow service
  #     agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
  class ServiceAccountAuthConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The location of the API key in the request.
  module RequestLocation
    # Default value. This value is unused.
    REQUEST_LOCATION_UNSPECIFIED = 0

    # Represents the key in http header.
    HEADER = 1

    # Represents the key in query string.
    QUERY_STRING = 2
  end
end

#service_agent_auth_config ⇒ ::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::ServiceAgentAuthConfig

Returns Config for Diglogflow service agent auth.

Note: The following fields are mutually exclusive: service_agent_auth_config, api_key_config, oauth_config, bearer_token_config, service_account_auth_config. If a field in that set is populated, all other fields in the set will automatically be cleared.

Returns:

• (::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::ServiceAgentAuthConfig) —

  Config for Diglogflow service agent auth.

  Note: The following fields are mutually exclusive: service_agent_auth_config, api_key_config, oauth_config, bearer_token_config, service_account_auth_config. If a field in that set is populated, all other fields in the set will automatically be cleared.

# File 'proto_docs/google/cloud/dialogflow/cx/v3/tool.rb', line 241

class Authentication
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Config for authentication with API key.
  # @!attribute [rw] key_name
  #   @return [::String]
  #     Required. The parameter name or the header name of the API key.
  #     E.g., If the API request is "https://example.com/act?X-Api-Key=<API
  #     KEY>", "X-Api-Key" would be the parameter name.
  # @!attribute [rw] api_key
  #   @return [::String]
  #     Optional. The API key. If the `secret_version_for_api_key` field is
  #     set, this field will be ignored.
  # @!attribute [rw] secret_version_for_api_key
  #   @return [::String]
  #     Optional. The name of the SecretManager secret version resource storing
  #     the API key. If this field is set, the `api_key` field will be ignored.
  #     Format: `projects/{project}/secrets/{secret}/versions/{version}`
  # @!attribute [rw] request_location
  #   @return [::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::RequestLocation]
  #     Required. Key location in the request.
  class ApiKeyConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Config for authentication with OAuth.
  # @!attribute [rw] oauth_grant_type
  #   @return [::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::OAuthConfig::OauthGrantType]
  #     Required. OAuth grant types.
  # @!attribute [rw] client_id
  #   @return [::String]
  #     Required. The client ID from the OAuth provider.
  # @!attribute [rw] client_secret
  #   @return [::String]
  #     Optional. The client secret from the OAuth provider. If the
  #     `secret_version_for_client_secret` field is set, this field will be
  #     ignored.
  # @!attribute [rw] secret_version_for_client_secret
  #   @return [::String]
  #     Optional. The name of the SecretManager secret version resource storing
  #     the client secret. If this field is set, the `client_secret` field will
  #     be ignored. Format:
  #     `projects/{project}/secrets/{secret}/versions/{version}`
  # @!attribute [rw] token_endpoint
  #   @return [::String]
  #     Required. The token endpoint in the OAuth provider to exchange for an
  #     access token.
  # @!attribute [rw] scopes
  #   @return [::Array<::String>]
  #     Optional. The OAuth scopes to grant.
  class OAuthConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # OAuth grant types. Only [client credential
    # grant](https://oauth.net/2/grant-types/client-credentials) is
    # supported.
    module OauthGrantType
      # Default value. This value is unused.
      OAUTH_GRANT_TYPE_UNSPECIFIED = 0

      # Represents the [client credential
      # flow](https://oauth.net/2/grant-types/client-credentials).
      CLIENT_CREDENTIAL = 1
    end
  end

  # Config for auth using [Diglogflow service
  # agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
  # @!attribute [rw] service_agent_auth
  #   @return [::Google::Cloud::Dialogflow::CX::V3::Tool::Authentication::ServiceAgentAuthConfig::ServiceAgentAuth]
  #     Optional. Indicate the auth token type generated from the [Diglogflow
  #     service
  #     agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
  #     The generated token is sent in the Authorization header.
  class ServiceAgentAuthConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Indicate the auth token type generated from the [Diglogflow service
    # agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
    module ServiceAgentAuth
      # Service agent auth type unspecified. Default to ID_TOKEN.
      SERVICE_AGENT_AUTH_UNSPECIFIED = 0

      # Use [ID
      # token](https://cloud.google.com/docs/authentication/token-types#id)
      # generated from service agent. This can be used to access Cloud
      # Function and Cloud Run after you grant Invoker role to
      # `service-<PROJECT-NUMBER>@gcp-sa-dialogflow.iam.gserviceaccount.com`.
      ID_TOKEN = 1

      # Use [access
      # token](https://cloud.google.com/docs/authentication/token-types#access)
      # generated from service agent. This can be used to access other Google
      # Cloud APIs after you grant required roles to
      # `service-<PROJECT-NUMBER>@gcp-sa-dialogflow.iam.gserviceaccount.com`.
      ACCESS_TOKEN = 2
    end
  end

  # Config for authentication using bearer token.
  # @!attribute [rw] token
  #   @return [::String]
  #     Optional. The text token appended to the text `Bearer` to the request
  #     Authorization header.
  #     [Session parameters
  #     reference](https://cloud.google.com/dialogflow/cx/docs/concept/parameter#session-ref)
  #     can be used to pass the token dynamically, e.g.
  #     `$session.params.parameter-id`.
  # @!attribute [rw] secret_version_for_token
  #   @return [::String]
  #     Optional. The name of the SecretManager secret version resource storing
  #     the Bearer token. If this field is set, the `token` field will be
  #     ignored. Format:
  #     `projects/{project}/secrets/{secret}/versions/{version}`
  class BearerTokenConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # Configuration for authentication using a service account.
  # @!attribute [rw] service_account
  #   @return [::String]
  #     Required. The email address of the service account used to authenticate
  #     the tool call. Dialogflow uses this service account to exchange an
  #     access token and the access token is then sent in the `Authorization`
  #     header of the tool request.
  #
  #     The service account must have the
  #     `roles/iam.serviceAccountTokenCreator` role granted to the
  #     [Dialogflow service
  #     agent](https://cloud.google.com/iam/docs/service-agents#dialogflow-service-agent).
  class ServiceAccountAuthConfig
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # The location of the API key in the request.
  module RequestLocation
    # Default value. This value is unused.
    REQUEST_LOCATION_UNSPECIFIED = 0

    # Represents the key in http header.
    HEADER = 1

    # Represents the key in query string.
    QUERY_STRING = 2
  end
end