generated/google/apis/iamcredentials_v1/classes.rb in google-api-client-0.23.7 vs generated/google/apis/iamcredentials_v1/classes.rb in google-api-client-0.23.8
- old
+ new
@@ -151,9 +151,106 @@
@token = args[:token] if args.key?(:token)
end
end
#
+ class GenerateIdentityBindingAccessTokenRequest
+ include Google::Apis::Core::Hashable
+
+ # Required. Input token.
+ # Must be in JWT format according to
+ # RFC7523 (https://tools.ietf.org/html/rfc7523)
+ # and must have 'kid' field in the header.
+ # Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon).
+ # Mandatory payload fields (along the lines of RFC 7523, section 3):
+ # - iss: issuer of the token. Must provide a discovery document at
+ # $iss/.well-known/openid-configuration . The document needs to be
+ # formatted according to section 4.2 of the OpenID Connect Discovery
+ # 1.0 specification.
+ # - iat: Issue time in seconds since epoch. Must be in the past.
+ # - exp: Expiration time in seconds since epoch. Must be less than 48 hours
+ # after iat. We recommend to create tokens that last shorter than 6
+ # hours to improve security unless business reasons mandate longer
+ # expiration times. Shorter token lifetimes are generally more secure
+ # since tokens that have been exfiltrated by attackers can be used for
+ # a shorter time. you can configure the maximum lifetime of the
+ # incoming token in the configuration of the mapper.
+ # The resulting Google token will expire within an hour or at "exp",
+ # whichever is earlier.
+ # - sub: JWT subject, identity asserted in the JWT.
+ # - aud: Configured in the mapper policy. By default the service account
+ # email.
+ # Claims from the incoming token can be transferred into the output token
+ # accoding to the mapper configuration. The outgoing claim size is limited.
+ # Outgoing claims size must be less than 4kB serialized as JSON without
+ # whitespace.
+ # Example header:
+ # `
+ # "alg": "RS256",
+ # "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8"
+ # `
+ # Example payload:
+ # `
+ # "iss": "https://accounts.google.com",
+ # "iat": 1517963104,
+ # "exp": 1517966704,
+ # "aud": "https://iamcredentials.googleapis.com/google.iam.credentials.v1.
+ # CloudGaia",
+ # "sub": "113475438248934895348",
+ # "my_claims": `
+ # "additional_claim": "value"
+ # `
+ # `
+ # Corresponds to the JSON property `jwt`
+ # @return [String]
+ attr_accessor :jwt
+
+ # Code to identify the scopes to be included in the OAuth 2.0 access token.
+ # See https://developers.google.com/identity/protocols/googlescopes for more
+ # information.
+ # At least one value required.
+ # Corresponds to the JSON property `scope`
+ # @return [Array<String>]
+ attr_accessor :scope
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @jwt = args[:jwt] if args.key?(:jwt)
+ @scope = args[:scope] if args.key?(:scope)
+ end
+ end
+
+ #
+ class GenerateIdentityBindingAccessTokenResponse
+ include Google::Apis::Core::Hashable
+
+ # The OAuth 2.0 access token.
+ # Corresponds to the JSON property `accessToken`
+ # @return [String]
+ attr_accessor :access_token
+
+ # Token expiration time.
+ # The expiration time is always set.
+ # Corresponds to the JSON property `expireTime`
+ # @return [String]
+ attr_accessor :expire_time
+
+ def initialize(**args)
+ update!(**args)
+ end
+
+ # Update properties of this object
+ def update!(**args)
+ @access_token = args[:access_token] if args.key?(:access_token)
+ @expire_time = args[:expire_time] if args.key?(:expire_time)
+ end
+ end
+
+ #
class SignBlobRequest
include Google::Apis::Core::Hashable
# The sequence of service accounts in a delegation chain. Each service
# account must be granted the `roles/iam.serviceAccountTokenCreator` role