Auth
import type { Auth } from "https://googleapis.deno.dev/v1/servicecontrol:v2.ts";
This message defines request authentication attributes. Terminology is based on the JSON Web Token (JWT) standard, but the terms also correlate to concepts in other standards.
§Properties
A list of access level resource names that allow resources to be accessed by authenticated requester. It is part of Secure GCP processing for the incoming request. An access level string has the format: "//{api_service_name}/accessPolicies/{policy_id}/accessLevels/{short_name}" Example: "//accesscontextmanager.googleapis.com/accessPolicies/MY_POLICY_ID/accessLevels/MY_LEVEL"
The intended audience(s) for this authentication information. Reflects the
audience (aud
) claim within a JWT. The audience value(s) depends on the
issuer
, but typically include one or more of the following pieces of
information: * The services intended to receive the credential. For
example, ["https://pubsub.googleapis.com/",
"https://storage.googleapis.com/"]. * A set of service-based scopes. For
example, ["https://www.googleapis.com/auth/cloud-platform"]. * The client
id of an app, such as the Firebase project id for JWTs from Firebase Auth.
Consult the documentation for the credential issuer to determine the
information provided.
Structured claims presented with the credential. JWTs include {key: value}
pairs for standard and private claims. The following is a subset of
the standard required and optional claims that would typically be presented
for a Google-based JWT: {'iss': 'accounts.google.com', 'sub':
'113289723416554971153', 'aud': ['123456789012', 'pubsub.googleapis.com'],
'azp': '123456789012.apps.googleusercontent.com', 'email':
'jsmith@example.com', 'iat': 1353601026, 'exp': 1353604926} SAML assertions
are similarly specified, but with an identity provider dependent structure.
Identifies the client credential id used for authentication. credential_id is in the format of AUTH_METHOD:IDENTIFIER, e.g. "serviceaccount:XXXXX, apikey:XXXXX" where the format of the IDENTIFIER can vary for different AUTH_METHODs.
The authorized presenter of the credential. Reflects the optional
Authorized Presenter (azp
) claim within a JWT or the OAuth client id. For
example, a Google Cloud Platform client id looks as follows:
"123456789012.apps.googleusercontent.com".
The authenticated principal. Reflects the issuer (iss
) and subject
(sub
) claims within a JWT. The issuer and subject should be /
delimited, with /
percent-encoded within the subject fragment. For Google
accounts, the principal format is: "https://accounts.google.com/{id}"