UNPKG

@sisyphus.js/google

Version:

Precompiled google common protos by sisyphus protobuf compiler

github.com/ButterCam/sisyphus-js

ButterCam/sisyphus-js

244 lines 9.35 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
/** * `Authentication` defines the authentication configuration for API methods * provided by an API service. * * Example: * * name: calendar.googleapis.com * authentication: * providers: * - id: google_calendar_auth * jwks_uri: https://www.googleapis.com/oauth2/v1/certs * issuer: https://securetoken.google.com * rules: * - selector: "*" * requirements: * provider_id: google_calendar_auth * - selector: google.calendar.Delegate * oauth: * canonical_scopes: https://www.googleapis.com/auth/calendar.read */ export interface Authentication { /** * A list of authentication rules that apply to individual API methods. * * **NOTE:** All service configuration rules follow "last one wins" order. */ rules?: AuthenticationRule[]; /** Defines a set of authentication providers that a service supports. */ providers?: AuthProvider[]; } export declare namespace Authentication { const name = "google.api.Authentication"; } /** * Authentication rules for the service. * * By default, if a method has any authentication requirements, every request * must include a valid credential matching one of the requirements. * It's an error to include more than one kind of credential in a single * request. * * If a method doesn't have any auth requirements, request credentials will be * ignored. */ export interface AuthenticationRule { /** * Selects the methods to which this rule applies. * * Refer to [selector][google.api.DocumentationRule.selector] for syntax details. */ selector?: string; /** The requirements for OAuth credentials. */ oauth?: OAuthRequirements; /** * If true, the service accepts API keys without any other credential. * This flag only applies to HTTP and gRPC requests. */ allowWithoutCredential?: boolean; /** Requirements for additional authentication providers. */ requirements?: AuthRequirement[]; } export declare namespace AuthenticationRule { const name = "google.api.AuthenticationRule"; } /** Specifies a location to extract JWT from an API request. */ export interface JwtLocation { /** Specifies HTTP header name to extract JWT token. */ header?: string; /** Specifies URL query parameter name to extract JWT token. */ query?: string; /** * The value prefix. The value format is "value_prefix{token}" * Only applies to "in" header type. Must be empty for "in" query type. * If not empty, the header value has to match (case sensitive) this prefix. * If not matched, JWT will not be extracted. If matched, JWT will be * extracted after the prefix is removed. * * For example, for "Authorization: Bearer {JWT}", * value_prefix="Bearer " with a space at the end. */ valuePrefix?: string; } export declare namespace JwtLocation { const name = "google.api.JwtLocation"; } /** * Configuration for an authentication provider, including support for * [JSON Web Token * (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32). */ export interface AuthProvider { /** * The unique identifier of the auth provider. It will be referred to by * `AuthRequirement.provider_id`. * * Example: "bookstore_auth". */ id?: string; /** * Identifies the principal that issued the JWT. See * https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.1 * Usually a URL or an email address. * * Example: https://securetoken.google.com * Example: 1234567-compute@developer.gserviceaccount.com */ issuer?: string; /** * URL of the provider's public key set to validate signature of the JWT. See * [OpenID * Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). * Optional if the key set document: * - can be retrieved from * [OpenID * Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) * of the issuer. * - can be inferred from the email domain of the issuer (e.g. a Google * service account). * * Example: https://www.googleapis.com/oauth2/v1/certs */ jwksUri?: string; /** * The list of JWT * [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3). * that are allowed to access. A JWT containing any of these audiences will * be accepted. When this setting is absent, JWTs with audiences: * - "https://[service.name]/[google.protobuf.Api.name]" * - "https://[service.name]/" * will be accepted. * For example, if no audiences are in the setting, LibraryService API will * accept JWTs with the following audiences: * - * https://library-example.googleapis.com/google.example.library.v1.LibraryService * - https://library-example.googleapis.com/ * * Example: * * audiences: bookstore_android.apps.googleusercontent.com, * bookstore_web.apps.googleusercontent.com */ audiences?: string; /** * Redirect URL if JWT token is required but not present or is expired. * Implement authorizationUrl of securityDefinitions in OpenAPI spec. */ authorizationUrl?: string; /** * Defines the locations to extract the JWT. * * JWT locations can be either from HTTP headers or URL query parameters. * The rule is that the first match wins. The checking order is: checking * all headers first, then URL query parameters. * * If not specified, default to use following 3 locations: * 1) Authorization: Bearer * 2) x-goog-iap-jwt-assertion * 3) access_token query parameter * * Default locations can be specified as followings: * jwt_locations: * - header: Authorization * value_prefix: "Bearer " * - header: x-goog-iap-jwt-assertion * - query: access_token */ jwtLocations?: JwtLocation[]; } export declare namespace AuthProvider { const name = "google.api.AuthProvider"; } /** * OAuth scopes are a way to define data and permissions on data. For example, * there are scopes defined for "Read-only access to Google Calendar" and * "Access to Cloud Platform". Users can consent to a scope for an application, * giving it permission to access that data on their behalf. * * OAuth scope specifications should be fairly coarse grained; a user will need * to see and understand the text description of what your scope means. * * In most cases: use one or at most two OAuth scopes for an entire family of * products. If your product has multiple APIs, you should probably be sharing * the OAuth scope across all of those APIs. * * When you need finer grained OAuth consent screens: talk with your product * management about how developers will use them in practice. * * Please note that even though each of the canonical scopes is enough for a * request to be accepted and passed to the backend, a request can still fail * due to the backend requiring additional scopes or permissions. */ export interface OAuthRequirements { /** * The list of publicly documented OAuth scopes that are allowed access. An * OAuth token containing any of these scopes will be accepted. * * Example: * * canonical_scopes: https://www.googleapis.com/auth/calendar, * https://www.googleapis.com/auth/calendar.read */ canonicalScopes?: string; } export declare namespace OAuthRequirements { const name = "google.api.OAuthRequirements"; } /** * User-defined authentication requirements, including support for * [JSON Web Token * (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32). */ export interface AuthRequirement { /** * [id][google.api.AuthProvider.id] from authentication provider. * * Example: * * provider_id: bookstore_auth */ providerId?: string; /** * NOTE: This will be deprecated soon, once AuthProvider.audiences is * implemented and accepted in all the runtime components. * * The list of JWT * [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3). * that are allowed to access. A JWT containing any of these audiences will * be accepted. When this setting is absent, only JWTs with audience * "https://[Service_name][google.api.Service.name]/[API_name][google.protobuf.Api.name]" * will be accepted. For example, if no audiences are in the setting, * LibraryService API will only accept JWTs with the following audience * "https://library-example.googleapis.com/google.example.library.v1.LibraryService". * * Example: * * audiences: bookstore_android.apps.googleusercontent.com, * bookstore_web.apps.googleusercontent.com */ audiences?: string; } export declare namespace AuthRequirement { const name = "google.api.AuthRequirement"; } //# sourceMappingURL=auth.d.ts.map