[][src]Struct google_iamcredentials1::GenerateIdentityBindingAccessTokenRequest

pub struct GenerateIdentityBindingAccessTokenRequest {
    pub scope: Option<Vec<String>>,
    pub jwt: Option<String>,
}

There is no detailed description.

Activities

This type is used in activities, which are methods you may call on this type or where this type is involved in. The list links the activity name, along with information about where it is used (one of request and response).

Fields

scope: Option<Vec<String>>

Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

jwt: Option<String>

Required. Input token. Must be in JWT format according to RFC7523 (https://tools.ietf.org/html/rfc7523) and must have 'kid' field in the header. Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon). Mandatory payload fields (along the lines of RFC 7523, section 3):

  • iss: issuer of the token. Must provide a discovery document at $iss/.well-known/openid-configuration . The document needs to be formatted according to section 4.2 of the OpenID Connect Discovery 1.0 specification.
  • iat: Issue time in seconds since epoch. Must be in the past.
  • exp: Expiration time in seconds since epoch. Must be less than 48 hours after iat. We recommend to create tokens that last shorter than 6 hours to improve security unless business reasons mandate longer expiration times. Shorter token lifetimes are generally more secure since tokens that have been exfiltrated by attackers can be used for a shorter time. you can configure the maximum lifetime of the incoming token in the configuration of the mapper. The resulting Google token will expire within an hour or at "exp", whichever is earlier.
  • sub: JWT subject, identity asserted in the JWT.
  • aud: Configured in the mapper policy. By default the service account email.

Claims from the incoming token can be transferred into the output token accoding to the mapper configuration. The outgoing claim size is limited. Outgoing claims size must be less than 4kB serialized as JSON without whitespace.

Example header: { "alg": "RS256", "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8" } Example payload: { "iss": "https://accounts.google.com", "iat": 1517963104, "exp": 1517966704, "aud": "https://iamcredentials.googleapis.com/google.iam.credentials.v1.CloudGaia", "sub": "113475438248934895348", "my_claims": { "additional_claim": "value" } }

Trait Implementations

impl RequestValue for GenerateIdentityBindingAccessTokenRequest[src]

impl Default for GenerateIdentityBindingAccessTokenRequest[src]

impl Clone for GenerateIdentityBindingAccessTokenRequest[src]

fn clone_from(&mut self, source: &Self)1.0.0[src]

Performs copy-assignment from source. Read more

impl Debug for GenerateIdentityBindingAccessTokenRequest[src]

impl Serialize for GenerateIdentityBindingAccessTokenRequest[src]

impl<'de> Deserialize<'de> for GenerateIdentityBindingAccessTokenRequest[src]

Auto Trait Implementations

Blanket Implementations

impl<T> ToOwned for T where
    T: Clone[src]

type Owned = T

The resulting type after obtaining ownership.

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Typeable for T where
    T: Any

fn get_type(&self) -> TypeId

Get the TypeId of this object.

impl<T> DeserializeOwned for T where
    T: Deserialize<'de>, [src]