Struct google_iamcredentials1::GenerateIdentityBindingAccessTokenRequest

pub struct GenerateIdentityBindingAccessTokenRequest {
    pub scope: Option<Vec<String>>,
    pub jwt: Option<String>,
}

There is no detailed description.

Activities

This type is used in activities, which are methods you may call on this type or where this type is involved in. The list links the activity name, along with information about where it is used (one of request and response).

• service accounts generate identity binding access token projects (request)

Fields

scope: Option<Vec<String>>

Code to identify the scopes to be included in the OAuth 2.0 access token. See https://developers.google.com/identity/protocols/googlescopes for more information. At least one value required.

jwt: Option<String>

Required. Input token. Must be in JWT format according to RFC7523 (https://tools.ietf.org/html/rfc7523) and must have 'kid' field in the header. Supported signing algorithms: RS256 (RS512, ES256, ES512 coming soon). Mandatory payload fields (along the lines of RFC 7523, section 3):

• iss: issuer of the token. Must provide a discovery document at $iss/.well-known/openid-configuration . The document needs to be formatted according to section 4.2 of the OpenID Connect Discovery 1.0 specification.
• iat: Issue time in seconds since epoch. Must be in the past.
• exp: Expiration time in seconds since epoch. Must be less than 48 hours after iat. We recommend to create tokens that last shorter than 6 hours to improve security unless business reasons mandate longer expiration times. Shorter token lifetimes are generally more secure since tokens that have been exfiltrated by attackers can be used for a shorter time. you can configure the maximum lifetime of the incoming token in the configuration of the mapper. The resulting Google token will expire within an hour or at "exp", whichever is earlier.
• sub: JWT subject, identity asserted in the JWT.
• aud: Configured in the mapper policy. By default the service account email.

Claims from the incoming token can be transferred into the output token accoding to the mapper configuration. The outgoing claim size is limited. Outgoing claims size must be less than 4kB serialized as JSON without whitespace.

Example header: { "alg": "RS256", "kid": "92a4265e14ab04d4d228a48d10d4ca31610936f8" } Example payload: { "iss": "https://accounts.google.com", "iat": 1517963104, "exp": 1517966704, "aud": "https://iamcredentials.googleapis.com/google.iam.credentials.v1.CloudGaia", "sub": "113475438248934895348", "my_claims": { "additional_claim": "value" } }

Trait Implementations

impl Default for GenerateIdentityBindingAccessTokenRequest

fn default() -> GenerateIdentityBindingAccessTokenRequest

Returns the "default value" for a type.

impl Clone for GenerateIdentityBindingAccessTokenRequest

fn clone(&self) -> GenerateIdentityBindingAccessTokenRequest

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for GenerateIdentityBindingAccessTokenRequest

fn fmt(&self, f: &mut Formatter) -> Result

Formats the value using the given formatter.

impl RequestValue for GenerateIdentityBindingAccessTokenRequest