google-apis-sts_v1 0.5.0 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 68e3664ef29c2718f67307622832d82bac19f7f0f5bffb0d31963d2c98878c51
-  data.tar.gz: 661e76ef139eb9e737ade24f8cdf929e3cb30d43eb386b966718058687e9a2fb
+  metadata.gz: 67b6ac980a291a4baa675d886464814e980c96614a0cfd55331ddd1a4a0f3734
+  data.tar.gz: ad9cf7bb5b5ec77e182eb721e68970af7377cee07162d5f6a447f5f27376d4fa
 SHA512:
-  metadata.gz: a1d2b40f06e60ef7f673c80ff1277badf45bc6141351dbb31bd1073d65296f8bdee4bd736f9cce579fc803adbe2d948c186fbdaf8a7bd73ee50558f7e2062b0a
-  data.tar.gz: 32942550c2114af9aa8467865098b4afa16af5a6c02462d0682e5bf7ad36b497f2f8d022f7811e469bfd2ae94d5681d77dc5a27d9942d9d28194fa889dc1490d
+  metadata.gz: f9029389e49cbd1dbe4e46c9fc4f8f7ff410328a0e3f5df9013ef30c9293ce21ceb88407584e11ba34476a8dcfe598efb8f5cbea173fe1eedf60f61245fb720b
+  data.tar.gz: 033e572b461a96b3a3437f30323c6369fd1305319eb6615abcc9f2e5b77e826e4e7a6fb55fd3c6717b9e0523007548032fc2c9096a836f0af2372d66a0c64b75

data/CHANGELOG.md

@@ -1,5 +1,27 @@
 # Release history for google-apis-sts_v1
 
+### v0.10.0 (2021-07-03)
+
+* Regenerated from discovery document revision 20210625
+* Regenerated using generator version 0.4.0
+
+### v0.9.0 (2021-06-24)
+
+* Unspecified changes
+
+### v0.8.0 (2021-06-19)
+
+* Regenerated from discovery document revision 20210613
+* Regenerated using generator version 0.3.0
+
+### v0.7.0 (2021-05-27)
+
+* Regenerated from discovery document revision 20210517
+
+### v0.6.0 (2021-05-20)
+
+* Unspecified changes
+
 ### v0.5.0 (2021-05-15)
 
 * Regenerated from discovery document revision 20210508

data/lib/google/apis/sts_v1/classes.rb

@@ -59,48 +59,48 @@ module Google
         # @return [String]
         attr_accessor :scope
       
-        # Required. The input token. This token is a either an external credential
-        # issued by a workload identity pool provider, or a short-lived access token
-        # issued by Google. If the token is an OIDC JWT, it must use the JWT format
-        # defined in [RFC 7523](https://tools.ietf.org/html/rfc7523), and the `
-        # subject_token_type` must be `urn:ietf:params:oauth:token-type:jwt`. The
-        # following headers are required: - `kid`: The identifier of the signing key
-        # securing the JWT. - `alg`: The cryptographic algorithm securing the JWT. Must
-        # be `RS256` or `ES256`. The following payload fields are required. For more
-        # information, see [RFC 7523, Section 3](https://tools.ietf.org/html/rfc7523#
-        # section-3): - `iss`: The issuer of the token. The issuer must provide a
-        # discovery document at the URL `/.well-known/openid-configuration`, where `` is
-        # the value of this field. The document must be formatted according to section 4.
-        # 2 of the [OIDC 1.0 Discovery specification](https://openid.net/specs/openid-
-        # connect-discovery-1_0.html#ProviderConfigurationResponse). - `iat`: The issue
-        # time, in seconds, since the Unix epoch. Must be in the past. - `exp`: The
-        # expiration time, in seconds, since the Unix epoch. Must be less than 48 hours
-        # after `iat`. Shorter expiration times are more secure. If possible, we
-        # recommend setting an expiration time less than 6 hours. - `sub`: The identity
-        # asserted in the JWT. - `aud`: For workload identity pools, this must be a
-        # value specified in the allowed audiences for the workload identity pool
-        # provider, or one of the audiences allowed by default if no audiences were
-        # specified. See https://cloud.google.com/iam/docs/reference/rest/v1/projects.
-        # locations.workloadIdentityPools.providers#oidc Example header: ``` ` "alg": "
-        # RS256", "kid": "us-east-11" ` ``` Example payload: ``` ` "iss": "https://
-        # accounts.google.com", "iat": 1517963104, "exp": 1517966704, "aud": "//iam.
-        # googleapis.com/projects/1234567890123/locations/global/workloadIdentityPools/
-        # my-pool/providers/my-provider", "sub": "113475438248934895348", "my_claims": `
-        # "additional_claim": "value" ` ` ``` If `subject_token` is for AWS, it must be
-        # a serialized `GetCallerIdentity` token. This token contains the same
-        # information as a request to the AWS [`GetCallerIdentity()`](https://docs.aws.
-        # amazon.com/STS/latest/APIReference/API_GetCallerIdentity) method, as well as
-        # the AWS [signature](https://docs.aws.amazon.com/general/latest/gr/
-        # signing_aws_api_requests.html) for the request information. Use Signature
-        # Version 4. Format the request as URL-encoded JSON, and set the `
-        # subject_token_type` parameter to `urn:ietf:params:aws:token-type:aws4_request`.
-        # The following parameters are required: - `url`: The URL of the AWS STS
-        # endpoint for `GetCallerIdentity()`, such as `https://sts.amazonaws.com?Action=
-        # GetCallerIdentity&Version=2011-06-15`. Regional endpoints are also supported. -
-        # `method`: The HTTP request method: `POST`. - `headers`: The HTTP request
-        # headers, which must include: - `Authorization`: The request signature. - `x-
-        # amz-date`: The time you will send the request, formatted as an [ISO8601 Basic](
-        # https://docs.aws.amazon.com/general/latest/gr/sigv4_elements.html#
+        # Required. The input token. This token is either an external credential issued
+        # by a workload identity pool provider, or a short-lived access token issued by
+        # Google. If the token is an OIDC JWT, it must use the JWT format defined in [
+        # RFC 7523](https://tools.ietf.org/html/rfc7523), and the `subject_token_type`
+        # must be either `urn:ietf:params:oauth:token-type:jwt` or `urn:ietf:params:
+        # oauth:token-type:id_token`. The following headers are required: - `kid`: The
+        # identifier of the signing key securing the JWT. - `alg`: The cryptographic
+        # algorithm securing the JWT. Must be `RS256` or `ES256`. The following payload
+        # fields are required. For more information, see [RFC 7523, Section 3](https://
+        # tools.ietf.org/html/rfc7523#section-3): - `iss`: The issuer of the token. The
+        # issuer must provide a discovery document at the URL `/.well-known/openid-
+        # configuration`, where `` is the value of this field. The document must be
+        # formatted according to section 4.2 of the [OIDC 1.0 Discovery specification](
+        # https://openid.net/specs/openid-connect-discovery-1_0.html#
+        # ProviderConfigurationResponse). - `iat`: The issue time, in seconds, since the
+        # Unix epoch. Must be in the past. - `exp`: The expiration time, in seconds,
+        # since the Unix epoch. Must be less than 48 hours after `iat`. Shorter
+        # expiration times are more secure. If possible, we recommend setting an
+        # expiration time less than 6 hours. - `sub`: The identity asserted in the JWT. -
+        # `aud`: For workload identity pools, this must be a value specified in the
+        # allowed audiences for the workload identity pool provider, or one of the
+        # audiences allowed by default if no audiences were specified. See https://cloud.
+        # google.com/iam/docs/reference/rest/v1/projects.locations.workloadIdentityPools.
+        # providers#oidc Example header: ``` ` "alg": "RS256", "kid": "us-east-11" ` ```
+        # Example payload: ``` ` "iss": "https://accounts.google.com", "iat": 1517963104,
+        # "exp": 1517966704, "aud": "//iam.googleapis.com/projects/1234567890123/
+        # locations/global/workloadIdentityPools/my-pool/providers/my-provider", "sub": "
+        # 113475438248934895348", "my_claims": ` "additional_claim": "value" ` ` ``` If `
+        # subject_token` is for AWS, it must be a serialized `GetCallerIdentity` token.
+        # This token contains the same information as a request to the AWS [`
+        # GetCallerIdentity()`](https://docs.aws.amazon.com/STS/latest/APIReference/
+        # API_GetCallerIdentity) method, as well as the AWS [signature](https://docs.aws.
+        # amazon.com/general/latest/gr/signing_aws_api_requests.html) for the request
+        # information. Use Signature Version 4. Format the request as URL-encoded JSON,
+        # and set the `subject_token_type` parameter to `urn:ietf:params:aws:token-type:
+        # aws4_request`. The following parameters are required: - `url`: The URL of the
+        # AWS STS endpoint for `GetCallerIdentity()`, such as `https://sts.amazonaws.com?
+        # Action=GetCallerIdentity&Version=2011-06-15`. Regional endpoints are also
+        # supported. - `method`: The HTTP request method: `POST`. - `headers`: The HTTP
+        # request headers, which must include: - `Authorization`: The request signature.
+        # - `x-amz-date`: The time you will send the request, formatted as an [ISO8601
+        # Basic](https://docs.aws.amazon.com/general/latest/gr/sigv4_elements.html#
         # sigv4_elements_date) string. This value is typically set to the current time
         # and is used to help prevent replay attacks. - `host`: The hostname of the `url`
         # field; for example, `sts.amazonaws.com`. - `x-goog-cloud-target-resource`:
@@ -130,8 +130,8 @@ module Google
       
         # Required. An identifier that indicates the type of the security token in the `
         # subject_token` parameter. Supported values are `urn:ietf:params:oauth:token-
-        # type:jwt`, `urn:ietf:params:aws:token-type:aws4_request`, and `urn:ietf:params:
-        # oauth:token-type:access_token`.
+        # type:jwt`, `urn:ietf:params:oauth:token-type:id_token`, `urn:ietf:params:aws:
+        # token-type:aws4_request`, and `urn:ietf:params:oauth:token-type:access_token`.
         # Corresponds to the JSON property `subjectTokenType`
         # @return [String]
         attr_accessor :subject_token_type
@@ -196,6 +196,105 @@ module Google
           @token_type = args[:token_type] if args.key?(:token_type)
         end
       end
+      
+      # Request message for IntrospectToken.
+      class GoogleIdentityStsV1IntrospectTokenRequest
+        include Google::Apis::Core::Hashable
+      
+        # Required. The OAuth 2.0 security token issued by the Security Token Service
+        # API.
+        # Corresponds to the JSON property `token`
+        # @return [String]
+        attr_accessor :token
+      
+        # Optional. The type of the given token. Supported values are `urn:ietf:params:
+        # oauth:token-type:access_token` and `access_token`.
+        # Corresponds to the JSON property `tokenTypeHint`
+        # @return [String]
+        attr_accessor :token_type_hint
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @token = args[:token] if args.key?(:token)
+          @token_type_hint = args[:token_type_hint] if args.key?(:token_type_hint)
+        end
+      end
+      
+      # Response message for IntrospectToken.
+      class GoogleIdentityStsV1IntrospectTokenResponse
+        include Google::Apis::Core::Hashable
+      
+        # A boolean value that indicates whether the provided access token is currently
+        # active.
+        # Corresponds to the JSON property `active`
+        # @return [Boolean]
+        attr_accessor :active
+        alias_method :active?, :active
+      
+        # The client identifier for the OAuth 2.0 client that requested the provided
+        # token.
+        # Corresponds to the JSON property `client_id`
+        # @return [String]
+        attr_accessor :client_id
+      
+        # The expiration timestamp, measured in the number of seconds since January 1
+        # 1970 UTC, indicating when this token will expire.
+        # Corresponds to the JSON property `exp`
+        # @return [Fixnum]
+        attr_accessor :exp
+      
+        # The issued timestamp, measured in the number of seconds since January 1 1970
+        # UTC, indicating when this token was originally issued.
+        # Corresponds to the JSON property `iat`
+        # @return [Fixnum]
+        attr_accessor :iat
+      
+        # The issuer of the provided token.
+        # Corresponds to the JSON property `iss`
+        # @return [String]
+        attr_accessor :iss
+      
+        # A list of scopes associated with the provided token.
+        # Corresponds to the JSON property `scope`
+        # @return [String]
+        attr_accessor :scope
+      
+        # The unique user ID associated with the provided token. For Google Accounts,
+        # this value is based on the Google Account's user ID. For federated identities,
+        # this value is based on the identity pool ID and the value of the mapped `
+        # google.subject` attribute.
+        # Corresponds to the JSON property `sub`
+        # @return [String]
+        attr_accessor :sub
+      
+        # The human-readable identifier for the token principal subject. For example, if
+        # the provided token is associated with a workload identity pool, this field
+        # contains a value in the following format: `principal://iam.googleapis.com/
+        # projects//locations//workloadIdentityPools//subject/`
+        # Corresponds to the JSON property `username`
+        # @return [String]
+        attr_accessor :username
+      
+        def initialize(**args)
+           update!(**args)
+        end
+      
+        # Update properties of this object
+        def update!(**args)
+          @active = args[:active] if args.key?(:active)
+          @client_id = args[:client_id] if args.key?(:client_id)
+          @exp = args[:exp] if args.key?(:exp)
+          @iat = args[:iat] if args.key?(:iat)
+          @iss = args[:iss] if args.key?(:iss)
+          @scope = args[:scope] if args.key?(:scope)
+          @sub = args[:sub] if args.key?(:sub)
+          @username = args[:username] if args.key?(:username)
+        end
+      end
     end
   end
 end

data/lib/google/apis/sts_v1/gem_version.rb

@@ -16,13 +16,13 @@ module Google
   module Apis
     module StsV1
       # Version of the google-apis-sts_v1 gem
-      GEM_VERSION = "0.5.0"
+      GEM_VERSION = "0.10.0"
 
       # Version of the code generator used to generate this client
-      GENERATOR_VERSION = "0.2.0"
+      GENERATOR_VERSION = "0.4.0"
 
       # Revision of the discovery document this client was generated from
-      REVISION = "20210508"
+      REVISION = "20210625"
     end
   end
 end

data/lib/google/apis/sts_v1/representations.rb

@@ -34,6 +34,18 @@ module Google
         include Google::Apis::Core::JsonObjectSupport
       end
       
+      class GoogleIdentityStsV1IntrospectTokenRequest
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
+      class GoogleIdentityStsV1IntrospectTokenResponse
+        class Representation < Google::Apis::Core::JsonRepresentation; end
+      
+        include Google::Apis::Core::JsonObjectSupport
+      end
+      
       class GoogleIdentityStsV1ExchangeTokenRequest
         # @private
         class Representation < Google::Apis::Core::JsonRepresentation
@@ -56,6 +68,28 @@ module Google
           property :token_type, as: 'token_type'
         end
       end
+      
+      class GoogleIdentityStsV1IntrospectTokenRequest
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :token, as: 'token'
+          property :token_type_hint, as: 'tokenTypeHint'
+        end
+      end
+      
+      class GoogleIdentityStsV1IntrospectTokenResponse
+        # @private
+        class Representation < Google::Apis::Core::JsonRepresentation
+          property :active, as: 'active'
+          property :client_id, as: 'client_id'
+          property :exp, :numeric_string => true, as: 'exp'
+          property :iat, :numeric_string => true, as: 'iat'
+          property :iss, as: 'iss'
+          property :scope, as: 'scope'
+          property :sub, as: 'sub'
+          property :username, as: 'username'
+        end
+      end
     end
   end
 end

data/lib/google/apis/sts_v1/service.rb

@@ -50,6 +50,38 @@ module Google
           @batch_path = 'batch'
         end
         
+        # Gets information about a Google OAuth 2.0 access token issued by the Google
+        # Cloud [Security Token Service API](https://cloud.google.com/iam/docs/reference/
+        # sts/rest).
+        # @param [Google::Apis::StsV1::GoogleIdentityStsV1IntrospectTokenRequest] google_identity_sts_v1_introspect_token_request_object
+        # @param [String] fields
+        #   Selector specifying which fields to include in a partial response.
+        # @param [String] quota_user
+        #   Available to use for quota purposes for server-side applications. Can be any
+        #   arbitrary string assigned to a user, but should not exceed 40 characters.
+        # @param [Google::Apis::RequestOptions] options
+        #   Request-specific options
+        #
+        # @yield [result, err] Result & error if block supplied
+        # @yieldparam result [Google::Apis::StsV1::GoogleIdentityStsV1IntrospectTokenResponse] parsed result object
+        # @yieldparam err [StandardError] error object if request failed
+        #
+        # @return [Google::Apis::StsV1::GoogleIdentityStsV1IntrospectTokenResponse]
+        #
+        # @raise [Google::Apis::ServerError] An error occurred on the server and the request can be retried
+        # @raise [Google::Apis::ClientError] The request is invalid and should not be retried without modification
+        # @raise [Google::Apis::AuthorizationError] Authorization is required
+        def introspect(google_identity_sts_v1_introspect_token_request_object = nil, fields: nil, quota_user: nil, options: nil, &block)
+          command = make_simple_command(:post, 'v1/introspect', options)
+          command.request_representation = Google::Apis::StsV1::GoogleIdentityStsV1IntrospectTokenRequest::Representation
+          command.request_object = google_identity_sts_v1_introspect_token_request_object
+          command.response_representation = Google::Apis::StsV1::GoogleIdentityStsV1IntrospectTokenResponse::Representation
+          command.response_class = Google::Apis::StsV1::GoogleIdentityStsV1IntrospectTokenResponse
+          command.query['fields'] = fields unless fields.nil?
+          command.query['quotaUser'] = quota_user unless quota_user.nil?
+          execute_or_queue_command(command, &block)
+        end
+        
         # Exchanges a credential for a Google OAuth 2.0 access token. The token asserts
         # an external identity within a workload identity pool, or it applies a
         # Credential Access Boundary to a Google access token. When you call this method,

metadata

@@ -1,29 +1,35 @@
 --- !ruby/object:Gem::Specification
 name: google-apis-sts_v1
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.10.0
 platform: ruby
 authors:
 - Google LLC
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-05-18 00:00:00.000000000 Z
+date: 2021-07-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-apis-core
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '0.4'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: 2.a
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0.4'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: 2.a
 description: This is the simple REST client for Security Token Service API V1. Simple
   REST clients are Ruby client libraries that provide access to Google services via
   their HTTP REST API endpoints. These libraries are generated and updated automatically
@@ -52,7 +58,7 @@ licenses:
 metadata:
   bug_tracker_uri: https://github.com/googleapis/google-api-ruby-client/issues
   changelog_uri: https://github.com/googleapis/google-api-ruby-client/tree/master/generated/google-apis-sts_v1/CHANGELOG.md
-  documentation_uri: https://googleapis.dev/ruby/google-apis-sts_v1/v0.5.0
+  documentation_uri: https://googleapis.dev/ruby/google-apis-sts_v1/v0.10.0
   source_code_uri: https://github.com/googleapis/google-api-ruby-client/tree/master/generated/google-apis-sts_v1
 post_install_message: 
 rdoc_options: []