diff --git a/doc/k8s/swagger.yaml b/doc/k8s/swagger.yaml index c893987ab..082d9bc4d 100644 --- a/doc/k8s/swagger.yaml +++ b/doc/k8s/swagger.yaml @@ -65,12 +65,8 @@ paths: description: "Authenication info." schema: $ref: "#/definitions/authInfoResponse" - x-security: - - google_jwt: - audiences: - # This must match the "aud" field in the JWT. You can add multiple - # audiences to accept JWTs from multiple clients. - - "echo.endpoints.sample.google.com" + security: + - {google_jwt: [], api_key: []} "/auth/info/googleidtoken": get: description: "Returns the requests' authentication information." @@ -82,12 +78,8 @@ paths: description: "Authenication info." schema: $ref: "#/definitions/authInfoResponse" - x-security: - - google_id_token: - audiences: - # Your OAuth2 client's Client ID must be added here. You can add - # multiple client IDs to accept tokens from multiple clients. - - "YOUR-CLIENT-ID" + security: + - {google_id_token: [], api_key: []} definitions: echoMessage: properties: @@ -116,9 +108,13 @@ securityDefinitions: flow: "implicit" type: "oauth2" # This must match the 'iss' field in the JWT. - x-issuer: "jwt-client.endpoints.sample.google.com" + x-google-issuer: "jwt-client.endpoints.sample.google.com" # Update this with your service account's email address. - x-jwks_uri: "https://www.googleapis.com/service_accounts/v1/jwk/YOUR-SERVICE-ACCOUNT-EMAIL" + x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/jwk/YOUR-SERVICE-ACCOUNT-EMAIL" + x-google-audiences: + # This must match the "aud" field in the JWT. You can add multiple + # audiences to accept JWTs from multiple clients. + - "echo.endpoints.sample.google.com" # This section configures authentication using Google OAuth2 ID Tokens. # ID Tokens can be obtained using OAuth2 clients, and can be used to access # your API on behalf of a particular user. @@ -126,5 +122,9 @@ securityDefinitions: authorizationUrl: "" flow: "implicit" type: "oauth2" - x-issuer: "accounts.google.com" - x-jwks_uri: "https://www.googleapis.com/oauth2/v1/certs" + x-google-issuer: "accounts.google.com" + x-google-jwks_uri: "https://www.googleapis.com/oauth2/v1/certs" + x-google-audiences: + # Your OAuth2 client's Client ID must be added here. You can add + # multiple client IDs to accept tokens from multiple clients. + - "YOUR-CLIENT-ID" diff --git a/test/bookstore/swagger.json b/test/bookstore/swagger.json index f5f4ec66c..8241b6ec0 100644 --- a/test/bookstore/swagger.json +++ b/test/bookstore/swagger.json @@ -91,23 +91,18 @@ "description": "get message response" } }, - "x-security": [ + "security": [ { - "test_jwk": { - "audiences":[] - } + "test_jwk": [], + "api_key": [] }, { - "test_x509": { - "audiences":[] - } + "test_x509": [], + "api_key": [] }, { - "test_symmetric": { - "audiences": [ - "test.echo.audience" - ] - } + "test_symmetric": [], + "api_key": [] } ] }, @@ -122,23 +117,18 @@ "description": "post message response" } }, - "x-security": [ + "security": [ { - "test_jwk": { - "audiences":[] - } + "test_jwk": [], + "api_key": [] }, { - "test_x509": { - "audiences":[] - } + "test_x509": [], + "api_key": [] }, { - "test_symmetric": { - "audiences": [ - "test.echo.audience" - ] - } + "test_symmetric": [], + "api_key": [] } ] } @@ -185,52 +175,34 @@ } } }, - "x-security": [ - { - "google_id_token": { - "audiences": [ - "848149964201.apps.googleusercontent.com", - "841077041629.apps.googleusercontent.com", - "488010225785-g97tab3t7jdj51fr8vbqvmh4bfic3g5k.apps.googleusercontent.com", - "488010225785-qvp4qbiak296t4afcej35dh4maoufmhc.apps.googleusercontent.com" - ] - } + "security": [ + { + "google_id_token": [], + "api_key": [] }, { - "google_identity_toolkit": { - "audiences": [] - } + "google_identity_toolkit": [], + "api_key": [] }, { - "auth0_symmetric": { - "audiences": [ - "sI0N2qOcfYoizZtstfnkEbsUWt6bluT0" - ] - } + "auth0_symmetric": [], + "api_key": [] }, { - "auth0_jwk": { - "audiences": [ - "Uuts8fJWf1yieO9Ocv0Uk6LBqsUTePQq" - ] - } + "auth0_jwk": [], + "api_key": [] }, { - "test_jwk": { - "audiences": [] - } + "test_jwk": [], + "api_key": [] }, { - "test_x509": { - "audiences": [] - } + "test_x509": [], + "api_key": [] }, { - "test_symmetric": { - "audiences": [ - "test.esp.audience" - ] - } + "test_symmetric": [], + "api_key": [] } ] } @@ -260,55 +232,27 @@ } } }, - "security": [], - "x-security": [ - { - "google_id_token": { - "audiences": [ - "848149964201.apps.googleusercontent.com", - "841077041629.apps.googleusercontent.com", - "488010225785-g97tab3t7jdj51fr8vbqvmh4bfic3g5k.apps.googleusercontent.com", - "488010225785-qvp4qbiak296t4afcej35dh4maoufmhc.apps.googleusercontent.com" - ] - } + "security": [ + { + "google_id_token": [] }, { - "google_identity_toolkit": { - "audiences": [ - "esp-test-client" - ] - } + "google_identity_toolkit": [] }, { - "auth0_symmetric": { - "audiences": [ - "sI0N2qOcfYoizZtstfnkEbsUWt6bluT0" - ] - } + "auth0_symmetric": [] }, { - "auth0_jwk": { - "audiences": [ - "Uuts8fJWf1yieO9Ocv0Uk6LBqsUTePQq" - ] - } + "auth0_jwk": [] }, { - "test_jwk": { - "audiences": [] - } + "test_jwk": [] }, { - "test_x509": { - "audiences": [] - } + "test_x509": [] }, { - "test_symmetric": { - "audiences": [ - "test.esp.audience" - ] - } + "test_symmetric": [] } ] }, @@ -426,54 +370,34 @@ } } }, - "x-security": [ - { - "google_id_token": { - "audiences": [ - "848149964201.apps.googleusercontent.com", - "841077041629.apps.googleusercontent.com", - "488010225785-g97tab3t7jdj51fr8vbqvmh4bfic3g5k.apps.googleusercontent.com", - "488010225785-qvp4qbiak296t4afcej35dh4maoufmhc.apps.googleusercontent.com" - ] - } + "security": [ + { + "google_id_token": [], + "api_key": [] }, { - "google_identity_toolkit": { - "audiences": [ - "esp-test-client" - ] - } + "google_identity_toolkit": [], + "api_key": [] }, { - "auth0_symmetric": { - "audiences": [ - "sI0N2qOcfYoizZtstfnkEbsUWt6bluT0" - ] - } + "auth0_symmetric": [], + "api_key": [] }, { - "auth0_jwk": { - "audiences": [ - "Uuts8fJWf1yieO9Ocv0Uk6LBqsUTePQq" - ] - } + "auth0_jwk": [], + "api_key": [] }, { - "test_jwk": { - "audiences": [] - } + "test_jwk": [], + "api_key": [] }, { - "test_x509": { - "audiences": [] - } + "test_x509": [], + "api_key": [] }, { - "test_symmetric": { - "audiences": [ - "test.esp.audience" - ] - } + "test_symmetric": [], + "api_key": [] } ] }, @@ -608,50 +532,55 @@ "authorizationUrl": "https://esp-jwk.auth0.com/authorize", "flow": "implicit", "type": "oauth2", - "x-issuer": "https://esp-jwk.auth0.com/", - "x-jwks_uri": "https://esp-jwk.auth0.com/.well-known/jwks.json" + "x-google-issuer": "https://esp-jwk.auth0.com/", + "x-google-jwks_uri": "https://esp-jwk.auth0.com/.well-known/jwks.json", + "x-google-audiences": "Uuts8fJWf1yieO9Ocv0Uk6LBqsUTePQq" }, "auth0_symmetric": { "authorizationUrl": "https://esp-symmetric.auth0.com/authorize", "flow": "implicit", "type": "oauth2", - "x-issuer": "https://esp-symmetric.auth0.com/", - "x-jwks_uri": "http://169.254.169.254/computeMetadata/v1/project/attributes/auth-key-https_esp-symmetric_auth0_com" + "x-google-issuer": "https://esp-symmetric.auth0.com/", + "x-google-jwks_uri": "http://169.254.169.254/computeMetadata/v1/project/attributes/auth-key-https_esp-symmetric_auth0_com", + "x-google-audiences" : "sI0N2qOcfYoizZtstfnkEbsUWt6bluT0" }, "google_id_token": { "authorizationUrl": "", "flow": "implicit", "type": "oauth2", - "x-issuer": "https://accounts.google.com", - "x-jwks_uri": "https://www.googleapis.com/oauth2/v1/certs" + "x-google-issuer": "https://accounts.google.com", + "x-google-jwks_uri": "https://www.googleapis.com/oauth2/v1/certs", + "x-google-audiences": "848149964201.apps.googleusercontent.com, 841077041629.apps.googleusercontent.com, 488010225785-g97tab3t7jdj51fr8vbqvmh4bfic3g5k.apps.googleusercontent.com, 488010225785-qvp4qbiak296t4afcej35dh4maoufmhc.apps.googleusercontent.com" }, "google_identity_toolkit": { "authorizationUrl": "", "flow": "implicit", "type": "oauth2", - "x-issuer": "https://securetoken.google.com", - "x-jwks_uri": "https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com" + "x-google-issuer": "https://securetoken.google.com", + "x-google-jwks_uri": "https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com", + "x-google-audiences": "esp-test-client" }, "test_jwk": { "authorizationUrl": "", "flow": "implicit", "type": "oauth2", - "x-issuer": "loadtest@esp-test-client.iam.gserviceaccount.com", - "x-jwks_uri": "https://www.googleapis.com/service_accounts/v1/jwk/loadtest@esp-test-client.iam.gserviceaccount.com" + "x-google-issuer": "loadtest@esp-test-client.iam.gserviceaccount.com", + "x-google-jwks_uri": "https://www.googleapis.com/service_accounts/v1/jwk/loadtest@esp-test-client.iam.gserviceaccount.com" }, "test_symmetric": { "authorizationUrl": "", "flow": "implicit", "type": "oauth2", - "x-issuer": "https://test.esp.client", - "x-jwks_uri": "http://169.254.169.254/computeMetadata/v1/project/attributes/auth-key-test_esp_client" + "x-google-issuer": "https://test.esp.client", + "x-google-jwks_uri": "http://169.254.169.254/computeMetadata/v1/project/attributes/auth-key-test_esp_client", + "x-google-audiences": "test.echo.audience, test.esp.audience" }, "test_x509": { "authorizationUrl": "", "flow": "implicit", "type": "oauth2", - "x-issuer": "23028304136-fbju1j1cdfpc5q9q6s23gm56trn0c9ti@developer.gserviceaccount.com", - "x-jwks_uri": "https://www.googleapis.com/service_accounts/v1/metadata/x509/23028304136-fbju1j1cdfpc5q9q6s23gm56trn0c9ti@developer.gserviceaccount.com" + "x-google-issuer": "23028304136-fbju1j1cdfpc5q9q6s23gm56trn0c9ti@developer.gserviceaccount.com", + "x-google-jwks_uri": "https://www.googleapis.com/service_accounts/v1/metadata/x509/23028304136-fbju1j1cdfpc5q9q6s23gm56trn0c9ti@developer.gserviceaccount.com" } } } diff --git a/test/bookstore/swagger_template.json b/test/bookstore/swagger_template.json index 95213693b..2fc63b4e1 100644 --- a/test/bookstore/swagger_template.json +++ b/test/bookstore/swagger_template.json @@ -91,23 +91,18 @@ "description": "get message response" } }, - "x-security": [ + "security": [ { - "test_jwk": { - "audiences":[] - } + "test_jwk": [], + "api_key": [] }, { - "test_x509": { - "audiences":[] - } + "test_x509": [], + "api_key": [] }, { - "test_symmetric": { - "audiences": [ - "test.echo.audience" - ] - } + "test_symmetric": [], + "api_key": [] } ] }, @@ -122,23 +117,18 @@ "description": "post message response" } }, - "x-security": [ + "security": [ { - "test_jwk": { - "audiences":[] - } + "test_jwk": [], + "api_key": [] }, { - "test_x509": { - "audiences":[] - } + "test_x509": [], + "api_key": [] }, { - "test_symmetric": { - "audiences": [ - "test.echo.audience" - ] - } + "test_symmetric": [], + "api_key": [] } ] } @@ -185,52 +175,34 @@ } } }, - "x-security": [ - { - "google_id_token": { - "audiences": [ - "848149964201.apps.googleusercontent.com", - "841077041629.apps.googleusercontent.com", - "488010225785-g97tab3t7jdj51fr8vbqvmh4bfic3g5k.apps.googleusercontent.com", - "488010225785-qvp4qbiak296t4afcej35dh4maoufmhc.apps.googleusercontent.com" - ] - } + "security": [ + { + "google_id_token": [], + "api_key": [] }, { - "google_identity_toolkit": { - "audiences": [] - } + "google_identity_toolkit": [], + "api_key": [] }, { - "auth0_symmetric": { - "audiences": [ - "sI0N2qOcfYoizZtstfnkEbsUWt6bluT0" - ] - } + "auth0_symmetric": [], + "api_key": [] }, { - "auth0_jwk": { - "audiences": [ - "Uuts8fJWf1yieO9Ocv0Uk6LBqsUTePQq" - ] - } + "auth0_jwk": [], + "api_key": [] }, { - "test_jwk": { - "audiences": [] - } + "test_jwk": [], + "api_key": [] }, { - "test_x509": { - "audiences": [] - } + "test_x509": [], + "api_key": [] }, { - "test_symmetric": { - "audiences": [ - "test.esp.audience" - ] - } + "test_symmetric": [], + "api_key": [] } ] } @@ -260,55 +232,27 @@ } } }, - "security": [], - "x-security": [ - { - "google_id_token": { - "audiences": [ - "848149964201.apps.googleusercontent.com", - "841077041629.apps.googleusercontent.com", - "488010225785-g97tab3t7jdj51fr8vbqvmh4bfic3g5k.apps.googleusercontent.com", - "488010225785-qvp4qbiak296t4afcej35dh4maoufmhc.apps.googleusercontent.com" - ] - } + "security": [ + { + "google_id_token": [] }, { - "google_identity_toolkit": { - "audiences": [ - "esp-test-client" - ] - } + "google_identity_toolkit": [] }, { - "auth0_symmetric": { - "audiences": [ - "sI0N2qOcfYoizZtstfnkEbsUWt6bluT0" - ] - } + "auth0_symmetric": [] }, { - "auth0_jwk": { - "audiences": [ - "Uuts8fJWf1yieO9Ocv0Uk6LBqsUTePQq" - ] - } + "auth0_jwk": [] }, { - "test_jwk": { - "audiences": [] - } + "test_jwk": [] }, { - "test_x509": { - "audiences": [] - } + "test_x509": [] }, { - "test_symmetric": { - "audiences": [ - "test.esp.audience" - ] - } + "test_symmetric": [] } ] }, @@ -426,54 +370,34 @@ } } }, - "x-security": [ - { - "google_id_token": { - "audiences": [ - "848149964201.apps.googleusercontent.com", - "841077041629.apps.googleusercontent.com", - "488010225785-g97tab3t7jdj51fr8vbqvmh4bfic3g5k.apps.googleusercontent.com", - "488010225785-qvp4qbiak296t4afcej35dh4maoufmhc.apps.googleusercontent.com" - ] - } + "security": [ + { + "google_id_token": [], + "api_key": [] }, { - "google_identity_toolkit": { - "audiences": [ - "esp-test-client" - ] - } + "google_identity_toolkit": [], + "api_key": [] }, { - "auth0_symmetric": { - "audiences": [ - "sI0N2qOcfYoizZtstfnkEbsUWt6bluT0" - ] - } + "auth0_symmetric": [], + "api_key": [] }, { - "auth0_jwk": { - "audiences": [ - "Uuts8fJWf1yieO9Ocv0Uk6LBqsUTePQq" - ] - } + "auth0_jwk": [], + "api_key": [] }, { - "test_jwk": { - "audiences": [] - } + "test_jwk": [], + "api_key": [] }, { - "test_x509": { - "audiences": [] - } + "test_x509": [], + "api_key": [] }, { - "test_symmetric": { - "audiences": [ - "test.esp.audience" - ] - } + "test_symmetric": [], + "api_key": [] } ] }, @@ -608,50 +532,55 @@ "authorizationUrl": "https://esp-jwk.auth0.com/authorize", "flow": "implicit", "type": "oauth2", - "x-issuer": "https://esp-jwk.auth0.com/", - "x-jwks_uri": "https://esp-jwk.auth0.com/.well-known/jwks.json" + "x-google-issuer": "https://esp-jwk.auth0.com/", + "x-google-jwks_uri": "https://esp-jwk.auth0.com/.well-known/jwks.json", + "x-google-audiences": "Uuts8fJWf1yieO9Ocv0Uk6LBqsUTePQq" }, "auth0_symmetric": { "authorizationUrl": "https://esp-symmetric.auth0.com/authorize", "flow": "implicit", "type": "oauth2", - "x-issuer": "https://esp-symmetric.auth0.com/", - "x-jwks_uri": "http://169.254.169.254/computeMetadata/v1/project/attributes/auth-key-https_esp-symmetric_auth0_com" + "x-google-issuer": "https://esp-symmetric.auth0.com/", + "x-google-jwks_uri": "http://169.254.169.254/computeMetadata/v1/project/attributes/auth-key-https_esp-symmetric_auth0_com", + "x-google-audiences": "sI0N2qOcfYoizZtstfnkEbsUWt6bluT0" }, "google_id_token": { "authorizationUrl": "", "flow": "implicit", "type": "oauth2", - "x-issuer": "https://accounts.google.com", - "x-jwks_uri": "https://www.googleapis.com/oauth2/v1/certs" + "x-google-issuer": "https://accounts.google.com", + "x-google-jwks_uri": "https://www.googleapis.com/oauth2/v1/certs", + "x-google-audiences": "848149964201.apps.googleusercontent.com, 841077041629.apps.googleusercontent.com, 488010225785-g97tab3t7jdj51fr8vbqvmh4bfic3g5k.apps.googleusercontent.com, 488010225785-qvp4qbiak296t4afcej35dh4maoufmhc.apps.googleusercontent.com" }, "google_identity_toolkit": { "authorizationUrl": "", "flow": "implicit", "type": "oauth2", - "x-issuer": "https://securetoken.google.com", - "x-jwks_uri": "https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com" + "x-google-issuer": "https://securetoken.google.com", + "x-google-jwks_uri": "https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com", + "x-google-audiences": "esp-test-client" }, "test_jwk": { "authorizationUrl": "", "flow": "implicit", "type": "oauth2", - "x-issuer": "loadtest@esp-test-client.iam.gserviceaccount.com", - "x-jwks_uri": "https://www.googleapis.com/service_accounts/v1/jwk/loadtest@esp-test-client.iam.gserviceaccount.com" + "x-google-issuer": "loadtest@esp-test-client.iam.gserviceaccount.com", + "x-google-jwks_uri": "https://www.googleapis.com/service_accounts/v1/jwk/loadtest@esp-test-client.iam.gserviceaccount.com" }, "test_symmetric": { "authorizationUrl": "", "flow": "implicit", "type": "oauth2", - "x-issuer": "https://test.esp.client", - "x-jwks_uri": "http://169.254.169.254/computeMetadata/v1/project/attributes/auth-key-test_esp_client" + "x-google-issuer": "https://test.esp.client", + "x-google-jwks_uri": "http://169.254.169.254/computeMetadata/v1/project/attributes/auth-key-test_esp_client", + "x-google-audiences": "test.echo.audience, test.esp.audience" }, "test_x509": { "authorizationUrl": "", "flow": "implicit", "type": "oauth2", - "x-issuer": "23028304136-fbju1j1cdfpc5q9q6s23gm56trn0c9ti@developer.gserviceaccount.com", - "x-jwks_uri": "https://www.googleapis.com/service_accounts/v1/metadata/x509/23028304136-fbju1j1cdfpc5q9q6s23gm56trn0c9ti@developer.gserviceaccount.com" + "x-google-issuer": "23028304136-fbju1j1cdfpc5q9q6s23gm56trn0c9ti@developer.gserviceaccount.com", + "x-google-jwks_uri": "https://www.googleapis.com/service_accounts/v1/metadata/x509/23028304136-fbju1j1cdfpc5q9q6s23gm56trn0c9ti@developer.gserviceaccount.com" } } } diff --git a/test/echo/echo.json b/test/echo/echo.json index 1bcf5e4e3..3cbe6ff73 100644 --- a/test/echo/echo.json +++ b/test/echo/echo.json @@ -16,22 +16,23 @@ "type": "oauth2", "authorizationUrl": "", "flow": "implicit", - "x-issuer": "loadtest@esp-test-client.iam.gserviceaccount.com", - "x-jwks_uri": "https://www.googleapis.com/service_accounts/v1/jwk/loadtest@esp-test-client.iam.gserviceaccount.com" + "x-google-issuer": "loadtest@esp-test-client.iam.gserviceaccount.com", + "x-google-jwks_uri": "https://www.googleapis.com/service_accounts/v1/jwk/loadtest@esp-test-client.iam.gserviceaccount.com" }, "test_x509": { "type": "oauth2", "authorizationUrl": "", "flow": "implicit", - "x-issuer": "account-1@esp-echo.iam.gserviceaccount.com", - "x-jwks_uri": "https://www.googleapis.com/service_accounts/v1/metadata/x509/account-1@esp-echo.iam.gserviceaccount.com" + "x-google-issuer": "account-1@esp-echo.iam.gserviceaccount.com", + "x-google-jwks_uri": "https://www.googleapis.com/service_accounts/v1/metadata/x509/account-1@esp-echo.iam.gserviceaccount.com" }, "test_symmetric": { "type": "oauth2", "authorizationUrl": "", "flow": "implicit", - "x-issuer": "https://test.echo.client", - "x-jwks_uri": "http://169.254.169.254/computeMetadata/v1/project/attributes/auth-key-test_echo_client" + "x-google-issuer": "https://test.echo.client", + "x-google-jwks_uri": "http://169.254.169.254/computeMetadata/v1/project/attributes/auth-key-test_echo_client", + "x-google-audiences": "test.echo.audience" } }, "security": [ @@ -124,23 +125,18 @@ "description": "get message response" } }, - "x-security": [ + "security": [ { - "test_jwk": { - "audiences":[] - } + "test_jwk": [], + "api_key": [] }, { - "test_x509": { - "audiences":[] - } + "test_x509": [], + "api_key": [] }, { - "test_symmetric": { - "audiences": [ - "test.echo.audience" - ] - } + "test_symmetric": [], + "api_key": [] } ] }, @@ -155,23 +151,18 @@ "description": "post message response" } }, - "x-security": [ + "security": [ { - "test_jwk": { - "audiences":[] - } + "test_jwk": [], + "api_key": [] }, { - "test_x509": { - "audiences":[] - } + "test_x509": [], + "api_key": [] }, { - "test_symmetric": { - "audiences": [ - "test.echo.audience" - ] - } + "test_symmetric": [], + "api_key": [] } ] } diff --git a/test/echo/swagger.json b/test/echo/swagger.json index 8bb863fae..f66c42522 100644 --- a/test/echo/swagger.json +++ b/test/echo/swagger.json @@ -91,13 +91,10 @@ "description": "get message response" } }, - "x-security": [ + "security": [ { - "test_jwk": { - "audiences": [ - "echo-${MY_PROJECT_ID}.appspot.com" - ] - } + "test_jwk": [], + "api_key": [] } ] }, @@ -112,13 +109,10 @@ "description": "post message response" } }, - "x-security": [ + "security": [ { - "test_jwk": { - "audiences":[ - "echo-${MY_PROJECT_ID}.appspot.com" - ] - } + "test_jwk": [], + "api_key": [] } ] } @@ -169,8 +163,9 @@ "authorizationUrl": "", "flow": "implicit", "type": "oauth2", - "x-issuer": "loadtest@esp-test-client.iam.gserviceaccount.com", - "x-jwks_uri": "https://www.googleapis.com/service_accounts/v1/jwk/loadtest@esp-test-client.iam.gserviceaccount.com" + "x-google-issuer": "loadtest@esp-test-client.iam.gserviceaccount.com", + "x-google-jwks_uri": "https://www.googleapis.com/service_accounts/v1/jwk/loadtest@esp-test-client.iam.gserviceaccount.com", + "x-google-audiences": "echo-${MY_PROJECT_ID}.appspot.com" } } } diff --git a/tools/src/deploy/example/bookstore_swagger_template.json b/tools/src/deploy/example/bookstore_swagger_template.json index 0577999f4..a36453ead 100644 --- a/tools/src/deploy/example/bookstore_swagger_template.json +++ b/tools/src/deploy/example/bookstore_swagger_template.json @@ -91,23 +91,18 @@ "description": "get message response" } }, - "x-security": [ + "security": [ { - "test_jwk": { - "audiences":[] - } + "test_jwk": [], + "api_key": [] }, { - "test_x509": { - "audiences":[] - } + "test_x509": [], + "api_key": [] }, { - "test_symmetric": { - "audiences": [ - "test.echo.audience" - ] - } + "test_symmetric": [], + "api_key": [] } ] }, @@ -122,23 +117,18 @@ "description": "post message response" } }, - "x-security": [ + "security": [ { - "test_jwk": { - "audiences":[] - } + "test_jwk": [], + "api_key": [] }, { - "test_x509": { - "audiences":[] - } + "test_x509": [], + "api_key": [] }, { - "test_symmetric": { - "audiences": [ - "test.echo.audience" - ] - } + "test_symmetric": [], + "api_key": [] } ] } @@ -185,52 +175,34 @@ } } }, - "x-security": [ - { - "google_id_token": { - "audiences": [ - "848149964201.apps.googleusercontent.com", - "841077041629.apps.googleusercontent.com", - "488010225785-g97tab3t7jdj51fr8vbqvmh4bfic3g5k.apps.googleusercontent.com", - "488010225785-qvp4qbiak296t4afcej35dh4maoufmhc.apps.googleusercontent.com" - ] - } + "security": [ + { + "google_id_token": [], + "api_key": [] }, { - "google_identity_toolkit": { - "audiences": [] - } + "google_identity_toolkit": [], + "api_key": [] }, { - "auth0_symmetric": { - "audiences": [ - "sI0N2qOcfYoizZtstfnkEbsUWt6bluT0" - ] - } + "auth0_symmetric": [], + "api_key": [] }, { - "auth0_jwk": { - "audiences": [ - "Uuts8fJWf1yieO9Ocv0Uk6LBqsUTePQq" - ] - } + "auth0_jwk": [], + "api_key": [] }, { - "test_jwk": { - "audiences": [] - } + "test_jwk": [], + "api_key": [] }, { - "test_x509": { - "audiences": [] - } + "test_x509": [], + "api_key": [] }, { - "test_symmetric": { - "audiences": [ - "test.esp.audience" - ] - } + "test_symmetric": [], + "api_key": [] } ] } @@ -260,55 +232,27 @@ } } }, - "security": [], - "x-security": [ - { - "google_id_token": { - "audiences": [ - "848149964201.apps.googleusercontent.com", - "841077041629.apps.googleusercontent.com", - "488010225785-g97tab3t7jdj51fr8vbqvmh4bfic3g5k.apps.googleusercontent.com", - "488010225785-qvp4qbiak296t4afcej35dh4maoufmhc.apps.googleusercontent.com" - ] - } + "security": [ + { + "google_id_token": [] }, { - "google_identity_toolkit": { - "audiences": [ - "esp-test-client" - ] - } + "google_identity_toolkit": [] }, { - "auth0_symmetric": { - "audiences": [ - "sI0N2qOcfYoizZtstfnkEbsUWt6bluT0" - ] - } + "auth0_symmetric": [] }, { - "auth0_jwk": { - "audiences": [ - "Uuts8fJWf1yieO9Ocv0Uk6LBqsUTePQq" - ] - } + "auth0_jwk": [] }, { - "test_jwk": { - "audiences": [] - } + "test_jwk": [] }, { - "test_x509": { - "audiences": [] - } + "test_x509": [] }, { - "test_symmetric": { - "audiences": [ - "test.esp.audience" - ] - } + "test_symmetric": [] } ] }, @@ -426,54 +370,30 @@ } } }, - "x-security": [ - { - "google_id_token": { - "audiences": [ - "848149964201.apps.googleusercontent.com", - "841077041629.apps.googleusercontent.com", - "488010225785-g97tab3t7jdj51fr8vbqvmh4bfic3g5k.apps.googleusercontent.com", - "488010225785-qvp4qbiak296t4afcej35dh4maoufmhc.apps.googleusercontent.com" - ] - } + "security": [ + { + "google_id_token": [] }, { - "google_identity_toolkit": { - "audiences": [ - "esp-test-client" - ] - } + "google_identity_toolkit": [] }, { - "auth0_symmetric": { - "audiences": [ - "sI0N2qOcfYoizZtstfnkEbsUWt6bluT0" - ] - } + "auth0_symmetric": [] }, { - "auth0_jwk": { - "audiences": [ - "Uuts8fJWf1yieO9Ocv0Uk6LBqsUTePQq" - ] - } + "auth0_jwk": [] }, { - "test_jwk": { - "audiences": [] - } + "test_jwk": [] }, { - "test_x509": { - "audiences": [] - } + "test_x509": [] }, { - "test_symmetric": { - "audiences": [ - "test.esp.audience" - ] - } + "test_symmetric": [] + }, + { + "api_key": [] } ] }, @@ -608,50 +528,56 @@ "authorizationUrl": "https://esp-jwk.auth0.com/authorize", "flow": "implicit", "type": "oauth2", - "x-issuer": "https://esp-jwk.auth0.com/", - "x-jwks_uri": "https://esp-jwk.auth0.com/.well-known/jwks.json" + "x-google-issuer": "https://esp-jwk.auth0.com/", + "x-google-jwks_uri": "https://esp-jwk.auth0.com/.well-known/jwks.json", + "x-google-audiences": "Uuts8fJWf1yieO9Ocv0Uk6LBqsUTePQq" }, "auth0_symmetric": { "authorizationUrl": "https://esp-symmetric.auth0.com/authorize", "flow": "implicit", "type": "oauth2", - "x-issuer": "https://esp-symmetric.auth0.com/", - "x-jwks_uri": "http://169.254.169.254/computeMetadata/v1/project/attributes/auth-key-https_esp-symmetric_auth0_com" + "x-google-issuer": "https://esp-symmetric.auth0.com/", + "x-google-jwks_uri": "http://169.254.169.254/computeMetadata/v1/project/attributes/auth-key-https_esp-symmetric_auth0_com", + "x-google-audiences": "sI0N2qOcfYoizZtstfnkEbsUWt6bluT0" }, "google_id_token": { "authorizationUrl": "", "flow": "implicit", "type": "oauth2", - "x-issuer": "https://accounts.google.com", - "x-jwks_uri": "https://www.googleapis.com/oauth2/v1/certs" + "x-google-issuer": "https://accounts.google.com", + "x-google-jwks_uri": "https://www.googleapis.com/oauth2/v1/certs", + "x-google-audiences": "848149964201.apps.googleusercontent.com, 841077041629.apps.googleusercontent.com, 488010225785-g97tab3t7jdj51fr8vbqvmh4bfic3g5k.apps.googleusercontent.com, 488010225785-qvp4qbiak296t4afcej35dh4maoufmhc.apps.googleusercontent.com" + }, "google_identity_toolkit": { "authorizationUrl": "", "flow": "implicit", "type": "oauth2", - "x-issuer": "https://securetoken.google.com", - "x-jwks_uri": "https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com" + "x-google-issuer": "https://securetoken.google.com", + "x-google-jwks_uri": "https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com", + "x-google-audiences": "esp-test-client" }, "test_jwk": { "authorizationUrl": "", "flow": "implicit", "type": "oauth2", - "x-issuer": "loadtest@esp-test-client.iam.gserviceaccount.com", - "x-jwks_uri": "https://www.googleapis.com/service_accounts/v1/jwk/loadtest@esp-test-client.iam.gserviceaccount.com" + "x-google-issuer": "loadtest@esp-test-client.iam.gserviceaccount.com", + "x-google-jwks_uri": "https://www.googleapis.com/service_accounts/v1/jwk/loadtest@esp-test-client.iam.gserviceaccount.com" }, "test_symmetric": { "authorizationUrl": "", "flow": "implicit", "type": "oauth2", - "x-issuer": "https://test.esp.client", - "x-jwks_uri": "http://169.254.169.254/computeMetadata/v1/project/attributes/auth-key-test_esp_client" + "x-google-issuer": "https://test.esp.client", + "x-google-jwks_uri": "http://169.254.169.254/computeMetadata/v1/project/attributes/auth-key-test_esp_client", + "x-google-audiences": "test.echo.audience, test.esp.audience" }, "test_x509": { "authorizationUrl": "", "flow": "implicit", "type": "oauth2", - "x-issuer": "23028304136-fbju1j1cdfpc5q9q6s23gm56trn0c9ti@developer.gserviceaccount.com", - "x-jwks_uri": "https://www.googleapis.com/service_accounts/v1/metadata/x509/23028304136-fbju1j1cdfpc5q9q6s23gm56trn0c9ti@developer.gserviceaccount.com" + "x-google-issuer": "23028304136-fbju1j1cdfpc5q9q6s23gm56trn0c9ti@developer.gserviceaccount.com", + "x-google-jwks_uri": "https://www.googleapis.com/service_accounts/v1/metadata/x509/23028304136-fbju1j1cdfpc5q9q6s23gm56trn0c9ti@developer.gserviceaccount.com" } } }