jwtLocations property

List<JwtLocation> jwtLocations
final

Defines the locations to extract the JWT. For now it is only used by the Cloud Endpoints to store the OpenAPI extension x-google-jwt-locations (https://cloud.google.com/endpoints/docs/openapi/openapi-extensions#x-google-jwt-locations)

JWT locations can be one of HTTP headers, URL query parameters or cookies. The rule is that the first match wins.

If not specified, default to use following 3 locations:

  1. Authorization: Bearer
  2. x-goog-iap-jwt-assertion
  3. access_token query parameter

Default locations can be specified as followings: jwt_locations:

  • header: Authorization value_prefix: "Bearer "
  • header: x-goog-iap-jwt-assertion
  • query: access_token

Implementation

final List<JwtLocation> jwtLocations;