diff --git a/endpoints/getting-started/README.md b/endpoints/getting-started/README.md index e57379e97d..9adf85dad4 100644 --- a/endpoints/getting-started/README.md +++ b/endpoints/getting-started/README.md @@ -61,7 +61,7 @@ The JWT client demonstrates how to use service accounts to authenticate to endpo To use the service account for authentication: -1. Update the `google_jwt`'s `x-jwks_uri` in `openapi.yaml` with your service account's email address. +1. Update the `google_jwt`'s `x-google-jwks_uri` in `openapi.yaml` with your service account's email address. 2. Redeploy your application. Now you can use the JWT client to make requests to the API: @@ -79,7 +79,7 @@ The ID Token client demonstrates how to use user credentials to authenticate to To use the client ID for authentication: -1. Update the `/auth/info/googleidtoken`'s `audiences` in `openapi.yaml` with your client ID. +1. Update `google_id_token: x-google-audiences` in `openapi.yaml` with your client ID. 2. Redeploy your application. Now you can use the client ID to make requests to the API: diff --git a/endpoints/getting-started/openapi.yaml b/endpoints/getting-started/openapi.yaml index 636c3d7bb8..7d66af2454 100644 --- a/endpoints/getting-started/openapi.yaml +++ b/endpoints/getting-started/openapi.yaml @@ -45,12 +45,8 @@ paths: description: "Authenication info." schema: $ref: "#/definitions/authInfoResponse" - x-security: - - google_jwt: - audiences: - # This must match the "aud" field in the JWT. You can add multiple - # audiences to accept JWTs from multiple clients. - - "echo.endpoints.sample.google.com" + security: + - google_jwt: [] "/auth/info/googleidtoken": get: description: "Returns the requests' authentication information." @@ -62,12 +58,8 @@ paths: description: "Authenication info." schema: $ref: "#/definitions/authInfoResponse" - x-security: - - google_id_token: - audiences: - # Your OAuth2 client's Client ID must be added here. You can add - # multiple client IDs to accept tokens from multiple clients. - - "YOUR-CLIENT-ID" + security: + - google_id_token: [] definitions: echoMessage: @@ -98,6 +90,9 @@ securityDefinitions: x-google-issuer: "jwt-client.endpoints.sample.google.com" # Update this with your service account's email address. x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/jwk/YOUR-SERVICE-ACCOUNT-EMAIL" + # This must match the "aud" field in the JWT. You can add multiple + # audiences to accept JWTs from multiple clients. + x-google-audiences: "echo.endpoints.sample.google.com" # This section configures authentication using Google OAuth2 ID Tokens. # ID Tokens can be obtained using OAuth2 clients, and can be used to access # your API on behalf of a particular user. @@ -106,4 +101,7 @@ securityDefinitions: flow: "implicit" type: "oauth2" x-google-issuer: "https://accounts.google.com/" - x-google-jwks_uri: "https://www.googleapis.com/oauth2/v1/certs" + x-google-jwks_uri: "https://www.googleapis.com/oauth2/v3/certs" + # Your OAuth2 client's Client ID must be added here. You can add + # multiple client IDs to accept tokens from multiple clients. + x-google-audiences: "YOUR-CLIENT-ID"