1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
|
syntax = "proto3";
package yandex.cloud.oauth;
import "yandex/cloud/validation.proto";
option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/oauth;oauth";
option java_package = "yandex.cloud.api.oauth.v1";
// Claims representation, see https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims for details.
message SubjectClaims {
reserved 8;
reserved 10;
reserved 12 to 14;
reserved 18 to 98;
reserved 5 to 6;
// Subject - Identifier for the End-User at the Issuer.
string sub = 1 [
(required) = true,
(length) = "<=50"
];
// End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.
string name = 2;
// Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.
string given_name = 3;
// Surname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.
string family_name = 4;
// Shorthand name by which the End-User wishes to be referred to at the RP, such as janedoe or j.doe.
// This value MAY be any valid JSON string including special characters such as @, /, or whitespace. The RP MUST NOT rely upon this value being unique, as discussed in Section 5.7.
string preferred_username = 7;
// URL of the End-User's profile picture. This URL MUST refer to an image file (for example, a PNG, JPEG, or GIF image file),
// rather than to a Web page containing an image. Note that this URL SHOULD specifically reference a profile photo of the End-User suitable for displaying when describing the End-User, rather than an arbitrary photo taken by the End-User.
string picture = 9;
// End-User's preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax.
// The RP MUST NOT rely upon this value being unique, as discussed in Section 5.7.
string email = 11;
// String from zoneinfo [zoneinfo] time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles.
string zoneinfo = 15;
// End-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639-1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166-1] country code in uppercase, separated by a dash.
// For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Relying Parties MAY choose to accept this locale syntax as well.
string locale = 16;
// End-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400.
// If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234;ext=5678.
string phone_number = 17;
// Subject type.
SubjectType sub_type = 99;
// User federation, non-empty only for federated users.
Federation federation = 100;
}
// Minimalistic analog of yandex.cloud.organizationmanager.v1.saml.Federation
message Federation {
reserved 2;
// ID of the federation.
string id = 1 [
(required) = true,
(length) = "<=50"
];
// Name of the federation. The name is unique within the cloud or organization
string name = 3;
}
enum SubjectType {
SUBJECT_TYPE_UNSPECIFIED = 0;
USER_ACCOUNT = 1;
SERVICE_ACCOUNT = 2;
GROUP = 3;
INVITEE = 4;
}
|