swagger: "2.0"
info:
  title: the-gateway foo
  description: "Run auth through Google API Gateway."
  version: "1.0.0"
schemes:
  - "https"
produces:
  - application/json
x-google-backend:
  address: ${backend_url}
paths:
  "/":
    get:
      description: "Hello World."
      operationId: "helloWorld"
      responses:
        200:
          description: "Success."
          schema:
            type: string
  "/.well-known/jwks.json":
    get:
      description: "JWKS."
      operationId: "jwks"
      responses:
        200:
          description: "Success."
          schema:
            type: string
  "/some_protected_endpoint":
    get:
      description: "An endpoint that requires auth."
      operationId: "someProtectedEndpoint"
      security:
        - your_custom_auth_id: []
      responses:
        200:
          description: "Success."
          schema:
            type: string
  "/get_short_lived_token":
    get:
      description: "An endpoint that gives a short-lived JWT."
      operationId: "getShortLivedToken"
      security:
        - your_custom_auth_id: []
      responses:
        200:
          description: "Success."
          schema:
            type: string
securityDefinitions:
  your_custom_auth_id:
    authorizationUrl: ""
    flow: "implicit"
    type: "oauth2"
    # The value below should be unique
    x-google-issuer: "issuer of the token"
    x-google-jwks_uri: "${backend_url}/.well-known/jwks.json"
    x-google-audiences: "${client_id}"