public sealed class AttachedOidcConfig : IMessage<AttachedOidcConfig>, IEquatable<AttachedOidcConfig>, IDeepCloneable<AttachedOidcConfig>, IBufferMessage, IMessage
Reference documentation and code samples for the Anthos Multi-Cloud v1 API class AttachedOidcConfig.
OIDC discovery information of the target cluster.
Kubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster
API server. This fields indicates how Google Cloud Platform services
validate KSA tokens in order to allow system workloads (such as GKE Connect
and telemetry agents) to authenticate back to Google Cloud Platform.
Both clusters with public and private issuer URLs are supported.
Clusters with public issuers only need to specify the issuer_url field
while clusters with private issuers need to provide both
issuer_url and oidc_jwks.
Optional. OIDC verification keys in JWKS format (RFC 7517).
It contains a list of OIDC verification keys that can be used to verify
OIDC JWTs.
This field is required for cluster that doesn't have a publicly available
discovery endpoint. When provided, it will be directly used
to verify the OIDC JWT asserted by the IDP.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThis webpage provides documentation for the \u003ccode\u003eAttachedOidcConfig\u003c/code\u003e class within the Google Cloud GKE Multi-Cloud v1 API, with version 2.8.0 being the latest release.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eAttachedOidcConfig\u003c/code\u003e class is used to manage OIDC discovery information for target clusters, helping Google Cloud Platform services to validate Kubernetes Service Account (KSA) tokens.\u003c/p\u003e\n"],["\u003cp\u003eThe class supports both public and private issuer URLs, with clusters that are public needing only the \u003ccode\u003eissuer_url\u003c/code\u003e, and private requiring both \u003ccode\u003eissuer_url\u003c/code\u003e and \u003ccode\u003eoidc_jwks\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eKey properties of the class include \u003ccode\u003eIssuerUrl\u003c/code\u003e, which is a required JWT issuer URI, and \u003ccode\u003eJwks\u003c/code\u003e, an optional field containing OIDC verification keys in JWKS format for clusters without a publicly available discovery endpoint.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eAttachedOidcConfig\u003c/code\u003e class inherits from the \u003ccode\u003eobject\u003c/code\u003e class and implements multiple interfaces including \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e, demonstrating its role in data handling and management.\u003c/p\u003e\n"]]],[],null,["# Anthos Multi-Cloud v1 API - Class AttachedOidcConfig (2.8.0)\n\nVersion latestkeyboard_arrow_down\n\n- [2.8.0 (latest)](/dotnet/docs/reference/Google.Cloud.GkeMultiCloud.V1/latest/Google.Cloud.GkeMultiCloud.V1.AttachedOidcConfig)\n- [2.7.0](/dotnet/docs/reference/Google.Cloud.GkeMultiCloud.V1/2.7.0/Google.Cloud.GkeMultiCloud.V1.AttachedOidcConfig)\n- [2.6.0](/dotnet/docs/reference/Google.Cloud.GkeMultiCloud.V1/2.6.0/Google.Cloud.GkeMultiCloud.V1.AttachedOidcConfig)\n- [2.5.0](/dotnet/docs/reference/Google.Cloud.GkeMultiCloud.V1/2.5.0/Google.Cloud.GkeMultiCloud.V1.AttachedOidcConfig)\n- [2.4.0](/dotnet/docs/reference/Google.Cloud.GkeMultiCloud.V1/2.4.0/Google.Cloud.GkeMultiCloud.V1.AttachedOidcConfig)\n- [2.3.0](/dotnet/docs/reference/Google.Cloud.GkeMultiCloud.V1/2.3.0/Google.Cloud.GkeMultiCloud.V1.AttachedOidcConfig)\n- [2.2.0](/dotnet/docs/reference/Google.Cloud.GkeMultiCloud.V1/2.2.0/Google.Cloud.GkeMultiCloud.V1.AttachedOidcConfig)\n- [2.1.0](/dotnet/docs/reference/Google.Cloud.GkeMultiCloud.V1/2.1.0/Google.Cloud.GkeMultiCloud.V1.AttachedOidcConfig)\n- [2.0.0](/dotnet/docs/reference/Google.Cloud.GkeMultiCloud.V1/2.0.0/Google.Cloud.GkeMultiCloud.V1.AttachedOidcConfig)\n- [1.0.0-beta01](/dotnet/docs/reference/Google.Cloud.GkeMultiCloud.V1/1.0.0-beta01/Google.Cloud.GkeMultiCloud.V1.AttachedOidcConfig) \n\n public sealed class AttachedOidcConfig : IMessage\u003cAttachedOidcConfig\u003e, IEquatable\u003cAttachedOidcConfig\u003e, IDeepCloneable\u003cAttachedOidcConfig\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Anthos Multi-Cloud v1 API class AttachedOidcConfig.\n\nOIDC discovery information of the target cluster.\n\nKubernetes Service Account (KSA) tokens are JWT tokens signed by the cluster\nAPI server. This fields indicates how Google Cloud Platform services\nvalidate KSA tokens in order to allow system workloads (such as GKE Connect\nand telemetry agents) to authenticate back to Google Cloud Platform.\n\nBoth clusters with public and private issuer URLs are supported.\nClusters with public issuers only need to specify the `issuer_url` field\nwhile clusters with private issuers need to provide both\n`issuer_url` and `oidc_jwks`. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e AttachedOidcConfig \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[AttachedOidcConfig](/dotnet/docs/reference/Google.Cloud.GkeMultiCloud.V1/latest/Google.Cloud.GkeMultiCloud.V1.AttachedOidcConfig), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[AttachedOidcConfig](/dotnet/docs/reference/Google.Cloud.GkeMultiCloud.V1/latest/Google.Cloud.GkeMultiCloud.V1.AttachedOidcConfig), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[AttachedOidcConfig](/dotnet/docs/reference/Google.Cloud.GkeMultiCloud.V1/latest/Google.Cloud.GkeMultiCloud.V1.AttachedOidcConfig), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Cloud.GkeMultiCloud.V1](/dotnet/docs/reference/Google.Cloud.GkeMultiCloud.V1/latest/Google.Cloud.GkeMultiCloud.V1)\n\nAssembly\n--------\n\nGoogle.Cloud.GkeMultiCloud.V1.dll\n\nConstructors\n------------\n\n### AttachedOidcConfig()\n\n public AttachedOidcConfig()\n\n### AttachedOidcConfig(AttachedOidcConfig)\n\n public AttachedOidcConfig(AttachedOidcConfig other)\n\nProperties\n----------\n\n### IssuerUrl\n\n public string IssuerUrl { get; set; }\n\nA JSON Web Token (JWT) issuer URI. `issuer` must start with `https://`.\n\n### Jwks\n\n public ByteString Jwks { get; set; }\n\nOptional. OIDC verification keys in JWKS format (RFC 7517).\nIt contains a list of OIDC verification keys that can be used to verify\nOIDC JWTs.\n\nThis field is required for cluster that doesn't have a publicly available\ndiscovery endpoint. When provided, it will be directly used\nto verify the OIDC JWT asserted by the IDP."]]
