@@ -317,16 +317,23 @@ class GoogleIdentityStsV1ExchangeTokenRequest
317317 # new security attributes applied, such as a Credential Access Boundary. In this
318318 # case, set `subject_token_type` to `urn:ietf:params:oauth:token-type:
319319 # access_token`. If an access token already contains security attributes, you
320- # cannot apply additional security attributes.
320+ # cannot apply additional security attributes. If the request is for X.509
321+ # certificate-based authentication, the `subject_token` must be a JSON-formatted
322+ # list of X.509 certificates in DER format, as defined in [RFC 7515](https://www.
323+ # rfc-editor.org/rfc/rfc7515#section-4.1.6). `subject_token_type` must be `urn:
324+ # ietf:params:oauth:token-type:mtls`. The following example shows a JSON-
325+ # formatted list of X.509 certificate in DER format: ``` [\"MIIEYDCCA0i...\", \"
326+ # MCIFFGAGTT0...\"] ```
321327 # Corresponds to the JSON property `subjectToken`
322328 # @return [String]
323329 attr_accessor :subject_token
324330
325331 # Required. An identifier that indicates the type of the security token in the `
326332 # subject_token` parameter. Supported values are `urn:ietf:params:oauth:token-
327333 # type:jwt`, `urn:ietf:params:oauth:token-type:id_token`, `urn:ietf:params:aws:
328- # token-type:aws4_request`, `urn:ietf:params:oauth:token-type:access_token`, and
329- # `urn:ietf:params:oauth:token-type:saml2`.
334+ # token-type:aws4_request`, `urn:ietf:params:oauth:token-type:access_token`, `
335+ # urn:ietf:params:oauth:token-type:mtls`, and `urn:ietf:params:oauth:token-type:
336+ # saml2`.
330337 # Corresponds to the JSON property `subjectTokenType`
331338 # @return [String]
332339 attr_accessor :subject_token_type
0 commit comments