AuthConfig

The AuthConfig resource use to hold channels and connection config data.

JSON representation
{
  "name": string,
  "displayName": string,
  "description": string,
  "certificateId": string,
  "credentialType": enum (CredentialType),
  "creatorEmail": string,
  "createTime": string,
  "lastModifierEmail": string,
  "updateTime": string,
  "visibility": enum (AuthConfigVisibility),
  "state": enum (State),
  "reason": string,
  "expiryNotificationDuration": [
    string
  ],
  "validTime": string,
  "overrideValidTime": string,

  // Union field credential can be only one of the following:
  "encryptedCredential": string,
  "decryptedCredential": {
    object (Credential)
  }
  // End of list of possible types for union field credential.
}
Fields
name

string

Resource name of the SFDC instance projects/{project}/locations/{location}/authConfigs/{authConfig}.

displayName

string

The name of the auth config.

description

string

A description of the auth config.

certificateId

string

Certificate id for client certificate

credentialType

enum (CredentialType)

Credential type of the encrypted credential.

creatorEmail

string

The creator's email address. Generated based on the End User Credentials/LOAS role of the user making the call.

createTime

string (Timestamp format)

Output only. The timestamp when the auth config is created.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

lastModifierEmail

string

The last modifier's email address. Generated based on the End User Credentials/LOAS role of the user making the call.

updateTime

string (Timestamp format)

Output only. The timestamp when the auth config is modified.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

visibility

enum (AuthConfigVisibility)

The visibility of the auth config.

state

enum (State)

The status of the auth config.

reason

string

The reason / details of the current status.

expiryNotificationDuration[]

string (Duration format)

User can define the time to receive notification after which the auth config becomes invalid. Support up to 30 days. Support granularity in hours.

A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".

validTime

string (Timestamp format)

The time until the auth config is valid. Empty or max value is considered the auth config won't expire.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

overrideValidTime

string (Timestamp format)

User provided expiry time to override. For the example of Salesforce, username/password credentials can be valid for 6 months depending on the instance settings.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

Union field credential.

credential can be only one of the following:

encryptedCredential

string (bytes format)

Auth credential encrypted by Cloud KMS. Can be decrypted as Credential with proper KMS key.

A base64-encoded string.

decryptedCredential

object (Credential)

Raw auth credentials.

Credential

Defines parameters for a single, canonical credential.

JSON representation
{
  "credentialType": enum (CredentialType),

  // Union field credential_value can be only one of the following:
  "usernameAndPassword": {
    object (UsernameAndPassword)
  },
  "oauth2AuthorizationCode": {
    object (OAuth2AuthorizationCode)
  },
  "oauth2ClientCredentials": {
    object (OAuth2ClientCredentials)
  },
  "oauth2ResourceOwnerCredentials": {
    object (OAuth2ResourceOwnerCredentials)
  },
  "jwt": {
    object (Jwt)
  },
  "authToken": {
    object (AuthToken)
  },
  "serviceAccountCredentials": {
    object (ServiceAccountCredentials)
  }
  // End of list of possible types for union field credential_value.
}
Fields
credentialType

enum (CredentialType)

Credential type associated with auth config.

Union field credential_value. According to the credential_type, the credential value can be specified in one of the following proto. credential_value can be only one of the following:
usernameAndPassword

object (UsernameAndPassword)

Username and password credential

oauth2AuthorizationCode

object (OAuth2AuthorizationCode)

The api_key and oauth2_implicit are not covered in v1 and will be picked up once v1 is implemented. ApiKey api_key = 3; OAuth2 authorization code credential

oauth2ClientCredentials

object (OAuth2ClientCredentials)

OAuth2Implicit oauth2_implicit = 5; OAuth2 client credentials

oauth2ResourceOwnerCredentials

object (OAuth2ResourceOwnerCredentials)

OAuth2 resource owner credentials

jwt

object (Jwt)

JWT credential

authToken

object (AuthToken)

Auth token credential

serviceAccountCredentials

object (ServiceAccountCredentials)

Service account credential

UsernameAndPassword

Username and password pair. Next available id: 3

JSON representation
{
  "username": string,
  "password": string
}
Fields
username

string

Username to be used

password

string

Password to be used

OAuth2AuthorizationCode

The OAuth Type where the client sends request with the client id and requested scopes to auth endpoint. User sees a consent screen and auth code is received at specified redirect url afterwards. The auth code is then combined with the client id and secret and sent to the token endpoint in exchange for the access and refresh token. The refresh token can be used to fetch new access tokens.

JSON representation
{
  "clientId": string,
  "clientSecret": string,
  "scope": string,
  "authEndpoint": string,
  "authParams": {
    object (ParameterMap)
  },
  "tokenEndpoint": string,
  "tokenParams": {
    object (ParameterMap)
  },
  "accessToken": {
    object (AccessToken)
  },
  "authCode": string,
  "requestType": enum (RequestType),
  "applyReauthPolicy": boolean
}
Fields
clientId

string

The client's id.

clientSecret

string

The client's secret.

scope

string

A space-delimited list of requested scope permissions.

authEndpoint

string

The auth url endpoint to send the auth code request to.

authParams

object (ParameterMap)

The auth parameters sent along with the auth code request.

tokenEndpoint

string

The token url endpoint to send the token request to.

tokenParams

object (ParameterMap)

The token parameters sent along with the token request.

accessToken

object (AccessToken)

The access token received from the token endpoint.

authCode

string

The Auth Code that is used to initially retrieve the access token.

requestType

enum (RequestType)

Represent how to pass parameters to fetch access token

applyReauthPolicy

boolean

Indicates if the user has opted in Google Reauth Policy. If opted in, the refresh token will be valid for 20 hours, after which time users must re-authenticate in order to obtain a new one.

ParameterMap

A generic multi-map that holds key value pairs. They keys and values can be of any type, unless specified.

JSON representation
{
  "entries": [
    {
      object (ParameterMapEntry)
    }
  ],
  "keyType": enum (IntegrationParameterDataType),
  "valueType": enum (IntegrationParameterDataType)
}
Fields
entries[]

object (ParameterMapEntry)

A list of parameter map entries.

keyType

enum (IntegrationParameterDataType)

Option to specify key type for all entries of the map. If provided then field types for all entries must conform to this.

valueType

enum (IntegrationParameterDataType)

Option to specify value type for all entries of the map. If provided then field types for all entries must conform to this.

ParameterMapEntry

Entry is a pair of key and value.

JSON representation
{
  "key": {
    object (ParameterMapField)
  },
  "value": {
    object (ParameterMapField)
  }
}
Fields
key

object (ParameterMapField)

Key of the map entry.

value

object (ParameterMapField)

Value of the map entry.

ParameterMapField

Field represents either the key or value in an entry.

JSON representation
{

  // Union field value can be only one of the following:
  "referenceKey": string,
  "literalValue": {
    object (ValueType)
  }
  // End of list of possible types for union field value.
}
Fields

Union field value.

value can be only one of the following:

referenceKey

string

Referencing one of the Integration variables.

literalValue

object (ValueType)

Passing a literal value.

OAuth2ClientCredentials

For client credentials grant, the client sends a POST request with grant_type as 'client_credentials' to the authorization server. The authorization server will respond with a JSON object containing the access token. Next available id: 8

JSON representation
{
  "clientId": string,
  "clientSecret": string,
  "tokenEndpoint": string,
  "scope": string,
  "tokenParams": {
    object (ParameterMap)
  },
  "accessToken": {
    object (AccessToken)
  },
  "requestType": enum (RequestType)
}
Fields
clientId

string

The client's ID.

clientSecret

string

The client's secret.

tokenEndpoint

string

The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token.

scope

string

A space-delimited list of requested scope permissions.

tokenParams

object (ParameterMap)

Token parameters for the auth request.

accessToken

object (AccessToken)

Access token fetched from the authorization server.

requestType

enum (RequestType)

Represent how to pass parameters to fetch access token

OAuth2ResourceOwnerCredentials

For resource owner credentials grant, the client will ask the user for their authorization credentials (ususally a username and password) and send a POST request to the authorization server. The authorization server will respond with a JSON object containing the access token. Next available id: 10

JSON representation
{
  "clientId": string,
  "clientSecret": string,
  "username": string,
  "password": string,
  "tokenEndpoint": string,
  "scope": string,
  "tokenParams": {
    object (ParameterMap)
  },
  "accessToken": {
    object (AccessToken)
  },
  "requestType": enum (RequestType)
}
Fields
clientId

string

The client's ID.

clientSecret

string

The client's secret.

username

string

The user's username.

password

string

The user's password.

tokenEndpoint

string

The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token.

scope

string

A space-delimited list of requested scope permissions.

tokenParams

object (ParameterMap)

Token parameters for the auth request.

accessToken

object (AccessToken)

Access token fetched from the authorization server.

requestType

enum (RequestType)

Represent how to pass parameters to fetch access token

Jwt

Represents JSON web token(JWT), which is a compact, URL-safe means of representing claims to be transferred between two parties, enabling the claims to be digitally signed or integrity protected. Next available id: 5

JSON representation
{
  "jwtHeader": string,
  "jwtPayload": string,
  "secret": string,
  "jwt": string
}
Fields
jwtHeader

string

Identifies which algorithm is used to generate the signature.

jwtPayload

string

Contains a set of claims. The JWT specification defines seven Registered Claim Names which are the standard fields commonly included in tokens. Custom claims are usually also included, depending on the purpose of the token.

secret

string

User's pre-shared secret to sign the token.

jwt

string

The token calculated by the header, payload and signature.

AuthToken

The credentials to authenticate a user agent with a server that is put in HTTP Authorization request header. Next available id: 3

JSON representation
{
  "type": string,
  "token": string
}
Fields
type

string

Authentication type, e.g. "Basic", "Bearer", etc.

token

string

The token for the auth type.

ServiceAccountCredentials

Represents the service account which can be used to generate access token for authenticating the service call. Next available id: 3

JSON representation
{
  "serviceAccount": string,
  "scope": string
}
Fields
serviceAccount

string

Name of the service account that has the permission to make the request.

scope

string

A space-delimited list of requested scope permissions.