REST Resource: projects.locations.authConfigs

Resource: AuthConfig
Methods

Resource: AuthConfig

The AuthConfig resource use to hold channels and connection config data.

JSON representation

JSON representation
{ "name": string, "displayName": string, "description": string, "certificateId": string, "credentialType": enum (`CredentialType`), "creatorEmail": string, "createTime": string, "lastModifierEmail": string, "updateTime": string, "visibility": enum (`AuthConfigVisibility`), "state": enum (`State`), "reason": string, "expiryNotificationDuration": [ string ], "validTime": string, "overrideValidTime": string, // Union field `credential` can be only one of the following: "encryptedCredential": string, "decryptedCredential": { object (`Credential`) } // End of list of possible types for union field `credential`. }

{
  "name": string,
  "displayName": string,
  "description": string,
  "certificateId": string,
  "credentialType": enum (CredentialType),
  "creatorEmail": string,
  "createTime": string,
  "lastModifierEmail": string,
  "updateTime": string,
  "visibility": enum (AuthConfigVisibility),
  "state": enum (State),
  "reason": string,
  "expiryNotificationDuration": [
    string
  ],
  "validTime": string,
  "overrideValidTime": string,

  // Union field credential can be only one of the following:
  "encryptedCredential": string,
  "decryptedCredential": {
    object (Credential)
  }
  // End of list of possible types for union field credential.
}

Fields
`name`	`string` Resource name of the auth config. For more information, see Manage authentication profiles. `projects/{project}/locations/{location}/authConfigs/{authConfig}` .
`displayName`	`string` Required. The name of the auth config.
`description`	`string` A description of the auth config.
`certificateId`	`string` Certificate id for client certificate
`credentialType`	`enum (CredentialType)` Credential type of the encrypted credential.
`creatorEmail`	`string` The creator's email address. Generated based on the End User Credentials/LOAS role of the user making the call.
`createTime`	`string (Timestamp format)` Output only. The timestamp when the auth config is created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`lastModifierEmail`	`string` The last modifier's email address. Generated based on the End User Credentials/LOAS role of the user making the call.
`updateTime`	`string (Timestamp format)` Output only. The timestamp when the auth config is modified. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`visibility`	`enum (AuthConfigVisibility)` The visibility of the auth config.
`state`	`enum (State)` The status of the auth config.
`reason`	`string` The reason / details of the current status.
`expiryNotificationDuration[]`	`string (Duration format)` User can define the time to receive notification after which the auth config becomes invalid. Support up to 30 days. Support granularity in hours. A duration in seconds with up to nine fractional digits, ending with '`s`'. Example: `"3.5s"`.
`validTime`	`string (Timestamp format)` The time until the auth config is valid. Empty or max value is considered the auth config won't expire. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`overrideValidTime`	`string (Timestamp format)` User provided expiry time to override. For the example of Salesforce, username/password credentials can be valid for 6 months depending on the instance settings. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
Union field `credential`. `credential` can be only one of the following:
`encryptedCredential`	`string (bytes format)` Auth credential encrypted by Cloud KMS. Can be decrypted as Credential with proper KMS key. A base64-encoded string.
`decryptedCredential`	`object (Credential)` Raw auth credentials.

Credential

Defines parameters for a single, canonical credential.

JSON representation

JSON representation
{ "credentialType": enum (`CredentialType`), // Union field `credential_value` can be only one of the following: "usernameAndPassword": { object (`UsernameAndPassword`) }, "oauth2AuthorizationCode": { object (`OAuth2AuthorizationCode`) }, "oauth2ClientCredentials": { object (`OAuth2ClientCredentials`) }, "oauth2ResourceOwnerCredentials": { object (`OAuth2ResourceOwnerCredentials`) }, "jwt": { object (`Jwt`) }, "authToken": { object (`AuthToken`) }, "serviceAccountCredentials": { object (`ServiceAccountCredentials`) }, "oidcToken": { object (`OidcToken`) } // End of list of possible types for union field `credential_value`. }

{
  "credentialType": enum (CredentialType),

  // Union field credential_value can be only one of the following:
  "usernameAndPassword": {
    object (UsernameAndPassword)
  },
  "oauth2AuthorizationCode": {
    object (OAuth2AuthorizationCode)
  },
  "oauth2ClientCredentials": {
    object (OAuth2ClientCredentials)
  },
  "oauth2ResourceOwnerCredentials": {
    object (OAuth2ResourceOwnerCredentials)
  },
  "jwt": {
    object (Jwt)
  },
  "authToken": {
    object (AuthToken)
  },
  "serviceAccountCredentials": {
    object (ServiceAccountCredentials)
  },
  "oidcToken": {
    object (OidcToken)
  }
  // End of list of possible types for union field credential_value.
}

Fields
`credentialType`	`enum (CredentialType)` Credential type associated with auth config.
Union field `credential_value`. According to the credential_type, the credential value can be specified in one of the following proto. `credential_value` can be only one of the following:
`usernameAndPassword`	`object (UsernameAndPassword)` Username and password credential
`oauth2AuthorizationCode`	`object (OAuth2AuthorizationCode)` The api_key and oauth2_implicit are not covered in v1 and will be picked up once v1 is implemented. ApiKey api_key = 3; OAuth2 authorization code credential
`oauth2ClientCredentials`	`object (OAuth2ClientCredentials)` OAuth2Implicit oauth2_implicit = 5; OAuth2 client credentials
`oauth2ResourceOwnerCredentials`	`object (OAuth2ResourceOwnerCredentials)` OAuth2 resource owner credentials
`jwt`	`object (Jwt)` JWT credential
`authToken`	`object (AuthToken)` Auth token credential
`serviceAccountCredentials`	`object (ServiceAccountCredentials)` Service account credential
`oidcToken`	`object (OidcToken)` Google OIDC ID Token

CredentialType

Each type only applies to a certain number of services. For example, types with OAuth prefix only works for connecting REST endpoints.

Enums
`CREDENTIAL_TYPE_UNSPECIFIED`	Unspecified credential type
`USERNAME_AND_PASSWORD`	Regular username/password pair.
`API_KEY`	API key.
`OAUTH2_AUTHORIZATION_CODE`	OAuth 2.0 Authorization Code Grant type.
`OAUTH2_IMPLICIT`	OAuth 2.0 Implicit Grant type.
`OAUTH2_CLIENT_CREDENTIALS`	OAuth 2.0 Client Credentials Grant type.
`OAUTH2_RESOURCE_OWNER_CREDENTIALS`	OAuth 2.0 Resource owner Credentials Grant type.
`JWT`	JWT Token.
`AUTH_TOKEN`	Auth Token, e.g. bearer token.
`SERVICE_ACCOUNT`	Service Account which can be used to generate token for authentication.
`CLIENT_CERTIFICATE_ONLY`	Client Certificate only.
`OIDC_TOKEN`	Google OIDC ID Token

UsernameAndPassword

Username and password pair.

JSON representation
{ "username": string, "password": string }

Fields

Fields
`username`	`string` Username to be used
`password`	`string` Password to be used

username

string

Username to be used

password

string

Password to be used

OAuth2AuthorizationCode

The OAuth type where the client sends request with the client id and requested scopes to auth endpoint. User sees a consent screen and auth code is received at specified redirect url afterwards. The auth code is then combined with the client id and secret and sent to the token endpoint in exchange for the access and refresh token. The refresh token can be used to fetch new access tokens.

JSON representation

JSON representation
{ "clientId": string, "clientSecret": string, "scope": string, "authEndpoint": string, "authParams": { object (`ParameterMap`) }, "tokenEndpoint": string, "tokenParams": { object (`ParameterMap`) }, "accessToken": { object (`AccessToken`) }, "authCode": string, "requestType": enum (`RequestType`), "applyReauthPolicy": boolean }

{
  "clientId": string,
  "clientSecret": string,
  "scope": string,
  "authEndpoint": string,
  "authParams": {
    object (ParameterMap)
  },
  "tokenEndpoint": string,
  "tokenParams": {
    object (ParameterMap)
  },
  "accessToken": {
    object (AccessToken)
  },
  "authCode": string,
  "requestType": enum (RequestType),
  "applyReauthPolicy": boolean
}

Fields
`clientId`	`string` The client's id.
`clientSecret`	`string` The client's secret.
`scope`	`string` A space-delimited list of requested scope permissions.
`authEndpoint`	`string` The auth url endpoint to send the auth code request to.
`authParams`	`object (ParameterMap)` The auth parameters sent along with the auth code request.
`tokenEndpoint`	`string` The token url endpoint to send the token request to.
`tokenParams`	`object (ParameterMap)` The token parameters sent along with the token request.
`accessToken`	`object (AccessToken)` The access token received from the token endpoint.
`authCode`	`string` The Auth Code that is used to initially retrieve the access token.
`requestType`	`enum (RequestType)` Represent how to pass parameters to fetch access token
`applyReauthPolicy`	`boolean` Indicates if the user has opted in Google Reauth Policy. If opted in, the refresh token will be valid for 20 hours, after which time users must re-authenticate in order to obtain a new one.

ParameterMap

A generic multi-map that holds key value pairs. They keys and values can be of any type, unless specified.

JSON representation
{ "entries": [ { object (`ParameterMapEntry`) } ], "keyType": enum (`IntegrationParameterDataType`), "valueType": enum (`IntegrationParameterDataType`) }

Fields

Fields
`entries[]`	`object (ParameterMapEntry)` A list of parameter map entries.
`keyType`	`enum (IntegrationParameterDataType)` Option to specify key type for all entries of the map. If provided then field types for all entries must conform to this.
`valueType`	`enum (IntegrationParameterDataType)` Option to specify value type for all entries of the map. If provided then field types for all entries must conform to this.

entries[]

object (ParameterMapEntry)

A list of parameter map entries.

keyType

enum (IntegrationParameterDataType)

Option to specify key type for all entries of the map. If provided then field types for all entries must conform to this.

valueType

enum (IntegrationParameterDataType)

Option to specify value type for all entries of the map. If provided then field types for all entries must conform to this.

ParameterMapEntry

Entry is a pair of key and value.

JSON representation
{ "key": { object (`ParameterMapField`) }, "value": { object (`ParameterMapField`) } }

Fields

Fields
`key`	`object (ParameterMapField)` Key of the map entry.
`value`	`object (ParameterMapField)` Value of the map entry.

key

object (ParameterMapField)

Key of the map entry.

value

object (ParameterMapField)

Value of the map entry.

ParameterMapField

Field represents either the key or value in an entry.

JSON representation
{ // Union field `value` can be only one of the following: "referenceKey": string, "literalValue": { object (`ValueType`) } // End of list of possible types for union field `value`. }

Fields

Fields
Union field `value`. `value` can be only one of the following:
`referenceKey`	`string` Referencing one of the Integration variables.
`literalValue`	`object (ValueType)` Passing a literal value.

Union field value.

value can be only one of the following:

referenceKey

string

Referencing one of the Integration variables.

literalValue

object (ValueType)

Passing a literal value.

AccessToken

The access token represents the authorization of a specific application to access specific parts of a user's data.

JSON representation
{ "accessToken": string, "accessTokenExpireTime": string, "tokenType": string, "refreshToken": string, "refreshTokenExpireTime": string }

Fields
`accessToken`	`string` The access token encapsulating the security identity of a process or thread.
`accessTokenExpireTime`	`string (Timestamp format)` Required. The approximate time until the access token retrieved is valid. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`tokenType`	`string` Only support "bearer" token in v1 as bearer token is the predominant type used with OAuth 2.0.
`refreshToken`	`string` If the access token will expire, use the refresh token to obtain another access token.
`refreshTokenExpireTime`	`string (Timestamp format)` The approximate time until the refresh token retrieved is valid. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.

RequestType

Represent how to pass parameters to fetch access token

Enums
`REQUEST_TYPE_UNSPECIFIED`	Unspecified request type
`REQUEST_BODY`	To pass all the parameters in post body.
`QUERY_PARAMETERS`	To pass all the parameters as a part of query parameter.
`ENCODED_HEADER`	To pass client id and client secret as base 64 encoding of clientId:client_password and rest parameters in post body.

OAuth2ClientCredentials

For client credentials grant, the client sends a POST request with grant_type as 'client_credentials' to the authorization server. The authorization server will respond with a JSON object containing the access token.

JSON representation

JSON representation
{ "clientId": string, "clientSecret": string, "tokenEndpoint": string, "scope": string, "tokenParams": { object (`ParameterMap`) }, "accessToken": { object (`AccessToken`) }, "requestType": enum (`RequestType`) }

{
  "clientId": string,
  "clientSecret": string,
  "tokenEndpoint": string,
  "scope": string,
  "tokenParams": {
    object (ParameterMap)
  },
  "accessToken": {
    object (AccessToken)
  },
  "requestType": enum (RequestType)
}

Fields
`clientId`	`string` The client's ID.
`clientSecret`	`string` The client's secret.
`tokenEndpoint`	`string` The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token.
`scope`	`string` A space-delimited list of requested scope permissions.
`tokenParams`	`object (ParameterMap)` Token parameters for the auth request.
`accessToken`	`object (AccessToken)` Access token fetched from the authorization server.
`requestType`	`enum (RequestType)` Represent how to pass parameters to fetch access token

OAuth2ResourceOwnerCredentials

For resource owner credentials grant, the client will ask the user for their authorization credentials (ususally a username and password) and send a POST request to the authorization server. The authorization server will respond with a JSON object containing the access token.

JSON representation

JSON representation
{ "clientId": string, "clientSecret": string, "username": string, "password": string, "tokenEndpoint": string, "scope": string, "tokenParams": { object (`ParameterMap`) }, "accessToken": { object (`AccessToken`) }, "requestType": enum (`RequestType`) }

{
  "clientId": string,
  "clientSecret": string,
  "username": string,
  "password": string,
  "tokenEndpoint": string,
  "scope": string,
  "tokenParams": {
    object (ParameterMap)
  },
  "accessToken": {
    object (AccessToken)
  },
  "requestType": enum (RequestType)
}

Fields
`clientId`	`string` The client's ID.
`clientSecret`	`string` The client's secret.
`username`	`string` The user's username.
`password`	`string` The user's password.
`tokenEndpoint`	`string` The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token.
`scope`	`string` A space-delimited list of requested scope permissions.
`tokenParams`	`object (ParameterMap)` Token parameters for the auth request.
`accessToken`	`object (AccessToken)` Access token fetched from the authorization server.
`requestType`	`enum (RequestType)` Represent how to pass parameters to fetch access token

Jwt

Represents JSON web token(JWT), which is a compact, URL-safe means of representing claims to be transferred between two parties, enabling the claims to be digitally signed or integrity protected.

JSON representation
{ "jwtHeader": string, "jwtPayload": string, "secret": string, "jwt": string }

Fields
`jwtHeader`	`string` Identifies which algorithm is used to generate the signature.
`jwtPayload`	`string` Contains a set of claims. The JWT specification defines seven Registered Claim Names which are the standard fields commonly included in tokens. Custom claims are usually also included, depending on the purpose of the token.
`secret`	`string` User's pre-shared secret to sign the token.
`jwt`	`string` The token calculated by the header, payload and signature.

AuthToken

The credentials to authenticate a user agent with a server that is put in HTTP Authorization request header.

JSON representation
{ "type": string, "token": string }

Fields

Fields
`type`	`string` Authentication type, e.g. "Basic", "Bearer", etc.
`token`	`string` The token for the auth type.

type

string

Authentication type, e.g. "Basic", "Bearer", etc.

token

string

The token for the auth type.

ServiceAccountCredentials

Represents the service account which can be used to generate access token for authenticating the service call.

JSON representation
{ "serviceAccount": string, "scope": string }

Fields

Fields
`serviceAccount`	`string` name of the service account that has the permission to make the request.
`scope`	`string` A space-delimited list of requested scope permissions.

serviceAccount

string

name of the service account that has the permission to make the request.

scope

string

A space-delimited list of requested scope permissions.

OidcToken

OIDC Token

JSON representation
{ "serviceAccountEmail": string, "audience": string, "token": string, "tokenExpireTime": string }

Fields
`serviceAccountEmail`	`string` The service account email to be used as the identity for the token.
`audience`	`string` Audience to be used when generating OIDC token. The audience claim identifies the recipients that the JWT is intended for.
`token`	`string` ID token obtained for the service account
`tokenExpireTime`	`string (Timestamp format)` The approximate time until the token retrieved is valid. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.

AuthConfigVisibility

Enum for the visibility of the auth config.

Enums
`AUTH_CONFIG_VISIBILITY_UNSPECIFIED`	Visibility not specified.
`PRIVATE`	Profile visible to the creator only.
`CLIENT_VISIBLE`	Profile visible within the client.

State

The status of the auth config.

Enums
`STATE_UNSPECIFIED`	Status not specified.
`VALID`	Valid Auth config.
`INVALID`	General invalidity, if it doesn't fits in the detailed issue below.
`SOFT_DELETED`	Auth config soft deleted.
`EXPIRED`	Auth config expired.
`UNAUTHORIZED`	Auth config unauthorized.
`UNSUPPORTED`	Auth config not supported.

Methods
`create`	Creates an auth config record.
`delete`	Deletes an auth config.
`get`	Gets a complete auth config.
`list`	Lists all auth configs that match the filter.
`patch`	Updates an auth config.

REST Resource: projects.locations.authConfigs

Resource: AuthConfig

Credential

CredentialType

UsernameAndPassword

OAuth2AuthorizationCode

ParameterMap

ParameterMapEntry

ParameterMapField

AccessToken

RequestType

OAuth2ClientCredentials

OAuth2ResourceOwnerCredentials

Jwt

AuthToken

ServiceAccountCredentials

OidcToken

AuthConfigVisibility

State

Methods

`create`

`delete`

`get`

`list`

`patch`