REST Resource: projects.locations.oauthClients

Resource: OauthClient

Represents an OauthClient. Used to access Google Cloud resources on behalf of a Workforce Identity Federation user by using OAuth 2.0 Protocol to obtain an access token from Google Cloud.

JSON representation 
{
  "name": string,
  "state": enum (State),
  "disabled": boolean,
  "clientId": string,
  "displayName": string,
  "description": string,
  "clientType": enum (ClientType),
  "allowedGrantTypes": [
    enum (GrantType)
  ],
  "allowedScopes": [
    string
  ],
  "allowedRedirectUris": [
    string
  ],
  "expireTime": string
}
Fields
name

string

Immutable. Identifier. The resource name of the OauthClient.

Format:projects/{project}/locations/{location}/oauthClients/{oauthClient}.
state

enum (State)

Output only. The state of the OauthClient.
disabled

boolean

Optional. Whether the OauthClient is disabled. You cannot use a disabled OAuth client.
clientId

string

Output only. The system-generated OauthClient id.
displayName

string

Optional. A user-specified display name of the OauthClient.

Cannot exceed 32 characters.
description

string

Optional. A user-specified description of the OauthClient.

Cannot exceed 256 characters.
clientType

enum (ClientType)

Immutable. The type of OauthClient. Either public or private. For private clients, the client secret can be managed using the dedicated OauthClientCredential resource.
allowedGrantTypes[]

enum (GrantType)

Required. The list of OAuth grant types is allowed for the OauthClient.
allowedScopes[]

string

Required. The list of scopes that the OauthClient is allowed to request during OAuth flows.

The following scopes are supported:

  • https://www.googleapis.com/auth/cloud-platform: See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account.
  • openid: The OAuth client can associate you with your personal information on Google Cloud.
  • email: The OAuth client can read a federated identity's email address.
  • groups: The OAuth client can read a federated identity's groups.
allowedRedirectUris[]

string

Required. The list of redirect uris that is allowed to redirect back when authorization process is completed.
expireTime

string (Timestamp format)

Output only. Time after which the OauthClient will be permanently purged and cannot be recovered.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

State

The current state of the OauthClient.

Enums
STATE_UNSPECIFIED Default value. This value is unused.
ACTIVE The OauthClient is active.
DELETED The OauthClient is soft-deleted. Soft-deleted OauthClient is permanently deleted after approximately 30 days unless restored via oauthClients.undelete.

ClientType

The type of OauthClient.

Enums
CLIENT_TYPE_UNSPECIFIED Should not be used.
PUBLIC_CLIENT Public client has no secret.
CONFIDENTIAL_CLIENT Private client.

GrantType

The OAuth grant type.

Enums
GRANT_TYPE_UNSPECIFIED Should not be used.
AUTHORIZATION_CODE_GRANT Authorization code grant.
REFRESH_TOKEN_GRANT Refresh token grant.

Methods

create

 Creates a new OauthClient.

delete

 Deletes an OauthClient.

get

 Gets an individual OauthClient.

list

 Lists all non-deleted OauthClients in a project.

patch

 Updates an existing OauthClient.

undelete

 Undeletes an OauthClient, as long as it was deleted fewer than 30 days ago.