Invia feedback
Mantieni tutto organizzato con le raccolte
Salva e classifica i contenuti in base alle tue preferenze.
Controllo dell'accesso con IAM
Identity Platform fornisce API Admin per gestire gli utenti e i token di autenticazione.
Per impedire l'accesso indesiderato a utenti e token tramite queste API,
Identity Platform utilizza IAM
per gestire l'autorizzazione a specifiche API Identity Platform.
Per scoprire come assegnare ruoli IAM a un utente o a un account di servizio,
consulta la sezione Gestione dei criteri nella documentazione di IAM.
Autorizzazioni API
La tabella seguente elenca le autorizzazioni che il chiamante deve avere per chiamare ogni metodo dell'API Identity Platform:
Nota :firebaseauth.configs.getSecret è necessario solo quando si gestiscono informazioni basate sul client secret. Le chiamate API possono essere eseguite correttamente senza questa autorizzazione.
Servizio
Metodo
Autorizzazioni richieste
google.cloud.identitytoolkit.v1.AccountManagementService
GetOobCode
firebaseauth.users.sendEmail
SetAccountInfo
firebaseauth.users.update
UploadAccount
firebaseauth.users.create
DeleteAccount
firebaseauth.users.delete
DownloadAccount
firebaseauth.users.get
GetAccountInfo
firebaseauth.users.get
QueryUserInfo
firebaseauth.users.get
google.cloud.identitytoolkit.v1.AuthenticationService
SignUp
firebaseauth.users.create
google.cloud.identitytoolkit.v1.ProjectConfigService
GetProjectConfig
firebaseauth.configs.get
SetProjectConfig
firebaseauth.configs.update
google.cloud.identitytoolkit.v1.SessionManagementService
CreateSessionCookie
firebaseauth.users.createSession
google.cloud.identitytoolkit.v2.ProjectConfigService
CreateConfig
firebaseauth.configs.create
CreateDefaultSupportedIdpConfig
firebaseauth.configs.update
firebaseauth.configs.getSecret
CreateInboundSamlConfig
firebaseauth.configs.update
CreateOAuthIdpConfig
firebaseauth.configs.update
firebaseauth.configs.getSecret
CreateOutboundSamlConfig
firebaseauth.configs.update
DeleteDefaultSupportedIdpConfig
firebaseauth.configs.update
DeleteInboundSamlConfig
firebaseauth.configs.update
DeleteOAuthIdpConfig
firebaseauth.configs.update
DeleteOutboundSamlConfig
firebaseauth.configs.update
EnableCicp
firebaseauth.configs.create
GetConfig
firebaseauth.configs.get
GetDefaultSupportedIdpConfig
firebaseauth.configs.get
firebaseauth.configs.getSecret
GetInboundSamlConfig
firebaseauth.configs.get
GetOAuthIdpConfig
firebaseauth.configs.get
firebaseauth.configs.getSecret
GetOutboundSamlConfig
firebaseauth.configs.get
HashConfig
firebaseauth.configs.getHashConfig
ListDefaultSupportedIdpConfigs
firebaseauth.configs.get
firebaseauth.configs.getSecret
ListInboundSamlConfigs
firebaseauth.configs.get
ListOAuthIdpConfigs
firebaseauth.configs.get
firebaseauth.configs.getSecret
ListOutboundSamlConfigs
firebaseauth.configs.get
UpdateConfig
firebaseauth.configs.update
UpdateDefaultSupportedIdpConfig
firebaseauth.configs.update
firebaseauth.configs.getSecret
UpdateInboundSamlConfig
firebaseauth.configs.update
UpdateOAuthIdpConfig
firebaseauth.configs.update
firebaseauth.configs.getSecret
UpdateOutboundSamlConfig
firebaseauth.configs.update
VerifyDomain
firebaseauth.configs.update
SetIamPolicy
identitytoolkit.tenants.setIamPolicy
GetIamPolicy
identitytoolkit.tenants.getIamPolicy
google.cloud.identitytoolkit.v2.TenantManagementService
CreateTenant
identitytoolkit.tenants.create
DeleteTenant
identitytoolkit.tenants.delete
GetTenant
identitytoolkit.tenants.get
ListTenants
identitytoolkit.tenants.list
UpdateTenant
identitytoolkit.tenants.update
Invia feedback
Salvo quando diversamente specificato, i contenuti di questa pagina sono concessi in base alla licenza Creative Commons Attribution 4.0 , mentre gli esempi di codice sono concessi in base alla licenza Apache 2.0 . Per ulteriori dettagli, consulta le norme del sito di Google Developers . Java è un marchio registrato di Oracle e/o delle sue consociate.
Ultimo aggiornamento 2025-09-09 UTC.
Vuoi dirci altro?
[[["Facile da capire","easyToUnderstand","thumb-up"],["Il problema è stato risolto","solvedMyProblem","thumb-up"],["Altra","otherUp","thumb-up"]],[["Difficile da capire","hardToUnderstand","thumb-down"],["Informazioni o codice di esempio errati","incorrectInformationOrSampleCode","thumb-down"],["Mancano le informazioni o gli esempi di cui ho bisogno","missingTheInformationSamplesINeed","thumb-down"],["Problema di traduzione","translationIssue","thumb-down"],["Altra","otherDown","thumb-down"]],["Ultimo aggiornamento 2025-09-09 UTC."],[[["\u003cp\u003eIdentity Platform uses IAM to manage permissions for its Admin APIs, ensuring secure access to user data and authentication tokens.\u003c/p\u003e\n"],["\u003cp\u003eSpecific IAM permissions are required to execute different methods within the Identity Platform API, such as creating, updating, deleting, or retrieving user accounts and configurations.\u003c/p\u003e\n"],["\u003cp\u003eDifferent methods require different permissions, such as \u003ccode\u003efirebaseauth.users.create\u003c/code\u003e for creating a user or \u003ccode\u003efirebaseauth.configs.get\u003c/code\u003e for retrieving project configurations.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003efirebaseauth.configs.getSecret\u003c/code\u003e permission is only necessary when dealing with client secret based information and that API calls may succeed without it.\u003c/p\u003e\n"],["\u003cp\u003eThere are various methods for tenant management, requiring permissions like \u003ccode\u003eidentitytoolkit.tenants.create\u003c/code\u003e to create tenants or \u003ccode\u003eidentitytoolkit.tenants.getIamPolicy\u003c/code\u003e to get tenant IAM policy.\u003c/p\u003e\n"]]],[],null,["Access control with IAM\n\nIdentity Platform provides Admin APIs to manage your users and authentication\ntokens.\nTo prevent unwanted access to your users and tokens through these APIs,\nIdentity Platform leverages IAM\nto manage permission to specific Identity Platform APIs.\n\nTo learn how to assign IAM roles to a user or service account,\nsee [Managing Policies](/iam/docs/managing-policies) in the IAM\ndocumentation.\n\nAPI permissions\n\nThe following table lists the permissions that the caller must have to call each\nmethod in the Identity Platform API:\n| **Note:** firebaseauth.configs.getSecret is only required when dealing with client secret based information. API calls can succeed without this permission.\n\n\u003cbr /\u003e\n\n| Service | Method | Required Permission(s) |\n|----------------------------------------------------------|---------------------------------|--------------------------------------|\n| google.cloud.identitytoolkit.v1.AccountManagementService | GetOobCode | firebaseauth.users.sendEmail |\n| google.cloud.identitytoolkit.v1.AccountManagementService | SetAccountInfo | firebaseauth.users.update |\n| google.cloud.identitytoolkit.v1.AccountManagementService | UploadAccount | firebaseauth.users.create |\n| google.cloud.identitytoolkit.v1.AccountManagementService | DeleteAccount | firebaseauth.users.delete |\n| google.cloud.identitytoolkit.v1.AccountManagementService | DownloadAccount | firebaseauth.users.get |\n| google.cloud.identitytoolkit.v1.AccountManagementService | GetAccountInfo | firebaseauth.users.get |\n| google.cloud.identitytoolkit.v1.AccountManagementService | QueryUserInfo | firebaseauth.users.get |\n| google.cloud.identitytoolkit.v1.AuthenticationService | SignUp | firebaseauth.users.create |\n| google.cloud.identitytoolkit.v1.ProjectConfigService | GetProjectConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v1.ProjectConfigService | SetProjectConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v1.SessionManagementService | CreateSessionCookie | firebaseauth.users.createSession |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateConfig | firebaseauth.configs.create |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateDefaultSupportedIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateDefaultSupportedIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateInboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateOAuthIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateOAuthIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateOutboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | DeleteDefaultSupportedIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | DeleteInboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | DeleteOAuthIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | DeleteOutboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | EnableCicp | firebaseauth.configs.create |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetDefaultSupportedIdpConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetDefaultSupportedIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetInboundSamlConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetOAuthIdpConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetOAuthIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetOutboundSamlConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | HashConfig | firebaseauth.configs.getHashConfig |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListDefaultSupportedIdpConfigs | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListDefaultSupportedIdpConfigs | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListInboundSamlConfigs | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListOAuthIdpConfigs | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListOAuthIdpConfigs | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListOutboundSamlConfigs | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateDefaultSupportedIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateDefaultSupportedIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateInboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateOAuthIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateOAuthIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateOutboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | VerifyDomain | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | SetIamPolicy | identitytoolkit.tenants.setIamPolicy |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetIamPolicy | identitytoolkit.tenants.getIamPolicy |\n| google.cloud.identitytoolkit.v2.TenantManagementService | CreateTenant | identitytoolkit.tenants.create |\n| google.cloud.identitytoolkit.v2.TenantManagementService | DeleteTenant | identitytoolkit.tenants.delete |\n| google.cloud.identitytoolkit.v2.TenantManagementService | GetTenant | identitytoolkit.tenants.get |\n| google.cloud.identitytoolkit.v2.TenantManagementService | ListTenants | identitytoolkit.tenants.list |\n| google.cloud.identitytoolkit.v2.TenantManagementService | UpdateTenant | identitytoolkit.tenants.update |"]]
