使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
使用 IAM 进行访问权限控制
Identity Platform 提供 Admin API 来管理您的用户和身份验证令牌。为防止通过这些 API 对您的用户和令牌进行不必要的访问,Identity Platform 利用 IAM 来管理对特定 Identity Platform API 的权限。
如需了解如何向用户或服务账号分配 IAM 角色,请参阅 IAM 文档中的管理政策。
API 权限
下表列出了调用方在调用 Identity Platform API 中的每个方法时必须具有的权限:
| 服务 |
方法 |
所需权限 |
| google.cloud.identitytoolkit.v1.AccountManagementService |
GetOobCode |
firebaseauth.users.sendEmail |
| SetAccountInfo |
firebaseauth.users.update |
| UploadAccount |
firebaseauth.users.create |
| DeleteAccount |
firebaseauth.users.delete |
| DownloadAccount |
firebaseauth.users.get |
| GetAccountInfo |
firebaseauth.users.get |
| QueryUserInfo |
firebaseauth.users.get |
| google.cloud.identitytoolkit.v1.AuthenticationService |
SignUp |
firebaseauth.users.create |
| google.cloud.identitytoolkit.v1.ProjectConfigService |
GetProjectConfig |
firebaseauth.configs.get |
| SetProjectConfig |
firebaseauth.configs.update |
| google.cloud.identitytoolkit.v1.SessionManagementService |
CreateSessionCookie |
firebaseauth.users.createSession |
| google.cloud.identitytoolkit.v2.ProjectConfigService |
CreateConfig |
firebaseauth.configs.create |
| CreateDefaultSupportedIdpConfig |
firebaseauth.configs.update |
| firebaseauth.configs.getSecret |
| CreateInboundSamlConfig |
firebaseauth.configs.update |
| CreateOAuthIdpConfig |
firebaseauth.configs.update |
| firebaseauth.configs.getSecret |
| CreateOutboundSamlConfig |
firebaseauth.configs.update |
| DeleteDefaultSupportedIdpConfig |
firebaseauth.configs.update |
| DeleteInboundSamlConfig |
firebaseauth.configs.update |
| DeleteOAuthIdpConfig |
firebaseauth.configs.update |
| DeleteOutboundSamlConfig |
firebaseauth.configs.update |
| EnableCicp |
firebaseauth.configs.create |
| GetConfig |
firebaseauth.configs.get |
| GetDefaultSupportedIdpConfig |
firebaseauth.configs.get |
| firebaseauth.configs.getSecret |
| GetInboundSamlConfig |
firebaseauth.configs.get |
| GetOAuthIdpConfig |
firebaseauth.configs.get |
| firebaseauth.configs.getSecret |
| GetOutboundSamlConfig |
firebaseauth.configs.get |
| ListDefaultSupportedIdpConfigs |
firebaseauth.configs.get |
| firebaseauth.configs.getSecret |
| ListInboundSamlConfigs |
firebaseauth.configs.get |
| ListOAuthIdpConfigs |
firebaseauth.configs.get |
| firebaseauth.configs.getSecret |
| ListOutboundSamlConfigs |
firebaseauth.configs.get |
| UpdateConfig |
firebaseauth.configs.update |
| UpdateDefaultSupportedIdpConfig |
firebaseauth.configs.update |
| firebaseauth.configs.getSecret |
| UpdateInboundSamlConfig |
firebaseauth.configs.update |
| UpdateOAuthIdpConfig |
firebaseauth.configs.update |
| firebaseauth.configs.getSecret |
| UpdateOutboundSamlConfig |
firebaseauth.configs.update |
| VerifyDomain |
firebaseauth.configs.update |
| SetIamPolicy |
identitytoolkit.tenants.setIamPolicy |
| GetIamPolicy |
identitytoolkit.tenants.getIamPolicy |
| google.cloud.identitytoolkit.v2.TenantManagementService |
CreateTenant |
identitytoolkit.tenants.create |
| DeleteTenant |
identitytoolkit.tenants.delete |
| GetTenant |
identitytoolkit.tenants.get |
| ListTenants |
identitytoolkit.tenants.list |
| UpdateTenant |
identitytoolkit.tenants.update |
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-09-04。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-04。"],[[["\u003cp\u003eIdentity Platform uses IAM to manage permissions for its Admin APIs, ensuring secure access to user data and authentication tokens.\u003c/p\u003e\n"],["\u003cp\u003eSpecific IAM permissions are required to execute different methods within the Identity Platform API, such as creating, updating, deleting, or retrieving user accounts and configurations.\u003c/p\u003e\n"],["\u003cp\u003eDifferent methods require different permissions, such as \u003ccode\u003efirebaseauth.users.create\u003c/code\u003e for creating a user or \u003ccode\u003efirebaseauth.configs.get\u003c/code\u003e for retrieving project configurations.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003efirebaseauth.configs.getSecret\u003c/code\u003e permission is only necessary when dealing with client secret based information and that API calls may succeed without it.\u003c/p\u003e\n"],["\u003cp\u003eThere are various methods for tenant management, requiring permissions like \u003ccode\u003eidentitytoolkit.tenants.create\u003c/code\u003e to create tenants or \u003ccode\u003eidentitytoolkit.tenants.getIamPolicy\u003c/code\u003e to get tenant IAM policy.\u003c/p\u003e\n"]]],[],null,["Access control with IAM\n\nIdentity Platform provides Admin APIs to manage your users and authentication\ntokens.\nTo prevent unwanted access to your users and tokens through these APIs,\nIdentity Platform leverages IAM\nto manage permission to specific Identity Platform APIs.\n\nTo learn how to assign IAM roles to a user or service account,\nsee [Managing Policies](/iam/docs/managing-policies) in the IAM\ndocumentation.\n\nAPI permissions\n\nThe following table lists the permissions that the caller must have to call each\nmethod in the Identity Platform API:\n| **Note:** firebaseauth.configs.getSecret is only required when dealing with client secret based information. API calls can succeed without this permission.\n\n\u003cbr /\u003e\n\n| Service | Method | Required Permission(s) |\n|----------------------------------------------------------|---------------------------------|--------------------------------------|\n| google.cloud.identitytoolkit.v1.AccountManagementService | GetOobCode | firebaseauth.users.sendEmail |\n| google.cloud.identitytoolkit.v1.AccountManagementService | SetAccountInfo | firebaseauth.users.update |\n| google.cloud.identitytoolkit.v1.AccountManagementService | UploadAccount | firebaseauth.users.create |\n| google.cloud.identitytoolkit.v1.AccountManagementService | DeleteAccount | firebaseauth.users.delete |\n| google.cloud.identitytoolkit.v1.AccountManagementService | DownloadAccount | firebaseauth.users.get |\n| google.cloud.identitytoolkit.v1.AccountManagementService | GetAccountInfo | firebaseauth.users.get |\n| google.cloud.identitytoolkit.v1.AccountManagementService | QueryUserInfo | firebaseauth.users.get |\n| google.cloud.identitytoolkit.v1.AuthenticationService | SignUp | firebaseauth.users.create |\n| google.cloud.identitytoolkit.v1.ProjectConfigService | GetProjectConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v1.ProjectConfigService | SetProjectConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v1.SessionManagementService | CreateSessionCookie | firebaseauth.users.createSession |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateConfig | firebaseauth.configs.create |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateDefaultSupportedIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateDefaultSupportedIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateInboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateOAuthIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateOAuthIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateOutboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | DeleteDefaultSupportedIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | DeleteInboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | DeleteOAuthIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | DeleteOutboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | EnableCicp | firebaseauth.configs.create |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetDefaultSupportedIdpConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetDefaultSupportedIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetInboundSamlConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetOAuthIdpConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetOAuthIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetOutboundSamlConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | HashConfig | firebaseauth.configs.getHashConfig |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListDefaultSupportedIdpConfigs | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListDefaultSupportedIdpConfigs | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListInboundSamlConfigs | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListOAuthIdpConfigs | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListOAuthIdpConfigs | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListOutboundSamlConfigs | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateDefaultSupportedIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateDefaultSupportedIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateInboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateOAuthIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateOAuthIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateOutboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | VerifyDomain | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | SetIamPolicy | identitytoolkit.tenants.setIamPolicy |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetIamPolicy | identitytoolkit.tenants.getIamPolicy |\n| google.cloud.identitytoolkit.v2.TenantManagementService | CreateTenant | identitytoolkit.tenants.create |\n| google.cloud.identitytoolkit.v2.TenantManagementService | DeleteTenant | identitytoolkit.tenants.delete |\n| google.cloud.identitytoolkit.v2.TenantManagementService | GetTenant | identitytoolkit.tenants.get |\n| google.cloud.identitytoolkit.v2.TenantManagementService | ListTenants | identitytoolkit.tenants.list |\n| google.cloud.identitytoolkit.v2.TenantManagementService | UpdateTenant | identitytoolkit.tenants.update |"]]
