Envie comentários
Mantenha tudo organizado com as coleções
Salve e categorize o conteúdo com base nas suas preferências.
Controle de acesso com o IAM
O Identity Platform fornece APIs Admin para gerenciar usuários e tokens
de autenticação.
Para evitar o acesso não pretendido aos usuários e tokens por meio dessas APIs,
o Identity Platform usa o IAM
para gerenciar a permissão para APIs específicas do Identity Platform.
Para saber como atribuir papéis do IAM a uma conta
de usuário ou serviço, consulte Como gerenciar políticas na documentação
do IAM.
Permissões da API
A tabela a seguir lista as permissões que o autor da chamada precisa ter para chamar cada
método na API Identity Platform:
Observação :firebaseauth.configs.getSecret só é necessário ao lidar com informações baseadas em chaves chave secreta do cliente. As chamadas de API podem ser concluídas sem essa permissão.
Serviço
Método
Permissões necessárias
google.cloud.identitytoolkit.v1.AccountManagementService
GetOobCode
firebaseauth.users.sendEmail
SetAccountInfo
firebaseauth.users.update
UploadAccount
firebaseauth.users.create
DeleteAccount
firebaseauth.users.delete
DownloadAccount
firebaseauth.users.get
GetAccountInfo
firebaseauth.users.get
QueryUserInfo
firebaseauth.users.get
google.cloud.identitytoolkit.v1.AuthenticationService
SignUp
firebaseauth.users.create
google.cloud.identitytoolkit.v1.ProjectConfigService
GetProjectConfig
firebaseauth.configs.get
SetProjectConfig
firebaseauth.configs.update
google.cloud.identitytoolkit.v1.SessionManagementService
CreateSessionCookie
firebaseauth.users.createSession
google.cloud.identitytoolkit.v2.ProjectConfigService
CreateConfig
firebaseauth.configs.create
CreateDefaultSupportedIdpConfig
firebaseauth.configs.update
firebaseauth.configs.getSecret
CreateInboundSamlConfig
firebaseauth.configs.update
CreateOAuthIdpConfig
firebaseauth.configs.update
firebaseauth.configs.getSecret
CreateOutboundSamlConfig
firebaseauth.configs.update
DeleteDefaultSupportedIdpConfig
firebaseauth.configs.update
DeleteInboundSamlConfig
firebaseauth.configs.update
DeleteOAuthIdpConfig
firebaseauth.configs.update
DeleteOutboundSamlConfig
firebaseauth.configs.update
EnableCicp
firebaseauth.configs.create
GetConfig
firebaseauth.configs.get
GetDefaultSupportedIdpConfig
firebaseauth.configs.get
firebaseauth.configs.getSecret
GetInboundSamlConfig
firebaseauth.configs.get
GetOAuthIdpConfig
firebaseauth.configs.get
firebaseauth.configs.getSecret
GetOutboundSamlConfig
firebaseauth.configs.get
HashConfig
firebaseauth.configs.getHashConfig
ListDefaultSupportedIdpConfigs
firebaseauth.configs.get
firebaseauth.configs.getSecret
ListInboundSamlConfigs
firebaseauth.configs.get
ListOAuthIdpConfigs
firebaseauth.configs.get
firebaseauth.configs.getSecret
ListOutboundSamlConfigs
firebaseauth.configs.get
UpdateConfig
firebaseauth.configs.update
UpdateDefaultSupportedIdpConfig
firebaseauth.configs.update
firebaseauth.configs.getSecret
UpdateInboundSamlConfig
firebaseauth.configs.update
UpdateOAuthIdpConfig
firebaseauth.configs.update
firebaseauth.configs.getSecret
UpdateOutboundSamlConfig
firebaseauth.configs.update
VerifyDomain
firebaseauth.configs.update
SetIamPolicy
identitytoolkit.tenants.setIamPolicy
GetIamPolicy
identitytoolkit.tenants.getIamPolicy
google.cloud.identitytoolkit.v2.TenantManagementService
CreateTenant
identitytoolkit.tenants.create
DeleteTenant
identitytoolkit.tenants.delete
GetTenant
identitytoolkit.tenants.get
ListTenants
identitytoolkit.tenants.list
UpdateTenant
identitytoolkit.tenants.update
Envie comentários
Exceto em caso de indicação contrária, o conteúdo desta página é licenciado de acordo com a Licença de atribuição 4.0 do Creative Commons , e as amostras de código são licenciadas de acordo com a Licença Apache 2.0 . Para mais detalhes, consulte as políticas do site do Google Developers . Java é uma marca registrada da Oracle e/ou afiliadas.
Última atualização 2025-09-09 UTC.
Quer enviar seu feedback?
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-09-09 UTC."],[[["\u003cp\u003eIdentity Platform uses IAM to manage permissions for its Admin APIs, ensuring secure access to user data and authentication tokens.\u003c/p\u003e\n"],["\u003cp\u003eSpecific IAM permissions are required to execute different methods within the Identity Platform API, such as creating, updating, deleting, or retrieving user accounts and configurations.\u003c/p\u003e\n"],["\u003cp\u003eDifferent methods require different permissions, such as \u003ccode\u003efirebaseauth.users.create\u003c/code\u003e for creating a user or \u003ccode\u003efirebaseauth.configs.get\u003c/code\u003e for retrieving project configurations.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003efirebaseauth.configs.getSecret\u003c/code\u003e permission is only necessary when dealing with client secret based information and that API calls may succeed without it.\u003c/p\u003e\n"],["\u003cp\u003eThere are various methods for tenant management, requiring permissions like \u003ccode\u003eidentitytoolkit.tenants.create\u003c/code\u003e to create tenants or \u003ccode\u003eidentitytoolkit.tenants.getIamPolicy\u003c/code\u003e to get tenant IAM policy.\u003c/p\u003e\n"]]],[],null,["Access control with IAM\n\nIdentity Platform provides Admin APIs to manage your users and authentication\ntokens.\nTo prevent unwanted access to your users and tokens through these APIs,\nIdentity Platform leverages IAM\nto manage permission to specific Identity Platform APIs.\n\nTo learn how to assign IAM roles to a user or service account,\nsee [Managing Policies](/iam/docs/managing-policies) in the IAM\ndocumentation.\n\nAPI permissions\n\nThe following table lists the permissions that the caller must have to call each\nmethod in the Identity Platform API:\n| **Note:** firebaseauth.configs.getSecret is only required when dealing with client secret based information. API calls can succeed without this permission.\n\n\u003cbr /\u003e\n\n| Service | Method | Required Permission(s) |\n|----------------------------------------------------------|---------------------------------|--------------------------------------|\n| google.cloud.identitytoolkit.v1.AccountManagementService | GetOobCode | firebaseauth.users.sendEmail |\n| google.cloud.identitytoolkit.v1.AccountManagementService | SetAccountInfo | firebaseauth.users.update |\n| google.cloud.identitytoolkit.v1.AccountManagementService | UploadAccount | firebaseauth.users.create |\n| google.cloud.identitytoolkit.v1.AccountManagementService | DeleteAccount | firebaseauth.users.delete |\n| google.cloud.identitytoolkit.v1.AccountManagementService | DownloadAccount | firebaseauth.users.get |\n| google.cloud.identitytoolkit.v1.AccountManagementService | GetAccountInfo | firebaseauth.users.get |\n| google.cloud.identitytoolkit.v1.AccountManagementService | QueryUserInfo | firebaseauth.users.get |\n| google.cloud.identitytoolkit.v1.AuthenticationService | SignUp | firebaseauth.users.create |\n| google.cloud.identitytoolkit.v1.ProjectConfigService | GetProjectConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v1.ProjectConfigService | SetProjectConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v1.SessionManagementService | CreateSessionCookie | firebaseauth.users.createSession |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateConfig | firebaseauth.configs.create |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateDefaultSupportedIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateDefaultSupportedIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateInboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateOAuthIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateOAuthIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | CreateOutboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | DeleteDefaultSupportedIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | DeleteInboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | DeleteOAuthIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | DeleteOutboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | EnableCicp | firebaseauth.configs.create |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetDefaultSupportedIdpConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetDefaultSupportedIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetInboundSamlConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetOAuthIdpConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetOAuthIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetOutboundSamlConfig | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | HashConfig | firebaseauth.configs.getHashConfig |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListDefaultSupportedIdpConfigs | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListDefaultSupportedIdpConfigs | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListInboundSamlConfigs | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListOAuthIdpConfigs | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListOAuthIdpConfigs | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | ListOutboundSamlConfigs | firebaseauth.configs.get |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateDefaultSupportedIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateDefaultSupportedIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateInboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateOAuthIdpConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateOAuthIdpConfig | firebaseauth.configs.getSecret |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | UpdateOutboundSamlConfig | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | VerifyDomain | firebaseauth.configs.update |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | SetIamPolicy | identitytoolkit.tenants.setIamPolicy |\n| google.cloud.identitytoolkit.v2.ProjectConfigService | GetIamPolicy | identitytoolkit.tenants.getIamPolicy |\n| google.cloud.identitytoolkit.v2.TenantManagementService | CreateTenant | identitytoolkit.tenants.create |\n| google.cloud.identitytoolkit.v2.TenantManagementService | DeleteTenant | identitytoolkit.tenants.delete |\n| google.cloud.identitytoolkit.v2.TenantManagementService | GetTenant | identitytoolkit.tenants.get |\n| google.cloud.identitytoolkit.v2.TenantManagementService | ListTenants | identitytoolkit.tenants.list |\n| google.cloud.identitytoolkit.v2.TenantManagementService | UpdateTenant | identitytoolkit.tenants.update |"]]