Config

Represents an Identity Toolkit project.

JSON representation
{
  "name": string,
  "signIn": {
    object (SignInConfig)
  },
  "notification": {
    object (NotificationConfig)
  },
  "quota": {
    object (QuotaConfig)
  },
  "monitoring": {
    object (MonitoringConfig)
  },
  "multiTenant": {
    object (MultiTenantConfig)
  },
  "authorizedDomains": [
    string
  ],
  "subtype": enum (Subtype),
  "client": {
    object (ClientConfig)
  },
  "mfa": {
    object (MultiFactorAuthConfig)
  },
  "blockingFunctions": {
    object (BlockingFunctionsConfig)
  },
  "recaptchaConfig": {
    object (RecaptchaConfig)
  },
  "smsRegionConfig": {
    object (SmsRegionConfig)
  },
  "autodeleteAnonymousUsers": boolean,
  "passwordPolicyConfig": {
    object (PasswordPolicyConfig)
  },
  "emailPrivacyConfig": {
    object (EmailPrivacyConfig)
  }
}
Fields
name

string

Output only. The name of the Config resource. Example: "projects/my-awesome-project/config"

signIn

object (SignInConfig)

Configuration related to local sign in methods.

notification

object (NotificationConfig)

Configuration related to sending notifications to users.

quota

object (QuotaConfig)

Configuration related to quotas.

monitoring

object (MonitoringConfig)

Configuration related to monitoring project activity.

multiTenant

object (MultiTenantConfig)

Configuration related to multi-tenant functionality.

authorizedDomains[]

string

List of domains authorized for OAuth redirects

subtype

enum (Subtype)

Output only. The subtype of this config.

client

object (ClientConfig)

Options related to how clients making requests on behalf of a project should be configured.

mfa

object (MultiFactorAuthConfig)

Configuration for this project's multi-factor authentication, including whether it is active and what factors can be used for the second factor

blockingFunctions

object (BlockingFunctionsConfig)

Configuration related to blocking functions.

recaptchaConfig

object (RecaptchaConfig)

The project-level reCAPTCHA config.

smsRegionConfig

object (SmsRegionConfig)

Configures which regions are enabled for SMS verification code sending.

autodeleteAnonymousUsers

boolean

Whether anonymous users will be auto-deleted after a period of 30 days.

passwordPolicyConfig

object (PasswordPolicyConfig)

The project level password policy configuration.

emailPrivacyConfig

object (EmailPrivacyConfig)

Configuration for settings related to email privacy and public visibility.

SignInConfig

Configuration related to local sign in methods.

JSON representation
{
  "email": {
    object (Email)
  },
  "phoneNumber": {
    object (PhoneNumber)
  },
  "anonymous": {
    object (Anonymous)
  },
  "allowDuplicateEmails": boolean,
  "hashConfig": {
    object (HashConfig)
  }
}
Fields
email

object (Email)

Configuration options related to authenticating a user by their email address.

phoneNumber

object (PhoneNumber)

Configuration options related to authenticated a user by their phone number.

anonymous

object (Anonymous)

Configuration options related to authenticating an anonymous user.

allowDuplicateEmails

boolean

Whether to allow more than one account to have the same email.

hashConfig

object (HashConfig)

Output only. Hash config information.

Email

Configuration options related to authenticating a user by their email address.

JSON representation
{
  "enabled": boolean,
  "passwordRequired": boolean
}
Fields
enabled

boolean

Whether email auth is enabled for the project or not.

passwordRequired

boolean

Whether a password is required for email auth or not. If true, both an email and password must be provided to sign in. If false, a user may sign in via either email/password or email link.

PhoneNumber

Configuration options related to authenticated a user by their phone number.

JSON representation
{
  "enabled": boolean,
  "testPhoneNumbers": {
    string: string,
    ...
  }
}
Fields
enabled

boolean

Whether phone number auth is enabled for the project or not.

testPhoneNumbers

map (key: string, value: string)

A map of <test phone number, fake code> that can be used for phone auth testing.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

Anonymous

Configuration options related to authenticating an anonymous user.

JSON representation
{
  "enabled": boolean
}
Fields
enabled

boolean

Whether anonymous user auth is enabled for the project or not.

NotificationConfig

Configuration related to sending notifications to users.

JSON representation
{
  "sendEmail": {
    object (SendEmail)
  },
  "sendSms": {
    object (SendSms)
  },
  "defaultLocale": string
}
Fields
sendEmail

object (SendEmail)

Options for email sending.

sendSms

object (SendSms)

Options for SMS sending.

defaultLocale

string

Default locale used for email and SMS in IETF BCP 47 format.

SendEmail

Options for email sending.

JSON representation
{
  "method": enum (Method),
  "resetPasswordTemplate": {
    object (EmailTemplate)
  },
  "verifyEmailTemplate": {
    object (EmailTemplate)
  },
  "changeEmailTemplate": {
    object (EmailTemplate)
  },
  "legacyResetPasswordTemplate": {
    object (EmailTemplate)
  },
  "callbackUri": string,
  "dnsInfo": {
    object (DnsInfo)
  },
  "revertSecondFactorAdditionTemplate": {
    object (EmailTemplate)
  },

  // Union field email_provider_config can be only one of the following:
  "smtp": {
    object (Smtp)
  }
  // End of list of possible types for union field email_provider_config.
}
Fields
method

enum (Method)

The method used for sending an email.

resetPasswordTemplate

object (EmailTemplate)

Email template for reset password

verifyEmailTemplate

object (EmailTemplate)

Email template for verify email

changeEmailTemplate

object (EmailTemplate)

Email template for change email

legacyResetPasswordTemplate

object (EmailTemplate)

Reset password email template for legacy Firebase V1 app.

callbackUri

string

action url in email template.

dnsInfo

object (DnsInfo)

Information of custom domain DNS verification.

revertSecondFactorAdditionTemplate

object (EmailTemplate)

Email template for reverting second factor addition emails

Union field email_provider_config. Email provider configuration used to send emails email_provider_config can be only one of the following:
smtp

object (Smtp)

Use a custom SMTP relay

Method

The method used for sending an email.

Enums
METHOD_UNSPECIFIED Email method unspecified.
DEFAULT Sending email on behalf of developer.
CUSTOM_SMTP Sending email using SMTP configuration provided by developers.

Smtp

Configuration for SMTP relay

JSON representation
{
  "senderEmail": string,
  "host": string,
  "port": integer,
  "username": string,
  "password": string,
  "securityMode": enum (SecurityMode)
}
Fields
senderEmail

string

Sender email for the SMTP relay

host

string

SMTP relay host

port

integer

SMTP relay port

username

string

SMTP relay username

password

string

SMTP relay password

securityMode

enum (SecurityMode)

SMTP security mode.

SecurityMode

SMTP security mode.

Enums
SECURITY_MODE_UNSPECIFIED Default value. Do not use.
SSL SSL mode
START_TLS START_TLS mode

EmailTemplate

Email template. The subject and body fields can contain the following placeholders which will be replaced with the appropriate values: %LINK% - The link to use to redeem the send OOB code. %EMAIL% - The email where the email is being sent. %NEW_EMAIL% - The new email being set for the account (when applicable). %APP_NAME% - The GCP project's display name. %DISPLAY_NAME% - The user's display name.

JSON representation
{
  "senderLocalPart": string,
  "subject": string,
  "senderDisplayName": string,
  "body": string,
  "bodyFormat": enum (BodyFormat),
  "replyTo": string,
  "customized": boolean
}
Fields
senderLocalPart

string

Local part of From address

subject

string

Subject of the email

senderDisplayName

string

Sender display name

body

string

Email body

bodyFormat

enum (BodyFormat)

Email body format

replyTo

string

Reply-to address

customized

boolean

Output only. Whether the body or subject of the email is customized.

BodyFormat

Email body format

Enums
BODY_FORMAT_UNSPECIFIED Default value. Do not use.
PLAIN_TEXT Plain text
HTML HTML

DnsInfo

Information of custom domain DNS verification. By default, default_domain will be used. A custom domain can be configured using VerifyCustomDomain.

JSON representation
{
  "customDomain": string,
  "useCustomDomain": boolean,
  "pendingCustomDomain": string,
  "customDomainState": enum (VerificationState),
  "domainVerificationRequestTime": string
}
Fields
customDomain

string

Output only. The applied verified custom domain.

useCustomDomain

boolean

Whether to use custom domain.

pendingCustomDomain

string

Output only. The custom domain that's to be verified.

customDomainState

enum (VerificationState)

Output only. The current verification state of the custom domain. The custom domain will only be used once the domain verification is successful.

domainVerificationRequestTime

string (Timestamp format)

Output only. The timestamp of initial request for the current domain verification.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

SendSms

Options for SMS sending.

JSON representation
{
  "useDeviceLocale": boolean,
  "smsTemplate": {
    object (SmsTemplate)
  }
}
Fields
useDeviceLocale

boolean

Whether to use the accept_language header for SMS.

smsTemplate

object (SmsTemplate)

Output only. The template to use when sending an SMS.

SmsTemplate

The template to use when sending an SMS.

JSON representation
{
  "content": string
}
Fields
content

string

Output only. The SMS's content. Can contain the following placeholders which will be replaced with the appropriate values: %APP_NAME% - For Android or iOS apps, the app's display name. For web apps, the domain hosting the application. %LOGIN_CODE% - The OOB code being sent in the SMS.

QuotaConfig

Configuration related to quotas.

JSON representation
{
  "signUpQuotaConfig": {
    object (TemporaryQuota)
  }
}
Fields
signUpQuotaConfig

object (TemporaryQuota)

Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP.

TemporaryQuota

Temporary quota increase / decrease

JSON representation
{
  "quota": string,
  "startTime": string,
  "quotaDuration": string
}
Fields
quota

string (int64 format)

Corresponds to the 'refill_token_count' field in QuotaServer config

startTime

string (Timestamp format)

When this quota will take effect

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

quotaDuration

string (Duration format)

How long this quota will be active for

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

MultiTenantConfig

Configuration related to multi-tenant functionality.

JSON representation
{
  "allowTenants": boolean,
  "defaultTenantLocation": string
}
Fields
allowTenants

boolean

Whether this project can have tenants or not.

defaultTenantLocation

string

The default cloud parent org or folder that the tenant project should be created under. The parent resource name should be in the format of "/", such as "folders/123" or "organizations/456". If the value is not set, the tenant will be created under the same organization or folder as the agent project.

Subtype

The subtype of this config.

Enums
SUBTYPE_UNSPECIFIED Default value. Do not use.
IDENTITY_PLATFORM An Identity Platform project.
FIREBASE_AUTH A Firebase Authentication project.

ClientConfig

Options related to how clients making requests on behalf of a project should be configured.

JSON representation
{
  "apiKey": string,
  "permissions": {
    object (Permissions)
  },
  "firebaseSubdomain": string
}
Fields
apiKey

string

Output only. API key that can be used when making requests for this project.

permissions

object (Permissions)

Configuration related to restricting a user's ability to affect their account.

firebaseSubdomain

string

Output only. Firebase subdomain.

Permissions

Configuration related to restricting a user's ability to affect their account.

JSON representation
{
  "disabledUserSignup": boolean,
  "disabledUserDeletion": boolean
}
Fields
disabledUserSignup

boolean

When true, end users cannot sign up for a new account on the associated project through any of our API methods

disabledUserDeletion

boolean

When true, end users cannot delete their account on the associated project through any of our API methods

BlockingFunctionsConfig

Configuration related to Blocking Functions.

JSON representation
{
  "triggers": {
    string: {
      object (Trigger)
    },
    ...
  },
  "forwardInboundCredentials": {
    object (ForwardInboundCredentials)
  }
}
Fields
triggers

map (key: string, value: object (Trigger))

Map of Trigger to event type. Key should be one of the supported event types: "beforeCreate", "beforeSignIn"

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

forwardInboundCredentials

object (ForwardInboundCredentials)

The user credentials to include in the JWT payload that is sent to the registered Blocking Functions.

Trigger

Synchronous Cloud Function with HTTP Trigger

JSON representation
{
  "functionUri": string,
  "updateTime": string
}
Fields
functionUri

string

HTTP URI trigger for the Cloud Function.

updateTime

string (Timestamp format)

When the trigger was changed.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

ForwardInboundCredentials

Indicates which credentials to pass to the registered Blocking Functions.

JSON representation
{
  "idToken": boolean,
  "accessToken": boolean,
  "refreshToken": boolean
}
Fields
idToken

boolean

Whether to pass the user's OIDC identity provider's ID token.

accessToken

boolean

Whether to pass the user's OAuth identity provider's access token.

refreshToken

boolean

Whether to pass the user's OAuth identity provider's refresh token.