Package google.cloud.identitytoolkit.v2beta1

Index

ProjectConfigService

Project configuration for Identity Toolkit

CreateDefaultSupportedIdpConfig

rpc CreateDefaultSupportedIdpConfig(CreateDefaultSupportedIdpConfigRequest) returns (DefaultSupportedIdpConfig)

Create a default supported Idp configuration for an Identity Toolkit project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateInboundSamlConfig

rpc CreateInboundSamlConfig(CreateInboundSamlConfigRequest) returns (InboundSamlConfig)

Create an inbound SAML configuration for an Identity Toolkit project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

CreateOAuthIdpConfig

rpc CreateOAuthIdpConfig(CreateOAuthIdpConfigRequest) returns (OAuthIdpConfig)

Create an Oidc Idp configuration for an Identity Toolkit project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteDefaultSupportedIdpConfig

rpc DeleteDefaultSupportedIdpConfig(DeleteDefaultSupportedIdpConfigRequest) returns (Empty)

Delete a default supported Idp configuration for an Identity Toolkit project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteInboundSamlConfig

rpc DeleteInboundSamlConfig(DeleteInboundSamlConfigRequest) returns (Empty)

Delete an inbound SAML configuration for an Identity Toolkit project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteOAuthIdpConfig

rpc DeleteOAuthIdpConfig(DeleteOAuthIdpConfigRequest) returns (Empty)

Delete an Oidc Idp configuration for an Identity Toolkit project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

EnableCicp

rpc EnableCicp(EnableCicpRequest) returns (EnableCicpResponse)

Enable CICP for a Cloud project. Cloud Identity for Customers and Partners (or CICP), is an end-to-end authentication system for third-party users to access your apps and services. These could include Mobile/Web Apps, Games, API's and beyond.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetConfig

rpc GetConfig(GetConfigRequest) returns (Config)

Retrieve an Identity Toolkit project configuration.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetDefaultSupportedIdpConfig

rpc GetDefaultSupportedIdpConfig(GetDefaultSupportedIdpConfigRequest) returns (DefaultSupportedIdpConfig)

Retrieve a default supported Idp configuration for an Identity Toolkit project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetInboundSamlConfig

rpc GetInboundSamlConfig(GetInboundSamlConfigRequest) returns (InboundSamlConfig)

Retrieve an inbound SAML configuration for an Identity Toolkit project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetOAuthIdpConfig

rpc GetOAuthIdpConfig(GetOAuthIdpConfigRequest) returns (OAuthIdpConfig)

Retrieve an Oidc Idp configuration for an Identity Toolkit project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListDefaultSupportedIdpConfigs

rpc ListDefaultSupportedIdpConfigs(ListDefaultSupportedIdpConfigsRequest) returns (ListDefaultSupportedIdpConfigsResponse)

List all default supported Idp configurations for an Identity Toolkit project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListDefaultSupportedIdps

rpc ListDefaultSupportedIdps(ListDefaultSupportedIdpsRequest) returns (ListDefaultSupportedIdpsResponse)

List all default supported Idps.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListInboundSamlConfigs

rpc ListInboundSamlConfigs(ListInboundSamlConfigsRequest) returns (ListInboundSamlConfigsResponse)

List all inbound SAML configurations for an Identity Toolkit project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListOAuthIdpConfigs

rpc ListOAuthIdpConfigs(ListOAuthIdpConfigsRequest) returns (ListOAuthIdpConfigsResponse)

List all Oidc Idp configurations for an Identity Toolkit project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateConfig

rpc UpdateConfig(UpdateConfigRequest) returns (Config)

Update an Identity Toolkit project configuration.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateDefaultSupportedIdpConfig

rpc UpdateDefaultSupportedIdpConfig(UpdateDefaultSupportedIdpConfigRequest) returns (DefaultSupportedIdpConfig)

Update a default supported Idp configuration for an Identity Toolkit project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateInboundSamlConfig

rpc UpdateInboundSamlConfig(UpdateInboundSamlConfigRequest) returns (InboundSamlConfig)

Update an inbound SAML configuration for an Identity Toolkit project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateOAuthIdpConfig

rpc UpdateOAuthIdpConfig(UpdateOAuthIdpConfigRequest) returns (OAuthIdpConfig)

Update an Oidc Idp configuration for an Identity Toolkit project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

VerifyDomain

rpc VerifyDomain(VerifyDomainRequest) returns (VerifyDomainResponse)

Verify the requested custom domain has required DNS records.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

TenantManagementService

Tenant management service for GCIP.

CreateTenant

rpc CreateTenant(CreateTenantRequest) returns (Tenant)

Create a tenant. Requires write permission on the Agent project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

DeleteTenant

rpc DeleteTenant(DeleteTenantRequest) returns (Empty)

Delete a tenant. Requires write permission on the Agent project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

GetTenant

rpc GetTenant(GetTenantRequest) returns (Tenant)

Get a tenant. Requires read permission on the Tenant resource.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

ListTenants

rpc ListTenants(ListTenantsRequest) returns (ListTenantsResponse)

List tenants under the given agent project. Requires read permission on the Agent project.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

UpdateTenant

rpc UpdateTenant(UpdateTenantRequest) returns (Tenant)

Update a tenant. Requires write permission on the Tenant resource.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/identitytoolkit
  • https://www.googleapis.com/auth/firebase
  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

BlockingFunctionsConfig

Configuration related to blocking functions.

Fields
triggers

map<string, Trigger>

Map of Trigger to event type. Key should be one of the supported event types: "beforeCreate", "beforeSignIn"

Trigger

Synchronous Cloud Function with HTTP Trigger

Fields
function_uri

string

HTTP URI trigger for the Cloud Function.

update_time

Timestamp

When the trigger was changed.

ClientConfig

Options related to how clients making requests on behalf of a project should be configured.

Fields
api_key

string

Output only. API key that can be used when making requests for this project.

permissions

Permissions

Configuration related to restricting a user's ability to affect their account.

firebase_subdomain

string

Output only. Firebase subdomain.

Permissions

Configuration related to restricting a user's ability to affect their account.

Fields
disabled_user_signup

bool

When true, end users cannot sign up for a new account on the associated project through any of our API methods

disabled_user_deletion

bool

When true, end users cannot delete their account on the associated project through any of our API methods

Config

Represents an Identity Toolkit project.

Fields
name

string

Output only. The name of the Config resource. Example: "projects/my-awesome-project/config"

sign_in

SignInConfig

Configuration related to local sign in methods.

notification

NotificationConfig

Configuration related to sending notifications to users.

quota

QuotaConfig

Configuration related to quotas.

monitoring

MonitoringConfig

Configuration related to monitoring project activity.

authorized_domains[]

string

List of domains authorized for OAuth redirects

subtype

Subtype

Output only. The subtype of this config.

client

ClientConfig

Options related to how clients making requests on behalf of a project should be configured.

mfa

MultiFactorAuthConfig

Configuration for this project's multi-factor authentication, including whether it is active and what factors can be used for the second factor

blocking_functions

BlockingFunctionsConfig

Configuration related to blocking functions.

Subtype

The subtype of this config.

Enums
SUBTYPE_UNSPECIFIED Default value. Do not use.
CUSTOMER_IDENTITY A Customer Identity project.
FIREBASE_AUTH A Firebase Authentication project.

CreateDefaultSupportedIdpConfigRequest

Request for CreateDefaultSupportedIdpConfig

Fields
parent

string

The parent resource name where the config to be created, for example: "projects/my-awesome-project"

Authorization requires the following IAM permission on the specified resource parent:

  • firebaseauth.configs.update
idp_id

string

The id of the Idp to create a config for. Call ListDefaultSupportedIdps for list of all default supported Idps.

default_supported_idp_config

DefaultSupportedIdpConfig

The config resource which replaces the resource on the server.

CreateInboundSamlConfigRequest

Request for CreateInboundSamlConfig

Fields
parent

string

The parent resource name where the config to be created, for example: "projects/my-awesome-project"

Authorization requires the following IAM permission on the specified resource parent:

  • firebaseauth.configs.update
inbound_saml_config_id

string

The id to use for this config.

inbound_saml_config

InboundSamlConfig

The config resource to create. Client must not set the InboundSamlConfig.name field and server will ignore the field value if it is set by clients.

CreateOAuthIdpConfigRequest

Request for CreateOAuthIdpConfig

Fields
parent

string

The parent resource name where the config to be created, for example: "projects/my-awesome-project"

Authorization requires the following IAM permission on the specified resource parent:

  • firebaseauth.configs.update
oauth_idp_config_id

string

The id to use for this config.

oauth_idp_config

OAuthIdpConfig

The config resource to create. Client must not set the OAuthIdpConfig.name field and server will ignore the field value if it is set by clients.

CreateTenantRequest

Request message for CreateTenant.

Fields
parent

string

The parent resource name where the tenant will be created. For example, "projects/project1".

Authorization requires the following IAM permission on the specified resource parent:

  • identitytoolkit.tenants.create
tenant

Tenant

Required. Tenant to be created.

DefaultSupportedIdp

Standard Identity Toolkit-trusted IDPs.

Fields
idp_id

string

Id the of Idp

description

string

Description of the Idp

DefaultSupportedIdpConfig

Configurations options for authenticating with a the standard set of Identity Toolkit-trusted IDPs.

Fields
name

string

The name of the DefaultSupportedIdpConfig resource, for example: "projects/my-awesome-project/defaultSupportedIdpConfigs/google.com"

enabled

bool

True if allows the user to sign in with the provider.

client_id

string

OAuth client ID.

client_secret

string

OAuth client secret.

display_on_cloud_console

bool

Output only. Whether to show the IdP config on pantheon if the IdP is in disabled state.

DeleteDefaultSupportedIdpConfigRequest

Request for DeleteDefaultSupportedIdpConfig

Fields
name

string

The resource name of the config, for example: "projects/my-awesome-project/defaultSupportedIdpConfigs/google.com"

Authorization requires the following IAM permission on the specified resource name:

  • firebaseauth.configs.update

DeleteInboundSamlConfigRequest

Request for DeleteInboundSamlConfig

Fields
name

string

The resource name of the config to be deleted, for example: 'projects/my-awesome-project/inboundSamlConfigs/my-config-id'.

Authorization requires the following IAM permission on the specified resource name:

  • firebaseauth.configs.update

DeleteOAuthIdpConfigRequest

Request for DeleteOAuthIdpConfig

Fields
name

string

The resource name of the config to be deleted, for example: 'projects/my-awesome-project/oauthIdpConfigs/oauth-config-id'.

Authorization requires the following IAM permission on the specified resource name:

  • firebaseauth.configs.update

DeleteTenantRequest

Request message for DeleteTenant.

Fields
name

string

Resource name of the tenant to delete.

Authorization requires the following IAM permission on the specified resource name:

  • identitytoolkit.tenants.delete

EnableCicpRequest

Request for EnableCicp.

Fields
project

string

The resource name of the target project the developer wants to enable CICP for.

Authorization requires the following IAM permission on the specified resource project:

  • firebaseauth.configs.create

EnableCicpResponse

This type has no fields.

Response for EnableCicp. Empty for now.

GetConfigRequest

Request for GetConfig

Fields
name

string

The resource name of the config, for example: "projects/my-awesome-project/config"

Authorization requires the following IAM permission on the specified resource name:

  • firebaseauth.configs.get

GetDefaultSupportedIdpConfigRequest

Request for GetDefaultSupportedIdpConfig

Fields
name

string

The resource name of the config, for example: "projects/my-awesome-project/defaultSupportedIdpConfigs/google.com"

Authorization requires the following IAM permission on the specified resource name:

  • firebaseauth.configs.get

GetInboundSamlConfigRequest

Request for GetInboundSamlConfig

Fields
name

string

The resource name of the config, for example: 'projects/my-awesome-project/inboundSamlConfigs/my-config-id'.

Authorization requires the following IAM permission on the specified resource name:

  • firebaseauth.configs.get

GetOAuthIdpConfigRequest

Requesst for GetOAuthIdpConfig

Fields
name

string

The resource name of the config, for example: 'projects/my-awesome-project/oauthIdpConfigs/oauth-config-id'.

Authorization requires the following IAM permission on the specified resource name:

  • firebaseauth.configs.get

GetTenantRequest

Request message for GetTenant.

Fields
name

string

Resource name of the tenant to retrieve.

Authorization requires the following IAM permission on the specified resource name:

  • identitytoolkit.tenants.get

HashConfig

History information of the hash algorithm and key. Different accounts' passwords may be generated by different version.

Fields
algorithm

HashAlgorithm

Output only. Different password hash algorithms used in Identity Toolkit.

signer_key

string

Output only. Signer key in base64.

salt_separator

string

Output only. Non-printable character to be inserted between the salt and plain text password in base64.

rounds

int32

Output only. How many rounds for hash calculation. Used by scrypt and other similar password derivation algorithms.

memory_cost

int32

Output only. Memory cost for hash calculation. Used by scrypt and other similar password derivation algorithms. See https://tools.ietf.org/html/rfc7914 for explanation of field.

HashAlgorithm

Different password hash algorithms used in Identity Toolkit.

Enums
HASH_ALGORITHM_UNSPECIFIED Default value. Do not use.
HMAC_SHA256 HMAC_SHA256
HMAC_SHA1 HMAC_SHA1
HMAC_MD5 HMAC_MD5
SCRYPT SCRYPT
PBKDF_SHA1 PBKDF_SHA1
MD5 MD5
HMAC_SHA512 HMAC_SHA512
SHA1 SHA1
BCRYPT BCRYPT
PBKDF2_SHA256 PBKDF2_SHA256
SHA256 SHA256
SHA512 SHA512
STANDARD_SCRYPT STANDARD_SCRYPT

IdpCertificate

The proto for the IDP's certificate data to verify the signature in the SAMLResponse issued by the IDP.

Fields
x509_certificate

string

The x509 certificate

InboundSamlConfig

The proto for storing a pair of SAML RP-IDP configurations when the project acts as the relying party.

Fields
name

string

The name of the InboundSamlConfig resource, for example: 'projects/my-awesome-project/inboundSamlConfigs/my-config-id'. Ignored during create requests.

idp_config

IdpConfig

The proto for storing SAML IdP (Identity Provider) configuration when the project acts as the relying party.

sp_config

SpConfig

The proto for storing SAML SP (Service Provider) configuration when the project acts as the relying party to receive and accept an authentication assertion issued by a SAML identity provider.

display_name

string

The config's display name set by developers.

enabled

bool

True if allows the user to sign in with the provider.

IdpConfig

The proto for storing SAML IdP (Identity Provider) configuration when the project acts as the relying party.

Fields
idp_entity_id

string

Unique identifier for all SAML entities.

sso_url

string

URL to send Authentication request to.

idp_certificates[]

IdpCertificate

IDP's public keys for verifying signature in the assertions.

sign_request

bool

Indicates if outbounding SAMLRequest should be signed.

SpConfig

The proto for storing SAML SP (Service Provider) configuration when the project acts as the relying party to receive and accept an authentication assertion issued by a SAML identity provider.

Fields
sp_entity_id

string

Unique identifier for all SAML entities.

callback_uri

string

Callback URI where responses from IDP are handled.

sp_certificates[]

SpCertificate

Output only. Public certificates generated by the server to verify the signature in SAMLRequest in the SP-initiated flow.

ListDefaultSupportedIdpConfigsRequest

Request for ListDefaultSupportedIdpConfigs

Fields
parent

string

The parent resource name, for example, "projects/my-awesome-project".

Authorization requires the following IAM permission on the specified resource parent:

  • firebaseauth.configs.get
page_size

int32

The maximum number of items to return.

page_token

string

The next_page_token value returned from a previous List request, if any.

ListDefaultSupportedIdpConfigsResponse

Response for ListDefaultSupportedIdpConfigs

Fields
default_supported_idp_configs[]

DefaultSupportedIdpConfig

The set of configs.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list.

ListDefaultSupportedIdpsRequest

Request for ListDefaultSupportedIdps

Fields
page_size

int32

The maximum number of items to return.

page_token

string

The next_page_token value returned from a previous List request, if any.

ListDefaultSupportedIdpsResponse

Response for ListDefaultSupportedIdps

Fields
default_supported_idps[]

DefaultSupportedIdp

The set of configs.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list.

ListInboundSamlConfigsRequest

Request for ListInboundSamlConfigs

Fields
parent

string

The parent resource name, for example, "projects/my-awesome-project".

Authorization requires the following IAM permission on the specified resource parent:

  • firebaseauth.configs.get
page_size

int32

The maximum number of items to return.

page_token

string

The next_page_token value returned from a previous List request, if any.

ListInboundSamlConfigsResponse

Response for ListInboundSamlConfigs

Fields
inbound_saml_configs[]

InboundSamlConfig

The set of configs.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list.

ListOAuthIdpConfigsRequest

Request for ListOAuthIdpConfigs

Fields
parent

string

The parent resource name, for example, "projects/my-awesome-project".

Authorization requires the following IAM permission on the specified resource parent:

  • firebaseauth.configs.get
page_size

int32

The maximum number of items to return.

page_token

string

The next_page_token value returned from a previous List request, if any.

ListOAuthIdpConfigsResponse

Response for ListOAuthIdpConfigs

Fields
oauth_idp_configs[]

OAuthIdpConfig

The set of configs.

next_page_token

string

Token to retrieve the next page of results, or empty if there are no more results in the list.

ListTenantsRequest

Request message for ListTenants.

Fields
parent

string

Required. The parent resource name to list tenants for.

Authorization requires the following IAM permission on the specified resource parent:

  • identitytoolkit.tenants.list
page_token

string

The pagination token from the response of a previous request.

page_size

int32

The maximum number of results to return, capped at 1000. If not specified, the default value is 20.

ListTenantsResponse

Response message for ListTenants.

Fields
tenants[]

Tenant

A list of tenants under the given agent project.

next_page_token

string

The token to get the next page of results.

MonitoringConfig

Configuration related to monitoring project activity.

Fields
request_logging

RequestLogging

Configuration for logging requests made to this project to Stackdriver Logging

RequestLogging

Configuration for logging requests made to this project to Stackdriver Logging

Fields
enabled

bool

Whether logging is enabled for this project or not.

MultiFactorAuthConfig

Options related to MultiFactor Authentication for the project.

Fields
state

State

Whether MultiFactor Authentication has been enabled for this project.

enabled_providers[]

Provider

A list of usable second factors for this project.

Provider

A list of usable second factors for this project.

Enums
PROVIDER_UNSPECIFIED Illegal Provider, should not be used
PHONE_SMS SMS is enabled as a second factor for this project.

State

Whether MultiFactor Authentication has been enabled for this project.

Enums
STATE_UNSPECIFIED Illegal State, should not be used.
DISABLED Multi-factor authentication cannot be used for this project
ENABLED Multi-factor authentication can be used for this project
ADMIN_ENABLED Multi-factor authentication can be used for this project, but can only be set up by project administrators

NotificationConfig

Configuration related to sending notifications to users.

Fields
send_email

SendEmail

Options for email sending.

send_sms

SendSms

Options for SMS sending.

default_locale

string

Default locale used for email and SMS in IETF BCP 47 format.

SendEmail

Options for email sending.

Fields
method

Method

The method used for sending an email.

reset_password_template

EmailTemplate

Email template for reset password

verify_email_template

EmailTemplate

Email template for verify email

change_email_template

EmailTemplate

Email template for change email

legacy_reset_password_template

EmailTemplate

Reset password email template for legacy Firebase V1 app.

callback_uri

string

action url in email template.

dns_info

DnsInfo

Information of custom domain DNS verification.

Union field email_provider_config. Email provider configuration used to send emails email_provider_config can be only one of the following:
smtp

Smtp

Use a custom SMTP relay

DnsInfo

Information of custom domain DNS verification. By default, default_domain will be used. A custom domain can be configured using VerifyCustomDomain.

Fields
custom_domain

string

Output only. The applied verified custom domain.

use_custom_domain

bool

Whether to use custom domain.

pending_custom_domain

string

Output only. The custom domain that's to be verified.

custom_domain_state

VerificationState

Output only. The current verification state of the custom domain. The custom domain will only be used once the domain verification is successful.

domain_verification_request_time

Timestamp

Output only. The timestamp of initial request for the current domain verification.

VerificationState

The current verification state of the custom domain.

Enums
VERIFICATION_STATE_UNSPECIFIED Default value. Do not use.
NOT_STARTED The verification has not started.
IN_PROGRESS The verification is in progress.
FAILED The verification failed.
SUCCEEDED The verification succeeded and is ready to be applied.

EmailTemplate

Email template. The subject and body fields can contain the following placeholders which will be replaced with the appropriate values: %LINK% - The link to use to redeem the send OOB code. %EMAIL% - The email where the email is being sent. %NEW_EMAIL% - The new email being set for the account (when applicable). %APP_NAME% - The GCP project's display name. %DISPLAY_NAME% - The user's display name.

Fields
sender_local_part

string

Local part of From address

subject

string

Subject of the email

sender_display_name

string

Sender display name

body

string

Email body

body_format

BodyFormat

Email body format

reply_to

string

Reply-to address

customized

bool

Output only. Whether the body or subject of the email is customized.

BodyFormat

Email body format

Enums
BODY_FORMAT_UNSPECIFIED Default value. Do not use.
PLAIN_TEXT Plain text
HTML HTML

Method

The method used for sending an email.

Enums
METHOD_UNSPECIFIED Email method unspecified.
DEFAULT Sending email on behalf of developer.
CUSTOM_SMTP Sending email using SMTP configuration provided by developers.

Smtp

Configuration for SMTP relay

Fields
sender_email

string

Sender email for the SMTP relay

host

string

SMTP relay host

port

int32

SMTP relay port

username

string

SMTP relay username

password

string

SMTP relay password

security_mode

SecurityMode

SMTP security mode.

SecurityMode

SMTP security mode.

Enums
SECURITY_MODE_UNSPECIFIED Default value. Do not use.
SSL SSL mode
START_TLS START_TLS mode

SendSms

Options for SMS sending.

Fields
use_device_locale

bool

Whether to use the accept_language header for SMS.

sms_template

SmsTemplate

Output only. The template to use when sending an SMS.

SmsTemplate

The template to use when sending an SMS.

Fields
content

string

Output only. The SMS's content. Can contain the following placeholders which will be replaced with the appropriate values: %APP_NAME% - For Android or iOS apps, the app's display name. For web apps, the domain hosting the application. %LOGIN_CODE% - The OOB code being sent in the SMS.

OAuthIdpConfig

Configuration options for authenticating with an OAuth IDP.

Fields
name

string

The name of the OAuthIdpConfig resource, for example: 'projects/my-awesome-project/oauthIdpConfigs/oauth-config-id'. Ignored during create requests.

client_id

string

The client id of an OAuth client.

issuer

string

For OIDC Idps, the issuer identifier.

display_name

string

The config's display name set by developers.

enabled

bool

True if allows the user to sign in with the provider.

client_secret

string

The client secret of the OAuth client, to enable OIDC code flow.

response_type

OAuthResponseType

The response type to request for in the OAuth authorization flow. You can set either id_token or code to true, but not both. Setting both types to be simultaneously true ({code: true, id_token: true}) is not yet supported.

OAuthResponseType

The response type to request for in the OAuth authorization flow. You can set either id_token or code to true, but not both. Setting both types to be simultaneously true ({code: true, id_token: true}) is not yet supported.

See https://openid.net/specs/openid-connect-core-1_0.html#Authentication for a mapping of response type to OAuth 2.0 flow.

Fields
id_token

bool

If true, ID token is returned from IdP's authorization endpoint.

code

bool

If true, authorization code is returned from IdP's authorization endpoint.

token
(deprecated)

bool

Do not use. The token response type is not supported at the moment.

QuotaConfig

Configuration related to quotas.

Fields
sign_up_quota_config

TemporaryQuota

Quota for the Signup endpoint, if overwritten. Signup quota is measured in sign ups per project per hour per IP.

TemporaryQuota

Temporary quota increase / decrease

Fields
quota

int64

Corresponds to the 'refill_token_count' field in QuotaServer config

start_time

Timestamp

When this quota will take effect

quota_duration

Duration

How long this quota will be active for

SignInConfig

Configuration related to local sign in methods.

Fields
email

Email

Configuration options related to authenticating a user by their email address.

phone_number

PhoneNumber

Configuration options related to authenticated a user by their phone number.

anonymous

Anonymous

Configuration options related to authenticating an anonymous user.

allow_duplicate_emails

bool

Whether to allow more than one account to have the same email.

hash_config

HashConfig

Output only. Hash config information.

Anonymous

Configuration options related to authenticating an anonymous user.

Fields
enabled

bool

Whether anonymous user auth is enabled for the project or not.

Email

Configuration options related to authenticating a user by their email address.

Fields
enabled

bool

Whether email auth is enabled for the project or not.

password_required

bool

Whether a password is required for email auth or not. If true, both an email and password must be provided to sign in. If false, a user may sign in via either email/password or email link.

hash_config

HashConfig

Output only. Hash config information.

PhoneNumber

Configuration options related to authenticated a user by their phone number.

Fields
enabled

bool

Whether phone number auth is enabled for the project or not.

test_phone_numbers

map<string, string>

A map of <test phone number, fake code> that can be used for phone auth testing.

SpCertificate

The proto for the SP's certificate data for IDP to verify the SAMLRequest generated by the SP.

Fields
x509_certificate

string

Self-signed public certificate.

expires_at

Timestamp

Timestamp of the cert expiration instance.

Tenant

A Tenant contains configuration for the tenant in a multi-tenant project.

Fields
name

string

Resource name of a tenant. For example: "projects/project1/tenants/tenant1"

display_name

string

Display name of the tenant.

saml_configs[]
(deprecated)

SamlConfig

SAML configurations requested.

idp_configs[]
(deprecated)

IdpConfig

IDP configurations requested.

allow_password_signup

bool

Whether to allow email/password sign up.

disable_auth

bool

Whether the tenant is disabled for authentication. The users under the disabled tenant are not allowed to sign-in. Admins of the disabled tenant are not able to manage its users.

UpdateConfigRequest

Request for UpdateConfig

Fields
config

Config

The config resource which replaces the resource on the server.

Authorization requires the following IAM permission on the specified resource config:

  • firebaseauth.configs.update
update_mask

FieldMask

The update mask applies to the resource. Fields set in the config but not included in this update mask will be ignored. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask

UpdateDefaultSupportedIdpConfigRequest

Request for UpdateDefaultSupportedIdpConfig

Fields
default_supported_idp_config

DefaultSupportedIdpConfig

The config resource which replaces the resource on the server.

Authorization requires the following IAM permission on the specified resource defaultSupportedIdpConfig:

  • firebaseauth.configs.update
update_mask

FieldMask

The update mask applies to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask

UpdateInboundSamlConfigRequest

Request for UpdateInboundSamlConfig

Fields
inbound_saml_config

InboundSamlConfig

The config resource which replaces the resource on the server.

Authorization requires the following IAM permission on the specified resource inboundSamlConfig:

  • firebaseauth.configs.update
update_mask

FieldMask

The update mask applies to the resource. Empty update mask will result in updating nothing. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask

UpdateOAuthIdpConfigRequest

Request for UpdateOAuthIdpConfig

Fields
oauth_idp_config

OAuthIdpConfig

The config resource which replaces the resource on the server.

Authorization requires the following IAM permission on the specified resource oauthIdpConfig:

  • firebaseauth.configs.update
update_mask

FieldMask

The update mask applies to the resource. Empty update mask will result in updating nothing. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask

UpdateTenantRequest

Request message for UpdateTenant.

Fields
tenant

Tenant

Required. Tenant to be updated.

Authorization requires the following IAM permission on the specified resource tenant:

  • identitytoolkit.tenants.update
update_mask

FieldMask

The update mask applies to the resource. For the FieldMask definition, see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask

VerifyDomainRequest

Request message to verify the requested custom domain has required DNS records.

Fields
resource

string

The name of the resource to verify the domain of. This method currently accepts verifying domains for either projects (example 'projects/my-awesome-project') or tenants (example 'projects/my-awesome-project/tenants/my-awesome-tenant').

Authorization requires the following IAM permission on the specified resource resource:

  • firebaseauth.configs.update
domain

string

The target domain of this request.

action

DomainVerificationAction

The action being attempted on the given domain.

DomainVerificationAction

The action being attempted on the given domain.

Enums
DOMAIN_VERIFICATION_ACTION_UNSPECIFIED Default value. Do not use.
VERIFY Verify the domain in request.
CANCEL Cancel the current verification process.
APPLY Apply the custom domain in email sending.

VerifyDomainResponse

Response for VerifyDomain request.

Fields
verification_state

VerificationState

The resulting state for the given domain after this request is processed.

verification_error

string

When applicable, a textual explanation for why the domain wasn't enable to be verified.