REST Resource: projects.locations.oauthClients

Resource: OauthClient

Represents an OauthClient. Used to access Trusted Cloud resources on behalf of a Workforce Identity Federation user by using OAuth 2.0 Protocol to obtain an access token from Trusted Cloud.

JSON representation
{
  "name": string,
  "state": enum (State),
  "disabled": boolean,
  "clientId": string,
  "displayName": string,
  "description": string,
  "clientType": enum (ClientType),
  "allowedGrantTypes": [
    enum (GrantType)
  ],
  "allowedScopes": [
    string
  ],
  "allowedRedirectUris": [
    string
  ],
  "expireTime": string
}
Fields
name

string

Immutable. Identifier. The resource name of the OauthClient.

Format:projects/{project}/locations/{location}/oauthClients/{oauthClient}.

state

enum (State)

Output only. The state of the OauthClient.

disabled

boolean

Optional. Whether the OauthClient is disabled. You cannot use a disabled OAuth client.

clientId

string

Output only. The system-generated OauthClient id.

displayName

string

Optional. A user-specified display name of the OauthClient.

Cannot exceed 32 characters.

description

string

Optional. A user-specified description of the OauthClient.

Cannot exceed 256 characters.

clientType

enum (ClientType)

Immutable. The type of OauthClient. Either public or private. For private clients, the client secret can be managed using the dedicated OauthClientCredential resource.

allowedGrantTypes[]

enum (GrantType)

Required. The list of OAuth grant types is allowed for the OauthClient.

allowedScopes[]

string

Required. The list of scopes that the OauthClient is allowed to request during OAuth flows.

The following scopes are supported:

  • https://www.googleapis.com/auth/cloud-platform: See, edit, configure, and delete your Trusted Cloud data and see the email address for your Trusted Cloud Account.
  • openid: The OAuth client can associate you with your personal information on Trusted Cloud.
  • email: The OAuth client can read a federated identity's email address.
  • groups: The OAuth client can read a federated identity's groups.
allowedRedirectUris[]

string

Required. The list of redirect uris that is allowed to redirect back when authorization process is completed.

expireTime

string (Timestamp format)

Output only. Time after which the OauthClient will be permanently purged and cannot be recovered.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".

State

The current state of the OauthClient.

Enums
STATE_UNSPECIFIED Default value. This value is unused.
ACTIVE The OauthClient is active.
DELETED The OauthClient is soft-deleted. Soft-deleted OauthClient is permanently deleted after approximately 30 days unless restored via oauthClients.undelete.

ClientType

The type of OauthClient.

Enums
CLIENT_TYPE_UNSPECIFIED Should not be used.
PUBLIC_CLIENT Public client has no secret.
CONFIDENTIAL_CLIENT Private client.

GrantType

The OAuth grant type.

Enums
GRANT_TYPE_UNSPECIFIED Should not be used.
AUTHORIZATION_CODE_GRANT Authorization code grant.
REFRESH_TOKEN_GRANT Refresh token grant.

Methods

create

The method google.iam.admin.v1.OauthClients.CreateOauthClient is not available in Trusted Cloud by S3NS.

delete

The method google.iam.admin.v1.OauthClients.DeleteOauthClient is not available in Trusted Cloud by S3NS.

get

The method google.iam.admin.v1.OauthClients.GetOauthClient is not available in Trusted Cloud by S3NS.

list

The method google.iam.admin.v1.OauthClients.ListOauthClients is not available in Trusted Cloud by S3NS.

patch

The method google.iam.admin.v1.OauthClients.UpdateOauthClient is not available in Trusted Cloud by S3NS.

undelete

The method google.iam.admin.v1.OauthClients.UndeleteOauthClient is not available in Trusted Cloud by S3NS.