- Resource: AuthConfig
- Methods
Resource: AuthConfig
The AuthConfig resource use to hold channels and connection config data.
JSON representation |
---|
{ "name": string, "displayName": string, "description": string, "certificateId": string, "credentialType": enum ( |
Fields | |
---|---|
name |
Resource name of the auth config. For more information, see Manage authentication profiles.
. |
display |
Required. The name of the auth config. |
description |
A description of the auth config. |
certificate |
Certificate id for client certificate |
credential |
Credential type of the encrypted credential. |
creator |
The creator's email address. Generated based on the End User Credentials/LOAS role of the user making the call. |
create |
Output only. The timestamp when the auth config is created. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
last |
The last modifier's email address. Generated based on the End User Credentials/LOAS role of the user making the call. |
update |
Output only. The timestamp when the auth config is modified. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
visibility |
The visibility of the auth config. |
state |
The status of the auth config. |
reason |
The reason / details of the current status. |
expiry |
User can define the time to receive notification after which the auth config becomes invalid. Support up to 30 days. Support granularity in hours. A duration in seconds with up to nine fractional digits, ending with ' |
valid |
The time until the auth config is valid. Empty or max value is considered the auth config won't expire. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
override |
User provided expiry time to override. For the example of Salesforce, username/password credentials can be valid for 6 months depending on the instance settings. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
Union field
|
|
encrypted |
Auth credential encrypted by Cloud KMS. Can be decrypted as Credential with proper KMS key. A base64-encoded string. |
decrypted |
Raw auth credentials. |
Credential
Defines parameters for a single, canonical credential.
JSON representation |
---|
{ "credentialType": enum ( |
Fields | |
---|---|
credential |
Credential type associated with auth config. |
Union field credential_value . According to the credential_type, the credential value can be specified in one of the following proto. credential_value can be only one of the following: |
|
username |
Username and password credential |
oauth2 |
The api_key and oauth2_implicit are not covered in v1 and will be picked up once v1 is implemented. ApiKey api_key = 3; OAuth2 authorization code credential |
oauth2 |
OAuth2Implicit oauth2_implicit = 5; OAuth2 client credentials |
oauth2 |
OAuth2 resource owner credentials |
jwt |
JWT credential |
auth |
Auth token credential |
service |
Service account credential |
oidc |
Google OIDC ID Token |
CredentialType
Each type only applies to a certain number of services. For example, types with OAuth prefix only works for connecting REST endpoints.
Enums | |
---|---|
CREDENTIAL_TYPE_UNSPECIFIED |
Unspecified credential type |
USERNAME_AND_PASSWORD |
Regular username/password pair. |
API_KEY |
API key. |
OAUTH2_AUTHORIZATION_CODE |
OAuth 2.0 Authorization Code Grant type. |
OAUTH2_IMPLICIT |
OAuth 2.0 Implicit Grant type. |
OAUTH2_CLIENT_CREDENTIALS |
OAuth 2.0 Client Credentials Grant type. |
OAUTH2_RESOURCE_OWNER_CREDENTIALS |
OAuth 2.0 Resource owner Credentials Grant type. |
JWT |
JWT Token. |
AUTH_TOKEN |
Auth Token, e.g. bearer token. |
SERVICE_ACCOUNT |
Service Account which can be used to generate token for authentication. |
CLIENT_CERTIFICATE_ONLY |
Client Certificate only. |
OIDC_TOKEN |
Google OIDC ID Token |
UsernameAndPassword
Username and password pair.
JSON representation |
---|
{ "username": string, "password": string } |
Fields | |
---|---|
username |
Username to be used |
password |
Password to be used |
OAuth2AuthorizationCode
The OAuth type where the client sends request with the client id and requested scopes to auth endpoint. User sees a consent screen and auth code is received at specified redirect url afterwards. The auth code is then combined with the client id and secret and sent to the token endpoint in exchange for the access and refresh token. The refresh token can be used to fetch new access tokens.
JSON representation |
---|
{ "clientId": string, "clientSecret": string, "scope": string, "authEndpoint": string, "authParams": { object ( |
Fields | |
---|---|
client |
The client's id. |
client |
The client's secret. |
scope |
A space-delimited list of requested scope permissions. |
auth |
The auth url endpoint to send the auth code request to. |
auth |
The auth parameters sent along with the auth code request. |
token |
The token url endpoint to send the token request to. |
token |
The token parameters sent along with the token request. |
access |
The access token received from the token endpoint. |
auth |
The Auth Code that is used to initially retrieve the access token. |
request |
Represent how to pass parameters to fetch access token |
apply |
Indicates if the user has opted in Google Reauth Policy. If opted in, the refresh token will be valid for 20 hours, after which time users must re-authenticate in order to obtain a new one. |
ParameterMap
A generic multi-map that holds key value pairs. They keys and values can be of any type, unless specified.
JSON representation |
---|
{ "entries": [ { object ( |
Fields | |
---|---|
entries[] |
A list of parameter map entries. |
key |
Option to specify key type for all entries of the map. If provided then field types for all entries must conform to this. |
value |
Option to specify value type for all entries of the map. If provided then field types for all entries must conform to this. |
ParameterMapEntry
Entry is a pair of key and value.
JSON representation |
---|
{ "key": { object ( |
Fields | |
---|---|
key |
Key of the map entry. |
value |
Value of the map entry. |
ParameterMapField
Field represents either the key or value in an entry.
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field
|
|
reference |
Referencing one of the Integration variables. |
literal |
Passing a literal value. |
AccessToken
The access token represents the authorization of a specific application to access specific parts of a user's data.
JSON representation |
---|
{ "accessToken": string, "accessTokenExpireTime": string, "tokenType": string, "refreshToken": string, "refreshTokenExpireTime": string } |
Fields | |
---|---|
access |
The access token encapsulating the security identity of a process or thread. |
access |
Required. The approximate time until the access token retrieved is valid. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
token |
Only support "bearer" token in v1 as bearer token is the predominant type used with OAuth 2.0. |
refresh |
If the access token will expire, use the refresh token to obtain another access token. |
refresh |
The approximate time until the refresh token retrieved is valid. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
RequestType
Represent how to pass parameters to fetch access token
Enums | |
---|---|
REQUEST_TYPE_UNSPECIFIED |
Unspecified request type |
REQUEST_BODY |
To pass all the parameters in post body. |
QUERY_PARAMETERS |
To pass all the parameters as a part of query parameter. |
ENCODED_HEADER |
To pass client id and client secret as base 64 encoding of clientId:client_password and rest parameters in post body. |
OAuth2ClientCredentials
For client credentials grant, the client sends a POST request with grant_type as 'client_credentials' to the authorization server. The authorization server will respond with a JSON object containing the access token.
JSON representation |
---|
{ "clientId": string, "clientSecret": string, "tokenEndpoint": string, "scope": string, "tokenParams": { object ( |
Fields | |
---|---|
client |
The client's ID. |
client |
The client's secret. |
token |
The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token. |
scope |
A space-delimited list of requested scope permissions. |
token |
Token parameters for the auth request. |
access |
Access token fetched from the authorization server. |
request |
Represent how to pass parameters to fetch access token |
OAuth2ResourceOwnerCredentials
For resource owner credentials grant, the client will ask the user for their authorization credentials (ususally a username and password) and send a POST request to the authorization server. The authorization server will respond with a JSON object containing the access token.
JSON representation |
---|
{ "clientId": string, "clientSecret": string, "username": string, "password": string, "tokenEndpoint": string, "scope": string, "tokenParams": { object ( |
Fields | |
---|---|
client |
The client's ID. |
client |
The client's secret. |
username |
The user's username. |
password |
The user's password. |
token |
The token endpoint is used by the client to obtain an access token by presenting its authorization grant or refresh token. |
scope |
A space-delimited list of requested scope permissions. |
token |
Token parameters for the auth request. |
access |
Access token fetched from the authorization server. |
request |
Represent how to pass parameters to fetch access token |
Jwt
Represents JSON web token(JWT), which is a compact, URL-safe means of representing claims to be transferred between two parties, enabling the claims to be digitally signed or integrity protected.
JSON representation |
---|
{ "jwtHeader": string, "jwtPayload": string, "secret": string, "jwt": string } |
Fields | |
---|---|
jwt |
Identifies which algorithm is used to generate the signature. |
jwt |
Contains a set of claims. The JWT specification defines seven Registered Claim Names which are the standard fields commonly included in tokens. Custom claims are usually also included, depending on the purpose of the token. |
secret |
User's pre-shared secret to sign the token. |
jwt |
The token calculated by the header, payload and signature. |
AuthToken
The credentials to authenticate a user agent with a server that is put in HTTP Authorization request header.
JSON representation |
---|
{ "type": string, "token": string } |
Fields | |
---|---|
type |
Authentication type, e.g. "Basic", "Bearer", etc. |
token |
The token for the auth type. |
ServiceAccountCredentials
Represents the service account which can be used to generate access token for authenticating the service call.
JSON representation |
---|
{ "serviceAccount": string, "scope": string } |
Fields | |
---|---|
service |
name of the service account that has the permission to make the request. |
scope |
A space-delimited list of requested scope permissions. |
OidcToken
OIDC Token
JSON representation |
---|
{ "serviceAccountEmail": string, "audience": string, "token": string, "tokenExpireTime": string } |
Fields | |
---|---|
service |
The service account email to be used as the identity for the token. |
audience |
Audience to be used when generating OIDC token. The audience claim identifies the recipients that the JWT is intended for. |
token |
ID token obtained for the service account |
token |
The approximate time until the token retrieved is valid. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
AuthConfigVisibility
Enum for the visibility of the auth config.
Enums | |
---|---|
AUTH_CONFIG_VISIBILITY_UNSPECIFIED |
Visibility not specified. |
PRIVATE |
Profile visible to the creator only. |
CLIENT_VISIBLE |
Profile visible within the client. |
State
The status of the auth config.
Enums | |
---|---|
STATE_UNSPECIFIED |
Status not specified. |
VALID |
Valid Auth config. |
INVALID |
General invalidity, if it doesn't fits in the detailed issue below. |
SOFT_DELETED |
Auth config soft deleted. |
EXPIRED |
Auth config expired. |
UNAUTHORIZED |
Auth config unauthorized. |
UNSUPPORTED |
Auth config not supported. |
Methods |
|
---|---|
|
Creates an auth config record. |
|
Deletes an auth config. |
|
Gets a complete auth config. |
|
Lists all auth configs that match the filter. |
|
Updates an auth config. |