oauth_clients

Creates, updates, deletes, gets or lists an oauth_clients resource.

Overview

Name	`oauth_clients`
Type	Resource
Id	`google.iam.oauth_clients`

Fields

The following fields are returned by SELECT queries:

get
list

Successful response

Name	Datatype	Description
`name`	`string`	Immutable. Identifier. The resource name of the OauthClient. Format:`projects/{project}/locations/{location}/oauthClients/{oauth_client}`.
`allowedGrantTypes`	`array`	Required. The list of OAuth grant types is allowed for the OauthClient.
`allowedRedirectUris`	`array`	Required. The list of redirect uris that is allowed to redirect back when authorization process is completed.
`allowedScopes`	`array`	Required. The list of scopes that the OauthClient is allowed to request during OAuth flows. The following scopes are supported: * `https://www.googleapis.com/auth/cloud-platform`: See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account. * `openid`: The OAuth client can associate you with your personal information on Google Cloud. * `email`: The OAuth client can read a federated identity's email address. * `groups`: The OAuth client can read a federated identity's groups.
`clientId`	`string`	Output only. The system-generated OauthClient id.
`clientType`	`string`	Immutable. The type of OauthClient. Either public or private. For private clients, the client secret can be managed using the dedicated OauthClientCredential resource.
`description`	`string`	Optional. A user-specified description of the OauthClient. Cannot exceed 256 characters.
`disabled`	`boolean`	Optional. Whether the OauthClient is disabled. You cannot use a disabled OAuth client.
`displayName`	`string`	Optional. A user-specified display name of the OauthClient. Cannot exceed 32 characters.
`expireTime`	`string (google-datetime)`	Output only. Time after which the OauthClient will be permanently purged and cannot be recovered.
`state`	`string`	Output only. The state of the OauthClient.

Successful response

Name	Datatype	Description
`name`	`string`	Immutable. Identifier. The resource name of the OauthClient. Format:`projects/{project}/locations/{location}/oauthClients/{oauth_client}`.
`allowedGrantTypes`	`array`	Required. The list of OAuth grant types is allowed for the OauthClient.
`allowedRedirectUris`	`array`	Required. The list of redirect uris that is allowed to redirect back when authorization process is completed.
`allowedScopes`	`array`	Required. The list of scopes that the OauthClient is allowed to request during OAuth flows. The following scopes are supported: * `https://www.googleapis.com/auth/cloud-platform`: See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account. * `openid`: The OAuth client can associate you with your personal information on Google Cloud. * `email`: The OAuth client can read a federated identity's email address. * `groups`: The OAuth client can read a federated identity's groups.
`clientId`	`string`	Output only. The system-generated OauthClient id.
`clientType`	`string`	Immutable. The type of OauthClient. Either public or private. For private clients, the client secret can be managed using the dedicated OauthClientCredential resource.
`description`	`string`	Optional. A user-specified description of the OauthClient. Cannot exceed 256 characters.
`disabled`	`boolean`	Optional. Whether the OauthClient is disabled. You cannot use a disabled OAuth client.
`displayName`	`string`	Optional. A user-specified display name of the OauthClient. Cannot exceed 32 characters.
`expireTime`	`string (google-datetime)`	Output only. Time after which the OauthClient will be permanently purged and cannot be recovered.
`state`	`string`	Output only. The state of the OauthClient.

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Optional Params	Description
`get`	`select`	`projectsId`, `locationsId`, `oauthClientsId`		Gets an individual OauthClient.
`list`	`select`	`projectsId`, `locationsId`	`pageSize`, `pageToken`, `showDeleted`	Lists all non-deleted OauthClients in a project. If `show_deleted` is set to `true`, then deleted OauthClients are also listed.
`create`	`insert`	`projectsId`, `locationsId`	`oauthClientId`	Creates a new OauthClient. You cannot reuse the name of a deleted OauthClient until 30 days after deletion.
`patch`	`update`	`projectsId`, `locationsId`, `oauthClientsId`	`updateMask`	Updates an existing OauthClient.
`delete`	`delete`	`projectsId`, `locationsId`, `oauthClientsId`		Deletes an OauthClient. You cannot use a deleted OauthClient. However, deletion does not revoke access tokens that have already been issued. They continue to grant access. Deletion does revoke refresh tokens that have already been issued. They cannot be used to renew an access token. If the OauthClient is undeleted, and the refresh tokens are not expired, they are valid for token exchange again. You can undelete an OauthClient for 30 days. After 30 days, deletion is permanent. You cannot update deleted OauthClients. However, you can view and list them.
`undelete`	`exec`	`projectsId`, `locationsId`, `oauthClientsId`		Undeletes an OauthClient, as long as it was deleted fewer than 30 days ago.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
`locationsId`	`string`
`oauthClientsId`	`string`
`projectsId`	`string`
`oauthClientId`	`string`
`pageSize`	`integer (int32)`
`pageToken`	`string`
`showDeleted`	`boolean`
`updateMask`	`string (google-fieldmask)`

`SELECT` examples

get
list

Gets an individual OauthClient.

SELECT
name,
allowedGrantTypes,
allowedRedirectUris,
allowedScopes,
clientId,
clientType,
description,
disabled,
displayName,
expireTime,
state
FROM google.iam.oauth_clients
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND oauthClientsId = '{{ oauthClientsId }}' -- required;

Lists all non-deleted OauthClients in a project. If show_deleted is set to true, then deleted OauthClients are also listed.

SELECT
name,
allowedGrantTypes,
allowedRedirectUris,
allowedScopes,
clientId,
clientType,
description,
disabled,
displayName,
expireTime,
state
FROM google.iam.oauth_clients
WHERE projectsId = '{{ projectsId }}' -- required
AND locationsId = '{{ locationsId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}'
AND showDeleted = '{{ showDeleted }}';

`INSERT` examples

create
Manifest

Creates a new OauthClient. You cannot reuse the name of a deleted OauthClient until 30 days after deletion.

INSERT INTO google.iam.oauth_clients (
data__name,
data__disabled,
data__displayName,
data__description,
data__clientType,
data__allowedGrantTypes,
data__allowedScopes,
data__allowedRedirectUris,
projectsId,
locationsId,
oauthClientId
)
SELECT 
'{{ name }}',
{{ disabled }},
'{{ displayName }}',
'{{ description }}',
'{{ clientType }}',
'{{ allowedGrantTypes }}',
'{{ allowedScopes }}',
'{{ allowedRedirectUris }}',
'{{ projectsId }}',
'{{ locationsId }}',
'{{ oauthClientId }}'
RETURNING
name,
allowedGrantTypes,
allowedRedirectUris,
allowedScopes,
clientId,
clientType,
description,
disabled,
displayName,
expireTime,
state
;

# Description fields are for documentation purposes
- name: oauth_clients
  props:
    - name: projectsId
      value: string
      description: Required parameter for the oauth_clients resource.
    - name: locationsId
      value: string
      description: Required parameter for the oauth_clients resource.
    - name: name
      value: string
      description: >
        Immutable. Identifier. The resource name of the OauthClient. Format:`projects/{project}/locations/{location}/oauthClients/{oauth_client}`.
        
    - name: disabled
      value: boolean
      description: >
        Optional. Whether the OauthClient is disabled. You cannot use a disabled OAuth client.
        
    - name: displayName
      value: string
      description: >
        Optional. A user-specified display name of the OauthClient. Cannot exceed 32 characters.
        
    - name: description
      value: string
      description: >
        Optional. A user-specified description of the OauthClient. Cannot exceed 256 characters.
        
    - name: clientType
      value: string
      description: >
        Immutable. The type of OauthClient. Either public or private. For private clients, the client secret can be managed using the dedicated OauthClientCredential resource.
        
      valid_values: ['CLIENT_TYPE_UNSPECIFIED', 'PUBLIC_CLIENT', 'CONFIDENTIAL_CLIENT']
    - name: allowedGrantTypes
      value: array
      description: >
        Required. The list of OAuth grant types is allowed for the OauthClient.
        
    - name: allowedScopes
      value: array
      description: >
        Required. The list of scopes that the OauthClient is allowed to request during OAuth flows. The following scopes are supported: * `https://www.googleapis.com/auth/cloud-platform`: See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account. * `openid`: The OAuth client can associate you with your personal information on Google Cloud. * `email`: The OAuth client can read a federated identity's email address. * `groups`: The OAuth client can read a federated identity's groups.
        
    - name: allowedRedirectUris
      value: array
      description: >
        Required. The list of redirect uris that is allowed to redirect back when authorization process is completed.
        
    - name: oauthClientId
      value: string

`UPDATE` examples

patch

Updates an existing OauthClient.

UPDATE google.iam.oauth_clients
SET 
data__name = '{{ name }}',
data__disabled = {{ disabled }},
data__displayName = '{{ displayName }}',
data__description = '{{ description }}',
data__clientType = '{{ clientType }}',
data__allowedGrantTypes = '{{ allowedGrantTypes }}',
data__allowedScopes = '{{ allowedScopes }}',
data__allowedRedirectUris = '{{ allowedRedirectUris }}'
WHERE 
projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND oauthClientsId = '{{ oauthClientsId }}' --required
AND updateMask = '{{ updateMask}}'
RETURNING
name,
allowedGrantTypes,
allowedRedirectUris,
allowedScopes,
clientId,
clientType,
description,
disabled,
displayName,
expireTime,
state;

`DELETE` examples

delete

Deletes an OauthClient. You cannot use a deleted OauthClient. However, deletion does not revoke access tokens that have already been issued. They continue to grant access. Deletion does revoke refresh tokens that have already been issued. They cannot be used to renew an access token. If the OauthClient is undeleted, and the refresh tokens are not expired, they are valid for token exchange again. You can undelete an OauthClient for 30 days. After 30 days, deletion is permanent. You cannot update deleted OauthClients. However, you can view and list them.

DELETE FROM google.iam.oauth_clients
WHERE projectsId = '{{ projectsId }}' --required
AND locationsId = '{{ locationsId }}' --required
AND oauthClientsId = '{{ oauthClientsId }}' --required;

Lifecycle Methods

undelete

Undeletes an OauthClient, as long as it was deleted fewer than 30 days ago.

EXEC google.iam.oauth_clients.undelete 
@projectsId='{{ projectsId }}' --required, 
@locationsId='{{ locationsId }}' --required, 
@oauthClientsId='{{ oauthClientsId }}' --required;

Overview​

Fields​

Methods​

Parameters​

SELECT examples​

INSERT examples​

UPDATE examples​

DELETE examples​

Lifecycle Methods​