0
# OAuth Brand and Client Management
1
2
Programmatic creation, management, and configuration of IAP OAuth brands and OAuth clients. This service enables setting up OAuth authentication flows for IAP, managing client credentials, and configuring OAuth applications for IAP-protected resources.
3
4
## Capabilities
5
6
### OAuth Brand Management
7
8
OAuth brands represent the OAuth consent screen configuration that users see when authenticating through IAP. Each Google Cloud project can have multiple brands for different use cases.
9
10
```python { .api }
11
def list_brands(
12
self,
13
request: ListBrandsRequest,
14
*,
15
retry=DEFAULT,
16
timeout=DEFAULT,
17
metadata=()
18
) -> ListBrandsResponse:
19
"""
20
Lists the existing brands for the project.
21
22
Args:
23
request: The request object containing the parent project.
24
retry: Designation of what errors should be retried.
25
timeout: The timeout for this request.
26
metadata: Strings which should be sent along with the request.
27
28
Returns:
29
A list of brands for the project.
30
"""
31
32
def create_brand(
33
self,
34
request: CreateBrandRequest,
35
*,
36
retry=DEFAULT,
37
timeout=DEFAULT,
38
metadata=()
39
) -> Brand:
40
"""
41
Constructs a new OAuth brand for the project.
42
43
Args:
44
request: The request object containing the brand details.
45
retry: Designation of what errors should be retried.
46
timeout: The timeout for this request.
47
metadata: Strings which should be sent along with the request.
48
49
Returns:
50
The created OAuth brand.
51
"""
52
53
def get_brand(
54
self,
55
request: GetBrandRequest,
56
*,
57
retry=DEFAULT,
58
timeout=DEFAULT,
59
metadata=()
60
) -> Brand:
61
"""
62
Retrieves the OAuth brand of the project.
63
64
Args:
65
request: The request object containing the brand name.
66
retry: Designation of what errors should be retried.
67
timeout: The timeout for this request.
68
metadata: Strings which should be sent along with the request.
69
70
Returns:
71
The requested OAuth brand.
72
"""
73
```
74
75
Example usage:
76
77
```python
78
from google.cloud.iap import IdentityAwareProxyOAuthServiceClient
79
from google.cloud.iap import ListBrandsRequest, CreateBrandRequest, Brand
80
81
oauth_client = IdentityAwareProxyOAuthServiceClient()
82
project_path = "projects/my-project"
83
84
# List existing brands
85
list_request = ListBrandsRequest(parent=project_path)
86
response = oauth_client.list_brands(request=list_request)
87
88
for brand in response.brands:
89
print(f"Brand: {brand.name}")
90
print(f"Application title: {brand.application_title}")
91
print(f"Support email: {brand.support_email}")
92
print(f"Internal only: {brand.org_internal_only}")
93
94
# Create a new OAuth brand
95
new_brand = Brand(
96
application_title="My IAP Application",
97
support_email="support@example.com"
98
)
99
100
create_request = CreateBrandRequest(
101
parent=project_path,
102
brand=new_brand
103
)
104
105
created_brand = oauth_client.create_brand(request=create_request)
106
print(f"Created brand: {created_brand.name}")
107
```
108
109
### OAuth Client Management
110
111
OAuth clients are the applications that can authenticate users through IAP. Each brand can have multiple OAuth clients with different configurations and access levels.
112
113
```python { .api }
114
def create_identity_aware_proxy_client(
115
self,
116
request: CreateIdentityAwareProxyClientRequest,
117
*,
118
retry=DEFAULT,
119
timeout=DEFAULT,
120
metadata=()
121
) -> IdentityAwareProxyClient:
122
"""
123
Creates an Identity Aware Proxy (IAP) OAuth client.
124
125
Args:
126
request: The request object containing the client details.
127
retry: Designation of what errors should be retried.
128
timeout: The timeout for this request.
129
metadata: Strings which should be sent along with the request.
130
131
Returns:
132
The created IAP OAuth client.
133
"""
134
135
def list_identity_aware_proxy_clients(
136
self,
137
request: ListIdentityAwareProxyClientsRequest,
138
*,
139
retry=DEFAULT,
140
timeout=DEFAULT,
141
metadata=()
142
) -> ListIdentityAwareProxyClientsPager:
143
"""
144
Lists the existing clients for the brand.
145
146
Args:
147
request: The request object containing the brand parent.
148
retry: Designation of what errors should be retried.
149
timeout: The timeout for this request.
150
metadata: Strings which should be sent along with the request.
151
152
Returns:
153
A pager for iterating through OAuth clients.
154
"""
155
156
def get_identity_aware_proxy_client(
157
self,
158
request: GetIdentityAwareProxyClientRequest,
159
*,
160
name: str = None,
161
retry=DEFAULT,
162
timeout=DEFAULT,
163
metadata=()
164
) -> IdentityAwareProxyClient:
165
"""
166
Retrieves an Identity Aware Proxy (IAP) OAuth client.
167
168
Args:
169
request: The request object containing the client name.
170
name: The resource name of the OAuth client.
171
retry: Designation of what errors should be retried.
172
timeout: The timeout for this request.
173
metadata: Strings which should be sent along with the request.
174
175
Returns:
176
The requested IAP OAuth client.
177
"""
178
179
def reset_identity_aware_proxy_client_secret(
180
self,
181
request: ResetIdentityAwareProxyClientSecretRequest,
182
*,
183
retry=DEFAULT,
184
timeout=DEFAULT,
185
metadata=()
186
) -> IdentityAwareProxyClient:
187
"""
188
Resets an Identity Aware Proxy (IAP) OAuth client secret.
189
190
Args:
191
request: The request object containing the client name.
192
retry: Designation of what errors should be retried.
193
timeout: The timeout for this request.
194
metadata: Strings which should be sent along with the request.
195
196
Returns:
197
The OAuth client with new secret.
198
"""
199
200
def delete_identity_aware_proxy_client(
201
self,
202
request: DeleteIdentityAwareProxyClientRequest,
203
*,
204
retry=DEFAULT,
205
timeout=DEFAULT,
206
metadata=()
207
) -> None:
208
"""
209
Deletes an Identity Aware Proxy (IAP) OAuth client.
210
211
Args:
212
request: The request object containing the client name.
213
retry: Designation of what errors should be retried.
214
timeout: The timeout for this request.
215
metadata: Strings which should be sent along with the request.
216
"""
217
```
218
219
Example usage:
220
221
```python
222
from google.cloud.iap import IdentityAwareProxyOAuthServiceClient
223
from google.cloud.iap import (
224
CreateIdentityAwareProxyClientRequest,
225
ListIdentityAwareProxyClientsRequest,
226
ResetIdentityAwareProxyClientSecretRequest,
227
IdentityAwareProxyClient
228
)
229
230
oauth_client = IdentityAwareProxyOAuthServiceClient()
231
brand_path = "projects/my-project/brands/my-brand"
232
233
# Create a new OAuth client
234
new_client = IdentityAwareProxyClient(
235
display_name="My Web Application Client"
236
)
237
238
create_request = CreateIdentityAwareProxyClientRequest(
239
parent=brand_path,
240
identity_aware_proxy_client=new_client
241
)
242
243
created_client = oauth_client.create_identity_aware_proxy_client(request=create_request)
244
print(f"Created OAuth client: {created_client.name}")
245
print(f"Client secret: {created_client.secret}")
246
247
# List all OAuth clients for the brand
248
list_request = ListIdentityAwareProxyClientsRequest(parent=brand_path)
249
for client in oauth_client.list_identity_aware_proxy_clients(request=list_request):
250
print(f"Client: {client.name}")
251
print(f"Display name: {client.display_name}")
252
253
# Reset client secret
254
reset_request = ResetIdentityAwareProxyClientSecretRequest(
255
name=created_client.name
256
)
257
258
updated_client = oauth_client.reset_identity_aware_proxy_client_secret(request=reset_request)
259
print(f"New client secret: {updated_client.secret}")
260
```
261
262
## Types
263
264
### Request Types
265
266
```python { .api }
267
class ListBrandsRequest:
268
"""Request message for ListBrands."""
269
parent: str # Parent project path
270
271
class CreateBrandRequest:
272
"""Request message for CreateBrand."""
273
parent: str # Parent project path
274
brand: Brand # Brand to create
275
276
class GetBrandRequest:
277
"""Request message for GetBrand."""
278
name: str # Brand resource name
279
280
class ListIdentityAwareProxyClientsRequest:
281
"""Request message for ListIdentityAwareProxyClients."""
282
parent: str # Parent brand path
283
page_size: int # Maximum number of results per page
284
page_token: str # Token for next page
285
286
class CreateIdentityAwareProxyClientRequest:
287
"""Request message for CreateIdentityAwareProxyClient."""
288
parent: str # Parent brand path
289
identity_aware_proxy_client: IdentityAwareProxyClient # Client to create
290
291
class GetIdentityAwareProxyClientRequest:
292
"""Request message for GetIdentityAwareProxyClient."""
293
name: str # Client resource name
294
295
class ResetIdentityAwareProxyClientSecretRequest:
296
"""Request message for ResetIdentityAwareProxyClientSecret."""
297
name: str # Client resource name
298
299
class DeleteIdentityAwareProxyClientRequest:
300
"""Request message for DeleteIdentityAwareProxyClient."""
301
name: str # Client resource name
302
```
303
304
### Response Types
305
306
```python { .api }
307
class ListBrandsResponse:
308
"""Response message for ListBrands."""
309
brands: List[Brand] # List of OAuth brands
310
311
class ListIdentityAwareProxyClientsResponse:
312
"""Response message for ListIdentityAwareProxyClients."""
313
identity_aware_proxy_clients: List[IdentityAwareProxyClient]
314
next_page_token: str # Token for next page
315
```
316
317
### Resource Types
318
319
```python { .api }
320
class Brand:
321
"""OAuth brand data."""
322
name: str # Output only - Resource name
323
support_email: str # Support email shown on OAuth consent screen
324
application_title: str # Application title shown on OAuth consent screen
325
org_internal_only: bool # Output only - Whether restricted to org users
326
327
class IdentityAwareProxyClient:
328
"""IAP OAuth client data."""
329
name: str # Output only - Resource name
330
secret: str # Output only - OAuth client secret
331
display_name: str # Human-readable display name
332
```
333
334
## Pager Classes
335
336
### ListIdentityAwareProxyClientsPager
337
338
```python { .api }
339
class ListIdentityAwareProxyClientsPager:
340
"""A pager for iterating through list_identity_aware_proxy_clients requests."""
341
342
@property
343
def pages(self):
344
"""Iterator of pages in the response."""
345
346
def __iter__(self):
347
"""Iterator over IdentityAwareProxyClient resources."""
348
349
def __getattr__(self, name):
350
"""Access to response attributes."""
351
```
352
353
### ListIdentityAwareProxyClientsAsyncPager
354
355
```python { .api }
356
class ListIdentityAwareProxyClientsAsyncPager:
357
"""Async pager for iterating through list_identity_aware_proxy_clients requests."""
358
359
@property
360
def pages(self):
361
"""AsyncIterator of pages in the response."""
362
363
def __aiter__(self):
364
"""AsyncIterator over IdentityAwareProxyClient resources."""
365
```
366
367
Example pager usage:
368
369
```python
370
from google.cloud.iap import IdentityAwareProxyOAuthServiceClient
371
from google.cloud.iap import ListIdentityAwareProxyClientsRequest
372
373
oauth_client = IdentityAwareProxyOAuthServiceClient()
374
brand_path = "projects/my-project/brands/my-brand"
375
376
# Use pager to iterate through all clients
377
request = ListIdentityAwareProxyClientsRequest(
378
parent=brand_path,
379
page_size=10 # Fetch 10 clients per page
380
)
381
382
pager = oauth_client.list_identity_aware_proxy_clients(request=request)
383
384
# Iterate through individual clients
385
for client in pager:
386
print(f"Client: {client.display_name}")
387
388
# Or iterate through pages
389
for page in pager.pages:
390
for client in page.identity_aware_proxy_clients:
391
print(f"Client: {client.display_name}")
392
```
393
394
## Path Helper Methods
395
396
```python { .api }
397
@staticmethod
398
def common_billing_account_path(billing_account: str) -> str:
399
"""Return a fully-qualified billing_account string."""
400
401
@staticmethod
402
def parse_common_billing_account_path(path: str) -> Dict[str, str]:
403
"""Parse a billing_account path into its component segments."""
404
405
@staticmethod
406
def common_folder_path(folder: str) -> str:
407
"""Return a fully-qualified folder string."""
408
409
@staticmethod
410
def parse_common_folder_path(path: str) -> Dict[str, str]:
411
"""Parse a folder path into its component segments."""
412
413
@staticmethod
414
def common_organization_path(organization: str) -> str:
415
"""Return a fully-qualified organization string."""
416
417
@staticmethod
418
def parse_common_organization_path(path: str) -> Dict[str, str]:
419
"""Parse an organization path into its component segments."""
420
421
@staticmethod
422
def common_project_path(project: str) -> str:
423
"""Return a fully-qualified project string."""
424
425
@staticmethod
426
def parse_common_project_path(path: str) -> Dict[str, str]:
427
"""Parse a project path into its component segments."""
428
429
@staticmethod
430
def common_location_path(project: str, location: str) -> str:
431
"""Return a fully-qualified location string."""
432
433
@staticmethod
434
def parse_common_location_path(path: str) -> Dict[str, str]:
435
"""Parse a location path into its component segments."""
436
```