tessl/pypi-google-cloud-iap
Google Cloud Identity-Aware Proxy API client library for Python
—
Pending
oauth-management.mddocs/
OAuth Brand and Client Management
Programmatic creation, management, and configuration of IAP OAuth brands and OAuth clients. This service enables setting up OAuth authentication flows for IAP, managing client credentials, and configuring OAuth applications for IAP-protected resources.
Capabilities
OAuth Brand Management
OAuth brands represent the OAuth consent screen configuration that users see when authenticating through IAP. Each Google Cloud project can have multiple brands for different use cases.
def list_brands(
self,
request: ListBrandsRequest,
*,
retry=DEFAULT,
timeout=DEFAULT,
metadata=()
) -> ListBrandsResponse:
"""
Lists the existing brands for the project.
Args:
request: The request object containing the parent project.
retry: Designation of what errors should be retried.
timeout: The timeout for this request.
metadata: Strings which should be sent along with the request.
Returns:
A list of brands for the project.
"""
def create_brand(
self,
request: CreateBrandRequest,
*,
retry=DEFAULT,
timeout=DEFAULT,
metadata=()
) -> Brand:
"""
Constructs a new OAuth brand for the project.
Args:
request: The request object containing the brand details.
retry: Designation of what errors should be retried.
timeout: The timeout for this request.
metadata: Strings which should be sent along with the request.
Returns:
The created OAuth brand.
"""
def get_brand(
self,
request: GetBrandRequest,
*,
retry=DEFAULT,
timeout=DEFAULT,
metadata=()
) -> Brand:
"""
Retrieves the OAuth brand of the project.
Args:
request: The request object containing the brand name.
retry: Designation of what errors should be retried.
timeout: The timeout for this request.
metadata: Strings which should be sent along with the request.
Returns:
The requested OAuth brand.
"""Example usage:
from google.cloud.iap import IdentityAwareProxyOAuthServiceClient
from google.cloud.iap import ListBrandsRequest, CreateBrandRequest, Brand
oauth_client = IdentityAwareProxyOAuthServiceClient()
project_path = "projects/my-project"
# List existing brands
list_request = ListBrandsRequest(parent=project_path)
response = oauth_client.list_brands(request=list_request)
for brand in response.brands:
print(f"Brand: {brand.name}")
print(f"Application title: {brand.application_title}")
print(f"Support email: {brand.support_email}")
print(f"Internal only: {brand.org_internal_only}")
# Create a new OAuth brand
new_brand = Brand(
application_title="My IAP Application",
support_email="support@example.com"
)
create_request = CreateBrandRequest(
parent=project_path,
brand=new_brand
)
created_brand = oauth_client.create_brand(request=create_request)
print(f"Created brand: {created_brand.name}")OAuth Client Management
OAuth clients are the applications that can authenticate users through IAP. Each brand can have multiple OAuth clients with different configurations and access levels.
def create_identity_aware_proxy_client(
self,
request: CreateIdentityAwareProxyClientRequest,
*,
retry=DEFAULT,
timeout=DEFAULT,
metadata=()
) -> IdentityAwareProxyClient:
"""
Creates an Identity Aware Proxy (IAP) OAuth client.
Args:
request: The request object containing the client details.
retry: Designation of what errors should be retried.
timeout: The timeout for this request.
metadata: Strings which should be sent along with the request.
Returns:
The created IAP OAuth client.
"""
def list_identity_aware_proxy_clients(
self,
request: ListIdentityAwareProxyClientsRequest,
*,
retry=DEFAULT,
timeout=DEFAULT,
metadata=()
) -> ListIdentityAwareProxyClientsPager:
"""
Lists the existing clients for the brand.
Args:
request: The request object containing the brand parent.
retry: Designation of what errors should be retried.
timeout: The timeout for this request.
metadata: Strings which should be sent along with the request.
Returns:
A pager for iterating through OAuth clients.
"""
def get_identity_aware_proxy_client(
self,
request: GetIdentityAwareProxyClientRequest,
*,
name: str = None,
retry=DEFAULT,
timeout=DEFAULT,
metadata=()
) -> IdentityAwareProxyClient:
"""
Retrieves an Identity Aware Proxy (IAP) OAuth client.
Args:
request: The request object containing the client name.
name: The resource name of the OAuth client.
retry: Designation of what errors should be retried.
timeout: The timeout for this request.
metadata: Strings which should be sent along with the request.
Returns:
The requested IAP OAuth client.
"""
def reset_identity_aware_proxy_client_secret(
self,
request: ResetIdentityAwareProxyClientSecretRequest,
*,
retry=DEFAULT,
timeout=DEFAULT,
metadata=()
) -> IdentityAwareProxyClient:
"""
Resets an Identity Aware Proxy (IAP) OAuth client secret.
Args:
request: The request object containing the client name.
retry: Designation of what errors should be retried.
timeout: The timeout for this request.
metadata: Strings which should be sent along with the request.
Returns:
The OAuth client with new secret.
"""
def delete_identity_aware_proxy_client(
self,
request: DeleteIdentityAwareProxyClientRequest,
*,
retry=DEFAULT,
timeout=DEFAULT,
metadata=()
) -> None:
"""
Deletes an Identity Aware Proxy (IAP) OAuth client.
Args:
request: The request object containing the client name.
retry: Designation of what errors should be retried.
timeout: The timeout for this request.
metadata: Strings which should be sent along with the request.
"""Example usage:
from google.cloud.iap import IdentityAwareProxyOAuthServiceClient
from google.cloud.iap import (
CreateIdentityAwareProxyClientRequest,
ListIdentityAwareProxyClientsRequest,
ResetIdentityAwareProxyClientSecretRequest,
IdentityAwareProxyClient
)
oauth_client = IdentityAwareProxyOAuthServiceClient()
brand_path = "projects/my-project/brands/my-brand"
# Create a new OAuth client
new_client = IdentityAwareProxyClient(
display_name="My Web Application Client"
)
create_request = CreateIdentityAwareProxyClientRequest(
parent=brand_path,
identity_aware_proxy_client=new_client
)
created_client = oauth_client.create_identity_aware_proxy_client(request=create_request)
print(f"Created OAuth client: {created_client.name}")
print(f"Client secret: {created_client.secret}")
# List all OAuth clients for the brand
list_request = ListIdentityAwareProxyClientsRequest(parent=brand_path)
for client in oauth_client.list_identity_aware_proxy_clients(request=list_request):
print(f"Client: {client.name}")
print(f"Display name: {client.display_name}")
# Reset client secret
reset_request = ResetIdentityAwareProxyClientSecretRequest(
name=created_client.name
)
updated_client = oauth_client.reset_identity_aware_proxy_client_secret(request=reset_request)
print(f"New client secret: {updated_client.secret}")Types
Request Types
class ListBrandsRequest:
"""Request message for ListBrands."""
parent: str # Parent project path
class CreateBrandRequest:
"""Request message for CreateBrand."""
parent: str # Parent project path
brand: Brand # Brand to create
class GetBrandRequest:
"""Request message for GetBrand."""
name: str # Brand resource name
class ListIdentityAwareProxyClientsRequest:
"""Request message for ListIdentityAwareProxyClients."""
parent: str # Parent brand path
page_size: int # Maximum number of results per page
page_token: str # Token for next page
class CreateIdentityAwareProxyClientRequest:
"""Request message for CreateIdentityAwareProxyClient."""
parent: str # Parent brand path
identity_aware_proxy_client: IdentityAwareProxyClient # Client to create
class GetIdentityAwareProxyClientRequest:
"""Request message for GetIdentityAwareProxyClient."""
name: str # Client resource name
class ResetIdentityAwareProxyClientSecretRequest:
"""Request message for ResetIdentityAwareProxyClientSecret."""
name: str # Client resource name
class DeleteIdentityAwareProxyClientRequest:
"""Request message for DeleteIdentityAwareProxyClient."""
name: str # Client resource nameResponse Types
class ListBrandsResponse:
"""Response message for ListBrands."""
brands: List[Brand] # List of OAuth brands
class ListIdentityAwareProxyClientsResponse:
"""Response message for ListIdentityAwareProxyClients."""
identity_aware_proxy_clients: List[IdentityAwareProxyClient]
next_page_token: str # Token for next pageResource Types
class Brand:
"""OAuth brand data."""
name: str # Output only - Resource name
support_email: str # Support email shown on OAuth consent screen
application_title: str # Application title shown on OAuth consent screen
org_internal_only: bool # Output only - Whether restricted to org users
class IdentityAwareProxyClient:
"""IAP OAuth client data."""
name: str # Output only - Resource name
secret: str # Output only - OAuth client secret
display_name: str # Human-readable display namePager Classes
ListIdentityAwareProxyClientsPager
class ListIdentityAwareProxyClientsPager:
"""A pager for iterating through list_identity_aware_proxy_clients requests."""
@property
def pages(self):
"""Iterator of pages in the response."""
def __iter__(self):
"""Iterator over IdentityAwareProxyClient resources."""
def __getattr__(self, name):
"""Access to response attributes."""ListIdentityAwareProxyClientsAsyncPager
class ListIdentityAwareProxyClientsAsyncPager:
"""Async pager for iterating through list_identity_aware_proxy_clients requests."""
@property
def pages(self):
"""AsyncIterator of pages in the response."""
def __aiter__(self):
"""AsyncIterator over IdentityAwareProxyClient resources."""Example pager usage:
from google.cloud.iap import IdentityAwareProxyOAuthServiceClient
from google.cloud.iap import ListIdentityAwareProxyClientsRequest
oauth_client = IdentityAwareProxyOAuthServiceClient()
brand_path = "projects/my-project/brands/my-brand"
# Use pager to iterate through all clients
request = ListIdentityAwareProxyClientsRequest(
parent=brand_path,
page_size=10 # Fetch 10 clients per page
)
pager = oauth_client.list_identity_aware_proxy_clients(request=request)
# Iterate through individual clients
for client in pager:
print(f"Client: {client.display_name}")
# Or iterate through pages
for page in pager.pages:
for client in page.identity_aware_proxy_clients:
print(f"Client: {client.display_name}")Path Helper Methods
@staticmethod
def common_billing_account_path(billing_account: str) -> str:
"""Return a fully-qualified billing_account string."""
@staticmethod
def parse_common_billing_account_path(path: str) -> Dict[str, str]:
"""Parse a billing_account path into its component segments."""
@staticmethod
def common_folder_path(folder: str) -> str:
"""Return a fully-qualified folder string."""
@staticmethod
def parse_common_folder_path(path: str) -> Dict[str, str]:
"""Parse a folder path into its component segments."""
@staticmethod
def common_organization_path(organization: str) -> str:
"""Return a fully-qualified organization string."""
@staticmethod
def parse_common_organization_path(path: str) -> Dict[str, str]:
"""Parse an organization path into its component segments."""
@staticmethod
def common_project_path(project: str) -> str:
"""Return a fully-qualified project string."""
@staticmethod
def parse_common_project_path(path: str) -> Dict[str, str]:
"""Parse a project path into its component segments."""
@staticmethod
def common_location_path(project: str, location: str) -> str:
"""Return a fully-qualified location string."""
@staticmethod
def parse_common_location_path(path: str) -> Dict[str, str]:
"""Parse a location path into its component segments."""Install with Tessl CLI
npx tessl i tessl/pypi-google-cloud-iap