REST Resource: projects.locations.oauthClients

Resource: OauthClient

Represents anOauthClient. Used to access Google Cloud resources on behalf of a Workforce Identity Federation user by using OAuth 2.0 Protocol to obtain an access token from Google Cloud.

JSON representation
{"name":string,"state":enum (State),"disabled":boolean,"clientId":string,"displayName":string,"description":string,"clientType":enum (ClientType),"allowedGrantTypes":[enum (GrantType)],"allowedScopes":[string],"allowedRedirectUris":[string],"expireTime":string}
Fields
name

string

Immutable. Identifier. The resource name of theOauthClient.

Format:projects/{project}/locations/{location}/oauthClients/{oauthClient}.

state

enum (State)

Output only. The state of theOauthClient.

disabled

boolean

Optional. Whether theOauthClient is disabled. You cannot use a disabled OAuth client.

clientId

string

Output only. The system-generatedOauthClient id.

displayName

string

Optional. A user-specified display name of theOauthClient.

Cannot exceed 32 characters.

description

string

Optional. A user-specified description of theOauthClient.

Cannot exceed 256 characters.

clientType

enum (ClientType)

Immutable. The type ofOauthClient. Either public or private. For private clients, the client secret can be managed using the dedicatedOauthClientCredential resource.

allowedGrantTypes[]

enum (GrantType)

Required. The list of OAuth grant types is allowed for theOauthClient.

allowedScopes[]

string

Required. The list of scopes that theOauthClient is allowed to request during OAuth flows.

The following scopes are supported:

  • https://www.googleapis.com/auth/cloud-platform: See, edit, configure, and delete your Google Cloud data and see the email address for your Google Account.
allowedRedirectUris[]

string

Required. The list of redirect uris that is allowed to redirect back when authorization process is completed.

expireTime

string (Timestamp format)

Output only. Time after which theOauthClient will be permanently purged and cannot be recovered.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:"2014-10-02T15:01:23Z","2014-10-02T15:01:23.045123456Z" or"2014-10-02T15:01:23+05:30".

State

The current state of theOauthClient.

Enums
STATE_UNSPECIFIEDDefault value. This value is unused.
ACTIVETheOauthClient is active.
DELETEDTheOauthClient is soft-deleted. Soft-deletedOauthClient is permanently deleted after approximately 30 days unless restored viaoauthClients.undelete.

ClientType

The type ofOauthClient.

Enums
CLIENT_TYPE_UNSPECIFIEDShould not be used.
PUBLIC_CLIENTPublic client has no secret.
CONFIDENTIAL_CLIENTPrivate client.

GrantType

The OAuth grant type.

Enums
GRANT_TYPE_UNSPECIFIEDShould not be used.
AUTHORIZATION_CODE_GRANTAuthorization code grant.
REFRESH_TOKEN_GRANTRefresh token grant.

Methods

create

 Creates a newOauthClient.

delete

 Deletes anOauthClient.

get

 Gets an individualOauthClient.

list

 Lists all non-deletedOauthClients in a project.

patch

 Updates an existingOauthClient.

undelete

 Undeletes anOauthClient, as long as it was deleted fewer than 30 days ago.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-11-24 UTC.