Returns the accounts Resource.
Returns the tenants Resource.
Close httplib2 connections.
createSessionCookie(targetProjectId, body=None, x__xgafv=None)
Creates a session cookie for the given Identity Platform ID token. The session cookie is used by the client to preserve the user's login state.
queryAccounts(targetProjectId, body=None, x__xgafv=None)
Looks up user accounts within a project or a tenant based on conditions in the request.
close()
Close httplib2 connections.
createSessionCookie(targetProjectId, body=None, x__xgafv=None)
Creates a session cookie for the given Identity Platform ID token. The session cookie is used by the client to preserve the user's login state.
Args:
targetProjectId: string, The ID of the project that the account belongs to. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for CreateSessionCookie.
"idToken": "A String", # Required. A valid Identity Platform ID token.
"tenantId": "A String", # The tenant ID of the Identity Platform tenant the account belongs to.
"validDuration": "A String", # The number of seconds until the session cookie expires. Specify a duration in seconds, between five minutes and fourteen days, inclusively.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response message for CreateSessionCookie.
"sessionCookie": "A String", # The session cookie that has been created from the Identity Platform ID token specified in the request. It is in the form of a JSON Web Token (JWT). Always present.
}
queryAccounts(targetProjectId, body=None, x__xgafv=None)
Looks up user accounts within a project or a tenant based on conditions in the request.
Args:
targetProjectId: string, The ID of the project to which the result is scoped. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for QueryUserInfo.
"expression": [ # Query conditions used to filter results. If more than one is passed, only the first SqlExpression is evaluated.
{ # Query conditions used to filter results.
"email": "A String", # A case insensitive string that the account's email should match. Only one of `email`, `phone_number`, or `user_id` should be specified in a SqlExpression. If more than one is specified, only the first (in that order) will be applied.
"phoneNumber": "A String", # A string that the account's phone number should match. Only one of `email`, `phone_number`, or `user_id` should be specified in a SqlExpression. If more than one is specified, only the first (in that order) will be applied.
"userId": "A String", # A string that the account's local ID should match. Only one of `email`, `phone_number`, or `user_id` should be specified in a SqlExpression If more than one is specified, only the first (in that order) will be applied.
},
],
"limit": "A String", # The maximum number of accounts to return with an upper limit of __500__. Defaults to _500_. Only valid when `return_user_info` is set to `true`.
"offset": "A String", # The number of accounts to skip from the beginning of matching records. Only valid when `return_user_info` is set to `true`.
"order": "A String", # The order for sorting query result. Defaults to __ascending__ order. Only valid when `return_user_info` is set to `true`.
"returnUserInfo": True or False, # If `true`, this request will return the accounts matching the query. If `false`, only the __count__ of accounts matching the query will be returned. Defaults to `true`.
"sortBy": "A String", # The field to use for sorting user accounts. Defaults to `USER_ID`. Note: when `phone_number` is specified in `expression`, the result ignores the sorting. Only valid when `return_user_info` is set to `true`.
"tenantId": "A String", # The ID of the tenant to which the result is scoped.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response message for QueryUserInfo.
"recordsCount": "A String", # If `return_user_info` in the request is true, this is the number of returned accounts in this message. Otherwise, this is the total number of accounts matching the query.
"userInfo": [ # If `return_user_info` in the request is true, this is the accounts matching the query.
{ # An Identity Platform account's information.
"createdAt": "A String", # The time, in milliseconds from epoch, when the account was created.
"customAttributes": "A String", # Custom claims to be added to any ID tokens minted for the account. Should be at most 1,000 characters in length and in valid JSON format.
"customAuth": True or False, # Output only. Whether this account has been authenticated using SignInWithCustomToken.
"dateOfBirth": "A String", # Output only. The date of birth set for the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"disabled": True or False, # Whether the account is disabled. Disabled accounts are inaccessible except for requests bearing a Google OAuth2 credential with proper permissions.
"displayName": "A String", # The display name of the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"email": "A String", # The account's email address. The length of the email should be less than 256 characters and in the format of `name@domain.tld`. The email should also match the [RFC 822](https://tools.ietf.org/html/rfc822) addr-spec.
"emailLinkSignin": True or False, # Output only. Whether the account can authenticate with email link.
"emailVerified": True or False, # Whether the account's email address has been verified.
"initialEmail": "A String", # The first email address associated with this account. The account's initial email cannot be changed once set and is used to recover access to this account if lost via the RECOVER_EMAIL flow in GetOobCode. Should match the [RFC 822](https://tools.ietf.org/html/rfc822) addr-spec.
"language": "A String", # Output only. The language preference of the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"lastLoginAt": "A String", # The last time, in milliseconds from epoch, this account was logged into.
"lastRefreshAt": "A String", # Timestamp when an ID token was last minted for this account.
"localId": "A String", # Immutable. The unique ID of the account.
"mfaInfo": [ # Information on which multi-factor authentication providers are enabled for this account.
{ # Information on which multi-factor authentication (MFA) providers are enabled for an account.
"displayName": "A String", # Display name for this mfa option e.g. "corp cell phone".
"emailInfo": { # Information about email MFA. # Contains information specific to email MFA.
"emailAddress": "A String", # Email address that a MFA verification should be sent to.
},
"enrolledAt": "A String", # Timestamp when the account enrolled this second factor.
"mfaEnrollmentId": "A String", # ID of this MFA option.
"phoneInfo": "A String", # Normally this will show the phone number associated with this enrollment. In some situations, such as after a first factor sign in, it will only show the obfuscated version of the associated phone number.
"totpInfo": { # Information about TOTP MFA. # Contains information specific to TOTP MFA.
},
"unobfuscatedPhoneInfo": "A String", # Output only. Unobfuscated phone_info.
},
],
"passwordHash": "A String", # The account's hashed password. Only accessible by requests bearing a Google OAuth2 credential with proper [permissions](https://cloud.google.com/identity-platform/docs/access-control).
"passwordUpdatedAt": 3.14, # The timestamp, in milliseconds from the epoch of 1970-01-01T00:00:00Z, when the account's password was last updated.
"phoneNumber": "A String", # The account's phone number.
"photoUrl": "A String", # The URL of the account's profile photo. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"providerUserInfo": [ # Information about the user as provided by various Identity Providers.
{ # Information about the user as provided by various Identity Providers.
"displayName": "A String", # The user's display name at the Identity Provider.
"email": "A String", # The user's email address at the Identity Provider.
"federatedId": "A String", # The user's identifier at the Identity Provider.
"phoneNumber": "A String", # The user's phone number at the Identity Provider.
"photoUrl": "A String", # The user's profile photo URL at the Identity Provider.
"providerId": "A String", # The ID of the Identity Provider.
"rawId": "A String", # The user's raw identifier directly returned from Identity Provider.
"screenName": "A String", # The user's screen_name at Twitter or login name at GitHub.
},
],
"rawPassword": "A String", # Input only. Plain text password used to update a account's password. This field is only ever used as input in a request. Identity Platform uses cryptographically secure hashing when managing passwords and will never store or transmit a user's password in plain text.
"salt": "A String", # The account's password salt. Only accessible by requests bearing a Google OAuth2 credential with proper permissions.
"screenName": "A String", # Output only. This account's screen name at Twitter or login name at GitHub.
"tenantId": "A String", # ID of the tenant this account belongs to. Only set if this account belongs to a tenant.
"timeZone": "A String", # Output only. The time zone preference of the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"validSince": "A String", # Oldest timestamp, in seconds since epoch, that an ID token should be considered valid. All ID tokens issued before this time are considered invalid.
"version": 42, # The version of the account's password. Only accessible by requests bearing a Google OAuth2 credential with proper permissions.
},
],
}