1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
|
<html><body>
<style>
body, h1, h2, h3, div, span, p, pre, a {
margin: 0;
padding: 0;
border: 0;
font-weight: inherit;
font-style: inherit;
font-size: 100%;
font-family: inherit;
vertical-align: baseline;
}
body {
font-size: 13px;
padding: 1em;
}
h1 {
font-size: 26px;
margin-bottom: 1em;
}
h2 {
font-size: 24px;
margin-bottom: 1em;
}
h3 {
font-size: 20px;
margin-bottom: 1em;
margin-top: 1em;
}
pre, code {
line-height: 1.5;
font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
}
pre {
margin-top: 0.5em;
}
h1, h2, h3, p {
font-family: Arial, sans serif;
}
h1, h2, h3 {
border-bottom: solid #CCC 1px;
}
.toc_element {
margin-top: 0.5em;
}
.firstline {
margin-left: 2 em;
}
.method {
margin-top: 1em;
border: solid 1px #CCC;
padding: 1em;
background: #EEE;
}
.details {
font-weight: bold;
font-size: 14px;
}
</style>
<h1><a href="identitytoolkit_v1.html">Identity Toolkit API</a> . <a href="identitytoolkit_v1.projects.html">projects</a> . <a href="identitytoolkit_v1.projects.tenants.html">tenants</a> . <a href="identitytoolkit_v1.projects.tenants.accounts.html">accounts</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
<code><a href="#batchCreate">batchCreate(targetProjectId, tenantId, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Uploads multiple accounts into the Google Cloud project. If there is a problem uploading one or more of the accounts, the rest will be uploaded, and a list of the errors will be returned. To use this method requires a Google OAuth 2.0 credential with proper [permissions](https://cloud.google.com/identity-platform/docs/access-control).</p>
<p class="toc_element">
<code><a href="#batchDelete">batchDelete(targetProjectId, tenantId, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Batch deletes multiple accounts. For accounts that fail to be deleted, error info is contained in the response. The method ignores accounts that do not exist or are duplicated in the request. This method requires a Google OAuth 2.0 credential with proper [permissions] (https://cloud.google.com/identity-platform/docs/access-control).</p>
<p class="toc_element">
<code><a href="#batchGet">batchGet(targetProjectId, tenantId, delegatedProjectNumber=None, maxResults=None, nextPageToken=None, x__xgafv=None)</a></code></p>
<p class="firstline">Download account information for all accounts on the project in a paginated manner. To use this method requires a Google OAuth 2.0 credential with proper [permissions](https://cloud.google.com/identity-platform/docs/access-control).. Furthermore, additional permissions are needed to get password hash, password salt, and password version from accounts; otherwise these fields are redacted.</p>
<p class="toc_element">
<code><a href="#batchGet_next">batchGet_next()</a></code></p>
<p class="firstline">Retrieves the next page of results.</p>
<p class="toc_element">
<code><a href="#close">close()</a></code></p>
<p class="firstline">Close httplib2 connections.</p>
<p class="toc_element">
<code><a href="#delete">delete(targetProjectId, tenantId, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Deletes a user's account.</p>
<p class="toc_element">
<code><a href="#lookup">lookup(targetProjectId, tenantId, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Gets account information for all matched accounts. For an end user request, retrieves the account of the end user. For an admin request with Google OAuth 2.0 credential, retrieves one or multiple account(s) with matching criteria.</p>
<p class="toc_element">
<code><a href="#query">query(targetProjectId, tenantId, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Looks up user accounts within a project or a tenant based on conditions in the request.</p>
<p class="toc_element">
<code><a href="#sendOobCode">sendOobCode(targetProjectId, tenantId, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Sends an out-of-band confirmation code for an account. Requests from a authenticated request can optionally return a link including the OOB code instead of sending it.</p>
<p class="toc_element">
<code><a href="#update">update(targetProjectId, tenantId, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Updates account-related information for the specified user by setting specific fields or applying action codes. Requests from administrators and end users are supported.</p>
<h3>Method Details</h3>
<div class="method">
<code class="details" id="batchCreate">batchCreate(targetProjectId, tenantId, body=None, x__xgafv=None)</code>
<pre>Uploads multiple accounts into the Google Cloud project. If there is a problem uploading one or more of the accounts, the rest will be uploaded, and a list of the errors will be returned. To use this method requires a Google OAuth 2.0 credential with proper [permissions](https://cloud.google.com/identity-platform/docs/access-control).
Args:
targetProjectId: string, The Project ID of the Identity Platform project which the account belongs to. (required)
tenantId: string, The ID of the Identity Platform tenant the account belongs to. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for UploadAccount.
"allowOverwrite": True or False, # Whether to overwrite an existing account in Identity Platform with a matching `local_id` in the request. If true, the existing account will be overwritten. If false, an error will be returned.
"argon2Parameters": { # The parameters for Argon2 hashing algorithm. # The parameters for Argon2 hashing algorithm.
"associatedData": "A String", # The additional associated data, if provided, is appended to the hash value to provide an additional layer of security. A base64-encoded string if specified via JSON.
"hashLengthBytes": 42, # Required. The desired hash length in bytes. Minimum is 4 and maximum is 1024.
"hashType": "A String", # Required. Must not be HASH_TYPE_UNSPECIFIED.
"iterations": 42, # Required. The number of iterations to perform. Minimum is 1, maximum is 16.
"memoryCostKib": 42, # Required. The memory cost in kibibytes. Maximum is 32768.
"parallelism": 42, # Required. The degree of parallelism, also called threads or lanes. Minimum is 1, maximum is 16.
"version": "A String", # The version of the Argon2 algorithm. This defaults to VERSION_13 if not specified.
},
"blockSize": 42, # The block size parameter used by the STANDARD_SCRYPT hashing function. This parameter, along with parallelization and cpu_mem_cost help tune the resources needed to hash a password, and should be tuned as processor speeds and memory technologies advance.
"cpuMemCost": 42, # The CPU memory cost parameter to be used by the STANDARD_SCRYPT hashing function. This parameter, along with block_size and cpu_mem_cost help tune the resources needed to hash a password, and should be tuned as processor speeds and memory technologies advance.
"delegatedProjectNumber": "A String",
"dkLen": 42, # The desired key length for the STANDARD_SCRYPT hashing function. Must be at least 1.
"hashAlgorithm": "A String", # Required. The hashing function used to hash the account passwords. Must be one of the following: * HMAC_SHA256 * HMAC_SHA1 * HMAC_MD5 * SCRYPT * PBKDF_SHA1 * MD5 * HMAC_SHA512 * SHA1 * BCRYPT * PBKDF2_SHA256 * SHA256 * SHA512 * STANDARD_SCRYPT * ARGON2
"memoryCost": 42, # Memory cost for hash calculation. Only required when the hashing function is SCRYPT.
"parallelization": 42, # The parallelization cost parameter to be used by the STANDARD_SCRYPT hashing function. This parameter, along with block_size and cpu_mem_cost help tune the resources needed to hash a password, and should be tuned as processor speeds and memory technologies advance.
"passwordHashOrder": "A String",
"rounds": 42, # The number of rounds used for hash calculation. Only required for the following hashing functions: * MD5 * SHA1 * SHA256 * SHA512 * PBKDF_SHA1 * PBKDF2_SHA256 * SCRYPT
"saltSeparator": "A String", # One or more bytes to be inserted between the salt and plain text password. For stronger security, this should be a single non-printable character.
"sanityCheck": True or False, # If true, the service will do the following list of checks before an account is uploaded: * Duplicate emails * Duplicate federated IDs * Federated ID provider validation If the duplication exists within the list of accounts to be uploaded, it will prevent the entire list from being uploaded. If the email or federated ID is a duplicate of a user already within the project/tenant, the account will not be uploaded, but the rest of the accounts will be unaffected. If false, these checks will be skipped.
"signerKey": "A String", # The signer key used to hash the password. Required for the following hashing functions: * SCRYPT, * HMAC_MD5, * HMAC_SHA1, * HMAC_SHA256, * HMAC_SHA512
"tenantId": "A String", # The ID of the Identity Platform tenant the account belongs to.
"users": [ # A list of accounts to upload. `local_id` is required for each user; everything else is optional.
{ # An Identity Platform account's information.
"createdAt": "A String", # The time, in milliseconds from epoch, when the account was created.
"customAttributes": "A String", # Custom claims to be added to any ID tokens minted for the account. Should be at most 1,000 characters in length and in valid JSON format.
"customAuth": True or False, # Output only. Whether this account has been authenticated using SignInWithCustomToken.
"dateOfBirth": "A String", # Output only. The date of birth set for the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"disabled": True or False, # Whether the account is disabled. Disabled accounts are inaccessible except for requests bearing a Google OAuth2 credential with proper permissions.
"displayName": "A String", # The display name of the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"email": "A String", # The account's email address. The length of the email should be less than 256 characters and in the format of `name@domain.tld`. The email should also match the [RFC 822](https://tools.ietf.org/html/rfc822) addr-spec.
"emailLinkSignin": True or False, # Output only. Whether the account can authenticate with email link.
"emailVerified": True or False, # Whether the account's email address has been verified.
"initialEmail": "A String", # The first email address associated with this account. The account's initial email cannot be changed once set and is used to recover access to this account if lost via the RECOVER_EMAIL flow in GetOobCode. Should match the [RFC 822](https://tools.ietf.org/html/rfc822) addr-spec.
"language": "A String", # Output only. The language preference of the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"lastLoginAt": "A String", # The last time, in milliseconds from epoch, this account was logged into.
"lastRefreshAt": "A String", # Timestamp when an ID token was last minted for this account.
"localId": "A String", # Immutable. The unique ID of the account.
"mfaInfo": [ # Information on which multi-factor authentication providers are enabled for this account.
{ # Information on which multi-factor authentication (MFA) providers are enabled for an account.
"displayName": "A String", # Display name for this mfa option e.g. "corp cell phone".
"emailInfo": { # Information about email MFA. # Contains information specific to email MFA.
"emailAddress": "A String", # Email address that a MFA verification should be sent to.
},
"enrolledAt": "A String", # Timestamp when the account enrolled this second factor.
"mfaEnrollmentId": "A String", # ID of this MFA option.
"phoneInfo": "A String", # Normally this will show the phone number associated with this enrollment. In some situations, such as after a first factor sign in, it will only show the obfuscated version of the associated phone number.
"totpInfo": { # Information about TOTP MFA. # Contains information specific to TOTP MFA.
},
"unobfuscatedPhoneInfo": "A String", # Output only. Unobfuscated phone_info.
},
],
"passwordHash": "A String", # The account's hashed password. Only accessible by requests bearing a Google OAuth2 credential with proper [permissions](https://cloud.google.com/identity-platform/docs/access-control).
"passwordUpdatedAt": 3.14, # The timestamp, in milliseconds from the epoch of 1970-01-01T00:00:00Z, when the account's password was last updated.
"phoneNumber": "A String", # The account's phone number.
"photoUrl": "A String", # The URL of the account's profile photo. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"providerUserInfo": [ # Information about the user as provided by various Identity Providers.
{ # Information about the user as provided by various Identity Providers.
"displayName": "A String", # The user's display name at the Identity Provider.
"email": "A String", # The user's email address at the Identity Provider.
"federatedId": "A String", # The user's identifier at the Identity Provider.
"phoneNumber": "A String", # The user's phone number at the Identity Provider.
"photoUrl": "A String", # The user's profile photo URL at the Identity Provider.
"providerId": "A String", # The ID of the Identity Provider.
"rawId": "A String", # The user's raw identifier directly returned from Identity Provider.
"screenName": "A String", # The user's screen_name at Twitter or login name at GitHub.
},
],
"rawPassword": "A String", # Input only. Plain text password used to update a account's password. This field is only ever used as input in a request. Identity Platform uses cryptographically secure hashing when managing passwords and will never store or transmit a user's password in plain text.
"salt": "A String", # The account's password salt. Only accessible by requests bearing a Google OAuth2 credential with proper permissions.
"screenName": "A String", # Output only. This account's screen name at Twitter or login name at GitHub.
"tenantId": "A String", # ID of the tenant this account belongs to. Only set if this account belongs to a tenant.
"timeZone": "A String", # Output only. The time zone preference of the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"validSince": "A String", # Oldest timestamp, in seconds since epoch, that an ID token should be considered valid. All ID tokens issued before this time are considered invalid.
"version": 42, # The version of the account's password. Only accessible by requests bearing a Google OAuth2 credential with proper permissions.
},
],
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response message for UploadAccount.
"error": [ # Detailed error info for accounts that cannot be uploaded.
{ # Error information explaining why an account cannot be uploaded. batch upload.
"index": 42, # The index of the item, range is [0, request.size - 1]
"message": "A String", # Detailed error message
},
],
"kind": "A String",
}</pre>
</div>
<div class="method">
<code class="details" id="batchDelete">batchDelete(targetProjectId, tenantId, body=None, x__xgafv=None)</code>
<pre>Batch deletes multiple accounts. For accounts that fail to be deleted, error info is contained in the response. The method ignores accounts that do not exist or are duplicated in the request. This method requires a Google OAuth 2.0 credential with proper [permissions] (https://cloud.google.com/identity-platform/docs/access-control).
Args:
targetProjectId: string, If `tenant_id` is specified, the ID of the Google Cloud project that the Identity Platform tenant belongs to. Otherwise, the ID of the Google Cloud project that accounts belong to. (required)
tenantId: string, If the accounts belong to an Identity Platform tenant, the ID of the tenant. If the accounts belong to a default Identity Platform project, the field is not needed. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for BatchDeleteAccounts.
"force": True or False, # Whether to force deleting accounts that are not in disabled state. If false, only disabled accounts will be deleted, and accounts that are not disabled will be added to the `errors`.
"localIds": [ # Required. List of user IDs to be deleted.
"A String",
],
"tenantId": "A String", # If the accounts belong to an Identity Platform tenant, the ID of the tenant. If the accounts belong to a default Identity Platform project, the field is not needed.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response message to BatchDeleteAccounts.
"errors": [ # Detailed error info for accounts that cannot be deleted.
{ # Error info for account failed to be deleted.
"index": 42, # The index of the errored item in the original local_ids field.
"localId": "A String", # The corresponding user ID.
"message": "A String", # Detailed error message.
},
],
}</pre>
</div>
<div class="method">
<code class="details" id="batchGet">batchGet(targetProjectId, tenantId, delegatedProjectNumber=None, maxResults=None, nextPageToken=None, x__xgafv=None)</code>
<pre>Download account information for all accounts on the project in a paginated manner. To use this method requires a Google OAuth 2.0 credential with proper [permissions](https://cloud.google.com/identity-platform/docs/access-control).. Furthermore, additional permissions are needed to get password hash, password salt, and password version from accounts; otherwise these fields are redacted.
Args:
targetProjectId: string, If `tenant_id` is specified, the ID of the Google Cloud project that the Identity Platform tenant belongs to. Otherwise, the ID of the Google Cloud project that the accounts belong to. (required)
tenantId: string, The ID of the Identity Platform tenant the accounts belongs to. If not specified, accounts on the Identity Platform project are returned. (required)
delegatedProjectNumber: string, A parameter
maxResults: integer, The maximum number of results to return. Must be at least 1 and no greater than 1000. By default, it is 20.
nextPageToken: string, The pagination token from the response of a previous request.
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response message for DownloadAccount.
"kind": "A String",
"nextPageToken": "A String", # If there are more accounts to be downloaded, a token that can be passed back to DownloadAccount to get more accounts. Otherwise, this is blank.
"users": [ # All accounts belonging to the project/tenant limited by max_results in the request.
{ # An Identity Platform account's information.
"createdAt": "A String", # The time, in milliseconds from epoch, when the account was created.
"customAttributes": "A String", # Custom claims to be added to any ID tokens minted for the account. Should be at most 1,000 characters in length and in valid JSON format.
"customAuth": True or False, # Output only. Whether this account has been authenticated using SignInWithCustomToken.
"dateOfBirth": "A String", # Output only. The date of birth set for the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"disabled": True or False, # Whether the account is disabled. Disabled accounts are inaccessible except for requests bearing a Google OAuth2 credential with proper permissions.
"displayName": "A String", # The display name of the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"email": "A String", # The account's email address. The length of the email should be less than 256 characters and in the format of `name@domain.tld`. The email should also match the [RFC 822](https://tools.ietf.org/html/rfc822) addr-spec.
"emailLinkSignin": True or False, # Output only. Whether the account can authenticate with email link.
"emailVerified": True or False, # Whether the account's email address has been verified.
"initialEmail": "A String", # The first email address associated with this account. The account's initial email cannot be changed once set and is used to recover access to this account if lost via the RECOVER_EMAIL flow in GetOobCode. Should match the [RFC 822](https://tools.ietf.org/html/rfc822) addr-spec.
"language": "A String", # Output only. The language preference of the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"lastLoginAt": "A String", # The last time, in milliseconds from epoch, this account was logged into.
"lastRefreshAt": "A String", # Timestamp when an ID token was last minted for this account.
"localId": "A String", # Immutable. The unique ID of the account.
"mfaInfo": [ # Information on which multi-factor authentication providers are enabled for this account.
{ # Information on which multi-factor authentication (MFA) providers are enabled for an account.
"displayName": "A String", # Display name for this mfa option e.g. "corp cell phone".
"emailInfo": { # Information about email MFA. # Contains information specific to email MFA.
"emailAddress": "A String", # Email address that a MFA verification should be sent to.
},
"enrolledAt": "A String", # Timestamp when the account enrolled this second factor.
"mfaEnrollmentId": "A String", # ID of this MFA option.
"phoneInfo": "A String", # Normally this will show the phone number associated with this enrollment. In some situations, such as after a first factor sign in, it will only show the obfuscated version of the associated phone number.
"totpInfo": { # Information about TOTP MFA. # Contains information specific to TOTP MFA.
},
"unobfuscatedPhoneInfo": "A String", # Output only. Unobfuscated phone_info.
},
],
"passwordHash": "A String", # The account's hashed password. Only accessible by requests bearing a Google OAuth2 credential with proper [permissions](https://cloud.google.com/identity-platform/docs/access-control).
"passwordUpdatedAt": 3.14, # The timestamp, in milliseconds from the epoch of 1970-01-01T00:00:00Z, when the account's password was last updated.
"phoneNumber": "A String", # The account's phone number.
"photoUrl": "A String", # The URL of the account's profile photo. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"providerUserInfo": [ # Information about the user as provided by various Identity Providers.
{ # Information about the user as provided by various Identity Providers.
"displayName": "A String", # The user's display name at the Identity Provider.
"email": "A String", # The user's email address at the Identity Provider.
"federatedId": "A String", # The user's identifier at the Identity Provider.
"phoneNumber": "A String", # The user's phone number at the Identity Provider.
"photoUrl": "A String", # The user's profile photo URL at the Identity Provider.
"providerId": "A String", # The ID of the Identity Provider.
"rawId": "A String", # The user's raw identifier directly returned from Identity Provider.
"screenName": "A String", # The user's screen_name at Twitter or login name at GitHub.
},
],
"rawPassword": "A String", # Input only. Plain text password used to update a account's password. This field is only ever used as input in a request. Identity Platform uses cryptographically secure hashing when managing passwords and will never store or transmit a user's password in plain text.
"salt": "A String", # The account's password salt. Only accessible by requests bearing a Google OAuth2 credential with proper permissions.
"screenName": "A String", # Output only. This account's screen name at Twitter or login name at GitHub.
"tenantId": "A String", # ID of the tenant this account belongs to. Only set if this account belongs to a tenant.
"timeZone": "A String", # Output only. The time zone preference of the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"validSince": "A String", # Oldest timestamp, in seconds since epoch, that an ID token should be considered valid. All ID tokens issued before this time are considered invalid.
"version": 42, # The version of the account's password. Only accessible by requests bearing a Google OAuth2 credential with proper permissions.
},
],
}</pre>
</div>
<div class="method">
<code class="details" id="batchGet_next">batchGet_next()</code>
<pre>Retrieves the next page of results.
Args:
previous_request: The request for the previous page. (required)
previous_response: The response from the request for the previous page. (required)
Returns:
A request object that you can call 'execute()' on to request the next
page. Returns None if there are no more items in the collection.
</pre>
</div>
<div class="method">
<code class="details" id="close">close()</code>
<pre>Close httplib2 connections.</pre>
</div>
<div class="method">
<code class="details" id="delete">delete(targetProjectId, tenantId, body=None, x__xgafv=None)</code>
<pre>Deletes a user's account.
Args:
targetProjectId: string, The ID of the project which the account belongs to. Should only be specified in authenticated requests that specify local_id of an account. (required)
tenantId: string, The ID of the tenant that the account belongs to, if applicable. Only require to be specified for authenticated requests bearing a Google OAuth 2.0 credential that specify local_id of an account that belongs to an Identity Platform tenant. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for DeleteAccount.
"delegatedProjectNumber": "A String",
"idToken": "A String", # The Identity Platform ID token of the account to delete. Require to be specified for requests from end users that lack Google OAuth 2.0 credential. Authenticated requests bearing a Google OAuth2 credential with proper permissions may pass local_id to specify the account to delete alternatively.
"localId": "A String", # The ID of user account to delete. Specifying this field requires a Google OAuth 2.0 credential with proper [permissions](https://cloud.google.com/identity-platform/docs/access-control). Requests from users lacking the credential should pass an ID token instead.
"targetProjectId": "A String", # The ID of the project which the account belongs to. Should only be specified in authenticated requests that specify local_id of an account.
"tenantId": "A String", # The ID of the tenant that the account belongs to, if applicable. Only require to be specified for authenticated requests bearing a Google OAuth 2.0 credential that specify local_id of an account that belongs to an Identity Platform tenant.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response message for DeleteAccount.
"kind": "A String",
}</pre>
</div>
<div class="method">
<code class="details" id="lookup">lookup(targetProjectId, tenantId, body=None, x__xgafv=None)</code>
<pre>Gets account information for all matched accounts. For an end user request, retrieves the account of the end user. For an admin request with Google OAuth 2.0 credential, retrieves one or multiple account(s) with matching criteria.
Args:
targetProjectId: string, The ID of the Google Cloud project that the account or the Identity Platform tenant specified by `tenant_id` belongs to. Should only be specified by authenticated requests bearing a Google OAuth 2.0 credential with proper [permissions](https://cloud.google.com/identity-platform/docs/access-control). (required)
tenantId: string, The ID of the tenant that the account belongs to. Should only be specified by authenticated requests from a developer. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for GetAccountInfo.
"delegatedProjectNumber": "A String",
"email": [ # The email address of one or more accounts to fetch. The length of email should be less than 256 characters and in the format of `name@domain.tld`. The email should also match the [RFC 822](https://tools.ietf.org/html/rfc822) addr-spec production. Should only be specified by authenticated requests from a developer.
"A String",
],
"federatedUserId": [
{ # Federated user identifier at an Identity Provider.
"providerId": "A String", # The ID of supported identity providers. This should be a provider ID enabled for sign-in, which is either from the list of [default supported IdPs](https://cloud.google.com/identity-platform/docs/reference/rest/v2/defaultSupportedIdps/list), or of the format `oidc.*` or `saml.*`. Some examples are `google.com`, `facebook.com`, `oidc.testapp`, and `saml.testapp`.
"rawId": "A String", # The user ID of the account at the third-party Identity Provider specified by `provider_id`.
},
],
"idToken": "A String", # The Identity Platform ID token of the account to fetch. Require to be specified for requests from end users.
"initialEmail": [ # The initial email of one or more accounts to fetch. The length of email should be less than 256 characters and in the format of `name@domain.tld`. The email should also match the [RFC 822](https://tools.ietf.org/html/rfc822) addr-spec production. Should only be specified by authenticated requests from a developer.
"A String",
],
"localId": [ # The ID of one or more accounts to fetch. Should only be specified by authenticated requests bearing a Google OAuth 2.0 credential with proper [permissions](https://cloud.google.com/identity-platform/docs/access-control).
"A String",
],
"phoneNumber": [ # The phone number of one or more accounts to fetch. Should only be specified by authenticated requests from a developer and should be in E.164 format, for example, +15555555555.
"A String",
],
"targetProjectId": "A String", # The ID of the Google Cloud project that the account or the Identity Platform tenant specified by `tenant_id` belongs to. Should only be specified by authenticated requests bearing a Google OAuth 2.0 credential with proper [permissions](https://cloud.google.com/identity-platform/docs/access-control).
"tenantId": "A String", # The ID of the tenant that the account belongs to. Should only be specified by authenticated requests from a developer.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response message for GetAccountInfo.
"kind": "A String",
"users": [ # The information of specific user account(s) matching the parameters in the request.
{ # An Identity Platform account's information.
"createdAt": "A String", # The time, in milliseconds from epoch, when the account was created.
"customAttributes": "A String", # Custom claims to be added to any ID tokens minted for the account. Should be at most 1,000 characters in length and in valid JSON format.
"customAuth": True or False, # Output only. Whether this account has been authenticated using SignInWithCustomToken.
"dateOfBirth": "A String", # Output only. The date of birth set for the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"disabled": True or False, # Whether the account is disabled. Disabled accounts are inaccessible except for requests bearing a Google OAuth2 credential with proper permissions.
"displayName": "A String", # The display name of the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"email": "A String", # The account's email address. The length of the email should be less than 256 characters and in the format of `name@domain.tld`. The email should also match the [RFC 822](https://tools.ietf.org/html/rfc822) addr-spec.
"emailLinkSignin": True or False, # Output only. Whether the account can authenticate with email link.
"emailVerified": True or False, # Whether the account's email address has been verified.
"initialEmail": "A String", # The first email address associated with this account. The account's initial email cannot be changed once set and is used to recover access to this account if lost via the RECOVER_EMAIL flow in GetOobCode. Should match the [RFC 822](https://tools.ietf.org/html/rfc822) addr-spec.
"language": "A String", # Output only. The language preference of the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"lastLoginAt": "A String", # The last time, in milliseconds from epoch, this account was logged into.
"lastRefreshAt": "A String", # Timestamp when an ID token was last minted for this account.
"localId": "A String", # Immutable. The unique ID of the account.
"mfaInfo": [ # Information on which multi-factor authentication providers are enabled for this account.
{ # Information on which multi-factor authentication (MFA) providers are enabled for an account.
"displayName": "A String", # Display name for this mfa option e.g. "corp cell phone".
"emailInfo": { # Information about email MFA. # Contains information specific to email MFA.
"emailAddress": "A String", # Email address that a MFA verification should be sent to.
},
"enrolledAt": "A String", # Timestamp when the account enrolled this second factor.
"mfaEnrollmentId": "A String", # ID of this MFA option.
"phoneInfo": "A String", # Normally this will show the phone number associated with this enrollment. In some situations, such as after a first factor sign in, it will only show the obfuscated version of the associated phone number.
"totpInfo": { # Information about TOTP MFA. # Contains information specific to TOTP MFA.
},
"unobfuscatedPhoneInfo": "A String", # Output only. Unobfuscated phone_info.
},
],
"passwordHash": "A String", # The account's hashed password. Only accessible by requests bearing a Google OAuth2 credential with proper [permissions](https://cloud.google.com/identity-platform/docs/access-control).
"passwordUpdatedAt": 3.14, # The timestamp, in milliseconds from the epoch of 1970-01-01T00:00:00Z, when the account's password was last updated.
"phoneNumber": "A String", # The account's phone number.
"photoUrl": "A String", # The URL of the account's profile photo. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"providerUserInfo": [ # Information about the user as provided by various Identity Providers.
{ # Information about the user as provided by various Identity Providers.
"displayName": "A String", # The user's display name at the Identity Provider.
"email": "A String", # The user's email address at the Identity Provider.
"federatedId": "A String", # The user's identifier at the Identity Provider.
"phoneNumber": "A String", # The user's phone number at the Identity Provider.
"photoUrl": "A String", # The user's profile photo URL at the Identity Provider.
"providerId": "A String", # The ID of the Identity Provider.
"rawId": "A String", # The user's raw identifier directly returned from Identity Provider.
"screenName": "A String", # The user's screen_name at Twitter or login name at GitHub.
},
],
"rawPassword": "A String", # Input only. Plain text password used to update a account's password. This field is only ever used as input in a request. Identity Platform uses cryptographically secure hashing when managing passwords and will never store or transmit a user's password in plain text.
"salt": "A String", # The account's password salt. Only accessible by requests bearing a Google OAuth2 credential with proper permissions.
"screenName": "A String", # Output only. This account's screen name at Twitter or login name at GitHub.
"tenantId": "A String", # ID of the tenant this account belongs to. Only set if this account belongs to a tenant.
"timeZone": "A String", # Output only. The time zone preference of the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"validSince": "A String", # Oldest timestamp, in seconds since epoch, that an ID token should be considered valid. All ID tokens issued before this time are considered invalid.
"version": 42, # The version of the account's password. Only accessible by requests bearing a Google OAuth2 credential with proper permissions.
},
],
}</pre>
</div>
<div class="method">
<code class="details" id="query">query(targetProjectId, tenantId, body=None, x__xgafv=None)</code>
<pre>Looks up user accounts within a project or a tenant based on conditions in the request.
Args:
targetProjectId: string, The ID of the project to which the result is scoped. (required)
tenantId: string, The ID of the tenant to which the result is scoped. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for QueryUserInfo.
"expression": [
{ # Query conditions used to filter results.
"email": "A String", # A case insensitive string that the account's email should match. Only one of `email`, `phone_number`, or `user_id` should be specified in a SqlExpression. If more than one is specified, only the first (in that order) will be applied.
"phoneNumber": "A String", # A string that the account's phone number should match. Only one of `email`, `phone_number`, or `user_id` should be specified in a SqlExpression. If more than one is specified, only the first (in that order) will be applied.
"userId": "A String", # A string that the account's local ID should match. Only one of `email`, `phone_number`, or `user_id` should be specified in a SqlExpression If more than one is specified, only the first (in that order) will be applied.
},
],
"limit": "A String", # The maximum number of accounts to return with an upper limit of __500__. Defaults to _500_. Only valid when `return_user_info` is set to `true`.
"offset": "A String", # The number of accounts to skip from the beginning of matching records. Only valid when `return_user_info` is set to `true`.
"order": "A String",
"returnUserInfo": True or False, # If `true`, this request will return the accounts matching the query. If `false`, only the __count__ of accounts matching the query will be returned. Defaults to `true`.
"sortBy": "A String",
"tenantId": "A String", # The ID of the tenant to which the result is scoped.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response message for QueryUserInfo.
"recordsCount": "A String", # If `return_user_info` in the request is true, this is the number of returned accounts in this message. Otherwise, this is the total number of accounts matching the query.
"userInfo": [ # If `return_user_info` in the request is true, this is the accounts matching the query.
{ # An Identity Platform account's information.
"createdAt": "A String", # The time, in milliseconds from epoch, when the account was created.
"customAttributes": "A String", # Custom claims to be added to any ID tokens minted for the account. Should be at most 1,000 characters in length and in valid JSON format.
"customAuth": True or False, # Output only. Whether this account has been authenticated using SignInWithCustomToken.
"dateOfBirth": "A String", # Output only. The date of birth set for the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"disabled": True or False, # Whether the account is disabled. Disabled accounts are inaccessible except for requests bearing a Google OAuth2 credential with proper permissions.
"displayName": "A String", # The display name of the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"email": "A String", # The account's email address. The length of the email should be less than 256 characters and in the format of `name@domain.tld`. The email should also match the [RFC 822](https://tools.ietf.org/html/rfc822) addr-spec.
"emailLinkSignin": True or False, # Output only. Whether the account can authenticate with email link.
"emailVerified": True or False, # Whether the account's email address has been verified.
"initialEmail": "A String", # The first email address associated with this account. The account's initial email cannot be changed once set and is used to recover access to this account if lost via the RECOVER_EMAIL flow in GetOobCode. Should match the [RFC 822](https://tools.ietf.org/html/rfc822) addr-spec.
"language": "A String", # Output only. The language preference of the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"lastLoginAt": "A String", # The last time, in milliseconds from epoch, this account was logged into.
"lastRefreshAt": "A String", # Timestamp when an ID token was last minted for this account.
"localId": "A String", # Immutable. The unique ID of the account.
"mfaInfo": [ # Information on which multi-factor authentication providers are enabled for this account.
{ # Information on which multi-factor authentication (MFA) providers are enabled for an account.
"displayName": "A String", # Display name for this mfa option e.g. "corp cell phone".
"emailInfo": { # Information about email MFA. # Contains information specific to email MFA.
"emailAddress": "A String", # Email address that a MFA verification should be sent to.
},
"enrolledAt": "A String", # Timestamp when the account enrolled this second factor.
"mfaEnrollmentId": "A String", # ID of this MFA option.
"phoneInfo": "A String", # Normally this will show the phone number associated with this enrollment. In some situations, such as after a first factor sign in, it will only show the obfuscated version of the associated phone number.
"totpInfo": { # Information about TOTP MFA. # Contains information specific to TOTP MFA.
},
"unobfuscatedPhoneInfo": "A String", # Output only. Unobfuscated phone_info.
},
],
"passwordHash": "A String", # The account's hashed password. Only accessible by requests bearing a Google OAuth2 credential with proper [permissions](https://cloud.google.com/identity-platform/docs/access-control).
"passwordUpdatedAt": 3.14, # The timestamp, in milliseconds from the epoch of 1970-01-01T00:00:00Z, when the account's password was last updated.
"phoneNumber": "A String", # The account's phone number.
"photoUrl": "A String", # The URL of the account's profile photo. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"providerUserInfo": [ # Information about the user as provided by various Identity Providers.
{ # Information about the user as provided by various Identity Providers.
"displayName": "A String", # The user's display name at the Identity Provider.
"email": "A String", # The user's email address at the Identity Provider.
"federatedId": "A String", # The user's identifier at the Identity Provider.
"phoneNumber": "A String", # The user's phone number at the Identity Provider.
"photoUrl": "A String", # The user's profile photo URL at the Identity Provider.
"providerId": "A String", # The ID of the Identity Provider.
"rawId": "A String", # The user's raw identifier directly returned from Identity Provider.
"screenName": "A String", # The user's screen_name at Twitter or login name at GitHub.
},
],
"rawPassword": "A String", # Input only. Plain text password used to update a account's password. This field is only ever used as input in a request. Identity Platform uses cryptographically secure hashing when managing passwords and will never store or transmit a user's password in plain text.
"salt": "A String", # The account's password salt. Only accessible by requests bearing a Google OAuth2 credential with proper permissions.
"screenName": "A String", # Output only. This account's screen name at Twitter or login name at GitHub.
"tenantId": "A String", # ID of the tenant this account belongs to. Only set if this account belongs to a tenant.
"timeZone": "A String", # Output only. The time zone preference of the account. This account attribute is not used by Identity Platform. It is available for informational purposes only.
"validSince": "A String", # Oldest timestamp, in seconds since epoch, that an ID token should be considered valid. All ID tokens issued before this time are considered invalid.
"version": 42, # The version of the account's password. Only accessible by requests bearing a Google OAuth2 credential with proper permissions.
},
],
}</pre>
</div>
<div class="method">
<code class="details" id="sendOobCode">sendOobCode(targetProjectId, tenantId, body=None, x__xgafv=None)</code>
<pre>Sends an out-of-band confirmation code for an account. Requests from a authenticated request can optionally return a link including the OOB code instead of sending it.
Args:
targetProjectId: string, The Project ID of the Identity Platform project which the account belongs to. To specify this field, it requires a Google OAuth 2.0 credential with proper [permissions](https://cloud.google.com/identity-platform/docs/access-control). (required)
tenantId: string, The tenant ID of the Identity Platform tenant the account belongs to. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for GetOobCode.
"androidInstallApp": True or False, # If an associated android app can handle the OOB code, whether or not to install the android app on the device where the link is opened if the app is not already installed.
"androidMinimumVersion": "A String", # If an associated android app can handle the OOB code, the minimum version of the app. If the version on the device is lower than this version then the user is taken to Google Play Store to upgrade the app.
"androidPackageName": "A String", # If an associated android app can handle the OOB code, the Android package name of the android app that will handle the callback when this OOB code is used. This will allow the correct app to open if it is already installed, or allow Google Play Store to open to the correct app if it is not yet installed.
"canHandleCodeInApp": True or False, # When set to true, the OOB code link will be be sent as a Universal Link or an Android App Link and will be opened by the corresponding app if installed. If not set, or set to false, the OOB code will be sent to the web widget first and then on continue will redirect to the app if installed.
"captchaResp": "A String", # For a PASSWORD_RESET request, a reCaptcha response is required when the system detects possible abuse activity. In those cases, this is the response from the reCaptcha challenge used to verify the caller.
"challenge": "A String",
"clientType": "A String", # The client type: web, Android or iOS. Required when reCAPTCHA Enterprise protection is enabled.
"continueUrl": "A String", # The Url to continue after user clicks the link sent in email. This is the url that will allow the web widget to handle the OOB code.
"dynamicLinkDomain": "A String", # In order to ensure that the url used can be easily opened up in iOS or android, we create a [Firebase Dynamic Link](https://firebase.google.com/docs/dynamic-links). Most Identity Platform projects will only have one Dynamic Link domain enabled, and can leave this field blank. This field contains a specified Dynamic Link domain for projects that have multiple enabled.
"email": "A String", # The account's email address to send the OOB code to, and generally the email address of the account that needs to be updated. Required for PASSWORD_RESET, EMAIL_SIGNIN, and VERIFY_EMAIL. Only required for VERIFY_AND_CHANGE_EMAIL requests when return_oob_link is set to true. In this case, it is the original email of the user.
"iOSAppStoreId": "A String", # If an associated iOS app can handle the OOB code, the App Store id of this app. This will allow App Store to open to the correct app if the app is not yet installed.
"iOSBundleId": "A String", # If an associated iOS app can handle the OOB code, the iOS bundle id of this app. This will allow the correct app to open if it is already installed.
"idToken": "A String", # An ID token for the account. It is required for VERIFY_AND_CHANGE_EMAIL and VERIFY_EMAIL requests unless return_oob_link is set to true.
"linkDomain": "A String", # Optional. In order to ensure that the url used can be easily opened in iOS or Android, we create a Hosting link '/__/auth/links'. This optional field contains the domain to use when constructing a Hosting link. If not set, '.firebaseapp.com' domain will be used.
"newEmail": "A String", # The email address the account is being updated to. Required only for VERIFY_AND_CHANGE_EMAIL requests.
"recaptchaVersion": "A String", # The reCAPTCHA version of the reCAPTCHA token in the captcha_response.
"requestType": "A String", # Required. The type of out-of-band (OOB) code to send. Depending on this value, other fields in this request will be required and/or have different meanings. There are 4 different OOB codes that can be sent: * PASSWORD_RESET * EMAIL_SIGNIN * VERIFY_EMAIL * VERIFY_AND_CHANGE_EMAIL
"returnOobLink": True or False, # Whether the confirmation link containing the OOB code should be returned in the response (no email is sent). Used when a developer wants to construct the email template and send it on their own. By default this is false; to specify this field, and to set it to true, it requires a Google OAuth 2.0 credential with proper [permissions](https://cloud.google.com/identity-platform/docs/access-control)
"targetProjectId": "A String", # The Project ID of the Identity Platform project which the account belongs to. To specify this field, it requires a Google OAuth 2.0 credential with proper [permissions](https://cloud.google.com/identity-platform/docs/access-control).
"tenantId": "A String", # The tenant ID of the Identity Platform tenant the account belongs to.
"userIp": "A String", # The IP address of the caller. Required only for PASSWORD_RESET requests.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response message for GetOobCode.
"email": "A String", # If return_oob_link is false in the request, the email address the verification was sent to.
"kind": "A String",
"oobCode": "A String", # If return_oob_link is true in the request, the OOB code to send.
"oobLink": "A String", # If return_oob_link is true in the request, the OOB link to be sent to the user. This returns the constructed link including [Firebase Dynamic Link](https://firebase.google.com/docs/dynamic-links) related parameters.
}</pre>
</div>
<div class="method">
<code class="details" id="update">update(targetProjectId, tenantId, body=None, x__xgafv=None)</code>
<pre>Updates account-related information for the specified user by setting specific fields or applying action codes. Requests from administrators and end users are supported.
Args:
targetProjectId: string, The project ID for the project that the account belongs to. Specifying this field requires Google OAuth 2.0 credential with proper [permissions] (https://cloud.google.com/identity-platform/docs/access-control). Requests from end users should pass an Identity Platform ID token instead. (required)
tenantId: string, The tenant ID of the Identity Platform tenant that the account belongs to. Requests from end users should pass an Identity Platform ID token rather than setting this field. (required)
body: object, The request body.
The object takes the form of:
{ # Request message for SetAccountInfo.
"captchaChallenge": "A String",
"captchaResponse": "A String", # The response from reCaptcha challenge. This is required when the system detects possible abuse activities.
"createdAt": "A String", # The timestamp in milliseconds when the account was created.
"customAttributes": "A String", # JSON formatted custom attributes to be stored in the Identity Platform ID token. Specifying this field requires a Google OAuth 2.0 credential with proper [permissions] (https://cloud.google.com/identity-platform/docs/access-control).
"delegatedProjectNumber": "A String",
"deleteAttribute": [
"A String",
],
"deleteProvider": [ # The Identity Providers to unlink from the user's account.
"A String",
],
"disableUser": True or False, # If true, marks the account as disabled, meaning the user will no longer be able to sign-in.
"displayName": "A String", # The user's new display name to be updated in the account's attributes. The length of the display name must be less than or equal to 256 characters.
"email": "A String", # The user's new email to be updated in the account's attributes. The length of email should be less than 256 characters and in the format of `name@domain.tld`. The email should also match the [RFC 822](https://tools.ietf.org/html/rfc822) addr-spec production. If [email enumeration protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled, the email cannot be changed by the user without verifying the email first, but it can be changed by an administrator.
"emailVerified": True or False, # Whether the user's email has been verified. Specifying this field requires a Google OAuth 2.0 credential with proper [permissions] (https://cloud.google.com/identity-platform/docs/access-control).
"idToken": "A String", # A valid Identity Platform ID token. Required when attempting to change user-related information.
"instanceId": "A String",
"lastLoginAt": "A String", # The timestamp in milliseconds when the account last logged in.
"linkProviderUserInfo": { # Information about the user as provided by various Identity Providers. # The provider to be linked to the user's account. Specifying this field requires a Google OAuth 2.0 credential with proper [permissions] (https://cloud.google.com/identity-platform/docs/access-control).
"displayName": "A String", # The user's display name at the Identity Provider.
"email": "A String", # The user's email address at the Identity Provider.
"federatedId": "A String", # The user's identifier at the Identity Provider.
"phoneNumber": "A String", # The user's phone number at the Identity Provider.
"photoUrl": "A String", # The user's profile photo URL at the Identity Provider.
"providerId": "A String", # The ID of the Identity Provider.
"rawId": "A String", # The user's raw identifier directly returned from Identity Provider.
"screenName": "A String", # The user's screen_name at Twitter or login name at GitHub.
},
"localId": "A String", # The ID of the user. Specifying this field requires a Google OAuth 2.0 credential with proper [permissions] (https://cloud.google.com/identity-platform/docs/access-control). For requests from end-users, an ID token should be passed instead.
"mfa": { # Multi-factor authentication related information. # The multi-factor authentication related information to be set on the user's account. This will overwrite any previous multi-factor related information on the account. Specifying this field requires a Google OAuth 2.0 credential with proper [permissions] (https://cloud.google.com/identity-platform/docs/access-control).
"enrollments": [ # The second factors the user has enrolled.
{ # Information on which multi-factor authentication (MFA) providers are enabled for an account.
"displayName": "A String", # Display name for this mfa option e.g. "corp cell phone".
"emailInfo": { # Information about email MFA. # Contains information specific to email MFA.
"emailAddress": "A String", # Email address that a MFA verification should be sent to.
},
"enrolledAt": "A String", # Timestamp when the account enrolled this second factor.
"mfaEnrollmentId": "A String", # ID of this MFA option.
"phoneInfo": "A String", # Normally this will show the phone number associated with this enrollment. In some situations, such as after a first factor sign in, it will only show the obfuscated version of the associated phone number.
"totpInfo": { # Information about TOTP MFA. # Contains information specific to TOTP MFA.
},
"unobfuscatedPhoneInfo": "A String", # Output only. Unobfuscated phone_info.
},
],
},
"oobCode": "A String", # The out-of-band code to be applied on the user's account. The following out-of-band code types are supported: * VERIFY_EMAIL * RECOVER_EMAIL * REVERT_SECOND_FACTOR_ADDITION * VERIFY_AND_CHANGE_EMAIL
"password": "A String", # The user's new password to be updated in the account's attributes. The password must be at least 6 characters long.
"phoneNumber": "A String", # The phone number to be updated in the account's attributes.
"photoUrl": "A String", # The user's new photo URL for the account's profile photo to be updated in the account's attributes. The length of the URL must be less than or equal to 2048 characters.
"provider": [ # The Identity Providers that the account should be associated with.
"A String",
],
"returnSecureToken": True or False, # Whether or not to return an ID and refresh token. Should always be true.
"targetProjectId": "A String", # The project ID for the project that the account belongs to. Specifying this field requires Google OAuth 2.0 credential with proper [permissions] (https://cloud.google.com/identity-platform/docs/access-control). Requests from end users should pass an Identity Platform ID token instead.
"tenantId": "A String", # The tenant ID of the Identity Platform tenant that the account belongs to. Requests from end users should pass an Identity Platform ID token rather than setting this field.
"upgradeToFederatedLogin": True or False, # Whether the account should be restricted to only using federated login.
"validSince": "A String", # Specifies the minimum timestamp in seconds for an Identity Platform ID token to be considered valid.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # Response message for SetAccountInfo
"displayName": "A String", # The account's display name.
"email": "A String", # The account's email address.
"emailVerified": True or False, # Whether the account's email has been verified.
"expiresIn": "A String", # The number of seconds until the Identity Platform ID token expires.
"idToken": "A String", # An Identity Platform ID token for the account. This is used for legacy user sign up.
"kind": "A String",
"localId": "A String", # The ID of the authenticated user.
"newEmail": "A String", # The new email that has been set on the user's account attributes.
"passwordHash": "A String", # Deprecated. No actual password hash is currently returned.
"photoUrl": "A String", # The user's photo URL for the account's profile photo.
"providerUserInfo": [ # The linked Identity Providers on the account.
{ # Information about the user as provided by various Identity Providers.
"displayName": "A String", # The user's display name at the Identity Provider.
"email": "A String", # The user's email address at the Identity Provider.
"federatedId": "A String", # The user's identifier at the Identity Provider.
"phoneNumber": "A String", # The user's phone number at the Identity Provider.
"photoUrl": "A String", # The user's profile photo URL at the Identity Provider.
"providerId": "A String", # The ID of the Identity Provider.
"rawId": "A String", # The user's raw identifier directly returned from Identity Provider.
"screenName": "A String", # The user's screen_name at Twitter or login name at GitHub.
},
],
"refreshToken": "A String", # A refresh token for the account. This is used for legacy user sign up.
}</pre>
</div>
</body></html>
|
