Change theme
Help
Press space for more information.
Show links for this issue (Shortcut: i, l)
Copy issue ID
Previous Issue (Shortcut: k)
Next Issue (Shortcut: j)
Sign in to use full features.
Vote: I am impacted
Notification menu
Refresh (Shortcut: Shift+r)
Go home (Shortcut: u)
Pending code changes (auto-populated)
View issue level access limits(Press Alt + Right arrow for more information)
Request for new functionality
View staffing
Description
- We tried the following permissions for creating OAuth Credentials in Google Cloud. However, the user couldn't create an OAuth CLient ID. By the way, we note that the permissions with TESTING support level, are being tested to check custom role compatibility and some behavior may be unexpected [1].
clientauthconfig.brands.create
clientauthconfig.brands.delete
clientauthconfig.brands.get
clientauthconfig.brands.list
clientauthconfig.brands.update
clientauthconfig.clients.create
clientauthconfig.clients.createSecret
clientauthconfig.clients.delete
clientauthconfig.clients.get
clientauthconfig.clients.getWithSecret
clientauthconfig.clients.list
clientauthconfig.clients.listWithSecrets
clientauthconfig.clients.undelete
clientauthconfig.clients.update
- Using one of Service Account Key Admin role [2] and Service Account Admin roles [3], the user can create OAuth client IDs. However, the user does not need to create Service Account Key and if we provide Service Account Key Admin role, the user will also be able to delete any existing service account keys in APIs & Services > Credentials and make changes to the "OAuth consent screen" where the user can make changes to the "Authorised domains". That is why we are asking for a minimal role which allows the user to create OAuth Client ID only.
[1]
[2]
[3]