Assigned
Status Update
No update yet.
Comments
kh...@google.com
zj...@google.com
Can you elaborate on the end goal/use-case? We have service accounts that are designed for non-interactive authentication: https://cloud.google.com/docs/authentication
[Deleted User] <[Deleted User]>
We both use Service accounts, API keys and OAuth client credentials in our projects. The first two types can be created using the gcloud command, such as 'gcloud beta iam service-accounts create some-account --display-name "My Service Account"' for a Service Account.
OAuth client credentials don't seem to be able to be created using the gcloud command as far as we know and need to be created through the developer console. Since we create new projects from time to time and setup our environments in those projects in an almost automated way, this step means we have to manually create the OAuth client credentials ergo blocking our automation.
OAuth client credentials don't seem to be able to be created using the gcloud command as far as we know and need to be created through the developer console. Since we create new projects from time to time and setup our environments in those projects in an almost automated way, this step means we have to manually create the OAuth client credentials ergo blocking our automation.
ga...@gmail.com
Being able to automate changes to the consent screen with gcloud CLI would be very useful. Updating configuration for: Email address, Product name, Homepage URL, Product logo URL, Privacy policy URL, Terms of service URL.
ni...@peoplbrain.com
Same thing here but directly from an API.
There'shttps://cloud.google.com/resource-manager/docs/ to create a project,
but can't find any API to configure the Concent Oauth Screen and create new OAuth / API Keys.
Would be great to avoid unpleasing manual configuration for a lot a projects
thanks
There's
but can't find any API to configure the Concent Oauth Screen and create new OAuth / API Keys.
Would be great to avoid unpleasing manual configuration for a lot a projects
thanks
[Deleted User] <[Deleted User]>
We need this as well to be able to fully automate our projects. Our use case is using Cloud Identity-Aware Proxy which requires setting up the OAuth consent screen.
[Deleted User] <[Deleted User]>
We enable IAP programmatically for a large volume of backend services which are deployed by our development team for testing and review. Currently we have to use a horrible cludge and scrape the curl command out of the GUI. Why isn't this entity available via the API?
[Deleted User] <[Deleted User]>
The ability to add redirect URLs for existing ClientIDs would also be great
[Deleted User] <[Deleted User]>
ha...@google.com
+1
[Deleted User] <[Deleted User]>
Interesting. There is a reason Google is not giving its customers this but we do not know it?
I am not sure we need a library or gcloud CLI feature for this, just an API that we may use.
Our team is also trying to do as others: create environments for different features in development, and each environment has its own unique URL which requires its own set of credentials or updating existing credentials.
This is frustrating and confusing. I also am confused why this page,https://developers.google.com/identity/protocols/OpenIDConnect , is allowed to at least query for the list of OAuth2 credentials if nothing is published for us to use.
I am not sure we need a library or gcloud CLI feature for this, just an API that we may use.
Our team is also trying to do as others: create environments for different features in development, and each environment has its own unique URL which requires its own set of credentials or updating existing credentials.
This is frustrating and confusing. I also am confused why this page,
[Deleted User] <[Deleted User]>
The need to programatically set the consent screen also makes sense for IAP on GCP.
Otherwise, we need to manually do it via the console..
Otherwise, we need to manually do it via the console..
al...@google.com
be...@google.com
td...@macif.fr
would be great to fully automate IAP on GCP !
da...@crispthinking.com
Great!! Thanks.
da...@crispthinking.com
Hi, I made a feature request for the ability to set a project's authorized domains, developer contact information, and scopes on the OAuth consent screen via an API.
https://issuetracker.google.com/issues/186147991
Got told to ask about it on here, is it already being worked on?
Got told to ask about it on here, is it already being worked on?
[Deleted User] <[Deleted User]>
Hi,
We also need configure OAuth for our application via the API (terraform if possible), but it seems like there is no option to configure authorized domains or authorized redirect URLs for the iap clients.
Is this feature request actively worked on?
Kind regards.
We also need configure OAuth for our application via the API (terraform if possible), but it seems like there is no option to configure authorized domains or authorized redirect URLs for the iap clients.
Is this feature request actively worked on?
Kind regards.
[Deleted User] <[Deleted User]>
I'm waiting too.
le...@gmail.com
I need this also, please.
ko...@google.com
+1
da...@gmail.com
+1
[Deleted User] <[Deleted User]>
My first task on gcloud - create consent screens and oauth clients for multiple projects.
Can't be automated.
First impressions.
Can't be automated.
First impressions.
da...@gmail.com
+1
ji...@gmail.com
+1
[Deleted User] <[Deleted User]>
+1
Our use case is creating production like GCP developer environments per pull request/on demand for our engineers. This is the only part that can't be automated :(
Our use case is creating production like GCP developer environments per pull request/on demand for our engineers. This is the only part that can't be automated :(
ar...@kfirfamily.com
Same here - automation for setting up different client IDs for different branch-specific development environments; this is needed because each branch development environment has its own dynamic URL, hence different client ID is needed, or an API to update the allowed redirect URIs.
ad...@google.com
+1
em...@softvolution.com
+1
jo...@gmail.com
+1
wi...@softvolution.com
+1
ta...@shopee.com
+1
aa...@gmail.com
+1
I need to automation entire process of setting up and tearing down applications, and not having this is a roadblock.
I need to automation entire process of setting up and tearing down applications, and not having this is a roadblock.
sh...@google.com
+1
Have a customer(Accenture) that needs this as well.
Have a customer(Accenture) that needs this as well.
ka...@ramp.network
+1
ca...@gmail.com
+1
se...@makingscience.com
+1
de...@gmail.com
+1
tu...@gmail.com
+1
me...@gmail.com
Comment has been deleted.
ro...@gmail.com
+1
za...@gmail.com
+1
[Deleted User] <[Deleted User]>
Was hoping also to get this done via automation, this is the last part of my full deployment
Consent Screen and OAuth 2.0 Client IDs creation is what I am missing now
Consent Screen and OAuth 2.0 Client IDs creation is what I am missing now
ma...@surferseo.com
+1
mi...@onlineforge.cloud
+1
de...@gmail.com
+1
el...@gmail.com
+1
ma...@solenergikvalitet.se
+1
cl...@gmail.com
+1
sa...@gmail.com
At the very least, please make this clear in the documentation: https://cloud.google.com/sdk/gcloud/reference/iam/oauth-clients/create .
1. For starters, the sample command to create a client doesn't work.
2. You can run a command that looks sensible, and it does create a client, 'somewhere'. I say 'somewhere', because it's never visible in the Cloud Console UI - meaning I've no way to obtain a client secret:
gcloud iam oauth-clients create your-oauth-client \
--display-name="Your OAuth Client Display Name" \
--location="global" \
--client-type="confidential-client" \
--allowed-grant-types="authorization-code-grant,refresh-token-grant" \
--allowed-scopes="openid,email" \
--allowed-redirect-uris="https://foo.bar.com/login/callback "
This is unfortunately my first experience of automated resource management after switching from AWS to GCP. No Terraform support was the first blow, then investing the time and effort to use the CLI, only for it to fall short.
1. For starters, the sample command to create a client doesn't work.
2. You can run a command that looks sensible, and it does create a client, 'somewhere'. I say 'somewhere', because it's never visible in the Cloud Console UI - meaning I've no way to obtain a client secret:
gcloud iam oauth-clients create your-oauth-client \
--display-name="Your OAuth Client Display Name" \
--location="global" \
--client-type="confidential-client" \
--allowed-grant-types="authorization-code-grant,refresh-token-grant" \
--allowed-scopes="openid,email" \
--allowed-redirect-uris="
This is unfortunately my first experience of automated resource management after switching from AWS to GCP. No Terraform support was the first blow, then investing the time and effort to use the CLI, only for it to fall short.
ja...@gmail.com
+1
pe...@gmail.com
Following on
gcloud iam oauth-clients credentials create my-oath-client-credential \
--location="global" \
--oauth-client="my-client-id"
You then have to describe it to actually get the secret.
The problem is that even after adding the details of the oauth-client + secret to my Application, when trying to login the flow actually gets to Google Auth but I get a 401 Invalid client_id.
I've confirmed multiple times the client_id is the one in the result of:
gcloud iam oauth-clients describe "my-client-id" --location="global"
Note that this client id looks like a UUID instead of the format when creating via UI that looks like <numeric-code>-<alphanumeric-code>.apps.googleusercontent.com.
Taking into account this difference and the fact that, just like your comment mentioned,
'somewhere'. I say 'somewhere', because it's never visible in the Cloud Console UI
I actually have to guess that creating via API actually never creates a valid OAuth Client.
Description
- Create the OAuth 2.0 Client ID from the command line using gcloud SDK.
- Create the OAuth consent screen from the command line using the gcloud SDK.
This will help in doing a ton of automation by pressing one button and a brand new environment gets spun up and automatically installed. This is especially great when doing CI and CD for that matter. In other words an environment per project.