Create OAuth Client
GACreate a new OAuth client for API access.
Configure the client with:
- Name and description
- Authorized redirect URIs for OAuth flows
- Supported grant types
- Client type (user or project)
Grant Types:
-
Client Credentials
- For server-to-server API access
- No user interaction required
- No redirect URIs needed
- Returns access token directly
- Best for automated processes and service accounts
-
Authorization Code
- For user-based access to the API
- Requires redirect URIs for OAuth flow
- Most secure for web applications
- Flow:
- User is redirected to authorization server
- After consent, redirects back to your app with auth code
- Your app exchanges code for tokens
- Required for web applications accessing user data
-
Refresh Token
- Enables long-term API access
- Used with authorization code flow
- Allows getting new access tokens without user interaction
- No redirect URIs needed for refresh flow itself
- Best for maintaining persistent access
-
Implicit (Legacy)
- For browser-based applications
- Requires redirect URIs
- Returns token in URL fragment
- Less secure than authorization code
- Not recommended for new applications
Redirect URIs:
- Required for authorization code and implicit flows
- Must be exact match when used
- Common formats:
- Web apps: https://app.example.com/oauth/callback
- Local development: http://localhost:3000/callback
- Mobile apps: myapp://oauth/callback
- Security requirements:
- Must use HTTPS in production
- Cannot contain fragments (#)
- Should be specific paths, not generic domains
- Maximum length: 2048 characters
Client types:
- User: Standard OAuth client tied to the creating user’s permissions
- Project: Service account OAuth client with project-level permissions
The response includes:
- Client ID and secret (shown only once)
- Configured redirect URIs
- Supported grant types
- Creation timestamp
Security note: Store the client secret securely as it cannot be retrieved later.
Path parameters
The unique identifier of the organization.
The unique identifier of the project.
Headers
Bearer authentication of the form Bearer <token>, where token is your auth token.
Request
Name for the new OAuth client.
Optional description of the client’s purpose.
List of authorized redirect URIs. Required if using authorization_code or implicit grant types.
List of OAuth grant types to enable.
Type of OAuth client to create:
- user: Standard client tied to creating user’s permissions
- project: Service account client with project-level permissions
Response
Successful Response
Unique identifier for the OAuth client.
Human-readable name for the OAuth client.
Unique identifier used to identify the client with the authorization server.
ID of the project this OAuth client belongs to.
Timestamp when the OAuth client was created.
Timestamp when the OAuth client was last modified.
Optional description explaining the client’s purpose and usage.
List of authorized redirect URIs for OAuth flows requiring user interaction. Required for authorization code and implicit flows. Must be exact matches when used. Must use HTTPS in production (except for localhost).
OAuth 2.0 grant types enabled for this client.
- client_credentials: For server-to-server API access
- authorization_code: For web and mobile apps
- refresh_token: For maintaining long-term access
- implicit: Legacy flow, not recommended for new applications
Secret key used to authenticate the client. Only shown once upon creation. Must be stored securely. Required for confidential clients (e.g., server applications).