Thank youHashiConf Europe is a wrap. Watch this year’s sessions on-demand. Watch Now

Boundary Controller HTTP API

Auth Method Service

List Auth Methods
GET /v1/auth-methods
Expand

Lists all Auth Methods.

Request

Query Parameters

scope_id string
recursive boolean
filter string

Response

Successful Response

items object[]

AuthMethod contains all fields related to an Auth Method resource

id string

Output only. The ID of the Auth Method.

scope_id string

The ID of the Scope of which this Auth Method is a part.

scope object

Output only. Scope information for this Auth method.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The Auth Method type.

attributes object

The attributes that are applicable for the specific Auth Method type.

is_primary boolean

Output only. Whether this auth method is the primary auth method for it's scope. To change this value update the primary_auth_method_id field on the scope.

authorized_actions string[]
authorized_collection_actions object

Output only. The authorized actions for the scope's collections.

Create Auth Method
POST /v1/auth-methods
Expand

Creates a single Auth Method.

Request

Body Parameters

scope_id string

The ID of the Scope of which this Auth Method is a part.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The Auth Method type.

attributes object

The attributes that are applicable for the specific Auth Method type.

Response

Successful Response

id string

Output only. The ID of the Auth Method.

scope_id string

The ID of the Scope of which this Auth Method is a part.

scope object

Output only. Scope information for this Auth method.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The Auth Method type.

attributes object

The attributes that are applicable for the specific Auth Method type.

is_primary boolean

Output only. Whether this auth method is the primary auth method for it's scope. To change this value update the primary_auth_method_id field on the scope.

authorized_actions string[]
authorized_collection_actions object

Output only. The authorized actions for the scope's collections.

Authenticate
POST /v1/auth-methods/{auth_method_id}:authenticate
Expand

Authenticate a user to an scope and retrieve an authentication token.

Request

Path Parameters

auth_method_id string Required

The ID of the Auth Method in the system that should be used for authentication.

Body Parameters

auth_method_id string

The ID of the Auth Method in the system that should be used for authentication.

token_type string

This can be "cookie" or "token". If not provided, "token" will be used. "cookie" activates a split-cookie method where the token is split partially between http-only and regular cookies in order to keep it safe from rogue JS in the browser.

credentials object

Deprecated; use "attributes" instead.

attributes object

Attributes are passed to the Auth Method; the valid keys and values depend on the type of Auth Method as well as the command.

command string

The command to perform.

Response

Successful Response

attributes object

Valid keys and values depend on the type of Auth Method as well as the command.

command string

The command that was performed.

Authenticate Login
POST /v1/auth-methods/{auth_method_id}:authenticate:login
Expand

Deprecated: Use Authenticate instead

Request

Path Parameters

auth_method_id string Required

The ID of the Auth Method in the system that should be used for authentication.

Body Parameters

auth_method_id string

The ID of the Auth Method in the system that should be used for authentication.

token_type string

This can be "cookie" or "token". If not provided, "token" will be used. "cookie" activates a split-cookie method where the token is split partially between http-only and regular cookies in order to keep it safe from rogue JS in the browser.

credentials object

Credentials are passed to the Auth Method; the valid keys and values depend on the type of Auth Method.

Response

Successful Response

id string

Output only. The ID of the Auth Token.

scope_id string

The Scope in which this Auth Token was generated.

scope object

Output only. Scope information for this resource.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

token string

Output only. The token value, which will only be populated after authentication and is only ever visible to the end user whose login request resulted in this Auth Token being created.

user_id string

Output only. The ID of the User associated with this Auth Token.

auth_method_id string

Output only. The ID of the Auth Method associated with this Auth Token.

account_id string

Output only. The ID of the Account associated with this Auth Token.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

approximate_last_used_time string

Output only. The approximate time this Auth Token was last used.

expiration_time string

Output only. The time this Auth Token expires.

authorized_actions string[]
Get Auth Method
GET /v1/auth-methods/{id}
Expand

Gets a single Auth Method.

Request

Path Parameters

id string Required

Response

Successful Response

id string

Output only. The ID of the Auth Method.

scope_id string

The ID of the Scope of which this Auth Method is a part.

scope object

Output only. Scope information for this Auth method.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The Auth Method type.

attributes object

The attributes that are applicable for the specific Auth Method type.

is_primary boolean

Output only. Whether this auth method is the primary auth method for it's scope. To change this value update the primary_auth_method_id field on the scope.

authorized_actions string[]
authorized_collection_actions object

Output only. The authorized actions for the scope's collections.

Delete Auth Method
DELETE /v1/auth-methods/{id}
Expand

Deletes an AuthMethod

Request

Path Parameters

id string Required

Response

Successful Response

No content.
Update Auth Method
PATCH /v1/auth-methods/{id}
Expand

Updates an Auth Method.

Request

Path Parameters

id string Required

Query Parameters

update_mask string

Body Parameters

scope_id string

The ID of the Scope of which this Auth Method is a part.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The Auth Method type.

attributes object

The attributes that are applicable for the specific Auth Method type.

Response

Successful Response

id string

Output only. The ID of the Auth Method.

scope_id string

The ID of the Scope of which this Auth Method is a part.

scope object

Output only. Scope information for this Auth method.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The Auth Method type.

attributes object

The attributes that are applicable for the specific Auth Method type.

is_primary boolean

Output only. Whether this auth method is the primary auth method for it's scope. To change this value update the primary_auth_method_id field on the scope.

authorized_actions string[]
authorized_collection_actions object

Output only. The authorized actions for the scope's collections.

Change State
POST /v1/auth-methods/{id}:change-state
Expand

Changes the state of an OIDC AuthMethod

Request

Path Parameters

id string Required

Body Parameters

id string
version integer

Version is used to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

attributes object

The attributes specific to this auth method's state.

Response

Successful Response

id string

Output only. The ID of the Auth Method.

scope_id string

The ID of the Scope of which this Auth Method is a part.

scope object

Output only. Scope information for this Auth method.

id string

Output only. The ID of the Scope.

type string

Output only. The type of the Scope.

name string

Output only. The name of the Scope, if any.

description string

Output only. The description of the Scope, if any.

parent_scope_id string

Output only. The ID of the parent Scope, if any. This field will be empty if this is the "global" scope.

name string

Optional name for identification purposes.

description string

Optional user-set description for identification purposes.

created_time string

Output only. The time this resource was created.

updated_time string

Output only. The time this resource was last updated.

version integer

Version is used in mutation requests, after the initial creation, to ensure this resource has not changed. The mutation will fail if the version does not match the latest known good version.

type string

The Auth Method type.

attributes object

The attributes that are applicable for the specific Auth Method type.

is_primary boolean

Output only. Whether this auth method is the primary auth method for it's scope. To change this value update the primary_auth_method_id field on the scope.

authorized_actions string[]
authorized_collection_actions object

Output only. The authorized actions for the scope's collections.