This article describes the UiConfig
, ExtendedTenantUiConfig
, and SignInOption
interfaces that are available when creating a sign-in
page for Identity-Aware Proxy using Cloud Run
.
UiConfig
interface
UiConfig
{
//
The
API
key
for
the
current
Identity
Platform
project.
apiKeyValue
:
{
//
Provisioned
by
Identity
Platform
.
authDomain
?:
string
;
//
The
display
mode
for
tenant
selection
flow.
This
could
be
'optionFirst'
//
or
'identifierFirst'.
The
default
is
'optionFirst'.
displayMode
:
string
;
//
The
tenant
selection
screen
title.
By
default,
this
is
the
project
ID.
selectTenantUiTitle?:
string
;
//
The
tenant
selection
screen
logo
in
the
form
of
an
HTTPS
URL.
By
default,
//
no
logo
is
provided.
selectTenantUiLogo?:
string
;
//
The
CSS
stylesheet
used
to
override
the
default
CSS
styles
in
the
form
of
//
an
HTTPS
URL.
The
hosted
UI
uses
a
superset
of
the
FirebaseUI-web
CSS
//
styles.
By
default,
no
custom
stylesheet
is
provided.
styleUrl?:
string
;
//
The
tenants
configurations.
tenants
:
{
//
Each
tenant
configuration
is
keyed
by
the
tenant
identifier
.
tenantIdValue
:
ExtendedTenantUiConfig
;
}
;
//
The
application
terms
of
service
URL
in
the
form
of
an
HTTPS
URL
.
//
By
default
,
this
is
empty
.
tosUrl
?:
string
,
//
The
application
privacy
policy
URL
in
the
form
of
an
HTTPS
URL
.
//
By
default
,
this
is
empty
.
privacyPolicyUrl
?:
string
,
}
;
}
ExtendedTenantUiConfig
interface
ExtendedTenantUiConfig
{
//
The
optional
tenant
full
label.
This
is
used
for
the
"Sign
in
with
tenant"
//
button
label.
//
When
not
provided,
"Sign
in
to
${
displayName
}
"
is
used
as
the
full
label.
fullLabel?:
string;
//
The
tenant
display
name.
This
is
used
for
the
"Sign
in
with
tenant"
label.
//
For
tenants,
the
default
is
the
tenant
display
name.
For
projects-level
//
identity
providers,
the
default
is
the
project
ID.
displayName:
string;
//
The
tenant
icon
URL
in
the
form
of
an
HTTPS
URL.
This
is
used
for
the
//
"Sign
in
with
tenant"
button
icon
URL.
The
default
is
a
placeholder
icon.
iconUrl:
string;
//
The
tenant
logo
URL
in
the
form
of
an
HTTPS
URL.
This
is
displayed
after
//
the
user
selects
the
tenant
and
is
presented
with
the
identity
providers
//
associated
with
the
tenant.
By
default,
no
logo
URL
is
provided.
logoUrl?:
string;
//
The
tenant
button
color.
This
is
used
for
the
"sign
in
with
tenant"
button.
//
A
default
color
is
used
for
all
tenants.
buttonColor:
string;
//
The
sign-in
options
associated
with
the
tenant.
This
is
auto-populated
//
using
the
enabled
providers
for
the
current
tenant.
signInOptions:
(SignInOption
|
string)[];
//
The
terms
of
service
URL
associated
with
the
current
tenant
in
the
form
//
of
an
HTTPS
URL.
Empty
by
default.
tosUrl?:
string;
//
The
privacy
policy
URL
associated
with
the
current
tenant
in
the
form
of
//
an
HTTPS
URL.
Empty
by
default.
privacyPolicyUrl?:
string;
//
For
single
providers
with
signInFlow
set
to
'redirect',
setting
this
to
//
'true'
will
result
with
a
redirect
to
the
provider
without
user
//
interaction.
Set
to
true
by
default.
immediateFederatedRedirect?:
boolean;
//
Whether
to
use
popup
or
redirect
flows
for
federated
providers.
//
Redirect
flows
are
used
by
default.
signInFlow?:
'redirect'
|
'popup';
//
Sets
the
adminRestrictedOperation
configuration
for
providers
including
//
federated,
email/password,
email
link
and
phone
number.
adminRestrictedOperation?:
{
//
Specifies
whether
to
provide
additional
instructions
to
the
end
user
when
//
a
user
tries
to
create
a
new
user
account
and
the
authorization
server
//
blocks
the
operation.
status:
boolean;
//
The
optional
site
administrator
email
to
contact
for
access
when
sign
up
//
is
disabled.
For
example:
`admin@example.com`.
adminEmail?:
string;
//
The
optional
help
link
to
provide
information
on
how
to
get
access
to
the
//
site
when
sign
up
is
disabled.
//
For
example:
`https://www.example.com/trouble_signing_in`.
helpLink?:
string;
}
}
SignInOption
interface
SignInOption
{
// The provider identifier, such as facebook.com or saml.my-saml-provider-id.
provider
:
string
;
// The provider label name.
providerName
?:
string
;
// The full label of the button. Instead of "Sign in with $providerName",
// this button label will be used. Default: Sign in with $providerName
fullLabel
?:
string
;
// For identifier first flows, this is the user email domain: tenant1.com
hd
?:
string
;
// The button color, such as "#ff00ff".
buttonColor
?:
string
;
// The button icon URL in the form of an HTTPS URL.
iconUrl
?:
string
;
// Additional OAuth scopes to request for OAuth providers.
scopes
?:
string
[];
// Additional custom OAuth parameters to set on sign-in.
// For example, setting {auth_type: 'reauthenticate'} will
// require password re-entry on Facebook re-authentication.
customParameters
?:
{[
key
:
string
]:
any
};
// In the "identifierFirst' flow, a login hint key makes it possible
// to pass the email to the provider to sign in with. This is useful when a
// user has multiple accounts. For many providers, this is "login_hint".
loginHintKey
?:
string
;
// Whether to require display name when creating an email and password
// account. True by default.
requireDisplayName
?:
boolean
;
// reCAPTCHA customization for phone providers.
recaptchaParameters
?:
{
// The type of the reCAPTCHA ("audio" or "image")
type
?:
string
;
// Whether the reCAPTCHA is invisible or not. Valid options are
// "invisible", "normal", and "compact".
size
?:
string
;
// For invisible reCAPTCHAs, this defines how the invisible reCAPTCHA badge
// is displayed (for example, "bottomleft", "bottomright" or "inline").
badge
?:
string
;
};
// The default country for phone providers.
defaultCountry
?:
string
;
// Sets the whitelisted countries for phone providers. Accepts either ISO
// (alpha-2) or E164 formatted country codes. For example: ['US', '+44']
whitelistedCountries
?:
string
[];
// Sets the blacklisted countries for phone providers. Accepts either ISO
// (alpha-2) or E164 formatted country codes. For example: ['US', '+44']
blacklistedCountries
?:
string
[];
// Sets the disableSignUp config for email/password or email link sign in
// method.
disableSignUp
?:
{
// Whether to disable users from signing up with email providers
// (email/password or email link).
status
:
boolean
;
// The optional site administrator email to contact for access when sign
// up is disabled.
// For example: `admin@example.com`.
adminEmail
?:
string
;
// The optional help link to provide information on how to get access to
// the site when sign up is disabled.
// For example: `https://www.example.com/trouble_signing_in`.
helpLink
?:
string
;
}
}
