Parameters:

client_creds (aiogoogle.auth.creds.ClientCreds) – A client_creds object/dictionary containing the following items: client_id scopes The scope value must begin with the string openid and then include profile or email or both. redirect_uri

(aiogoogle.auth.creds.ClientCreds) – nonce (str) – A random value generated by your app that enables replay protection.

(str) – A random value generated by your app that enables replay protection. scopes (list) – List of OAuth2 scopes to ask for Optional Overrides the list of scopes specified in client creds Some OpenID scopes that you can include: [‘email’, ‘profile’, ‘openid’]

(list) – display (str) – An ASCII string value for specifying how the authorization server displays the authentication and consent user interface pages. The following values are specified, and accepted by the Google servers, but do not have any effect on its behavior: page popup touch wap

(str) – state (str) – A CSRF token Optional Specifies any string value that your application uses to maintain state between your authorization request and the authorization server’s response. The server returns the exact value that you send as a name=value pair in the hash (#) fragment of the redirect_uri after the user consents to or denies your application’s access request. You can use this parameter for several purposes, such as: Directing the user to the correct resource in your application Sending nonces Mitigating cross-site request forgery. If no state is passed, this method will generate and add a secret token to user_creds['state'] . Since your redirect_uri can be guessed, using a state value can increase your assurance that an incoming connection is the result of an authentication request. If you generate a random string or encode the hash of a cookie or another value that captures the client’s state, you can validate the response to additionally ensure that the request and response originated in the same browser, providing protection against attacks such as cross-site request forgery.

(str) – access_type (str) – Indicates whether your application can refresh access tokens when the user is not present at the browser. Options: Optional "online" Default "offline" Choose this for a refresheable/long-term access token

(str) – include_granted_scopes (bool) – Optional Enables applications to use incremental authorization to request access to additional scopes in context. If you set this parameter’s value to True and the authorization request is granted, then the new access token will also cover any scopes to which the user previously granted the application access.

(bool) – login_hint (str) – Optional If your application knows which user is trying to authenticate, it can use this parameter to provide a hint to the Google Authentication Server. The server uses the hint to simplify the login flow either by prefilling the email field in the sign-in form or by selecting the appropriate multi-login session. Set the parameter value to an email address or sub identifier, which is equivalent to the user’s Google ID. This can help you avoid problems that occur if your app logs in the wrong user account.

(str) – prompt (str) – Optional A space-delimited, case-sensitive list of prompts to present the user. If you don’t specify this parameter, the user will be prompted only the first time your app requests access. Possible values are: None : Default: Do not display any authentication or consent screens. Must not be specified with other values. 'consent' : Prompt the user for consent. 'select_account' : Prompt the user to select an account.

(str) – openid_realm (str) – openid.realm is a parameter from the OpenID 2.0 protocol. It is used in OpenID 2.0 requests to signify the URL-space for which an authentication request is valid. Use openid.realm if you are migrating an existing application from OpenID 2.0 to OpenID Connect. For more details, see Migrating off of OpenID 2.0. https://developers.google.com/identity/protocols/OpenID2Migration

(str) – hd (str) – The hd (hosted domain) parameter streamlines the login process for G Suite hosted accounts. By including the domain of the G Suite user (for example, mycollege.edu), you can indicate that the account selection UI should be optimized for accounts at that domain. To optimize for G Suite accounts generally instead of just one domain, use an asterisk: hd=*. Don’t rely on this UI optimization to control who can access your app, as client-side requests can be modified. Be sure to validate that the returned ID token has an hd claim value that matches what you expect (e.g. mycolledge.edu). Unlike the request parameter, the ID token claim is contained within a security token from Google, so the value can be trusted.

(str) – response_type (str) – OAuth2 response type Defaults to Authorization Code Flow response type

(str) –