Validates an A2A 3-legged-OAuth (3LO) downstream-auth consent flow after the user returns from the third-party consent screen, and finalizes the downstream credential with Auth Manager.
HTTP request
POST https://discoveryengine.googleapis.com/v1alpha/{session=projects/*/locations/*/collections/*/engines/*/sessions/*}:validateUserAuthorization
The URL uses gRPC Transcoding syntax.
Path parameters
| Parameters | |
|---|---|
session |
Required. The resource name of the assist Session that initiated the consent flow. Used together with |
Request body
The request body contains data with the following structure:
| JSON representation |
|---|
{ "userIdValidationState": string, "downstreamConnector": string } |
| Fields | |
|---|---|
userIdValidationState |
Required. The opaque, encrypted validation state returned by Auth Manager in the consent redirect. Forwarded verbatim to FinalizeCredentials. A base64-encoded string. |
downstreamConnector |
Required. The downstream connector (auth provider) resource name from the consent redirect ( |
Response body
If successful, the response body is empty.
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloud-platformhttps://www.googleapis.com/auth/discoveryengine.readwritehttps://www.googleapis.com/auth/discoveryengine.serving.readwrite
For more information, see the Authentication Overview.