Success(mapping=None, *, ignore_unknown_fields=False, **kwargs)Message indicating successful retrieval of credentials.
Attributes |
|
|---|---|
| Name | Description |
token |
str
The retrieved access token or credential for the end user. On MCPTool call, for an invalid token OAuth spec says this should return 401 or 403, but MCPServers may implement this differently. If you get any flavor of PERMISSION_DENIED,
retry your original request to RetrieveCredentials with
force_refresh_token
set to the expired/invalid token string, which will fetch a
new token or initiate a new consent flow.
|
header |
str
The HTTP header name where the token should be placed. |
expire_time |
google.protobuf.timestamp_pb2.Timestamp
The expiration time of the token. This does not guarantee that the token will be valid until this time, since the token could be revoked earlier. There could also be clock skew between the auth provider and the client so it may expire slightly earlier. If not set, the token might be permanent or it may be that the service does not (or cannot) know when it will expire. |
scopes |
MutableSequence[str]
The scopes actually associated with the retrieved token. End users may have rejected some requested scopes, or the third-party authorization servers can return a different set of scopes than what was asked for. Callers should verify that all required scopes for their intended use are included in this list. |