googleapis
diff --git a/‎discovery/cloudidentity-v1.json
Lines changed: 275 additions & 1 deletion b/‎discovery/cloudidentity-v1.json
Lines changed: 275 additions & 1 deletion
@@ -1605,6 +1605,151 @@
         }
       }
     },
+    "inboundOidcSsoProfiles": {
+      "methods": {
+        "create": {
+          "description": "Creates an InboundOidcSsoProfile for a customer. When the target customer has enabled [Multi-party approval for sensitive actions](https://support.google.com/a/answer/13790448), the `Operation` in the response will have `\"done\": false`, it will not have a response, and the metadata will have `\"state\": \"awaiting-multi-party-approval\"`.",
+          "flatPath": "v1/inboundOidcSsoProfiles",
+          "httpMethod": "POST",
+          "id": "cloudidentity.inboundOidcSsoProfiles.create",
+          "parameterOrder": [],
+          "parameters": {},
+          "path": "v1/inboundOidcSsoProfiles",
+          "request": {
+            "$ref": "InboundOidcSsoProfile"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-identity.inboundsso",
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "delete": {
+          "description": "Deletes an InboundOidcSsoProfile.",
+          "flatPath": "v1/inboundOidcSsoProfiles/{inboundOidcSsoProfilesId}",
+          "httpMethod": "DELETE",
+          "id": "cloudidentity.inboundOidcSsoProfiles.delete",
+          "parameterOrder": [
+            "name"
+          ],
+          "parameters": {
+            "name": {
+              "description": "Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the InboundOidcSsoProfile to delete. Format: `inboundOidcSsoProfiles/{sso_profile_id}`",
+              "location": "path",
+              "pattern": "^inboundOidcSsoProfiles/[^/]+$",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "v1/{+name}",
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-identity.inboundsso",
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "get": {
+          "description": "Gets an InboundOidcSsoProfile.",
+          "flatPath": "v1/inboundOidcSsoProfiles/{inboundOidcSsoProfilesId}",
+          "httpMethod": "GET",
+          "id": "cloudidentity.inboundOidcSsoProfiles.get",
+          "parameterOrder": [
+            "name"
+          ],
+          "parameters": {
+            "name": {
+              "description": "Required. The [resource name](https://cloud.google.com/apis/design/resource_names) of the InboundOidcSsoProfile to get. Format: `inboundOidcSsoProfiles/{sso_profile_id}`",
+              "location": "path",
+              "pattern": "^inboundOidcSsoProfiles/[^/]+$",
+              "required": true,
+              "type": "string"
+            }
+          },
+          "path": "v1/{+name}",
+          "response": {
+            "$ref": "InboundOidcSsoProfile"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-identity.inboundsso",
+            "https://www.googleapis.com/auth/cloud-identity.inboundsso.readonly",
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "list": {
+          "description": "Lists InboundOidcSsoProfile objects for a Google enterprise customer.",
+          "flatPath": "v1/inboundOidcSsoProfiles",
+          "httpMethod": "GET",
+          "id": "cloudidentity.inboundOidcSsoProfiles.list",
+          "parameterOrder": [],
+          "parameters": {
+            "filter": {
+              "description": "A [Common Expression Language](https://github.com/google/cel-spec) expression to filter the results. The only supported filter is filtering by customer. For example: `customer==\"customers/C0123abc\"`. Omitting the filter or specifying a filter of `customer==\"customers/my_customer\"` will return the profiles for the customer that the caller (authenticated user) belongs to. Specifying a filter of `customer==\"\"` will return the global shared OIDC profiles.",
+              "location": "query",
+              "type": "string"
+            },
+            "pageSize": {
+              "description": "The maximum number of InboundOidcSsoProfiles to return. The service may return fewer than this value. If omitted (or defaulted to zero) the server will use a sensible default. This default may change over time. The maximum allowed value is 100. Requests with page_size greater than that will be silently interpreted as having this maximum value.",
+              "format": "int32",
+              "location": "query",
+              "type": "integer"
+            },
+            "pageToken": {
+              "description": "A page token, received from a previous `ListInboundOidcSsoProfiles` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `ListInboundOidcSsoProfiles` must match the call that provided the page token.",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "v1/inboundOidcSsoProfiles",
+          "response": {
+            "$ref": "ListInboundOidcSsoProfilesResponse"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-identity.inboundsso",
+            "https://www.googleapis.com/auth/cloud-identity.inboundsso.readonly",
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        },
+        "patch": {
+          "description": "Updates an InboundOidcSsoProfile. When the target customer has enabled [Multi-party approval for sensitive actions](https://support.google.com/a/answer/13790448), the `Operation` in the response will have `\"done\": false`, it will not have a response, and the metadata will have `\"state\": \"awaiting-multi-party-approval\"`.",
+          "flatPath": "v1/inboundOidcSsoProfiles/{inboundOidcSsoProfilesId}",
+          "httpMethod": "PATCH",
+          "id": "cloudidentity.inboundOidcSsoProfiles.patch",
+          "parameterOrder": [
+            "name"
+          ],
+          "parameters": {
+            "name": {
+              "description": "Output only. [Resource name](https://cloud.google.com/apis/design/resource_names) of the OIDC SSO profile.",
+              "location": "path",
+              "pattern": "^inboundOidcSsoProfiles/[^/]+$",
+              "required": true,
+              "type": "string"
+            },
+            "updateMask": {
+              "description": "Required. The list of fields to be updated.",
+              "format": "google-fieldmask",
+              "location": "query",
+              "type": "string"
+            }
+          },
+          "path": "v1/{+name}",
+          "request": {
+            "$ref": "InboundOidcSsoProfile"
+          },
+          "response": {
+            "$ref": "Operation"
+          },
+          "scopes": [
+            "https://www.googleapis.com/auth/cloud-identity.inboundsso",
+            "https://www.googleapis.com/auth/cloud-platform"
+          ]
+        }
+      }
+    },
     "inboundSamlSsoProfiles": {
       "methods": {
         "create": {
@@ -2085,7 +2230,7 @@
       }
     }
   },
-  "revision": "20250701",
+  "revision": "20250805",
   "rootUrl": "https://cloudidentity.googleapis.com/",
   "schemas": {
     "AddIdpCredentialOperationMetadata": {
@@ -2133,6 +2278,17 @@
       "properties": {},
       "type": "object"
     },
+    "CreateInboundOidcSsoProfileOperationMetadata": {
+      "description": "LRO response metadata for InboundOidcSsoProfilesService.CreateInboundOidcSsoProfile.",
+      "id": "CreateInboundOidcSsoProfileOperationMetadata",
+      "properties": {
+        "state": {
+          "description": "State of this Operation Will be \"awaiting-multi-party-approval\" when the operation is deferred due to the target customer having enabled [Multi-party approval for sensitive actions](https://support.google.com/a/answer/13790448).",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "CreateInboundSamlSsoProfileOperationMetadata": {
       "description": "LRO response metadata for InboundSamlSsoProfilesService.CreateInboundSamlSsoProfile.",
       "id": "CreateInboundSamlSsoProfileOperationMetadata",
@@ -2168,6 +2324,12 @@
       "properties": {},
       "type": "object"
     },
+    "DeleteInboundOidcSsoProfileOperationMetadata": {
+      "description": "LRO response metadata for InboundOidcSsoProfilesService.DeleteInboundOidcSsoProfile.",
+      "id": "DeleteInboundOidcSsoProfileOperationMetadata",
+      "properties": {},
+      "type": "object"
+    },
     "DeleteInboundSamlSsoProfileOperationMetadata": {
       "description": "LRO response metadata for InboundSamlSsoProfilesService.DeleteInboundSamlSsoProfile.",
       "id": "DeleteInboundSamlSsoProfileOperationMetadata",
@@ -3494,6 +3656,34 @@
       },
       "type": "object"
     },
+    "InboundOidcSsoProfile": {
+      "description": "An [OIDC](https://openid.net/developers/how-connect-works/) federation between a Google enterprise customer and an OIDC identity provider.",
+      "id": "InboundOidcSsoProfile",
+      "properties": {
+        "customer": {
+          "description": "Immutable. The customer. For example: `customers/C0123abc`.",
+          "type": "string"
+        },
+        "displayName": {
+          "description": "Human-readable name of the OIDC SSO profile.",
+          "type": "string"
+        },
+        "idpConfig": {
+          "$ref": "OidcIdpConfig",
+          "description": "OIDC identity provider configuration."
+        },
+        "name": {
+          "description": "Output only. [Resource name](https://cloud.google.com/apis/design/resource_names) of the OIDC SSO profile.",
+          "readOnly": true,
+          "type": "string"
+        },
+        "rpConfig": {
+          "$ref": "OidcRpConfig",
+          "description": "OIDC relying party (RP) configuration for this OIDC SSO profile. These are the RP details provided by Google that should be configured on the corresponding identity provider."
+        }
+      },
+      "type": "object"
+    },
     "InboundSamlSsoProfile": {
       "description": "A [SAML 2.0](https://www.oasis-open.org/standards#samlv2.0) federation between a Google enterprise customer and a SAML identity provider.",
       "id": "InboundSamlSsoProfile",
@@ -3535,6 +3725,10 @@
           "readOnly": true,
           "type": "string"
         },
+        "oidcSsoInfo": {
+          "$ref": "OidcSsoInfo",
+          "description": "OpenID Connect SSO details. Must be set if and only if `sso_mode` is set to `OIDC_SSO`."
+        },
         "rank": {
           "description": "Must be zero (which is the default value so it can be omitted) for assignments with `target_org_unit` set and must be greater-than-or-equal-to one for assignments with `target_group` set.",
           "format": "int32",
@@ -3554,12 +3748,14 @@
             "SSO_MODE_UNSPECIFIED",
             "SSO_OFF",
             "SAML_SSO",
+            "OIDC_SSO",
             "DOMAIN_WIDE_SAML_IF_ENABLED"
           ],
           "enumDescriptions": [
             "Not allowed.",
             "Disable SSO for the targeted users.",
             "Use an external SAML Identity Provider for SSO for the targeted users.",
+            "Use an external OIDC Identity Provider for SSO for the targeted users.",
             "Use the domain-wide SAML Identity Provider for the targeted users if one is configured; otherwise, this is equivalent to `SSO_OFF`. Note that this will also be equivalent to `SSO_OFF` if/when support for domain-wide SAML is removed. Google may disallow this mode at that point and existing assignments with this mode may be automatically changed to `SSO_OFF`."
           ],
           "type": "string"
@@ -3622,6 +3818,24 @@
       },
       "type": "object"
     },
+    "ListInboundOidcSsoProfilesResponse": {
+      "description": "Response of the InboundOidcSsoProfilesService.ListInboundOidcSsoProfiles method.",
+      "id": "ListInboundOidcSsoProfilesResponse",
+      "properties": {
+        "inboundOidcSsoProfiles": {
+          "description": "List of InboundOidcSsoProfiles.",
+          "items": {
+            "$ref": "InboundOidcSsoProfile"
+          },
+          "type": "array"
+        },
+        "nextPageToken": {
+          "description": "A token, which can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "ListInboundSamlSsoProfilesResponse": {
       "description": "Response of the InboundSamlSsoProfilesService.ListInboundSamlSsoProfiles method.",
       "id": "ListInboundSamlSsoProfilesResponse",
@@ -4012,6 +4226,55 @@
       },
       "type": "object"
     },
+    "OidcIdpConfig": {
+      "description": "OIDC IDP (identity provider) configuration.",
+      "id": "OidcIdpConfig",
+      "properties": {
+        "changePasswordUri": {
+          "description": "The **Change Password URL** of the identity provider. Users will be sent to this URL when changing their passwords at `myaccount.google.com`. This takes precedence over the change password URL configured at customer-level. Must use `HTTPS`.",
+          "type": "string"
+        },
+        "issuerUri": {
+          "description": "Required. The Issuer identifier for the IdP. Must be a URL. The discovery URL will be derived from this as described in Section 4 of [the OIDC specification](https://openid.net/specs/openid-connect-discovery-1_0.html).",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "OidcRpConfig": {
+      "description": "OIDC RP (relying party) configuration.",
+      "id": "OidcRpConfig",
+      "properties": {
+        "clientId": {
+          "description": "OAuth2 client ID for OIDC.",
+          "type": "string"
+        },
+        "clientSecret": {
+          "description": "Input only. OAuth2 client secret for OIDC.",
+          "type": "string"
+        },
+        "redirectUris": {
+          "description": "Output only. The URL(s) that this client may use in authentication requests.",
+          "items": {
+            "type": "string"
+          },
+          "readOnly": true,
+          "type": "array"
+        }
+      },
+      "type": "object"
+    },
+    "OidcSsoInfo": {
+      "description": "Details that are applicable when `sso_mode` is set to `OIDC_SSO`.",
+      "id": "OidcSsoInfo",
+      "properties": {
+        "inboundOidcSsoProfile": {
+          "description": "Required. Name of the `InboundOidcSsoProfile` to use. Must be of the form `inboundOidcSsoProfiles/{inbound_oidc_sso_profile}`. ",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "Operation": {
       "description": "This resource represents a long-running operation that is the result of a network API call.",
       "id": "Operation",
@@ -4387,6 +4650,17 @@
       "properties": {},
       "type": "object"
     },
+    "UpdateInboundOidcSsoProfileOperationMetadata": {
+      "description": "LRO response metadata for InboundOidcSsoProfilesService.UpdateInboundOidcSsoProfile.",
+      "id": "UpdateInboundOidcSsoProfileOperationMetadata",
+      "properties": {
+        "state": {
+          "description": "State of this Operation Will be \"awaiting-multi-party-approval\" when the operation is deferred due to the target customer having enabled [Multi-party approval for sensitive actions](https://support.google.com/a/answer/13790448).",
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
     "UpdateInboundSamlSsoProfileOperationMetadata": {
       "description": "LRO response metadata for InboundSamlSsoProfilesService.UpdateInboundSamlSsoProfile.",
       "id": "UpdateInboundSamlSsoProfileOperationMetadata",