Add possibility to enable Email/Password authentication on the Identity Platform

[amerello]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

The identity_platform_oauth_idp_config resource allows to configure OIDC providers on the Identity Platform, which is working as expected.

The Identity Platform also supports Email/Password and Phone as configurable providers, but the terraform resource doesn't support this feature.

This is how to enable it manually, but this is of course not great and it would be nice to be able to do this via Terraform

[wvanderdeijl]

We are also in the process of moving to Identity Platform with Terraform and found that changing the Identity Platform config at project level is not supported through Terraform. Updating that Config is what is required to enable email/password authentication, but also things like MFA, ClientConfig.Permissions, email templates, custom domains, etcetera

The API itself is described at https://cloud.google.com/identity-platform/docs/reference/rest/v2/projects/updateConfig

[c2thorn]

API supports get/update for the project level config and many fields.
https://cloud.google.com/identity-platform/docs/reference/rest/v2/Config

[ToeFungi]

Any updates on this?

[rybalka-bohdan]

Any updates on this?

[sheikhaafaq]

Any updates on this?

[sheikhaafaq]

Is there any option available in gcloud to create an identity provider by email and password?

[melinath]

b/249541734

[melinath]

This is scoped to adding a new resource to support getting/updating the default Config object, and specifically only supporting the sign-in config field. All other fields can be excluded for now.

[ernani]

Is this related to this issue?
#8510

I think there we have a clearer explanation of what's required.

[StephenWithPH]

Is this related to this issue?
#8510

@ernani ... I did not open this issue, but I believe #8510 addresses supporting email and password signin as this issue requests.

#8510 would certainly satisfy the use case I'm after.

[StephenWithPH]

Interestingly, identity_platform_tenant already supports (in a multi-tenant Identity Platform project) tenant-level configuration of email/password and email/magiclink auth:

allow_password_signup - (Optional) Whether to allow email/password user authentication.

enable_email_link_signin - (Optional) Whether to enable email link user authentication.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.