111111 "InfrastructureApplicationPolicy" ,
112112 "InfrastructureApplicationPolicyConnectionRules" ,
113113 "InfrastructureApplicationPolicyConnectionRulesSSH" ,
114- "BrowserRdpApplication" ,
115- "BrowserRdpApplicationTargetCriterion" ,
116- "BrowserRdpApplicationDestination" ,
117- "BrowserRdpApplicationDestinationPublicDestination" ,
118- "BrowserRdpApplicationDestinationPrivateDestination" ,
119- "BrowserRdpApplicationPolicy" ,
120- "BrowserRdpApplicationPolicyAccessAppPolicyLink" ,
121- "BrowserRdpApplicationPolicyUnionMember2" ,
122- "BrowserRdpApplicationSCIMConfig" ,
123- "BrowserRdpApplicationSCIMConfigAuthentication" ,
124- "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken" ,
125- "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication" ,
126- "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken" ,
127114]
128115
129116
@@ -2230,355 +2217,6 @@ class InfrastructureApplicationPolicy(TypedDict, total=False):
22302217 """
22312218
22322219
2233- class BrowserRdpApplication (TypedDict , total = False ):
2234- domain : Required [str ]
2235- """The primary hostname and path secured by Access.
2236-
2237- This domain will be displayed if the app is visible in the App Launcher.
2238- """
2239-
2240- target_criteria : Required [Iterable [BrowserRdpApplicationTargetCriterion ]]
2241-
2242- type : Required [str ]
2243- """The application type."""
2244-
2245- account_id : str
2246- """The Account ID to use for this endpoint. Mutually exclusive with the Zone ID."""
2247-
2248- zone_id : str
2249- """The Zone ID to use for this endpoint. Mutually exclusive with the Account ID."""
2250-
2251- allow_authenticate_via_warp : bool
2252- """
2253- When set to true, users can authenticate to this application using their WARP
2254- session. When set to false this application will always require direct IdP
2255- authentication. This setting always overrides the organization setting for WARP
2256- authentication.
2257- """
2258-
2259- allowed_idps : List [AllowedIdPs ]
2260- """The identity providers your users can select when connecting to this
2261- application.
2262-
2263- Defaults to all IdPs configured in your account.
2264- """
2265-
2266- app_launcher_visible : bool
2267- """Displays the application in the App Launcher."""
2268-
2269- auto_redirect_to_identity : bool
2270- """When set to `true`, users skip the identity provider selection step during
2271- login.
2272-
2273- You must specify only one identity provider in allowed_idps.
2274- """
2275-
2276- cors_headers : CORSHeadersParam
2277-
2278- custom_deny_message : str
2279- """
2280- The custom error message shown to a user when they are denied access to the
2281- application.
2282- """
2283-
2284- custom_deny_url : str
2285- """
2286- The custom URL a user is redirected to when they are denied access to the
2287- application when failing identity-based rules.
2288- """
2289-
2290- custom_non_identity_deny_url : str
2291- """
2292- The custom URL a user is redirected to when they are denied access to the
2293- application when failing non-identity rules.
2294- """
2295-
2296- custom_pages : List [str ]
2297- """The custom pages that will be displayed when applicable for this application"""
2298-
2299- destinations : Iterable [BrowserRdpApplicationDestination ]
2300- """List of destinations secured by Access.
2301-
2302- This supersedes `self_hosted_domains` to allow for more flexibility in defining
2303- different types of domains. If `destinations` are provided, then
2304- `self_hosted_domains` will be ignored.
2305- """
2306-
2307- enable_binding_cookie : bool
2308- """
2309- Enables the binding cookie, which increases security against compromised
2310- authorization tokens and CSRF attacks.
2311- """
2312-
2313- http_only_cookie_attribute : bool
2314- """
2315- Enables the HttpOnly cookie attribute, which increases security against XSS
2316- attacks.
2317- """
2318-
2319- logo_url : str
2320- """The image URL for the logo shown in the App Launcher dashboard."""
2321-
2322- name : str
2323- """The name of the application."""
2324-
2325- options_preflight_bypass : bool
2326- """
2327- Allows options preflight requests to bypass Access authentication and go
2328- directly to the origin. Cannot turn on if cors_headers is set.
2329- """
2330-
2331- path_cookie_attribute : bool
2332- """Enables cookie paths to scope an application's JWT to the application path.
2333-
2334- If disabled, the JWT will scope to the hostname by default
2335- """
2336-
2337- policies : List [BrowserRdpApplicationPolicy ]
2338- """
2339- The policies that Access applies to the application, in ascending order of
2340- precedence. Items can reference existing policies or create new policies
2341- exclusive to the application.
2342- """
2343-
2344- same_site_cookie_attribute : str
2345- """
2346- Sets the SameSite cookie setting, which provides increased security against CSRF
2347- attacks.
2348- """
2349-
2350- scim_config : BrowserRdpApplicationSCIMConfig
2351- """Configuration for provisioning to this application via SCIM.
2352-
2353- This is currently in closed beta.
2354- """
2355-
2356- self_hosted_domains : List [SelfHostedDomains ]
2357- """List of public domains that Access will secure.
2358-
2359- This field is deprecated in favor of `destinations` and will be supported until
2360- **November 21, 2025.** If `destinations` are provided, then
2361- `self_hosted_domains` will be ignored.
2362- """
2363-
2364- service_auth_401_redirect : bool
2365- """Returns a 401 status code when the request is blocked by a Service Auth policy."""
2366-
2367- session_duration : str
2368- """The amount of time that tokens issued for this application will be valid.
2369-
2370- Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs),
2371- ms, s, m, h.
2372- """
2373-
2374- skip_interstitial : bool
2375- """Enables automatic authentication through cloudflared."""
2376-
2377- tags : List [str ]
2378- """The tags you want assigned to an application.
2379-
2380- Tags are used to filter applications in the App Launcher dashboard.
2381- """
2382-
2383-
2384- class BrowserRdpApplicationTargetCriterion (TypedDict , total = False ):
2385- port : Required [int ]
2386- """The port that the targets use for the chosen communication protocol.
2387-
2388- A port cannot be assigned to multiple protocols.
2389- """
2390-
2391- protocol : Required [Literal ["ssh" ]]
2392- """The communication protocol your application secures."""
2393-
2394- target_attributes : Required [Dict [str , List [str ]]]
2395- """Contains a map of target attribute keys to target attribute values."""
2396-
2397-
2398- class BrowserRdpApplicationDestinationPublicDestination (TypedDict , total = False ):
2399- type : Literal ["public" ]
2400-
2401- uri : str
2402- """The URI of the destination.
2403-
2404- Public destinations' URIs can include a domain and path with
2405- [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/).
2406- """
2407-
2408-
2409- class BrowserRdpApplicationDestinationPrivateDestination (TypedDict , total = False ):
2410- cidr : str
2411- """The CIDR range of the destination. Single IPs will be computed as /32."""
2412-
2413- hostname : str
2414- """The hostname of the destination. Matches a valid SNI served by an HTTPS origin."""
2415-
2416- l4_protocol : Literal ["tcp" , "udp" ]
2417- """The L4 protocol of the destination.
2418-
2419- When omitted, both UDP and TCP traffic will match.
2420- """
2421-
2422- port_range : str
2423- """The port range of the destination.
2424-
2425- Can be a single port or a range of ports. When omitted, all ports will match.
2426- """
2427-
2428- type : Literal ["private" ]
2429-
2430- vnet_id : str
2431- """The VNET ID to match the destination. When omitted, all VNETs will match."""
2432-
2433-
2434- BrowserRdpApplicationDestination : TypeAlias = Union [
2435- BrowserRdpApplicationDestinationPublicDestination , BrowserRdpApplicationDestinationPrivateDestination
2436- ]
2437-
2438-
2439- class BrowserRdpApplicationPolicyAccessAppPolicyLink (TypedDict , total = False ):
2440- id : str
2441- """The UUID of the policy"""
2442-
2443- precedence : int
2444- """The order of execution for this policy.
2445-
2446- Must be unique for each policy within an app.
2447- """
2448-
2449-
2450- class BrowserRdpApplicationPolicyUnionMember2 (TypedDict , total = False ):
2451- id : str
2452- """The UUID of the policy"""
2453-
2454- approval_groups : Iterable [ApprovalGroupParam ]
2455- """Administrators who can approve a temporary authentication request."""
2456-
2457- approval_required : bool
2458- """
2459- Requires the user to request access from an administrator at the start of each
2460- session.
2461- """
2462-
2463- isolation_required : bool
2464- """
2465- Require this application to be served in an isolated browser for users matching
2466- this policy. 'Client Web Isolation' must be on for the account in order to use
2467- this feature.
2468- """
2469-
2470- precedence : int
2471- """The order of execution for this policy.
2472-
2473- Must be unique for each policy within an app.
2474- """
2475-
2476- purpose_justification_prompt : str
2477- """A custom message that will appear on the purpose justification screen."""
2478-
2479- purpose_justification_required : bool
2480- """Require users to enter a justification when they log in to the application."""
2481-
2482- session_duration : str
2483- """The amount of time that tokens issued for the application will be valid.
2484-
2485- Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs),
2486- ms, s, m, h.
2487- """
2488-
2489-
2490- BrowserRdpApplicationPolicy : TypeAlias = Union [
2491- BrowserRdpApplicationPolicyAccessAppPolicyLink , str , BrowserRdpApplicationPolicyUnionMember2
2492- ]
2493-
2494-
2495- class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken (
2496- TypedDict , total = False
2497- ):
2498- client_id : Required [str ]
2499- """
2500- Client ID of the Access service token used to authenticate with the remote
2501- service.
2502- """
2503-
2504- client_secret : Required [str ]
2505- """
2506- Client secret of the Access service token used to authenticate with the remote
2507- service.
2508- """
2509-
2510- scheme : Required [Literal ["access_service_token" ]]
2511- """The authentication scheme to use when making SCIM requests to this application."""
2512-
2513-
2514- class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken (
2515- TypedDict , total = False
2516- ):
2517- client_id : Required [str ]
2518- """
2519- Client ID of the Access service token used to authenticate with the remote
2520- service.
2521- """
2522-
2523- client_secret : Required [str ]
2524- """
2525- Client secret of the Access service token used to authenticate with the remote
2526- service.
2527- """
2528-
2529- scheme : Required [Literal ["access_service_token" ]]
2530- """The authentication scheme to use when making SCIM requests to this application."""
2531-
2532-
2533- BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication : TypeAlias = Union [
2534- SCIMConfigAuthenticationHTTPBasicParam ,
2535- SCIMConfigAuthenticationOAuthBearerTokenParam ,
2536- SCIMConfigAuthenticationOauth2Param ,
2537- BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken ,
2538- ]
2539-
2540- BrowserRdpApplicationSCIMConfigAuthentication : TypeAlias = Union [
2541- SCIMConfigAuthenticationHTTPBasicParam ,
2542- SCIMConfigAuthenticationOAuthBearerTokenParam ,
2543- SCIMConfigAuthenticationOauth2Param ,
2544- BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken ,
2545- Iterable [BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication ],
2546- ]
2547-
2548-
2549- class BrowserRdpApplicationSCIMConfig (TypedDict , total = False ):
2550- idp_uid : Required [str ]
2551- """
2552- The UID of the IdP to use as the source for SCIM resources to provision to this
2553- application.
2554- """
2555-
2556- remote_uri : Required [str ]
2557- """The base URI for the application's SCIM-compatible API."""
2558-
2559- authentication : BrowserRdpApplicationSCIMConfigAuthentication
2560- """
2561- Attributes for configuring HTTP Basic authentication scheme for SCIM
2562- provisioning to an application.
2563- """
2564-
2565- deactivate_on_delete : bool
2566- """
2567- If false, propagates DELETE requests to the target application for SCIM
2568- resources. If true, sets 'active' to false on the SCIM resource. Note: Some
2569- targets do not support DELETE operations.
2570- """
2571-
2572- enabled : bool
2573- """Whether SCIM provisioning is turned on for this application."""
2574-
2575- mappings : Iterable [SCIMConfigMappingParam ]
2576- """
2577- A list of mappings to apply to SCIM resources before provisioning them in this
2578- application. These can transform or filter the resources to be provisioned.
2579- """
2580-
2581-
25822220ApplicationCreateParams : TypeAlias = Union [
25832221 SelfHostedApplication ,
25842222 SaaSApplication ,
@@ -2589,5 +2227,4 @@ class BrowserRdpApplicationSCIMConfig(TypedDict, total=False):
25892227 BrowserIsolationPermissionsApplication ,
25902228 BookmarkApplication ,
25912229 InfrastructureApplication ,
2592- BrowserRdpApplication ,
25932230]
![stainless-app[bot]](https://avatars.githubusercontent.com/in/378072?v=4&size=40){kind=avatar}
0 commit comments