Skip to main content


oauth --credential [credential name]
--auth.tokenHost ""
--auth.tokenPath "/oauth2/token" "{API Key}"
--client.secret "{API Key Secret}"
--grant "clientcred"

Client authentication for the OAuth 2.0 authorization framework.



--auth.tokenHost ""
--auth.tokenPath "/oauth2/token" "{API Key}"
--client.secret "{API Key Secret}"
--grant "clientcred"


--auth.tokenHost ""
--auth.tokenPath "/api/v1/access_token" "{personal use script}"
--client.secret "{secret}"
--grant "clientcred"



Used to append the results from a previous stage to the current stage. (provide a label, stage index, or boolean true to append the previous results)


Base URL used to obtain access tokens (required)


URL path to obtain access tokens (See url resolution notes). Defaults to /oauth/token


A boolean value of true/false that determines whether or not to use the cache. Generally most commands will default to true.


Format: "{CHECKPOINT NAME}:{COLUMN}" Used to store the value of the provided column (in the first row of results) in the provided name for use as a checkpoint in scheduled queries or other stages. Can be accessed using $CHECKPOINTS.{CHECKPOINT NAME}$

Service registered client id. When required by the spec this value will be automatically encoded (required).


Service registered client secret. When required by the spec this value will be automatically encoded (required).


Provider reference stored in vault (HIGHLY RECOMMENDED). Contains the provider and auth related information.


Enriches each result row with the previous row. The previous columns will be appended with a _previous.


A filter to run on the command results before completing the command. If not provided, no filter is run on the results.


Starts the stage as if it was a fresh query, so will not use any previous result.


Google Cloud (GCP) JSON keyfile content.



clientcred: Client Credentials Grant The Client Credentials <> grant type is used by clients to obtain an access token outside of the context of a user. This is typically used by clients to access resources about themselves rather than to access a user's resources.

password: Resource Owner Password Credentials Grant The Resource Owner Password Credentials <> grant type is a way to exchange a user's credentials for an access token. Because the client application has to collect the user's password and send it to the authorization server, it is not recommended that this grant be used at all anymore.

authcode: Authorization Code Grant The Authorization Code <> grant type is used by confidential and public clients to exchange an authorization code for an access token. After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.

gcpjwt: Google Cloud (GCP) JWT How an application can complete server-to-server authentication using OAuth 2.0 for Google APIs.


Adds a populated random guid column.


Used to label a stage with a user provided label.


Override for the system max concurrent workers for a stage.


User password (required for password grant).


User identifier (required for password grant).


Randomizes the stage hash, even if args and flags are the same.


String or array including a subset of the original client scopes to request.


Controls if a stats calculation is run on a stage after it completes.


A comma separated list of columns to include in the command results. If not provided, all columns will be included.


Will rerun the stage until the provided expression is valid for the first line of results.