Skip to main content


oauth --credential [credential name]
--auth.tokenHost ""
--auth.tokenPath "/oauth2/token" "{API Key}"
--client.secret "{API Key Secret}"
--grant "clientcred"

Client authentication for the OAuth 2.0 authorization framework.



--auth.tokenHost ""
--auth.tokenPath "/oauth2/token" "{API Key}"
--client.secret "{API Key Secret}"
--grant "clientcred"


--auth.tokenHost ""
--auth.tokenPath "/api/v1/access_token" "{id}"
--client.secret "{secret}"
--grant "clientcred"



Used to append the results from a previous stage to the current stage. (provide a label, stage index, or boolean true to append the previous results)


Base URL used to obtain access tokens (required)


URL path to obtain access tokens (See url resolution notes). Defaults to /oauth/token


A boolean value of true/false that determines whether or not to use the cache. Generally most commands will default to true.


Format: "{CHECKPOINT NAME}:{COLUMN}" Used to store the value of the provided column (in the first row of results) in the provided name for use as a checkpoint in scheduled queries or other stages. Not encrypted. Can be accessed using $CHECKPOINTS.{CHECKPOINT NAME}$

Service registered client id. When required by the spec this value will be automatically encoded (required).


Service registered client secret. When required by the spec this value will be automatically encoded (required).


Provider reference stored in vault (HIGHLY RECOMMENDED). Contains the provider and auth related information.


Enriches each result row with the previous row. The previous columns will be appended with a _previous.


A filter to run on the command results before completing the command. If not provided, no filter is run on the results.


Starts the stage as if it was a fresh query, so will not use any previous result.


Google Cloud (GCP) JSON keyfile content.



clientcred: Client Credentials Grant The Client Credentials <> grant type is used by clients to obtain an access token outside of the context of a user. This is typically used by clients to access resources about themselves rather than to access a user's resources.

refreshtoken: Refresh Token Grant The Refresh Token <> grant type is used by clients to exchange a refresh token for an access token when the access token has expired. This allows clients to continue to have a valid access token without further interaction with the user.

password: Resource Owner Password Credentials Grant The Resource Owner Password Credentials <> grant type is a way to exchange a user's credentials for an access token. Because the client application has to collect the user's password and send it to the authorization server, it is not recommended that this grant be used at all anymore.

authcode: Authorization Code Grant The Authorization Code <> grant type is used by confidential and public clients to exchange an authorization code for an access token. After the user returns to the client via the redirect URL, the application will get the authorization code from the URL and use it to request an access token.

gcpjwt: Google Cloud (GCP) JWT How an application can complete server-to-server authentication using OAuth 2.0 for Google APIs.


Adds a populated random guid column.


Used to label a stage with a user provided label.


Override for the system max concurrent workers for a stage.


Encoding of credentials ( and client.secret) in header. Defaults to strict and URL Encodes the credential values. Use loose to skip encoding completely.


User password (required for password grant).


User identifier (required for password grant).


Randomizes the stage hash, even if args and flags are the same.


Service refresh token value. Used by refreshtoken Grant Type.


String or array including a subset of the original client scopes to request.


Controls if a stats calculation is run on a stage after it completes.


A comma separated list of columns to include in the command results. If not provided, all columns will be included.


Each command has a default type, either "mapping" or "reducing". Some commands can operate as either, when "reducing" they will operate on all rows at once, when "mapping", they will operate on one row at a time.


Format: "{VARIABLE NAME}:{COLUMN}" Used to store the value of the provided column (in the first row of results) in the provided name for use as a variable in other stages. Can be accessed using $VARIABLES.{VARIABLE NAME}$. Stored as an encrypted secret. Not stored across queries.


Will rerun the stage until the provided expression is valid for the first line of results.


The zoom Account ID.