111111 "InfrastructureApplicationPolicy" ,
112112 "InfrastructureApplicationPolicyConnectionRules" ,
113113 "InfrastructureApplicationPolicyConnectionRulesSSH" ,
114+ "BrowserRdpApplication" ,
115+ "BrowserRdpApplicationTargetCriterion" ,
116+ "BrowserRdpApplicationDestination" ,
117+ "BrowserRdpApplicationDestinationPublicDestination" ,
118+ "BrowserRdpApplicationDestinationPrivateDestination" ,
119+ "BrowserRdpApplicationPolicy" ,
120+ "BrowserRdpApplicationPolicyAccessAppPolicyLink" ,
121+ "BrowserRdpApplicationPolicyUnionMember2" ,
122+ "BrowserRdpApplicationSCIMConfig" ,
123+ "BrowserRdpApplicationSCIMConfigAuthentication" ,
124+ "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken" ,
125+ "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication" ,
126+ "BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken" ,
114127]
115128
116129
@@ -2217,6 +2230,355 @@ class InfrastructureApplicationPolicy(TypedDict, total=False):
22172230 """
22182231
22192232
2233+ class BrowserRdpApplication (TypedDict , total = False ):
2234+ domain : Required [str ]
2235+ """The primary hostname and path secured by Access.
2236+
2237+ This domain will be displayed if the app is visible in the App Launcher.
2238+ """
2239+
2240+ target_criteria : Required [Iterable [BrowserRdpApplicationTargetCriterion ]]
2241+
2242+ type : Required [str ]
2243+ """The application type."""
2244+
2245+ account_id : str
2246+ """The Account ID to use for this endpoint. Mutually exclusive with the Zone ID."""
2247+
2248+ zone_id : str
2249+ """The Zone ID to use for this endpoint. Mutually exclusive with the Account ID."""
2250+
2251+ allow_authenticate_via_warp : bool
2252+ """
2253+ When set to true, users can authenticate to this application using their WARP
2254+ session. When set to false this application will always require direct IdP
2255+ authentication. This setting always overrides the organization setting for WARP
2256+ authentication.
2257+ """
2258+
2259+ allowed_idps : List [AllowedIdPs ]
2260+ """The identity providers your users can select when connecting to this
2261+ application.
2262+
2263+ Defaults to all IdPs configured in your account.
2264+ """
2265+
2266+ app_launcher_visible : bool
2267+ """Displays the application in the App Launcher."""
2268+
2269+ auto_redirect_to_identity : bool
2270+ """When set to `true`, users skip the identity provider selection step during
2271+ login.
2272+
2273+ You must specify only one identity provider in allowed_idps.
2274+ """
2275+
2276+ cors_headers : CORSHeadersParam
2277+
2278+ custom_deny_message : str
2279+ """
2280+ The custom error message shown to a user when they are denied access to the
2281+ application.
2282+ """
2283+
2284+ custom_deny_url : str
2285+ """
2286+ The custom URL a user is redirected to when they are denied access to the
2287+ application when failing identity-based rules.
2288+ """
2289+
2290+ custom_non_identity_deny_url : str
2291+ """
2292+ The custom URL a user is redirected to when they are denied access to the
2293+ application when failing non-identity rules.
2294+ """
2295+
2296+ custom_pages : List [str ]
2297+ """The custom pages that will be displayed when applicable for this application"""
2298+
2299+ destinations : Iterable [BrowserRdpApplicationDestination ]
2300+ """List of destinations secured by Access.
2301+
2302+ This supersedes `self_hosted_domains` to allow for more flexibility in defining
2303+ different types of domains. If `destinations` are provided, then
2304+ `self_hosted_domains` will be ignored.
2305+ """
2306+
2307+ enable_binding_cookie : bool
2308+ """
2309+ Enables the binding cookie, which increases security against compromised
2310+ authorization tokens and CSRF attacks.
2311+ """
2312+
2313+ http_only_cookie_attribute : bool
2314+ """
2315+ Enables the HttpOnly cookie attribute, which increases security against XSS
2316+ attacks.
2317+ """
2318+
2319+ logo_url : str
2320+ """The image URL for the logo shown in the App Launcher dashboard."""
2321+
2322+ name : str
2323+ """The name of the application."""
2324+
2325+ options_preflight_bypass : bool
2326+ """
2327+ Allows options preflight requests to bypass Access authentication and go
2328+ directly to the origin. Cannot turn on if cors_headers is set.
2329+ """
2330+
2331+ path_cookie_attribute : bool
2332+ """Enables cookie paths to scope an application's JWT to the application path.
2333+
2334+ If disabled, the JWT will scope to the hostname by default
2335+ """
2336+
2337+ policies : List [BrowserRdpApplicationPolicy ]
2338+ """
2339+ The policies that Access applies to the application, in ascending order of
2340+ precedence. Items can reference existing policies or create new policies
2341+ exclusive to the application.
2342+ """
2343+
2344+ same_site_cookie_attribute : str
2345+ """
2346+ Sets the SameSite cookie setting, which provides increased security against CSRF
2347+ attacks.
2348+ """
2349+
2350+ scim_config : BrowserRdpApplicationSCIMConfig
2351+ """Configuration for provisioning to this application via SCIM.
2352+
2353+ This is currently in closed beta.
2354+ """
2355+
2356+ self_hosted_domains : List [SelfHostedDomains ]
2357+ """List of public domains that Access will secure.
2358+
2359+ This field is deprecated in favor of `destinations` and will be supported until
2360+ **November 21, 2025.** If `destinations` are provided, then
2361+ `self_hosted_domains` will be ignored.
2362+ """
2363+
2364+ service_auth_401_redirect : bool
2365+ """Returns a 401 status code when the request is blocked by a Service Auth policy."""
2366+
2367+ session_duration : str
2368+ """The amount of time that tokens issued for this application will be valid.
2369+
2370+ Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs),
2371+ ms, s, m, h.
2372+ """
2373+
2374+ skip_interstitial : bool
2375+ """Enables automatic authentication through cloudflared."""
2376+
2377+ tags : List [str ]
2378+ """The tags you want assigned to an application.
2379+
2380+ Tags are used to filter applications in the App Launcher dashboard.
2381+ """
2382+
2383+
2384+ class BrowserRdpApplicationTargetCriterion (TypedDict , total = False ):
2385+ port : Required [int ]
2386+ """The port that the targets use for the chosen communication protocol.
2387+
2388+ A port cannot be assigned to multiple protocols.
2389+ """
2390+
2391+ protocol : Required [Literal ["ssh" ]]
2392+ """The communication protocol your application secures."""
2393+
2394+ target_attributes : Required [Dict [str , List [str ]]]
2395+ """Contains a map of target attribute keys to target attribute values."""
2396+
2397+
2398+ class BrowserRdpApplicationDestinationPublicDestination (TypedDict , total = False ):
2399+ type : Literal ["public" ]
2400+
2401+ uri : str
2402+ """The URI of the destination.
2403+
2404+ Public destinations' URIs can include a domain and path with
2405+ [wildcards](https://developers.cloudflare.com/cloudflare-one/policies/access/app-paths/).
2406+ """
2407+
2408+
2409+ class BrowserRdpApplicationDestinationPrivateDestination (TypedDict , total = False ):
2410+ cidr : str
2411+ """The CIDR range of the destination. Single IPs will be computed as /32."""
2412+
2413+ hostname : str
2414+ """The hostname of the destination. Matches a valid SNI served by an HTTPS origin."""
2415+
2416+ l4_protocol : Literal ["tcp" , "udp" ]
2417+ """The L4 protocol of the destination.
2418+
2419+ When omitted, both UDP and TCP traffic will match.
2420+ """
2421+
2422+ port_range : str
2423+ """The port range of the destination.
2424+
2425+ Can be a single port or a range of ports. When omitted, all ports will match.
2426+ """
2427+
2428+ type : Literal ["private" ]
2429+
2430+ vnet_id : str
2431+ """The VNET ID to match the destination. When omitted, all VNETs will match."""
2432+
2433+
2434+ BrowserRdpApplicationDestination : TypeAlias = Union [
2435+ BrowserRdpApplicationDestinationPublicDestination , BrowserRdpApplicationDestinationPrivateDestination
2436+ ]
2437+
2438+
2439+ class BrowserRdpApplicationPolicyAccessAppPolicyLink (TypedDict , total = False ):
2440+ id : str
2441+ """The UUID of the policy"""
2442+
2443+ precedence : int
2444+ """The order of execution for this policy.
2445+
2446+ Must be unique for each policy within an app.
2447+ """
2448+
2449+
2450+ class BrowserRdpApplicationPolicyUnionMember2 (TypedDict , total = False ):
2451+ id : str
2452+ """The UUID of the policy"""
2453+
2454+ approval_groups : Iterable [ApprovalGroupParam ]
2455+ """Administrators who can approve a temporary authentication request."""
2456+
2457+ approval_required : bool
2458+ """
2459+ Requires the user to request access from an administrator at the start of each
2460+ session.
2461+ """
2462+
2463+ isolation_required : bool
2464+ """
2465+ Require this application to be served in an isolated browser for users matching
2466+ this policy. 'Client Web Isolation' must be on for the account in order to use
2467+ this feature.
2468+ """
2469+
2470+ precedence : int
2471+ """The order of execution for this policy.
2472+
2473+ Must be unique for each policy within an app.
2474+ """
2475+
2476+ purpose_justification_prompt : str
2477+ """A custom message that will appear on the purpose justification screen."""
2478+
2479+ purpose_justification_required : bool
2480+ """Require users to enter a justification when they log in to the application."""
2481+
2482+ session_duration : str
2483+ """The amount of time that tokens issued for the application will be valid.
2484+
2485+ Must be in the format `300ms` or `2h45m`. Valid time units are: ns, us (or µs),
2486+ ms, s, m, h.
2487+ """
2488+
2489+
2490+ BrowserRdpApplicationPolicy : TypeAlias = Union [
2491+ BrowserRdpApplicationPolicyAccessAppPolicyLink , str , BrowserRdpApplicationPolicyUnionMember2
2492+ ]
2493+
2494+
2495+ class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken (
2496+ TypedDict , total = False
2497+ ):
2498+ client_id : Required [str ]
2499+ """
2500+ Client ID of the Access service token used to authenticate with the remote
2501+ service.
2502+ """
2503+
2504+ client_secret : Required [str ]
2505+ """
2506+ Client secret of the Access service token used to authenticate with the remote
2507+ service.
2508+ """
2509+
2510+ scheme : Required [Literal ["access_service_token" ]]
2511+ """The authentication scheme to use when making SCIM requests to this application."""
2512+
2513+
2514+ class BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken (
2515+ TypedDict , total = False
2516+ ):
2517+ client_id : Required [str ]
2518+ """
2519+ Client ID of the Access service token used to authenticate with the remote
2520+ service.
2521+ """
2522+
2523+ client_secret : Required [str ]
2524+ """
2525+ Client secret of the Access service token used to authenticate with the remote
2526+ service.
2527+ """
2528+
2529+ scheme : Required [Literal ["access_service_token" ]]
2530+ """The authentication scheme to use when making SCIM requests to this application."""
2531+
2532+
2533+ BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication : TypeAlias = Union [
2534+ SCIMConfigAuthenticationHTTPBasicParam ,
2535+ SCIMConfigAuthenticationOAuthBearerTokenParam ,
2536+ SCIMConfigAuthenticationOauth2Param ,
2537+ BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken ,
2538+ ]
2539+
2540+ BrowserRdpApplicationSCIMConfigAuthentication : TypeAlias = Union [
2541+ SCIMConfigAuthenticationHTTPBasicParam ,
2542+ SCIMConfigAuthenticationOAuthBearerTokenParam ,
2543+ SCIMConfigAuthenticationOauth2Param ,
2544+ BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigAuthenticationAccessServiceToken ,
2545+ Iterable [BrowserRdpApplicationSCIMConfigAuthenticationAccessSCIMConfigMultiAuthentication ],
2546+ ]
2547+
2548+
2549+ class BrowserRdpApplicationSCIMConfig (TypedDict , total = False ):
2550+ idp_uid : Required [str ]
2551+ """
2552+ The UID of the IdP to use as the source for SCIM resources to provision to this
2553+ application.
2554+ """
2555+
2556+ remote_uri : Required [str ]
2557+ """The base URI for the application's SCIM-compatible API."""
2558+
2559+ authentication : BrowserRdpApplicationSCIMConfigAuthentication
2560+ """
2561+ Attributes for configuring HTTP Basic authentication scheme for SCIM
2562+ provisioning to an application.
2563+ """
2564+
2565+ deactivate_on_delete : bool
2566+ """
2567+ If false, propagates DELETE requests to the target application for SCIM
2568+ resources. If true, sets 'active' to false on the SCIM resource. Note: Some
2569+ targets do not support DELETE operations.
2570+ """
2571+
2572+ enabled : bool
2573+ """Whether SCIM provisioning is turned on for this application."""
2574+
2575+ mappings : Iterable [SCIMConfigMappingParam ]
2576+ """
2577+ A list of mappings to apply to SCIM resources before provisioning them in this
2578+ application. These can transform or filter the resources to be provisioned.
2579+ """
2580+
2581+
22202582ApplicationCreateParams : TypeAlias = Union [
22212583 SelfHostedApplication ,
22222584 SaaSApplication ,
@@ -2227,4 +2589,5 @@ class InfrastructureApplicationPolicy(TypedDict, total=False):
22272589 BrowserIsolationPermissionsApplication ,
22282590 BookmarkApplication ,
22292591 InfrastructureApplication ,
2592+ BrowserRdpApplication ,
22302593]
![stainless-app[bot]](https://avatars.githubusercontent.com/in/378072?v=4&size=40){kind=avatar}
0 commit comments