1. Docs
  2. Reference
  3. API
  4. auth0
  5. ResourceServer

ResourceServer

With this resource, you can set up APIs that can be consumed from your authorized applications.

Example Usage

using Pulumi;
using Auth0 = Pulumi.Auth0;

class MyStack : Stack
{
    public MyStack()
    {
        var myResourceServer = new Auth0.ResourceServer("myResourceServer", new Auth0.ResourceServerArgs
        {
            AllowOfflineAccess = true,
            Identifier = "https://api.example.com",
            Scopes = 
            {
                new Auth0.Inputs.ResourceServerScopeArgs
                {
                    Description = "Create foos",
                    Value = "create:foo",
                },
                new Auth0.Inputs.ResourceServerScopeArgs
                {
                    Description = "Create bars",
                    Value = "create:bar",
                },
            },
            SigningAlg = "RS256",
            SkipConsentForVerifiableFirstPartyClients = true,
            TokenLifetime = 8600,
        });
    }

}

Coming soon!

import pulumi
import pulumi_auth0 as auth0

my_resource_server = auth0.ResourceServer("myResourceServer",
    allow_offline_access=True,
    identifier="https://api.example.com",
    scopes=[
        {
            "description": "Create foos",
            "value": "create:foo",
        },
        {
            "description": "Create bars",
            "value": "create:bar",
        },
    ],
    signing_alg="RS256",
    skip_consent_for_verifiable_first_party_clients=True,
    token_lifetime=8600)
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myResourceServer = new auth0.ResourceServer("my_resource_server", {
    allowOfflineAccess: true,
    identifier: "https://api.example.com",
    scopes: [
        {
            description: "Create foos",
            value: "create:foo",
        },
        {
            description: "Create bars",
            value: "create:bar",
        },
    ],
    signingAlg: "RS256",
    skipConsentForVerifiableFirstPartyClients: true,
    tokenLifetime: 8600,
});

Create a ResourceServer Resource

new ResourceServer(name: string, args?: ResourceServerArgs, opts?: CustomResourceOptions);
def ResourceServer(resource_name, opts=None, allow_offline_access=None, enforce_policies=None, identifier=None, name=None, options=None, scopes=None, signing_alg=None, signing_secret=None, skip_consent_for_verifiable_first_party_clients=None, token_dialect=None, token_lifetime=None, token_lifetime_for_web=None, verification_location=None, __props__=None);
func NewResourceServer(ctx *Context, name string, args *ResourceServerArgs, opts ...ResourceOption) (*ResourceServer, error)
public ResourceServer(string name, ResourceServerArgs? args = null, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args ResourceServerArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ResourceServerArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ResourceServerArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

ResourceServer Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The ResourceServer resource accepts the following input properties:

AllowOfflineAccess bool

Boolean. Indicates whether or not refresh tokens can be issued for this resource server.

EnforcePolicies bool

Boolean. Indicates whether or not authorization polices are enforced.

Identifier string

String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.

Name string

String. Friendly name for the resource server. Cannot include < or > characters.

Options Dictionary<string, string>

Map(String). Used to store additional metadata

Scopes List<ResourceServerScopeArgs>

Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.

SigningAlg string

String. Algorithm used to sign JWTs. Options include HS256 and RS256.

SigningSecret string

String. Secret used to sign tokens when using symmetric algorithms (HS256).

SkipConsentForVerifiableFirstPartyClients bool

Boolean. Indicates whether or not to skip user consent for applications flagged as first party.

TokenDialect string

String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).

TokenLifetime int

Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.

TokenLifetimeForWeb int

Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.

VerificationLocation string

String

AllowOfflineAccess bool

Boolean. Indicates whether or not refresh tokens can be issued for this resource server.

EnforcePolicies bool

Boolean. Indicates whether or not authorization polices are enforced.

Identifier string

String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.

Name string

String. Friendly name for the resource server. Cannot include < or > characters.

Options map[string]string

Map(String). Used to store additional metadata

Scopes []ResourceServerScope

Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.

SigningAlg string

String. Algorithm used to sign JWTs. Options include HS256 and RS256.

SigningSecret string

String. Secret used to sign tokens when using symmetric algorithms (HS256).

SkipConsentForVerifiableFirstPartyClients bool

Boolean. Indicates whether or not to skip user consent for applications flagged as first party.

TokenDialect string

String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).

TokenLifetime int

Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.

TokenLifetimeForWeb int

Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.

VerificationLocation string

String

allowOfflineAccess boolean

Boolean. Indicates whether or not refresh tokens can be issued for this resource server.

enforcePolicies boolean

Boolean. Indicates whether or not authorization polices are enforced.

identifier string

String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.

name string

String. Friendly name for the resource server. Cannot include < or > characters.

options {[key: string]: string}

Map(String). Used to store additional metadata

scopes ResourceServerScope[]

Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.

signingAlg string

String. Algorithm used to sign JWTs. Options include HS256 and RS256.

signingSecret string

String. Secret used to sign tokens when using symmetric algorithms (HS256).

skipConsentForVerifiableFirstPartyClients boolean

Boolean. Indicates whether or not to skip user consent for applications flagged as first party.

tokenDialect string

String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).

tokenLifetime number

Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.

tokenLifetimeForWeb number

Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.

verificationLocation string

String

allow_offline_access bool

Boolean. Indicates whether or not refresh tokens can be issued for this resource server.

enforce_policies bool

Boolean. Indicates whether or not authorization polices are enforced.

identifier str

String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.

name str

String. Friendly name for the resource server. Cannot include < or > characters.

options Dict[str, str]

Map(String). Used to store additional metadata

scopes List[ResourceServerScope]

Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.

signing_alg str

String. Algorithm used to sign JWTs. Options include HS256 and RS256.

signing_secret str

String. Secret used to sign tokens when using symmetric algorithms (HS256).

skip_consent_for_verifiable_first_party_clients bool

Boolean. Indicates whether or not to skip user consent for applications flagged as first party.

token_dialect str

String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).

token_lifetime float

Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.

token_lifetime_for_web float

Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.

verification_location str

String

Outputs

All input properties are implicitly available as output properties. Additionally, the ResourceServer resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing ResourceServer Resource

Get an existing ResourceServer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ResourceServerState, opts?: CustomResourceOptions): ResourceServer
static get(resource_name, id, opts=None, allow_offline_access=None, enforce_policies=None, identifier=None, name=None, options=None, scopes=None, signing_alg=None, signing_secret=None, skip_consent_for_verifiable_first_party_clients=None, token_dialect=None, token_lifetime=None, token_lifetime_for_web=None, verification_location=None, __props__=None);
func GetResourceServer(ctx *Context, name string, id IDInput, state *ResourceServerState, opts ...ResourceOption) (*ResourceServer, error)
public static ResourceServer Get(string name, Input<string> id, ResourceServerState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowOfflineAccess bool

Boolean. Indicates whether or not refresh tokens can be issued for this resource server.

EnforcePolicies bool

Boolean. Indicates whether or not authorization polices are enforced.

Identifier string

String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.

Name string

String. Friendly name for the resource server. Cannot include < or > characters.

Options Dictionary<string, string>

Map(String). Used to store additional metadata

Scopes List<ResourceServerScopeArgs>

Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.

SigningAlg string

String. Algorithm used to sign JWTs. Options include HS256 and RS256.

SigningSecret string

String. Secret used to sign tokens when using symmetric algorithms (HS256).

SkipConsentForVerifiableFirstPartyClients bool

Boolean. Indicates whether or not to skip user consent for applications flagged as first party.

TokenDialect string

String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).

TokenLifetime int

Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.

TokenLifetimeForWeb int

Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.

VerificationLocation string

String

AllowOfflineAccess bool

Boolean. Indicates whether or not refresh tokens can be issued for this resource server.

EnforcePolicies bool

Boolean. Indicates whether or not authorization polices are enforced.

Identifier string

String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.

Name string

String. Friendly name for the resource server. Cannot include < or > characters.

Options map[string]string

Map(String). Used to store additional metadata

Scopes []ResourceServerScope

Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.

SigningAlg string

String. Algorithm used to sign JWTs. Options include HS256 and RS256.

SigningSecret string

String. Secret used to sign tokens when using symmetric algorithms (HS256).

SkipConsentForVerifiableFirstPartyClients bool

Boolean. Indicates whether or not to skip user consent for applications flagged as first party.

TokenDialect string

String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).

TokenLifetime int

Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.

TokenLifetimeForWeb int

Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.

VerificationLocation string

String

allowOfflineAccess boolean

Boolean. Indicates whether or not refresh tokens can be issued for this resource server.

enforcePolicies boolean

Boolean. Indicates whether or not authorization polices are enforced.

identifier string

String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.

name string

String. Friendly name for the resource server. Cannot include < or > characters.

options {[key: string]: string}

Map(String). Used to store additional metadata

scopes ResourceServerScope[]

Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.

signingAlg string

String. Algorithm used to sign JWTs. Options include HS256 and RS256.

signingSecret string

String. Secret used to sign tokens when using symmetric algorithms (HS256).

skipConsentForVerifiableFirstPartyClients boolean

Boolean. Indicates whether or not to skip user consent for applications flagged as first party.

tokenDialect string

String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).

tokenLifetime number

Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.

tokenLifetimeForWeb number

Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.

verificationLocation string

String

allow_offline_access bool

Boolean. Indicates whether or not refresh tokens can be issued for this resource server.

enforce_policies bool

Boolean. Indicates whether or not authorization polices are enforced.

identifier str

String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.

name str

String. Friendly name for the resource server. Cannot include < or > characters.

options Dict[str, str]

Map(String). Used to store additional metadata

scopes List[ResourceServerScope]

Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.

signing_alg str

String. Algorithm used to sign JWTs. Options include HS256 and RS256.

signing_secret str

String. Secret used to sign tokens when using symmetric algorithms (HS256).

skip_consent_for_verifiable_first_party_clients bool

Boolean. Indicates whether or not to skip user consent for applications flagged as first party.

token_dialect str

String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).

token_lifetime float

Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.

token_lifetime_for_web float

Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.

verification_location str

String

Supporting Types

ResourceServerScope

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

Value string

String. Name of the permission (scope). Examples include read:appointments or delete:appointments.

Description string

String. Description of the permission (scope).

Value string

String. Name of the permission (scope). Examples include read:appointments or delete:appointments.

Description string

String. Description of the permission (scope).

value string

String. Name of the permission (scope). Examples include read:appointments or delete:appointments.

description string

String. Description of the permission (scope).

value str

String. Name of the permission (scope). Examples include read:appointments or delete:appointments.

description str

String. Description of the permission (scope).

Package Details

Repository
https://github.com/pulumi/pulumi-auth0
License
Apache-2.0
Notes
This Pulumi package is based on the auth0 Terraform Provider.