Application

Manages an Application within Azure Active Directory.

NOTE: If you’re authenticating using a Service Principal then it must have permissions to both Read and write owned by applications and Sign in and read user profile within the Windows Azure Active Directory API.

Create a Application Resource

new Application(name: string, args?: ApplicationArgs, opts?: CustomResourceOptions);

def Application(resource_name, opts=None, app_roles=None, available_to_other_tenants=None, group_membership_claims=None, homepage=None, identifier_uris=None, logout_url=None, name=None, oauth2_allow_implicit_flow=None, oauth2_permissions=None, optional_claims=None, owners=None, public_client=None, reply_urls=None, required_resource_accesses=None, type=None, __props__=None);

func NewApplication(ctx *Context, name string, args *ApplicationArgs, opts ...ResourceOption) (*Application, error)

public Application(string name, ApplicationArgs? args = null, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args ApplicationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ApplicationArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ApplicationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

Application Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Application resource accepts the following input properties:

AppRoles List<Pulumi.AzureAD.Inputs.ApplicationAppRoleArgs>: A collection of app_role blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles
AvailableToOtherTenants bool: Is this Azure AD Application available to other tenants? Defaults to false.
GroupMembershipClaims string: Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
Homepage string: The URL to the application’s home page. If no homepage is specified this defaults to https://{name}.
IdentifierUris List<string>: A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
LogoutUrl string: The URL of the logout page.
Name string: The display name for the application.
Oauth2AllowImplicitFlow bool: Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.
Oauth2Permissions List<Pulumi.AzureAD.Inputs.ApplicationOauth2PermissionArgs>: A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2_permissions blocks as documented below.
OptionalClaims Pulumi.AzureAD.Inputs.ApplicationOptionalClaimsArgs: A collection of access_token or id_token blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
Owners List<string>: A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.
PublicClient bool: Is this Azure AD Application a public client? Defaults to false.
ReplyUrls List<string>: A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
RequiredResourceAccesses List<Pulumi.AzureAD.Inputs.ApplicationRequiredResourceAccessArgs>: A collection of required_resource_access blocks as documented below.
Type string: Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.

AppRoles []ApplicationAppRole: A collection of app_role blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles
AvailableToOtherTenants bool: Is this Azure AD Application available to other tenants? Defaults to false.
GroupMembershipClaims string: Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
Homepage string: The URL to the application’s home page. If no homepage is specified this defaults to https://{name}.
IdentifierUris []string: A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
LogoutUrl string: The URL of the logout page.
Name string: The display name for the application.
Oauth2AllowImplicitFlow bool: Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.
Oauth2Permissions []ApplicationOauth2Permission: A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2_permissions blocks as documented below.
OptionalClaims ApplicationOptionalClaims: A collection of access_token or id_token blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
Owners []string: A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.
PublicClient bool: Is this Azure AD Application a public client? Defaults to false.
ReplyUrls []string: A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
RequiredResourceAccesses []ApplicationRequiredResourceAccess: A collection of required_resource_access blocks as documented below.
Type string: Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.

appRoles ApplicationAppRole[]: A collection of app_role blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles
availableToOtherTenants boolean: Is this Azure AD Application available to other tenants? Defaults to false.
groupMembershipClaims string: Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
homepage string: The URL to the application’s home page. If no homepage is specified this defaults to https://{name}.
identifierUris string[]: A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
logoutUrl string: The URL of the logout page.
name string: The display name for the application.
oauth2AllowImplicitFlow boolean: Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.
oauth2Permissions ApplicationOauth2Permission[]: A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2_permissions blocks as documented below.
optionalClaims ApplicationOptionalClaims: A collection of access_token or id_token blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
owners string[]: A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.
publicClient boolean: Is this Azure AD Application a public client? Defaults to false.
replyUrls string[]: A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
requiredResourceAccesses ApplicationRequiredResourceAccess[]: A collection of required_resource_access blocks as documented below.
type string: Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.

app_roles List[ApplicationAppRole]: A collection of app_role blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles
available_to_other_tenants bool: Is this Azure AD Application available to other tenants? Defaults to false.
group_membership_claims str: Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
homepage str: The URL to the application’s home page. If no homepage is specified this defaults to https://{name}.
identifier_uris List[str]: A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
logout_url str: The URL of the logout page.
name str: The display name for the application.
oauth2_allow_implicit_flow bool: Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.
oauth2_permissions List[ApplicationOauth2Permission]: A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2_permissions blocks as documented below.
optional_claims Dict[ApplicationOptionalClaims]: A collection of access_token or id_token blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
owners List[str]: A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.
public_client bool: Is this Azure AD Application a public client? Defaults to false.
reply_urls List[str]: A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
required_resource_accesses List[ApplicationRequiredResourceAccess]: A collection of required_resource_access blocks as documented below.
type str: Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.

Outputs

All input properties are implicitly available as output properties. Additionally, the Application resource produces the following output properties:

ApplicationId string: The Application ID.
Id string: The provider-assigned unique ID for this managed resource.
ObjectId string: The Application’s Object ID.

ApplicationId string: The Application ID.
Id string: The provider-assigned unique ID for this managed resource.
ObjectId string: The Application’s Object ID.

applicationId string: The Application ID.
id string: The provider-assigned unique ID for this managed resource.
objectId string: The Application’s Object ID.

application_id str: The Application ID.
id str: The provider-assigned unique ID for this managed resource.
object_id str: The Application’s Object ID.

Look up an Existing Application Resource

Get an existing Application resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ApplicationState, opts?: CustomResourceOptions): Application

static get(resource_name, id, opts=None, app_roles=None, application_id=None, available_to_other_tenants=None, group_membership_claims=None, homepage=None, identifier_uris=None, logout_url=None, name=None, oauth2_allow_implicit_flow=None, oauth2_permissions=None, object_id=None, optional_claims=None, owners=None, public_client=None, reply_urls=None, required_resource_accesses=None, type=None, __props__=None);

func GetApplication(ctx *Context, name string, id IDInput, state *ApplicationState, opts ...ResourceOption) (*Application, error)

public static Application Get(string name, Input<string> id, ApplicationState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AppRoles List<Pulumi.AzureAD.Inputs.ApplicationAppRoleArgs>: A collection of app_role blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles
ApplicationId string: The Application ID.
AvailableToOtherTenants bool: Is this Azure AD Application available to other tenants? Defaults to false.
GroupMembershipClaims string: Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
Homepage string: The URL to the application’s home page. If no homepage is specified this defaults to https://{name}.
IdentifierUris List<string>: A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
LogoutUrl string: The URL of the logout page.
Name string: The display name for the application.
Oauth2AllowImplicitFlow bool: Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.
Oauth2Permissions List<Pulumi.AzureAD.Inputs.ApplicationOauth2PermissionArgs>: A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2_permissions blocks as documented below.
ObjectId string: The Application’s Object ID.
OptionalClaims Pulumi.AzureAD.Inputs.ApplicationOptionalClaimsArgs: A collection of access_token or id_token blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
Owners List<string>: A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.
PublicClient bool: Is this Azure AD Application a public client? Defaults to false.
ReplyUrls List<string>: A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
RequiredResourceAccesses List<Pulumi.AzureAD.Inputs.ApplicationRequiredResourceAccessArgs>: A collection of required_resource_access blocks as documented below.
Type string: Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.

AppRoles []ApplicationAppRole: A collection of app_role blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles
ApplicationId string: The Application ID.
AvailableToOtherTenants bool: Is this Azure AD Application available to other tenants? Defaults to false.
GroupMembershipClaims string: Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
Homepage string: The URL to the application’s home page. If no homepage is specified this defaults to https://{name}.
IdentifierUris []string: A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
LogoutUrl string: The URL of the logout page.
Name string: The display name for the application.
Oauth2AllowImplicitFlow bool: Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.
Oauth2Permissions []ApplicationOauth2Permission: A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2_permissions blocks as documented below.
ObjectId string: The Application’s Object ID.
OptionalClaims ApplicationOptionalClaims: A collection of access_token or id_token blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
Owners []string: A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.
PublicClient bool: Is this Azure AD Application a public client? Defaults to false.
ReplyUrls []string: A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
RequiredResourceAccesses []ApplicationRequiredResourceAccess: A collection of required_resource_access blocks as documented below.
Type string: Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.

appRoles ApplicationAppRole[]: A collection of app_role blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles
applicationId string: The Application ID.
availableToOtherTenants boolean: Is this Azure AD Application available to other tenants? Defaults to false.
groupMembershipClaims string: Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
homepage string: The URL to the application’s home page. If no homepage is specified this defaults to https://{name}.
identifierUris string[]: A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
logoutUrl string: The URL of the logout page.
name string: The display name for the application.
oauth2AllowImplicitFlow boolean: Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.
oauth2Permissions ApplicationOauth2Permission[]: A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2_permissions blocks as documented below.
objectId string: The Application’s Object ID.
optionalClaims ApplicationOptionalClaims: A collection of access_token or id_token blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
owners string[]: A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.
publicClient boolean: Is this Azure AD Application a public client? Defaults to false.
replyUrls string[]: A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
requiredResourceAccesses ApplicationRequiredResourceAccess[]: A collection of required_resource_access blocks as documented below.
type string: Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.

app_roles List[ApplicationAppRole]: A collection of app_role blocks as documented below. For more information https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles
application_id str: The Application ID.
available_to_other_tenants bool: Is this Azure AD Application available to other tenants? Defaults to false.
group_membership_claims str: Configures the groups claim issued in a user or OAuth 2.0 access token that the app expects. Defaults to SecurityGroup. Possible values are None, SecurityGroup, DirectoryRole, ApplicationGroup or All.
homepage str: The URL to the application’s home page. If no homepage is specified this defaults to https://{name}.
identifier_uris List[str]: A list of user-defined URI(s) that uniquely identify a Web application within it’s Azure AD tenant, or within a verified custom domain if the application is multi-tenant.
logout_url str: The URL of the logout page.
name str: The display name for the application.
oauth2_allow_implicit_flow bool: Does this Azure AD Application allow OAuth2.0 implicit flow tokens? Defaults to false.
oauth2_permissions List[ApplicationOauth2Permission]: A collection of OAuth 2.0 permission scopes that the web API (resource) app exposes to client apps. Each permission is covered by oauth2_permissions blocks as documented below.
object_id str: The Application’s Object ID.
optional_claims Dict[ApplicationOptionalClaims]: A collection of access_token or id_token blocks as documented below which list the optional claims configured for each token type. For more information see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
owners List[str]: A list of Azure AD Object IDs that will be granted ownership of the application. Defaults to the Object ID of the caller creating the application. If a list is specified the caller Object ID will no longer be included unless explicitly added to the list.
public_client bool: Is this Azure AD Application a public client? Defaults to false.
reply_urls List[str]: A list of URLs that user tokens are sent to for sign in, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to.
required_resource_accesses List[ApplicationRequiredResourceAccess]: A collection of required_resource_access blocks as documented below.
type str: Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.

Supporting Types

ApplicationAppRole

See the input and output API doc for this type.

AllowedMemberTypes List<string>: Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in daemon service scenarios) by setting to Application, or to both.
Description string: Permission help text that appears in the admin app assignment and consent experiences.
DisplayName string: Display name for the permission that appears in the admin consent and app assignment experiences.
Id string: The unique identifier of the app_role.
IsEnabled bool: Determines if the permission is enabled: defaults to true.
Value string: The value of the scope claim that the resource application should expect in the OAuth 2.0 access token.

AllowedMemberTypes []string: Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in daemon service scenarios) by setting to Application, or to both.
Description string: Permission help text that appears in the admin app assignment and consent experiences.
DisplayName string: Display name for the permission that appears in the admin consent and app assignment experiences.
Id string: The unique identifier of the app_role.
IsEnabled bool: Determines if the permission is enabled: defaults to true.
Value string: The value of the scope claim that the resource application should expect in the OAuth 2.0 access token.

allowedMemberTypes string[]: Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in daemon service scenarios) by setting to Application, or to both.
description string: Permission help text that appears in the admin app assignment and consent experiences.
displayName string: Display name for the permission that appears in the admin consent and app assignment experiences.
id string: The unique identifier of the app_role.
isEnabled boolean: Determines if the permission is enabled: defaults to true.
value string: The value of the scope claim that the resource application should expect in the OAuth 2.0 access token.

allowedMemberTypes List[str]: Specifies whether this app role definition can be assigned to users and groups by setting to User, or to other applications (that are accessing this application in daemon service scenarios) by setting to Application, or to both.
description str: Permission help text that appears in the admin app assignment and consent experiences.
display_name str: Display name for the permission that appears in the admin consent and app assignment experiences.
id str: The unique identifier of the app_role.
isEnabled bool: Determines if the permission is enabled: defaults to true.
value str: The value of the scope claim that the resource application should expect in the OAuth 2.0 access token.

ApplicationOauth2Permission

See the input and output API doc for this type.

AdminConsentDescription string: Permission help text that appears in the admin consent and app assignment experiences.
AdminConsentDisplayName string: Display name for the permission that appears in the admin consent and app assignment experiences.
Id string: The unique identifier for one of the OAuth2Permission or AppRole instances that the resource application exposes.
IsEnabled bool: Determines if the app role is enabled: Defaults to true.
Type string: Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.
UserConsentDescription string: Permission help text that appears in the end user consent experience.
UserConsentDisplayName string: Display name for the permission that appears in the end user consent experience.
Value string: Specifies the value of the roles claim that the application should expect in the authentication and access tokens.

AdminConsentDescription string: Permission help text that appears in the admin consent and app assignment experiences.
AdminConsentDisplayName string: Display name for the permission that appears in the admin consent and app assignment experiences.
Id string: The unique identifier for one of the OAuth2Permission or AppRole instances that the resource application exposes.
IsEnabled bool: Determines if the app role is enabled: Defaults to true.
Type string: Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.
UserConsentDescription string: Permission help text that appears in the end user consent experience.
UserConsentDisplayName string: Display name for the permission that appears in the end user consent experience.
Value string: Specifies the value of the roles claim that the application should expect in the authentication and access tokens.

adminConsentDescription string: Permission help text that appears in the admin consent and app assignment experiences.
adminConsentDisplayName string: Display name for the permission that appears in the admin consent and app assignment experiences.
id string: The unique identifier for one of the OAuth2Permission or AppRole instances that the resource application exposes.
isEnabled boolean: Determines if the app role is enabled: Defaults to true.
type string: Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.
userConsentDescription string: Permission help text that appears in the end user consent experience.
userConsentDisplayName string: Display name for the permission that appears in the end user consent experience.
value string: Specifies the value of the roles claim that the application should expect in the authentication and access tokens.

adminConsentDescription str: Permission help text that appears in the admin consent and app assignment experiences.
adminConsentDisplayName str: Display name for the permission that appears in the admin consent and app assignment experiences.
id str: The unique identifier for one of the OAuth2Permission or AppRole instances that the resource application exposes.
isEnabled bool: Determines if the app role is enabled: Defaults to true.
type str: Type of an application: webapp/api or native. Defaults to webapp/api. For native apps type identifier_uris property can not not be set.
userConsentDescription str: Permission help text that appears in the end user consent experience.
userConsentDisplayName str: Display name for the permission that appears in the end user consent experience.
value str: Specifies the value of the roles claim that the application should expect in the authentication and access tokens.

ApplicationOptionalClaims

See the input and output API doc for this type.

AccessTokens List<Pulumi.AzureAD.Inputs.ApplicationOptionalClaimsAccessTokenArgs>
IdTokens List<Pulumi.AzureAD.Inputs.ApplicationOptionalClaimsIdTokenArgs>

AccessTokens []ApplicationOptionalClaimsAccessToken
IdTokens []ApplicationOptionalClaimsIdToken

accessTokens ApplicationOptionalClaimsAccessToken[]
idTokens ApplicationOptionalClaimsIdToken[]

accessTokens List[ApplicationOptionalClaimsAccessToken]
idTokens List[ApplicationOptionalClaimsIdToken]

ApplicationOptionalClaimsAccessToken

See the input and output API doc for this type.

Name string: The name of the optional claim.
AdditionalProperties List<string>: List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.
Essential bool: Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
Source string: The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.

Name string: The name of the optional claim.
AdditionalProperties []string: List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.
Essential bool: Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
Source string: The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.

name string: The name of the optional claim.
additionalProperties string[]: List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.
essential boolean: Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
source string: The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.

name str: The name of the optional claim.
additionalProperties List[str]: List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.
essential bool: Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
source str: The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.

ApplicationOptionalClaimsIdToken

See the input and output API doc for this type.

Name string: The display name for the application.
AdditionalProperties List<string>: List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.
Essential bool: Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
Source string: The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.

Name string: The display name for the application.
AdditionalProperties []string: List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.
Essential bool: Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
Source string: The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.

name string: The display name for the application.
additionalProperties string[]: List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.
essential boolean: Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
source string: The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.

name str: The display name for the application.
additionalProperties List[str]: List of Additional Properties of the claim. If a property exists in this list, it modifies the behaviour of the optional claim.
essential bool: Whether the claim specified by the client is necessary to ensure a smooth authorization experience.
source str: The source of the claim. If source is absent, the claim is a predefined optional claim. If source is user, the value of name is the extension property from the user object.

ApplicationRequiredResourceAccess

See the input and output API doc for this type.

ResourceAccesses List<Pulumi.AzureAD.Inputs.ApplicationRequiredResourceAccessResourceAccessArgs>: A collection of resource_access blocks as documented below.
ResourceAppId string: The unique identifier for the resource that the application requires access to. This should be equal to the appId declared on the target resource application.

ResourceAccesses []ApplicationRequiredResourceAccessResourceAccess: A collection of resource_access blocks as documented below.
ResourceAppId string: The unique identifier for the resource that the application requires access to. This should be equal to the appId declared on the target resource application.

resourceAccesses ApplicationRequiredResourceAccessResourceAccess[]: A collection of resource_access blocks as documented below.
resourceAppId string: The unique identifier for the resource that the application requires access to. This should be equal to the appId declared on the target resource application.

resourceAccesses List[ApplicationRequiredResourceAccessResourceAccess]: A collection of resource_access blocks as documented below.
resourceAppId str: The unique identifier for the resource that the application requires access to. This should be equal to the appId declared on the target resource application.

ApplicationRequiredResourceAccessResourceAccess

See the input and output API doc for this type.

Id string: The unique identifier for one of the OAuth2Permission or AppRole instances that the resource application exposes.
Type string: Specifies whether the id property references an OAuth2Permission or an AppRole. Possible values are Scope or Role.

Id string: The unique identifier for one of the OAuth2Permission or AppRole instances that the resource application exposes.
Type string: Specifies whether the id property references an OAuth2Permission or an AppRole. Possible values are Scope or Role.

id string: The unique identifier for one of the OAuth2Permission or AppRole instances that the resource application exposes.
type string: Specifies whether the id property references an OAuth2Permission or an AppRole. Possible values are Scope or Role.

id str: The unique identifier for one of the OAuth2Permission or AppRole instances that the resource application exposes.
type str: Specifies whether the id property references an OAuth2Permission or an AppRole. Possible values are Scope or Role.

Package Details

Repository: https://github.com/pulumi/pulumi-azuread
License: Apache-2.0
Notes: This Pulumi package is based on the azuread Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

Application

Create a Application Resource

Application Resource Properties

Inputs

Outputs

Look up an Existing Application Resource

Supporting Types

ApplicationAppRole

ApplicationOauth2Permission

ApplicationOptionalClaims

ApplicationOptionalClaimsAccessToken

ApplicationOptionalClaimsIdToken

ApplicationRequiredResourceAccess

ApplicationRequiredResourceAccessResourceAccess

Package Details

On This Page