Class GoogleIdentityProvider

Inheritance

System.Object

Resource

CustomResource

GoogleIdentityProvider

Inherited Members

CustomResource.Id

Resource.GetResourceType()

Resource.GetResourceName()

Resource.Urn

System.Object.Equals(System.Object)

System.Object.Equals(System.Object, System.Object)

System.Object.GetHashCode()

System.Object.GetType()

System.Object.MemberwiseClone()

System.Object.ReferenceEquals(System.Object, System.Object)

System.Object.ToString()

Namespace: Pulumi.Keycloak.Oidc

Assembly: Pulumi.Keycloak.dll

Syntax

public class GoogleIdentityProvider : CustomResource

Constructors

View Source

GoogleIdentityProvider(String, GoogleIdentityProviderArgs, CustomResourceOptions)

Create a GoogleIdentityProvider resource with the given unique name, arguments, and options.

Declaration

public GoogleIdentityProvider(string name, GoogleIdentityProviderArgs args, CustomResourceOptions options = null)

Parameters

Type	Name	Description
System.String	name	The unique name of the resource
GoogleIdentityProviderArgs	args	The arguments used to populate this resource's properties
CustomResourceOptions	options	A bag of options that control this resource's behavior

Properties

View Source

AcceptsPromptNoneForwardFromClient

This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.

Declaration

public Output<bool?> AcceptsPromptNoneForwardFromClient { get; }

Property Value

Type	Description
Output<System.Nullable<System.Boolean>>

View Source

AddReadTokenRoleOnCreate

Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.

Declaration

public Output<bool?> AddReadTokenRoleOnCreate { get; }

Property Value

Type	Description
Output<System.Nullable<System.Boolean>>

View Source

Alias

The alias uniquely identifies an identity provider and it is also used to build the redirect uri. In case of google this is computed and always google

Declaration

public Output<string> Alias { get; }

Property Value

Type	Description
Output<System.String>

View Source

AuthenticateByDefault

Enable/disable authenticate users by default.

Declaration

public Output<bool?> AuthenticateByDefault { get; }

Property Value

Type	Description
Output<System.Nullable<System.Boolean>>

View Source

ClientId

Client ID.

Declaration

public Output<string> ClientId { get; }

Property Value

Type	Description
Output<System.String>

View Source

ClientSecret

Client Secret.

Declaration

public Output<string> ClientSecret { get; }

Property Value

Type	Description
Output<System.String>

View Source

DefaultScopes

The scopes to be sent when asking for authorization. See the documentation for possible values, separator and default value'. Default: 'openid profile email'

Declaration

public Output<string> DefaultScopes { get; }

Property Value

Type	Description
Output<System.String>

View Source

DisableUserInfo

Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service.

Declaration

public Output<bool?> DisableUserInfo { get; }

Property Value

Type	Description
Output<System.Nullable<System.Boolean>>

View Source

DisplayName

Not used by this provider, Will be implicitly Google

Declaration

public Output<string> DisplayName { get; }

Property Value

Type	Description
Output<System.String>

View Source

Enabled

Enable/disable this identity provider.

Declaration

public Output<bool?> Enabled { get; }

Property Value

Type	Description
Output<System.Nullable<System.Boolean>>

View Source

ExtraConfig

Declaration

public Output<ImmutableDictionary<string, object>> ExtraConfig { get; }

Property Value

Type	Description
Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>>

View Source

FirstBrokerLoginFlowAlias

Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account.

Declaration

public Output<string> FirstBrokerLoginFlowAlias { get; }

Property Value

Type	Description
Output<System.String>

View Source

HideOnLoginPage

Hide On Login Page.

Declaration

public Output<bool?> HideOnLoginPage { get; }

Property Value

Type	Description
Output<System.Nullable<System.Boolean>>

View Source

HostedDomain

Set 'hd' query parameter when logging in with Google. Google will list accounts only for this domain. Keycloak validates that the returned identity token has a claim for this domain. When '*' is entered, any hosted account can be used.

Declaration

public Output<string> HostedDomain { get; }

Property Value

Type	Description
Output<System.String>

View Source

InternalId

Internal Identity Provider Id

Declaration

public Output<string> InternalId { get; }

Property Value

Type	Description
Output<System.String>

View Source

LinkOnly

If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider

Declaration

public Output<bool?> LinkOnly { get; }

Property Value

Type	Description
Output<System.Nullable<System.Boolean>>

View Source

PostBrokerLoginFlowAlias

Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.

Declaration

public Output<string> PostBrokerLoginFlowAlias { get; }

Property Value

Type	Description
Output<System.String>

View Source

ProviderId

provider id, is always google, unless you have a extended custom implementation

Declaration

public Output<string> ProviderId { get; }

Property Value

Type	Description
Output<System.String>

View Source

Realm

Realm Name

Declaration

public Output<string> Realm { get; }

Property Value

Type	Description
Output<System.String>

View Source

RequestRefreshToken

Set 'access_type' query parameter to 'offline' when redirecting to google authorization endpoint, to get a refresh token back. Useful if planning to use Token Exchange to retrieve Google token to access Google APIs when the user is not at the browser.

Declaration

public Output<bool?> RequestRefreshToken { get; }

Property Value

Type	Description
Output<System.Nullable<System.Boolean>>

View Source

StoreToken

Enable/disable if tokens must be stored after authenticating users.

Declaration

public Output<bool?> StoreToken { get; }

Property Value

Type	Description
Output<System.Nullable<System.Boolean>>

View Source

TrustEmail

If enabled then email provided by this provider is not verified even if verification is enabled for the realm.

Declaration

public Output<bool?> TrustEmail { get; }

Property Value

Type	Description
Output<System.Nullable<System.Boolean>>

View Source

UseUserIpParam

Set 'userIp' query parameter when invoking on Google's User Info service. This will use the user's ip address. Useful if Google is throttling access to the User Info service.

Declaration

public Output<bool?> UseUserIpParam { get; }

Property Value

Type	Description
Output<System.Nullable<System.Boolean>>

Methods

View Source

Get(String, Input<String>, GoogleIdentityProviderState, CustomResourceOptions)

Get an existing GoogleIdentityProvider resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration

public static GoogleIdentityProvider Get(string name, Input<string> id, GoogleIdentityProviderState state = null, CustomResourceOptions options = null)

Parameters

Type	Name	Description
System.String	name	The unique name of the resulting resource.
Input<System.String>	id	The unique provider ID of the resource to lookup.
GoogleIdentityProviderState	state	Any extra arguments used during the lookup.
CustomResourceOptions	options	A bag of options that control this resource's behavior

Returns

Type	Description
GoogleIdentityProvider