Class UserAttributeProtocolMapper

# keycloak.openid.UserAttributeProtocolMapper

Allows for creating and managing user attribute protocol mappers within Keycloak.

User attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to a claim in a token. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

Example Usage (Client)

using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
public MyStack()
{
    var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
    {
        Enabled = true,
        Realm = "my-realm",
    });
    var openidClient = new Keycloak.OpenId.Client("openidClient", new Keycloak.OpenId.ClientArgs
    {
        AccessType = "CONFIDENTIAL",
        ClientId = "test-client",
        Enabled = true,
        RealmId = realm.Id,
        ValidRedirectUris = 
        {
            "http://localhost:8080/openid-callback",
        },
    });
    var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper("userAttributeMapper", new Keycloak.OpenId.UserAttributeProtocolMapperArgs
    {
        ClaimName = "bar",
        ClientId = openidClient.Id,
        RealmId = realm.Id,
        UserAttribute = "foo",
    });
}

}

Example Usage (Client Scope)

using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
public MyStack()
{
    var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
    {
        Enabled = true,
        Realm = "my-realm",
    });
    var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new Keycloak.OpenId.ClientScopeArgs
    {
        RealmId = realm.Id,
    });
    var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper("userAttributeMapper", new Keycloak.OpenId.UserAttributeProtocolMapperArgs
    {
        ClaimName = "bar",
        ClientScopeId = clientScope.Id,
        RealmId = realm.Id,
        UserAttribute = "foo",
    });
}

}

Argument Reference

The following arguments are supported:

  • realm_id - (Required) The realm this protocol mapper exists within.
  • client_id - (Required if client_scope_id is not specified) The client this protocol mapper is attached to.
  • client_scope_id - (Required if client_id is not specified) The client scope this protocol mapper is attached to.
  • name - (Required) The display name of this protocol mapper in the GUI.
  • user_attribute - (Required) The custom user attribute to map a claim for.
  • claim_name - (Required) The name of the claim to insert into a token.
  • claim_value_type - (Optional) The claim type used when serializing JSON tokens. Can be one of String, long, int, or boolean. Defaults to String.
  • multivalued - (Optional) Indicates whether this attribute is a single value or an array of values. Defaults to false.
  • add_to_id_token - (Optional) Indicates if the attribute should be added as a claim to the id token. Defaults to true.
  • add_to_access_token - (Optional) Indicates if the attribute should be added as a claim to the access token. Defaults to true.
  • add_to_userinfo - (Optional) Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to true.
Inheritance
System.Object
Resource
CustomResource
UserAttributeProtocolMapper
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Keycloak.OpenId
Assembly: Pulumi.Keycloak.dll
Syntax
public class UserAttributeProtocolMapper : CustomResource

Constructors

View Source

UserAttributeProtocolMapper(String, UserAttributeProtocolMapperArgs, CustomResourceOptions)

Create a UserAttributeProtocolMapper resource with the given unique name, arguments, and options.

Declaration
public UserAttributeProtocolMapper(string name, UserAttributeProtocolMapperArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
UserAttributeProtocolMapperArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

AddToAccessToken

Indicates if the attribute should be a claim in the access token.

Declaration
public Output<bool?> AddToAccessToken { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

AddToIdToken

Indicates if the attribute should be a claim in the id token.

Declaration
public Output<bool?> AddToIdToken { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

AddToUserinfo

Indicates if the attribute should appear in the userinfo response body.

Declaration
public Output<bool?> AddToUserinfo { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

ClaimName

Declaration
public Output<string> ClaimName { get; }
Property Value
Type Description
Output<System.String>
View Source

ClaimValueType

Claim type used when serializing tokens.

Declaration
public Output<string> ClaimValueType { get; }
Property Value
Type Description
Output<System.String>
View Source

ClientId

The mapper's associated client. Cannot be used at the same time as client_scope_id.

Declaration
public Output<string> ClientId { get; }
Property Value
Type Description
Output<System.String>
View Source

ClientScopeId

The mapper's associated client scope. Cannot be used at the same time as client_id.

Declaration
public Output<string> ClientScopeId { get; }
Property Value
Type Description
Output<System.String>
View Source

Multivalued

Indicates whether this attribute is a single value or an array of values.

Declaration
public Output<bool?> Multivalued { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

Name

A human-friendly name that will appear in the Keycloak console.

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

RealmId

The realm id where the associated client or client scope exists.

Declaration
public Output<string> RealmId { get; }
Property Value
Type Description
Output<System.String>
View Source

UserAttribute

Declaration
public Output<string> UserAttribute { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, UserAttributeProtocolMapperState, CustomResourceOptions)

Get an existing UserAttributeProtocolMapper resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static UserAttributeProtocolMapper Get(string name, Input<string> id, UserAttributeProtocolMapperState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
UserAttributeProtocolMapperState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
UserAttributeProtocolMapper