1. Docs
2. Reference
3. API
4. @pulumi/auth0

Package @pulumi/auth0

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-auth0 repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-auth0 repo.

var auth0 = require("@pulumi/auth0");

import * as auth0 from "@pulumi/auth0";

Modules

• config
• types

Resources

• Client
• ClientGrant
• Connection
• CustomDomain
• Email
• EmailTemplate
• GlobalClient
• Hook
• Prompt
• Provider
• ResourceServer
• Role
• Rule
• RuleConfig
• Tenant
• User

Others

• ClientArgs
• ClientGrantArgs
• ClientGrantState
• ClientState
• ConnectionArgs
• ConnectionState
• CustomDomainArgs
• CustomDomainState
• EmailArgs
• EmailState
• EmailTemplateArgs
• EmailTemplateState
• getEnv
• getEnvBoolean
• getEnvNumber
• getVersion
• GlobalClientArgs
• GlobalClientState
• HookArgs
• HookState
• PromptArgs
• PromptState
• ProviderArgs
• ResourceServerArgs
• ResourceServerState
• RoleArgs
• RoleState
• RuleArgs
• RuleConfigArgs
• RuleConfigState
• RuleState
• TenantArgs
• TenantState
• UserArgs
• UserState

Resources

Resource Client

class Client extends CustomResource

With this resource, you can set up applications that use Auth0 for authentication and configure allowed callback URLs and secrets for these applications. Depending on your plan, you may also configure add-ons to allow your application to call another application’s API (such as Firebase and AWS) on behalf of an authenticated user.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myClient = new auth0.Client("myClient", {
    addons: {
        firebase: {
            client_email: "john.doe@example.com",
            lifetime_in_seconds: 1,
            private_key: "wer",
            private_key_id: "qwreerwerwe",
        },
        samlp: {
            audience: "https://example.com/saml",
            createUpnClaim: false,
            mapIdentities: false,
            mapUnknownClaimsAsIs: false,
            mappings: {
                email: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
                name: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
            },
            nameIdentifierFormat: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
            nameIdentifierProbes: ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"],
            passthroughClaimsWithNoMapping: false,
        },
    },
    allowedLogoutUrls: ["https://example.com"],
    allowedOrigins: ["https://example.com"],
    appType: "nonInteractive",
    callbacks: ["https://example.com/callback"],
    clientMetadata: {
        foo: "zoo",
    },
    customLoginPageOn: true,
    description: "Test Applications Long Description",
    grantTypes: [
        "authorizationCode",
        "http://auth0.com/oauth/grant-type/password-realm",
        "implicit",
        "password",
        "refreshToken",
    ],
    isFirstParty: true,
    isTokenEndpointIpHeaderTrusted: true,
    jwtConfiguration: {
        alg: "RS256",
        lifetimeInSeconds: 300,
        scopes: {
            foo: "bar",
        },
        secretEncoded: true,
    },
    mobile: {
        ios: {
            appBundleIdentifier: "com.my.bundle.id",
            teamId: "9JA89QQLNQ",
        },
    },
    oidcConformant: false,
    tokenEndpointAuthMethod: "clientSecretPost",
    webOrigins: ["https://example.com"],
});

constructor

new Client(name: string, args?: ClientArgs, opts?: pulumi.CustomResourceOptions)

Create a Client resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientState, opts?: pulumi.CustomResourceOptions): Client

Get an existing Client resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Client

Returns true if the given object is an instance of Client. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property addons

public addons: pulumi.Output<ClientAddons | undefined>;

List(Resource). Configuration settings for add-ons for this client. For details, see Add-ons.

property allowedLogoutUrls

public allowedLogoutUrls: pulumi.Output<string[] | undefined>;

List(String). URLs that Auth0 may redirect to after logout.

property allowedOrigins

public allowedOrigins: pulumi.Output<string[] | undefined>;

List(String). URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.

property appType

public appType: pulumi.Output<string | undefined>;

String. Type of application the client represents. Options include native, spa, regularWeb, nonInteractive, rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.

property callbacks

public callbacks: pulumi.Output<string[] | undefined>;

List(String). URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.

property clientId

public clientId: pulumi.Output<string>;

String. ID of the client.

property clientMetadata

public clientMetadata: pulumi.Output<{[key: string]: any} | undefined>;

Map(String)

property clientSecret

public clientSecret: pulumi.Output<string>;

String. Secret for the client; keep this private.

property clientSecretRotationTrigger

public clientSecretRotationTrigger: pulumi.Output<{[key: string]: any} | undefined>;

Map.

property crossOriginAuth

public crossOriginAuth: pulumi.Output<boolean | undefined>;

Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests.

property crossOriginLoc

public crossOriginLoc: pulumi.Output<string | undefined>;

String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page.

property customLoginPage

public customLoginPage: pulumi.Output<string | undefined>;

String. Content of the custom login page.

property customLoginPageOn

public customLoginPageOn: pulumi.Output<boolean>;

Boolean. Indicates whether or not a custom login page is to be used.

property customLoginPagePreview

public customLoginPagePreview: pulumi.Output<string | undefined>;

String.

property description

public description: pulumi.Output<string>;

String, (Max length = 140 characters). Description of the purpose of the client.

property encryptionKey

public encryptionKey: pulumi.Output<{[key: string]: string} | undefined>;

Map(String).

property formTemplate

public formTemplate: pulumi.Output<string | undefined>;

String. Form template for WS-Federation protocol.

property grantTypes

public grantTypes: pulumi.Output<string[]>;

List(String). Types of grants that this client is authorized to use.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property initiateLoginUri

public initiateLoginUri: pulumi.Output<string | undefined>;

property isFirstParty

public isFirstParty: pulumi.Output<boolean>;

Boolean. Indicates whether or not this client is a first-party client.

property isTokenEndpointIpHeaderTrusted

public isTokenEndpointIpHeaderTrusted: pulumi.Output<boolean>;

Boolean. Indicates whether or not the token endpoint IP header is trusted.

property jwtConfiguration

public jwtConfiguration: pulumi.Output<ClientJwtConfiguration>;

List(Resource). Configuration settings for the JWTs issued for this client. For details, see JWT Configuration.

property logoUri

public logoUri: pulumi.Output<string | undefined>;

String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.

property mobile

public mobile: pulumi.Output<ClientMobile | undefined>;

List(Resource). Configuration settings for mobile native applications. For details, see Mobile.

property name

public name: pulumi.Output<string>;

String. Name of the client.

property oidcConformant

public oidcConformant: pulumi.Output<boolean>;

Boolean. Indicates whether or not this client will conform to strict OIDC specifications.

property sso

public sso: pulumi.Output<boolean | undefined>;

Boolean. Indicates whether or not the client should use Auth0 rather than the IdP to perform Single Sign-On (SSO). True = Use Auth0.

property ssoDisabled

public ssoDisabled: pulumi.Output<boolean | undefined>;

Boolean. Indicates whether or not SSO is disabled.

property tokenEndpointAuthMethod

public tokenEndpointAuthMethod: pulumi.Output<string>;

String. Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), clientSecretPost (client uses HTTP POST parameters), clientSecretBasic (client uses HTTP Basic).

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property webOrigins

public webOrigins: pulumi.Output<string[] | undefined>;

List(String). URLs that represent valid web origins for use with web message response mode.

Resource ClientGrant

class ClientGrant extends CustomResource

Auth0 uses various grant types, or methods by which you grant limited access to your resources to another entity without exposing credentials. The OAuth 2.0 protocol supports several types of grants, which allow different types of access. This resource allows you to create and manage client grants used with configured Auth0 clients.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myClient = new auth0.Client("myClient", {});
const myResourceServer = new auth0.ResourceServer("myResourceServer", {
    identifier: "https://api.example.com/client-grant",
    scopes: [
        {
            description: "Create foos",
            value: "create:foo",
        },
        {
            description: "Create bars",
            value: "create:bar",
        },
    ],
});
const myClientGrant = new auth0.ClientGrant("myClientGrant", {
    audience: myResourceServer.identifier,
    clientId: myClient.id,
    scopes: ["create:foo"],
});

constructor

new ClientGrant(name: string, args: ClientGrantArgs, opts?: pulumi.CustomResourceOptions)

Create a ClientGrant resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientGrantState, opts?: pulumi.CustomResourceOptions): ClientGrant

Get an existing ClientGrant resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ClientGrant

Returns true if the given object is an instance of ClientGrant. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property audience

public audience: pulumi.Output<string>;

String. Audience or API Identifier for this grant.

property clientId

public clientId: pulumi.Output<string>;

String. ID of the client for this grant.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property scopes

public scopes: pulumi.Output<string[]>;

List(String). Permissions (scopes) included in this grant.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Connection

class Connection extends CustomResource

With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers (such as Google or LinkedIn), databases, or passwordless authentication methods. This resource allows you to configure and manage connections to be used with your clients and users.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myConnection = new auth0.Connection("myConnection", {
    options: {
        bruteForceProtection: true,
        configuration: {
            bar: "baz",
            foo: "bar",
        },
        customScripts: {
            get_user: `function getByEmail (email, callback) {
  return callback(new Error("Whoops!"))
}
`,
        },
        enabledDatabaseCustomization: true,
        passwordHistories: [{
            enable: true,
            size: 3,
        }],
        passwordPolicy: "excellent",
    },
    strategy: "auth0",
});
const myWaadConnection = new auth0.Connection("myWaadConnection", {
    options: {
        apiEnableUsers: true,
        appDomain: "my-auth0-app.eu.auth0.com",
        basicProfile: true,
        clientId: "1234",
        clientSecret: "1234",
        domainAliases: ["example.io"],
        extGroups: true,
        extProfile: true,
        tenantDomain: "exmaple.onmicrosoft.com",
        useWsfed: false,
        waadCommonEndpoint: false,
        waadProtocol: "openid-connect",
    },
    strategy: "waad",
});

constructor

new Connection(name: string, args: ConnectionArgs, opts?: pulumi.CustomResourceOptions)

Create a Connection resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ConnectionState, opts?: pulumi.CustomResourceOptions): Connection

Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Connection

Returns true if the given object is an instance of Connection. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property displayName

public displayName: pulumi.Output<string | undefined>;

Name used in login screen

property enabledClients

public enabledClients: pulumi.Output<string[]>;

Set(String). IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property isDomainConnection

public isDomainConnection: pulumi.Output<boolean>;

Boolean. Indicates whether or not the connection is domain level.

property name

public name: pulumi.Output<string>;

String. Name of the connection.

property options

public options: pulumi.Output<ConnectionOptions | undefined>;

List(Resource). Configuration settings for connection options. For details, see Options.

property realms

public realms: pulumi.Output<string[]>;

List(String). Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

property strategy

public strategy: pulumi.Output<string>;

String. Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

property strategyVersion

public strategyVersion: pulumi.Output<string>;

Int. Version 1 is deprecated, use version 2.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource CustomDomain

class CustomDomain extends CustomResource

With Auth0, you can use a custom domain to maintain a consistent user experience. This resource allows you to create and manage a custom domain within your Auth0 tenant.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myCustomDomain = new auth0.CustomDomain("myCustomDomain", {
    domain: "auth.example.com",
    type: "auth0ManagedCerts",
    verificationMethod: "txt",
});

constructor

new CustomDomain(name: string, args: CustomDomainArgs, opts?: pulumi.CustomResourceOptions)

Create a CustomDomain resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CustomDomainState, opts?: pulumi.CustomResourceOptions): CustomDomain

Get an existing CustomDomain resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is CustomDomain

Returns true if the given object is an instance of CustomDomain. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property domain

public domain: pulumi.Output<string>;

String. Name of the custom domain.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property primary

public primary: pulumi.Output<boolean>;

Boolean. Indicates whether or not this is a primary domain.

property status

public status: pulumi.Output<string>;

String. Configuration status for the custom domain. Options include disabled, pending, pendingVerification, and ready.

property type

public type: pulumi.Output<string>;

String. Provisioning type for the custom domain. Options include auth0ManagedCerts and selfManagedCerts.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property verification

public verification: pulumi.Output<CustomDomainVerification>;

List(Resource). Configuration settings for verification. For details, see Verification.

property verificationMethod

public verificationMethod: pulumi.Output<string>;

String. Domain verification method. Options include txt.

Resource Email

class Email extends CustomResource

With Auth0, you can have standard welcome, password reset, and account verification email-based workflows built right into Auth0. This resource allows you to configure email providers so you can route all emails that are part of Auth0’s authentication workflows through the supported high-volume email service of your choice.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myEmailProvider = new auth0.Email("myEmailProvider", {
    credentials: {
        accessKeyId: "AKIAXXXXXXXXXXXXXXXX",
        region: "us-east-1",
        secretAccessKey: "7e8c2148xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    },
    defaultFromAddress: "accounts@example.com",
    enabled: true,
});

constructor

new Email(name: string, args: EmailArgs, opts?: pulumi.CustomResourceOptions)

Create a Email resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: EmailState, opts?: pulumi.CustomResourceOptions): Email

Get an existing Email resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Email

Returns true if the given object is an instance of Email. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property credentials

public credentials: pulumi.Output<EmailCredentials>;

List(Resource). Configuration settings for the credentials for the email provider. For details, see Credentials.

property defaultFromAddress

public defaultFromAddress: pulumi.Output<string>;

String. Email address to use as the sender when no other “from” address is specified.

property enabled

public enabled: pulumi.Output<boolean | undefined>;

Boolean. Indicates whether or not the email provider is enabled.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

String. Name of the email provider. Options include mailgun, mandrill, sendgrid, ses, smtp, and sparkpost.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource EmailTemplate

class EmailTemplate extends CustomResource

With Auth0, you can have standard welcome, password reset, and account verification email-based workflows built right into Auth0. This resource allows you to configure email templates to customize the look, feel, and sender identities of emails sent by Auth0. Used in conjunction with configured email providers.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myEmailProvider = new auth0.Email("myEmailProvider", {
    enabled: true,
    defaultFromAddress: "accounts@example.com",
    credentials: {
        accessKeyId: "AKIAXXXXXXXXXXXXXXXX",
        secretAccessKey: "7e8c2148xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
        region: "us-east-1",
    },
});
const myEmailTemplate = new auth0.EmailTemplate("myEmailTemplate", {
    template: "welcomeEmail",
    body: "<html><body><h1>Welcome!</h1></body></html>",
    from: "welcome@example.com",
    resultUrl: "https://example.com/welcome",
    subject: "Welcome",
    syntax: "liquid",
    urlLifetimeInSeconds: 3600,
    enabled: true,
});

constructor

new EmailTemplate(name: string, args: EmailTemplateArgs, opts?: pulumi.CustomResourceOptions)

Create a EmailTemplate resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: EmailTemplateState, opts?: pulumi.CustomResourceOptions): EmailTemplate

Get an existing EmailTemplate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is EmailTemplate

Returns true if the given object is an instance of EmailTemplate. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property body

public body: pulumi.Output<string>;

String. Body of the email template. You can include common variables.

property enabled

public enabled: pulumi.Output<boolean>;

Boolean. Indicates whether or not the template is enabled.

property from

public from: pulumi.Output<string>;

String. Email address to use as the sender. You can include common variables.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property resultUrl

public resultUrl: pulumi.Output<string | undefined>;

String. URL to redirect the user to after a successful action. Learn more.

property subject

public subject: pulumi.Output<string>;

String. Subject line of the email. You can include common variables.

property syntax

public syntax: pulumi.Output<string>;

String. Syntax of the template body. You can use either text or HTML + Liquid syntax.

property template

public template: pulumi.Output<string>;

String. Template name. Options include verifyEmail, resetEmail, welcomeEmail, blockedAccount, stolenCredentials, enrollmentEmail, mfaOobCode, changePassword (legacy), and passwordReset (legacy).

property urlLifetimeInSeconds

public urlLifetimeInSeconds: pulumi.Output<number | undefined>;

Integer. Number of seconds during which the link within the email will be valid.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource GlobalClient

class GlobalClient extends CustomResource

constructor

new GlobalClient(name: string, args?: GlobalClientArgs, opts?: pulumi.CustomResourceOptions)

Create a GlobalClient resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GlobalClientState, opts?: pulumi.CustomResourceOptions): GlobalClient

Get an existing GlobalClient resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is GlobalClient

Returns true if the given object is an instance of GlobalClient. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property addons

public addons: pulumi.Output<GlobalClientAddons | undefined>;

property allowedLogoutUrls

public allowedLogoutUrls: pulumi.Output<string[] | undefined>;

property allowedOrigins

public allowedOrigins: pulumi.Output<string[] | undefined>;

property appType

public appType: pulumi.Output<string | undefined>;

property callbacks

public callbacks: pulumi.Output<string[] | undefined>;

property clientId

public clientId: pulumi.Output<string>;

property clientMetadata

public clientMetadata: pulumi.Output<{[key: string]: any} | undefined>;

property clientSecret

public clientSecret: pulumi.Output<string>;

property clientSecretRotationTrigger

public clientSecretRotationTrigger: pulumi.Output<{[key: string]: any} | undefined>;

property crossOriginAuth

public crossOriginAuth: pulumi.Output<boolean | undefined>;

property crossOriginLoc

public crossOriginLoc: pulumi.Output<string | undefined>;

property customLoginPage

public customLoginPage: pulumi.Output<string | undefined>;

property customLoginPageOn

public customLoginPageOn: pulumi.Output<boolean>;

property customLoginPagePreview

public customLoginPagePreview: pulumi.Output<string | undefined>;

property description

public description: pulumi.Output<string | undefined>;

property encryptionKey

public encryptionKey: pulumi.Output<{[key: string]: string} | undefined>;

property formTemplate

public formTemplate: pulumi.Output<string | undefined>;

property grantTypes

public grantTypes: pulumi.Output<string[]>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property initiateLoginUri

public initiateLoginUri: pulumi.Output<string | undefined>;

property isFirstParty

public isFirstParty: pulumi.Output<boolean>;

property isTokenEndpointIpHeaderTrusted

public isTokenEndpointIpHeaderTrusted: pulumi.Output<boolean>;

property jwtConfiguration

public jwtConfiguration: pulumi.Output<GlobalClientJwtConfiguration>;

property logoUri

public logoUri: pulumi.Output<string | undefined>;

property mobile

public mobile: pulumi.Output<GlobalClientMobile | undefined>;

property name

public name: pulumi.Output<string>;

property oidcConformant

public oidcConformant: pulumi.Output<boolean>;

property sso

public sso: pulumi.Output<boolean | undefined>;

property ssoDisabled

public ssoDisabled: pulumi.Output<boolean | undefined>;

property tokenEndpointAuthMethod

public tokenEndpointAuthMethod: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property webOrigins

public webOrigins: pulumi.Output<string[] | undefined>;

Resource Hook

class Hook extends CustomResource

Hooks are secure, self-contained functions that allow you to customize the behavior of Auth0 when executed for selected extensibility points of the Auth0 platform. Auth0 invokes Hooks during runtime to execute your custom Node.js code.

Depending on the extensibility point, you can use Hooks with Database Connections and/or Passwordless Connections.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myHook = new auth0.Hook("myHook", {
    enabled: true,
    script: `function (user, context, callback) {
  callback(null, { user });
}
`,
    triggerId: "pre-user-registration",
});

constructor

new Hook(name: string, args: HookArgs, opts?: pulumi.CustomResourceOptions)

Create a Hook resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: HookState, opts?: pulumi.CustomResourceOptions): Hook

Get an existing Hook resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Hook

Returns true if the given object is an instance of Hook. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property enabled

public enabled: pulumi.Output<boolean | undefined>;

Whether the hook is enabled, or disabled

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

Name of this hook

property script

public script: pulumi.Output<string>;

Code to be executed when this hook runs

property triggerId

public triggerId: pulumi.Output<string>;

Execution stage of this rule. Can be credentials-exchange, pre-user-registration, post-user-registration, post-change-password, or send-phone-message

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Prompt

class Prompt extends CustomResource

With this resource, you can manage your Auth0 prompts, including choosing the login experience version.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const example = new auth0.Prompt("example", {
    universalLoginExperience: "classic",
});

constructor

new Prompt(name: string, args?: PromptArgs, opts?: pulumi.CustomResourceOptions)

Create a Prompt resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PromptState, opts?: pulumi.CustomResourceOptions): Prompt

Get an existing Prompt resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Prompt

Returns true if the given object is an instance of Prompt. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property universalLoginExperience

public universalLoginExperience: pulumi.Output<string | undefined>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Provider

class Provider extends ProviderResource

The provider type for the auth0 package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.

constructor

new Provider(name: string, args?: ProviderArgs, opts?: pulumi.ResourceOptions)

Create a Provider resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Provider

Returns true if the given object is an instance of Provider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method register

static register(provider: ProviderResource | undefined): Promise<string | undefined>

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ResourceServer

class ResourceServer extends CustomResource

With this resource, you can set up APIs that can be consumed from your authorized applications.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myResourceServer = new auth0.ResourceServer("myResourceServer", {
    allowOfflineAccess: true,
    identifier: "https://api.example.com",
    scopes: [
        {
            description: "Create foos",
            value: "create:foo",
        },
        {
            description: "Create bars",
            value: "create:bar",
        },
    ],
    signingAlg: "RS256",
    skipConsentForVerifiableFirstPartyClients: true,
    tokenLifetime: 8600,
});

constructor

new ResourceServer(name: string, args?: ResourceServerArgs, opts?: pulumi.CustomResourceOptions)

Create a ResourceServer resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ResourceServerState, opts?: pulumi.CustomResourceOptions): ResourceServer

Get an existing ResourceServer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ResourceServer

Returns true if the given object is an instance of ResourceServer. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allowOfflineAccess

public allowOfflineAccess: pulumi.Output<boolean | undefined>;

Boolean. Indicates whether or not refresh tokens can be issued for this resource server.

property enforcePolicies

public enforcePolicies: pulumi.Output<boolean | undefined>;

Boolean. Indicates whether or not authorization polices are enforced.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identifier

public identifier: pulumi.Output<string | undefined>;

String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.

property name

public name: pulumi.Output<string>;

String. Friendly name for the resource server. Cannot include < or > characters.

property options

public options: pulumi.Output<{[key: string]: string} | undefined>;

Map(String). Used to store additional metadata

property scopes

public scopes: pulumi.Output<ResourceServerScope[] | undefined>;

Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.

property signingAlg

public signingAlg: pulumi.Output<string>;

String. Algorithm used to sign JWTs. Options include HS256 and RS256.

property signingSecret

public signingSecret: pulumi.Output<string>;

String. Secret used to sign tokens when using symmetric algorithms (HS256).

property skipConsentForVerifiableFirstPartyClients

public skipConsentForVerifiableFirstPartyClients: pulumi.Output<boolean | undefined>;

Boolean. Indicates whether or not to skip user consent for applications flagged as first party.

property tokenDialect

public tokenDialect: pulumi.Output<string | undefined>;

String. Dialect of access tokens that should be issued for this resource server. Options include accessToken or accessTokenAuthz (includes permissions).

property tokenLifetime

public tokenLifetime: pulumi.Output<number>;

Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.

property tokenLifetimeForWeb

public tokenLifetimeForWeb: pulumi.Output<number>;

Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the tokenLifetime value.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property verificationLocation

public verificationLocation: pulumi.Output<string | undefined>;

String

Resource Role

class Role extends CustomResource

With this resource, you can created and manage collections of permissions that can be assigned to users, which are otherwise known as roles. Permissions (scopes) are created on auth0_resource_server, then associated with roles and optionally, users using this resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myResourceServer = new auth0.ResourceServer("myResourceServer", {
    enforcePolicies: true,
    identifier: "my-resource-server-identifier",
    scopes: [{
        description: "read something",
        value: "read:something",
    }],
    signingAlg: "RS256",
    skipConsentForVerifiableFirstPartyClients: true,
    tokenLifetime: 86400,
});
const myRole = new auth0.Role("myRole", {
    description: "Role Description...",
    permissions: [{
        name: "read:something",
        resourceServerIdentifier: myResourceServer.identifier,
    }],
});
const myUser = new auth0.User("myUser", {
    connectionName: "Username-Password-Authentication",
    email: "test@test.com",
    nickname: "testnick",
    password: "passpass$12$12",
    roles: [myRole.id],
    userId: "auth0|1234567890",
    username: "testnick",
});

constructor

new Role(name: string, args?: RoleArgs, opts?: pulumi.CustomResourceOptions)

Create a Role resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RoleState, opts?: pulumi.CustomResourceOptions): Role

Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Role

Returns true if the given object is an instance of Role. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string>;

String. Description of the role.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

String. Name for this role.

property permissions

public permissions: pulumi.Output<RolePermission[] | undefined>;

Set(Resource). Configuration settings for permissions (scopes) attached to the role. For details, see Permissions.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Rule

class Rule extends CustomResource

With Auth0, you can create custom Javascript snippets that run in a secure, isolated sandbox as part of your authentication pipeline, which are otherwise known as rules. This resource allows you to create and manage rules. You can create global variable for use with rules by using the auth0..RuleConfig resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myRule = new auth0.Rule("myRule", {
    enabled: true,
    script: `function (user, context, callback) {
  callback(null, user, context);
}
`,
});
const myRuleConfig = new auth0.RuleConfig("myRuleConfig", {
    key: "foo",
    value: "bar",
});

constructor

new Rule(name: string, args: RuleArgs, opts?: pulumi.CustomResourceOptions)

Create a Rule resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RuleState, opts?: pulumi.CustomResourceOptions): Rule

Get an existing Rule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Rule

Returns true if the given object is an instance of Rule. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property enabled

public enabled: pulumi.Output<boolean | undefined>;

Boolean. Indicates whether the rule is enabled.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

String. Name of the rule. May only contain alphanumeric characters, spaces, and hyphens. May neither start nor end with hyphens or spaces.

property order

public order: pulumi.Output<number>;

Integer. Order in which the rule executes relative to other rules. Lower-valued rules execute first.

property script

public script: pulumi.Output<string>;

String. Code to be executed when the rule runs.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource RuleConfig

class RuleConfig extends CustomResource

With Auth0, you can create custom Javascript snippets that run in a secure, isolated sandbox as part of your authentication pipeline, which are otherwise known as rules. This resource allows you to create and manage variables that are available to all rules via Auth0’s global configuration object. Used in conjunction with configured rules.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myRule = new auth0.Rule("myRule", {
    enabled: true,
    script: `function (user, context, callback) {
  callback(null, user, context);
}
`,
});
const myRuleConfig = new auth0.RuleConfig("myRuleConfig", {
    key: "foo",
    value: "bar",
});

constructor

new RuleConfig(name: string, args: RuleConfigArgs, opts?: pulumi.CustomResourceOptions)

Create a RuleConfig resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RuleConfigState, opts?: pulumi.CustomResourceOptions): RuleConfig

Get an existing RuleConfig resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is RuleConfig

Returns true if the given object is an instance of RuleConfig. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property key

public key: pulumi.Output<string>;

String. Key for a rules configuration variable.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property value

public value: pulumi.Output<string>;

String, Case-sensitive. Value for a rules configuration variable.

Resource Tenant

class Tenant extends CustomResource

With this resource, you can manage Auth0 tenants, including setting logos and support contact information, setting error pages, and configuring default tenant behaviors.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
import * as fs from "fs";

const tenant = new auth0.Tenant("tenant", {
    allowedLogoutUrls: ["http://mysite/logout"],
    changePassword: {
        enabled: true,
        html: fs.readFileSync("./password_reset.html", "utf-8"),
    },
    defaultAudience: "<client_id>",
    defaultDirectory: "Connection-Name",
    errorPage: {
        html: fs.readFileSync("./error.html", "utf-8"),
        showLogLink: true,
        url: "http://mysite/errors",
    },
    friendlyName: "Tenant Name",
    guardianMfaPage: {
        enabled: true,
        html: fs.readFileSync("./guardian_multifactor.html", "utf-8"),
    },
    pictureUrl: "http://mysite/logo.png",
    sandboxVersion: "8",
    sessionLifetime: 46000,
    supportEmail: "support@mysite",
    supportUrl: "http://mysite/support",
});

constructor

new Tenant(name: string, args?: TenantArgs, opts?: pulumi.CustomResourceOptions)

Create a Tenant resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: TenantState, opts?: pulumi.CustomResourceOptions): Tenant

Get an existing Tenant resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Tenant

Returns true if the given object is an instance of Tenant. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allowedLogoutUrls

public allowedLogoutUrls: pulumi.Output<string[]>;

List(String). URLs that Auth0 may redirect to after logout.

property changePassword

public changePassword: pulumi.Output<TenantChangePassword>;

List(Resource). Configuration settings for change passsword page. For details, see Change Password Page.

property defaultAudience

public defaultAudience: pulumi.Output<string>;

String. API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.

property defaultDirectory

public defaultDirectory: pulumi.Output<string>;

String. Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.

property defaultRedirectionUri

public defaultRedirectionUri: pulumi.Output<string>;

String. The default absolute redirection uri, must be https and cannot contain a fragment.

property enabledLocales

public enabledLocales: pulumi.Output<string[]>;

property errorPage

public errorPage: pulumi.Output<TenantErrorPage>;

List(Resource). Configuration settings for error pages. For details, see Error Page.

property flags

public flags: pulumi.Output<TenantFlags>;

List(Resource). Configuration settings for tenant flags. For details, see Flags.

property friendlyName

public friendlyName: pulumi.Output<string>;

String. Friendly name for the tenant.

property guardianMfaPage

public guardianMfaPage: pulumi.Output<TenantGuardianMfaPage>;

List(Resource). Configuration settings for the Guardian MFA page. For details, see Guardian MFA Page.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property idleSessionLifetime

public idleSessionLifetime: pulumi.Output<number>;

Integer. Number of hours during which a session can be inactive before the user must log in again.

property pictureUrl

public pictureUrl: pulumi.Output<string>;

. String URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.

property sandboxVersion

public sandboxVersion: pulumi.Output<string>;

String. Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0’s functionality.

property sessionLifetime

public sessionLifetime: pulumi.Output<number>;

Integer. Number of hours during which a session will stay valid.

property supportEmail

public supportEmail: pulumi.Output<string>;

String. Support email address for authenticating users.

property supportUrl

public supportUrl: pulumi.Output<string>;

String. Support URL for authenticating users.

property universalLogin

public universalLogin: pulumi.Output<TenantUniversalLogin>;

List(Resource). Configuration settings for Universal Login. For details, see Universal Login.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource User

class User extends CustomResource

With this resource, you can manage user identities, including resetting passwords, and creating, provisioning, blocking, and deleting users.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const admin = new auth0.Role("admin", {description: "Administrator"});
const user = new auth0.User("user", {
    connectionName: "Username-Password-Authentication",
    userId: "12345",
    username: "uniqueUsername",
    givenName: "Firstname",
    familyName: "Lastname",
    nickname: "some.nickname",
    email: "test@test.com",
    emailVerified: true,
    password: `passpass$12$12`,
    roles: [admin.id],
});

constructor

new User(name: string, args: UserArgs, opts?: pulumi.CustomResourceOptions)

Create a User resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserState, opts?: pulumi.CustomResourceOptions): User

Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is User

Returns true if the given object is an instance of User. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property appMetadata

public appMetadata: pulumi.Output<string | undefined>;

String, JSON format. Custom fields that store info about the user that impact the user’s core functionality, such as how an application functions or what the user can access. Examples include support plans and IDs for external accounts.

property blocked

public blocked: pulumi.Output<boolean | undefined>;

property connectionName

public connectionName: pulumi.Output<string>;

String. Name of the connection from which the user information was sourced.

property email

public email: pulumi.Output<string | undefined>;

String. Email address of the user.

property emailVerified

public emailVerified: pulumi.Output<boolean | undefined>;

Boolean. Indicates whether or not the email address has been verified.

property familyName

public familyName: pulumi.Output<string | undefined>;

property givenName

public givenName: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

property nickname

public nickname: pulumi.Output<string | undefined>;

String. Preferred nickname or alias of the user.

property password

public password: pulumi.Output<string | undefined>;

String, Case-sensitive. Initial password for this user. Used for non-SMS connections.

property phoneNumber

public phoneNumber: pulumi.Output<string | undefined>;

String. Phone number for the user; follows the E.164 recommendation. Used for SMS connections.

property phoneVerified

public phoneVerified: pulumi.Output<boolean | undefined>;

Boolean. Indicates whether or not the phone number has been verified.

property picture

public picture: pulumi.Output<string | undefined>;

property roles

public roles: pulumi.Output<string[] | undefined>;

Set(String). Set of IDs of roles assigned to the user.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userId

public userId: pulumi.Output<string>;

String. ID of the user.

property userMetadata

public userMetadata: pulumi.Output<string | undefined>;

String, JSON format. Custom fields that store info about the user that does not impact a user’s core functionality. Examples include work address, home address, and user preferences.

property username

public username: pulumi.Output<string | undefined>;

String. Username of the user. Only valid if the connection requires a username.

property verifyEmail

public verifyEmail: pulumi.Output<boolean | undefined>;

Boolean. Indicates whether or not the user will receive a verification email after creation. Overrides behavior of emailVerified parameter.

Others

interface ClientArgs

interface ClientArgs

The set of arguments for constructing a Client resource.

property addons

addons?: pulumi.Input<ClientAddons>;

List(Resource). Configuration settings for add-ons for this client. For details, see Add-ons.

property allowedLogoutUrls

allowedLogoutUrls?: pulumi.Input<pulumi.Input<string>[]>;

List(String). URLs that Auth0 may redirect to after logout.

property allowedOrigins

allowedOrigins?: pulumi.Input<pulumi.Input<string>[]>;

List(String). URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.

property appType

appType?: pulumi.Input<string>;

String. Type of application the client represents. Options include native, spa, regularWeb, nonInteractive, rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.

property callbacks

callbacks?: pulumi.Input<pulumi.Input<string>[]>;

List(String). URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.

property clientMetadata

clientMetadata?: pulumi.Input<{[key: string]: any}>;

Map(String)

property clientSecretRotationTrigger

clientSecretRotationTrigger?: pulumi.Input<{[key: string]: any}>;

Map.

property crossOriginAuth

crossOriginAuth?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests.

property crossOriginLoc

crossOriginLoc?: pulumi.Input<string>;

String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page.

property customLoginPage

customLoginPage?: pulumi.Input<string>;

String. Content of the custom login page.

property customLoginPageOn

customLoginPageOn?: pulumi.Input<boolean>;

Boolean. Indicates whether or not a custom login page is to be used.

property customLoginPagePreview

customLoginPagePreview?: pulumi.Input<string>;

String.

property description

description?: pulumi.Input<string>;

String, (Max length = 140 characters). Description of the purpose of the client.

property encryptionKey

encryptionKey?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

Map(String).

property formTemplate

formTemplate?: pulumi.Input<string>;

String. Form template for WS-Federation protocol.

property grantTypes

grantTypes?: pulumi.Input<pulumi.Input<string>[]>;

List(String). Types of grants that this client is authorized to use.

property initiateLoginUri

initiateLoginUri?: pulumi.Input<string>;

property isFirstParty

isFirstParty?: pulumi.Input<boolean>;

Boolean. Indicates whether or not this client is a first-party client.

property isTokenEndpointIpHeaderTrusted

isTokenEndpointIpHeaderTrusted?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the token endpoint IP header is trusted.

property jwtConfiguration

jwtConfiguration?: pulumi.Input<ClientJwtConfiguration>;

List(Resource). Configuration settings for the JWTs issued for this client. For details, see JWT Configuration.

property logoUri

logoUri?: pulumi.Input<string>;

String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.

property mobile

mobile?: pulumi.Input<ClientMobile>;

List(Resource). Configuration settings for mobile native applications. For details, see Mobile.

property name

name?: pulumi.Input<string>;

String. Name of the client.

property oidcConformant

oidcConformant?: pulumi.Input<boolean>;

Boolean. Indicates whether or not this client will conform to strict OIDC specifications.

property sso

sso?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the client should use Auth0 rather than the IdP to perform Single Sign-On (SSO). True = Use Auth0.

property ssoDisabled

ssoDisabled?: pulumi.Input<boolean>;

Boolean. Indicates whether or not SSO is disabled.

property tokenEndpointAuthMethod

tokenEndpointAuthMethod?: pulumi.Input<string>;

String. Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), clientSecretPost (client uses HTTP POST parameters), clientSecretBasic (client uses HTTP Basic).

property webOrigins

webOrigins?: pulumi.Input<pulumi.Input<string>[]>;

List(String). URLs that represent valid web origins for use with web message response mode.

interface ClientGrantArgs

interface ClientGrantArgs

The set of arguments for constructing a ClientGrant resource.

property audience

audience: pulumi.Input<string>;

String. Audience or API Identifier for this grant.

property clientId

clientId: pulumi.Input<string>;

String. ID of the client for this grant.

property scopes

scopes: pulumi.Input<pulumi.Input<string>[]>;

List(String). Permissions (scopes) included in this grant.

interface ClientGrantState

interface ClientGrantState

Input properties used for looking up and filtering ClientGrant resources.

property audience

audience?: pulumi.Input<string>;

String. Audience or API Identifier for this grant.

property clientId

clientId?: pulumi.Input<string>;

String. ID of the client for this grant.

property scopes

scopes?: pulumi.Input<pulumi.Input<string>[]>;

List(String). Permissions (scopes) included in this grant.

interface ClientState

interface ClientState

Input properties used for looking up and filtering Client resources.

property addons

addons?: pulumi.Input<ClientAddons>;

List(Resource). Configuration settings for add-ons for this client. For details, see Add-ons.

property allowedLogoutUrls

allowedLogoutUrls?: pulumi.Input<pulumi.Input<string>[]>;

List(String). URLs that Auth0 may redirect to after logout.

property allowedOrigins

allowedOrigins?: pulumi.Input<pulumi.Input<string>[]>;

List(String). URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.

property appType

appType?: pulumi.Input<string>;

String. Type of application the client represents. Options include native, spa, regularWeb, nonInteractive, rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.

property callbacks

callbacks?: pulumi.Input<pulumi.Input<string>[]>;

List(String). URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.

property clientId

clientId?: pulumi.Input<string>;

String. ID of the client.

property clientMetadata

clientMetadata?: pulumi.Input<{[key: string]: any}>;

Map(String)

property clientSecret

clientSecret?: pulumi.Input<string>;

String. Secret for the client; keep this private.

property clientSecretRotationTrigger

clientSecretRotationTrigger?: pulumi.Input<{[key: string]: any}>;

Map.

property crossOriginAuth

crossOriginAuth?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests.

property crossOriginLoc

crossOriginLoc?: pulumi.Input<string>;

String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page.

property customLoginPage

customLoginPage?: pulumi.Input<string>;

String. Content of the custom login page.

property customLoginPageOn

customLoginPageOn?: pulumi.Input<boolean>;

Boolean. Indicates whether or not a custom login page is to be used.

property customLoginPagePreview

customLoginPagePreview?: pulumi.Input<string>;

String.

property description

description?: pulumi.Input<string>;

String, (Max length = 140 characters). Description of the purpose of the client.

property encryptionKey

encryptionKey?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

Map(String).

property formTemplate

formTemplate?: pulumi.Input<string>;

String. Form template for WS-Federation protocol.

property grantTypes

grantTypes?: pulumi.Input<pulumi.Input<string>[]>;

List(String). Types of grants that this client is authorized to use.

property initiateLoginUri

initiateLoginUri?: pulumi.Input<string>;

property isFirstParty

isFirstParty?: pulumi.Input<boolean>;

Boolean. Indicates whether or not this client is a first-party client.

property isTokenEndpointIpHeaderTrusted

isTokenEndpointIpHeaderTrusted?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the token endpoint IP header is trusted.

property jwtConfiguration

jwtConfiguration?: pulumi.Input<ClientJwtConfiguration>;

List(Resource). Configuration settings for the JWTs issued for this client. For details, see JWT Configuration.

property logoUri

logoUri?: pulumi.Input<string>;

String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.

property mobile

mobile?: pulumi.Input<ClientMobile>;

List(Resource). Configuration settings for mobile native applications. For details, see Mobile.

property name

name?: pulumi.Input<string>;

String. Name of the client.

property oidcConformant

oidcConformant?: pulumi.Input<boolean>;

Boolean. Indicates whether or not this client will conform to strict OIDC specifications.

property sso

sso?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the client should use Auth0 rather than the IdP to perform Single Sign-On (SSO). True = Use Auth0.

property ssoDisabled

ssoDisabled?: pulumi.Input<boolean>;

Boolean. Indicates whether or not SSO is disabled.

property tokenEndpointAuthMethod

tokenEndpointAuthMethod?: pulumi.Input<string>;

String. Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), clientSecretPost (client uses HTTP POST parameters), clientSecretBasic (client uses HTTP Basic).

property webOrigins

webOrigins?: pulumi.Input<pulumi.Input<string>[]>;

List(String). URLs that represent valid web origins for use with web message response mode.

interface ConnectionArgs

interface ConnectionArgs

The set of arguments for constructing a Connection resource.

property displayName

displayName?: pulumi.Input<string>;

Name used in login screen

property enabledClients

enabledClients?: pulumi.Input<pulumi.Input<string>[]>;

Set(String). IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

property isDomainConnection

isDomainConnection?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the connection is domain level.

property name

name?: pulumi.Input<string>;

String. Name of the connection.

property options

options?: pulumi.Input<ConnectionOptions>;

List(Resource). Configuration settings for connection options. For details, see Options.

property realms

realms?: pulumi.Input<pulumi.Input<string>[]>;

List(String). Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

property strategy

strategy: pulumi.Input<string>;

String. Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

property strategyVersion

strategyVersion?: pulumi.Input<string>;

Int. Version 1 is deprecated, use version 2.

interface ConnectionState

interface ConnectionState

Input properties used for looking up and filtering Connection resources.

property displayName

displayName?: pulumi.Input<string>;

Name used in login screen

property enabledClients

enabledClients?: pulumi.Input<pulumi.Input<string>[]>;

Set(String). IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

property isDomainConnection

isDomainConnection?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the connection is domain level.

property name

name?: pulumi.Input<string>;

String. Name of the connection.

property options

options?: pulumi.Input<ConnectionOptions>;

List(Resource). Configuration settings for connection options. For details, see Options.

property realms

realms?: pulumi.Input<pulumi.Input<string>[]>;

List(String). Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

property strategy

strategy?: pulumi.Input<string>;

String. Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

property strategyVersion

strategyVersion?: pulumi.Input<string>;

Int. Version 1 is deprecated, use version 2.

interface CustomDomainArgs

interface CustomDomainArgs

The set of arguments for constructing a CustomDomain resource.

property domain

domain: pulumi.Input<string>;

String. Name of the custom domain.

property type

type: pulumi.Input<string>;

String. Provisioning type for the custom domain. Options include auth0ManagedCerts and selfManagedCerts.

property verificationMethod

verificationMethod: pulumi.Input<string>;

String. Domain verification method. Options include txt.

interface CustomDomainState

interface CustomDomainState

Input properties used for looking up and filtering CustomDomain resources.

property domain

domain?: pulumi.Input<string>;

String. Name of the custom domain.

property primary

primary?: pulumi.Input<boolean>;

Boolean. Indicates whether or not this is a primary domain.

property status

status?: pulumi.Input<string>;

String. Configuration status for the custom domain. Options include disabled, pending, pendingVerification, and ready.

property type

type?: pulumi.Input<string>;

String. Provisioning type for the custom domain. Options include auth0ManagedCerts and selfManagedCerts.

property verification

verification?: pulumi.Input<CustomDomainVerification>;

List(Resource). Configuration settings for verification. For details, see Verification.

property verificationMethod

verificationMethod?: pulumi.Input<string>;

String. Domain verification method. Options include txt.

interface EmailArgs

interface EmailArgs

The set of arguments for constructing a Email resource.

property credentials

credentials: pulumi.Input<EmailCredentials>;

List(Resource). Configuration settings for the credentials for the email provider. For details, see Credentials.

property defaultFromAddress

defaultFromAddress: pulumi.Input<string>;

String. Email address to use as the sender when no other “from” address is specified.

property enabled

enabled?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the email provider is enabled.

property name

name?: pulumi.Input<string>;

String. Name of the email provider. Options include mailgun, mandrill, sendgrid, ses, smtp, and sparkpost.

interface EmailState

interface EmailState

Input properties used for looking up and filtering Email resources.

property credentials

credentials?: pulumi.Input<EmailCredentials>;

List(Resource). Configuration settings for the credentials for the email provider. For details, see Credentials.

property defaultFromAddress

defaultFromAddress?: pulumi.Input<string>;

String. Email address to use as the sender when no other “from” address is specified.

property enabled

enabled?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the email provider is enabled.

property name

name?: pulumi.Input<string>;

String. Name of the email provider. Options include mailgun, mandrill, sendgrid, ses, smtp, and sparkpost.

interface EmailTemplateArgs

interface EmailTemplateArgs

The set of arguments for constructing a EmailTemplate resource.

property body

body: pulumi.Input<string>;

String. Body of the email template. You can include common variables.

property enabled

enabled: pulumi.Input<boolean>;

Boolean. Indicates whether or not the template is enabled.

property from

from: pulumi.Input<string>;

String. Email address to use as the sender. You can include common variables.

property resultUrl

resultUrl?: pulumi.Input<string>;

String. URL to redirect the user to after a successful action. Learn more.

property subject

subject: pulumi.Input<string>;

String. Subject line of the email. You can include common variables.

property syntax

syntax: pulumi.Input<string>;

String. Syntax of the template body. You can use either text or HTML + Liquid syntax.

property template

template: pulumi.Input<string>;

String. Template name. Options include verifyEmail, resetEmail, welcomeEmail, blockedAccount, stolenCredentials, enrollmentEmail, mfaOobCode, changePassword (legacy), and passwordReset (legacy).

property urlLifetimeInSeconds

urlLifetimeInSeconds?: pulumi.Input<number>;

Integer. Number of seconds during which the link within the email will be valid.

interface EmailTemplateState

interface EmailTemplateState

Input properties used for looking up and filtering EmailTemplate resources.

property body

body?: pulumi.Input<string>;

String. Body of the email template. You can include common variables.

property enabled

enabled?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the template is enabled.

property from

from?: pulumi.Input<string>;

String. Email address to use as the sender. You can include common variables.

property resultUrl

resultUrl?: pulumi.Input<string>;

String. URL to redirect the user to after a successful action. Learn more.

property subject

subject?: pulumi.Input<string>;

String. Subject line of the email. You can include common variables.

property syntax

syntax?: pulumi.Input<string>;

String. Syntax of the template body. You can use either text or HTML + Liquid syntax.

property template

template?: pulumi.Input<string>;

String. Template name. Options include verifyEmail, resetEmail, welcomeEmail, blockedAccount, stolenCredentials, enrollmentEmail, mfaOobCode, changePassword (legacy), and passwordReset (legacy).

property urlLifetimeInSeconds

urlLifetimeInSeconds?: pulumi.Input<number>;

Integer. Number of seconds during which the link within the email will be valid.

function getEnv

getEnv(vars: string[]): string | undefined

function getEnvBoolean

getEnvBoolean(vars: string[]): boolean | undefined

function getEnvNumber

getEnvNumber(vars: string[]): number | undefined

function getVersion

getVersion(): string

interface GlobalClientArgs

interface GlobalClientArgs

The set of arguments for constructing a GlobalClient resource.

property addons

addons?: pulumi.Input<GlobalClientAddons>;

property allowedLogoutUrls

allowedLogoutUrls?: pulumi.Input<pulumi.Input<string>[]>;

property allowedOrigins

allowedOrigins?: pulumi.Input<pulumi.Input<string>[]>;

property appType

appType?: pulumi.Input<string>;

property callbacks

callbacks?: pulumi.Input<pulumi.Input<string>[]>;

property clientMetadata

clientMetadata?: pulumi.Input<{[key: string]: any}>;

property clientSecretRotationTrigger

clientSecretRotationTrigger?: pulumi.Input<{[key: string]: any}>;

property crossOriginAuth

crossOriginAuth?: pulumi.Input<boolean>;

property crossOriginLoc

crossOriginLoc?: pulumi.Input<string>;

property customLoginPage

customLoginPage?: pulumi.Input<string>;

property customLoginPageOn

customLoginPageOn?: pulumi.Input<boolean>;

property customLoginPagePreview

customLoginPagePreview?: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property encryptionKey

encryptionKey?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

property formTemplate

formTemplate?: pulumi.Input<string>;

property grantTypes

grantTypes?: pulumi.Input<pulumi.Input<string>[]>;

property initiateLoginUri

initiateLoginUri?: pulumi.Input<string>;

property isFirstParty

isFirstParty?: pulumi.Input<boolean>;

property isTokenEndpointIpHeaderTrusted

isTokenEndpointIpHeaderTrusted?: pulumi.Input<boolean>;

property jwtConfiguration

jwtConfiguration?: pulumi.Input<GlobalClientJwtConfiguration>;

property logoUri

logoUri?: pulumi.Input<string>;

property mobile

mobile?: pulumi.Input<GlobalClientMobile>;

property oidcConformant

oidcConformant?: pulumi.Input<boolean>;

property sso

sso?: pulumi.Input<boolean>;

property ssoDisabled

ssoDisabled?: pulumi.Input<boolean>;

property tokenEndpointAuthMethod

tokenEndpointAuthMethod?: pulumi.Input<string>;

property webOrigins

webOrigins?: pulumi.Input<pulumi.Input<string>[]>;

interface GlobalClientState

interface GlobalClientState

Input properties used for looking up and filtering GlobalClient resources.

property addons

addons?: pulumi.Input<GlobalClientAddons>;

property allowedLogoutUrls

allowedLogoutUrls?: pulumi.Input<pulumi.Input<string>[]>;

property allowedOrigins

allowedOrigins?: pulumi.Input<pulumi.Input<string>[]>;

property appType

appType?: pulumi.Input<string>;

property callbacks

callbacks?: pulumi.Input<pulumi.Input<string>[]>;

property clientId

clientId?: pulumi.Input<string>;

property clientMetadata

clientMetadata?: pulumi.Input<{[key: string]: any}>;

property clientSecret

clientSecret?: pulumi.Input<string>;

property clientSecretRotationTrigger

clientSecretRotationTrigger?: pulumi.Input<{[key: string]: any}>;

property crossOriginAuth

crossOriginAuth?: pulumi.Input<boolean>;

property crossOriginLoc

crossOriginLoc?: pulumi.Input<string>;

property customLoginPage

customLoginPage?: pulumi.Input<string>;

property customLoginPageOn

customLoginPageOn?: pulumi.Input<boolean>;

property customLoginPagePreview

customLoginPagePreview?: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property encryptionKey

encryptionKey?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

property formTemplate

formTemplate?: pulumi.Input<string>;

property grantTypes

grantTypes?: pulumi.Input<pulumi.Input<string>[]>;

property initiateLoginUri

initiateLoginUri?: pulumi.Input<string>;

property isFirstParty

isFirstParty?: pulumi.Input<boolean>;

property isTokenEndpointIpHeaderTrusted

isTokenEndpointIpHeaderTrusted?: pulumi.Input<boolean>;

property jwtConfiguration

jwtConfiguration?: pulumi.Input<GlobalClientJwtConfiguration>;

property logoUri

logoUri?: pulumi.Input<string>;

property mobile

mobile?: pulumi.Input<GlobalClientMobile>;

property name

name?: pulumi.Input<string>;

property oidcConformant

oidcConformant?: pulumi.Input<boolean>;

property sso

sso?: pulumi.Input<boolean>;

property ssoDisabled

ssoDisabled?: pulumi.Input<boolean>;

property tokenEndpointAuthMethod

tokenEndpointAuthMethod?: pulumi.Input<string>;

property webOrigins

webOrigins?: pulumi.Input<pulumi.Input<string>[]>;

interface HookArgs

interface HookArgs

The set of arguments for constructing a Hook resource.

property enabled

enabled?: pulumi.Input<boolean>;

Whether the hook is enabled, or disabled

property name

name?: pulumi.Input<string>;

Name of this hook

property script

script: pulumi.Input<string>;

Code to be executed when this hook runs

property triggerId

triggerId: pulumi.Input<string>;

Execution stage of this rule. Can be credentials-exchange, pre-user-registration, post-user-registration, post-change-password, or send-phone-message

interface HookState

interface HookState

Input properties used for looking up and filtering Hook resources.

property enabled

enabled?: pulumi.Input<boolean>;

Whether the hook is enabled, or disabled

property name

name?: pulumi.Input<string>;

Name of this hook

property script

script?: pulumi.Input<string>;

Code to be executed when this hook runs

property triggerId

triggerId?: pulumi.Input<string>;

Execution stage of this rule. Can be credentials-exchange, pre-user-registration, post-user-registration, post-change-password, or send-phone-message

interface PromptArgs

interface PromptArgs

The set of arguments for constructing a Prompt resource.

property universalLoginExperience

universalLoginExperience?: pulumi.Input<string>;

interface PromptState

interface PromptState

Input properties used for looking up and filtering Prompt resources.

property universalLoginExperience

universalLoginExperience?: pulumi.Input<string>;

interface ProviderArgs

interface ProviderArgs

The set of arguments for constructing a Provider resource.

property clientId

clientId?: pulumi.Input<string>;

property clientSecret

clientSecret?: pulumi.Input<string>;

property debug

debug?: pulumi.Input<boolean>;

property domain

domain?: pulumi.Input<string>;

interface ResourceServerArgs

interface ResourceServerArgs

The set of arguments for constructing a ResourceServer resource.

property allowOfflineAccess

allowOfflineAccess?: pulumi.Input<boolean>;

Boolean. Indicates whether or not refresh tokens can be issued for this resource server.

property enforcePolicies

enforcePolicies?: pulumi.Input<boolean>;

Boolean. Indicates whether or not authorization polices are enforced.

property identifier

identifier?: pulumi.Input<string>;

String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.

property name

name?: pulumi.Input<string>;

String. Friendly name for the resource server. Cannot include < or > characters.

property options

options?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

Map(String). Used to store additional metadata

property scopes

scopes?: pulumi.Input<pulumi.Input<ResourceServerScope>[]>;

Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.

property signingAlg

signingAlg?: pulumi.Input<string>;

String. Algorithm used to sign JWTs. Options include HS256 and RS256.

property signingSecret

signingSecret?: pulumi.Input<string>;

String. Secret used to sign tokens when using symmetric algorithms (HS256).

property skipConsentForVerifiableFirstPartyClients

skipConsentForVerifiableFirstPartyClients?: pulumi.Input<boolean>;

Boolean. Indicates whether or not to skip user consent for applications flagged as first party.

property tokenDialect

tokenDialect?: pulumi.Input<string>;

String. Dialect of access tokens that should be issued for this resource server. Options include accessToken or accessTokenAuthz (includes permissions).

property tokenLifetime

tokenLifetime?: pulumi.Input<number>;

Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.

property tokenLifetimeForWeb

tokenLifetimeForWeb?: pulumi.Input<number>;

Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the tokenLifetime value.

property verificationLocation

verificationLocation?: pulumi.Input<string>;

String

interface ResourceServerState

interface ResourceServerState

Input properties used for looking up and filtering ResourceServer resources.

property allowOfflineAccess

allowOfflineAccess?: pulumi.Input<boolean>;

Boolean. Indicates whether or not refresh tokens can be issued for this resource server.

property enforcePolicies

enforcePolicies?: pulumi.Input<boolean>;

Boolean. Indicates whether or not authorization polices are enforced.

property identifier

identifier?: pulumi.Input<string>;

String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.

property name

name?: pulumi.Input<string>;

String. Friendly name for the resource server. Cannot include < or > characters.

property options

options?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

Map(String). Used to store additional metadata

property scopes

scopes?: pulumi.Input<pulumi.Input<ResourceServerScope>[]>;

Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.

property signingAlg

signingAlg?: pulumi.Input<string>;

String. Algorithm used to sign JWTs. Options include HS256 and RS256.

property signingSecret

signingSecret?: pulumi.Input<string>;

String. Secret used to sign tokens when using symmetric algorithms (HS256).

property skipConsentForVerifiableFirstPartyClients

skipConsentForVerifiableFirstPartyClients?: pulumi.Input<boolean>;

Boolean. Indicates whether or not to skip user consent for applications flagged as first party.

property tokenDialect

tokenDialect?: pulumi.Input<string>;

String. Dialect of access tokens that should be issued for this resource server. Options include accessToken or accessTokenAuthz (includes permissions).

property tokenLifetime

tokenLifetime?: pulumi.Input<number>;

Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.

property tokenLifetimeForWeb

tokenLifetimeForWeb?: pulumi.Input<number>;

Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the tokenLifetime value.

property verificationLocation

verificationLocation?: pulumi.Input<string>;

String

interface RoleArgs

interface RoleArgs

The set of arguments for constructing a Role resource.

property description

description?: pulumi.Input<string>;

String. Description of the role.

property name

name?: pulumi.Input<string>;

String. Name for this role.

property permissions

permissions?: pulumi.Input<pulumi.Input<RolePermission>[]>;

Set(Resource). Configuration settings for permissions (scopes) attached to the role. For details, see Permissions.

interface RoleState

interface RoleState

Input properties used for looking up and filtering Role resources.

property description

description?: pulumi.Input<string>;

String. Description of the role.

property name

name?: pulumi.Input<string>;

String. Name for this role.

property permissions

permissions?: pulumi.Input<pulumi.Input<RolePermission>[]>;

Set(Resource). Configuration settings for permissions (scopes) attached to the role. For details, see Permissions.

interface RuleArgs

interface RuleArgs

The set of arguments for constructing a Rule resource.

property enabled

enabled?: pulumi.Input<boolean>;

Boolean. Indicates whether the rule is enabled.

property name

name?: pulumi.Input<string>;

String. Name of the rule. May only contain alphanumeric characters, spaces, and hyphens. May neither start nor end with hyphens or spaces.

property order

order?: pulumi.Input<number>;

Integer. Order in which the rule executes relative to other rules. Lower-valued rules execute first.

property script

script: pulumi.Input<string>;

String. Code to be executed when the rule runs.

interface RuleConfigArgs

interface RuleConfigArgs

The set of arguments for constructing a RuleConfig resource.

property key

key: pulumi.Input<string>;

String. Key for a rules configuration variable.

property value

value: pulumi.Input<string>;

String, Case-sensitive. Value for a rules configuration variable.

interface RuleConfigState

interface RuleConfigState

Input properties used for looking up and filtering RuleConfig resources.

property key

key?: pulumi.Input<string>;

String. Key for a rules configuration variable.

property value

value?: pulumi.Input<string>;

String, Case-sensitive. Value for a rules configuration variable.

interface RuleState

interface RuleState

Input properties used for looking up and filtering Rule resources.

property enabled

enabled?: pulumi.Input<boolean>;

Boolean. Indicates whether the rule is enabled.

property name

name?: pulumi.Input<string>;

String. Name of the rule. May only contain alphanumeric characters, spaces, and hyphens. May neither start nor end with hyphens or spaces.

property order

order?: pulumi.Input<number>;

Integer. Order in which the rule executes relative to other rules. Lower-valued rules execute first.

property script

script?: pulumi.Input<string>;

String. Code to be executed when the rule runs.

interface TenantArgs

interface TenantArgs

The set of arguments for constructing a Tenant resource.

property allowedLogoutUrls

allowedLogoutUrls?: pulumi.Input<pulumi.Input<string>[]>;

List(String). URLs that Auth0 may redirect to after logout.

property changePassword

changePassword?: pulumi.Input<TenantChangePassword>;

List(Resource). Configuration settings for change passsword page. For details, see Change Password Page.

property defaultAudience

defaultAudience?: pulumi.Input<string>;

String. API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.

property defaultDirectory

defaultDirectory?: pulumi.Input<string>;

String. Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.

property defaultRedirectionUri

defaultRedirectionUri?: pulumi.Input<string>;

String. The default absolute redirection uri, must be https and cannot contain a fragment.

property enabledLocales

enabledLocales?: pulumi.Input<pulumi.Input<string>[]>;

property errorPage

errorPage?: pulumi.Input<TenantErrorPage>;

List(Resource). Configuration settings for error pages. For details, see Error Page.

property flags

flags?: pulumi.Input<TenantFlags>;

List(Resource). Configuration settings for tenant flags. For details, see Flags.

property friendlyName

friendlyName?: pulumi.Input<string>;

String. Friendly name for the tenant.

property guardianMfaPage

guardianMfaPage?: pulumi.Input<TenantGuardianMfaPage>;

List(Resource). Configuration settings for the Guardian MFA page. For details, see Guardian MFA Page.

property idleSessionLifetime

idleSessionLifetime?: pulumi.Input<number>;

Integer. Number of hours during which a session can be inactive before the user must log in again.

property pictureUrl

pictureUrl?: pulumi.Input<string>;

. String URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.

property sandboxVersion

sandboxVersion?: pulumi.Input<string>;

String. Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0’s functionality.

property sessionLifetime

sessionLifetime?: pulumi.Input<number>;

Integer. Number of hours during which a session will stay valid.

property supportEmail

supportEmail?: pulumi.Input<string>;

String. Support email address for authenticating users.

property supportUrl

supportUrl?: pulumi.Input<string>;

String. Support URL for authenticating users.

property universalLogin

universalLogin?: pulumi.Input<TenantUniversalLogin>;

List(Resource). Configuration settings for Universal Login. For details, see Universal Login.

interface TenantState

interface TenantState

Input properties used for looking up and filtering Tenant resources.

property allowedLogoutUrls

allowedLogoutUrls?: pulumi.Input<pulumi.Input<string>[]>;

List(String). URLs that Auth0 may redirect to after logout.

property changePassword

changePassword?: pulumi.Input<TenantChangePassword>;

List(Resource). Configuration settings for change passsword page. For details, see Change Password Page.

property defaultAudience

defaultAudience?: pulumi.Input<string>;

String. API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.

property defaultDirectory

defaultDirectory?: pulumi.Input<string>;

String. Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.

property defaultRedirectionUri

defaultRedirectionUri?: pulumi.Input<string>;

String. The default absolute redirection uri, must be https and cannot contain a fragment.

property enabledLocales

enabledLocales?: pulumi.Input<pulumi.Input<string>[]>;

property errorPage

errorPage?: pulumi.Input<TenantErrorPage>;

List(Resource). Configuration settings for error pages. For details, see Error Page.

property flags

flags?: pulumi.Input<TenantFlags>;

List(Resource). Configuration settings for tenant flags. For details, see Flags.

property friendlyName

friendlyName?: pulumi.Input<string>;

String. Friendly name for the tenant.

property guardianMfaPage

guardianMfaPage?: pulumi.Input<TenantGuardianMfaPage>;

List(Resource). Configuration settings for the Guardian MFA page. For details, see Guardian MFA Page.

property idleSessionLifetime

idleSessionLifetime?: pulumi.Input<number>;

Integer. Number of hours during which a session can be inactive before the user must log in again.

property pictureUrl

pictureUrl?: pulumi.Input<string>;

. String URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.

property sandboxVersion

sandboxVersion?: pulumi.Input<string>;

String. Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0’s functionality.

property sessionLifetime

sessionLifetime?: pulumi.Input<number>;

Integer. Number of hours during which a session will stay valid.

property supportEmail

supportEmail?: pulumi.Input<string>;

String. Support email address for authenticating users.

property supportUrl

supportUrl?: pulumi.Input<string>;

String. Support URL for authenticating users.

property universalLogin

universalLogin?: pulumi.Input<TenantUniversalLogin>;

List(Resource). Configuration settings for Universal Login. For details, see Universal Login.

interface UserArgs

interface UserArgs

The set of arguments for constructing a User resource.

property appMetadata

appMetadata?: pulumi.Input<string>;

String, JSON format. Custom fields that store info about the user that impact the user’s core functionality, such as how an application functions or what the user can access. Examples include support plans and IDs for external accounts.

property blocked

blocked?: pulumi.Input<boolean>;

property connectionName

connectionName: pulumi.Input<string>;

String. Name of the connection from which the user information was sourced.

property email

email?: pulumi.Input<string>;

String. Email address of the user.

property emailVerified

emailVerified?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the email address has been verified.

property familyName

familyName?: pulumi.Input<string>;

property givenName

givenName?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property nickname

nickname?: pulumi.Input<string>;

String. Preferred nickname or alias of the user.

property password

password?: pulumi.Input<string>;

String, Case-sensitive. Initial password for this user. Used for non-SMS connections.

property phoneNumber

phoneNumber?: pulumi.Input<string>;

String. Phone number for the user; follows the E.164 recommendation. Used for SMS connections.

property phoneVerified

phoneVerified?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the phone number has been verified.

property picture

picture?: pulumi.Input<string>;

property roles

roles?: pulumi.Input<pulumi.Input<string>[]>;

Set(String). Set of IDs of roles assigned to the user.

property userId

userId?: pulumi.Input<string>;

String. ID of the user.

property userMetadata

userMetadata?: pulumi.Input<string>;

String, JSON format. Custom fields that store info about the user that does not impact a user’s core functionality. Examples include work address, home address, and user preferences.

property username

username?: pulumi.Input<string>;

String. Username of the user. Only valid if the connection requires a username.

property verifyEmail

verifyEmail?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the user will receive a verification email after creation. Overrides behavior of emailVerified parameter.

interface UserState

interface UserState

Input properties used for looking up and filtering User resources.

property appMetadata

appMetadata?: pulumi.Input<string>;

String, JSON format. Custom fields that store info about the user that impact the user’s core functionality, such as how an application functions or what the user can access. Examples include support plans and IDs for external accounts.

property blocked

blocked?: pulumi.Input<boolean>;

property connectionName

connectionName?: pulumi.Input<string>;

String. Name of the connection from which the user information was sourced.

property email

email?: pulumi.Input<string>;

String. Email address of the user.

property emailVerified

emailVerified?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the email address has been verified.

property familyName

familyName?: pulumi.Input<string>;

property givenName

givenName?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property nickname

nickname?: pulumi.Input<string>;

String. Preferred nickname or alias of the user.

property password

password?: pulumi.Input<string>;

String, Case-sensitive. Initial password for this user. Used for non-SMS connections.

property phoneNumber

phoneNumber?: pulumi.Input<string>;

String. Phone number for the user; follows the E.164 recommendation. Used for SMS connections.

property phoneVerified

phoneVerified?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the phone number has been verified.

property picture

picture?: pulumi.Input<string>;

property roles

roles?: pulumi.Input<pulumi.Input<string>[]>;

Set(String). Set of IDs of roles assigned to the user.

property userId

userId?: pulumi.Input<string>;

String. ID of the user.

property userMetadata

userMetadata?: pulumi.Input<string>;

String, JSON format. Custom fields that store info about the user that does not impact a user’s core functionality. Examples include work address, home address, and user preferences.

property username

username?: pulumi.Input<string>;

String. Username of the user. Only valid if the connection requires a username.

property verifyEmail

verifyEmail?: pulumi.Input<boolean>;

Boolean. Indicates whether or not the user will receive a verification email after creation. Overrides behavior of emailVerified parameter.