Module oidc
This provider is a derived work of the Terraform Provider distributed under MIT. If you encounter a bug or missing feature, first check the
pulumi/pulumi-keycloakrepo; however, if that doesn’t turn up anything, please consult the sourcemrparkers/terraform-provider-keycloakrepo.
Resources
Others
Resources
Resource GoogleIdentityProvider
class GoogleIdentityProvider extends CustomResourceconstructor
new GoogleIdentityProvider(name: string, args: GoogleIdentityProviderArgs, opts?: pulumi.CustomResourceOptions)Create a GoogleIdentityProvider resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GoogleIdentityProviderState, opts?: pulumi.CustomResourceOptions): GoogleIdentityProviderGet an existing GoogleIdentityProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is GoogleIdentityProviderReturns true if the given object is an instance of GoogleIdentityProvider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property acceptsPromptNoneForwardFromClient
public acceptsPromptNoneForwardFromClient: pulumi.Output<boolean | undefined>;This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.
property addReadTokenRoleOnCreate
public addReadTokenRoleOnCreate: pulumi.Output<boolean | undefined>;Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
property alias
public alias: pulumi.Output<string>;The alias uniquely identifies an identity provider and it is also used to build the redirect uri. In case of google this is computed and always google
property authenticateByDefault
public authenticateByDefault: pulumi.Output<boolean | undefined>;Enable/disable authenticate users by default.
property clientId
public clientId: pulumi.Output<string>;Client ID.
property clientSecret
public clientSecret: pulumi.Output<string>;Client Secret.
property defaultScopes
public defaultScopes: pulumi.Output<string | undefined>;The scopes to be sent when asking for authorization. See the documentation for possible values, separator and default value’. Default: ‘openid profile email’
property disableUserInfo
public disableUserInfo: pulumi.Output<boolean | undefined>;Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service.
property displayName
public displayName: pulumi.Output<string>;Not used by this provider, Will be implicitly Google
property enabled
public enabled: pulumi.Output<boolean | undefined>;Enable/disable this identity provider.
property extraConfig
public extraConfig: pulumi.Output<{[key: string]: any} | undefined>;property firstBrokerLoginFlowAlias
public firstBrokerLoginFlowAlias: pulumi.Output<string | undefined>;Alias of authentication flow, which is triggered after first login with this identity provider. Term ‘First Login’ means that there is not yet existing Keycloak account linked with the authenticated identity provider account.
property hideOnLoginPage
public hideOnLoginPage: pulumi.Output<boolean | undefined>;Hide On Login Page.
property hostedDomain
public hostedDomain: pulumi.Output<string | undefined>;Set ‘hd’ query parameter when logging in with Google. Google will list accounts only for this domain. Keycloak validates that the returned identity token has a claim for this domain. When ‘*’ is entered, any hosted account can be used.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property internalId
public internalId: pulumi.Output<string>;Internal Identity Provider Id
property linkOnly
public linkOnly: pulumi.Output<boolean | undefined>;If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don’t want to allow login from the provider, but want to integrate with a provider
property postBrokerLoginFlowAlias
public postBrokerLoginFlowAlias: pulumi.Output<string | undefined>;Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don’t want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
property providerId
public providerId: pulumi.Output<string | undefined>;provider id, is always google, unless you have a extended custom implementation
property realm
public realm: pulumi.Output<string>;Realm Name
property requestRefreshToken
public requestRefreshToken: pulumi.Output<boolean | undefined>;Set ‘access_type’ query parameter to ‘offline’ when redirecting to google authorization endpoint, to get a refresh token back. Useful if planning to use Token Exchange to retrieve Google token to access Google APIs when the user is not at the browser.
property storeToken
public storeToken: pulumi.Output<boolean | undefined>;Enable/disable if tokens must be stored after authenticating users.
property trustEmail
public trustEmail: pulumi.Output<boolean | undefined>;If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property useUserIpParam
public useUserIpParam: pulumi.Output<boolean | undefined>;Set ‘userIp’ query parameter when invoking on Google’s User Info service. This will use the user’s ip address. Useful if Google is throttling access to the User Info service.
Resource IdentityProvider
class IdentityProvider extends CustomResourceconstructor
new IdentityProvider(name: string, args: IdentityProviderArgs, opts?: pulumi.CustomResourceOptions)Create a IdentityProvider resource with the given unique name, arguments, and options.
nameThe unique name of the resource.argsThe arguments to use to populate this resource's properties.optsA bag of options that control this resource's behavior.
method get
public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IdentityProviderState, opts?: pulumi.CustomResourceOptions): IdentityProviderGet an existing IdentityProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
method getProvider
getProvider(moduleMember: string): ProviderResource | undefinedmethod isInstance
public static isInstance(obj: any): obj is IdentityProviderReturns true if the given object is an instance of IdentityProvider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.
property acceptsPromptNoneForwardFromClient
public acceptsPromptNoneForwardFromClient: pulumi.Output<boolean | undefined>;This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.
property addReadTokenRoleOnCreate
public addReadTokenRoleOnCreate: pulumi.Output<boolean | undefined>;Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
property alias
public alias: pulumi.Output<string>;The alias uniquely identifies an identity provider and it is also used to build the redirect uri.
property authenticateByDefault
public authenticateByDefault: pulumi.Output<boolean | undefined>;Enable/disable authenticate users by default.
property authorizationUrl
public authorizationUrl: pulumi.Output<string>;OIDC authorization URL.
property backchannelSupported
public backchannelSupported: pulumi.Output<boolean | undefined>;Does the external IDP support backchannel logout?
property clientId
public clientId: pulumi.Output<string>;Client ID.
property clientSecret
public clientSecret: pulumi.Output<string>;Client Secret.
property defaultScopes
public defaultScopes: pulumi.Output<string | undefined>;The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to ‘openid’.
property displayName
public displayName: pulumi.Output<string | undefined>;Friendly name for Identity Providers.
property enabled
public enabled: pulumi.Output<boolean | undefined>;Enable/disable this identity provider.
property extraConfig
public extraConfig: pulumi.Output<{[key: string]: any} | undefined>;property firstBrokerLoginFlowAlias
public firstBrokerLoginFlowAlias: pulumi.Output<string | undefined>;Alias of authentication flow, which is triggered after first login with this identity provider. Term ‘First Login’ means that there is not yet existing Keycloak account linked with the authenticated identity provider account.
property hideOnLoginPage
public hideOnLoginPage: pulumi.Output<boolean | undefined>;Hide On Login Page.
property id
id: Output<ID>;id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.
property internalId
public internalId: pulumi.Output<string>;Internal Identity Provider Id
property jwksUrl
public jwksUrl: pulumi.Output<string | undefined>;JSON Web Key Set URL
property linkOnly
public linkOnly: pulumi.Output<boolean | undefined>;If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don’t want to allow login from the provider, but want to integrate with a provider
property loginHint
public loginHint: pulumi.Output<string | undefined>;Login Hint.
property logoutUrl
public logoutUrl: pulumi.Output<string | undefined>;Logout URL
property postBrokerLoginFlowAlias
public postBrokerLoginFlowAlias: pulumi.Output<string | undefined>;Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don’t want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
property providerId
public providerId: pulumi.Output<string | undefined>;provider id, is always oidc, unless you have a custom implementation
property realm
public realm: pulumi.Output<string>;Realm Name
property storeToken
public storeToken: pulumi.Output<boolean | undefined>;Enable/disable if tokens must be stored after authenticating users.
property tokenUrl
public tokenUrl: pulumi.Output<string>;Token URL.
property trustEmail
public trustEmail: pulumi.Output<boolean | undefined>;If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
property uiLocales
public uiLocales: pulumi.Output<boolean | undefined>;Pass current locale to identity provider
property urn
urn: Output<URN>;urn is the stable logical URN used to distinctly address a resource, both before and after deployments.
property userInfoUrl
public userInfoUrl: pulumi.Output<string | undefined>;User Info URL
property validateSignature
public validateSignature: pulumi.Output<boolean | undefined>;Enable/disable signature validation of external IDP signatures.
Others
interface GoogleIdentityProviderArgs
interface GoogleIdentityProviderArgsThe set of arguments for constructing a GoogleIdentityProvider resource.
property acceptsPromptNoneForwardFromClient
acceptsPromptNoneForwardFromClient?: pulumi.Input<boolean>;This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.
property addReadTokenRoleOnCreate
addReadTokenRoleOnCreate?: pulumi.Input<boolean>;Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
property authenticateByDefault
authenticateByDefault?: pulumi.Input<boolean>;Enable/disable authenticate users by default.
property clientId
clientId: pulumi.Input<string>;Client ID.
property clientSecret
clientSecret: pulumi.Input<string>;Client Secret.
property defaultScopes
defaultScopes?: pulumi.Input<string>;The scopes to be sent when asking for authorization. See the documentation for possible values, separator and default value’. Default: ‘openid profile email’
property disableUserInfo
disableUserInfo?: pulumi.Input<boolean>;Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service.
property enabled
enabled?: pulumi.Input<boolean>;Enable/disable this identity provider.
property extraConfig
extraConfig?: pulumi.Input<{[key: string]: any}>;property firstBrokerLoginFlowAlias
firstBrokerLoginFlowAlias?: pulumi.Input<string>;Alias of authentication flow, which is triggered after first login with this identity provider. Term ‘First Login’ means that there is not yet existing Keycloak account linked with the authenticated identity provider account.
property hideOnLoginPage
hideOnLoginPage?: pulumi.Input<boolean>;Hide On Login Page.
property hostedDomain
hostedDomain?: pulumi.Input<string>;Set ‘hd’ query parameter when logging in with Google. Google will list accounts only for this domain. Keycloak validates that the returned identity token has a claim for this domain. When ‘*’ is entered, any hosted account can be used.
property linkOnly
linkOnly?: pulumi.Input<boolean>;If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don’t want to allow login from the provider, but want to integrate with a provider
property postBrokerLoginFlowAlias
postBrokerLoginFlowAlias?: pulumi.Input<string>;Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don’t want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
property providerId
providerId?: pulumi.Input<string>;provider id, is always google, unless you have a extended custom implementation
property realm
realm: pulumi.Input<string>;Realm Name
property requestRefreshToken
requestRefreshToken?: pulumi.Input<boolean>;Set ‘access_type’ query parameter to ‘offline’ when redirecting to google authorization endpoint, to get a refresh token back. Useful if planning to use Token Exchange to retrieve Google token to access Google APIs when the user is not at the browser.
property storeToken
storeToken?: pulumi.Input<boolean>;Enable/disable if tokens must be stored after authenticating users.
property trustEmail
trustEmail?: pulumi.Input<boolean>;If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
property useUserIpParam
useUserIpParam?: pulumi.Input<boolean>;Set ‘userIp’ query parameter when invoking on Google’s User Info service. This will use the user’s ip address. Useful if Google is throttling access to the User Info service.
interface GoogleIdentityProviderState
interface GoogleIdentityProviderStateInput properties used for looking up and filtering GoogleIdentityProvider resources.
property acceptsPromptNoneForwardFromClient
acceptsPromptNoneForwardFromClient?: pulumi.Input<boolean>;This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.
property addReadTokenRoleOnCreate
addReadTokenRoleOnCreate?: pulumi.Input<boolean>;Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
property alias
alias?: pulumi.Input<string>;The alias uniquely identifies an identity provider and it is also used to build the redirect uri. In case of google this is computed and always google
property authenticateByDefault
authenticateByDefault?: pulumi.Input<boolean>;Enable/disable authenticate users by default.
property clientId
clientId?: pulumi.Input<string>;Client ID.
property clientSecret
clientSecret?: pulumi.Input<string>;Client Secret.
property defaultScopes
defaultScopes?: pulumi.Input<string>;The scopes to be sent when asking for authorization. See the documentation for possible values, separator and default value’. Default: ‘openid profile email’
property disableUserInfo
disableUserInfo?: pulumi.Input<boolean>;Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service.
property displayName
displayName?: pulumi.Input<string>;Not used by this provider, Will be implicitly Google
property enabled
enabled?: pulumi.Input<boolean>;Enable/disable this identity provider.
property extraConfig
extraConfig?: pulumi.Input<{[key: string]: any}>;property firstBrokerLoginFlowAlias
firstBrokerLoginFlowAlias?: pulumi.Input<string>;Alias of authentication flow, which is triggered after first login with this identity provider. Term ‘First Login’ means that there is not yet existing Keycloak account linked with the authenticated identity provider account.
property hideOnLoginPage
hideOnLoginPage?: pulumi.Input<boolean>;Hide On Login Page.
property hostedDomain
hostedDomain?: pulumi.Input<string>;Set ‘hd’ query parameter when logging in with Google. Google will list accounts only for this domain. Keycloak validates that the returned identity token has a claim for this domain. When ‘*’ is entered, any hosted account can be used.
property internalId
internalId?: pulumi.Input<string>;Internal Identity Provider Id
property linkOnly
linkOnly?: pulumi.Input<boolean>;If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don’t want to allow login from the provider, but want to integrate with a provider
property postBrokerLoginFlowAlias
postBrokerLoginFlowAlias?: pulumi.Input<string>;Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don’t want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
property providerId
providerId?: pulumi.Input<string>;provider id, is always google, unless you have a extended custom implementation
property realm
realm?: pulumi.Input<string>;Realm Name
property requestRefreshToken
requestRefreshToken?: pulumi.Input<boolean>;Set ‘access_type’ query parameter to ‘offline’ when redirecting to google authorization endpoint, to get a refresh token back. Useful if planning to use Token Exchange to retrieve Google token to access Google APIs when the user is not at the browser.
property storeToken
storeToken?: pulumi.Input<boolean>;Enable/disable if tokens must be stored after authenticating users.
property trustEmail
trustEmail?: pulumi.Input<boolean>;If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
property useUserIpParam
useUserIpParam?: pulumi.Input<boolean>;Set ‘userIp’ query parameter when invoking on Google’s User Info service. This will use the user’s ip address. Useful if Google is throttling access to the User Info service.
interface IdentityProviderArgs
interface IdentityProviderArgsThe set of arguments for constructing a IdentityProvider resource.
property acceptsPromptNoneForwardFromClient
acceptsPromptNoneForwardFromClient?: pulumi.Input<boolean>;This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.
property addReadTokenRoleOnCreate
addReadTokenRoleOnCreate?: pulumi.Input<boolean>;Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
property alias
alias: pulumi.Input<string>;The alias uniquely identifies an identity provider and it is also used to build the redirect uri.
property authenticateByDefault
authenticateByDefault?: pulumi.Input<boolean>;Enable/disable authenticate users by default.
property authorizationUrl
authorizationUrl: pulumi.Input<string>;OIDC authorization URL.
property backchannelSupported
backchannelSupported?: pulumi.Input<boolean>;Does the external IDP support backchannel logout?
property clientId
clientId: pulumi.Input<string>;Client ID.
property clientSecret
clientSecret: pulumi.Input<string>;Client Secret.
property defaultScopes
defaultScopes?: pulumi.Input<string>;The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to ‘openid’.
property displayName
displayName?: pulumi.Input<string>;Friendly name for Identity Providers.
property enabled
enabled?: pulumi.Input<boolean>;Enable/disable this identity provider.
property extraConfig
extraConfig?: pulumi.Input<{[key: string]: any}>;property firstBrokerLoginFlowAlias
firstBrokerLoginFlowAlias?: pulumi.Input<string>;Alias of authentication flow, which is triggered after first login with this identity provider. Term ‘First Login’ means that there is not yet existing Keycloak account linked with the authenticated identity provider account.
property hideOnLoginPage
hideOnLoginPage?: pulumi.Input<boolean>;Hide On Login Page.
property jwksUrl
jwksUrl?: pulumi.Input<string>;JSON Web Key Set URL
property linkOnly
linkOnly?: pulumi.Input<boolean>;If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don’t want to allow login from the provider, but want to integrate with a provider
property loginHint
loginHint?: pulumi.Input<string>;Login Hint.
property logoutUrl
logoutUrl?: pulumi.Input<string>;Logout URL
property postBrokerLoginFlowAlias
postBrokerLoginFlowAlias?: pulumi.Input<string>;Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don’t want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
property providerId
providerId?: pulumi.Input<string>;provider id, is always oidc, unless you have a custom implementation
property realm
realm: pulumi.Input<string>;Realm Name
property storeToken
storeToken?: pulumi.Input<boolean>;Enable/disable if tokens must be stored after authenticating users.
property tokenUrl
tokenUrl: pulumi.Input<string>;Token URL.
property trustEmail
trustEmail?: pulumi.Input<boolean>;If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
property uiLocales
uiLocales?: pulumi.Input<boolean>;Pass current locale to identity provider
property userInfoUrl
userInfoUrl?: pulumi.Input<string>;User Info URL
property validateSignature
validateSignature?: pulumi.Input<boolean>;Enable/disable signature validation of external IDP signatures.
interface IdentityProviderState
interface IdentityProviderStateInput properties used for looking up and filtering IdentityProvider resources.
property acceptsPromptNoneForwardFromClient
acceptsPromptNoneForwardFromClient?: pulumi.Input<boolean>;This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.
property addReadTokenRoleOnCreate
addReadTokenRoleOnCreate?: pulumi.Input<boolean>;Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.
property alias
alias?: pulumi.Input<string>;The alias uniquely identifies an identity provider and it is also used to build the redirect uri.
property authenticateByDefault
authenticateByDefault?: pulumi.Input<boolean>;Enable/disable authenticate users by default.
property authorizationUrl
authorizationUrl?: pulumi.Input<string>;OIDC authorization URL.
property backchannelSupported
backchannelSupported?: pulumi.Input<boolean>;Does the external IDP support backchannel logout?
property clientId
clientId?: pulumi.Input<string>;Client ID.
property clientSecret
clientSecret?: pulumi.Input<string>;Client Secret.
property defaultScopes
defaultScopes?: pulumi.Input<string>;The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to ‘openid’.
property displayName
displayName?: pulumi.Input<string>;Friendly name for Identity Providers.
property enabled
enabled?: pulumi.Input<boolean>;Enable/disable this identity provider.
property extraConfig
extraConfig?: pulumi.Input<{[key: string]: any}>;property firstBrokerLoginFlowAlias
firstBrokerLoginFlowAlias?: pulumi.Input<string>;Alias of authentication flow, which is triggered after first login with this identity provider. Term ‘First Login’ means that there is not yet existing Keycloak account linked with the authenticated identity provider account.
property hideOnLoginPage
hideOnLoginPage?: pulumi.Input<boolean>;Hide On Login Page.
property internalId
internalId?: pulumi.Input<string>;Internal Identity Provider Id
property jwksUrl
jwksUrl?: pulumi.Input<string>;JSON Web Key Set URL
property linkOnly
linkOnly?: pulumi.Input<boolean>;If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don’t want to allow login from the provider, but want to integrate with a provider
property loginHint
loginHint?: pulumi.Input<string>;Login Hint.
property logoutUrl
logoutUrl?: pulumi.Input<string>;Logout URL
property postBrokerLoginFlowAlias
postBrokerLoginFlowAlias?: pulumi.Input<string>;Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don’t want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.
property providerId
providerId?: pulumi.Input<string>;provider id, is always oidc, unless you have a custom implementation
property realm
realm?: pulumi.Input<string>;Realm Name
property storeToken
storeToken?: pulumi.Input<boolean>;Enable/disable if tokens must be stored after authenticating users.
property tokenUrl
tokenUrl?: pulumi.Input<string>;Token URL.
property trustEmail
trustEmail?: pulumi.Input<boolean>;If enabled then email provided by this provider is not verified even if verification is enabled for the realm.
property uiLocales
uiLocales?: pulumi.Input<boolean>;Pass current locale to identity provider
property userInfoUrl
userInfoUrl?: pulumi.Input<string>;User Info URL
property validateSignature
validateSignature?: pulumi.Input<boolean>;Enable/disable signature validation of external IDP signatures.