1. Docs
  2. Reference
  3. API
  4. @pulumi/keycloak
  5. openid

Module openid

This provider is a derived work of the Terraform Provider distributed under MIT. If you encounter a bug or missing feature, first check the pulumi/pulumi-keycloak repo; however, if that doesn’t turn up anything, please consult the source mrparkers/terraform-provider-keycloak repo.

Resources

Functions

Others

Resources

Resource AudienceProtocolMapper

class AudienceProtocolMapper extends CustomResource

# keycloak.openid.AudienceProtocolMapper

Allows for creating and managing audience protocol mappers within Keycloak. This mapper was added in Keycloak v4.6.0.Final.

Audience protocol mappers allow you add audiences to the aud claim within issued tokens. The audience can be a custom string, or it can be mapped to the ID of a pre-existing client.

Example Usage (Client)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const openidClient = new keycloak.openid.Client("openidClient", {
    accessType: "CONFIDENTIAL",
    clientId: "test-client",
    enabled: true,
    realmId: realm.id,
    validRedirectUris: ["http://localhost:8080/openid-callback"],
});
const audienceMapper = new keycloak.openid.AudienceProtocolMapper("audienceMapper", {
    clientId: openidClient.id,
    includedCustomAudience: "foo",
    realmId: realm.id,
});
Example Usage (Client Scope)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const clientScope = new keycloak.openid.ClientScope("clientScope", {
    realmId: realm.id,
});
const audienceMapper = new keycloak.openid.AudienceProtocolMapper("audienceMapper", {
    clientScopeId: clientScope.id,
    includedCustomAudience: "foo",
    realmId: realm.id,
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this protocol mapper exists within.
  • clientId - (Required if clientScopeId is not specified) The client this protocol mapper is attached to.
  • clientScopeId - (Required if clientId is not specified) The client scope this protocol mapper is attached to.
  • name - (Required) The display name of this protocol mapper in the GUI.
  • includedClientAudience - (Required if includedCustomAudience is not specified) A client ID to include within the token’s aud claim.
  • includedCustomAudience - (Required if includedClientAudience is not specified) A custom audience to include within the token’s aud claim.
  • addToIdToken - (Optional) Indicates if the audience should be included in the aud claim for the id token. Defaults to true.
  • addToAccessToken - (Optional) Indicates if the audience should be included in the aud claim for the id token. Defaults to true.

constructor

new AudienceProtocolMapper(name: string, args: AudienceProtocolMapperArgs, opts?: pulumi.CustomResourceOptions)

Create a AudienceProtocolMapper resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AudienceProtocolMapperState, opts?: pulumi.CustomResourceOptions): AudienceProtocolMapper

Get an existing AudienceProtocolMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AudienceProtocolMapper

Returns true if the given object is an instance of AudienceProtocolMapper. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property addToAccessToken

public addToAccessToken: pulumi.Output<boolean | undefined>;

Indicates if this claim should be added to the access token.

property addToIdToken

public addToIdToken: pulumi.Output<boolean | undefined>;

Indicates if this claim should be added to the id token.

property clientId

public clientId: pulumi.Output<string | undefined>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

public clientScopeId: pulumi.Output<string | undefined>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property includedClientAudience

public includedClientAudience: pulumi.Output<string | undefined>;

A client ID to include within the token’s aud claim. Cannot be used with included_custom_audience

property includedCustomAudience

public includedCustomAudience: pulumi.Output<string | undefined>;

A custom audience to include within the token’s aud claim. Cannot be used with included_custom_audience

property name

public name: pulumi.Output<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

public realmId: pulumi.Output<string>;

The realm id where the associated client or client scope exists.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Client

class Client extends CustomResource

# keycloak.openid.Client

Allows for creating and managing Keycloak clients that use the OpenID Connect protocol.

Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users to Keycloak for authentication in order to take advantage of Keycloak’s user sessions for SSO.

Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const openidClient = new keycloak.openid.Client("openidClient", {
    accessType: "CONFIDENTIAL",
    clientId: "test-client",
    enabled: true,
    realmId: realm.id,
    validRedirectUris: ["http://localhost:8080/openid-callback"],
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this client is attached to.
  • clientId - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens.
  • name - (Optional) The display name of this client in the GUI.
  • enabled - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true.
  • description - (Optional) The description of this client in the GUI.
  • accessType - (Required) Specifies the type of client, which can be one of the following:
    • CONFIDENTIAL - Used for server-side clients that require both client ID and secret when authenticating. This client should be used for applications using the Authorization Code or Client Credentials grant flows.
    • PUBLIC - Used for browser-only applications that do not require a client secret, and instead rely only on authorized redirect URIs for security. This client should be used for applications using the Implicit grant flow.
    • BEARER-ONLY - Used for services that never initiate a login. This client will only allow bearer token requests.
  • clientSecret - (Optional) The secret for clients with an accessType of CONFIDENTIAL or BEARER-ONLY. This value is sensitive and should be treated with the same care as a password. If omitted, Keycloak will generate a GUID for this attribute.
  • standardFlowEnabled - (Optional) When true, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to false.
  • implicitFlowEnabled - (Optional) When true, the OAuth2 Implicit Grant will be enabled for this client. Defaults to false.
  • directAccessGrantsEnabled - (Optional) When true, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to false.
  • serviceAccountsEnabled - (Optional) When true, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to false.
  • validRedirectUris - (Optional) A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple wildcards in the form of an asterisk can be used here. This attribute must be set if either standardFlowEnabled or implicitFlowEnabled is set to true.
  • webOrigins - (Optional) A list of allowed CORS origins. + can be used to permit all valid redirect URIs, and * can be used to permit all origins.
  • adminUrl - (Optional) URL to the admin interface of the client.
  • baseUrl - (Optional) Default URL to use when the auth server needs to redirect or link back to the client.
  • pkceCodeChallengeMethod - (Optional) The challenge method to use for Proof Key for Code Exchange. Can be either plain or S256 or set to empty value ``.
  • fullScopeAllowed - (Optional) - Allow to include all roles mappings in the access token.
Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • serviceAccountUserId - When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account.

constructor

new Client(name: string, args: ClientArgs, opts?: pulumi.CustomResourceOptions)

Create a Client resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientState, opts?: pulumi.CustomResourceOptions): Client

Get an existing Client resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Client

Returns true if the given object is an instance of Client. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accessTokenLifespan

public accessTokenLifespan: pulumi.Output<string | undefined>;

property accessType

public accessType: pulumi.Output<string>;

property adminUrl

public adminUrl: pulumi.Output<string | undefined>;

property authenticationFlowBindingOverrides

public authenticationFlowBindingOverrides: pulumi.Output<ClientAuthenticationFlowBindingOverrides | undefined>;

property authorization

public authorization: pulumi.Output<ClientAuthorization | undefined>;

property baseUrl

public baseUrl: pulumi.Output<string | undefined>;

property clientId

public clientId: pulumi.Output<string>;

property clientSecret

public clientSecret: pulumi.Output<string>;

property consentRequired

public consentRequired: pulumi.Output<boolean | undefined>;

property description

public description: pulumi.Output<string | undefined>;

property directAccessGrantsEnabled

public directAccessGrantsEnabled: pulumi.Output<boolean | undefined>;

property enabled

public enabled: pulumi.Output<boolean | undefined>;

property excludeSessionStateFromAuthResponse

public excludeSessionStateFromAuthResponse: pulumi.Output<boolean | undefined>;

property fullScopeAllowed

public fullScopeAllowed: pulumi.Output<boolean | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property implicitFlowEnabled

public implicitFlowEnabled: pulumi.Output<boolean | undefined>;

property name

public name: pulumi.Output<string>;

property pkceCodeChallengeMethod

public pkceCodeChallengeMethod: pulumi.Output<string | undefined>;

property realmId

public realmId: pulumi.Output<string>;

property resourceServerId

public resourceServerId: pulumi.Output<string>;

property rootUrl

public rootUrl: pulumi.Output<string | undefined>;

property serviceAccountUserId

public serviceAccountUserId: pulumi.Output<string>;

property serviceAccountsEnabled

public serviceAccountsEnabled: pulumi.Output<boolean | undefined>;

property standardFlowEnabled

public standardFlowEnabled: pulumi.Output<boolean | undefined>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property validRedirectUris

public validRedirectUris: pulumi.Output<string[] | undefined>;

property webOrigins

public webOrigins: pulumi.Output<string[] | undefined>;

Resource ClientAggregatePolicy

class ClientAggregatePolicy extends CustomResource

constructor

new ClientAggregatePolicy(name: string, args: ClientAggregatePolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a ClientAggregatePolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientAggregatePolicyState, opts?: pulumi.CustomResourceOptions): ClientAggregatePolicy

Get an existing ClientAggregatePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ClientAggregatePolicy

Returns true if the given object is an instance of ClientAggregatePolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property decisionStrategy

public decisionStrategy: pulumi.Output<string>;

property description

public description: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property logic

public logic: pulumi.Output<string | undefined>;

property name

public name: pulumi.Output<string>;

property policies

public policies: pulumi.Output<string[]>;

property realmId

public realmId: pulumi.Output<string>;

property resourceServerId

public resourceServerId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ClientAuthorizationPermission

class ClientAuthorizationPermission extends CustomResource

constructor

new ClientAuthorizationPermission(name: string, args: ClientAuthorizationPermissionArgs, opts?: pulumi.CustomResourceOptions)

Create a ClientAuthorizationPermission resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientAuthorizationPermissionState, opts?: pulumi.CustomResourceOptions): ClientAuthorizationPermission

Get an existing ClientAuthorizationPermission resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ClientAuthorizationPermission

Returns true if the given object is an instance of ClientAuthorizationPermission. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property decisionStrategy

public decisionStrategy: pulumi.Output<string | undefined>;

property description

public description: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

property policies

public policies: pulumi.Output<string[] | undefined>;

property realmId

public realmId: pulumi.Output<string>;

property resourceServerId

public resourceServerId: pulumi.Output<string>;

property resources

public resources: pulumi.Output<string[] | undefined>;

property scopes

public scopes: pulumi.Output<string[] | undefined>;

property type

public type: pulumi.Output<string | undefined>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ClientAuthorizationResource

class ClientAuthorizationResource extends CustomResource

constructor

new ClientAuthorizationResource(name: string, args: ClientAuthorizationResourceArgs, opts?: pulumi.CustomResourceOptions)

Create a ClientAuthorizationResource resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientAuthorizationResourceState, opts?: pulumi.CustomResourceOptions): ClientAuthorizationResource

Get an existing ClientAuthorizationResource resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ClientAuthorizationResource

Returns true if the given object is an instance of ClientAuthorizationResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property attributes

public attributes: pulumi.Output<{[key: string]: any} | undefined>;

property displayName

public displayName: pulumi.Output<string | undefined>;

property iconUri

public iconUri: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

property ownerManagedAccess

public ownerManagedAccess: pulumi.Output<boolean | undefined>;

property realmId

public realmId: pulumi.Output<string>;

property resourceServerId

public resourceServerId: pulumi.Output<string>;

property scopes

public scopes: pulumi.Output<string[] | undefined>;

property type

public type: pulumi.Output<string | undefined>;

property uris

public uris: pulumi.Output<string[] | undefined>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ClientAuthorizationScope

class ClientAuthorizationScope extends CustomResource

constructor

new ClientAuthorizationScope(name: string, args: ClientAuthorizationScopeArgs, opts?: pulumi.CustomResourceOptions)

Create a ClientAuthorizationScope resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientAuthorizationScopeState, opts?: pulumi.CustomResourceOptions): ClientAuthorizationScope

Get an existing ClientAuthorizationScope resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ClientAuthorizationScope

Returns true if the given object is an instance of ClientAuthorizationScope. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property displayName

public displayName: pulumi.Output<string | undefined>;

property iconUri

public iconUri: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

property realmId

public realmId: pulumi.Output<string>;

property resourceServerId

public resourceServerId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ClientDefaultScopes

class ClientDefaultScopes extends CustomResource

constructor

new ClientDefaultScopes(name: string, args: ClientDefaultScopesArgs, opts?: pulumi.CustomResourceOptions)

Create a ClientDefaultScopes resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientDefaultScopesState, opts?: pulumi.CustomResourceOptions): ClientDefaultScopes

Get an existing ClientDefaultScopes resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ClientDefaultScopes

Returns true if the given object is an instance of ClientDefaultScopes. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property clientId

public clientId: pulumi.Output<string>;

property defaultScopes

public defaultScopes: pulumi.Output<string[]>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property realmId

public realmId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ClientGroupPolicy

class ClientGroupPolicy extends CustomResource

constructor

new ClientGroupPolicy(name: string, args: ClientGroupPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a ClientGroupPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientGroupPolicyState, opts?: pulumi.CustomResourceOptions): ClientGroupPolicy

Get an existing ClientGroupPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ClientGroupPolicy

Returns true if the given object is an instance of ClientGroupPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property decisionStrategy

public decisionStrategy: pulumi.Output<string>;

property description

public description: pulumi.Output<string | undefined>;

property groups

public groups: pulumi.Output<ClientGroupPolicyGroup[]>;

property groupsClaim

public groupsClaim: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property logic

public logic: pulumi.Output<string | undefined>;

property name

public name: pulumi.Output<string>;

property realmId

public realmId: pulumi.Output<string>;

property resourceServerId

public resourceServerId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ClientJsPolicy

class ClientJsPolicy extends CustomResource

constructor

new ClientJsPolicy(name: string, args: ClientJsPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a ClientJsPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientJsPolicyState, opts?: pulumi.CustomResourceOptions): ClientJsPolicy

Get an existing ClientJsPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ClientJsPolicy

Returns true if the given object is an instance of ClientJsPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property code

public code: pulumi.Output<string>;

property decisionStrategy

public decisionStrategy: pulumi.Output<string>;

property description

public description: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property logic

public logic: pulumi.Output<string | undefined>;

property name

public name: pulumi.Output<string>;

property realmId

public realmId: pulumi.Output<string>;

property resourceServerId

public resourceServerId: pulumi.Output<string>;

property type

public type: pulumi.Output<string | undefined>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ClientOptionalScopes

class ClientOptionalScopes extends CustomResource

constructor

new ClientOptionalScopes(name: string, args: ClientOptionalScopesArgs, opts?: pulumi.CustomResourceOptions)

Create a ClientOptionalScopes resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientOptionalScopesState, opts?: pulumi.CustomResourceOptions): ClientOptionalScopes

Get an existing ClientOptionalScopes resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ClientOptionalScopes

Returns true if the given object is an instance of ClientOptionalScopes. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property clientId

public clientId: pulumi.Output<string>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property optionalScopes

public optionalScopes: pulumi.Output<string[]>;

property realmId

public realmId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ClientPolicy

class ClientPolicy extends CustomResource

constructor

new ClientPolicy(name: string, args: ClientPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a ClientPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientPolicyState, opts?: pulumi.CustomResourceOptions): ClientPolicy

Get an existing ClientPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ClientPolicy

Returns true if the given object is an instance of ClientPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property clients

public clients: pulumi.Output<string[]>;

property decisionStrategy

public decisionStrategy: pulumi.Output<string | undefined>;

property description

public description: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property logic

public logic: pulumi.Output<string | undefined>;

property name

public name: pulumi.Output<string>;

property realmId

public realmId: pulumi.Output<string>;

property resourceServerId

public resourceServerId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ClientRolePolicy

class ClientRolePolicy extends CustomResource

constructor

new ClientRolePolicy(name: string, args: ClientRolePolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a ClientRolePolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientRolePolicyState, opts?: pulumi.CustomResourceOptions): ClientRolePolicy

Get an existing ClientRolePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ClientRolePolicy

Returns true if the given object is an instance of ClientRolePolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property decisionStrategy

public decisionStrategy: pulumi.Output<string | undefined>;

property description

public description: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property logic

public logic: pulumi.Output<string | undefined>;

property name

public name: pulumi.Output<string>;

property realmId

public realmId: pulumi.Output<string>;

property resourceServerId

public resourceServerId: pulumi.Output<string>;

property roles

public roles: pulumi.Output<ClientRolePolicyRole[]>;

property type

public type: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ClientScope

class ClientScope extends CustomResource

# keycloak.openid.ClientScope

Allows for creating and managing Keycloak client scopes that can be attached to clients that use the OpenID Connect protocol.

Client Scopes can be used to share common protocol and role mappings between multiple clients within a realm. They can also be used by clients to conditionally request claims or roles for a user based on the OAuth 2.0 scope parameter.

Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const openidClientScope = new keycloak.openid.ClientScope("openidClientScope", {
    description: "When requested, this scope will map a user's group memberships to a claim",
    realmId: realm.id,
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this client scope belongs to.
  • name - (Required) The display name of this client scope in the GUI.
  • description - (Optional) The description of this client scope in the GUI.
  • consentScreenText - (Optional) When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.

constructor

new ClientScope(name: string, args: ClientScopeArgs, opts?: pulumi.CustomResourceOptions)

Create a ClientScope resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientScopeState, opts?: pulumi.CustomResourceOptions): ClientScope

Get an existing ClientScope resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ClientScope

Returns true if the given object is an instance of ClientScope. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property consentScreenText

public consentScreenText: pulumi.Output<string | undefined>;

property description

public description: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

property realmId

public realmId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ClientServiceAccountRealmRole

class ClientServiceAccountRealmRole extends CustomResource

constructor

new ClientServiceAccountRealmRole(name: string, args: ClientServiceAccountRealmRoleArgs, opts?: pulumi.CustomResourceOptions)

Create a ClientServiceAccountRealmRole resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientServiceAccountRealmRoleState, opts?: pulumi.CustomResourceOptions): ClientServiceAccountRealmRole

Get an existing ClientServiceAccountRealmRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ClientServiceAccountRealmRole

Returns true if the given object is an instance of ClientServiceAccountRealmRole. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property realmId

public realmId: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

property serviceAccountUserId

public serviceAccountUserId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ClientServiceAccountRole

class ClientServiceAccountRole extends CustomResource

constructor

new ClientServiceAccountRole(name: string, args: ClientServiceAccountRoleArgs, opts?: pulumi.CustomResourceOptions)

Create a ClientServiceAccountRole resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientServiceAccountRoleState, opts?: pulumi.CustomResourceOptions): ClientServiceAccountRole

Get an existing ClientServiceAccountRole resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ClientServiceAccountRole

Returns true if the given object is an instance of ClientServiceAccountRole. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property clientId

public clientId: pulumi.Output<string>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property realmId

public realmId: pulumi.Output<string>;

property role

public role: pulumi.Output<string>;

property serviceAccountUserId

public serviceAccountUserId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ClientTimePolicy

class ClientTimePolicy extends CustomResource

constructor

new ClientTimePolicy(name: string, args: ClientTimePolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a ClientTimePolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientTimePolicyState, opts?: pulumi.CustomResourceOptions): ClientTimePolicy

Get an existing ClientTimePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ClientTimePolicy

Returns true if the given object is an instance of ClientTimePolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property dayMonth

public dayMonth: pulumi.Output<string | undefined>;

property dayMonthEnd

public dayMonthEnd: pulumi.Output<string | undefined>;

property decisionStrategy

public decisionStrategy: pulumi.Output<string>;

property description

public description: pulumi.Output<string | undefined>;

property hour

public hour: pulumi.Output<string | undefined>;

property hourEnd

public hourEnd: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property logic

public logic: pulumi.Output<string | undefined>;

property minute

public minute: pulumi.Output<string | undefined>;

property minuteEnd

public minuteEnd: pulumi.Output<string | undefined>;

property month

public month: pulumi.Output<string | undefined>;

property monthEnd

public monthEnd: pulumi.Output<string | undefined>;

property name

public name: pulumi.Output<string>;

property notBefore

public notBefore: pulumi.Output<string | undefined>;

property notOnOrAfter

public notOnOrAfter: pulumi.Output<string | undefined>;

property realmId

public realmId: pulumi.Output<string>;

property resourceServerId

public resourceServerId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property year

public year: pulumi.Output<string | undefined>;

property yearEnd

public yearEnd: pulumi.Output<string | undefined>;

Resource ClientUserPolicy

class ClientUserPolicy extends CustomResource

constructor

new ClientUserPolicy(name: string, args: ClientUserPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a ClientUserPolicy resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientUserPolicyState, opts?: pulumi.CustomResourceOptions): ClientUserPolicy

Get an existing ClientUserPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ClientUserPolicy

Returns true if the given object is an instance of ClientUserPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property decisionStrategy

public decisionStrategy: pulumi.Output<string>;

property description

public description: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property logic

public logic: pulumi.Output<string | undefined>;

property name

public name: pulumi.Output<string>;

property realmId

public realmId: pulumi.Output<string>;

property resourceServerId

public resourceServerId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property users

public users: pulumi.Output<string[]>;

Resource FullNameProtocolMapper

class FullNameProtocolMapper extends CustomResource

# keycloak.openid.FullNameProtocolMapper

Allows for creating and managing full name protocol mappers within Keycloak.

Full name protocol mappers allow you to map a user’s first and last name to the OpenID Connect name claim in a token. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

Example Usage (Client)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const openidClient = new keycloak.openid.Client("openidClient", {
    accessType: "CONFIDENTIAL",
    clientId: "test-client",
    enabled: true,
    realmId: realm.id,
    validRedirectUris: ["http://localhost:8080/openid-callback"],
});
const fullNameMapper = new keycloak.openid.FullNameProtocolMapper("fullNameMapper", {
    clientId: openidClient.id,
    realmId: realm.id,
});
Example Usage (Client Scope)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const clientScope = new keycloak.openid.ClientScope("clientScope", {
    realmId: realm.id,
});
const fullNameMapper = new keycloak.openid.FullNameProtocolMapper("fullNameMapper", {
    clientScopeId: clientScope.id,
    realmId: realm.id,
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this protocol mapper exists within.
  • clientId - (Required if clientScopeId is not specified) The client this protocol mapper is attached to.
  • clientScopeId - (Required if clientId is not specified) The client scope this protocol mapper is attached to.
  • name - (Required) The display name of this protocol mapper in the GUI.
  • addToIdToken - (Optional) Indicates if the user’s full name should be added as a claim to the id token. Defaults to true.
  • addToAccessToken - (Optional) Indicates if the user’s full name should be added as a claim to the access token. Defaults to true.
  • addToUserinfo - (Optional) Indicates if the user’s full name should be added as a claim to the UserInfo response body. Defaults to true.

constructor

new FullNameProtocolMapper(name: string, args: FullNameProtocolMapperArgs, opts?: pulumi.CustomResourceOptions)

Create a FullNameProtocolMapper resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: FullNameProtocolMapperState, opts?: pulumi.CustomResourceOptions): FullNameProtocolMapper

Get an existing FullNameProtocolMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is FullNameProtocolMapper

Returns true if the given object is an instance of FullNameProtocolMapper. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property addToAccessToken

public addToAccessToken: pulumi.Output<boolean | undefined>;

property addToIdToken

public addToIdToken: pulumi.Output<boolean | undefined>;

property addToUserinfo

public addToUserinfo: pulumi.Output<boolean | undefined>;

property clientId

public clientId: pulumi.Output<string | undefined>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

public clientScopeId: pulumi.Output<string | undefined>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

public realmId: pulumi.Output<string>;

The realm id where the associated client or client scope exists.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource GroupMembershipProtocolMapper

class GroupMembershipProtocolMapper extends CustomResource

# keycloak.openid.GroupMembershipProtocolMapper

Allows for creating and managing group membership protocol mappers within Keycloak.

Group membership protocol mappers allow you to map a user’s group memberships to a claim in a token. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

Example Usage (Client)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const openidClient = new keycloak.openid.Client("openidClient", {
    accessType: "CONFIDENTIAL",
    clientId: "test-client",
    enabled: true,
    realmId: realm.id,
    validRedirectUris: ["http://localhost:8080/openid-callback"],
});
const groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", {
    claimName: "groups",
    clientId: openidClient.id,
    realmId: realm.id,
});
Example Usage (Client Scope)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const clientScope = new keycloak.openid.ClientScope("clientScope", {
    realmId: realm.id,
});
const groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", {
    claimName: "groups",
    clientScopeId: clientScope.id,
    realmId: realm.id,
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this protocol mapper exists within.
  • clientId - (Required if clientScopeId is not specified) The client this protocol mapper is attached to.
  • clientScopeId - (Required if clientId is not specified) The client scope this protocol mapper is attached to.
  • name - (Required) The display name of this protocol mapper in the GUI.
  • claimName - (Required) The name of the claim to insert into a token.
  • fullPath - (Optional) Indicates whether the full path of the group including its parents will be used. Defaults to true.
  • addToIdToken - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to true.
  • addToAccessToken - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to true.
  • addToUserinfo - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to true.

constructor

new GroupMembershipProtocolMapper(name: string, args: GroupMembershipProtocolMapperArgs, opts?: pulumi.CustomResourceOptions)

Create a GroupMembershipProtocolMapper resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupMembershipProtocolMapperState, opts?: pulumi.CustomResourceOptions): GroupMembershipProtocolMapper

Get an existing GroupMembershipProtocolMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is GroupMembershipProtocolMapper

Returns true if the given object is an instance of GroupMembershipProtocolMapper. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property addToAccessToken

public addToAccessToken: pulumi.Output<boolean | undefined>;

property addToIdToken

public addToIdToken: pulumi.Output<boolean | undefined>;

property addToUserinfo

public addToUserinfo: pulumi.Output<boolean | undefined>;

property claimName

public claimName: pulumi.Output<string>;

property clientId

public clientId: pulumi.Output<string | undefined>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

public clientScopeId: pulumi.Output<string | undefined>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property fullPath

public fullPath: pulumi.Output<boolean | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

public realmId: pulumi.Output<string>;

The realm id where the associated client or client scope exists.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource HardcodedClaimProtocolMapper

class HardcodedClaimProtocolMapper extends CustomResource

# keycloak.openid.HardcodedClaimProtocolMapper

Allows for creating and managing hardcoded claim protocol mappers within Keycloak.

Hardcoded claim protocol mappers allow you to define a claim with a hardcoded value. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

Example Usage (Client)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const openidClient = new keycloak.openid.Client("openidClient", {
    accessType: "CONFIDENTIAL",
    clientId: "test-client",
    enabled: true,
    realmId: realm.id,
    validRedirectUris: ["http://localhost:8080/openid-callback"],
});
const hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper", {
    claimName: "foo",
    claimValue: "bar",
    clientId: openidClient.id,
    realmId: realm.id,
});
Example Usage (Client Scope)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const clientScope = new keycloak.openid.ClientScope("clientScope", {
    realmId: realm.id,
});
const hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper", {
    claimName: "foo",
    claimValue: "bar",
    clientScopeId: clientScope.id,
    realmId: realm.id,
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this protocol mapper exists within.
  • clientId - (Required if clientScopeId is not specified) The client this protocol mapper is attached to.
  • clientScopeId - (Required if clientId is not specified) The client scope this protocol mapper is attached to.
  • name - (Required) The display name of this protocol mapper in the GUI.
  • claimName - (Required) The name of the claim to insert into a token.
  • claimValue - (Required) The hardcoded value of the claim.
  • claimValueType - (Optional) The claim type used when serializing JSON tokens. Can be one of String, long, int, or boolean. Defaults to String.
  • addToIdToken - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to true.
  • addToAccessToken - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to true.
  • addToUserinfo - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to true.

constructor

new HardcodedClaimProtocolMapper(name: string, args: HardcodedClaimProtocolMapperArgs, opts?: pulumi.CustomResourceOptions)

Create a HardcodedClaimProtocolMapper resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: HardcodedClaimProtocolMapperState, opts?: pulumi.CustomResourceOptions): HardcodedClaimProtocolMapper

Get an existing HardcodedClaimProtocolMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is HardcodedClaimProtocolMapper

Returns true if the given object is an instance of HardcodedClaimProtocolMapper. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property addToAccessToken

public addToAccessToken: pulumi.Output<boolean | undefined>;

Indicates if the attribute should be a claim in the access token.

property addToIdToken

public addToIdToken: pulumi.Output<boolean | undefined>;

Indicates if the attribute should be a claim in the id token.

property addToUserinfo

public addToUserinfo: pulumi.Output<boolean | undefined>;

Indicates if the attribute should appear in the userinfo response body.

property claimName

public claimName: pulumi.Output<string>;

property claimValue

public claimValue: pulumi.Output<string>;

property claimValueType

public claimValueType: pulumi.Output<string | undefined>;

Claim type used when serializing tokens.

property clientId

public clientId: pulumi.Output<string | undefined>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

public clientScopeId: pulumi.Output<string | undefined>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

public realmId: pulumi.Output<string>;

The realm id where the associated client or client scope exists.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource HardcodedRoleProtocolMapper

class HardcodedRoleProtocolMapper extends CustomResource

# keycloak.openid.HardcodedRoleProtocolMapper

Allows for creating and managing hardcoded role protocol mappers within Keycloak.

Hardcoded role protocol mappers allow you to specify a single role to always map to an access token for a client. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

Example Usage (Client)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const role = new keycloak.Role("role", {
    realmId: realm.id,
});
const openidClient = new keycloak.openid.Client("openidClient", {
    accessType: "CONFIDENTIAL",
    clientId: "test-client",
    enabled: true,
    realmId: realm.id,
    validRedirectUris: ["http://localhost:8080/openid-callback"],
});
const hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleMapper", {
    clientId: openidClient.id,
    realmId: realm.id,
    roleId: role.id,
});
Example Usage (Client Scope)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const role = new keycloak.Role("role", {
    realmId: realm.id,
});
const clientScope = new keycloak.openid.ClientScope("clientScope", {
    realmId: realm.id,
});
const hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleMapper", {
    clientScopeId: clientScope.id,
    realmId: realm.id,
    roleId: role.id,
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this protocol mapper exists within.
  • clientId - (Required if clientScopeId is not specified) The client this protocol mapper is attached to.
  • clientScopeId - (Required if clientId is not specified) The client scope this protocol mapper is attached to.
  • name - (Required) The display name of this protocol mapper in the GUI.
  • roleId - (Required) The ID of the role to map to an access token.

constructor

new HardcodedRoleProtocolMapper(name: string, args: HardcodedRoleProtocolMapperArgs, opts?: pulumi.CustomResourceOptions)

Create a HardcodedRoleProtocolMapper resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: HardcodedRoleProtocolMapperState, opts?: pulumi.CustomResourceOptions): HardcodedRoleProtocolMapper

Get an existing HardcodedRoleProtocolMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is HardcodedRoleProtocolMapper

Returns true if the given object is an instance of HardcodedRoleProtocolMapper. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property clientId

public clientId: pulumi.Output<string | undefined>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

public clientScopeId: pulumi.Output<string | undefined>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

public realmId: pulumi.Output<string>;

The realm id where the associated client or client scope exists.

property roleId

public roleId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource UserAttributeProtocolMapper

class UserAttributeProtocolMapper extends CustomResource

# keycloak.openid.UserAttributeProtocolMapper

Allows for creating and managing user attribute protocol mappers within Keycloak.

User attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to a claim in a token. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

Example Usage (Client)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const openidClient = new keycloak.openid.Client("openidClient", {
    accessType: "CONFIDENTIAL",
    clientId: "test-client",
    enabled: true,
    realmId: realm.id,
    validRedirectUris: ["http://localhost:8080/openid-callback"],
});
const userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper("userAttributeMapper", {
    claimName: "bar",
    clientId: openidClient.id,
    realmId: realm.id,
    userAttribute: "foo",
});
Example Usage (Client Scope)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const clientScope = new keycloak.openid.ClientScope("clientScope", {
    realmId: realm.id,
});
const userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper("userAttributeMapper", {
    claimName: "bar",
    clientScopeId: clientScope.id,
    realmId: realm.id,
    userAttribute: "foo",
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this protocol mapper exists within.
  • clientId - (Required if clientScopeId is not specified) The client this protocol mapper is attached to.
  • clientScopeId - (Required if clientId is not specified) The client scope this protocol mapper is attached to.
  • name - (Required) The display name of this protocol mapper in the GUI.
  • userAttribute - (Required) The custom user attribute to map a claim for.
  • claimName - (Required) The name of the claim to insert into a token.
  • claimValueType - (Optional) The claim type used when serializing JSON tokens. Can be one of String, long, int, or boolean. Defaults to String.
  • multivalued - (Optional) Indicates whether this attribute is a single value or an array of values. Defaults to false.
  • addToIdToken - (Optional) Indicates if the attribute should be added as a claim to the id token. Defaults to true.
  • addToAccessToken - (Optional) Indicates if the attribute should be added as a claim to the access token. Defaults to true.
  • addToUserinfo - (Optional) Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to true.

constructor

new UserAttributeProtocolMapper(name: string, args: UserAttributeProtocolMapperArgs, opts?: pulumi.CustomResourceOptions)

Create a UserAttributeProtocolMapper resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserAttributeProtocolMapperState, opts?: pulumi.CustomResourceOptions): UserAttributeProtocolMapper

Get an existing UserAttributeProtocolMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is UserAttributeProtocolMapper

Returns true if the given object is an instance of UserAttributeProtocolMapper. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property addToAccessToken

public addToAccessToken: pulumi.Output<boolean | undefined>;

Indicates if the attribute should be a claim in the access token.

property addToIdToken

public addToIdToken: pulumi.Output<boolean | undefined>;

Indicates if the attribute should be a claim in the id token.

property addToUserinfo

public addToUserinfo: pulumi.Output<boolean | undefined>;

Indicates if the attribute should appear in the userinfo response body.

property claimName

public claimName: pulumi.Output<string>;

property claimValueType

public claimValueType: pulumi.Output<string | undefined>;

Claim type used when serializing tokens.

property clientId

public clientId: pulumi.Output<string | undefined>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

public clientScopeId: pulumi.Output<string | undefined>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property multivalued

public multivalued: pulumi.Output<boolean | undefined>;

Indicates whether this attribute is a single value or an array of values.

property name

public name: pulumi.Output<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

public realmId: pulumi.Output<string>;

The realm id where the associated client or client scope exists.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userAttribute

public userAttribute: pulumi.Output<string>;

Resource UserPropertyProtocolMapper

class UserPropertyProtocolMapper extends CustomResource

# keycloak.openid.UserPropertyProtocolMapper

Allows for creating and managing user property protocol mappers within Keycloak.

User property protocol mappers allow you to map built in properties defined on the Keycloak user interface to a claim in a token. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

Example Usage (Client)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const openidClient = new keycloak.openid.Client("openidClient", {
    accessType: "CONFIDENTIAL",
    clientId: "test-client",
    enabled: true,
    realmId: realm.id,
    validRedirectUris: ["http://localhost:8080/openid-callback"],
});
const userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper("userPropertyMapper", {
    claimName: "email",
    clientId: openidClient.id,
    realmId: realm.id,
    userProperty: "email",
});
Example Usage (Client Scope)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const clientScope = new keycloak.openid.ClientScope("clientScope", {
    realmId: realm.id,
});
const userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper("userPropertyMapper", {
    claimName: "email",
    clientScopeId: clientScope.id,
    realmId: realm.id,
    userProperty: "email",
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this protocol mapper exists within.
  • clientId - (Required if clientScopeId is not specified) The client this protocol mapper is attached to.
  • clientScopeId - (Required if clientId is not specified) The client scope this protocol mapper is attached to.
  • name - (Required) The display name of this protocol mapper in the GUI.
  • userProperty - (Required) The built in user property (such as email) to map a claim for.
  • claimName - (Required) The name of the claim to insert into a token.
  • claimValueType - (Optional) The claim type used when serializing JSON tokens. Can be one of String, long, int, or boolean. Defaults to String.
  • addToIdToken - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to true.
  • addToAccessToken - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to true.
  • addToUserinfo - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to true.

constructor

new UserPropertyProtocolMapper(name: string, args: UserPropertyProtocolMapperArgs, opts?: pulumi.CustomResourceOptions)

Create a UserPropertyProtocolMapper resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserPropertyProtocolMapperState, opts?: pulumi.CustomResourceOptions): UserPropertyProtocolMapper

Get an existing UserPropertyProtocolMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is UserPropertyProtocolMapper

Returns true if the given object is an instance of UserPropertyProtocolMapper. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property addToAccessToken

public addToAccessToken: pulumi.Output<boolean | undefined>;

Indicates if the property should be a claim in the access token.

property addToIdToken

public addToIdToken: pulumi.Output<boolean | undefined>;

Indicates if the property should be a claim in the id token.

property addToUserinfo

public addToUserinfo: pulumi.Output<boolean | undefined>;

Indicates if the property should appear in the userinfo response body.

property claimName

public claimName: pulumi.Output<string>;

property claimValueType

public claimValueType: pulumi.Output<string | undefined>;

Claim type used when serializing tokens.

property clientId

public clientId: pulumi.Output<string | undefined>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

public clientScopeId: pulumi.Output<string | undefined>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

public realmId: pulumi.Output<string>;

The realm id where the associated client or client scope exists.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userProperty

public userProperty: pulumi.Output<string>;

Resource UserRealmRoleProtocolMapper

class UserRealmRoleProtocolMapper extends CustomResource

# keycloak.openid.UserRealmRoleProtocolMapper

Allows for creating and managing user realm role protocol mappers within Keycloak.

User realm role protocol mappers allow you to define a claim containing the list of the realm roles. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

Example Usage (Client)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const openidClient = new keycloak.openid.Client("openidClient", {
    accessType: "CONFIDENTIAL",
    clientId: "test-client",
    enabled: true,
    realmId: realm.id,
    validRedirectUris: ["http://localhost:8080/openid-callback"],
});
const userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper("userRealmRoleMapper", {
    claimName: "foo",
    clientId: openidClient.id,
    realmId: realm.id,
});
Example Usage (Client Scope)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const clientScope = new keycloak.openid.ClientScope("clientScope", {
    realmId: realm.id,
});
const userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper("userRealmRoleMapper", {
    claimName: "foo",
    clientScopeId: clientScope.id,
    realmId: realm.id,
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this protocol mapper exists within.
  • clientId - (Required if clientScopeId is not specified) The client this protocol mapper is attached to.
  • clientScopeId - (Required if clientId is not specified) The client scope this protocol mapper is attached to.
  • name - (Required) The display name of this protocol mapper in the GUI.
  • claimName - (Required) The name of the claim to insert into a token.
  • claimValueType - (Optional) The claim type used when serializing JSON tokens. Can be one of String, long, int, or boolean. Defaults to String.
  • multivalued - (Optional) Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to true.
  • realmRolePrefix - (Optional) A prefix for each Realm Role.
  • addToIdToken - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to true.
  • addToAccessToken - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to true.
  • addToUserinfo - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to true.

constructor

new UserRealmRoleProtocolMapper(name: string, args: UserRealmRoleProtocolMapperArgs, opts?: pulumi.CustomResourceOptions)

Create a UserRealmRoleProtocolMapper resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserRealmRoleProtocolMapperState, opts?: pulumi.CustomResourceOptions): UserRealmRoleProtocolMapper

Get an existing UserRealmRoleProtocolMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is UserRealmRoleProtocolMapper

Returns true if the given object is an instance of UserRealmRoleProtocolMapper. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property addToAccessToken

public addToAccessToken: pulumi.Output<boolean | undefined>;

Indicates if the attribute should be a claim in the access token.

property addToIdToken

public addToIdToken: pulumi.Output<boolean | undefined>;

Indicates if the attribute should be a claim in the id token.

property addToUserinfo

public addToUserinfo: pulumi.Output<boolean | undefined>;

Indicates if the attribute should appear in the userinfo response body.

property claimName

public claimName: pulumi.Output<string>;

property claimValueType

public claimValueType: pulumi.Output<string | undefined>;

Claim type used when serializing tokens.

property clientId

public clientId: pulumi.Output<string | undefined>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

public clientScopeId: pulumi.Output<string | undefined>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property multivalued

public multivalued: pulumi.Output<boolean | undefined>;

Indicates whether this attribute is a single value or an array of values.

property name

public name: pulumi.Output<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

public realmId: pulumi.Output<string>;

The realm id where the associated client or client scope exists.

property realmRolePrefix

public realmRolePrefix: pulumi.Output<string | undefined>;

Prefix that will be added to each realm role.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Functions

Function getClient

getClient(args: GetClientArgs, opts?: pulumi.InvokeOptions): Promise<GetClientResult>

# keycloak.openid.Client data source

This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources.

Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realmManagement = keycloak.openid.getClient({
    realmId: "my-realm",
    clientId: "realm-management",
});
const admin = realmManagement.then(realmManagement => keycloak.getRole({
    realmId: "my-realm",
    clientId: realmManagement.id,
    name: "realm-admin",
}));
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm id.
  • clientId - (Required) The client id.
Attributes Reference

See the docs for the keycloak.openid.Client resource for details on the exported attributes.

Function getClientAuthorizationPolicy

getClientAuthorizationPolicy(args: GetClientAuthorizationPolicyArgs, opts?: pulumi.InvokeOptions): Promise<GetClientAuthorizationPolicyResult>

Function getClientServiceAccountUser

getClientServiceAccountUser(args: GetClientServiceAccountUserArgs, opts?: pulumi.InvokeOptions): Promise<GetClientServiceAccountUserResult>

Others

interface AudienceProtocolMapperArgs

interface AudienceProtocolMapperArgs

The set of arguments for constructing a AudienceProtocolMapper resource.

property addToAccessToken

addToAccessToken?: pulumi.Input<boolean>;

Indicates if this claim should be added to the access token.

property addToIdToken

addToIdToken?: pulumi.Input<boolean>;

Indicates if this claim should be added to the id token.

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

clientScopeId?: pulumi.Input<string>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property includedClientAudience

includedClientAudience?: pulumi.Input<string>;

A client ID to include within the token’s aud claim. Cannot be used with included_custom_audience

property includedCustomAudience

includedCustomAudience?: pulumi.Input<string>;

A custom audience to include within the token’s aud claim. Cannot be used with included_custom_audience

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

realmId: pulumi.Input<string>;

The realm id where the associated client or client scope exists.

interface AudienceProtocolMapperState

interface AudienceProtocolMapperState

Input properties used for looking up and filtering AudienceProtocolMapper resources.

property addToAccessToken

addToAccessToken?: pulumi.Input<boolean>;

Indicates if this claim should be added to the access token.

property addToIdToken

addToIdToken?: pulumi.Input<boolean>;

Indicates if this claim should be added to the id token.

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

clientScopeId?: pulumi.Input<string>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property includedClientAudience

includedClientAudience?: pulumi.Input<string>;

A client ID to include within the token’s aud claim. Cannot be used with included_custom_audience

property includedCustomAudience

includedCustomAudience?: pulumi.Input<string>;

A custom audience to include within the token’s aud claim. Cannot be used with included_custom_audience

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

realmId?: pulumi.Input<string>;

The realm id where the associated client or client scope exists.

interface ClientAggregatePolicyArgs

interface ClientAggregatePolicyArgs

The set of arguments for constructing a ClientAggregatePolicy resource.

property decisionStrategy

decisionStrategy: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property logic

logic?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property policies

policies: pulumi.Input<pulumi.Input<string>[]>;

property realmId

realmId: pulumi.Input<string>;

property resourceServerId

resourceServerId: pulumi.Input<string>;

interface ClientAggregatePolicyState

interface ClientAggregatePolicyState

Input properties used for looking up and filtering ClientAggregatePolicy resources.

property decisionStrategy

decisionStrategy?: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property logic

logic?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property policies

policies?: pulumi.Input<pulumi.Input<string>[]>;

property realmId

realmId?: pulumi.Input<string>;

property resourceServerId

resourceServerId?: pulumi.Input<string>;

interface ClientArgs

interface ClientArgs

The set of arguments for constructing a Client resource.

property accessTokenLifespan

accessTokenLifespan?: pulumi.Input<string>;

property accessType

accessType: pulumi.Input<string>;

property adminUrl

adminUrl?: pulumi.Input<string>;

property authenticationFlowBindingOverrides

authenticationFlowBindingOverrides?: pulumi.Input<ClientAuthenticationFlowBindingOverrides>;

property authorization

authorization?: pulumi.Input<ClientAuthorization>;

property baseUrl

baseUrl?: pulumi.Input<string>;

property clientId

clientId: pulumi.Input<string>;

property clientSecret

clientSecret?: pulumi.Input<string>;

property consentRequired

consentRequired?: pulumi.Input<boolean>;

property description

description?: pulumi.Input<string>;

property directAccessGrantsEnabled

directAccessGrantsEnabled?: pulumi.Input<boolean>;

property enabled

enabled?: pulumi.Input<boolean>;

property excludeSessionStateFromAuthResponse

excludeSessionStateFromAuthResponse?: pulumi.Input<boolean>;

property fullScopeAllowed

fullScopeAllowed?: pulumi.Input<boolean>;

property implicitFlowEnabled

implicitFlowEnabled?: pulumi.Input<boolean>;

property name

name?: pulumi.Input<string>;

property pkceCodeChallengeMethod

pkceCodeChallengeMethod?: pulumi.Input<string>;

property realmId

realmId: pulumi.Input<string>;

property rootUrl

rootUrl?: pulumi.Input<string>;

property serviceAccountsEnabled

serviceAccountsEnabled?: pulumi.Input<boolean>;

property standardFlowEnabled

standardFlowEnabled?: pulumi.Input<boolean>;

property validRedirectUris

validRedirectUris?: pulumi.Input<pulumi.Input<string>[]>;

property webOrigins

webOrigins?: pulumi.Input<pulumi.Input<string>[]>;

interface ClientAuthorizationPermissionArgs

interface ClientAuthorizationPermissionArgs

The set of arguments for constructing a ClientAuthorizationPermission resource.

property decisionStrategy

decisionStrategy?: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property policies

policies?: pulumi.Input<pulumi.Input<string>[]>;

property realmId

realmId: pulumi.Input<string>;

property resourceServerId

resourceServerId: pulumi.Input<string>;

property resources

resources?: pulumi.Input<pulumi.Input<string>[]>;

property scopes

scopes?: pulumi.Input<pulumi.Input<string>[]>;

property type

type?: pulumi.Input<string>;

interface ClientAuthorizationPermissionState

interface ClientAuthorizationPermissionState

Input properties used for looking up and filtering ClientAuthorizationPermission resources.

property decisionStrategy

decisionStrategy?: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property policies

policies?: pulumi.Input<pulumi.Input<string>[]>;

property realmId

realmId?: pulumi.Input<string>;

property resourceServerId

resourceServerId?: pulumi.Input<string>;

property resources

resources?: pulumi.Input<pulumi.Input<string>[]>;

property scopes

scopes?: pulumi.Input<pulumi.Input<string>[]>;

property type

type?: pulumi.Input<string>;

interface ClientAuthorizationResourceArgs

interface ClientAuthorizationResourceArgs

The set of arguments for constructing a ClientAuthorizationResource resource.

property attributes

attributes?: pulumi.Input<{[key: string]: any}>;

property displayName

displayName?: pulumi.Input<string>;

property iconUri

iconUri?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property ownerManagedAccess

ownerManagedAccess?: pulumi.Input<boolean>;

property realmId

realmId: pulumi.Input<string>;

property resourceServerId

resourceServerId: pulumi.Input<string>;

property scopes

scopes?: pulumi.Input<pulumi.Input<string>[]>;

property type

type?: pulumi.Input<string>;

property uris

uris?: pulumi.Input<pulumi.Input<string>[]>;

interface ClientAuthorizationResourceState

interface ClientAuthorizationResourceState

Input properties used for looking up and filtering ClientAuthorizationResource resources.

property attributes

attributes?: pulumi.Input<{[key: string]: any}>;

property displayName

displayName?: pulumi.Input<string>;

property iconUri

iconUri?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property ownerManagedAccess

ownerManagedAccess?: pulumi.Input<boolean>;

property realmId

realmId?: pulumi.Input<string>;

property resourceServerId

resourceServerId?: pulumi.Input<string>;

property scopes

scopes?: pulumi.Input<pulumi.Input<string>[]>;

property type

type?: pulumi.Input<string>;

property uris

uris?: pulumi.Input<pulumi.Input<string>[]>;

interface ClientAuthorizationScopeArgs

interface ClientAuthorizationScopeArgs

The set of arguments for constructing a ClientAuthorizationScope resource.

property displayName

displayName?: pulumi.Input<string>;

property iconUri

iconUri?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property realmId

realmId: pulumi.Input<string>;

property resourceServerId

resourceServerId: pulumi.Input<string>;

interface ClientAuthorizationScopeState

interface ClientAuthorizationScopeState

Input properties used for looking up and filtering ClientAuthorizationScope resources.

property displayName

displayName?: pulumi.Input<string>;

property iconUri

iconUri?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property realmId

realmId?: pulumi.Input<string>;

property resourceServerId

resourceServerId?: pulumi.Input<string>;

interface ClientDefaultScopesArgs

interface ClientDefaultScopesArgs

The set of arguments for constructing a ClientDefaultScopes resource.

property clientId

clientId: pulumi.Input<string>;

property defaultScopes

defaultScopes: pulumi.Input<pulumi.Input<string>[]>;

property realmId

realmId: pulumi.Input<string>;

interface ClientDefaultScopesState

interface ClientDefaultScopesState

Input properties used for looking up and filtering ClientDefaultScopes resources.

property clientId

clientId?: pulumi.Input<string>;

property defaultScopes

defaultScopes?: pulumi.Input<pulumi.Input<string>[]>;

property realmId

realmId?: pulumi.Input<string>;

interface ClientGroupPolicyArgs

interface ClientGroupPolicyArgs

The set of arguments for constructing a ClientGroupPolicy resource.

property decisionStrategy

decisionStrategy: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property groups

groups: pulumi.Input<pulumi.Input<ClientGroupPolicyGroup>[]>;

property groupsClaim

groupsClaim?: pulumi.Input<string>;

property logic

logic?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property realmId

realmId: pulumi.Input<string>;

property resourceServerId

resourceServerId: pulumi.Input<string>;

interface ClientGroupPolicyState

interface ClientGroupPolicyState

Input properties used for looking up and filtering ClientGroupPolicy resources.

property decisionStrategy

decisionStrategy?: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property groups

groups?: pulumi.Input<pulumi.Input<ClientGroupPolicyGroup>[]>;

property groupsClaim

groupsClaim?: pulumi.Input<string>;

property logic

logic?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property realmId

realmId?: pulumi.Input<string>;

property resourceServerId

resourceServerId?: pulumi.Input<string>;

interface ClientJsPolicyArgs

interface ClientJsPolicyArgs

The set of arguments for constructing a ClientJsPolicy resource.

property code

code: pulumi.Input<string>;

property decisionStrategy

decisionStrategy: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property logic

logic?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property realmId

realmId: pulumi.Input<string>;

property resourceServerId

resourceServerId: pulumi.Input<string>;

property type

type?: pulumi.Input<string>;

interface ClientJsPolicyState

interface ClientJsPolicyState

Input properties used for looking up and filtering ClientJsPolicy resources.

property code

code?: pulumi.Input<string>;

property decisionStrategy

decisionStrategy?: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property logic

logic?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property realmId

realmId?: pulumi.Input<string>;

property resourceServerId

resourceServerId?: pulumi.Input<string>;

property type

type?: pulumi.Input<string>;

interface ClientOptionalScopesArgs

interface ClientOptionalScopesArgs

The set of arguments for constructing a ClientOptionalScopes resource.

property clientId

clientId: pulumi.Input<string>;

property optionalScopes

optionalScopes: pulumi.Input<pulumi.Input<string>[]>;

property realmId

realmId: pulumi.Input<string>;

interface ClientOptionalScopesState

interface ClientOptionalScopesState

Input properties used for looking up and filtering ClientOptionalScopes resources.

property clientId

clientId?: pulumi.Input<string>;

property optionalScopes

optionalScopes?: pulumi.Input<pulumi.Input<string>[]>;

property realmId

realmId?: pulumi.Input<string>;

interface ClientPolicyArgs

interface ClientPolicyArgs

The set of arguments for constructing a ClientPolicy resource.

property clients

clients: pulumi.Input<pulumi.Input<string>[]>;

property decisionStrategy

decisionStrategy?: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property logic

logic?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property realmId

realmId: pulumi.Input<string>;

property resourceServerId

resourceServerId: pulumi.Input<string>;

interface ClientPolicyState

interface ClientPolicyState

Input properties used for looking up and filtering ClientPolicy resources.

property clients

clients?: pulumi.Input<pulumi.Input<string>[]>;

property decisionStrategy

decisionStrategy?: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property logic

logic?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property realmId

realmId?: pulumi.Input<string>;

property resourceServerId

resourceServerId?: pulumi.Input<string>;

interface ClientRolePolicyArgs

interface ClientRolePolicyArgs

The set of arguments for constructing a ClientRolePolicy resource.

property decisionStrategy

decisionStrategy?: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property logic

logic?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property realmId

realmId: pulumi.Input<string>;

property resourceServerId

resourceServerId: pulumi.Input<string>;

property roles

roles: pulumi.Input<pulumi.Input<ClientRolePolicyRole>[]>;

property type

type: pulumi.Input<string>;

interface ClientRolePolicyState

interface ClientRolePolicyState

Input properties used for looking up and filtering ClientRolePolicy resources.

property decisionStrategy

decisionStrategy?: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property logic

logic?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property realmId

realmId?: pulumi.Input<string>;

property resourceServerId

resourceServerId?: pulumi.Input<string>;

property roles

roles?: pulumi.Input<pulumi.Input<ClientRolePolicyRole>[]>;

property type

type?: pulumi.Input<string>;

interface ClientScopeArgs

interface ClientScopeArgs

The set of arguments for constructing a ClientScope resource.

property consentScreenText

consentScreenText?: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property realmId

realmId: pulumi.Input<string>;

interface ClientScopeState

interface ClientScopeState

Input properties used for looking up and filtering ClientScope resources.

property consentScreenText

consentScreenText?: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property realmId

realmId?: pulumi.Input<string>;

interface ClientServiceAccountRealmRoleArgs

interface ClientServiceAccountRealmRoleArgs

The set of arguments for constructing a ClientServiceAccountRealmRole resource.

property realmId

realmId: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

property serviceAccountUserId

serviceAccountUserId: pulumi.Input<string>;

interface ClientServiceAccountRealmRoleState

interface ClientServiceAccountRealmRoleState

Input properties used for looking up and filtering ClientServiceAccountRealmRole resources.

property realmId

realmId?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

property serviceAccountUserId

serviceAccountUserId?: pulumi.Input<string>;

interface ClientServiceAccountRoleArgs

interface ClientServiceAccountRoleArgs

The set of arguments for constructing a ClientServiceAccountRole resource.

property clientId

clientId: pulumi.Input<string>;

property realmId

realmId: pulumi.Input<string>;

property role

role: pulumi.Input<string>;

property serviceAccountUserId

serviceAccountUserId: pulumi.Input<string>;

interface ClientServiceAccountRoleState

interface ClientServiceAccountRoleState

Input properties used for looking up and filtering ClientServiceAccountRole resources.

property clientId

clientId?: pulumi.Input<string>;

property realmId

realmId?: pulumi.Input<string>;

property role

role?: pulumi.Input<string>;

property serviceAccountUserId

serviceAccountUserId?: pulumi.Input<string>;

interface ClientState

interface ClientState

Input properties used for looking up and filtering Client resources.

property accessTokenLifespan

accessTokenLifespan?: pulumi.Input<string>;

property accessType

accessType?: pulumi.Input<string>;

property adminUrl

adminUrl?: pulumi.Input<string>;

property authenticationFlowBindingOverrides

authenticationFlowBindingOverrides?: pulumi.Input<ClientAuthenticationFlowBindingOverrides>;

property authorization

authorization?: pulumi.Input<ClientAuthorization>;

property baseUrl

baseUrl?: pulumi.Input<string>;

property clientId

clientId?: pulumi.Input<string>;

property clientSecret

clientSecret?: pulumi.Input<string>;

property consentRequired

consentRequired?: pulumi.Input<boolean>;

property description

description?: pulumi.Input<string>;

property directAccessGrantsEnabled

directAccessGrantsEnabled?: pulumi.Input<boolean>;

property enabled

enabled?: pulumi.Input<boolean>;

property excludeSessionStateFromAuthResponse

excludeSessionStateFromAuthResponse?: pulumi.Input<boolean>;

property fullScopeAllowed

fullScopeAllowed?: pulumi.Input<boolean>;

property implicitFlowEnabled

implicitFlowEnabled?: pulumi.Input<boolean>;

property name

name?: pulumi.Input<string>;

property pkceCodeChallengeMethod

pkceCodeChallengeMethod?: pulumi.Input<string>;

property realmId

realmId?: pulumi.Input<string>;

property resourceServerId

resourceServerId?: pulumi.Input<string>;

property rootUrl

rootUrl?: pulumi.Input<string>;

property serviceAccountUserId

serviceAccountUserId?: pulumi.Input<string>;

property serviceAccountsEnabled

serviceAccountsEnabled?: pulumi.Input<boolean>;

property standardFlowEnabled

standardFlowEnabled?: pulumi.Input<boolean>;

property validRedirectUris

validRedirectUris?: pulumi.Input<pulumi.Input<string>[]>;

property webOrigins

webOrigins?: pulumi.Input<pulumi.Input<string>[]>;

interface ClientTimePolicyArgs

interface ClientTimePolicyArgs

The set of arguments for constructing a ClientTimePolicy resource.

property dayMonth

dayMonth?: pulumi.Input<string>;

property dayMonthEnd

dayMonthEnd?: pulumi.Input<string>;

property decisionStrategy

decisionStrategy: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property hour

hour?: pulumi.Input<string>;

property hourEnd

hourEnd?: pulumi.Input<string>;

property logic

logic?: pulumi.Input<string>;

property minute

minute?: pulumi.Input<string>;

property minuteEnd

minuteEnd?: pulumi.Input<string>;

property month

month?: pulumi.Input<string>;

property monthEnd

monthEnd?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property notBefore

notBefore?: pulumi.Input<string>;

property notOnOrAfter

notOnOrAfter?: pulumi.Input<string>;

property realmId

realmId: pulumi.Input<string>;

property resourceServerId

resourceServerId: pulumi.Input<string>;

property year

year?: pulumi.Input<string>;

property yearEnd

yearEnd?: pulumi.Input<string>;

interface ClientTimePolicyState

interface ClientTimePolicyState

Input properties used for looking up and filtering ClientTimePolicy resources.

property dayMonth

dayMonth?: pulumi.Input<string>;

property dayMonthEnd

dayMonthEnd?: pulumi.Input<string>;

property decisionStrategy

decisionStrategy?: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property hour

hour?: pulumi.Input<string>;

property hourEnd

hourEnd?: pulumi.Input<string>;

property logic

logic?: pulumi.Input<string>;

property minute

minute?: pulumi.Input<string>;

property minuteEnd

minuteEnd?: pulumi.Input<string>;

property month

month?: pulumi.Input<string>;

property monthEnd

monthEnd?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property notBefore

notBefore?: pulumi.Input<string>;

property notOnOrAfter

notOnOrAfter?: pulumi.Input<string>;

property realmId

realmId?: pulumi.Input<string>;

property resourceServerId

resourceServerId?: pulumi.Input<string>;

property year

year?: pulumi.Input<string>;

property yearEnd

yearEnd?: pulumi.Input<string>;

interface ClientUserPolicyArgs

interface ClientUserPolicyArgs

The set of arguments for constructing a ClientUserPolicy resource.

property decisionStrategy

decisionStrategy: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property logic

logic?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property realmId

realmId: pulumi.Input<string>;

property resourceServerId

resourceServerId: pulumi.Input<string>;

property users

users: pulumi.Input<pulumi.Input<string>[]>;

interface ClientUserPolicyState

interface ClientUserPolicyState

Input properties used for looking up and filtering ClientUserPolicy resources.

property decisionStrategy

decisionStrategy?: pulumi.Input<string>;

property description

description?: pulumi.Input<string>;

property logic

logic?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property realmId

realmId?: pulumi.Input<string>;

property resourceServerId

resourceServerId?: pulumi.Input<string>;

property users

users?: pulumi.Input<pulumi.Input<string>[]>;

interface FullNameProtocolMapperArgs

interface FullNameProtocolMapperArgs

The set of arguments for constructing a FullNameProtocolMapper resource.

property addToAccessToken

addToAccessToken?: pulumi.Input<boolean>;

property addToIdToken

addToIdToken?: pulumi.Input<boolean>;

property addToUserinfo

addToUserinfo?: pulumi.Input<boolean>;

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

clientScopeId?: pulumi.Input<string>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

realmId: pulumi.Input<string>;

The realm id where the associated client or client scope exists.

interface FullNameProtocolMapperState

interface FullNameProtocolMapperState

Input properties used for looking up and filtering FullNameProtocolMapper resources.

property addToAccessToken

addToAccessToken?: pulumi.Input<boolean>;

property addToIdToken

addToIdToken?: pulumi.Input<boolean>;

property addToUserinfo

addToUserinfo?: pulumi.Input<boolean>;

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

clientScopeId?: pulumi.Input<string>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

realmId?: pulumi.Input<string>;

The realm id where the associated client or client scope exists.

interface GetClientArgs

interface GetClientArgs

A collection of arguments for invoking getClient.

property clientId

clientId: string;

property realmId

realmId: string;

interface GetClientAuthorizationPolicyArgs

interface GetClientAuthorizationPolicyArgs

A collection of arguments for invoking getClientAuthorizationPolicy.

property logic

logic?: undefined | string;

property name

name: string;

property realmId

realmId: string;

property resourceServerId

resourceServerId: string;

interface GetClientAuthorizationPolicyResult

interface GetClientAuthorizationPolicyResult

A collection of values returned by getClientAuthorizationPolicy.

property decisionStrategy

decisionStrategy: string;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property logic

logic?: undefined | string;

property name

name: string;

property owner

owner: string;

property policies

policies: string[];

property realmId

realmId: string;

property resourceServerId

resourceServerId: string;

property resources

resources: string[];

property scopes

scopes: string[];

property type

type: string;

interface GetClientResult

interface GetClientResult

A collection of values returned by getClient.

property accessType

accessType: string;

property authenticationFlowBindingOverrides

authenticationFlowBindingOverrides: GetClientAuthenticationFlowBindingOverrides;

property authorization

authorization: GetClientAuthorization;

property clientId

clientId: string;

property clientSecret

clientSecret: string;

property consentRequired

consentRequired: boolean;

property description

description: string;

property directAccessGrantsEnabled

directAccessGrantsEnabled: boolean;

property enabled

enabled: boolean;

property fullScopeAllowed

fullScopeAllowed: boolean;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property implicitFlowEnabled

implicitFlowEnabled: boolean;

property name

name: string;

property realmId

realmId: string;

property resourceServerId

resourceServerId: string;

property rootUrl

rootUrl: string;

property serviceAccountUserId

serviceAccountUserId: string;

property serviceAccountsEnabled

serviceAccountsEnabled: boolean;

property standardFlowEnabled

standardFlowEnabled: boolean;

property validRedirectUris

validRedirectUris: string[];

property webOrigins

webOrigins: string[];

interface GetClientServiceAccountUserArgs

interface GetClientServiceAccountUserArgs

A collection of arguments for invoking getClientServiceAccountUser.

property clientId

clientId: string;

property realmId

realmId: string;

interface GetClientServiceAccountUserResult

interface GetClientServiceAccountUserResult

A collection of values returned by getClientServiceAccountUser.

property attributes

attributes: {[key: string]: any};

property clientId

clientId: string;

property email

email: string;

property enabled

enabled: boolean;

property federatedIdentities

federatedIdentities: GetClientServiceAccountUserFederatedIdentity[];

property firstName

firstName: string;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property lastName

lastName: string;

property realmId

realmId: string;

property username

username: string;

interface GroupMembershipProtocolMapperArgs

interface GroupMembershipProtocolMapperArgs

The set of arguments for constructing a GroupMembershipProtocolMapper resource.

property addToAccessToken

addToAccessToken?: pulumi.Input<boolean>;

property addToIdToken

addToIdToken?: pulumi.Input<boolean>;

property addToUserinfo

addToUserinfo?: pulumi.Input<boolean>;

property claimName

claimName: pulumi.Input<string>;

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

clientScopeId?: pulumi.Input<string>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property fullPath

fullPath?: pulumi.Input<boolean>;

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

realmId: pulumi.Input<string>;

The realm id where the associated client or client scope exists.

interface GroupMembershipProtocolMapperState

interface GroupMembershipProtocolMapperState

Input properties used for looking up and filtering GroupMembershipProtocolMapper resources.

property addToAccessToken

addToAccessToken?: pulumi.Input<boolean>;

property addToIdToken

addToIdToken?: pulumi.Input<boolean>;

property addToUserinfo

addToUserinfo?: pulumi.Input<boolean>;

property claimName

claimName?: pulumi.Input<string>;

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

clientScopeId?: pulumi.Input<string>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property fullPath

fullPath?: pulumi.Input<boolean>;

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

realmId?: pulumi.Input<string>;

The realm id where the associated client or client scope exists.

interface HardcodedClaimProtocolMapperArgs

interface HardcodedClaimProtocolMapperArgs

The set of arguments for constructing a HardcodedClaimProtocolMapper resource.

property addToAccessToken

addToAccessToken?: pulumi.Input<boolean>;

Indicates if the attribute should be a claim in the access token.

property addToIdToken

addToIdToken?: pulumi.Input<boolean>;

Indicates if the attribute should be a claim in the id token.

property addToUserinfo

addToUserinfo?: pulumi.Input<boolean>;

Indicates if the attribute should appear in the userinfo response body.

property claimName

claimName: pulumi.Input<string>;

property claimValue

claimValue: pulumi.Input<string>;

property claimValueType

claimValueType?: pulumi.Input<string>;

Claim type used when serializing tokens.

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

clientScopeId?: pulumi.Input<string>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

realmId: pulumi.Input<string>;

The realm id where the associated client or client scope exists.

interface HardcodedClaimProtocolMapperState

interface HardcodedClaimProtocolMapperState

Input properties used for looking up and filtering HardcodedClaimProtocolMapper resources.

property addToAccessToken

addToAccessToken?: pulumi.Input<boolean>;

Indicates if the attribute should be a claim in the access token.

property addToIdToken

addToIdToken?: pulumi.Input<boolean>;

Indicates if the attribute should be a claim in the id token.

property addToUserinfo

addToUserinfo?: pulumi.Input<boolean>;

Indicates if the attribute should appear in the userinfo response body.

property claimName

claimName?: pulumi.Input<string>;

property claimValue

claimValue?: pulumi.Input<string>;

property claimValueType

claimValueType?: pulumi.Input<string>;

Claim type used when serializing tokens.

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

clientScopeId?: pulumi.Input<string>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

realmId?: pulumi.Input<string>;

The realm id where the associated client or client scope exists.

interface HardcodedRoleProtocolMapperArgs

interface HardcodedRoleProtocolMapperArgs

The set of arguments for constructing a HardcodedRoleProtocolMapper resource.

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

clientScopeId?: pulumi.Input<string>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

realmId: pulumi.Input<string>;

The realm id where the associated client or client scope exists.

property roleId

roleId: pulumi.Input<string>;

interface HardcodedRoleProtocolMapperState

interface HardcodedRoleProtocolMapperState

Input properties used for looking up and filtering HardcodedRoleProtocolMapper resources.

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

clientScopeId?: pulumi.Input<string>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

realmId?: pulumi.Input<string>;

The realm id where the associated client or client scope exists.

property roleId

roleId?: pulumi.Input<string>;

interface UserAttributeProtocolMapperArgs

interface UserAttributeProtocolMapperArgs

The set of arguments for constructing a UserAttributeProtocolMapper resource.

property addToAccessToken

addToAccessToken?: pulumi.Input<boolean>;

Indicates if the attribute should be a claim in the access token.

property addToIdToken

addToIdToken?: pulumi.Input<boolean>;

Indicates if the attribute should be a claim in the id token.

property addToUserinfo

addToUserinfo?: pulumi.Input<boolean>;

Indicates if the attribute should appear in the userinfo response body.

property claimName

claimName: pulumi.Input<string>;

property claimValueType

claimValueType?: pulumi.Input<string>;

Claim type used when serializing tokens.

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

clientScopeId?: pulumi.Input<string>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property multivalued

multivalued?: pulumi.Input<boolean>;

Indicates whether this attribute is a single value or an array of values.

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

realmId: pulumi.Input<string>;

The realm id where the associated client or client scope exists.

property userAttribute

userAttribute: pulumi.Input<string>;

interface UserAttributeProtocolMapperState

interface UserAttributeProtocolMapperState

Input properties used for looking up and filtering UserAttributeProtocolMapper resources.

property addToAccessToken

addToAccessToken?: pulumi.Input<boolean>;

Indicates if the attribute should be a claim in the access token.

property addToIdToken

addToIdToken?: pulumi.Input<boolean>;

Indicates if the attribute should be a claim in the id token.

property addToUserinfo

addToUserinfo?: pulumi.Input<boolean>;

Indicates if the attribute should appear in the userinfo response body.

property claimName

claimName?: pulumi.Input<string>;

property claimValueType

claimValueType?: pulumi.Input<string>;

Claim type used when serializing tokens.

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

clientScopeId?: pulumi.Input<string>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property multivalued

multivalued?: pulumi.Input<boolean>;

Indicates whether this attribute is a single value or an array of values.

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

realmId?: pulumi.Input<string>;

The realm id where the associated client or client scope exists.

property userAttribute

userAttribute?: pulumi.Input<string>;

interface UserPropertyProtocolMapperArgs

interface UserPropertyProtocolMapperArgs

The set of arguments for constructing a UserPropertyProtocolMapper resource.

property addToAccessToken

addToAccessToken?: pulumi.Input<boolean>;

Indicates if the property should be a claim in the access token.

property addToIdToken

addToIdToken?: pulumi.Input<boolean>;

Indicates if the property should be a claim in the id token.

property addToUserinfo

addToUserinfo?: pulumi.Input<boolean>;

Indicates if the property should appear in the userinfo response body.

property claimName

claimName: pulumi.Input<string>;

property claimValueType

claimValueType?: pulumi.Input<string>;

Claim type used when serializing tokens.

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

clientScopeId?: pulumi.Input<string>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

realmId: pulumi.Input<string>;

The realm id where the associated client or client scope exists.

property userProperty

userProperty: pulumi.Input<string>;

interface UserPropertyProtocolMapperState

interface UserPropertyProtocolMapperState

Input properties used for looking up and filtering UserPropertyProtocolMapper resources.

property addToAccessToken

addToAccessToken?: pulumi.Input<boolean>;

Indicates if the property should be a claim in the access token.

property addToIdToken

addToIdToken?: pulumi.Input<boolean>;

Indicates if the property should be a claim in the id token.

property addToUserinfo

addToUserinfo?: pulumi.Input<boolean>;

Indicates if the property should appear in the userinfo response body.

property claimName

claimName?: pulumi.Input<string>;

property claimValueType

claimValueType?: pulumi.Input<string>;

Claim type used when serializing tokens.

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

clientScopeId?: pulumi.Input<string>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

realmId?: pulumi.Input<string>;

The realm id where the associated client or client scope exists.

property userProperty

userProperty?: pulumi.Input<string>;

interface UserRealmRoleProtocolMapperArgs

interface UserRealmRoleProtocolMapperArgs

The set of arguments for constructing a UserRealmRoleProtocolMapper resource.

property addToAccessToken

addToAccessToken?: pulumi.Input<boolean>;

Indicates if the attribute should be a claim in the access token.

property addToIdToken

addToIdToken?: pulumi.Input<boolean>;

Indicates if the attribute should be a claim in the id token.

property addToUserinfo

addToUserinfo?: pulumi.Input<boolean>;

Indicates if the attribute should appear in the userinfo response body.

property claimName

claimName: pulumi.Input<string>;

property claimValueType

claimValueType?: pulumi.Input<string>;

Claim type used when serializing tokens.

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

clientScopeId?: pulumi.Input<string>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property multivalued

multivalued?: pulumi.Input<boolean>;

Indicates whether this attribute is a single value or an array of values.

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

realmId: pulumi.Input<string>;

The realm id where the associated client or client scope exists.

property realmRolePrefix

realmRolePrefix?: pulumi.Input<string>;

Prefix that will be added to each realm role.

interface UserRealmRoleProtocolMapperState

interface UserRealmRoleProtocolMapperState

Input properties used for looking up and filtering UserRealmRoleProtocolMapper resources.

property addToAccessToken

addToAccessToken?: pulumi.Input<boolean>;

Indicates if the attribute should be a claim in the access token.

property addToIdToken

addToIdToken?: pulumi.Input<boolean>;

Indicates if the attribute should be a claim in the id token.

property addToUserinfo

addToUserinfo?: pulumi.Input<boolean>;

Indicates if the attribute should appear in the userinfo response body.

property claimName

claimName?: pulumi.Input<string>;

property claimValueType

claimValueType?: pulumi.Input<string>;

Claim type used when serializing tokens.

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

property clientScopeId

clientScopeId?: pulumi.Input<string>;

The mapper’s associated client scope. Cannot be used at the same time as client_id.

property multivalued

multivalued?: pulumi.Input<boolean>;

Indicates whether this attribute is a single value or an array of values.

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property realmId

realmId?: pulumi.Input<string>;

The realm id where the associated client or client scope exists.

property realmRolePrefix

realmRolePrefix?: pulumi.Input<string>;

Prefix that will be added to each realm role.