1. Docs
2. Reference
3. API
4. @pulumi/okta
5. auth

Module auth

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-okta repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-okta repo.

Resources

• Server
• ServerClaim
• ServerPolicy
• ServerPolicyClaim
• ServerScope

Functions

• getServer

Others

• GetServerArgs
• GetServerResult
• ServerArgs
• ServerClaimArgs
• ServerClaimState
• ServerPolicyArgs
• ServerPolicyClaimArgs
• ServerPolicyClaimState
• ServerPolicyState
• ServerScopeArgs
• ServerScopeState
• ServerState

Resources

Resource Server

class Server extends CustomResource

Creates an Authorization Server.

This resource allows you to create and configure an Authorization Server.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.auth.Server("example", {
    audiences: ["api://example"],
    description: "My Example Auth Server",
    issuerMode: "CUSTOM_URL",
    status: "ACTIVE",
});

constructor

new Server(name: string, args: ServerArgs, opts?: pulumi.CustomResourceOptions)

Create a Server resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServerState, opts?: pulumi.CustomResourceOptions): Server

Get an existing Server resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Server

Returns true if the given object is an instance of Server. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property audiences

public audiences: pulumi.Output<string[]>;

The recipients that the tokens are intended for. This becomes the aud claim in an access token.

property credentialsLastRotated

public credentialsLastRotated: pulumi.Output<string>;

The timestamp when the authorization server started to use the kid for signing tokens.

property credentialsNextRotation

public credentialsNextRotation: pulumi.Output<string>;

The timestamp when the authorization server changes the key for signing tokens. Only returned when credentialsRotationMode is "AUTO".

property credentialsRotationMode

public credentialsRotationMode: pulumi.Output<string | undefined>;

The key rotation mode for the authorization server. Can be "AUTO" or "MANUAL".

property description

public description: pulumi.Output<string | undefined>;

The description of the authorization server.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property issuer

public issuer: pulumi.Output<string>;

The complete URL for a Custom Authorization Server. This becomes the iss claim in an access token.

property issuerMode

public issuerMode: pulumi.Output<string | undefined>;

Allows you to use a custom issuer URL. It can be set to "CUSTOM_URL" or "ORG_URL"

property kid

public kid: pulumi.Output<string>;

The ID of the JSON Web Key used for signing tokens issued by the authorization server.

property name

public name: pulumi.Output<string>;

The name of the authorization server.

property status

public status: pulumi.Output<string | undefined>;

The status of the auth server. It defaults to "ACTIVE"

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ServerClaim

class ServerClaim extends CustomResource

Creates an Authorization Server Claim.

This resource allows you to create and configure an Authorization Server Claim.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.auth.ServerClaim("example", {
    authServerId: "<auth server id>",
    claimType: "IDENTITY",
    scopes: [okta_auth_server_scope_example.name],
    value: "String.substringAfter(user.email, \"@\") == \"example.com\"",
});

constructor

new ServerClaim(name: string, args: ServerClaimArgs, opts?: pulumi.CustomResourceOptions)

Create a ServerClaim resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServerClaimState, opts?: pulumi.CustomResourceOptions): ServerClaim

Get an existing ServerClaim resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ServerClaim

Returns true if the given object is an instance of ServerClaim. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property alwaysIncludeInToken

public alwaysIncludeInToken: pulumi.Output<boolean | undefined>;

Specifies whether to include claims in token, by default is is set to true.

property authServerId

public authServerId: pulumi.Output<string>;

The Application’s display name.

property claimType

public claimType: pulumi.Output<string>;

Specifies whether the claim is for an access token "RESOURCE" or ID token "IDENTITY".

property groupFilterType

public groupFilterType: pulumi.Output<string | undefined>;

Specifies the type of group filter if valueType is "GROUPS". Can be set to one of the following "STARTS_WITH", "EQUALS", "CONTAINS", "REGEX".

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the claim.

property scopes

public scopes: pulumi.Output<string[] | undefined>;

The list of scopes the auth server claim is tied to.

property status

public status: pulumi.Output<string | undefined>;

The status of the application. It defaults to "ACTIVE".

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property value

public value: pulumi.Output<string>;

The value of the claim.

property valueType

public valueType: pulumi.Output<string | undefined>;

The type of value of the claim. It can be set to "EXPRESSION" or "GROUPS". It defaults to "EXPRESSION".

Resource ServerPolicy

class ServerPolicy extends CustomResource

Creates an Authorization Server Policy.

This resource allows you to create and configure an Authorization Server Policy.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.auth.ServerPolicy("example", {
    authServerId: "<auth server id>",
    clientWhitelists: ["ALL_CLIENTS"],
    description: "example",
    priority: 1,
    status: "ACTIVE",
});

constructor

new ServerPolicy(name: string, args: ServerPolicyArgs, opts?: pulumi.CustomResourceOptions)

Create a ServerPolicy resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServerPolicyState, opts?: pulumi.CustomResourceOptions): ServerPolicy

Get an existing ServerPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ServerPolicy

Returns true if the given object is an instance of ServerPolicy. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property authServerId

public authServerId: pulumi.Output<string>;

The ID of the Auth Server.

property clientWhitelists

public clientWhitelists: pulumi.Output<string[]>;

The clients to whitelist the policy for. ["ALL_CLIENTS"] is a special value that can be used to whitelist for all clients. Otherwise it is a list of client ids.

property description

public description: pulumi.Output<string>;

The description of the Auth Server Policy.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the Auth Server Policy.

property priority

public priority: pulumi.Output<number>;

The priority of the Auth Server Policy.

property status

public status: pulumi.Output<string | undefined>;

The status of the Auth Server Policy.

property type

public type: pulumi.Output<string | undefined>;

The type of the Auth Server Policy.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ServerPolicyClaim

class ServerPolicyClaim extends CustomResource

Creates an Authorization Server Policy Rule.

This resource allows you to create and configure an Authorization Server Policy Rule.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.auth.ServerPolicyClaim("example", {
    authServerId: "<auth server id>",
    grantTypeWhitelists: ["implicit"],
    groupWhitelists: ["<group ids>"],
    policyId: "<auth server policy id>",
    priority: 1,
    status: "ACTIVE",
});

constructor

new ServerPolicyClaim(name: string, args: ServerPolicyClaimArgs, opts?: pulumi.CustomResourceOptions)

Create a ServerPolicyClaim resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServerPolicyClaimState, opts?: pulumi.CustomResourceOptions): ServerPolicyClaim

Get an existing ServerPolicyClaim resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ServerPolicyClaim

Returns true if the given object is an instance of ServerPolicyClaim. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accessTokenLifetimeMinutes

public accessTokenLifetimeMinutes: pulumi.Output<number | undefined>;

Lifetime of access token. Can be set to a value between 5 and 1440.

property authServerId

public authServerId: pulumi.Output<string>;

Auth Server ID.

property grantTypeWhitelists

public grantTypeWhitelists: pulumi.Output<string[]>;

Accepted grant type values, "authorizationCode", "implicit", "password"

property groupBlacklists

public groupBlacklists: pulumi.Output<string[] | undefined>;

property groupWhitelists

public groupWhitelists: pulumi.Output<string[] | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property inlineHookId

public inlineHookId: pulumi.Output<string | undefined>;

The ID of the inline token to trigger.

property name

public name: pulumi.Output<string>;

Auth Server Policy Rule name.

property policyId

public policyId: pulumi.Output<string>;

Auth Server Policy ID.

property priority

public priority: pulumi.Output<number>;

Priority of the auth server policy rule.

property refreshTokenLifetimeMinutes

public refreshTokenLifetimeMinutes: pulumi.Output<number | undefined>;

Lifetime of refresh token.

property refreshTokenWindowMinutes

public refreshTokenWindowMinutes: pulumi.Output<number | undefined>;

property scopeWhitelists

public scopeWhitelists: pulumi.Output<string[] | undefined>;

Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".

property status

public status: pulumi.Output<string | undefined>;

The status of the Auth Server Policy Rule.

property type

public type: pulumi.Output<string | undefined>;

The type of the Auth Server Policy Rule.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userBlacklists

public userBlacklists: pulumi.Output<string[] | undefined>;

property userWhitelists

public userWhitelists: pulumi.Output<string[] | undefined>;

Resource ServerScope

class ServerScope extends CustomResource

Creates an Authorization Server Scope.

This resource allows you to create and configure an Authorization Server Scope.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.auth.ServerScope("example", {
    authServerId: "<auth server id>",
    consent: "IMPLICIT",
    metadataPublish: "NO_CLIENTS",
});

constructor

new ServerScope(name: string, args: ServerScopeArgs, opts?: pulumi.CustomResourceOptions)

Create a ServerScope resource with the given unique name, arguments, and options.

• name The unique name of the resource.
• args The arguments to use to populate this resource's properties.
• opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServerScopeState, opts?: pulumi.CustomResourceOptions): ServerScope

Get an existing ServerScope resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ServerScope

Returns true if the given object is an instance of ServerScope. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property authServerId

public authServerId: pulumi.Output<string>;

Auth Server ID.

property consent

public consent: pulumi.Output<string | undefined>;

Indicates whether a consent dialog is needed for the scope. It can be set to "REQUIRED" or "IMPLICIT".

property default

public default: pulumi.Output<boolean | undefined>;

A default scope will be returned in an access token when the client omits the scope parameter in a token request, provided this scope is allowed as part of the access policy rule.

property description

public description: pulumi.Output<string | undefined>;

Description of the Auth Server Scope.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property metadataPublish

public metadataPublish: pulumi.Output<string | undefined>;

Whether to publish metadata or not. It can be set to "ALL_CLIENTS" or "NO_CLIENTS".

property name

public name: pulumi.Output<string>;

Auth Server scope name.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Functions

Function getServer

getServer(args: GetServerArgs, opts?: pulumi.InvokeOptions): Promise<GetServerResult>

Use this data source to retrieve an auth server from Okta.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = pulumi.output(okta.auth.getServer({
    name: "Example Auth",
}, { async: true }));

Others

interface GetServerArgs

interface GetServerArgs

A collection of arguments for invoking getServer.

property name

name: string;

The name of the auth server to retrieve.

interface GetServerResult

interface GetServerResult

A collection of values returned by getServer.

property audiences

audiences: string[];

array of audiences,

property credentialsLastRotated

credentialsLastRotated: string;

last time credentials were rotated.

property credentialsNextRotation

credentialsNextRotation: string;

next time credentials will be rotated

property credentialsRotationMode

credentialsRotationMode: string;

mode of credential rotation, auto or manual.

property description

description: string;

description of Authorization server.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property kid

kid: string;

auth server key id.

property name

name: string;

The name of the auth server.

property status

status: string;

the activation status of the authorization server.

interface ServerArgs

interface ServerArgs

The set of arguments for constructing a Server resource.

property audiences

audiences: pulumi.Input<pulumi.Input<string>[]>;

The recipients that the tokens are intended for. This becomes the aud claim in an access token.

property credentialsRotationMode

credentialsRotationMode?: pulumi.Input<string>;

The key rotation mode for the authorization server. Can be "AUTO" or "MANUAL".

property description

description?: pulumi.Input<string>;

The description of the authorization server.

property issuerMode

issuerMode?: pulumi.Input<string>;

Allows you to use a custom issuer URL. It can be set to "CUSTOM_URL" or "ORG_URL"

property name

name?: pulumi.Input<string>;

The name of the authorization server.

property status

status?: pulumi.Input<string>;

The status of the auth server. It defaults to "ACTIVE"

interface ServerClaimArgs

interface ServerClaimArgs

The set of arguments for constructing a ServerClaim resource.

property alwaysIncludeInToken

alwaysIncludeInToken?: pulumi.Input<boolean>;

Specifies whether to include claims in token, by default is is set to true.

property authServerId

authServerId: pulumi.Input<string>;

The Application’s display name.

property claimType

claimType: pulumi.Input<string>;

Specifies whether the claim is for an access token "RESOURCE" or ID token "IDENTITY".

property groupFilterType

groupFilterType?: pulumi.Input<string>;

Specifies the type of group filter if valueType is "GROUPS". Can be set to one of the following "STARTS_WITH", "EQUALS", "CONTAINS", "REGEX".

property name

name?: pulumi.Input<string>;

The name of the claim.

property scopes

scopes?: pulumi.Input<pulumi.Input<string>[]>;

The list of scopes the auth server claim is tied to.

property status

status?: pulumi.Input<string>;

The status of the application. It defaults to "ACTIVE".

property value

value: pulumi.Input<string>;

The value of the claim.

property valueType

valueType?: pulumi.Input<string>;

The type of value of the claim. It can be set to "EXPRESSION" or "GROUPS". It defaults to "EXPRESSION".

interface ServerClaimState

interface ServerClaimState

Input properties used for looking up and filtering ServerClaim resources.

property alwaysIncludeInToken

alwaysIncludeInToken?: pulumi.Input<boolean>;

Specifies whether to include claims in token, by default is is set to true.

property authServerId

authServerId?: pulumi.Input<string>;

The Application’s display name.

property claimType

claimType?: pulumi.Input<string>;

Specifies whether the claim is for an access token "RESOURCE" or ID token "IDENTITY".

property groupFilterType

groupFilterType?: pulumi.Input<string>;

Specifies the type of group filter if valueType is "GROUPS". Can be set to one of the following "STARTS_WITH", "EQUALS", "CONTAINS", "REGEX".

property name

name?: pulumi.Input<string>;

The name of the claim.

property scopes

scopes?: pulumi.Input<pulumi.Input<string>[]>;

The list of scopes the auth server claim is tied to.

property status

status?: pulumi.Input<string>;

The status of the application. It defaults to "ACTIVE".

property value

value?: pulumi.Input<string>;

The value of the claim.

property valueType

valueType?: pulumi.Input<string>;

The type of value of the claim. It can be set to "EXPRESSION" or "GROUPS". It defaults to "EXPRESSION".

interface ServerPolicyArgs

interface ServerPolicyArgs

The set of arguments for constructing a ServerPolicy resource.

property authServerId

authServerId: pulumi.Input<string>;

The ID of the Auth Server.

property clientWhitelists

clientWhitelists: pulumi.Input<pulumi.Input<string>[]>;

The clients to whitelist the policy for. ["ALL_CLIENTS"] is a special value that can be used to whitelist for all clients. Otherwise it is a list of client ids.

property description

description: pulumi.Input<string>;

The description of the Auth Server Policy.

property name

name?: pulumi.Input<string>;

The name of the Auth Server Policy.

property priority

priority: pulumi.Input<number>;

The priority of the Auth Server Policy.

property status

status?: pulumi.Input<string>;

The status of the Auth Server Policy.

property type

type?: pulumi.Input<string>;

The type of the Auth Server Policy.

interface ServerPolicyClaimArgs

interface ServerPolicyClaimArgs

The set of arguments for constructing a ServerPolicyClaim resource.

property accessTokenLifetimeMinutes

accessTokenLifetimeMinutes?: pulumi.Input<number>;

Lifetime of access token. Can be set to a value between 5 and 1440.

property authServerId

authServerId: pulumi.Input<string>;

Auth Server ID.

property grantTypeWhitelists

grantTypeWhitelists: pulumi.Input<pulumi.Input<string>[]>;

Accepted grant type values, "authorizationCode", "implicit", "password"

property groupBlacklists

groupBlacklists?: pulumi.Input<pulumi.Input<string>[]>;

property groupWhitelists

groupWhitelists?: pulumi.Input<pulumi.Input<string>[]>;

property inlineHookId

inlineHookId?: pulumi.Input<string>;

The ID of the inline token to trigger.

property name

name?: pulumi.Input<string>;

Auth Server Policy Rule name.

property policyId

policyId: pulumi.Input<string>;

Auth Server Policy ID.

property priority

priority: pulumi.Input<number>;

Priority of the auth server policy rule.

property refreshTokenLifetimeMinutes

refreshTokenLifetimeMinutes?: pulumi.Input<number>;

Lifetime of refresh token.

property refreshTokenWindowMinutes

refreshTokenWindowMinutes?: pulumi.Input<number>;

property scopeWhitelists

scopeWhitelists?: pulumi.Input<pulumi.Input<string>[]>;

Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".

property status

status?: pulumi.Input<string>;

The status of the Auth Server Policy Rule.

property type

type?: pulumi.Input<string>;

The type of the Auth Server Policy Rule.

property userBlacklists

userBlacklists?: pulumi.Input<pulumi.Input<string>[]>;

property userWhitelists

userWhitelists?: pulumi.Input<pulumi.Input<string>[]>;

interface ServerPolicyClaimState

interface ServerPolicyClaimState

Input properties used for looking up and filtering ServerPolicyClaim resources.

property accessTokenLifetimeMinutes

accessTokenLifetimeMinutes?: pulumi.Input<number>;

Lifetime of access token. Can be set to a value between 5 and 1440.

property authServerId

authServerId?: pulumi.Input<string>;

Auth Server ID.

property grantTypeWhitelists

grantTypeWhitelists?: pulumi.Input<pulumi.Input<string>[]>;

Accepted grant type values, "authorizationCode", "implicit", "password"

property groupBlacklists

groupBlacklists?: pulumi.Input<pulumi.Input<string>[]>;

property groupWhitelists

groupWhitelists?: pulumi.Input<pulumi.Input<string>[]>;

property inlineHookId

inlineHookId?: pulumi.Input<string>;

The ID of the inline token to trigger.

property name

name?: pulumi.Input<string>;

Auth Server Policy Rule name.

property policyId

policyId?: pulumi.Input<string>;

Auth Server Policy ID.

property priority

priority?: pulumi.Input<number>;

Priority of the auth server policy rule.

property refreshTokenLifetimeMinutes

refreshTokenLifetimeMinutes?: pulumi.Input<number>;

Lifetime of refresh token.

property refreshTokenWindowMinutes

refreshTokenWindowMinutes?: pulumi.Input<number>;

property scopeWhitelists

scopeWhitelists?: pulumi.Input<pulumi.Input<string>[]>;

Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with "*".

property status

status?: pulumi.Input<string>;

The status of the Auth Server Policy Rule.

property type

type?: pulumi.Input<string>;

The type of the Auth Server Policy Rule.

property userBlacklists

userBlacklists?: pulumi.Input<pulumi.Input<string>[]>;

property userWhitelists

userWhitelists?: pulumi.Input<pulumi.Input<string>[]>;

interface ServerPolicyState

interface ServerPolicyState

Input properties used for looking up and filtering ServerPolicy resources.

property authServerId

authServerId?: pulumi.Input<string>;

The ID of the Auth Server.

property clientWhitelists

clientWhitelists?: pulumi.Input<pulumi.Input<string>[]>;

The clients to whitelist the policy for. ["ALL_CLIENTS"] is a special value that can be used to whitelist for all clients. Otherwise it is a list of client ids.

property description

description?: pulumi.Input<string>;

The description of the Auth Server Policy.

property name

name?: pulumi.Input<string>;

The name of the Auth Server Policy.

property priority

priority?: pulumi.Input<number>;

The priority of the Auth Server Policy.

property status

status?: pulumi.Input<string>;

The status of the Auth Server Policy.

property type

type?: pulumi.Input<string>;

The type of the Auth Server Policy.

interface ServerScopeArgs

interface ServerScopeArgs

The set of arguments for constructing a ServerScope resource.

property authServerId

authServerId: pulumi.Input<string>;

Auth Server ID.

property consent

consent?: pulumi.Input<string>;

Indicates whether a consent dialog is needed for the scope. It can be set to "REQUIRED" or "IMPLICIT".

property default

default?: pulumi.Input<boolean>;

A default scope will be returned in an access token when the client omits the scope parameter in a token request, provided this scope is allowed as part of the access policy rule.

property description

description?: pulumi.Input<string>;

Description of the Auth Server Scope.

property metadataPublish

metadataPublish?: pulumi.Input<string>;

Whether to publish metadata or not. It can be set to "ALL_CLIENTS" or "NO_CLIENTS".

property name

name?: pulumi.Input<string>;

Auth Server scope name.

interface ServerScopeState

interface ServerScopeState

Input properties used for looking up and filtering ServerScope resources.

property authServerId

authServerId?: pulumi.Input<string>;

Auth Server ID.

property consent

consent?: pulumi.Input<string>;

Indicates whether a consent dialog is needed for the scope. It can be set to "REQUIRED" or "IMPLICIT".

property default

default?: pulumi.Input<boolean>;

A default scope will be returned in an access token when the client omits the scope parameter in a token request, provided this scope is allowed as part of the access policy rule.

property description

description?: pulumi.Input<string>;

Description of the Auth Server Scope.

property metadataPublish

metadataPublish?: pulumi.Input<string>;

Whether to publish metadata or not. It can be set to "ALL_CLIENTS" or "NO_CLIENTS".

property name

name?: pulumi.Input<string>;

Auth Server scope name.

interface ServerState

interface ServerState

Input properties used for looking up and filtering Server resources.

property audiences

audiences?: pulumi.Input<pulumi.Input<string>[]>;

The recipients that the tokens are intended for. This becomes the aud claim in an access token.

property credentialsLastRotated

credentialsLastRotated?: pulumi.Input<string>;

The timestamp when the authorization server started to use the kid for signing tokens.

property credentialsNextRotation

credentialsNextRotation?: pulumi.Input<string>;

The timestamp when the authorization server changes the key for signing tokens. Only returned when credentialsRotationMode is "AUTO".

property credentialsRotationMode

credentialsRotationMode?: pulumi.Input<string>;

The key rotation mode for the authorization server. Can be "AUTO" or "MANUAL".

property description

description?: pulumi.Input<string>;

The description of the authorization server.

property issuer

issuer?: pulumi.Input<string>;

The complete URL for a Custom Authorization Server. This becomes the iss claim in an access token.

property issuerMode

issuerMode?: pulumi.Input<string>;

Allows you to use a custom issuer URL. It can be set to "CUSTOM_URL" or "ORG_URL"

property kid

kid?: pulumi.Input<string>;

The ID of the JSON Web Key used for signing tokens issued by the authorization server.

property name

name?: pulumi.Input<string>;

The name of the authorization server.

property status

status?: pulumi.Input<string>;

The status of the auth server. It defaults to "ACTIVE"