OAuth

Creates an OIDC Application.

This resource allows you to create and configure an OIDC Application.

Example Usage

using Pulumi;
using Okta = Pulumi.Okta;

class MyStack : Stack
{
    public MyStack()
    {
        var example = new Okta.App.OAuth("example", new Okta.App.OAuthArgs
        {
            GrantTypes = 
            {
                "authorization_code",
            },
            Label = "example",
            RedirectUris = 
            {
                "https://example.com/",
            },
            ResponseTypes = 
            {
                "code",
            },
            Type = "web",
        });
    }

}

Coming soon!

import pulumi
import pulumi_okta as okta

example = okta.app.OAuth("example",
    grant_types=["authorization_code"],
    label="example",
    redirect_uris=["https://example.com/"],
    response_types=["code"],
    type="web")

import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";

const example = new okta.app.OAuth("example", {
    grantTypes: ["authorization_code"],
    label: "example",
    redirectUris: ["https://example.com/"],
    responseTypes: ["code"],
    type: "web",
});

Create a OAuth Resource

new OAuth(name: string, args: OAuthArgs, opts?: CustomResourceOptions);

def OAuth(resource_name, opts=None, auto_key_rotation=None, auto_submit_toolbar=None, client_basic_secret=None, client_uri=None, consent_method=None, custom_client_id=None, grant_types=None, groups=None, hide_ios=None, hide_web=None, issuer_mode=None, label=None, login_uri=None, logo_uri=None, omit_secret=None, policy_uri=None, post_logout_redirect_uris=None, profile=None, redirect_uris=None, response_types=None, status=None, token_endpoint_auth_method=None, tos_uri=None, type=None, users=None, __props__=None);

func NewOAuth(ctx *Context, name string, args OAuthArgs, opts ...ResourceOption) (*OAuth, error)

public OAuth(string name, OAuthArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args OAuthArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args OAuthArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args OAuthArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

OAuth Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The OAuth resource accepts the following input properties:

Label string: The Application’s display name.
Type string: The type of OAuth application.
AutoKeyRotation bool: Requested key rotation mode.
AutoSubmitToolbar bool: Display auto submit toolbar.
ClientBasicSecret string: OAuth client secret key, this can be set when token_endpoint_auth_method is client_secret_basic.
ClientUri string: URI to a web page providing information about the client.
ConsentMethod string: Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED.
CustomClientId string: This property allows you to set the application’s client id.
GrantTypes List<string>: List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
Groups List<string>: The groups assigned to the application. It is recommended not to use this and instead use okta.app.GroupAssignment.
HideIos bool: Do not display application icon on mobile app.
HideWeb bool: Do not display application icon to users.
IssuerMode string: Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
LoginUri string: URI that initiates login.
LogoUri string: URI that references a logo for the client.
OmitSecret bool: This tells the provider not to persist the application’s secret to state. If this is ever changes from true => false your app will be recreated.
PolicyUri string: URI to web page providing client policy document.
PostLogoutRedirectUris List<string>: List of URIs for redirection after logout.
Profile string: Custom JSON that represents an OAuth application’s profile.
RedirectUris List<string>: List of URIs for use in the redirect-based flow. This is required for all application types except service.
ResponseTypes List<string>: List of OAuth 2.0 response type strings.
Status string: The status of the application, by default it is "ACTIVE".
TokenEndpointAuthMethod string: Requested authentication method for the token endpoint. It can be set to "none", "client_secret_post", "client_secret_basic", "client_secret_jwt".
TosUri string: URI to web page providing client tos (terms of service).
Users List<OAuthUserArgs>: The users assigned to the application. It is recommended not to use this and instead use okta.app.User.

Label string: The Application’s display name.
Type string: The type of OAuth application.
AutoKeyRotation bool: Requested key rotation mode.
AutoSubmitToolbar bool: Display auto submit toolbar.
ClientBasicSecret string: OAuth client secret key, this can be set when token_endpoint_auth_method is client_secret_basic.
ClientUri string: URI to a web page providing information about the client.
ConsentMethod string: Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED.
CustomClientId string: This property allows you to set the application’s client id.
GrantTypes []string: List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
Groups []string: The groups assigned to the application. It is recommended not to use this and instead use okta.app.GroupAssignment.
HideIos bool: Do not display application icon on mobile app.
HideWeb bool: Do not display application icon to users.
IssuerMode string: Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
LoginUri string: URI that initiates login.
LogoUri string: URI that references a logo for the client.
OmitSecret bool: This tells the provider not to persist the application’s secret to state. If this is ever changes from true => false your app will be recreated.
PolicyUri string: URI to web page providing client policy document.
PostLogoutRedirectUris []string: List of URIs for redirection after logout.
Profile string: Custom JSON that represents an OAuth application’s profile.
RedirectUris []string: List of URIs for use in the redirect-based flow. This is required for all application types except service.
ResponseTypes []string: List of OAuth 2.0 response type strings.
Status string: The status of the application, by default it is "ACTIVE".
TokenEndpointAuthMethod string: Requested authentication method for the token endpoint. It can be set to "none", "client_secret_post", "client_secret_basic", "client_secret_jwt".
TosUri string: URI to web page providing client tos (terms of service).
Users []OAuthUser: The users assigned to the application. It is recommended not to use this and instead use okta.app.User.

label string: The Application’s display name.
type string: The type of OAuth application.
autoKeyRotation boolean: Requested key rotation mode.
autoSubmitToolbar boolean: Display auto submit toolbar.
clientBasicSecret string: OAuth client secret key, this can be set when token_endpoint_auth_method is client_secret_basic.
clientUri string: URI to a web page providing information about the client.
consentMethod string: Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED.
customClientId string: This property allows you to set the application’s client id.
grantTypes string[]: List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
groups string[]: The groups assigned to the application. It is recommended not to use this and instead use okta.app.GroupAssignment.
hideIos boolean: Do not display application icon on mobile app.
hideWeb boolean: Do not display application icon to users.
issuerMode string: Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
loginUri string: URI that initiates login.
logoUri string: URI that references a logo for the client.
omitSecret boolean: This tells the provider not to persist the application’s secret to state. If this is ever changes from true => false your app will be recreated.
policyUri string: URI to web page providing client policy document.
postLogoutRedirectUris string[]: List of URIs for redirection after logout.
profile string: Custom JSON that represents an OAuth application’s profile.
redirectUris string[]: List of URIs for use in the redirect-based flow. This is required for all application types except service.
responseTypes string[]: List of OAuth 2.0 response type strings.
status string: The status of the application, by default it is "ACTIVE".
tokenEndpointAuthMethod string: Requested authentication method for the token endpoint. It can be set to "none", "client_secret_post", "client_secret_basic", "client_secret_jwt".
tosUri string: URI to web page providing client tos (terms of service).
users OAuthUser[]: The users assigned to the application. It is recommended not to use this and instead use okta.app.User.

label str: The Application’s display name.
type str: The type of OAuth application.
auto_key_rotation bool: Requested key rotation mode.
auto_submit_toolbar bool: Display auto submit toolbar.
client_basic_secret str: OAuth client secret key, this can be set when token_endpoint_auth_method is client_secret_basic.
client_uri str: URI to a web page providing information about the client.
consent_method str: Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED.
custom_client_id str: This property allows you to set the application’s client id.
grant_types List[str]: List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
groups List[str]: The groups assigned to the application. It is recommended not to use this and instead use okta.app.GroupAssignment.
hide_ios bool: Do not display application icon on mobile app.
hide_web bool: Do not display application icon to users.
issuer_mode str: Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
login_uri str: URI that initiates login.
logo_uri str: URI that references a logo for the client.
omit_secret bool: This tells the provider not to persist the application’s secret to state. If this is ever changes from true => false your app will be recreated.
policy_uri str: URI to web page providing client policy document.
post_logout_redirect_uris List[str]: List of URIs for redirection after logout.
profile str: Custom JSON that represents an OAuth application’s profile.
redirect_uris List[str]: List of URIs for use in the redirect-based flow. This is required for all application types except service.
response_types List[str]: List of OAuth 2.0 response type strings.
status str: The status of the application, by default it is "ACTIVE".
token_endpoint_auth_method str: Requested authentication method for the token endpoint. It can be set to "none", "client_secret_post", "client_secret_basic", "client_secret_jwt".
tos_uri str: URI to web page providing client tos (terms of service).
users List[OAuthUser]: The users assigned to the application. It is recommended not to use this and instead use okta.app.User.

Outputs

All input properties are implicitly available as output properties. Additionally, the OAuth resource produces the following output properties:

ClientId string: The client ID of the application.
ClientSecret string: The client secret of the application.
Id string: The provider-assigned unique ID for this managed resource.
Name string: Name assigned to the application by Okta.
SignOnMode string: Sign on mode of application.

ClientId string: The client ID of the application.
ClientSecret string: The client secret of the application.
Id string: The provider-assigned unique ID for this managed resource.
Name string: Name assigned to the application by Okta.
SignOnMode string: Sign on mode of application.

clientId string: The client ID of the application.
clientSecret string: The client secret of the application.
id string: The provider-assigned unique ID for this managed resource.
name string: Name assigned to the application by Okta.
signOnMode string: Sign on mode of application.

client_id str: The client ID of the application.
client_secret str: The client secret of the application.
id str: The provider-assigned unique ID for this managed resource.
name str: Name assigned to the application by Okta.
sign_on_mode str: Sign on mode of application.

Look up an Existing OAuth Resource

Get an existing OAuth resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: OAuthState, opts?: CustomResourceOptions): OAuth

static get(resource_name, id, opts=None, auto_key_rotation=None, auto_submit_toolbar=None, client_basic_secret=None, client_id=None, client_secret=None, client_uri=None, consent_method=None, custom_client_id=None, grant_types=None, groups=None, hide_ios=None, hide_web=None, issuer_mode=None, label=None, login_uri=None, logo_uri=None, name=None, omit_secret=None, policy_uri=None, post_logout_redirect_uris=None, profile=None, redirect_uris=None, response_types=None, sign_on_mode=None, status=None, token_endpoint_auth_method=None, tos_uri=None, type=None, users=None, __props__=None);

func GetOAuth(ctx *Context, name string, id IDInput, state *OAuthState, opts ...ResourceOption) (*OAuth, error)

public static OAuth Get(string name, Input<string> id, OAuthState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AutoKeyRotation bool: Requested key rotation mode.
AutoSubmitToolbar bool: Display auto submit toolbar.
ClientBasicSecret string: OAuth client secret key, this can be set when token_endpoint_auth_method is client_secret_basic.
ClientId string: The client ID of the application.
ClientSecret string: The client secret of the application.
ClientUri string: URI to a web page providing information about the client.
ConsentMethod string: Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED.
CustomClientId string: This property allows you to set the application’s client id.
GrantTypes List<string>: List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
Groups List<string>: The groups assigned to the application. It is recommended not to use this and instead use okta.app.GroupAssignment.
HideIos bool: Do not display application icon on mobile app.
HideWeb bool: Do not display application icon to users.
IssuerMode string: Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
Label string: The Application’s display name.
LoginUri string: URI that initiates login.
LogoUri string: URI that references a logo for the client.
Name string: Name assigned to the application by Okta.
OmitSecret bool: This tells the provider not to persist the application’s secret to state. If this is ever changes from true => false your app will be recreated.
PolicyUri string: URI to web page providing client policy document.
PostLogoutRedirectUris List<string>: List of URIs for redirection after logout.
Profile string: Custom JSON that represents an OAuth application’s profile.
RedirectUris List<string>: List of URIs for use in the redirect-based flow. This is required for all application types except service.
ResponseTypes List<string>: List of OAuth 2.0 response type strings.
SignOnMode string: Sign on mode of application.
Status string: The status of the application, by default it is "ACTIVE".
TokenEndpointAuthMethod string: Requested authentication method for the token endpoint. It can be set to "none", "client_secret_post", "client_secret_basic", "client_secret_jwt".
TosUri string: URI to web page providing client tos (terms of service).
Type string: The type of OAuth application.
Users List<OAuthUserArgs>: The users assigned to the application. It is recommended not to use this and instead use okta.app.User.

AutoKeyRotation bool: Requested key rotation mode.
AutoSubmitToolbar bool: Display auto submit toolbar.
ClientBasicSecret string: OAuth client secret key, this can be set when token_endpoint_auth_method is client_secret_basic.
ClientId string: The client ID of the application.
ClientSecret string: The client secret of the application.
ClientUri string: URI to a web page providing information about the client.
ConsentMethod string: Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED.
CustomClientId string: This property allows you to set the application’s client id.
GrantTypes []string: List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
Groups []string: The groups assigned to the application. It is recommended not to use this and instead use okta.app.GroupAssignment.
HideIos bool: Do not display application icon on mobile app.
HideWeb bool: Do not display application icon to users.
IssuerMode string: Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
Label string: The Application’s display name.
LoginUri string: URI that initiates login.
LogoUri string: URI that references a logo for the client.
Name string: Name assigned to the application by Okta.
OmitSecret bool: This tells the provider not to persist the application’s secret to state. If this is ever changes from true => false your app will be recreated.
PolicyUri string: URI to web page providing client policy document.
PostLogoutRedirectUris []string: List of URIs for redirection after logout.
Profile string: Custom JSON that represents an OAuth application’s profile.
RedirectUris []string: List of URIs for use in the redirect-based flow. This is required for all application types except service.
ResponseTypes []string: List of OAuth 2.0 response type strings.
SignOnMode string: Sign on mode of application.
Status string: The status of the application, by default it is "ACTIVE".
TokenEndpointAuthMethod string: Requested authentication method for the token endpoint. It can be set to "none", "client_secret_post", "client_secret_basic", "client_secret_jwt".
TosUri string: URI to web page providing client tos (terms of service).
Type string: The type of OAuth application.
Users []OAuthUser: The users assigned to the application. It is recommended not to use this and instead use okta.app.User.

autoKeyRotation boolean: Requested key rotation mode.
autoSubmitToolbar boolean: Display auto submit toolbar.
clientBasicSecret string: OAuth client secret key, this can be set when token_endpoint_auth_method is client_secret_basic.
clientId string: The client ID of the application.
clientSecret string: The client secret of the application.
clientUri string: URI to a web page providing information about the client.
consentMethod string: Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED.
customClientId string: This property allows you to set the application’s client id.
grantTypes string[]: List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
groups string[]: The groups assigned to the application. It is recommended not to use this and instead use okta.app.GroupAssignment.
hideIos boolean: Do not display application icon on mobile app.
hideWeb boolean: Do not display application icon to users.
issuerMode string: Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
label string: The Application’s display name.
loginUri string: URI that initiates login.
logoUri string: URI that references a logo for the client.
name string: Name assigned to the application by Okta.
omitSecret boolean: This tells the provider not to persist the application’s secret to state. If this is ever changes from true => false your app will be recreated.
policyUri string: URI to web page providing client policy document.
postLogoutRedirectUris string[]: List of URIs for redirection after logout.
profile string: Custom JSON that represents an OAuth application’s profile.
redirectUris string[]: List of URIs for use in the redirect-based flow. This is required for all application types except service.
responseTypes string[]: List of OAuth 2.0 response type strings.
signOnMode string: Sign on mode of application.
status string: The status of the application, by default it is "ACTIVE".
tokenEndpointAuthMethod string: Requested authentication method for the token endpoint. It can be set to "none", "client_secret_post", "client_secret_basic", "client_secret_jwt".
tosUri string: URI to web page providing client tos (terms of service).
type string: The type of OAuth application.
users OAuthUser[]: The users assigned to the application. It is recommended not to use this and instead use okta.app.User.

auto_key_rotation bool: Requested key rotation mode.
auto_submit_toolbar bool: Display auto submit toolbar.
client_basic_secret str: OAuth client secret key, this can be set when token_endpoint_auth_method is client_secret_basic.
client_id str: The client ID of the application.
client_secret str: The client secret of the application.
client_uri str: URI to a web page providing information about the client.
consent_method str: Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED.
custom_client_id str: This property allows you to set the application’s client id.
grant_types List[str]: List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
groups List[str]: The groups assigned to the application. It is recommended not to use this and instead use okta.app.GroupAssignment.
hide_ios bool: Do not display application icon on mobile app.
hide_web bool: Do not display application icon to users.
issuer_mode str: Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
label str: The Application’s display name.
login_uri str: URI that initiates login.
logo_uri str: URI that references a logo for the client.
name str: Name assigned to the application by Okta.
omit_secret bool: This tells the provider not to persist the application’s secret to state. If this is ever changes from true => false your app will be recreated.
policy_uri str: URI to web page providing client policy document.
post_logout_redirect_uris List[str]: List of URIs for redirection after logout.
profile str: Custom JSON that represents an OAuth application’s profile.
redirect_uris List[str]: List of URIs for use in the redirect-based flow. This is required for all application types except service.
response_types List[str]: List of OAuth 2.0 response type strings.
sign_on_mode str: Sign on mode of application.
status str: The status of the application, by default it is "ACTIVE".
token_endpoint_auth_method str: Requested authentication method for the token endpoint. It can be set to "none", "client_secret_post", "client_secret_basic", "client_secret_jwt".
tos_uri str: URI to web page providing client tos (terms of service).
type str: The type of OAuth application.
users List[OAuthUser]: The users assigned to the application. It is recommended not to use this and instead use okta.app.User.

Supporting Types

OAuthUser

See the input and output API doc for this type.

Id string
Password string
Scope string
Username string

Id string
Password string
Scope string
Username string

id string
password string
scope string
username string

id str
password str
scope str
username str

Package Details

Repository: https://github.com/pulumi/pulumi-okta
License: Apache-2.0
Notes: This Pulumi package is based on the okta Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud