1. Docs
  2. Reference
  3. API
  4. pulumi_auth0

This page documents the language specification for the auth0 package. If you're looking for help working with the inputs, outputs, or functions of auth0 resources in a Pulumi program, please see the resource documentation for examples and API reference.

Pulumi Auth0

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-auth0 repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-auth0 repo.

class pulumi_auth0.Client(resource_name, opts=None, addons=None, allowed_logout_urls=None, allowed_origins=None, app_type=None, callbacks=None, client_metadata=None, client_secret_rotation_trigger=None, cross_origin_auth=None, cross_origin_loc=None, custom_login_page=None, custom_login_page_on=None, custom_login_page_preview=None, description=None, encryption_key=None, form_template=None, grant_types=None, initiate_login_uri=None, is_first_party=None, is_token_endpoint_ip_header_trusted=None, jwt_configuration=None, logo_uri=None, mobile=None, name=None, oidc_conformant=None, sso=None, sso_disabled=None, token_endpoint_auth_method=None, web_origins=None, __props__=None, __name__=None, __opts__=None)

With this resource, you can set up applications that use Auth0 for authentication and configure allowed callback URLs and secrets for these applications. Depending on your plan, you may also configure add-ons to allow your application to call another application’s API (such as Firebase and AWS) on behalf of an authenticated user.

import pulumi
import pulumi_auth0 as auth0

my_client = auth0.Client("myClient",
    addons={
        "firebase": {
            "client_email": "john.doe@example.com",
            "lifetime_in_seconds": 1,
            "private_key": "wer",
            "private_key_id": "qwreerwerwe",
        },
        "samlp": {
            "audience": "https://example.com/saml",
            "createUpnClaim": False,
            "mapIdentities": False,
            "mapUnknownClaimsAsIs": False,
            "mappings": {
                "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
                "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
            },
            "nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
            "nameIdentifierProbes": ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"],
            "passthroughClaimsWithNoMapping": False,
        },
    },
    allowed_logout_urls=["https://example.com"],
    allowed_origins=["https://example.com"],
    app_type="non_interactive",
    callbacks=["https://example.com/callback"],
    client_metadata={
        "foo": "zoo",
    },
    custom_login_page_on=True,
    description="Test Applications Long Description",
    grant_types=[
        "authorization_code",
        "http://auth0.com/oauth/grant-type/password-realm",
        "implicit",
        "password",
        "refresh_token",
    ],
    is_first_party=True,
    is_token_endpoint_ip_header_trusted=True,
    jwt_configuration={
        "alg": "RS256",
        "lifetimeInSeconds": 300,
        "scopes": {
            "foo": "bar",
        },
        "secretEncoded": True,
    },
    mobile={
        "ios": {
            "appBundleIdentifier": "com.my.bundle.id",
            "teamId": "9JA89QQLNQ",
        },
    },
    oidc_conformant=False,
    token_endpoint_auth_method="client_secret_post",
    web_origins=["https://example.com"])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • addons (pulumi.Input[dict]) – List(Resource). Configuration settings for add-ons for this client. For details, see Add-ons.

  • allowed_logout_urls (pulumi.Input[list]) – List(String). URLs that Auth0 may redirect to after logout.

  • allowed_origins (pulumi.Input[list]) – List(String). URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.

  • app_type (pulumi.Input[str]) – String. Type of application the client represents. Options include native, spa, regular_web, non_interactive, rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.

  • callbacks (pulumi.Input[list]) – List(String). URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.

  • client_metadata (pulumi.Input[dict]) – Map(String)

  • client_secret_rotation_trigger (pulumi.Input[dict]) – Map.

  • cross_origin_auth (pulumi.Input[bool]) – Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests.

  • cross_origin_loc (pulumi.Input[str]) – String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page.

  • custom_login_page (pulumi.Input[str]) – String. Content of the custom login page.

  • custom_login_page_on (pulumi.Input[bool]) – Boolean. Indicates whether or not a custom login page is to be used.

  • custom_login_page_preview (pulumi.Input[str]) – String.

  • description (pulumi.Input[str]) – String, (Max length = 140 characters). Description of the purpose of the client.

  • encryption_key (pulumi.Input[dict]) – Map(String).

  • form_template (pulumi.Input[str]) – String. Form template for WS-Federation protocol.

  • grant_types (pulumi.Input[list]) – List(String). Types of grants that this client is authorized to use.

  • is_first_party (pulumi.Input[bool]) – Boolean. Indicates whether or not this client is a first-party client.

  • is_token_endpoint_ip_header_trusted (pulumi.Input[bool]) – Boolean. Indicates whether or not the token endpoint IP header is trusted.

  • jwt_configuration (pulumi.Input[dict]) – List(Resource). Configuration settings for the JWTs issued for this client. For details, see JWT Configuration.

  • logo_uri (pulumi.Input[str]) – String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.

  • mobile (pulumi.Input[dict]) – List(Resource). Configuration settings for mobile native applications. For details, see Mobile.

  • name (pulumi.Input[str]) – String. Name of the client.

  • oidc_conformant (pulumi.Input[bool]) – Boolean. Indicates whether or not this client will conform to strict OIDC specifications.

  • sso (pulumi.Input[bool]) – Boolean. Indicates whether or not the client should use Auth0 rather than the IdP to perform Single Sign-On (SSO). True = Use Auth0.

  • sso_disabled (pulumi.Input[bool]) – Boolean. Indicates whether or not SSO is disabled.

  • token_endpoint_auth_method (pulumi.Input[str]) – String. Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).

  • web_origins (pulumi.Input[list]) – List(String). URLs that represent valid web origins for use with web message response mode.

The addons object supports the following:

  • aws (pulumi.Input[dict]) - String

  • azureBlob (pulumi.Input[dict]) - String

  • azureSb (pulumi.Input[dict]) - String

  • box (pulumi.Input[dict]) - String

  • cloudbees (pulumi.Input[dict]) - String

  • concur (pulumi.Input[dict]) - String

  • dropbox (pulumi.Input[dict]) - String

  • echosign (pulumi.Input[dict]) - String

  • egnyte (pulumi.Input[dict]) - String

  • firebase (pulumi.Input[dict]) - String

  • layer (pulumi.Input[dict]) - String

  • mscrm (pulumi.Input[dict]) - String

  • newrelic (pulumi.Input[dict]) - String

  • office365 (pulumi.Input[dict]) - String

  • rms (pulumi.Input[dict]) - String

  • salesforce (pulumi.Input[dict]) - String

  • salesforceApi (pulumi.Input[dict]) - String

  • salesforceSandboxApi (pulumi.Input[dict]) - String

  • samlp (pulumi.Input[dict]) - List(Resource). Configuration settings for a SAML add-on. For details, see SAML.

    • audience (pulumi.Input[str]) - String. Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.

    • authnContextClassRef (pulumi.Input[str]) - String. Class reference of the authentication context.

    • binding (pulumi.Input[str]) - String. Protocol binding used for SAML logout responses.

    • createUpnClaim (pulumi.Input[bool]) - Boolean, (Default=true) Indicates whether or not a UPN claim should be created.

    • destination (pulumi.Input[str]) - String. Destination of the SAML Response. If not specified, it will be AssertionConsumerUrlof SAMLRequest or Callback URL if there was no SAMLRequest.

    • digestAlgorithm (pulumi.Input[str]) - String, (Default=sha1). Algorithm used to calculate the digest of the SAML Assertion or response. Options include defaultsha1 and sha256.

    • includeAttributeNameFormat (pulumi.Input[bool]) - Boolean,(Default=true). Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion.

    • lifetimeInSeconds (pulumi.Input[float]) - Integer, (Default=3600). Number of seconds during which the token is valid.

    • logout (pulumi.Input[dict]) - Map(Resource). Configuration settings for logout. For details, see Logout.

      • callback (pulumi.Input[str]) - String. Service provider’s Single Logout Service URL, to which Auth0 will send logout requests and responses.

      • sloEnabled (pulumi.Input[bool]) - Boolean. Indicates whether or not Auth0 should notify service providers of session termination.

    • mapIdentities (pulumi.Input[bool]) - Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available.

    • mapUnknownClaimsAsIs (pulumi.Input[bool]) - Boolean, (Default=false). Indicates whether or not to add a prefix of http://schema.auth0.com to any claims that are not mapped to the common profile when passed through in the output assertion.

    • mappings (pulumi.Input[dict]) - Map(String). Mappings between the Auth0 user profile property name (name) and the output attributes on the SAML attribute in the assertion (value).

    • nameIdentifierFormat (pulumi.Input[str]) - String, (Default=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified). Format of the name identifier.

    • nameIdentifierProbes (pulumi.Input[list]) - List(String). Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.

    • passthroughClaimsWithNoMapping (pulumi.Input[bool]) - Boolean, (Default=true). Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion.

    • recipient (pulumi.Input[str]) - String. Recipient of the SAML Assertion (SubjectConfirmationData). Default is AssertionConsumerUrl on SAMLRequest or Callback URL if no SAMLRequest was sent.

    • signResponse (pulumi.Input[bool]) - Boolean. Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.

    • signatureAlgorithm (pulumi.Input[str]) - String, (Default=rsa-sha1). Algorithm used to sign the SAML Assertion or response. Options include rsa-sha1 and rsa-sha256.

    • typedAttributes (pulumi.Input[bool]) - Boolean, (Default=true). Indicates whether or not we should infer the xs:type of the element. Types include xs:string, xs:boolean, xs:double, and xs:anyType. When set to false, all xs:type are xs:anyType.

  • sapApi (pulumi.Input[dict]) - String

  • sentry (pulumi.Input[dict]) - String

  • sharepoint (pulumi.Input[dict]) - String

  • slack (pulumi.Input[dict]) - String

  • springcm (pulumi.Input[dict]) - String

  • wams (pulumi.Input[dict]) - String

  • wsfed (pulumi.Input[dict]) - String

  • zendesk (pulumi.Input[dict]) - String

  • zoom (pulumi.Input[dict]) - String

The jwt_configuration object supports the following:

  • alg (pulumi.Input[str]) - String. Algorithm used to sign JWTs.

  • lifetimeInSeconds (pulumi.Input[float]) - Integer. Number of seconds during which the JWT will be valid.

  • scopes (pulumi.Input[dict]) - Map(String). Permissions (scopes) included in JWTs.

  • secretEncoded (pulumi.Input[bool]) - Boolean. Indicates whether or not the client secret is base64 encoded.

The mobile object supports the following:

  • android (pulumi.Input[dict]) - List(Resource). Configuration settings for Android native apps. For details, see Android.

    • appPackageName (pulumi.Input[str]) - String

    • sha256CertFingerprints (pulumi.Input[list]) - List(String)

  • ios (pulumi.Input[dict]) - List(Resource). Configuration settings for i0S native apps. For details, see iOS.

    • appBundleIdentifier (pulumi.Input[str]) - String

    • teamId (pulumi.Input[str]) - String

addons: pulumi.Output[dict] = None

List(Resource). Configuration settings for add-ons for this client. For details, see Add-ons.

  • aws (dict) - String

  • azureBlob (dict) - String

  • azureSb (dict) - String

  • box (dict) - String

  • cloudbees (dict) - String

  • concur (dict) - String

  • dropbox (dict) - String

  • echosign (dict) - String

  • egnyte (dict) - String

  • firebase (dict) - String

  • layer (dict) - String

  • mscrm (dict) - String

  • newrelic (dict) - String

  • office365 (dict) - String

  • rms (dict) - String

  • salesforce (dict) - String

  • salesforceApi (dict) - String

  • salesforceSandboxApi (dict) - String

  • samlp (dict) - List(Resource). Configuration settings for a SAML add-on. For details, see SAML.

    • audience (str) - String. Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.

    • authnContextClassRef (str) - String. Class reference of the authentication context.

    • binding (str) - String. Protocol binding used for SAML logout responses.

    • createUpnClaim (bool) - Boolean, (Default=true) Indicates whether or not a UPN claim should be created.

    • destination (str) - String. Destination of the SAML Response. If not specified, it will be AssertionConsumerUrlof SAMLRequest or Callback URL if there was no SAMLRequest.

    • digestAlgorithm (str) - String, (Default=sha1). Algorithm used to calculate the digest of the SAML Assertion or response. Options include defaultsha1 and sha256.

    • includeAttributeNameFormat (bool) - Boolean,(Default=true). Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion.

    • lifetimeInSeconds (float) - Integer, (Default=3600). Number of seconds during which the token is valid.

    • logout (dict) - Map(Resource). Configuration settings for logout. For details, see Logout.

      • callback (str) - String. Service provider’s Single Logout Service URL, to which Auth0 will send logout requests and responses.

      • sloEnabled (bool) - Boolean. Indicates whether or not Auth0 should notify service providers of session termination.

    • mapIdentities (bool) - Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available.

    • mapUnknownClaimsAsIs (bool) - Boolean, (Default=false). Indicates whether or not to add a prefix of http://schema.auth0.com to any claims that are not mapped to the common profile when passed through in the output assertion.

    • mappings (dict) - Map(String). Mappings between the Auth0 user profile property name (name) and the output attributes on the SAML attribute in the assertion (value).

    • nameIdentifierFormat (str) - String, (Default=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified). Format of the name identifier.

    • nameIdentifierProbes (list) - List(String). Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.

    • passthroughClaimsWithNoMapping (bool) - Boolean, (Default=true). Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion.

    • recipient (str) - String. Recipient of the SAML Assertion (SubjectConfirmationData). Default is AssertionConsumerUrl on SAMLRequest or Callback URL if no SAMLRequest was sent.

    • signResponse (bool) - Boolean. Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.

    • signatureAlgorithm (str) - String, (Default=rsa-sha1). Algorithm used to sign the SAML Assertion or response. Options include rsa-sha1 and rsa-sha256.

    • typedAttributes (bool) - Boolean, (Default=true). Indicates whether or not we should infer the xs:type of the element. Types include xs:string, xs:boolean, xs:double, and xs:anyType. When set to false, all xs:type are xs:anyType.

  • sapApi (dict) - String

  • sentry (dict) - String

  • sharepoint (dict) - String

  • slack (dict) - String

  • springcm (dict) - String

  • wams (dict) - String

  • wsfed (dict) - String

  • zendesk (dict) - String

  • zoom (dict) - String

allowed_logout_urls: pulumi.Output[list] = None

List(String). URLs that Auth0 may redirect to after logout.

allowed_origins: pulumi.Output[list] = None

List(String). URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.

app_type: pulumi.Output[str] = None

String. Type of application the client represents. Options include native, spa, regular_web, non_interactive, rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.

callbacks: pulumi.Output[list] = None

List(String). URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.

client_id: pulumi.Output[str] = None

String. ID of the client.

client_metadata: pulumi.Output[dict] = None

Map(String)

client_secret: pulumi.Output[str] = None

String. Secret for the client; keep this private.

client_secret_rotation_trigger: pulumi.Output[dict] = None

Map.

cross_origin_auth: pulumi.Output[bool] = None

Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests.

cross_origin_loc: pulumi.Output[str] = None

String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page.

custom_login_page: pulumi.Output[str] = None

String. Content of the custom login page.

custom_login_page_on: pulumi.Output[bool] = None

Boolean. Indicates whether or not a custom login page is to be used.

custom_login_page_preview: pulumi.Output[str] = None

String.

description: pulumi.Output[str] = None

String, (Max length = 140 characters). Description of the purpose of the client.

encryption_key: pulumi.Output[dict] = None

Map(String).

form_template: pulumi.Output[str] = None

String. Form template for WS-Federation protocol.

grant_types: pulumi.Output[list] = None

List(String). Types of grants that this client is authorized to use.

is_first_party: pulumi.Output[bool] = None

Boolean. Indicates whether or not this client is a first-party client.

is_token_endpoint_ip_header_trusted: pulumi.Output[bool] = None

Boolean. Indicates whether or not the token endpoint IP header is trusted.

jwt_configuration: pulumi.Output[dict] = None

List(Resource). Configuration settings for the JWTs issued for this client. For details, see JWT Configuration.

  • alg (str) - String. Algorithm used to sign JWTs.

  • lifetimeInSeconds (float) - Integer. Number of seconds during which the JWT will be valid.

  • scopes (dict) - Map(String). Permissions (scopes) included in JWTs.

  • secretEncoded (bool) - Boolean. Indicates whether or not the client secret is base64 encoded.

logo_uri: pulumi.Output[str] = None

String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.

mobile: pulumi.Output[dict] = None

List(Resource). Configuration settings for mobile native applications. For details, see Mobile.

  • android (dict) - List(Resource). Configuration settings for Android native apps. For details, see Android.

    • appPackageName (str) - String

    • sha256CertFingerprints (list) - List(String)

  • ios (dict) - List(Resource). Configuration settings for i0S native apps. For details, see iOS.

    • appBundleIdentifier (str) - String

    • teamId (str) - String

name: pulumi.Output[str] = None

String. Name of the client.

oidc_conformant: pulumi.Output[bool] = None

Boolean. Indicates whether or not this client will conform to strict OIDC specifications.

sso: pulumi.Output[bool] = None

Boolean. Indicates whether or not the client should use Auth0 rather than the IdP to perform Single Sign-On (SSO). True = Use Auth0.

sso_disabled: pulumi.Output[bool] = None

Boolean. Indicates whether or not SSO is disabled.

token_endpoint_auth_method: pulumi.Output[str] = None

String. Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).

web_origins: pulumi.Output[list] = None

List(String). URLs that represent valid web origins for use with web message response mode.

static get(resource_name, id, opts=None, addons=None, allowed_logout_urls=None, allowed_origins=None, app_type=None, callbacks=None, client_id=None, client_metadata=None, client_secret=None, client_secret_rotation_trigger=None, cross_origin_auth=None, cross_origin_loc=None, custom_login_page=None, custom_login_page_on=None, custom_login_page_preview=None, description=None, encryption_key=None, form_template=None, grant_types=None, initiate_login_uri=None, is_first_party=None, is_token_endpoint_ip_header_trusted=None, jwt_configuration=None, logo_uri=None, mobile=None, name=None, oidc_conformant=None, sso=None, sso_disabled=None, token_endpoint_auth_method=None, web_origins=None)

Get an existing Client resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • addons (pulumi.Input[dict]) – List(Resource). Configuration settings for add-ons for this client. For details, see Add-ons.

  • allowed_logout_urls (pulumi.Input[list]) – List(String). URLs that Auth0 may redirect to after logout.

  • allowed_origins (pulumi.Input[list]) – List(String). URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.

  • app_type (pulumi.Input[str]) – String. Type of application the client represents. Options include native, spa, regular_web, non_interactive, rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.

  • callbacks (pulumi.Input[list]) – List(String). URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.

  • client_id (pulumi.Input[str]) – String. ID of the client.

  • client_metadata (pulumi.Input[dict]) – Map(String)

  • client_secret (pulumi.Input[str]) – String. Secret for the client; keep this private.

  • client_secret_rotation_trigger (pulumi.Input[dict]) – Map.

  • cross_origin_auth (pulumi.Input[bool]) – Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests.

  • cross_origin_loc (pulumi.Input[str]) – String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page.

  • custom_login_page (pulumi.Input[str]) – String. Content of the custom login page.

  • custom_login_page_on (pulumi.Input[bool]) – Boolean. Indicates whether or not a custom login page is to be used.

  • custom_login_page_preview (pulumi.Input[str]) – String.

  • description (pulumi.Input[str]) – String, (Max length = 140 characters). Description of the purpose of the client.

  • encryption_key (pulumi.Input[dict]) – Map(String).

  • form_template (pulumi.Input[str]) – String. Form template for WS-Federation protocol.

  • grant_types (pulumi.Input[list]) – List(String). Types of grants that this client is authorized to use.

  • is_first_party (pulumi.Input[bool]) – Boolean. Indicates whether or not this client is a first-party client.

  • is_token_endpoint_ip_header_trusted (pulumi.Input[bool]) – Boolean. Indicates whether or not the token endpoint IP header is trusted.

  • jwt_configuration (pulumi.Input[dict]) – List(Resource). Configuration settings for the JWTs issued for this client. For details, see JWT Configuration.

  • logo_uri (pulumi.Input[str]) – String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.

  • mobile (pulumi.Input[dict]) – List(Resource). Configuration settings for mobile native applications. For details, see Mobile.

  • name (pulumi.Input[str]) – String. Name of the client.

  • oidc_conformant (pulumi.Input[bool]) – Boolean. Indicates whether or not this client will conform to strict OIDC specifications.

  • sso (pulumi.Input[bool]) – Boolean. Indicates whether or not the client should use Auth0 rather than the IdP to perform Single Sign-On (SSO). True = Use Auth0.

  • sso_disabled (pulumi.Input[bool]) – Boolean. Indicates whether or not SSO is disabled.

  • token_endpoint_auth_method (pulumi.Input[str]) – String. Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).

  • web_origins (pulumi.Input[list]) – List(String). URLs that represent valid web origins for use with web message response mode.

The addons object supports the following:

  • aws (pulumi.Input[dict]) - String

  • azureBlob (pulumi.Input[dict]) - String

  • azureSb (pulumi.Input[dict]) - String

  • box (pulumi.Input[dict]) - String

  • cloudbees (pulumi.Input[dict]) - String

  • concur (pulumi.Input[dict]) - String

  • dropbox (pulumi.Input[dict]) - String

  • echosign (pulumi.Input[dict]) - String

  • egnyte (pulumi.Input[dict]) - String

  • firebase (pulumi.Input[dict]) - String

  • layer (pulumi.Input[dict]) - String

  • mscrm (pulumi.Input[dict]) - String

  • newrelic (pulumi.Input[dict]) - String

  • office365 (pulumi.Input[dict]) - String

  • rms (pulumi.Input[dict]) - String

  • salesforce (pulumi.Input[dict]) - String

  • salesforceApi (pulumi.Input[dict]) - String

  • salesforceSandboxApi (pulumi.Input[dict]) - String

  • samlp (pulumi.Input[dict]) - List(Resource). Configuration settings for a SAML add-on. For details, see SAML.

    • audience (pulumi.Input[str]) - String. Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.

    • authnContextClassRef (pulumi.Input[str]) - String. Class reference of the authentication context.

    • binding (pulumi.Input[str]) - String. Protocol binding used for SAML logout responses.

    • createUpnClaim (pulumi.Input[bool]) - Boolean, (Default=true) Indicates whether or not a UPN claim should be created.

    • destination (pulumi.Input[str]) - String. Destination of the SAML Response. If not specified, it will be AssertionConsumerUrlof SAMLRequest or Callback URL if there was no SAMLRequest.

    • digestAlgorithm (pulumi.Input[str]) - String, (Default=sha1). Algorithm used to calculate the digest of the SAML Assertion or response. Options include defaultsha1 and sha256.

    • includeAttributeNameFormat (pulumi.Input[bool]) - Boolean,(Default=true). Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion.

    • lifetimeInSeconds (pulumi.Input[float]) - Integer, (Default=3600). Number of seconds during which the token is valid.

    • logout (pulumi.Input[dict]) - Map(Resource). Configuration settings for logout. For details, see Logout.

      • callback (pulumi.Input[str]) - String. Service provider’s Single Logout Service URL, to which Auth0 will send logout requests and responses.

      • sloEnabled (pulumi.Input[bool]) - Boolean. Indicates whether or not Auth0 should notify service providers of session termination.

    • mapIdentities (pulumi.Input[bool]) - Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available.

    • mapUnknownClaimsAsIs (pulumi.Input[bool]) - Boolean, (Default=false). Indicates whether or not to add a prefix of http://schema.auth0.com to any claims that are not mapped to the common profile when passed through in the output assertion.

    • mappings (pulumi.Input[dict]) - Map(String). Mappings between the Auth0 user profile property name (name) and the output attributes on the SAML attribute in the assertion (value).

    • nameIdentifierFormat (pulumi.Input[str]) - String, (Default=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified). Format of the name identifier.

    • nameIdentifierProbes (pulumi.Input[list]) - List(String). Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.

    • passthroughClaimsWithNoMapping (pulumi.Input[bool]) - Boolean, (Default=true). Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion.

    • recipient (pulumi.Input[str]) - String. Recipient of the SAML Assertion (SubjectConfirmationData). Default is AssertionConsumerUrl on SAMLRequest or Callback URL if no SAMLRequest was sent.

    • signResponse (pulumi.Input[bool]) - Boolean. Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.

    • signatureAlgorithm (pulumi.Input[str]) - String, (Default=rsa-sha1). Algorithm used to sign the SAML Assertion or response. Options include rsa-sha1 and rsa-sha256.

    • typedAttributes (pulumi.Input[bool]) - Boolean, (Default=true). Indicates whether or not we should infer the xs:type of the element. Types include xs:string, xs:boolean, xs:double, and xs:anyType. When set to false, all xs:type are xs:anyType.

  • sapApi (pulumi.Input[dict]) - String

  • sentry (pulumi.Input[dict]) - String

  • sharepoint (pulumi.Input[dict]) - String

  • slack (pulumi.Input[dict]) - String

  • springcm (pulumi.Input[dict]) - String

  • wams (pulumi.Input[dict]) - String

  • wsfed (pulumi.Input[dict]) - String

  • zendesk (pulumi.Input[dict]) - String

  • zoom (pulumi.Input[dict]) - String

The jwt_configuration object supports the following:

  • alg (pulumi.Input[str]) - String. Algorithm used to sign JWTs.

  • lifetimeInSeconds (pulumi.Input[float]) - Integer. Number of seconds during which the JWT will be valid.

  • scopes (pulumi.Input[dict]) - Map(String). Permissions (scopes) included in JWTs.

  • secretEncoded (pulumi.Input[bool]) - Boolean. Indicates whether or not the client secret is base64 encoded.

The mobile object supports the following:

  • android (pulumi.Input[dict]) - List(Resource). Configuration settings for Android native apps. For details, see Android.

    • appPackageName (pulumi.Input[str]) - String

    • sha256CertFingerprints (pulumi.Input[list]) - List(String)

  • ios (pulumi.Input[dict]) - List(Resource). Configuration settings for i0S native apps. For details, see iOS.

    • appBundleIdentifier (pulumi.Input[str]) - String

    • teamId (pulumi.Input[str]) - String

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_auth0.ClientGrant(resource_name, opts=None, audience=None, client_id=None, scopes=None, __props__=None, __name__=None, __opts__=None)

Auth0 uses various grant types, or methods by which you grant limited access to your resources to another entity without exposing credentials. The OAuth 2.0 protocol supports several types of grants, which allow different types of access. This resource allows you to create and manage client grants used with configured Auth0 clients.

import pulumi
import pulumi_auth0 as auth0

my_client = auth0.Client("myClient")
my_resource_server = auth0.ResourceServer("myResourceServer",
    identifier="https://api.example.com/client-grant",
    scopes=[
        {
            "description": "Create foos",
            "value": "create:foo",
        },
        {
            "description": "Create bars",
            "value": "create:bar",
        },
    ])
my_client_grant = auth0.ClientGrant("myClientGrant",
    audience=my_resource_server.identifier,
    client_id=my_client.id,
    scopes=["create:foo"])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • audience (pulumi.Input[str]) – String. Audience or API Identifier for this grant.

  • client_id (pulumi.Input[str]) – String. ID of the client for this grant.

  • scopes (pulumi.Input[list]) – List(String). Permissions (scopes) included in this grant.

audience: pulumi.Output[str] = None

String. Audience or API Identifier for this grant.

client_id: pulumi.Output[str] = None

String. ID of the client for this grant.

scopes: pulumi.Output[list] = None

List(String). Permissions (scopes) included in this grant.

static get(resource_name, id, opts=None, audience=None, client_id=None, scopes=None)

Get an existing ClientGrant resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • audience (pulumi.Input[str]) – String. Audience or API Identifier for this grant.

  • client_id (pulumi.Input[str]) – String. ID of the client for this grant.

  • scopes (pulumi.Input[list]) – List(String). Permissions (scopes) included in this grant.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_auth0.Connection(resource_name, opts=None, display_name=None, enabled_clients=None, is_domain_connection=None, name=None, options=None, realms=None, strategy=None, strategy_version=None, __props__=None, __name__=None, __opts__=None)

With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers (such as Google or LinkedIn), databases, or passwordless authentication methods. This resource allows you to configure and manage connections to be used with your clients and users.

import pulumi
import pulumi_auth0 as auth0

my_connection = auth0.Connection("myConnection",
    options={
        "bruteForceProtection": "true",
        "configuration": {
            "bar": "baz",
            "foo": "bar",
        },
        "customScripts": {
            "getUser": """function getByEmail (email, callback) {
  return callback(new Error("Whoops!"))
}

""",
        },
        "enabledDatabaseCustomization": "true",
        "passwordHistory": [{
            "enable": True,
            "size": 3,
        }],
        "passwordPolicy": "excellent",
    },
    strategy="auth0")
my_waad_connection = auth0.Connection("myWaadConnection",
    options={
        "apiEnableUsers": True,
        "appDomain": "my-auth0-app.eu.auth0.com",
        "basicProfile": True,
        "client_id": "1234",
        "client_secret": "1234",
        "domainAliases": ["example.io"],
        "extGroups": True,
        "extProfile": True,
        "tenantDomain": "exmaple.onmicrosoft.com",
        "useWsfed": False,
        "waadCommonEndpoint": False,
        "waadProtocol": "openid-connect",
    },
    strategy="waad")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • display_name (pulumi.Input[str]) – Name used in login screen

  • enabled_clients (pulumi.Input[list]) – Set(String). IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

  • is_domain_connection (pulumi.Input[bool]) – Boolean. Indicates whether or not the connection is domain level.

  • name (pulumi.Input[str]) – String. Name of the connection.

  • options (pulumi.Input[dict]) – List(Resource). Configuration settings for connection options. For details, see Options.

  • realms (pulumi.Input[list]) – List(String). Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

  • strategy (pulumi.Input[str]) – String. Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

  • strategy_version (pulumi.Input[str]) – Int. Version 1 is deprecated, use version 2.

The options object supports the following:

  • adfsServer (pulumi.Input[str]) - String. ADFS Metadata source.

  • allowedAudiences (pulumi.Input[list])

  • apiEnableUsers (pulumi.Input[bool]) - Boolean.

  • appDomain (pulumi.Input[str]) - String. Azure AD domain name.

  • appId (pulumi.Input[str]) - String

  • authorizationEndpoint (pulumi.Input[str]) - String.

  • bruteForceProtection (pulumi.Input[bool]) - Boolean. Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

  • client_id (pulumi.Input[str]) - String. Client ID given by your OIDC provider.

  • client_secret (pulumi.Input[str]) - String, Case-sensitive. Client secret given by your OIDC provider.

  • communityBaseUrl (pulumi.Input[str]) - String.

  • configuration (pulumi.Input[dict]) - Map(String), Case-sensitive.

  • customScripts (pulumi.Input[dict]) - Map(String).

  • disableCache (pulumi.Input[bool])

  • disableSignup (pulumi.Input[bool]) - Boolean. Indicates whether or not to allow user sign-ups to your application.

  • discoveryUrl (pulumi.Input[str]) - String. Usually an URL ending with /.well-known/openid-configuration

  • domain (pulumi.Input[str])

  • domainAliases (pulumi.Input[list]) - List(String). List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

  • enabledDatabaseCustomization (pulumi.Input[bool]) - Boolean.

  • from_ (pulumi.Input[str]) - String. SMS number for the sender. Used when SMS Source is From.

  • iconUrl (pulumi.Input[str])

  • identityApi (pulumi.Input[str])

  • importMode (pulumi.Input[bool]) - Boolean. Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

  • ips (pulumi.Input[list])

  • issuer (pulumi.Input[str]) - String. URL of the issuer.

  • jwksUri (pulumi.Input[str]) - String.

  • keyId (pulumi.Input[str])

  • maxGroupsToRetrieve (pulumi.Input[str]) - String. Maximum number of groups to retrieve.

  • messagingServiceSid (pulumi.Input[str]) - String. SID for Copilot. Used when SMS Source is Copilot.

  • name (pulumi.Input[str]) - String.

  • passwordComplexityOptions (pulumi.Input[dict]) - List(Resource). Configuration settings for password complexity. For details, see Password Complexity Options.

    • minLength (pulumi.Input[float]) - Integer. Minimum number of characters allowed in passwords.

  • passwordDictionary (pulumi.Input[dict]) - List(Resource). Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

    • dictionaries (pulumi.Input[list]) - Set(String), (Maximum=2000 characters). Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.

    • enable (pulumi.Input[bool]) - Boolean. Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

  • passwordHistories (pulumi.Input[list]) - List(Resource). Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

    • enable (pulumi.Input[bool]) - Boolean. Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

    • size (pulumi.Input[float]) - Integer, (Maximum=24). Indicates the number of passwords to keep in history.

  • passwordNoPersonalInfo (pulumi.Input[dict]) - List(Resource). Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user’s personal data, including user’s name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user’s email, or first part of the user’s email. For details, see Password No Personal Info.

    • enable (pulumi.Input[bool]) - Boolean. Indicates whether the password personal info check is enabled for this connection.

  • passwordPolicy (pulumi.Input[str]) - String. Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

  • requiresUsername (pulumi.Input[bool]) - Boolean. Indicates whether or not the user is required to provide a username in addition to an email address.

  • scopes (pulumi.Input[list]) - List(String). Value must be a list of scopes. For example ["openid", "profile", "email"]

  • strategy_version (pulumi.Input[float]) - Int. Version 1 is deprecated, use version 2.

  • subject (pulumi.Input[str])

  • syntax (pulumi.Input[str]) - String. Syntax of the SMS. Options include markdown and liquid.

  • teamId (pulumi.Input[str])

  • template (pulumi.Input[str]) - String. Template for the SMS. You can use @@password@@ as a placeholder for the password value.

  • tenantDomain (pulumi.Input[str]) - String

  • tokenEndpoint (pulumi.Input[str]) - String.

  • totp (pulumi.Input[dict]) - Map(Resource). Configuration options for one-time passwords. For details, see TOTP.

    • length (pulumi.Input[float]) - Integer. Length of the one-time password.

    • timeStep (pulumi.Input[float]) - Integer. Seconds between allowed generation of new passwords.

  • twilioSid (pulumi.Input[str]) - String. SID for your Twilio account.

  • twilioToken (pulumi.Input[str]) - String, Case-sensitive. AuthToken for your Twilio account.

  • type (pulumi.Input[str]) - String. Value must be back_channel or front_channel

  • useCertAuth (pulumi.Input[bool])

  • useKerberos (pulumi.Input[bool])

  • useWsfed (pulumi.Input[bool]) - Bool

  • userinfoEndpoint (pulumi.Input[str]) - String.

  • validation (pulumi.Input[dict]) - String.

  • waadCommonEndpoint (pulumi.Input[bool]) - Boolean. Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you’re using this for a multi-tenant application in Azure AD.

  • waadProtocol (pulumi.Input[str]) - String

display_name: pulumi.Output[str] = None

Name used in login screen

enabled_clients: pulumi.Output[list] = None

Set(String). IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

is_domain_connection: pulumi.Output[bool] = None

Boolean. Indicates whether or not the connection is domain level.

name: pulumi.Output[str] = None

String. Name of the connection.

options: pulumi.Output[dict] = None

List(Resource). Configuration settings for connection options. For details, see Options.

  • adfsServer (str) - String. ADFS Metadata source.

  • allowedAudiences (list)

  • apiEnableUsers (bool) - Boolean.

  • appDomain (str) - String. Azure AD domain name.

  • appId (str) - String

  • authorizationEndpoint (str) - String.

  • bruteForceProtection (bool) - Boolean. Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

  • client_id (str) - String. Client ID given by your OIDC provider.

  • client_secret (str) - String, Case-sensitive. Client secret given by your OIDC provider.

  • communityBaseUrl (str) - String.

  • configuration (dict) - Map(String), Case-sensitive.

  • customScripts (dict) - Map(String).

  • disableCache (bool)

  • disableSignup (bool) - Boolean. Indicates whether or not to allow user sign-ups to your application.

  • discoveryUrl (str) - String. Usually an URL ending with /.well-known/openid-configuration

  • domain (str)

  • domainAliases (list) - List(String). List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

  • enabledDatabaseCustomization (bool) - Boolean.

  • from_ (str) - String. SMS number for the sender. Used when SMS Source is From.

  • iconUrl (str)

  • identityApi (str)

  • importMode (bool) - Boolean. Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

  • ips (list)

  • issuer (str) - String. URL of the issuer.

  • jwksUri (str) - String.

  • keyId (str)

  • maxGroupsToRetrieve (str) - String. Maximum number of groups to retrieve.

  • messagingServiceSid (str) - String. SID for Copilot. Used when SMS Source is Copilot.

  • name (str) - String.

  • passwordComplexityOptions (dict) - List(Resource). Configuration settings for password complexity. For details, see Password Complexity Options.

    • minLength (float) - Integer. Minimum number of characters allowed in passwords.

  • passwordDictionary (dict) - List(Resource). Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

    • dictionaries (list) - Set(String), (Maximum=2000 characters). Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.

    • enable (bool) - Boolean. Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

  • passwordHistories (list) - List(Resource). Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

    • enable (bool) - Boolean. Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

    • size (float) - Integer, (Maximum=24). Indicates the number of passwords to keep in history.

  • passwordNoPersonalInfo (dict) - List(Resource). Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user’s personal data, including user’s name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user’s email, or first part of the user’s email. For details, see Password No Personal Info.

    • enable (bool) - Boolean. Indicates whether the password personal info check is enabled for this connection.

  • passwordPolicy (str) - String. Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

  • requiresUsername (bool) - Boolean. Indicates whether or not the user is required to provide a username in addition to an email address.

  • scopes (list) - List(String). Value must be a list of scopes. For example ["openid", "profile", "email"]

  • strategy_version (float) - Int. Version 1 is deprecated, use version 2.

  • subject (str)

  • syntax (str) - String. Syntax of the SMS. Options include markdown and liquid.

  • teamId (str)

  • template (str) - String. Template for the SMS. You can use @@password@@ as a placeholder for the password value.

  • tenantDomain (str) - String

  • tokenEndpoint (str) - String.

  • totp (dict) - Map(Resource). Configuration options for one-time passwords. For details, see TOTP.

    • length (float) - Integer. Length of the one-time password.

    • timeStep (float) - Integer. Seconds between allowed generation of new passwords.

  • twilioSid (str) - String. SID for your Twilio account.

  • twilioToken (str) - String, Case-sensitive. AuthToken for your Twilio account.

  • type (str) - String. Value must be back_channel or front_channel

  • useCertAuth (bool)

  • useKerberos (bool)

  • useWsfed (bool) - Bool

  • userinfoEndpoint (str) - String.

  • validation (dict) - String.

  • waadCommonEndpoint (bool) - Boolean. Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you’re using this for a multi-tenant application in Azure AD.

  • waadProtocol (str) - String

realms: pulumi.Output[list] = None

List(String). Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

strategy: pulumi.Output[str] = None

String. Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

strategy_version: pulumi.Output[str] = None

Int. Version 1 is deprecated, use version 2.

static get(resource_name, id, opts=None, display_name=None, enabled_clients=None, is_domain_connection=None, name=None, options=None, realms=None, strategy=None, strategy_version=None)

Get an existing Connection resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • display_name (pulumi.Input[str]) – Name used in login screen

  • enabled_clients (pulumi.Input[list]) – Set(String). IDs of the clients for which the connection is enabled. If not specified, no clients are enabled.

  • is_domain_connection (pulumi.Input[bool]) – Boolean. Indicates whether or not the connection is domain level.

  • name (pulumi.Input[str]) – String. Name of the connection.

  • options (pulumi.Input[dict]) – List(Resource). Configuration settings for connection options. For details, see Options.

  • realms (pulumi.Input[list]) – List(String). Defines the realms for which the connection will be used (i.e., email domains). If not specified, the connection name is added as the realm.

  • strategy (pulumi.Input[str]) – String. Type of the connection, which indicates the identity provider. Options include ad, adfs, amazon, aol, apple, auth0, auth0-adldap, auth0-oidc, baidu, bitbucket, bitly, box, custom, daccount, dropbox, dwolla, email, evernote, evernote-sandbox, exact, facebook, fitbit, flickr, github, google-apps, google-oauth2, guardian, instagram, ip, line, linkedin, miicard, oauth1, oauth2, office365, oidc, paypal, paypal-sandbox, pingfederate, planningcenter, renren, salesforce, salesforce-community, salesforce-sandbox samlp, sharepoint, shopify, sms, soundcloud, thecity, thecity-sandbox, thirtysevensignals, twitter, untappd, vkontakte, waad, weibo, windowslive, wordpress, yahoo, yammer, yandex.

  • strategy_version (pulumi.Input[str]) – Int. Version 1 is deprecated, use version 2.

The options object supports the following:

  • adfsServer (pulumi.Input[str]) - String. ADFS Metadata source.

  • allowedAudiences (pulumi.Input[list])

  • apiEnableUsers (pulumi.Input[bool]) - Boolean.

  • appDomain (pulumi.Input[str]) - String. Azure AD domain name.

  • appId (pulumi.Input[str]) - String

  • authorizationEndpoint (pulumi.Input[str]) - String.

  • bruteForceProtection (pulumi.Input[bool]) - Boolean. Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

  • client_id (pulumi.Input[str]) - String. Client ID given by your OIDC provider.

  • client_secret (pulumi.Input[str]) - String, Case-sensitive. Client secret given by your OIDC provider.

  • communityBaseUrl (pulumi.Input[str]) - String.

  • configuration (pulumi.Input[dict]) - Map(String), Case-sensitive.

  • customScripts (pulumi.Input[dict]) - Map(String).

  • disableCache (pulumi.Input[bool])

  • disableSignup (pulumi.Input[bool]) - Boolean. Indicates whether or not to allow user sign-ups to your application.

  • discoveryUrl (pulumi.Input[str]) - String. Usually an URL ending with /.well-known/openid-configuration

  • domain (pulumi.Input[str])

  • domainAliases (pulumi.Input[list]) - List(String). List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.

  • enabledDatabaseCustomization (pulumi.Input[bool]) - Boolean.

  • from_ (pulumi.Input[str]) - String. SMS number for the sender. Used when SMS Source is From.

  • iconUrl (pulumi.Input[str])

  • identityApi (pulumi.Input[str])

  • importMode (pulumi.Input[bool]) - Boolean. Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. Learn more.

  • ips (pulumi.Input[list])

  • issuer (pulumi.Input[str]) - String. URL of the issuer.

  • jwksUri (pulumi.Input[str]) - String.

  • keyId (pulumi.Input[str])

  • maxGroupsToRetrieve (pulumi.Input[str]) - String. Maximum number of groups to retrieve.

  • messagingServiceSid (pulumi.Input[str]) - String. SID for Copilot. Used when SMS Source is Copilot.

  • name (pulumi.Input[str]) - String.

  • passwordComplexityOptions (pulumi.Input[dict]) - List(Resource). Configuration settings for password complexity. For details, see Password Complexity Options.

    • minLength (pulumi.Input[float]) - Integer. Minimum number of characters allowed in passwords.

  • passwordDictionary (pulumi.Input[dict]) - List(Resource). Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.

    • dictionaries (pulumi.Input[list]) - Set(String), (Maximum=2000 characters). Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.

    • enable (pulumi.Input[bool]) - Boolean. Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

  • passwordHistories (pulumi.Input[list]) - List(Resource). Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.

    • enable (pulumi.Input[bool]) - Boolean. Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.

    • size (pulumi.Input[float]) - Integer, (Maximum=24). Indicates the number of passwords to keep in history.

  • passwordNoPersonalInfo (pulumi.Input[dict]) - List(Resource). Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user’s personal data, including user’s name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user’s email, or first part of the user’s email. For details, see Password No Personal Info.

    • enable (pulumi.Input[bool]) - Boolean. Indicates whether the password personal info check is enabled for this connection.

  • passwordPolicy (pulumi.Input[str]) - String. Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

  • requiresUsername (pulumi.Input[bool]) - Boolean. Indicates whether or not the user is required to provide a username in addition to an email address.

  • scopes (pulumi.Input[list]) - List(String). Value must be a list of scopes. For example ["openid", "profile", "email"]

  • strategy_version (pulumi.Input[float]) - Int. Version 1 is deprecated, use version 2.

  • subject (pulumi.Input[str])

  • syntax (pulumi.Input[str]) - String. Syntax of the SMS. Options include markdown and liquid.

  • teamId (pulumi.Input[str])

  • template (pulumi.Input[str]) - String. Template for the SMS. You can use @@password@@ as a placeholder for the password value.

  • tenantDomain (pulumi.Input[str]) - String

  • tokenEndpoint (pulumi.Input[str]) - String.

  • totp (pulumi.Input[dict]) - Map(Resource). Configuration options for one-time passwords. For details, see TOTP.

    • length (pulumi.Input[float]) - Integer. Length of the one-time password.

    • timeStep (pulumi.Input[float]) - Integer. Seconds between allowed generation of new passwords.

  • twilioSid (pulumi.Input[str]) - String. SID for your Twilio account.

  • twilioToken (pulumi.Input[str]) - String, Case-sensitive. AuthToken for your Twilio account.

  • type (pulumi.Input[str]) - String. Value must be back_channel or front_channel

  • useCertAuth (pulumi.Input[bool])

  • useKerberos (pulumi.Input[bool])

  • useWsfed (pulumi.Input[bool]) - Bool

  • userinfoEndpoint (pulumi.Input[str]) - String.

  • validation (pulumi.Input[dict]) - String.

  • waadCommonEndpoint (pulumi.Input[bool]) - Boolean. Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you’re using this for a multi-tenant application in Azure AD.

  • waadProtocol (pulumi.Input[str]) - String

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_auth0.CustomDomain(resource_name, opts=None, domain=None, type=None, verification_method=None, __props__=None, __name__=None, __opts__=None)

With Auth0, you can use a custom domain to maintain a consistent user experience. This resource allows you to create and manage a custom domain within your Auth0 tenant.

import pulumi
import pulumi_auth0 as auth0

my_custom_domain = auth0.CustomDomain("myCustomDomain",
    domain="auth.example.com",
    type="auth0_managed_certs",
    verification_method="txt")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • domain (pulumi.Input[str]) – String. Name of the custom domain.

  • type (pulumi.Input[str]) – String. Provisioning type for the custom domain. Options include auth0_managed_certs and self_managed_certs.

  • verification_method (pulumi.Input[str]) – String. Domain verification method. Options include txt.

domain: pulumi.Output[str] = None

String. Name of the custom domain.

primary: pulumi.Output[bool] = None

Boolean. Indicates whether or not this is a primary domain.

status: pulumi.Output[str] = None

String. Configuration status for the custom domain. Options include disabled, pending, pending_verification, and ready.

type: pulumi.Output[str] = None

String. Provisioning type for the custom domain. Options include auth0_managed_certs and self_managed_certs.

verification: pulumi.Output[dict] = None

List(Resource). Configuration settings for verification. For details, see Verification.

  • methods (list) - List(Map). Verification methods for the domain.

verification_method: pulumi.Output[str] = None

String. Domain verification method. Options include txt.

static get(resource_name, id, opts=None, domain=None, primary=None, status=None, type=None, verification=None, verification_method=None)

Get an existing CustomDomain resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • domain (pulumi.Input[str]) – String. Name of the custom domain.

  • primary (pulumi.Input[bool]) – Boolean. Indicates whether or not this is a primary domain.

  • status (pulumi.Input[str]) – String. Configuration status for the custom domain. Options include disabled, pending, pending_verification, and ready.

  • type (pulumi.Input[str]) – String. Provisioning type for the custom domain. Options include auth0_managed_certs and self_managed_certs.

  • verification (pulumi.Input[dict]) – List(Resource). Configuration settings for verification. For details, see Verification.

  • verification_method (pulumi.Input[str]) – String. Domain verification method. Options include txt.

The verification object supports the following:

  • methods (pulumi.Input[list]) - List(Map). Verification methods for the domain.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_auth0.Email(resource_name, opts=None, credentials=None, default_from_address=None, enabled=None, name=None, __props__=None, __name__=None, __opts__=None)

With Auth0, you can have standard welcome, password reset, and account verification email-based workflows built right into Auth0. This resource allows you to configure email providers so you can route all emails that are part of Auth0’s authentication workflows through the supported high-volume email service of your choice.

import pulumi
import pulumi_auth0 as auth0

my_email_provider = auth0.Email("myEmailProvider",
    credentials={
        "accessKeyId": "AKIAXXXXXXXXXXXXXXXX",
        "region": "us-east-1",
        "secretAccessKey": "7e8c2148xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    },
    default_from_address="accounts@example.com",
    enabled=True)
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • credentials (pulumi.Input[dict]) – List(Resource). Configuration settings for the credentials for the email provider. For details, see Credentials.

  • default_from_address (pulumi.Input[str]) – String. Email address to use as the sender when no other “from” address is specified.

  • enabled (pulumi.Input[bool]) – Boolean. Indicates whether or not the email provider is enabled.

  • name (pulumi.Input[str]) – String. Name of the email provider. Options include mailgun, mandrill, sendgrid, ses, smtp, and sparkpost.

The credentials object supports the following:

  • accessKeyId (pulumi.Input[str]) - String, Case-sensitive. AWS Access Key ID. Used only for AWS.

  • apiKey (pulumi.Input[str]) - String, Case-sensitive. API Key for your email service. Will always be encrypted in our database.

  • apiUser (pulumi.Input[str]) - String. API User for your email service.

  • domain (pulumi.Input[str])

  • region (pulumi.Input[str]) - String. Default region. Used only for AWS, Mailgun, and SparkPost.

  • secretAccessKey (pulumi.Input[str]) - String, Case-sensitive. AWS Secret Key. Will always be encrypted in our database. Used only for AWS.

  • smtpHost (pulumi.Input[str]) - String. Hostname or IP address of your SMTP server. Used only for SMTP.

  • smtpPass (pulumi.Input[str]) - String, Case-sensitive. SMTP password. Used only for SMTP.

  • smtpPort (pulumi.Input[float]) - Integer. Port used by your SMTP server. Please avoid using port 25 if possible because many providers have limitations on this port. Used only for SMTP.

  • smtpUser (pulumi.Input[str]) - String. SMTP username. Used only for SMTP.

credentials: pulumi.Output[dict] = None

List(Resource). Configuration settings for the credentials for the email provider. For details, see Credentials.

  • accessKeyId (str) - String, Case-sensitive. AWS Access Key ID. Used only for AWS.

  • apiKey (str) - String, Case-sensitive. API Key for your email service. Will always be encrypted in our database.

  • apiUser (str) - String. API User for your email service.

  • domain (str)

  • region (str) - String. Default region. Used only for AWS, Mailgun, and SparkPost.

  • secretAccessKey (str) - String, Case-sensitive. AWS Secret Key. Will always be encrypted in our database. Used only for AWS.

  • smtpHost (str) - String. Hostname or IP address of your SMTP server. Used only for SMTP.

  • smtpPass (str) - String, Case-sensitive. SMTP password. Used only for SMTP.

  • smtpPort (float) - Integer. Port used by your SMTP server. Please avoid using port 25 if possible because many providers have limitations on this port. Used only for SMTP.

  • smtpUser (str) - String. SMTP username. Used only for SMTP.

default_from_address: pulumi.Output[str] = None

String. Email address to use as the sender when no other “from” address is specified.

enabled: pulumi.Output[bool] = None

Boolean. Indicates whether or not the email provider is enabled.

name: pulumi.Output[str] = None

String. Name of the email provider. Options include mailgun, mandrill, sendgrid, ses, smtp, and sparkpost.

static get(resource_name, id, opts=None, credentials=None, default_from_address=None, enabled=None, name=None)

Get an existing Email resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • credentials (pulumi.Input[dict]) – List(Resource). Configuration settings for the credentials for the email provider. For details, see Credentials.

  • default_from_address (pulumi.Input[str]) – String. Email address to use as the sender when no other “from” address is specified.

  • enabled (pulumi.Input[bool]) – Boolean. Indicates whether or not the email provider is enabled.

  • name (pulumi.Input[str]) – String. Name of the email provider. Options include mailgun, mandrill, sendgrid, ses, smtp, and sparkpost.

The credentials object supports the following:

  • accessKeyId (pulumi.Input[str]) - String, Case-sensitive. AWS Access Key ID. Used only for AWS.

  • apiKey (pulumi.Input[str]) - String, Case-sensitive. API Key for your email service. Will always be encrypted in our database.

  • apiUser (pulumi.Input[str]) - String. API User for your email service.

  • domain (pulumi.Input[str])

  • region (pulumi.Input[str]) - String. Default region. Used only for AWS, Mailgun, and SparkPost.

  • secretAccessKey (pulumi.Input[str]) - String, Case-sensitive. AWS Secret Key. Will always be encrypted in our database. Used only for AWS.

  • smtpHost (pulumi.Input[str]) - String. Hostname or IP address of your SMTP server. Used only for SMTP.

  • smtpPass (pulumi.Input[str]) - String, Case-sensitive. SMTP password. Used only for SMTP.

  • smtpPort (pulumi.Input[float]) - Integer. Port used by your SMTP server. Please avoid using port 25 if possible because many providers have limitations on this port. Used only for SMTP.

  • smtpUser (pulumi.Input[str]) - String. SMTP username. Used only for SMTP.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_auth0.EmailTemplate(resource_name, opts=None, body=None, enabled=None, from_=None, result_url=None, subject=None, syntax=None, template=None, url_lifetime_in_seconds=None, __props__=None, __name__=None, __opts__=None)

With Auth0, you can have standard welcome, password reset, and account verification email-based workflows built right into Auth0. This resource allows you to configure email templates to customize the look, feel, and sender identities of emails sent by Auth0. Used in conjunction with configured email providers.

import pulumi
import pulumi_auth0 as auth0

my_email_provider = auth0.Email("myEmailProvider",
    enabled=True,
    default_from_address="accounts@example.com",
    credentials={
        "accessKeyId": "AKIAXXXXXXXXXXXXXXXX",
        "secretAccessKey": "7e8c2148xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
        "region": "us-east-1",
    })
my_email_template = auth0.EmailTemplate("myEmailTemplate",
    template="welcome_email",
    body="<html><body><h1>Welcome!</h1></body></html>",
    from_="welcome@example.com",
    result_url="https://example.com/welcome",
    subject="Welcome",
    syntax="liquid",
    url_lifetime_in_seconds=3600,
    enabled=True)
Parameters

  • resource*name (str) –

    The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • body (pulumi.Input[str]) – String. Body of the email template. You can include common variables.

  • enabled (pulumi.Input[bool]) – Boolean. Indicates whether or not the template is enabled.

:param pulumi.Input[str] from*: String. Email address to use as the sender. You can include common variables. :param pulumi.Input[str] result_url: String. URL to redirect the user to after a successful action. Learn more. :param pulumi.Input[str] subject: String. Subject line of the email. You can include common variables. :param pulumi.Input[str] syntax: String. Syntax of the template body. You can use either text or HTML + Liquid syntax. :param pulumi.Input[str] template: String. Template name. Options include verify_email, reset_email, welcome_email, blocked_account, stolen_credentials, enrollment_email, mfa_oob_code, change_password (legacy), and password_reset (legacy). :param pulumi.Input[float] url_lifetime_in_seconds: Integer. Number of seconds during which the link within the email will be valid.

body: pulumi.Output[str] = None

String. Body of the email template. You can include common variables.

enabled: pulumi.Output[bool] = None

Boolean. Indicates whether or not the template is enabled.

from_: pulumi.Output[str] = None

String. Email address to use as the sender. You can include common variables.

result_url: pulumi.Output[str] = None

String. URL to redirect the user to after a successful action. Learn more.

subject: pulumi.Output[str] = None

String. Subject line of the email. You can include common variables.

syntax: pulumi.Output[str] = None

String. Syntax of the template body. You can use either text or HTML + Liquid syntax.

template: pulumi.Output[str] = None

String. Template name. Options include verify_email, reset_email, welcome_email, blocked_account, stolen_credentials, enrollment_email, mfa_oob_code, change_password (legacy), and password_reset (legacy).

url_lifetime_in_seconds: pulumi.Output[float] = None

Integer. Number of seconds during which the link within the email will be valid.

static get(resource_name, id, opts=None, body=None, enabled=None, from_=None, result_url=None, subject=None, syntax=None, template=None, url_lifetime_in_seconds=None)

Get an existing EmailTemplate resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource*name (str) –

    The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • body (pulumi.Input[str]) –

    String. Body of the email template. You can include common variables.

  • enabled (pulumi.Input[bool]) – Boolean. Indicates whether or not the template is enabled.

:param pulumi.Input[str] from*: String. Email address to use as the sender. You can include common variables. :param pulumi.Input[str] result_url: String. URL to redirect the user to after a successful action. Learn more. :param pulumi.Input[str] subject: String. Subject line of the email. You can include common variables. :param pulumi.Input[str] syntax: String. Syntax of the template body. You can use either text or HTML + Liquid syntax. :param pulumi.Input[str] template: String. Template name. Options include verify_email, reset_email, welcome_email, blocked_account, stolen_credentials, enrollment_email, mfa_oob_code, change_password (legacy), and password_reset (legacy). :param pulumi.Input[float] url_lifetime_in_seconds: Integer. Number of seconds during which the link within the email will be valid.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_auth0.GlobalClient(resource_name, opts=None, addons=None, allowed_logout_urls=None, allowed_origins=None, app_type=None, callbacks=None, client_metadata=None, client_secret_rotation_trigger=None, cross_origin_auth=None, cross_origin_loc=None, custom_login_page=None, custom_login_page_on=None, custom_login_page_preview=None, description=None, encryption_key=None, form_template=None, grant_types=None, initiate_login_uri=None, is_first_party=None, is_token_endpoint_ip_header_trusted=None, jwt_configuration=None, logo_uri=None, mobile=None, oidc_conformant=None, sso=None, sso_disabled=None, token_endpoint_auth_method=None, web_origins=None, __props__=None, __name__=None, __opts__=None)

Create a GlobalClient resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource.

The addons object supports the following:

  • aws (pulumi.Input[dict])

  • azureBlob (pulumi.Input[dict])

  • azureSb (pulumi.Input[dict])

  • box (pulumi.Input[dict])

  • cloudbees (pulumi.Input[dict])

  • concur (pulumi.Input[dict])

  • dropbox (pulumi.Input[dict])

  • echosign (pulumi.Input[dict])

  • egnyte (pulumi.Input[dict])

  • firebase (pulumi.Input[dict])

  • layer (pulumi.Input[dict])

  • mscrm (pulumi.Input[dict])

  • newrelic (pulumi.Input[dict])

  • office365 (pulumi.Input[dict])

  • rms (pulumi.Input[dict])

  • salesforce (pulumi.Input[dict])

  • salesforceApi (pulumi.Input[dict])

  • salesforceSandboxApi (pulumi.Input[dict])

  • samlp (pulumi.Input[dict])

    • audience (pulumi.Input[str])

    • authnContextClassRef (pulumi.Input[str])

    • binding (pulumi.Input[str])

    • createUpnClaim (pulumi.Input[bool])

    • destination (pulumi.Input[str])

    • digestAlgorithm (pulumi.Input[str])

    • includeAttributeNameFormat (pulumi.Input[bool])

    • lifetimeInSeconds (pulumi.Input[float])

    • logout (pulumi.Input[dict])

      • callback (pulumi.Input[str])

      • sloEnabled (pulumi.Input[bool])

    • mapIdentities (pulumi.Input[bool])

    • mapUnknownClaimsAsIs (pulumi.Input[bool])

    • mappings (pulumi.Input[dict])

    • nameIdentifierFormat (pulumi.Input[str])

    • nameIdentifierProbes (pulumi.Input[list])

    • passthroughClaimsWithNoMapping (pulumi.Input[bool])

    • recipient (pulumi.Input[str])

    • signResponse (pulumi.Input[bool])

    • signatureAlgorithm (pulumi.Input[str])

    • typedAttributes (pulumi.Input[bool])

  • sapApi (pulumi.Input[dict])

  • sentry (pulumi.Input[dict])

  • sharepoint (pulumi.Input[dict])

  • slack (pulumi.Input[dict])

  • springcm (pulumi.Input[dict])

  • wams (pulumi.Input[dict])

  • wsfed (pulumi.Input[dict])

  • zendesk (pulumi.Input[dict])

  • zoom (pulumi.Input[dict])

The jwt_configuration object supports the following:

  • alg (pulumi.Input[str])

  • lifetimeInSeconds (pulumi.Input[float])

  • scopes (pulumi.Input[dict])

  • secretEncoded (pulumi.Input[bool])

The mobile object supports the following:

  • android (pulumi.Input[dict])

    • appPackageName (pulumi.Input[str])

    • sha256CertFingerprints (pulumi.Input[list])

  • ios (pulumi.Input[dict])

    • appBundleIdentifier (pulumi.Input[str])

    • teamId (pulumi.Input[str])

static get(resource_name, id, opts=None, addons=None, allowed_logout_urls=None, allowed_origins=None, app_type=None, callbacks=None, client_id=None, client_metadata=None, client_secret=None, client_secret_rotation_trigger=None, cross_origin_auth=None, cross_origin_loc=None, custom_login_page=None, custom_login_page_on=None, custom_login_page_preview=None, description=None, encryption_key=None, form_template=None, grant_types=None, initiate_login_uri=None, is_first_party=None, is_token_endpoint_ip_header_trusted=None, jwt_configuration=None, logo_uri=None, mobile=None, name=None, oidc_conformant=None, sso=None, sso_disabled=None, token_endpoint_auth_method=None, web_origins=None)

Get an existing GlobalClient resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

The addons object supports the following:

  • aws (pulumi.Input[dict])

  • azureBlob (pulumi.Input[dict])

  • azureSb (pulumi.Input[dict])

  • box (pulumi.Input[dict])

  • cloudbees (pulumi.Input[dict])

  • concur (pulumi.Input[dict])

  • dropbox (pulumi.Input[dict])

  • echosign (pulumi.Input[dict])

  • egnyte (pulumi.Input[dict])

  • firebase (pulumi.Input[dict])

  • layer (pulumi.Input[dict])

  • mscrm (pulumi.Input[dict])

  • newrelic (pulumi.Input[dict])

  • office365 (pulumi.Input[dict])

  • rms (pulumi.Input[dict])

  • salesforce (pulumi.Input[dict])

  • salesforceApi (pulumi.Input[dict])

  • salesforceSandboxApi (pulumi.Input[dict])

  • samlp (pulumi.Input[dict])

    • audience (pulumi.Input[str])

    • authnContextClassRef (pulumi.Input[str])

    • binding (pulumi.Input[str])

    • createUpnClaim (pulumi.Input[bool])

    • destination (pulumi.Input[str])

    • digestAlgorithm (pulumi.Input[str])

    • includeAttributeNameFormat (pulumi.Input[bool])

    • lifetimeInSeconds (pulumi.Input[float])

    • logout (pulumi.Input[dict])

      • callback (pulumi.Input[str])

      • sloEnabled (pulumi.Input[bool])

    • mapIdentities (pulumi.Input[bool])

    • mapUnknownClaimsAsIs (pulumi.Input[bool])

    • mappings (pulumi.Input[dict])

    • nameIdentifierFormat (pulumi.Input[str])

    • nameIdentifierProbes (pulumi.Input[list])

    • passthroughClaimsWithNoMapping (pulumi.Input[bool])

    • recipient (pulumi.Input[str])

    • signResponse (pulumi.Input[bool])

    • signatureAlgorithm (pulumi.Input[str])

    • typedAttributes (pulumi.Input[bool])

  • sapApi (pulumi.Input[dict])

  • sentry (pulumi.Input[dict])

  • sharepoint (pulumi.Input[dict])

  • slack (pulumi.Input[dict])

  • springcm (pulumi.Input[dict])

  • wams (pulumi.Input[dict])

  • wsfed (pulumi.Input[dict])

  • zendesk (pulumi.Input[dict])

  • zoom (pulumi.Input[dict])

The jwt_configuration object supports the following:

  • alg (pulumi.Input[str])

  • lifetimeInSeconds (pulumi.Input[float])

  • scopes (pulumi.Input[dict])

  • secretEncoded (pulumi.Input[bool])

The mobile object supports the following:

  • android (pulumi.Input[dict])

    • appPackageName (pulumi.Input[str])

    • sha256CertFingerprints (pulumi.Input[list])

  • ios (pulumi.Input[dict])

    • appBundleIdentifier (pulumi.Input[str])

    • teamId (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_auth0.Hook(resource_name, opts=None, enabled=None, name=None, script=None, trigger_id=None, __props__=None, __name__=None, __opts__=None)

Hooks are secure, self-contained functions that allow you to customize the behavior of Auth0 when executed for selected extensibility points of the Auth0 platform. Auth0 invokes Hooks during runtime to execute your custom Node.js code.

Depending on the extensibility point, you can use Hooks with Database Connections and/or Passwordless Connections.

import pulumi
import pulumi_auth0 as auth0

my_hook = auth0.Hook("myHook",
    enabled=True,
    script="""function (user, context, callback) { 
  callback(null, { user }); 
}

""",
    trigger_id="pre-user-registration")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • enabled (pulumi.Input[bool]) – Whether the hook is enabled, or disabled

  • name (pulumi.Input[str]) – Name of this hook

  • script (pulumi.Input[str]) – Code to be executed when this hook runs

  • trigger_id (pulumi.Input[str]) – Execution stage of this rule. Can be credentials-exchange, pre-user-registration, post-user-registration, post-change-password, or send-phone-message

enabled: pulumi.Output[bool] = None

Whether the hook is enabled, or disabled

name: pulumi.Output[str] = None

Name of this hook

script: pulumi.Output[str] = None

Code to be executed when this hook runs

trigger_id: pulumi.Output[str] = None

Execution stage of this rule. Can be credentials-exchange, pre-user-registration, post-user-registration, post-change-password, or send-phone-message

static get(resource_name, id, opts=None, enabled=None, name=None, script=None, trigger_id=None)

Get an existing Hook resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • enabled (pulumi.Input[bool]) – Whether the hook is enabled, or disabled

  • name (pulumi.Input[str]) – Name of this hook

  • script (pulumi.Input[str]) – Code to be executed when this hook runs

  • trigger_id (pulumi.Input[str]) – Execution stage of this rule. Can be credentials-exchange, pre-user-registration, post-user-registration, post-change-password, or send-phone-message

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_auth0.Prompt(resource_name, opts=None, universal_login_experience=None, __props__=None, __name__=None, __opts__=None)

With this resource, you can manage your Auth0 prompts, including choosing the login experience version.

import pulumi
import pulumi_auth0 as auth0

example = auth0.Prompt("example", universal_login_experience="classic")
Parameters
static get(resource_name, id, opts=None, universal_login_experience=None)

Get an existing Prompt resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_auth0.Provider(resource_name, opts=None, client_id=None, client_secret=None, debug=None, domain=None, __props__=None, __name__=None, __opts__=None)

The provider type for the auth0 package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.

Parameters
translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_auth0.ResourceServer(resource_name, opts=None, allow_offline_access=None, enforce_policies=None, identifier=None, name=None, options=None, scopes=None, signing_alg=None, signing_secret=None, skip_consent_for_verifiable_first_party_clients=None, token_dialect=None, token_lifetime=None, token_lifetime_for_web=None, verification_location=None, __props__=None, __name__=None, __opts__=None)

With this resource, you can set up APIs that can be consumed from your authorized applications.

import pulumi
import pulumi_auth0 as auth0

my_resource_server = auth0.ResourceServer("myResourceServer",
    allow_offline_access=True,
    identifier="https://api.example.com",
    scopes=[
        {
            "description": "Create foos",
            "value": "create:foo",
        },
        {
            "description": "Create bars",
            "value": "create:bar",
        },
    ],
    signing_alg="RS256",
    skip_consent_for_verifiable_first_party_clients=True,
    token_lifetime=8600)
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • allow_offline_access (pulumi.Input[bool]) – Boolean. Indicates whether or not refresh tokens can be issued for this resource server.

  • enforce_policies (pulumi.Input[bool]) – Boolean. Indicates whether or not authorization polices are enforced.

  • identifier (pulumi.Input[str]) – String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.

  • name (pulumi.Input[str]) – String. Friendly name for the resource server. Cannot include < or > characters.

  • options (pulumi.Input[dict]) – Map(String). Used to store additional metadata

  • scopes (pulumi.Input[list]) – Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.

  • signing_alg (pulumi.Input[str]) – String. Algorithm used to sign JWTs. Options include HS256 and RS256.

  • signing_secret (pulumi.Input[str]) – String. Secret used to sign tokens when using symmetric algorithms (HS256).

  • skip_consent_for_verifiable_first_party_clients (pulumi.Input[bool]) – Boolean. Indicates whether or not to skip user consent for applications flagged as first party.

  • token_dialect (pulumi.Input[str]) – String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).

  • token_lifetime (pulumi.Input[float]) – Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.

  • token_lifetime_for_web (pulumi.Input[float]) – Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.

  • verification_location (pulumi.Input[str]) – String

The scopes object supports the following:

  • description (pulumi.Input[str]) - String. Description of the permission (scope).

  • value (pulumi.Input[str]) - String. Name of the permission (scope). Examples include read:appointments or delete:appointments.

allow_offline_access: pulumi.Output[bool] = None

Boolean. Indicates whether or not refresh tokens can be issued for this resource server.

enforce_policies: pulumi.Output[bool] = None

Boolean. Indicates whether or not authorization polices are enforced.

identifier: pulumi.Output[str] = None

String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.

name: pulumi.Output[str] = None

String. Friendly name for the resource server. Cannot include < or > characters.

options: pulumi.Output[dict] = None

Map(String). Used to store additional metadata

scopes: pulumi.Output[list] = None

Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.

  • description (str) - String. Description of the permission (scope).

  • value (str) - String. Name of the permission (scope). Examples include read:appointments or delete:appointments.

signing_alg: pulumi.Output[str] = None

String. Algorithm used to sign JWTs. Options include HS256 and RS256.

signing_secret: pulumi.Output[str] = None

String. Secret used to sign tokens when using symmetric algorithms (HS256).

Boolean. Indicates whether or not to skip user consent for applications flagged as first party.

token_dialect: pulumi.Output[str] = None

String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).

token_lifetime: pulumi.Output[float] = None

Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.

token_lifetime_for_web: pulumi.Output[float] = None

Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.

verification_location: pulumi.Output[str] = None

String

static get(resource_name, id, opts=None, allow_offline_access=None, enforce_policies=None, identifier=None, name=None, options=None, scopes=None, signing_alg=None, signing_secret=None, skip_consent_for_verifiable_first_party_clients=None, token_dialect=None, token_lifetime=None, token_lifetime_for_web=None, verification_location=None)

Get an existing ResourceServer resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • allow_offline_access (pulumi.Input[bool]) – Boolean. Indicates whether or not refresh tokens can be issued for this resource server.

  • enforce_policies (pulumi.Input[bool]) – Boolean. Indicates whether or not authorization polices are enforced.

  • identifier (pulumi.Input[str]) – String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.

  • name (pulumi.Input[str]) – String. Friendly name for the resource server. Cannot include < or > characters.

  • options (pulumi.Input[dict]) – Map(String). Used to store additional metadata

  • scopes (pulumi.Input[list]) – Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.

  • signing_alg (pulumi.Input[str]) – String. Algorithm used to sign JWTs. Options include HS256 and RS256.

  • signing_secret (pulumi.Input[str]) – String. Secret used to sign tokens when using symmetric algorithms (HS256).

  • skip_consent_for_verifiable_first_party_clients (pulumi.Input[bool]) – Boolean. Indicates whether or not to skip user consent for applications flagged as first party.

  • token_dialect (pulumi.Input[str]) – String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).

  • token_lifetime (pulumi.Input[float]) – Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.

  • token_lifetime_for_web (pulumi.Input[float]) – Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.

  • verification_location (pulumi.Input[str]) – String

The scopes object supports the following:

  • description (pulumi.Input[str]) - String. Description of the permission (scope).

  • value (pulumi.Input[str]) - String. Name of the permission (scope). Examples include read:appointments or delete:appointments.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_auth0.Role(resource_name, opts=None, description=None, name=None, permissions=None, __props__=None, __name__=None, __opts__=None)

With this resource, you can created and manage collections of permissions that can be assigned to users, which are otherwise known as roles. Permissions (scopes) are created on auth0_resource_server, then associated with roles and optionally, users using this resource.

import pulumi
import pulumi_auth0 as auth0

my_resource_server = auth0.ResourceServer("myResourceServer",
    enforce_policies=True,
    identifier="my-resource-server-identifier",
    scopes=[{
        "description": "read something",
        "value": "read:something",
    }],
    signing_alg="RS256",
    skip_consent_for_verifiable_first_party_clients=True,
    token_lifetime=86400)
my_role = auth0.Role("myRole",
    description="Role Description...",
    permissions=[{
        "name": "read:something",
        "resourceServerIdentifier": my_resource_server.identifier,
    }])
my_user = auth0.User("myUser",
    connection_name="Username-Password-Authentication",
    email="test@test.com",
    nickname="testnick",
    password="passpass$$12$$12",
    roles=[my_role.id],
    user_id="auth0|1234567890",
    username="testnick")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • description (pulumi.Input[str]) – String. Description of the role.

  • name (pulumi.Input[str]) – String. Name for this role.

  • permissions (pulumi.Input[list]) – Set(Resource). Configuration settings for permissions (scopes) attached to the role. For details, see Permissions.

The permissions object supports the following:

  • name (pulumi.Input[str]) - String. Name of the permission (scope).

  • resourceServerIdentifier (pulumi.Input[str]) - String. Unique identifier for the resource server.

description: pulumi.Output[str] = None

String. Description of the role.

name: pulumi.Output[str] = None

String. Name for this role.

permissions: pulumi.Output[list] = None

Set(Resource). Configuration settings for permissions (scopes) attached to the role. For details, see Permissions.

  • name (str) - String. Name of the permission (scope).

  • resourceServerIdentifier (str) - String. Unique identifier for the resource server.

static get(resource_name, id, opts=None, description=None, name=None, permissions=None)

Get an existing Role resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • description (pulumi.Input[str]) – String. Description of the role.

  • name (pulumi.Input[str]) – String. Name for this role.

  • permissions (pulumi.Input[list]) – Set(Resource). Configuration settings for permissions (scopes) attached to the role. For details, see Permissions.

The permissions object supports the following:

  • name (pulumi.Input[str]) - String. Name of the permission (scope).

  • resourceServerIdentifier (pulumi.Input[str]) - String. Unique identifier for the resource server.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_auth0.Rule(resource_name, opts=None, enabled=None, name=None, order=None, script=None, __props__=None, __name__=None, __opts__=None)

With Auth0, you can create custom Javascript snippets that run in a secure, isolated sandbox as part of your authentication pipeline, which are otherwise known as rules. This resource allows you to create and manage rules. You can create global variable for use with rules by using the .RuleConfig resource.

import pulumi
import pulumi_auth0 as auth0

my_rule = auth0.Rule("myRule",
    enabled=True,
    script="""function (user, context, callback) {
  callback(null, user, context);
}

""")
my_rule_config = auth0.RuleConfig("myRuleConfig",
    key="foo",
    value="bar")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • enabled (pulumi.Input[bool]) – Boolean. Indicates whether the rule is enabled.

  • name (pulumi.Input[str]) – String. Name of the rule. May only contain alphanumeric characters, spaces, and hyphens. May neither start nor end with hyphens or spaces.

  • order (pulumi.Input[float]) – Integer. Order in which the rule executes relative to other rules. Lower-valued rules execute first.

  • script (pulumi.Input[str]) – String. Code to be executed when the rule runs.

enabled: pulumi.Output[bool] = None

Boolean. Indicates whether the rule is enabled.

name: pulumi.Output[str] = None

String. Name of the rule. May only contain alphanumeric characters, spaces, and hyphens. May neither start nor end with hyphens or spaces.

order: pulumi.Output[float] = None

Integer. Order in which the rule executes relative to other rules. Lower-valued rules execute first.

script: pulumi.Output[str] = None

String. Code to be executed when the rule runs.

static get(resource_name, id, opts=None, enabled=None, name=None, order=None, script=None)

Get an existing Rule resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • enabled (pulumi.Input[bool]) – Boolean. Indicates whether the rule is enabled.

  • name (pulumi.Input[str]) – String. Name of the rule. May only contain alphanumeric characters, spaces, and hyphens. May neither start nor end with hyphens or spaces.

  • order (pulumi.Input[float]) – Integer. Order in which the rule executes relative to other rules. Lower-valued rules execute first.

  • script (pulumi.Input[str]) – String. Code to be executed when the rule runs.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_auth0.RuleConfig(resource_name, opts=None, key=None, value=None, __props__=None, __name__=None, __opts__=None)

With Auth0, you can create custom Javascript snippets that run in a secure, isolated sandbox as part of your authentication pipeline, which are otherwise known as rules. This resource allows you to create and manage variables that are available to all rules via Auth0’s global configuration object. Used in conjunction with configured rules.

import pulumi
import pulumi_auth0 as auth0

my_rule = auth0.Rule("myRule",
    enabled=True,
    script="""function (user, context, callback) {
  callback(null, user, context);
}

""")
my_rule_config = auth0.RuleConfig("myRuleConfig",
    key="foo",
    value="bar")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • key (pulumi.Input[str]) – String. Key for a rules configuration variable.

  • value (pulumi.Input[str]) – String, Case-sensitive. Value for a rules configuration variable.

key: pulumi.Output[str] = None

String. Key for a rules configuration variable.

value: pulumi.Output[str] = None

String, Case-sensitive. Value for a rules configuration variable.

static get(resource_name, id, opts=None, key=None, value=None)

Get an existing RuleConfig resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • key (pulumi.Input[str]) – String. Key for a rules configuration variable.

  • value (pulumi.Input[str]) – String, Case-sensitive. Value for a rules configuration variable.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_auth0.Tenant(resource_name, opts=None, allowed_logout_urls=None, change_password=None, default_audience=None, default_directory=None, default_redirection_uri=None, enabled_locales=None, error_page=None, flags=None, friendly_name=None, guardian_mfa_page=None, idle_session_lifetime=None, picture_url=None, sandbox_version=None, session_lifetime=None, support_email=None, support_url=None, universal_login=None, __props__=None, __name__=None, __opts__=None)

With this resource, you can manage Auth0 tenants, including setting logos and support contact information, setting error pages, and configuring default tenant behaviors.

import pulumi
import pulumi_auth0 as auth0

tenant = auth0.Tenant("tenant",
    allowed_logout_urls=["http://mysite/logout"],
    change_password={
        "enabled": True,
        "html": (lambda path: open(path).read())("./password_reset.html"),
    },
    default_audience="<client_id>",
    default_directory="Connection-Name",
    error_page={
        "html": (lambda path: open(path).read())("./error.html"),
        "showLogLink": True,
        "url": "http://mysite/errors",
    },
    friendly_name="Tenant Name",
    guardian_mfa_page={
        "enabled": True,
        "html": (lambda path: open(path).read())("./guardian_multifactor.html"),
    },
    picture_url="http://mysite/logo.png",
    sandbox_version="8",
    session_lifetime=46000,
    support_email="support@mysite",
    support_url="http://mysite/support")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • allowed_logout_urls (pulumi.Input[list]) – List(String). URLs that Auth0 may redirect to after logout.

  • change_password (pulumi.Input[dict]) – List(Resource). Configuration settings for change passsword page. For details, see Change Password Page.

  • default_audience (pulumi.Input[str]) – String. API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.

  • default_directory (pulumi.Input[str]) – String. Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.

  • default_redirection_uri (pulumi.Input[str]) – String. The default absolute redirection uri, must be https and cannot contain a fragment.

  • error_page (pulumi.Input[dict]) – List(Resource). Configuration settings for error pages. For details, see Error Page.

  • flags (pulumi.Input[dict]) – List(Resource). Configuration settings for tenant flags. For details, see Flags.

  • friendly_name (pulumi.Input[str]) – String. Friendly name for the tenant.

  • guardian_mfa_page (pulumi.Input[dict]) – List(Resource). Configuration settings for the Guardian MFA page. For details, see Guardian MFA Page.

  • idle_session_lifetime (pulumi.Input[float]) – Integer. Number of hours during which a session can be inactive before the user must log in again.

  • picture_url (pulumi.Input[str]) – . String URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.

  • sandbox_version (pulumi.Input[str]) – String. Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0’s functionality.

  • session_lifetime (pulumi.Input[float]) – Integer. Number of hours during which a session will stay valid.

  • support_email (pulumi.Input[str]) – String. Support email address for authenticating users.

  • support_url (pulumi.Input[str]) – String. Support URL for authenticating users.

  • universal_login (pulumi.Input[dict]) – List(Resource). Configuration settings for Universal Login. For details, see Universal Login.

The change_password object supports the following:

  • enabled (pulumi.Input[bool]) - Boolean. Indicates whether or not to use the custom change password page.

  • html (pulumi.Input[str]) - String, HTML format with supported Liquid syntax. Customized content of the change password page.

The error_page object supports the following:

  • html (pulumi.Input[str]) - String, HTML format with supported Liquid syntax. Customized content of the error page.

  • showLogLink (pulumi.Input[bool]) - Boolean. Indicates whether or not to show the link to logs as part of the default error page.

  • url (pulumi.Input[str]) - String. URL to redirect to when an error occurs rather than showing the default error page.

The flags object supports the following:

  • changePwdFlowV1 (pulumi.Input[bool]) - Boolean. Indicates whether or not to use the older v1 change password flow. Not recommended except for backward compatibility.

  • disableClickjackProtectionHeaders (pulumi.Input[bool]) - Boolean. Indicated whether or not classic Universal Login prompts include additional security headers to prevent clickjacking.

  • enableApisSection (pulumi.Input[bool]) - Boolean. Indicates whether or not the APIs section is enabled for the tenant.

  • enableClientConnections (pulumi.Input[bool]) - Boolean. Indicates whether or not all current connections should be enabled when a new client is created.

  • enableCustomDomainInEmails (pulumi.Input[bool]) - Boolean. Indicates whether or not the tenant allows custom domains in emails.

  • enableDynamicClientRegistration (pulumi.Input[bool]) - Boolean. Indicates whether or not the tenant allows dynamic client registration.

  • enableLegacyLogsSearchV2 (pulumi.Input[bool]) - Boolean. Indicates whether or not to use the older v2 legacy logs search.

  • enablePipeline2 (pulumi.Input[bool]) - Boolean. Indicates whether or not advanced API Authorization scenarios are enabled.

  • enablePublicSignupUserExistsError (pulumi.Input[bool]) - Boolean. Indicates whether or not the public sign up process shows a user_exists error if the user already exists.

  • universal_login (pulumi.Input[bool]) - Boolean. Indicates whether or not the tenant uses universal login.

  • useScopeDescriptionsForConsent (pulumi.Input[bool])

The guardian_mfa_page object supports the following:

  • enabled (pulumi.Input[bool]) - Boolean. Indicates whether or not to use the custom Guardian page.

  • html (pulumi.Input[str]) - String, HTML format with supported Liquid syntax. Customized content of the Guardian page.

The universal_login object supports the following:

  • colors (pulumi.Input[dict]) - List(Resource). Configuration settings for Universal Login colors. See Universal Login - Colors.

    • pageBackground (pulumi.Input[str]) - String, Hexadecimal. Background color of login pages.

    • primary (pulumi.Input[str]) - String, Hexadecimal. Primary button background color.

allowed_logout_urls: pulumi.Output[list] = None

List(String). URLs that Auth0 may redirect to after logout.

change_password: pulumi.Output[dict] = None

List(Resource). Configuration settings for change passsword page. For details, see Change Password Page.

  • enabled (bool) - Boolean. Indicates whether or not to use the custom change password page.

  • html (str) - String, HTML format with supported Liquid syntax. Customized content of the change password page.

default_audience: pulumi.Output[str] = None

String. API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.

default_directory: pulumi.Output[str] = None

String. Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.

default_redirection_uri: pulumi.Output[str] = None

String. The default absolute redirection uri, must be https and cannot contain a fragment.

error_page: pulumi.Output[dict] = None

List(Resource). Configuration settings for error pages. For details, see Error Page.

  • html (str) - String, HTML format with supported Liquid syntax. Customized content of the error page.

  • showLogLink (bool) - Boolean. Indicates whether or not to show the link to logs as part of the default error page.

  • url (str) - String. URL to redirect to when an error occurs rather than showing the default error page.

flags: pulumi.Output[dict] = None

List(Resource). Configuration settings for tenant flags. For details, see Flags.

  • changePwdFlowV1 (bool) - Boolean. Indicates whether or not to use the older v1 change password flow. Not recommended except for backward compatibility.

  • disableClickjackProtectionHeaders (bool) - Boolean. Indicated whether or not classic Universal Login prompts include additional security headers to prevent clickjacking.

  • enableApisSection (bool) - Boolean. Indicates whether or not the APIs section is enabled for the tenant.

  • enableClientConnections (bool) - Boolean. Indicates whether or not all current connections should be enabled when a new client is created.

  • enableCustomDomainInEmails (bool) - Boolean. Indicates whether or not the tenant allows custom domains in emails.

  • enableDynamicClientRegistration (bool) - Boolean. Indicates whether or not the tenant allows dynamic client registration.

  • enableLegacyLogsSearchV2 (bool) - Boolean. Indicates whether or not to use the older v2 legacy logs search.

  • enablePipeline2 (bool) - Boolean. Indicates whether or not advanced API Authorization scenarios are enabled.

  • enablePublicSignupUserExistsError (bool) - Boolean. Indicates whether or not the public sign up process shows a user_exists error if the user already exists.

  • universal_login (bool) - Boolean. Indicates whether or not the tenant uses universal login.

  • useScopeDescriptionsForConsent (bool)

friendly_name: pulumi.Output[str] = None

String. Friendly name for the tenant.

guardian_mfa_page: pulumi.Output[dict] = None

List(Resource). Configuration settings for the Guardian MFA page. For details, see Guardian MFA Page.

  • enabled (bool) - Boolean. Indicates whether or not to use the custom Guardian page.

  • html (str) - String, HTML format with supported Liquid syntax. Customized content of the Guardian page.

idle_session_lifetime: pulumi.Output[float] = None

Integer. Number of hours during which a session can be inactive before the user must log in again.

picture_url: pulumi.Output[str] = None

. String URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.

sandbox_version: pulumi.Output[str] = None

String. Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0’s functionality.

session_lifetime: pulumi.Output[float] = None

Integer. Number of hours during which a session will stay valid.

support_email: pulumi.Output[str] = None

String. Support email address for authenticating users.

support_url: pulumi.Output[str] = None

String. Support URL for authenticating users.

universal_login: pulumi.Output[dict] = None

List(Resource). Configuration settings for Universal Login. For details, see Universal Login.

  • colors (dict) - List(Resource). Configuration settings for Universal Login colors. See Universal Login - Colors.

    • pageBackground (str) - String, Hexadecimal. Background color of login pages.

    • primary (str) - String, Hexadecimal. Primary button background color.

static get(resource_name, id, opts=None, allowed_logout_urls=None, change_password=None, default_audience=None, default_directory=None, default_redirection_uri=None, enabled_locales=None, error_page=None, flags=None, friendly_name=None, guardian_mfa_page=None, idle_session_lifetime=None, picture_url=None, sandbox_version=None, session_lifetime=None, support_email=None, support_url=None, universal_login=None)

Get an existing Tenant resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • allowed_logout_urls (pulumi.Input[list]) – List(String). URLs that Auth0 may redirect to after logout.

  • change_password (pulumi.Input[dict]) – List(Resource). Configuration settings for change passsword page. For details, see Change Password Page.

  • default_audience (pulumi.Input[str]) – String. API Audience to use by default for API Authorization flows. This setting is equivalent to appending the audience to every authorization request made to the tenant for every application.

  • default_directory (pulumi.Input[str]) – String. Name of the connection to be used for Password Grant exchanges. Options include auth0-adldap, ad, auth0, email, sms, waad, and adfs.

  • default_redirection_uri (pulumi.Input[str]) – String. The default absolute redirection uri, must be https and cannot contain a fragment.

  • error_page (pulumi.Input[dict]) – List(Resource). Configuration settings for error pages. For details, see Error Page.

  • flags (pulumi.Input[dict]) – List(Resource). Configuration settings for tenant flags. For details, see Flags.

  • friendly_name (pulumi.Input[str]) – String. Friendly name for the tenant.

  • guardian_mfa_page (pulumi.Input[dict]) – List(Resource). Configuration settings for the Guardian MFA page. For details, see Guardian MFA Page.

  • idle_session_lifetime (pulumi.Input[float]) – Integer. Number of hours during which a session can be inactive before the user must log in again.

  • picture_url (pulumi.Input[str]) – . String URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.

  • sandbox_version (pulumi.Input[str]) – String. Selected sandbox version for the extensibility environment, which allows you to use custom scripts to extend parts of Auth0’s functionality.

  • session_lifetime (pulumi.Input[float]) – Integer. Number of hours during which a session will stay valid.

  • support_email (pulumi.Input[str]) – String. Support email address for authenticating users.

  • support_url (pulumi.Input[str]) – String. Support URL for authenticating users.

  • universal_login (pulumi.Input[dict]) – List(Resource). Configuration settings for Universal Login. For details, see Universal Login.

The change_password object supports the following:

  • enabled (pulumi.Input[bool]) - Boolean. Indicates whether or not to use the custom change password page.

  • html (pulumi.Input[str]) - String, HTML format with supported Liquid syntax. Customized content of the change password page.

The error_page object supports the following:

  • html (pulumi.Input[str]) - String, HTML format with supported Liquid syntax. Customized content of the error page.

  • showLogLink (pulumi.Input[bool]) - Boolean. Indicates whether or not to show the link to logs as part of the default error page.

  • url (pulumi.Input[str]) - String. URL to redirect to when an error occurs rather than showing the default error page.

The flags object supports the following:

  • changePwdFlowV1 (pulumi.Input[bool]) - Boolean. Indicates whether or not to use the older v1 change password flow. Not recommended except for backward compatibility.

  • disableClickjackProtectionHeaders (pulumi.Input[bool]) - Boolean. Indicated whether or not classic Universal Login prompts include additional security headers to prevent clickjacking.

  • enableApisSection (pulumi.Input[bool]) - Boolean. Indicates whether or not the APIs section is enabled for the tenant.

  • enableClientConnections (pulumi.Input[bool]) - Boolean. Indicates whether or not all current connections should be enabled when a new client is created.

  • enableCustomDomainInEmails (pulumi.Input[bool]) - Boolean. Indicates whether or not the tenant allows custom domains in emails.

  • enableDynamicClientRegistration (pulumi.Input[bool]) - Boolean. Indicates whether or not the tenant allows dynamic client registration.

  • enableLegacyLogsSearchV2 (pulumi.Input[bool]) - Boolean. Indicates whether or not to use the older v2 legacy logs search.

  • enablePipeline2 (pulumi.Input[bool]) - Boolean. Indicates whether or not advanced API Authorization scenarios are enabled.

  • enablePublicSignupUserExistsError (pulumi.Input[bool]) - Boolean. Indicates whether or not the public sign up process shows a user_exists error if the user already exists.

  • universal_login (pulumi.Input[bool]) - Boolean. Indicates whether or not the tenant uses universal login.

  • useScopeDescriptionsForConsent (pulumi.Input[bool])

The guardian_mfa_page object supports the following:

  • enabled (pulumi.Input[bool]) - Boolean. Indicates whether or not to use the custom Guardian page.

  • html (pulumi.Input[str]) - String, HTML format with supported Liquid syntax. Customized content of the Guardian page.

The universal_login object supports the following:

  • colors (pulumi.Input[dict]) - List(Resource). Configuration settings for Universal Login colors. See Universal Login - Colors.

    • pageBackground (pulumi.Input[str]) - String, Hexadecimal. Background color of login pages.

    • primary (pulumi.Input[str]) - String, Hexadecimal. Primary button background color.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_auth0.User(resource_name, opts=None, app_metadata=None, blocked=None, connection_name=None, email=None, email_verified=None, family_name=None, given_name=None, name=None, nickname=None, password=None, phone_number=None, phone_verified=None, picture=None, roles=None, user_id=None, user_metadata=None, username=None, verify_email=None, __props__=None, __name__=None, __opts__=None)

With this resource, you can manage user identities, including resetting passwords, and creating, provisioning, blocking, and deleting users.

import pulumi
import pulumi_auth0 as auth0

admin = auth0.Role("admin", description="Administrator")
user = auth0.User("user",
    connection_name="Username-Password-Authentication",
    user_id="12345",
    username="unique_username",
    given_name="Firstname",
    family_name="Lastname",
    nickname="some.nickname",
    email="test@test.com",
    email_verified=True,
    password="passpass$12$12",
    roles=[admin.id])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • app_metadata (pulumi.Input[str]) – String, JSON format. Custom fields that store info about the user that impact the user’s core functionality, such as how an application functions or what the user can access. Examples include support plans and IDs for external accounts.

  • connection_name (pulumi.Input[str]) – String. Name of the connection from which the user information was sourced.

  • email (pulumi.Input[str]) – String. Email address of the user.

  • email_verified (pulumi.Input[bool]) – Boolean. Indicates whether or not the email address has been verified.

  • nickname (pulumi.Input[str]) – String. Preferred nickname or alias of the user.

  • password (pulumi.Input[str]) – String, Case-sensitive. Initial password for this user. Used for non-SMS connections.

  • phone_number (pulumi.Input[str]) – String. Phone number for the user; follows the E.164 recommendation. Used for SMS connections.

  • phone_verified (pulumi.Input[bool]) – Boolean. Indicates whether or not the phone number has been verified.

  • roles (pulumi.Input[list]) – Set(String). Set of IDs of roles assigned to the user.

  • user_id (pulumi.Input[str]) – String. ID of the user.

  • user_metadata (pulumi.Input[str]) – String, JSON format. Custom fields that store info about the user that does not impact a user’s core functionality. Examples include work address, home address, and user preferences.

  • username (pulumi.Input[str]) – String. Username of the user. Only valid if the connection requires a username.

  • verify_email (pulumi.Input[bool]) – Boolean. Indicates whether or not the user will receive a verification email after creation. Overrides behavior of email_verified parameter.

app_metadata: pulumi.Output[str] = None

String, JSON format. Custom fields that store info about the user that impact the user’s core functionality, such as how an application functions or what the user can access. Examples include support plans and IDs for external accounts.

connection_name: pulumi.Output[str] = None

String. Name of the connection from which the user information was sourced.

email: pulumi.Output[str] = None

String. Email address of the user.

email_verified: pulumi.Output[bool] = None

Boolean. Indicates whether or not the email address has been verified.

nickname: pulumi.Output[str] = None

String. Preferred nickname or alias of the user.

password: pulumi.Output[str] = None

String, Case-sensitive. Initial password for this user. Used for non-SMS connections.

phone_number: pulumi.Output[str] = None

String. Phone number for the user; follows the E.164 recommendation. Used for SMS connections.

phone_verified: pulumi.Output[bool] = None

Boolean. Indicates whether or not the phone number has been verified.

roles: pulumi.Output[list] = None

Set(String). Set of IDs of roles assigned to the user.

user_id: pulumi.Output[str] = None

String. ID of the user.

user_metadata: pulumi.Output[str] = None

String, JSON format. Custom fields that store info about the user that does not impact a user’s core functionality. Examples include work address, home address, and user preferences.

username: pulumi.Output[str] = None

String. Username of the user. Only valid if the connection requires a username.

verify_email: pulumi.Output[bool] = None

Boolean. Indicates whether or not the user will receive a verification email after creation. Overrides behavior of email_verified parameter.

static get(resource_name, id, opts=None, app_metadata=None, blocked=None, connection_name=None, email=None, email_verified=None, family_name=None, given_name=None, name=None, nickname=None, password=None, phone_number=None, phone_verified=None, picture=None, roles=None, user_id=None, user_metadata=None, username=None, verify_email=None)

Get an existing User resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • app_metadata (pulumi.Input[str]) – String, JSON format. Custom fields that store info about the user that impact the user’s core functionality, such as how an application functions or what the user can access. Examples include support plans and IDs for external accounts.

  • connection_name (pulumi.Input[str]) – String. Name of the connection from which the user information was sourced.

  • email (pulumi.Input[str]) – String. Email address of the user.

  • email_verified (pulumi.Input[bool]) – Boolean. Indicates whether or not the email address has been verified.

  • nickname (pulumi.Input[str]) – String. Preferred nickname or alias of the user.

  • password (pulumi.Input[str]) – String, Case-sensitive. Initial password for this user. Used for non-SMS connections.

  • phone_number (pulumi.Input[str]) – String. Phone number for the user; follows the E.164 recommendation. Used for SMS connections.

  • phone_verified (pulumi.Input[bool]) – Boolean. Indicates whether or not the phone number has been verified.

  • roles (pulumi.Input[list]) – Set(String). Set of IDs of roles assigned to the user.

  • user_id (pulumi.Input[str]) – String. ID of the user.

  • user_metadata (pulumi.Input[str]) – String, JSON format. Custom fields that store info about the user that does not impact a user’s core functionality. Examples include work address, home address, and user preferences.

  • username (pulumi.Input[str]) – String. Username of the user. Only valid if the connection requires a username.

  • verify_email (pulumi.Input[bool]) – Boolean. Indicates whether or not the user will receive a verification email after creation. Overrides behavior of email_verified parameter.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str