openid¶

class pulumi_keycloak.openid.AudienceProtocolMapper(resource_name, opts=None, add_to_access_token=None, add_to_id_token=None, client_id=None, client_scope_id=None, included_client_audience=None, included_custom_audience=None, name=None, realm_id=None, __props__=None, __name__=None, __opts__=None)¶

Allows for creating and managing audience protocol mappers within Keycloak. This mapper was added in Keycloak v4.6.0.Final.

Audience protocol mappers allow you add audiences to the aud claim within issued tokens. The audience can be a custom string, or it can be mapped to the ID of a pre-existing client.

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
openid_client = keycloak.openid.Client("openidClient",
    access_type="CONFIDENTIAL",
    client_id="test-client",
    enabled=True,
    realm_id=realm.id,
    valid_redirect_uris=["http://localhost:8080/openid-callback"])
audience_mapper = keycloak.openid.AudienceProtocolMapper("audienceMapper",
    client_id=openid_client.id,
    included_custom_audience="foo",
    realm_id=realm.id)

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id)
audience_mapper = keycloak.openid.AudienceProtocolMapper("audienceMapper",
    client_scope_id=client_scope.id,
    included_custom_audience="foo",
    realm_id=realm.id)

The following arguments are supported:

• realm_id - (Required) The realm this protocol mapper exists within.

• client_id - (Required if client_scope_id is not specified) The client this protocol mapper is attached to.

• client_scope_id - (Required if client_id is not specified) The client scope this protocol mapper is attached to.

• name - (Required) The display name of this protocol mapper in the GUI.

• included_client_audience - (Required if included_custom_audience is not specified) A client ID to include within the token’s aud claim.

• included_custom_audience - (Required if included_client_audience is not specified) A custom audience to include within the token’s aud claim.

• add_to_id_token - (Optional) Indicates if the audience should be included in the aud claim for the id token. Defaults to true.

• add_to_access_token - (Optional) Indicates if the audience should be included in the aud claim for the id token. Defaults to true.

Parameters

• resource_name (str) – The name of the resource.

• opts (pulumi.ResourceOptions) – Options for the resource.

• add_to_access_token (pulumi.Input[bool]) – Indicates if this claim should be added to the access token.

• add_to_id_token (pulumi.Input[bool]) – Indicates if this claim should be added to the id token.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• included_client_audience (pulumi.Input[str]) – A client ID to include within the token’s aud claim. Cannot be used with included_custom_audience

• included_custom_audience (pulumi.Input[str]) – A custom audience to include within the token’s aud claim. Cannot be used with included_custom_audience

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

add_to_access_token: pulumi.Output[bool] = None¶

Indicates if this claim should be added to the access token.

add_to_id_token: pulumi.Output[bool] = None¶

Indicates if this claim should be added to the id token.

client_id: pulumi.Output[str] = None¶

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

client_scope_id: pulumi.Output[str] = None¶

The mapper’s associated client scope. Cannot be used at the same time as client_id.

included_client_audience: pulumi.Output[str] = None¶

A client ID to include within the token’s aud claim. Cannot be used with included_custom_audience

included_custom_audience: pulumi.Output[str] = None¶

A custom audience to include within the token’s aud claim. Cannot be used with included_custom_audience

name: pulumi.Output[str] = None¶

A human-friendly name that will appear in the Keycloak console.

realm_id: pulumi.Output[str] = None¶

The realm id where the associated client or client scope exists.

static get(resource_name, id, opts=None, add_to_access_token=None, add_to_id_token=None, client_id=None, client_scope_id=None, included_client_audience=None, included_custom_audience=None, name=None, realm_id=None)¶

Get an existing AudienceProtocolMapper resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

• add_to_access_token (pulumi.Input[bool]) – Indicates if this claim should be added to the access token.

• add_to_id_token (pulumi.Input[bool]) – Indicates if this claim should be added to the id token.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• included_client_audience (pulumi.Input[str]) – A client ID to include within the token’s aud claim. Cannot be used with included_custom_audience

• included_custom_audience (pulumi.Input[str]) – A custom audience to include within the token’s aud claim. Cannot be used with included_custom_audience

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.AwaitableGetClientAuthorizationPolicyResult(decision_strategy=None, id=None, logic=None, name=None, owner=None, policies=None, realm_id=None, resource_server_id=None, resources=None, scopes=None, type=None)¶

class pulumi_keycloak.openid.AwaitableGetClientResult(access_type=None, authentication_flow_binding_overrides=None, authorization=None, client_id=None, client_secret=None, consent_required=None, description=None, direct_access_grants_enabled=None, enabled=None, full_scope_allowed=None, id=None, implicit_flow_enabled=None, login_theme=None, name=None, realm_id=None, resource_server_id=None, root_url=None, service_account_user_id=None, service_accounts_enabled=None, standard_flow_enabled=None, valid_redirect_uris=None, web_origins=None)¶

class pulumi_keycloak.openid.AwaitableGetClientServiceAccountUserResult(attributes=None, client_id=None, email=None, enabled=None, federated_identities=None, first_name=None, id=None, last_name=None, realm_id=None, username=None)¶

class pulumi_keycloak.openid.Client(resource_name, opts=None, access_token_lifespan=None, access_type=None, admin_url=None, authentication_flow_binding_overrides=None, authorization=None, base_url=None, client_id=None, client_secret=None, consent_required=None, description=None, direct_access_grants_enabled=None, enabled=None, exclude_session_state_from_auth_response=None, full_scope_allowed=None, implicit_flow_enabled=None, login_theme=None, name=None, pkce_code_challenge_method=None, realm_id=None, root_url=None, service_accounts_enabled=None, standard_flow_enabled=None, valid_redirect_uris=None, web_origins=None, __props__=None, __name__=None, __opts__=None)¶

Allows for creating and managing Keycloak clients that use the OpenID Connect protocol.

Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users to Keycloak for authentication in order to take advantage of Keycloak’s user sessions for SSO.

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
openid_client = keycloak.openid.Client("openidClient",
    access_type="CONFIDENTIAL",
    client_id="test-client",
    enabled=True,
    realm_id=realm.id,
    valid_redirect_uris=["http://localhost:8080/openid-callback"])

The following arguments are supported:

• realm_id - (Required) The realm this client is attached to.

• client_id - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens.

• name - (Optional) The display name of this client in the GUI.

• enabled - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true.

• description - (Optional) The description of this client in the GUI.

• access_type - (Required) Specifies the type of client, which can be one of the following:

  • CONFIDENTIAL - Used for server-side clients that require both client ID and secret when authenticating. This client should be used for applications using the Authorization Code or Client Credentials grant flows.

  • PUBLIC - Used for browser-only applications that do not require a client secret, and instead rely only on authorized redirect URIs for security. This client should be used for applications using the Implicit grant flow.

  • BEARER-ONLY - Used for services that never initiate a login. This client will only allow bearer token requests.

• client_secret - (Optional) The secret for clients with an access_type of CONFIDENTIAL or BEARER-ONLY. This value is sensitive and should be treated with the same care as a password. If omitted, Keycloak will generate a GUID for this attribute.

• standard_flow_enabled - (Optional) When true, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to false.

• implicit_flow_enabled - (Optional) When true, the OAuth2 Implicit Grant will be enabled for this client. Defaults to false.

• direct_access_grants_enabled - (Optional) When true, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to false.

• service_accounts_enabled - (Optional) When true, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to false.

• valid_redirect_uris - (Optional) A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple wildcards in the form of an asterisk can be used here. This attribute must be set if either standard_flow_enabled or implicit_flow_enabled is set to true.

• web_origins - (Optional) A list of allowed CORS origins. + can be used to permit all valid redirect URIs, and * can be used to permit all origins.

• admin_url - (Optional) URL to the admin interface of the client.

• base_url - (Optional) Default URL to use when the auth server needs to redirect or link back to the client.

• pkce_code_challenge_method - (Optional) The challenge method to use for Proof Key for Code Exchange. Can be either plain or S256 or set to empty value ``.

• full_scope_allowed - (Optional) - Allow to include all roles mappings in the access token.

In addition to the arguments listed above, the following computed attributes are exported:

• service_account_user_id - When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account.

Parameters

• resource_name (str) – The name of the resource.

• opts (pulumi.ResourceOptions) – Options for the resource.

The authentication_flow_binding_overrides object supports the following:

• browserId (pulumi.Input[str])

• directGrantId (pulumi.Input[str])

The authorization object supports the following:

• allowRemoteResourceManagement (pulumi.Input[bool])

• keepDefaults (pulumi.Input[bool])

• policyEnforcementMode (pulumi.Input[str])

static get(resource_name, id, opts=None, access_token_lifespan=None, access_type=None, admin_url=None, authentication_flow_binding_overrides=None, authorization=None, base_url=None, client_id=None, client_secret=None, consent_required=None, description=None, direct_access_grants_enabled=None, enabled=None, exclude_session_state_from_auth_response=None, full_scope_allowed=None, implicit_flow_enabled=None, login_theme=None, name=None, pkce_code_challenge_method=None, realm_id=None, resource_server_id=None, root_url=None, service_account_user_id=None, service_accounts_enabled=None, standard_flow_enabled=None, valid_redirect_uris=None, web_origins=None)¶

Get an existing Client resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

The authentication_flow_binding_overrides object supports the following:

• browserId (pulumi.Input[str])

• directGrantId (pulumi.Input[str])

The authorization object supports the following:

• allowRemoteResourceManagement (pulumi.Input[bool])

• keepDefaults (pulumi.Input[bool])

• policyEnforcementMode (pulumi.Input[str])

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.ClientAggregatePolicy(resource_name, opts=None, decision_strategy=None, description=None, logic=None, name=None, policies=None, realm_id=None, resource_server_id=None, __props__=None, __name__=None, __opts__=None)¶

Create a ClientAggregatePolicy resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource.

static get(resource_name, id, opts=None, decision_strategy=None, description=None, logic=None, name=None, policies=None, realm_id=None, resource_server_id=None)¶

Get an existing ClientAggregatePolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.ClientAuthorizationPermission(resource_name, opts=None, decision_strategy=None, description=None, name=None, policies=None, realm_id=None, resource_server_id=None, resources=None, scopes=None, type=None, __props__=None, __name__=None, __opts__=None)¶

Create a ClientAuthorizationPermission resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource.

static get(resource_name, id, opts=None, decision_strategy=None, description=None, name=None, policies=None, realm_id=None, resource_server_id=None, resources=None, scopes=None, type=None)¶

Get an existing ClientAuthorizationPermission resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.ClientAuthorizationResource(resource_name, opts=None, attributes=None, display_name=None, icon_uri=None, name=None, owner_managed_access=None, realm_id=None, resource_server_id=None, scopes=None, type=None, uris=None, __props__=None, __name__=None, __opts__=None)¶

Create a ClientAuthorizationResource resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource.

static get(resource_name, id, opts=None, attributes=None, display_name=None, icon_uri=None, name=None, owner_managed_access=None, realm_id=None, resource_server_id=None, scopes=None, type=None, uris=None)¶

Get an existing ClientAuthorizationResource resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.ClientAuthorizationScope(resource_name, opts=None, display_name=None, icon_uri=None, name=None, realm_id=None, resource_server_id=None, __props__=None, __name__=None, __opts__=None)¶

Create a ClientAuthorizationScope resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource.

static get(resource_name, id, opts=None, display_name=None, icon_uri=None, name=None, realm_id=None, resource_server_id=None)¶

Get an existing ClientAuthorizationScope resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.ClientDefaultScopes(resource_name, opts=None, client_id=None, default_scopes=None, realm_id=None, __props__=None, __name__=None, __opts__=None)¶

Create a ClientDefaultScopes resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource.

static get(resource_name, id, opts=None, client_id=None, default_scopes=None, realm_id=None)¶

Get an existing ClientDefaultScopes resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.ClientGroupPolicy(resource_name, opts=None, decision_strategy=None, description=None, groups=None, groups_claim=None, logic=None, name=None, realm_id=None, resource_server_id=None, __props__=None, __name__=None, __opts__=None)¶

Create a ClientGroupPolicy resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource.

The groups object supports the following:

• extendChildren (pulumi.Input[bool])

• id (pulumi.Input[str])

• path (pulumi.Input[str])

static get(resource_name, id, opts=None, decision_strategy=None, description=None, groups=None, groups_claim=None, logic=None, name=None, realm_id=None, resource_server_id=None)¶

Get an existing ClientGroupPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

The groups object supports the following:

• extendChildren (pulumi.Input[bool])

• id (pulumi.Input[str])

• path (pulumi.Input[str])

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.ClientJsPolicy(resource_name, opts=None, code=None, decision_strategy=None, description=None, logic=None, name=None, realm_id=None, resource_server_id=None, type=None, __props__=None, __name__=None, __opts__=None)¶

Create a ClientJsPolicy resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource.

static get(resource_name, id, opts=None, code=None, decision_strategy=None, description=None, logic=None, name=None, realm_id=None, resource_server_id=None, type=None)¶

Get an existing ClientJsPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.ClientOptionalScopes(resource_name, opts=None, client_id=None, optional_scopes=None, realm_id=None, __props__=None, __name__=None, __opts__=None)¶

Create a ClientOptionalScopes resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource.

static get(resource_name, id, opts=None, client_id=None, optional_scopes=None, realm_id=None)¶

Get an existing ClientOptionalScopes resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.ClientPolicy(resource_name, opts=None, clients=None, decision_strategy=None, description=None, logic=None, name=None, realm_id=None, resource_server_id=None, __props__=None, __name__=None, __opts__=None)¶

Create a ClientPolicy resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource.

static get(resource_name, id, opts=None, clients=None, decision_strategy=None, description=None, logic=None, name=None, realm_id=None, resource_server_id=None)¶

Get an existing ClientPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.ClientRolePolicy(resource_name, opts=None, decision_strategy=None, description=None, logic=None, name=None, realm_id=None, resource_server_id=None, roles=None, type=None, __props__=None, __name__=None, __opts__=None)¶

Create a ClientRolePolicy resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource.

The roles object supports the following:

• id (pulumi.Input[str])

• required (pulumi.Input[bool])

static get(resource_name, id, opts=None, decision_strategy=None, description=None, logic=None, name=None, realm_id=None, resource_server_id=None, roles=None, type=None)¶

Get an existing ClientRolePolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

The roles object supports the following:

• id (pulumi.Input[str])

• required (pulumi.Input[bool])

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.ClientScope(resource_name, opts=None, consent_screen_text=None, description=None, name=None, realm_id=None, __props__=None, __name__=None, __opts__=None)¶

Allows for creating and managing Keycloak client scopes that can be attached to clients that use the OpenID Connect protocol.

Client Scopes can be used to share common protocol and role mappings between multiple clients within a realm. They can also be used by clients to conditionally request claims or roles for a user based on the OAuth 2.0 scope parameter.

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
openid_client_scope = keycloak.openid.ClientScope("openidClientScope",
    description="When requested, this scope will map a user's group memberships to a claim",
    realm_id=realm.id)

The following arguments are supported:

• realm_id - (Required) The realm this client scope belongs to.

• name - (Required) The display name of this client scope in the GUI.

• description - (Optional) The description of this client scope in the GUI.

• consent_screen_text - (Optional) When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.

Parameters

• resource_name (str) – The name of the resource.

• opts (pulumi.ResourceOptions) – Options for the resource.

static get(resource_name, id, opts=None, consent_screen_text=None, description=None, name=None, realm_id=None)¶

Get an existing ClientScope resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.ClientServiceAccountRealmRole(resource_name, opts=None, realm_id=None, role=None, service_account_user_id=None, __props__=None, __name__=None, __opts__=None)¶

Create a ClientServiceAccountRealmRole resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource.

static get(resource_name, id, opts=None, realm_id=None, role=None, service_account_user_id=None)¶

Get an existing ClientServiceAccountRealmRole resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.ClientServiceAccountRole(resource_name, opts=None, client_id=None, realm_id=None, role=None, service_account_user_id=None, __props__=None, __name__=None, __opts__=None)¶

Create a ClientServiceAccountRole resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource.

static get(resource_name, id, opts=None, client_id=None, realm_id=None, role=None, service_account_user_id=None)¶

Get an existing ClientServiceAccountRole resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.ClientTimePolicy(resource_name, opts=None, day_month=None, day_month_end=None, decision_strategy=None, description=None, hour=None, hour_end=None, logic=None, minute=None, minute_end=None, month=None, month_end=None, name=None, not_before=None, not_on_or_after=None, realm_id=None, resource_server_id=None, year=None, year_end=None, __props__=None, __name__=None, __opts__=None)¶

Create a ClientTimePolicy resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource.

static get(resource_name, id, opts=None, day_month=None, day_month_end=None, decision_strategy=None, description=None, hour=None, hour_end=None, logic=None, minute=None, minute_end=None, month=None, month_end=None, name=None, not_before=None, not_on_or_after=None, realm_id=None, resource_server_id=None, year=None, year_end=None)¶

Get an existing ClientTimePolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.ClientUserPolicy(resource_name, opts=None, decision_strategy=None, description=None, logic=None, name=None, realm_id=None, resource_server_id=None, users=None, __props__=None, __name__=None, __opts__=None)¶

Create a ClientUserPolicy resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource.

static get(resource_name, id, opts=None, decision_strategy=None, description=None, logic=None, name=None, realm_id=None, resource_server_id=None, users=None)¶

Get an existing ClientUserPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.FullNameProtocolMapper(resource_name, opts=None, add_to_access_token=None, add_to_id_token=None, add_to_userinfo=None, client_id=None, client_scope_id=None, name=None, realm_id=None, __props__=None, __name__=None, __opts__=None)¶

Allows for creating and managing full name protocol mappers within Keycloak.

Full name protocol mappers allow you to map a user’s first and last name to the OpenID Connect name claim in a token. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
openid_client = keycloak.openid.Client("openidClient",
    access_type="CONFIDENTIAL",
    client_id="test-client",
    enabled=True,
    realm_id=realm.id,
    valid_redirect_uris=["http://localhost:8080/openid-callback"])
full_name_mapper = keycloak.openid.FullNameProtocolMapper("fullNameMapper",
    client_id=openid_client.id,
    realm_id=realm.id)

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id)
full_name_mapper = keycloak.openid.FullNameProtocolMapper("fullNameMapper",
    client_scope_id=client_scope.id,
    realm_id=realm.id)

The following arguments are supported:

• realm_id - (Required) The realm this protocol mapper exists within.

• client_id - (Required if client_scope_id is not specified) The client this protocol mapper is attached to.

• client_scope_id - (Required if client_id is not specified) The client scope this protocol mapper is attached to.

• name - (Required) The display name of this protocol mapper in the GUI.

• add_to_id_token - (Optional) Indicates if the user’s full name should be added as a claim to the id token. Defaults to true.

• add_to_access_token - (Optional) Indicates if the user’s full name should be added as a claim to the access token. Defaults to true.

• add_to_userinfo - (Optional) Indicates if the user’s full name should be added as a claim to the UserInfo response body. Defaults to true.

Parameters

• resource_name (str) – The name of the resource.

• opts (pulumi.ResourceOptions) – Options for the resource.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

client_id: pulumi.Output[str] = None¶

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

client_scope_id: pulumi.Output[str] = None¶

The mapper’s associated client scope. Cannot be used at the same time as client_id.

name: pulumi.Output[str] = None¶

A human-friendly name that will appear in the Keycloak console.

realm_id: pulumi.Output[str] = None¶

The realm id where the associated client or client scope exists.

static get(resource_name, id, opts=None, add_to_access_token=None, add_to_id_token=None, add_to_userinfo=None, client_id=None, client_scope_id=None, name=None, realm_id=None)¶

Get an existing FullNameProtocolMapper resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.GetClientAuthorizationPolicyResult(decision_strategy=None, id=None, logic=None, name=None, owner=None, policies=None, realm_id=None, resource_server_id=None, resources=None, scopes=None, type=None)¶

A collection of values returned by getClientAuthorizationPolicy.

id = None¶

The provider-assigned unique ID for this managed resource.

class pulumi_keycloak.openid.GetClientResult(access_type=None, authentication_flow_binding_overrides=None, authorization=None, client_id=None, client_secret=None, consent_required=None, description=None, direct_access_grants_enabled=None, enabled=None, full_scope_allowed=None, id=None, implicit_flow_enabled=None, login_theme=None, name=None, realm_id=None, resource_server_id=None, root_url=None, service_account_user_id=None, service_accounts_enabled=None, standard_flow_enabled=None, valid_redirect_uris=None, web_origins=None)¶

A collection of values returned by getClient.

id = None¶

The provider-assigned unique ID for this managed resource.

class pulumi_keycloak.openid.GetClientServiceAccountUserResult(attributes=None, client_id=None, email=None, enabled=None, federated_identities=None, first_name=None, id=None, last_name=None, realm_id=None, username=None)¶

A collection of values returned by getClientServiceAccountUser.

id = None¶

The provider-assigned unique ID for this managed resource.

class pulumi_keycloak.openid.GroupMembershipProtocolMapper(resource_name, opts=None, add_to_access_token=None, add_to_id_token=None, add_to_userinfo=None, claim_name=None, client_id=None, client_scope_id=None, full_path=None, name=None, realm_id=None, __props__=None, __name__=None, __opts__=None)¶

Allows for creating and managing group membership protocol mappers within Keycloak.

Group membership protocol mappers allow you to map a user’s group memberships to a claim in a token. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
openid_client = keycloak.openid.Client("openidClient",
    access_type="CONFIDENTIAL",
    client_id="test-client",
    enabled=True,
    realm_id=realm.id,
    valid_redirect_uris=["http://localhost:8080/openid-callback"])
group_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper",
    claim_name="groups",
    client_id=openid_client.id,
    realm_id=realm.id)

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id)
group_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper",
    claim_name="groups",
    client_scope_id=client_scope.id,
    realm_id=realm.id)

The following arguments are supported:

• realm_id - (Required) The realm this protocol mapper exists within.

• client_id - (Required if client_scope_id is not specified) The client this protocol mapper is attached to.

• client_scope_id - (Required if client_id is not specified) The client scope this protocol mapper is attached to.

• name - (Required) The display name of this protocol mapper in the GUI.

• claim_name - (Required) The name of the claim to insert into a token.

• full_path - (Optional) Indicates whether the full path of the group including its parents will be used. Defaults to true.

• add_to_id_token - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to true.

• add_to_access_token - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to true.

• add_to_userinfo - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to true.

Parameters

• resource_name (str) – The name of the resource.

• opts (pulumi.ResourceOptions) – Options for the resource.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

client_id: pulumi.Output[str] = None¶

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

client_scope_id: pulumi.Output[str] = None¶

The mapper’s associated client scope. Cannot be used at the same time as client_id.

name: pulumi.Output[str] = None¶

A human-friendly name that will appear in the Keycloak console.

realm_id: pulumi.Output[str] = None¶

The realm id where the associated client or client scope exists.

static get(resource_name, id, opts=None, add_to_access_token=None, add_to_id_token=None, add_to_userinfo=None, claim_name=None, client_id=None, client_scope_id=None, full_path=None, name=None, realm_id=None)¶

Get an existing GroupMembershipProtocolMapper resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.HardcodedClaimProtocolMapper(resource_name, opts=None, add_to_access_token=None, add_to_id_token=None, add_to_userinfo=None, claim_name=None, claim_value=None, claim_value_type=None, client_id=None, client_scope_id=None, name=None, realm_id=None, __props__=None, __name__=None, __opts__=None)¶

Allows for creating and managing hardcoded claim protocol mappers within Keycloak.

Hardcoded claim protocol mappers allow you to define a claim with a hardcoded value. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
openid_client = keycloak.openid.Client("openidClient",
    access_type="CONFIDENTIAL",
    client_id="test-client",
    enabled=True,
    realm_id=realm.id,
    valid_redirect_uris=["http://localhost:8080/openid-callback"])
hardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper",
    claim_name="foo",
    claim_value="bar",
    client_id=openid_client.id,
    realm_id=realm.id)

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id)
hardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper",
    claim_name="foo",
    claim_value="bar",
    client_scope_id=client_scope.id,
    realm_id=realm.id)

The following arguments are supported:

• realm_id - (Required) The realm this protocol mapper exists within.

• client_id - (Required if client_scope_id is not specified) The client this protocol mapper is attached to.

• client_scope_id - (Required if client_id is not specified) The client scope this protocol mapper is attached to.

• name - (Required) The display name of this protocol mapper in the GUI.

• claim_name - (Required) The name of the claim to insert into a token.

• claim_value - (Required) The hardcoded value of the claim.

• claim_value_type - (Optional) The claim type used when serializing JSON tokens. Can be one of String, long, int, or boolean. Defaults to String.

• add_to_id_token - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to true.

• add_to_access_token - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to true.

• add_to_userinfo - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to true.

Parameters

• resource_name (str) – The name of the resource.

• opts (pulumi.ResourceOptions) – Options for the resource.

• add_to_access_token (pulumi.Input[bool]) – Indicates if the attribute should be a claim in the access token.

• add_to_id_token (pulumi.Input[bool]) – Indicates if the attribute should be a claim in the id token.

• add_to_userinfo (pulumi.Input[bool]) – Indicates if the attribute should appear in the userinfo response body.

• claim_value_type (pulumi.Input[str]) – Claim type used when serializing tokens.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

add_to_access_token: pulumi.Output[bool] = None¶

Indicates if the attribute should be a claim in the access token.

add_to_id_token: pulumi.Output[bool] = None¶

Indicates if the attribute should be a claim in the id token.

add_to_userinfo: pulumi.Output[bool] = None¶

Indicates if the attribute should appear in the userinfo response body.

claim_value_type: pulumi.Output[str] = None¶

Claim type used when serializing tokens.

client_id: pulumi.Output[str] = None¶

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

client_scope_id: pulumi.Output[str] = None¶

The mapper’s associated client scope. Cannot be used at the same time as client_id.

name: pulumi.Output[str] = None¶

A human-friendly name that will appear in the Keycloak console.

realm_id: pulumi.Output[str] = None¶

The realm id where the associated client or client scope exists.

static get(resource_name, id, opts=None, add_to_access_token=None, add_to_id_token=None, add_to_userinfo=None, claim_name=None, claim_value=None, claim_value_type=None, client_id=None, client_scope_id=None, name=None, realm_id=None)¶

Get an existing HardcodedClaimProtocolMapper resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

• add_to_access_token (pulumi.Input[bool]) – Indicates if the attribute should be a claim in the access token.

• add_to_id_token (pulumi.Input[bool]) – Indicates if the attribute should be a claim in the id token.

• add_to_userinfo (pulumi.Input[bool]) – Indicates if the attribute should appear in the userinfo response body.

• claim_value_type (pulumi.Input[str]) – Claim type used when serializing tokens.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.HardcodedRoleProtocolMapper(resource_name, opts=None, client_id=None, client_scope_id=None, name=None, realm_id=None, role_id=None, __props__=None, __name__=None, __opts__=None)¶

Allows for creating and managing hardcoded role protocol mappers within Keycloak.

Hardcoded role protocol mappers allow you to specify a single role to always map to an access token for a client. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
role = keycloak.Role("role", realm_id=realm.id)
openid_client = keycloak.openid.Client("openidClient",
    access_type="CONFIDENTIAL",
    client_id="test-client",
    enabled=True,
    realm_id=realm.id,
    valid_redirect_uris=["http://localhost:8080/openid-callback"])
hardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleMapper",
    client_id=openid_client.id,
    realm_id=realm.id,
    role_id=role.id)

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
role = keycloak.Role("role", realm_id=realm.id)
client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id)
hardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleMapper",
    client_scope_id=client_scope.id,
    realm_id=realm.id,
    role_id=role.id)

The following arguments are supported:

• realm_id - (Required) The realm this protocol mapper exists within.

• client_id - (Required if client_scope_id is not specified) The client this protocol mapper is attached to.

• client_scope_id - (Required if client_id is not specified) The client scope this protocol mapper is attached to.

• name - (Required) The display name of this protocol mapper in the GUI.

• role_id - (Required) The ID of the role to map to an access token.

Parameters

• resource_name (str) – The name of the resource.

• opts (pulumi.ResourceOptions) – Options for the resource.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

client_id: pulumi.Output[str] = None¶

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

client_scope_id: pulumi.Output[str] = None¶

The mapper’s associated client scope. Cannot be used at the same time as client_id.

name: pulumi.Output[str] = None¶

A human-friendly name that will appear in the Keycloak console.

realm_id: pulumi.Output[str] = None¶

The realm id where the associated client or client scope exists.

static get(resource_name, id, opts=None, client_id=None, client_scope_id=None, name=None, realm_id=None, role_id=None)¶

Get an existing HardcodedRoleProtocolMapper resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.UserAttributeProtocolMapper(resource_name, opts=None, add_to_access_token=None, add_to_id_token=None, add_to_userinfo=None, aggregate_attributes=None, claim_name=None, claim_value_type=None, client_id=None, client_scope_id=None, multivalued=None, name=None, realm_id=None, user_attribute=None, __props__=None, __name__=None, __opts__=None)¶

Allows for creating and managing user attribute protocol mappers within Keycloak.

User attribute protocol mappers allow you to map custom attributes defined for a user within Keycloak to a claim in a token. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
openid_client = keycloak.openid.Client("openidClient",
    access_type="CONFIDENTIAL",
    client_id="test-client",
    enabled=True,
    realm_id=realm.id,
    valid_redirect_uris=["http://localhost:8080/openid-callback"])
user_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper("userAttributeMapper",
    claim_name="bar",
    client_id=openid_client.id,
    realm_id=realm.id,
    user_attribute="foo")

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id)
user_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper("userAttributeMapper",
    claim_name="bar",
    client_scope_id=client_scope.id,
    realm_id=realm.id,
    user_attribute="foo")

The following arguments are supported:

• realm_id - (Required) The realm this protocol mapper exists within.

• client_id - (Required if client_scope_id is not specified) The client this protocol mapper is attached to.

• client_scope_id - (Required if client_id is not specified) The client scope this protocol mapper is attached to.

• name - (Required) The display name of this protocol mapper in the GUI.

• user_attribute - (Required) The custom user attribute to map a claim for.

• claim_name - (Required) The name of the claim to insert into a token.

• claim_value_type - (Optional) The claim type used when serializing JSON tokens. Can be one of String, long, int, or boolean. Defaults to String.

• multivalued - (Optional) Indicates whether this attribute is a single value or an array of values. Defaults to false.

• add_to_id_token - (Optional) Indicates if the attribute should be added as a claim to the id token. Defaults to true.

• add_to_access_token - (Optional) Indicates if the attribute should be added as a claim to the access token. Defaults to true.

• add_to_userinfo - (Optional) Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to true.

Parameters

• resource_name (str) – The name of the resource.

• opts (pulumi.ResourceOptions) – Options for the resource.

• add_to_access_token (pulumi.Input[bool]) – Indicates if the attribute should be a claim in the access token.

• add_to_id_token (pulumi.Input[bool]) – Indicates if the attribute should be a claim in the id token.

• add_to_userinfo (pulumi.Input[bool]) – Indicates if the attribute should appear in the userinfo response body.

• aggregate_attributes (pulumi.Input[bool]) – Indicates if attribute values should be aggregated within the group attributes

• claim_value_type (pulumi.Input[str]) – Claim type used when serializing tokens.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• multivalued (pulumi.Input[bool]) – Indicates whether this attribute is a single value or an array of values.

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

add_to_access_token: pulumi.Output[bool] = None¶

Indicates if the attribute should be a claim in the access token.

add_to_id_token: pulumi.Output[bool] = None¶

Indicates if the attribute should be a claim in the id token.

add_to_userinfo: pulumi.Output[bool] = None¶

Indicates if the attribute should appear in the userinfo response body.

aggregate_attributes: pulumi.Output[bool] = None¶

Indicates if attribute values should be aggregated within the group attributes

claim_value_type: pulumi.Output[str] = None¶

Claim type used when serializing tokens.

client_id: pulumi.Output[str] = None¶

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

client_scope_id: pulumi.Output[str] = None¶

The mapper’s associated client scope. Cannot be used at the same time as client_id.

multivalued: pulumi.Output[bool] = None¶

Indicates whether this attribute is a single value or an array of values.

name: pulumi.Output[str] = None¶

A human-friendly name that will appear in the Keycloak console.

realm_id: pulumi.Output[str] = None¶

The realm id where the associated client or client scope exists.

static get(resource_name, id, opts=None, add_to_access_token=None, add_to_id_token=None, add_to_userinfo=None, aggregate_attributes=None, claim_name=None, claim_value_type=None, client_id=None, client_scope_id=None, multivalued=None, name=None, realm_id=None, user_attribute=None)¶

Get an existing UserAttributeProtocolMapper resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

• add_to_access_token (pulumi.Input[bool]) – Indicates if the attribute should be a claim in the access token.

• add_to_id_token (pulumi.Input[bool]) – Indicates if the attribute should be a claim in the id token.

• add_to_userinfo (pulumi.Input[bool]) – Indicates if the attribute should appear in the userinfo response body.

• aggregate_attributes (pulumi.Input[bool]) – Indicates if attribute values should be aggregated within the group attributes

• claim_value_type (pulumi.Input[str]) – Claim type used when serializing tokens.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• multivalued (pulumi.Input[bool]) – Indicates whether this attribute is a single value or an array of values.

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.UserClientRoleProtocolMapper(resource_name, opts=None, add_to_access_token=None, add_to_id_token=None, add_to_userinfo=None, claim_name=None, claim_value_type=None, client_id=None, client_id_for_role_mappings=None, client_role_prefix=None, client_scope_id=None, multivalued=None, name=None, realm_id=None, __props__=None, __name__=None, __opts__=None)¶

Create a UserClientRoleProtocolMapper resource with the given unique name, props, and options. :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[bool] add_to_access_token: Indicates if the attribute should be a claim in the access token. :param pulumi.Input[bool] add_to_id_token: Indicates if the attribute should be a claim in the id token. :param pulumi.Input[bool] add_to_userinfo: Indicates if the attribute should appear in the userinfo response body. :param pulumi.Input[str] claim_value_type: Claim type used when serializing tokens. :param pulumi.Input[str] client_id: The mapper’s associated client. Cannot be used at the same time as client_scope_id. :param pulumi.Input[str] client_id_for_role_mappings: Client ID for role mappings. :param pulumi.Input[str] client_role_prefix: Prefix that will be added to each client role. :param pulumi.Input[str] client_scope_id: The mapper’s associated client scope. Cannot be used at the same time as client_id. :param pulumi.Input[bool] multivalued: Indicates whether this attribute is a single value or an array of values. :param pulumi.Input[str] name: A human-friendly name that will appear in the Keycloak console. :param pulumi.Input[str] realm_id: The realm id where the associated client or client scope exists.

add_to_access_token: pulumi.Output[bool] = None¶

Indicates if the attribute should be a claim in the access token.

add_to_id_token: pulumi.Output[bool] = None¶

Indicates if the attribute should be a claim in the id token.

add_to_userinfo: pulumi.Output[bool] = None¶

Indicates if the attribute should appear in the userinfo response body.

claim_value_type: pulumi.Output[str] = None¶

Claim type used when serializing tokens.

client_id: pulumi.Output[str] = None¶

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

client_id_for_role_mappings: pulumi.Output[str] = None¶

Client ID for role mappings.

client_role_prefix: pulumi.Output[str] = None¶

Prefix that will be added to each client role.

client_scope_id: pulumi.Output[str] = None¶

The mapper’s associated client scope. Cannot be used at the same time as client_id.

multivalued: pulumi.Output[bool] = None¶

Indicates whether this attribute is a single value or an array of values.

name: pulumi.Output[str] = None¶

A human-friendly name that will appear in the Keycloak console.

realm_id: pulumi.Output[str] = None¶

The realm id where the associated client or client scope exists.

static get(resource_name, id, opts=None, add_to_access_token=None, add_to_id_token=None, add_to_userinfo=None, claim_name=None, claim_value_type=None, client_id=None, client_id_for_role_mappings=None, client_role_prefix=None, client_scope_id=None, multivalued=None, name=None, realm_id=None)¶

Get an existing UserClientRoleProtocolMapper resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

• add_to_access_token (pulumi.Input[bool]) – Indicates if the attribute should be a claim in the access token.

• add_to_id_token (pulumi.Input[bool]) – Indicates if the attribute should be a claim in the id token.

• add_to_userinfo (pulumi.Input[bool]) – Indicates if the attribute should appear in the userinfo response body.

• claim_value_type (pulumi.Input[str]) – Claim type used when serializing tokens.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_id_for_role_mappings (pulumi.Input[str]) – Client ID for role mappings.

• client_role_prefix (pulumi.Input[str]) – Prefix that will be added to each client role.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• multivalued (pulumi.Input[bool]) – Indicates whether this attribute is a single value or an array of values.

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.UserPropertyProtocolMapper(resource_name, opts=None, add_to_access_token=None, add_to_id_token=None, add_to_userinfo=None, claim_name=None, claim_value_type=None, client_id=None, client_scope_id=None, name=None, realm_id=None, user_property=None, __props__=None, __name__=None, __opts__=None)¶

Allows for creating and managing user property protocol mappers within Keycloak.

User property protocol mappers allow you to map built in properties defined on the Keycloak user interface to a claim in a token. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
openid_client = keycloak.openid.Client("openidClient",
    access_type="CONFIDENTIAL",
    client_id="test-client",
    enabled=True,
    realm_id=realm.id,
    valid_redirect_uris=["http://localhost:8080/openid-callback"])
user_property_mapper = keycloak.openid.UserPropertyProtocolMapper("userPropertyMapper",
    claim_name="email",
    client_id=openid_client.id,
    realm_id=realm.id,
    user_property="email")

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id)
user_property_mapper = keycloak.openid.UserPropertyProtocolMapper("userPropertyMapper",
    claim_name="email",
    client_scope_id=client_scope.id,
    realm_id=realm.id,
    user_property="email")

The following arguments are supported:

• realm_id - (Required) The realm this protocol mapper exists within.

• client_id - (Required if client_scope_id is not specified) The client this protocol mapper is attached to.

• client_scope_id - (Required if client_id is not specified) The client scope this protocol mapper is attached to.

• name - (Required) The display name of this protocol mapper in the GUI.

• user_property - (Required) The built in user property (such as email) to map a claim for.

• claim_name - (Required) The name of the claim to insert into a token.

• claim_value_type - (Optional) The claim type used when serializing JSON tokens. Can be one of String, long, int, or boolean. Defaults to String.

• add_to_id_token - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to true.

• add_to_access_token - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to true.

• add_to_userinfo - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to true.

Parameters

• resource_name (str) – The name of the resource.

• opts (pulumi.ResourceOptions) – Options for the resource.

• add_to_access_token (pulumi.Input[bool]) – Indicates if the property should be a claim in the access token.

• add_to_id_token (pulumi.Input[bool]) – Indicates if the property should be a claim in the id token.

• add_to_userinfo (pulumi.Input[bool]) – Indicates if the property should appear in the userinfo response body.

• claim_value_type (pulumi.Input[str]) – Claim type used when serializing tokens.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

add_to_access_token: pulumi.Output[bool] = None¶

Indicates if the property should be a claim in the access token.

add_to_id_token: pulumi.Output[bool] = None¶

Indicates if the property should be a claim in the id token.

add_to_userinfo: pulumi.Output[bool] = None¶

Indicates if the property should appear in the userinfo response body.

claim_value_type: pulumi.Output[str] = None¶

Claim type used when serializing tokens.

client_id: pulumi.Output[str] = None¶

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

client_scope_id: pulumi.Output[str] = None¶

The mapper’s associated client scope. Cannot be used at the same time as client_id.

name: pulumi.Output[str] = None¶

A human-friendly name that will appear in the Keycloak console.

realm_id: pulumi.Output[str] = None¶

The realm id where the associated client or client scope exists.

static get(resource_name, id, opts=None, add_to_access_token=None, add_to_id_token=None, add_to_userinfo=None, claim_name=None, claim_value_type=None, client_id=None, client_scope_id=None, name=None, realm_id=None, user_property=None)¶

Get an existing UserPropertyProtocolMapper resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

• add_to_access_token (pulumi.Input[bool]) – Indicates if the property should be a claim in the access token.

• add_to_id_token (pulumi.Input[bool]) – Indicates if the property should be a claim in the id token.

• add_to_userinfo (pulumi.Input[bool]) – Indicates if the property should appear in the userinfo response body.

• claim_value_type (pulumi.Input[str]) – Claim type used when serializing tokens.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_keycloak.openid.UserRealmRoleProtocolMapper(resource_name, opts=None, add_to_access_token=None, add_to_id_token=None, add_to_userinfo=None, claim_name=None, claim_value_type=None, client_id=None, client_scope_id=None, multivalued=None, name=None, realm_id=None, realm_role_prefix=None, __props__=None, __name__=None, __opts__=None)¶

Allows for creating and managing user realm role protocol mappers within Keycloak.

User realm role protocol mappers allow you to define a claim containing the list of the realm roles. Protocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between multiple different clients.

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
openid_client = keycloak.openid.Client("openidClient",
    access_type="CONFIDENTIAL",
    client_id="test-client",
    enabled=True,
    realm_id=realm.id,
    valid_redirect_uris=["http://localhost:8080/openid-callback"])
user_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper("userRealmRoleMapper",
    claim_name="foo",
    client_id=openid_client.id,
    realm_id=realm.id)

import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    enabled=True,
    realm="my-realm")
client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id)
user_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper("userRealmRoleMapper",
    claim_name="foo",
    client_scope_id=client_scope.id,
    realm_id=realm.id)

The following arguments are supported:

• realm_id - (Required) The realm this protocol mapper exists within.

• client_id - (Required if client_scope_id is not specified) The client this protocol mapper is attached to.

• client_scope_id - (Required if client_id is not specified) The client scope this protocol mapper is attached to.

• name - (Required) The display name of this protocol mapper in the GUI.

• claim_name - (Required) The name of the claim to insert into a token.

• claim_value_type - (Optional) The claim type used when serializing JSON tokens. Can be one of String, long, int, or boolean. Defaults to String.

• multivalued - (Optional) Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to true.

• realm_role_prefix - (Optional) A prefix for each Realm Role.

• add_to_id_token - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to true.

• add_to_access_token - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to true.

• add_to_userinfo - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to true.

Parameters

• resource_name (str) – The name of the resource.

• opts (pulumi.ResourceOptions) – Options for the resource.

• add_to_access_token (pulumi.Input[bool]) – Indicates if the attribute should be a claim in the access token.

• add_to_id_token (pulumi.Input[bool]) – Indicates if the attribute should be a claim in the id token.

• add_to_userinfo (pulumi.Input[bool]) – Indicates if the attribute should appear in the userinfo response body.

• claim_value_type (pulumi.Input[str]) – Claim type used when serializing tokens.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• multivalued (pulumi.Input[bool]) – Indicates whether this attribute is a single value or an array of values.

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

• realm_role_prefix (pulumi.Input[str]) – Prefix that will be added to each realm role.

add_to_access_token: pulumi.Output[bool] = None¶

Indicates if the attribute should be a claim in the access token.

add_to_id_token: pulumi.Output[bool] = None¶

Indicates if the attribute should be a claim in the id token.

add_to_userinfo: pulumi.Output[bool] = None¶

Indicates if the attribute should appear in the userinfo response body.

claim_value_type: pulumi.Output[str] = None¶

Claim type used when serializing tokens.

client_id: pulumi.Output[str] = None¶

The mapper’s associated client. Cannot be used at the same time as client_scope_id.

client_scope_id: pulumi.Output[str] = None¶

The mapper’s associated client scope. Cannot be used at the same time as client_id.

multivalued: pulumi.Output[bool] = None¶

Indicates whether this attribute is a single value or an array of values.

name: pulumi.Output[str] = None¶

A human-friendly name that will appear in the Keycloak console.

realm_id: pulumi.Output[str] = None¶

The realm id where the associated client or client scope exists.

realm_role_prefix: pulumi.Output[str] = None¶

Prefix that will be added to each realm role.

static get(resource_name, id, opts=None, add_to_access_token=None, add_to_id_token=None, add_to_userinfo=None, claim_name=None, claim_value_type=None, client_id=None, client_scope_id=None, multivalued=None, name=None, realm_id=None, realm_role_prefix=None)¶

Get an existing UserRealmRoleProtocolMapper resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

• resource_name (str) – The unique name of the resulting resource.

• id (str) – The unique provider ID of the resource to lookup.

• opts (pulumi.ResourceOptions) – Options for the resource.

• add_to_access_token (pulumi.Input[bool]) – Indicates if the attribute should be a claim in the access token.

• add_to_id_token (pulumi.Input[bool]) – Indicates if the attribute should be a claim in the id token.

• add_to_userinfo (pulumi.Input[bool]) – Indicates if the attribute should appear in the userinfo response body.

• claim_value_type (pulumi.Input[str]) – Claim type used when serializing tokens.

• client_id (pulumi.Input[str]) – The mapper’s associated client. Cannot be used at the same time as client_scope_id.

• client_scope_id (pulumi.Input[str]) – The mapper’s associated client scope. Cannot be used at the same time as client_id.

• multivalued (pulumi.Input[bool]) – Indicates whether this attribute is a single value or an array of values.

• name (pulumi.Input[str]) – A human-friendly name that will appear in the Keycloak console.

• realm_id (pulumi.Input[str]) – The realm id where the associated client or client scope exists.

• realm_role_prefix (pulumi.Input[str]) – Prefix that will be added to each realm role.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str