Client

With this resource, you can set up applications that use Auth0 for authentication and configure allowed callback URLs and secrets for these applications. Depending on your plan, you may also configure add-ons to allow your application to call another application’s API (such as Firebase and AWS) on behalf of an authenticated user.

Example Usage

using Pulumi;
using Auth0 = Pulumi.Auth0;

class MyStack : Stack
{
    public MyStack()
    {
        var myClient = new Auth0.Client("myClient", new Auth0.ClientArgs
        {
            Addons = new Auth0.Inputs.ClientAddonsArgs
            {
                Firebase = 
                {
                    { "clientEmail", "john.doe@example.com" },
                    { "lifetimeInSeconds", 1 },
                    { "privateKey", "wer" },
                    { "privateKeyId", "qwreerwerwe" },
                },
                Samlp = new Auth0.Inputs.ClientAddonsSamlpArgs
                {
                    Audience = "https://example.com/saml",
                    CreateUpnClaim = false,
                    MapIdentities = false,
                    MapUnknownClaimsAsIs = false,
                    Mappings = 
                    {
                        { "email", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" },
                        { "name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" },
                    },
                    NameIdentifierFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
                    NameIdentifierProbes = 
                    {
                        "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
                    },
                    PassthroughClaimsWithNoMapping = false,
                },
            },
            AllowedLogoutUrls = 
            {
                "https://example.com",
            },
            AllowedOrigins = 
            {
                "https://example.com",
            },
            AppType = "non_interactive",
            Callbacks = 
            {
                "https://example.com/callback",
            },
            ClientMetadata = 
            {
                { "foo", "zoo" },
            },
            CustomLoginPageOn = true,
            Description = "Test Applications Long Description",
            GrantTypes = 
            {
                "authorization_code",
                "http://auth0.com/oauth/grant-type/password-realm",
                "implicit",
                "password",
                "refresh_token",
            },
            IsFirstParty = true,
            IsTokenEndpointIpHeaderTrusted = true,
            JwtConfiguration = new Auth0.Inputs.ClientJwtConfigurationArgs
            {
                Alg = "RS256",
                LifetimeInSeconds = 300,
                Scopes = 
                {
                    { "foo", "bar" },
                },
                SecretEncoded = true,
            },
            Mobile = new Auth0.Inputs.ClientMobileArgs
            {
                Ios = new Auth0.Inputs.ClientMobileIosArgs
                {
                    AppBundleIdentifier = "com.my.bundle.id",
                    TeamId = "9JA89QQLNQ",
                },
            },
            OidcConformant = false,
            RefreshToken = new Auth0.Inputs.ClientRefreshTokenArgs
            {
                ExpirationType = "expiring",
                IdleTokenLifetime = 1296000,
                InfiniteIdleTokenLifetime = true,
                InfiniteTokenLifetime = false,
                Leeway = 15,
                RotationType = "rotating",
                TokenLifetime = 84600,
            },
            TokenEndpointAuthMethod = "client_secret_post",
            WebOrigins = 
            {
                "https://example.com",
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewClient(ctx, "myClient", &auth0.ClientArgs{
			Addons: &auth0.ClientAddonsArgs{
				Firebase: pulumi.Map{
					"clientEmail":       pulumi.String("john.doe@example.com"),
					"lifetimeInSeconds": pulumi.Float64(1),
					"privateKey":        pulumi.String("wer"),
					"privateKeyId":      pulumi.String("qwreerwerwe"),
				},
				Samlp: &auth0.ClientAddonsSamlpArgs{
					Audience:             pulumi.String("https://example.com/saml"),
					CreateUpnClaim:       pulumi.Bool(false),
					MapIdentities:        pulumi.Bool(false),
					MapUnknownClaimsAsIs: pulumi.Bool(false),
					Mappings: pulumi.StringMap{
						"email": pulumi.String("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"),
						"name":  pulumi.String("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"),
					},
					NameIdentifierFormat: pulumi.String("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"),
					NameIdentifierProbes: pulumi.StringArray{
						pulumi.String("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"),
					},
					PassthroughClaimsWithNoMapping: pulumi.Bool(false),
				},
			},
			AllowedLogoutUrls: pulumi.StringArray{
				pulumi.String("https://example.com"),
			},
			AllowedOrigins: pulumi.StringArray{
				pulumi.String("https://example.com"),
			},
			AppType: pulumi.String("non_interactive"),
			Callbacks: pulumi.StringArray{
				pulumi.String("https://example.com/callback"),
			},
			ClientMetadata: pulumi.StringMap{
				"foo": pulumi.String("zoo"),
			},
			CustomLoginPageOn: pulumi.Bool(true),
			Description:       pulumi.String("Test Applications Long Description"),
			GrantTypes: pulumi.StringArray{
				pulumi.String("authorization_code"),
				pulumi.String("http://auth0.com/oauth/grant-type/password-realm"),
				pulumi.String("implicit"),
				pulumi.String("password"),
				pulumi.String("refresh_token"),
			},
			IsFirstParty:                   pulumi.Bool(true),
			IsTokenEndpointIpHeaderTrusted: pulumi.Bool(true),
			JwtConfiguration: &auth0.ClientJwtConfigurationArgs{
				Alg:               pulumi.String("RS256"),
				LifetimeInSeconds: pulumi.Int(300),
				Scopes: pulumi.StringMap{
					"foo": pulumi.String("bar"),
				},
				SecretEncoded: pulumi.Bool(true),
			},
			Mobile: &auth0.ClientMobileArgs{
				Ios: &auth0.ClientMobileIosArgs{
					AppBundleIdentifier: pulumi.String("com.my.bundle.id"),
					TeamId:              pulumi.String("9JA89QQLNQ"),
				},
			},
			OidcConformant: pulumi.Bool(false),
			RefreshToken: &auth0.ClientRefreshTokenArgs{
				ExpirationType:            pulumi.String("expiring"),
				IdleTokenLifetime:         pulumi.Int(1296000),
				InfiniteIdleTokenLifetime: pulumi.Bool(true),
				InfiniteTokenLifetime:     pulumi.Bool(false),
				Leeway:                    pulumi.Int(15),
				RotationType:              pulumi.String("rotating"),
				TokenLifetime:             pulumi.Int(84600),
			},
			TokenEndpointAuthMethod: pulumi.String("client_secret_post"),
			WebOrigins: pulumi.StringArray{
				pulumi.String("https://example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_auth0 as auth0

my_client = auth0.Client("myClient",
    addons=auth0.ClientAddonsArgs(
        firebase={
            "clientEmail": "john.doe@example.com",
            "lifetimeInSeconds": 1,
            "privateKey": "wer",
            "privateKeyId": "qwreerwerwe",
        },
        samlp=auth0.ClientAddonsSamlpArgs(
            audience="https://example.com/saml",
            create_upn_claim=False,
            map_identities=False,
            map_unknown_claims_as_is=False,
            mappings={
                "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
                "name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
            },
            name_identifier_format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
            name_identifier_probes=["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"],
            passthrough_claims_with_no_mapping=False,
        ),
    ),
    allowed_logout_urls=["https://example.com"],
    allowed_origins=["https://example.com"],
    app_type="non_interactive",
    callbacks=["https://example.com/callback"],
    client_metadata={
        "foo": "zoo",
    },
    custom_login_page_on=True,
    description="Test Applications Long Description",
    grant_types=[
        "authorization_code",
        "http://auth0.com/oauth/grant-type/password-realm",
        "implicit",
        "password",
        "refresh_token",
    ],
    is_first_party=True,
    is_token_endpoint_ip_header_trusted=True,
    jwt_configuration=auth0.ClientJwtConfigurationArgs(
        alg="RS256",
        lifetime_in_seconds=300,
        scopes={
            "foo": "bar",
        },
        secret_encoded=True,
    ),
    mobile=auth0.ClientMobileArgs(
        ios=auth0.ClientMobileIosArgs(
            app_bundle_identifier="com.my.bundle.id",
            team_id="9JA89QQLNQ",
        ),
    ),
    oidc_conformant=False,
    refresh_token=auth0.ClientRefreshTokenArgs(
        expiration_type="expiring",
        idle_token_lifetime=1296000,
        infinite_idle_token_lifetime=True,
        infinite_token_lifetime=False,
        leeway=15,
        rotation_type="rotating",
        token_lifetime=84600,
    ),
    token_endpoint_auth_method="client_secret_post",
    web_origins=["https://example.com"])
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myClient = new auth0.Client("my_client", {
    addons: {
        firebase: {
            client_email: "john.doe@example.com",
            lifetime_in_seconds: 1,
            private_key: "wer",
            private_key_id: "qwreerwerwe",
        },
        samlp: {
            audience: "https://example.com/saml",
            createUpnClaim: false,
            mapIdentities: false,
            mapUnknownClaimsAsIs: false,
            mappings: {
                email: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
                name: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
            },
            nameIdentifierFormat: "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
            nameIdentifierProbes: ["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"],
            passthroughClaimsWithNoMapping: false,
        },
    },
    allowedLogoutUrls: ["https://example.com"],
    allowedOrigins: ["https://example.com"],
    appType: "non_interactive",
    callbacks: ["https://example.com/callback"],
    clientMetadata: {
        foo: "zoo",
    },
    customLoginPageOn: true,
    description: "Test Applications Long Description",
    grantTypes: [
        "authorization_code",
        "http://auth0.com/oauth/grant-type/password-realm",
        "implicit",
        "password",
        "refresh_token",
    ],
    isFirstParty: true,
    isTokenEndpointIpHeaderTrusted: true,
    jwtConfiguration: {
        alg: "RS256",
        lifetimeInSeconds: 300,
        scopes: {
            foo: "bar",
        },
        secretEncoded: true,
    },
    mobile: {
        ios: {
            appBundleIdentifier: "com.my.bundle.id",
            teamId: "9JA89QQLNQ",
        },
    },
    oidcConformant: false,
    refreshToken: {
        expirationType: "expiring",
        idleTokenLifetime: 1296000,
        infiniteIdleTokenLifetime: true,
        infiniteTokenLifetime: false,
        leeway: 15,
        rotationType: "rotating",
        tokenLifetime: 84600,
    },
    tokenEndpointAuthMethod: "client_secret_post",
    webOrigins: ["https://example.com"],
});

Create a Client Resource

new Client(name: string, args?: ClientArgs, opts?: CustomResourceOptions);
@overload
def Client(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           addons: Optional[ClientAddonsArgs] = None,
           allowed_logout_urls: Optional[Sequence[str]] = None,
           allowed_origins: Optional[Sequence[str]] = None,
           app_type: Optional[str] = None,
           callbacks: Optional[Sequence[str]] = None,
           client_metadata: Optional[Mapping[str, Any]] = None,
           client_secret_rotation_trigger: Optional[Mapping[str, Any]] = None,
           cross_origin_auth: Optional[bool] = None,
           cross_origin_loc: Optional[str] = None,
           custom_login_page: Optional[str] = None,
           custom_login_page_on: Optional[bool] = None,
           description: Optional[str] = None,
           encryption_key: Optional[Mapping[str, str]] = None,
           form_template: Optional[str] = None,
           grant_types: Optional[Sequence[str]] = None,
           initiate_login_uri: Optional[str] = None,
           is_first_party: Optional[bool] = None,
           is_token_endpoint_ip_header_trusted: Optional[bool] = None,
           jwt_configuration: Optional[ClientJwtConfigurationArgs] = None,
           logo_uri: Optional[str] = None,
           mobile: Optional[ClientMobileArgs] = None,
           name: Optional[str] = None,
           oidc_conformant: Optional[bool] = None,
           refresh_token: Optional[ClientRefreshTokenArgs] = None,
           sso: Optional[bool] = None,
           sso_disabled: Optional[bool] = None,
           token_endpoint_auth_method: Optional[str] = None,
           web_origins: Optional[Sequence[str]] = None)
@overload
def Client(resource_name: str,
           args: Optional[ClientArgs] = None,
           opts: Optional[ResourceOptions] = None)
func NewClient(ctx *Context, name string, args *ClientArgs, opts ...ResourceOption) (*Client, error)
public Client(string name, ClientArgs? args = null, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args ClientArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ClientArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ClientArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ClientArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Client Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Client resource accepts the following input properties:

Addons ClientAddonsArgs
List(Resource). Configuration settings for add-ons for this client. For details, see Add-ons.
AllowedLogoutUrls List<string>
List(String). URLs that Auth0 may redirect to after logout.
AllowedOrigins List<string>
List(String). URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
AppType string
String. Type of application the client represents. Options include native, spa, regular_web, non_interactive, rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
Callbacks List<string>
List(String). URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
ClientMetadata Dictionary<string, object>
Map(String)
ClientSecretRotationTrigger Dictionary<string, object>
Map.
CrossOriginAuth bool
Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests.
CrossOriginLoc string
String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page.
CustomLoginPage string
String. Content of the custom login page.
CustomLoginPageOn bool
Boolean. Indicates whether or not a custom login page is to be used.
Description string
String, (Max length = 140 characters). Description of the purpose of the client.
EncryptionKey Dictionary<string, string>
Map(String).
FormTemplate string
String. Form template for WS-Federation protocol.
GrantTypes List<string>
List(String). Types of grants that this client is authorized to use.
InitiateLoginUri string
IsFirstParty bool
Boolean. Indicates whether or not this client is a first-party client.
IsTokenEndpointIpHeaderTrusted bool
Boolean. Indicates whether or not the token endpoint IP header is trusted.
JwtConfiguration ClientJwtConfigurationArgs
List(Resource). Configuration settings for the JWTs issued for this client. For details, see JWT Configuration.
LogoUri string
String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
Mobile ClientMobileArgs
List(Resource). Configuration settings for mobile native applications. For details, see Mobile.
Name string
String. Name of the client.
OidcConformant bool
Boolean. Indicates whether or not this client will conform to strict OIDC specifications.
RefreshToken ClientRefreshTokenArgs
List(Resource). Configuration settings for the refresh tokens issued for this client. For details, see Refresh Token Configuration.
Sso bool
Boolean. Indicates whether or not the client should use Auth0 rather than the IdP to perform Single Sign-On (SSO). True = Use Auth0.
SsoDisabled bool
Boolean. Indicates whether or not SSO is disabled.
TokenEndpointAuthMethod string
String. Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
WebOrigins List<string>
List(String). URLs that represent valid web origins for use with web message response mode.
Addons ClientAddons
List(Resource). Configuration settings for add-ons for this client. For details, see Add-ons.
AllowedLogoutUrls []string
List(String). URLs that Auth0 may redirect to after logout.
AllowedOrigins []string
List(String). URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
AppType string
String. Type of application the client represents. Options include native, spa, regular_web, non_interactive, rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
Callbacks []string
List(String). URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
ClientMetadata map[string]interface{}
Map(String)
ClientSecretRotationTrigger map[string]interface{}
Map.
CrossOriginAuth bool
Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests.
CrossOriginLoc string
String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page.
CustomLoginPage string
String. Content of the custom login page.
CustomLoginPageOn bool
Boolean. Indicates whether or not a custom login page is to be used.
Description string
String, (Max length = 140 characters). Description of the purpose of the client.
EncryptionKey map[string]string
Map(String).
FormTemplate string
String. Form template for WS-Federation protocol.
GrantTypes []string
List(String). Types of grants that this client is authorized to use.
InitiateLoginUri string
IsFirstParty bool
Boolean. Indicates whether or not this client is a first-party client.
IsTokenEndpointIpHeaderTrusted bool
Boolean. Indicates whether or not the token endpoint IP header is trusted.
JwtConfiguration ClientJwtConfiguration
List(Resource). Configuration settings for the JWTs issued for this client. For details, see JWT Configuration.
LogoUri string
String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
Mobile ClientMobile
List(Resource). Configuration settings for mobile native applications. For details, see Mobile.
Name string
String. Name of the client.
OidcConformant bool
Boolean. Indicates whether or not this client will conform to strict OIDC specifications.
RefreshToken ClientRefreshToken
List(Resource). Configuration settings for the refresh tokens issued for this client. For details, see Refresh Token Configuration.
Sso bool
Boolean. Indicates whether or not the client should use Auth0 rather than the IdP to perform Single Sign-On (SSO). True = Use Auth0.
SsoDisabled bool
Boolean. Indicates whether or not SSO is disabled.
TokenEndpointAuthMethod string
String. Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
WebOrigins []string
List(String). URLs that represent valid web origins for use with web message response mode.
addons ClientAddonsArgs
List(Resource). Configuration settings for add-ons for this client. For details, see Add-ons.
allowedLogoutUrls string[]
List(String). URLs that Auth0 may redirect to after logout.
allowedOrigins string[]
List(String). URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType string
String. Type of application the client represents. Options include native, spa, regular_web, non_interactive, rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks string[]
List(String). URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
clientMetadata {[key: string]: any}
Map(String)
clientSecretRotationTrigger {[key: string]: any}
Map.
crossOriginAuth boolean
Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests.
crossOriginLoc string
String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page.
customLoginPage string
String. Content of the custom login page.
customLoginPageOn boolean
Boolean. Indicates whether or not a custom login page is to be used.
description string
String, (Max length = 140 characters). Description of the purpose of the client.
encryptionKey {[key: string]: string}
Map(String).
formTemplate string
String. Form template for WS-Federation protocol.
grantTypes string[]
List(String). Types of grants that this client is authorized to use.
initiateLoginUri string
isFirstParty boolean
Boolean. Indicates whether or not this client is a first-party client.
isTokenEndpointIpHeaderTrusted boolean
Boolean. Indicates whether or not the token endpoint IP header is trusted.
jwtConfiguration ClientJwtConfigurationArgs
List(Resource). Configuration settings for the JWTs issued for this client. For details, see JWT Configuration.
logoUri string
String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobile ClientMobileArgs
List(Resource). Configuration settings for mobile native applications. For details, see Mobile.
name string
String. Name of the client.
oidcConformant boolean
Boolean. Indicates whether or not this client will conform to strict OIDC specifications.
refreshToken ClientRefreshTokenArgs
List(Resource). Configuration settings for the refresh tokens issued for this client. For details, see Refresh Token Configuration.
sso boolean
Boolean. Indicates whether or not the client should use Auth0 rather than the IdP to perform Single Sign-On (SSO). True = Use Auth0.
ssoDisabled boolean
Boolean. Indicates whether or not SSO is disabled.
tokenEndpointAuthMethod string
String. Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
webOrigins string[]
List(String). URLs that represent valid web origins for use with web message response mode.
addons ClientAddonsArgs
List(Resource). Configuration settings for add-ons for this client. For details, see Add-ons.
allowed_logout_urls Sequence[str]
List(String). URLs that Auth0 may redirect to after logout.
allowed_origins Sequence[str]
List(String). URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
app_type str
String. Type of application the client represents. Options include native, spa, regular_web, non_interactive, rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks Sequence[str]
List(String). URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
client_metadata Mapping[str, Any]
Map(String)
client_secret_rotation_trigger Mapping[str, Any]
Map.
cross_origin_auth bool
Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests.
cross_origin_loc str
String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page.
custom_login_page str
String. Content of the custom login page.
custom_login_page_on bool
Boolean. Indicates whether or not a custom login page is to be used.
description str
String, (Max length = 140 characters). Description of the purpose of the client.
encryption_key Mapping[str, str]
Map(String).
form_template str
String. Form template for WS-Federation protocol.
grant_types Sequence[str]
List(String). Types of grants that this client is authorized to use.
initiate_login_uri str
is_first_party bool
Boolean. Indicates whether or not this client is a first-party client.
is_token_endpoint_ip_header_trusted bool
Boolean. Indicates whether or not the token endpoint IP header is trusted.
jwt_configuration ClientJwtConfigurationArgs
List(Resource). Configuration settings for the JWTs issued for this client. For details, see JWT Configuration.
logo_uri str
String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobile ClientMobileArgs
List(Resource). Configuration settings for mobile native applications. For details, see Mobile.
name str
String. Name of the client.
oidc_conformant bool
Boolean. Indicates whether or not this client will conform to strict OIDC specifications.
refresh_token ClientRefreshTokenArgs
List(Resource). Configuration settings for the refresh tokens issued for this client. For details, see Refresh Token Configuration.
sso bool
Boolean. Indicates whether or not the client should use Auth0 rather than the IdP to perform Single Sign-On (SSO). True = Use Auth0.
sso_disabled bool
Boolean. Indicates whether or not SSO is disabled.
token_endpoint_auth_method str
String. Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
web_origins Sequence[str]
List(String). URLs that represent valid web origins for use with web message response mode.

Outputs

All input properties are implicitly available as output properties. Additionally, the Client resource produces the following output properties:

ClientId string

String. ID of the client.

  • client_secret1 - String. Secret for the client; keep this private.
ClientSecret string
Id string
The provider-assigned unique ID for this managed resource.
ClientId string

String. ID of the client.

  • client_secret1 - String. Secret for the client; keep this private.
ClientSecret string
Id string
The provider-assigned unique ID for this managed resource.
clientId string

String. ID of the client.

  • client_secret1 - String. Secret for the client; keep this private.
clientSecret string
id string
The provider-assigned unique ID for this managed resource.
client_id str

String. ID of the client.

  • client_secret1 - String. Secret for the client; keep this private.
client_secret str
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing Client Resource

Get an existing Client resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ClientState, opts?: CustomResourceOptions): Client
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        addons: Optional[ClientAddonsArgs] = None,
        allowed_logout_urls: Optional[Sequence[str]] = None,
        allowed_origins: Optional[Sequence[str]] = None,
        app_type: Optional[str] = None,
        callbacks: Optional[Sequence[str]] = None,
        client_id: Optional[str] = None,
        client_metadata: Optional[Mapping[str, Any]] = None,
        client_secret: Optional[str] = None,
        client_secret_rotation_trigger: Optional[Mapping[str, Any]] = None,
        cross_origin_auth: Optional[bool] = None,
        cross_origin_loc: Optional[str] = None,
        custom_login_page: Optional[str] = None,
        custom_login_page_on: Optional[bool] = None,
        description: Optional[str] = None,
        encryption_key: Optional[Mapping[str, str]] = None,
        form_template: Optional[str] = None,
        grant_types: Optional[Sequence[str]] = None,
        initiate_login_uri: Optional[str] = None,
        is_first_party: Optional[bool] = None,
        is_token_endpoint_ip_header_trusted: Optional[bool] = None,
        jwt_configuration: Optional[ClientJwtConfigurationArgs] = None,
        logo_uri: Optional[str] = None,
        mobile: Optional[ClientMobileArgs] = None,
        name: Optional[str] = None,
        oidc_conformant: Optional[bool] = None,
        refresh_token: Optional[ClientRefreshTokenArgs] = None,
        sso: Optional[bool] = None,
        sso_disabled: Optional[bool] = None,
        token_endpoint_auth_method: Optional[str] = None,
        web_origins: Optional[Sequence[str]] = None) -> Client
func GetClient(ctx *Context, name string, id IDInput, state *ClientState, opts ...ResourceOption) (*Client, error)
public static Client Get(string name, Input<string> id, ClientState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Addons ClientAddonsArgs
List(Resource). Configuration settings for add-ons for this client. For details, see Add-ons.
AllowedLogoutUrls List<string>
List(String). URLs that Auth0 may redirect to after logout.
AllowedOrigins List<string>
List(String). URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
AppType string
String. Type of application the client represents. Options include native, spa, regular_web, non_interactive, rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
Callbacks List<string>
List(String). URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
ClientId string

String. ID of the client.

  • client_secret1 - String. Secret for the client; keep this private.
ClientMetadata Dictionary<string, object>
Map(String)
ClientSecret string
ClientSecretRotationTrigger Dictionary<string, object>
Map.
CrossOriginAuth bool
Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests.
CrossOriginLoc string
String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page.
CustomLoginPage string
String. Content of the custom login page.
CustomLoginPageOn bool
Boolean. Indicates whether or not a custom login page is to be used.
Description string
String, (Max length = 140 characters). Description of the purpose of the client.
EncryptionKey Dictionary<string, string>
Map(String).
FormTemplate string
String. Form template for WS-Federation protocol.
GrantTypes List<string>
List(String). Types of grants that this client is authorized to use.
InitiateLoginUri string
IsFirstParty bool
Boolean. Indicates whether or not this client is a first-party client.
IsTokenEndpointIpHeaderTrusted bool
Boolean. Indicates whether or not the token endpoint IP header is trusted.
JwtConfiguration ClientJwtConfigurationArgs
List(Resource). Configuration settings for the JWTs issued for this client. For details, see JWT Configuration.
LogoUri string
String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
Mobile ClientMobileArgs
List(Resource). Configuration settings for mobile native applications. For details, see Mobile.
Name string
String. Name of the client.
OidcConformant bool
Boolean. Indicates whether or not this client will conform to strict OIDC specifications.
RefreshToken ClientRefreshTokenArgs
List(Resource). Configuration settings for the refresh tokens issued for this client. For details, see Refresh Token Configuration.
Sso bool
Boolean. Indicates whether or not the client should use Auth0 rather than the IdP to perform Single Sign-On (SSO). True = Use Auth0.
SsoDisabled bool
Boolean. Indicates whether or not SSO is disabled.
TokenEndpointAuthMethod string
String. Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
WebOrigins List<string>
List(String). URLs that represent valid web origins for use with web message response mode.
Addons ClientAddons
List(Resource). Configuration settings for add-ons for this client. For details, see Add-ons.
AllowedLogoutUrls []string
List(String). URLs that Auth0 may redirect to after logout.
AllowedOrigins []string
List(String). URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
AppType string
String. Type of application the client represents. Options include native, spa, regular_web, non_interactive, rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
Callbacks []string
List(String). URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
ClientId string

String. ID of the client.

  • client_secret1 - String. Secret for the client; keep this private.
ClientMetadata map[string]interface{}
Map(String)
ClientSecret string
ClientSecretRotationTrigger map[string]interface{}
Map.
CrossOriginAuth bool
Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests.
CrossOriginLoc string
String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page.
CustomLoginPage string
String. Content of the custom login page.
CustomLoginPageOn bool
Boolean. Indicates whether or not a custom login page is to be used.
Description string
String, (Max length = 140 characters). Description of the purpose of the client.
EncryptionKey map[string]string
Map(String).
FormTemplate string
String. Form template for WS-Federation protocol.
GrantTypes []string
List(String). Types of grants that this client is authorized to use.
InitiateLoginUri string
IsFirstParty bool
Boolean. Indicates whether or not this client is a first-party client.
IsTokenEndpointIpHeaderTrusted bool
Boolean. Indicates whether or not the token endpoint IP header is trusted.
JwtConfiguration ClientJwtConfiguration
List(Resource). Configuration settings for the JWTs issued for this client. For details, see JWT Configuration.
LogoUri string
String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
Mobile ClientMobile
List(Resource). Configuration settings for mobile native applications. For details, see Mobile.
Name string
String. Name of the client.
OidcConformant bool
Boolean. Indicates whether or not this client will conform to strict OIDC specifications.
RefreshToken ClientRefreshToken
List(Resource). Configuration settings for the refresh tokens issued for this client. For details, see Refresh Token Configuration.
Sso bool
Boolean. Indicates whether or not the client should use Auth0 rather than the IdP to perform Single Sign-On (SSO). True = Use Auth0.
SsoDisabled bool
Boolean. Indicates whether or not SSO is disabled.
TokenEndpointAuthMethod string
String. Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
WebOrigins []string
List(String). URLs that represent valid web origins for use with web message response mode.
addons ClientAddonsArgs
List(Resource). Configuration settings for add-ons for this client. For details, see Add-ons.
allowedLogoutUrls string[]
List(String). URLs that Auth0 may redirect to after logout.
allowedOrigins string[]
List(String). URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType string
String. Type of application the client represents. Options include native, spa, regular_web, non_interactive, rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks string[]
List(String). URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
clientId string

String. ID of the client.

  • client_secret1 - String. Secret for the client; keep this private.
clientMetadata {[key: string]: any}
Map(String)
clientSecret string
clientSecretRotationTrigger {[key: string]: any}
Map.
crossOriginAuth boolean
Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests.
crossOriginLoc string
String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page.
customLoginPage string
String. Content of the custom login page.
customLoginPageOn boolean
Boolean. Indicates whether or not a custom login page is to be used.
description string
String, (Max length = 140 characters). Description of the purpose of the client.
encryptionKey {[key: string]: string}
Map(String).
formTemplate string
String. Form template for WS-Federation protocol.
grantTypes string[]
List(String). Types of grants that this client is authorized to use.
initiateLoginUri string
isFirstParty boolean
Boolean. Indicates whether or not this client is a first-party client.
isTokenEndpointIpHeaderTrusted boolean
Boolean. Indicates whether or not the token endpoint IP header is trusted.
jwtConfiguration ClientJwtConfigurationArgs
List(Resource). Configuration settings for the JWTs issued for this client. For details, see JWT Configuration.
logoUri string
String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobile ClientMobileArgs
List(Resource). Configuration settings for mobile native applications. For details, see Mobile.
name string
String. Name of the client.
oidcConformant boolean
Boolean. Indicates whether or not this client will conform to strict OIDC specifications.
refreshToken ClientRefreshTokenArgs
List(Resource). Configuration settings for the refresh tokens issued for this client. For details, see Refresh Token Configuration.
sso boolean
Boolean. Indicates whether or not the client should use Auth0 rather than the IdP to perform Single Sign-On (SSO). True = Use Auth0.
ssoDisabled boolean
Boolean. Indicates whether or not SSO is disabled.
tokenEndpointAuthMethod string
String. Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
webOrigins string[]
List(String). URLs that represent valid web origins for use with web message response mode.
addons ClientAddonsArgs
List(Resource). Configuration settings for add-ons for this client. For details, see Add-ons.
allowed_logout_urls Sequence[str]
List(String). URLs that Auth0 may redirect to after logout.
allowed_origins Sequence[str]
List(String). URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
app_type str
String. Type of application the client represents. Options include native, spa, regular_web, non_interactive, rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks Sequence[str]
List(String). URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
client_id str

String. ID of the client.

  • client_secret1 - String. Secret for the client; keep this private.
client_metadata Mapping[str, Any]
Map(String)
client_secret str
client_secret_rotation_trigger Mapping[str, Any]
Map.
cross_origin_auth bool
Boolean. Indicates whether or not the client can be used to make cross-origin authentication requests.
cross_origin_loc str
String. URL for the location on your site where the cross-origin verification takes place for the cross-origin auth flow. Used when performing auth in your own domain instead of through the Auth0-hosted login page.
custom_login_page str
String. Content of the custom login page.
custom_login_page_on bool
Boolean. Indicates whether or not a custom login page is to be used.
description str
String, (Max length = 140 characters). Description of the purpose of the client.
encryption_key Mapping[str, str]
Map(String).
form_template str
String. Form template for WS-Federation protocol.
grant_types Sequence[str]
List(String). Types of grants that this client is authorized to use.
initiate_login_uri str
is_first_party bool
Boolean. Indicates whether or not this client is a first-party client.
is_token_endpoint_ip_header_trusted bool
Boolean. Indicates whether or not the token endpoint IP header is trusted.
jwt_configuration ClientJwtConfigurationArgs
List(Resource). Configuration settings for the JWTs issued for this client. For details, see JWT Configuration.
logo_uri str
String. URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobile ClientMobileArgs
List(Resource). Configuration settings for mobile native applications. For details, see Mobile.
name str
String. Name of the client.
oidc_conformant bool
Boolean. Indicates whether or not this client will conform to strict OIDC specifications.
refresh_token ClientRefreshTokenArgs
List(Resource). Configuration settings for the refresh tokens issued for this client. For details, see Refresh Token Configuration.
sso bool
Boolean. Indicates whether or not the client should use Auth0 rather than the IdP to perform Single Sign-On (SSO). True = Use Auth0.
sso_disabled bool
Boolean. Indicates whether or not SSO is disabled.
token_endpoint_auth_method str
String. Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
web_origins Sequence[str]
List(String). URLs that represent valid web origins for use with web message response mode.

Supporting Types

ClientAddons

Aws Dictionary<string, object>
String
AzureBlob Dictionary<string, object>
String
AzureSb Dictionary<string, object>
String
Box Dictionary<string, object>
String
Cloudbees Dictionary<string, object>
String
Concur Dictionary<string, object>
String
Dropbox Dictionary<string, object>
String
Echosign Dictionary<string, object>
String
Egnyte Dictionary<string, object>
String
Firebase Dictionary<string, object>
String
Layer Dictionary<string, object>
String
Mscrm Dictionary<string, object>
String
Newrelic Dictionary<string, object>
String
Office365 Dictionary<string, object>
String
Rms Dictionary<string, object>
String
Salesforce Dictionary<string, object>
String
SalesforceApi Dictionary<string, object>
String
SalesforceSandboxApi Dictionary<string, object>
String
Samlp ClientAddonsSamlpArgs
List(Resource). Configuration settings for a SAML add-on. For details, see SAML.
SapApi Dictionary<string, object>
String
Sentry Dictionary<string, object>
String
Sharepoint Dictionary<string, object>
String
Slack Dictionary<string, object>
String
Springcm Dictionary<string, object>
String
Wams Dictionary<string, object>
String
Wsfed Dictionary<string, object>
String
Zendesk Dictionary<string, object>
String
Zoom Dictionary<string, object>
String
Aws map[string]interface{}
String
AzureBlob map[string]interface{}
String
AzureSb map[string]interface{}
String
Box map[string]interface{}
String
Cloudbees map[string]interface{}
String
Concur map[string]interface{}
String
Dropbox map[string]interface{}
String
Echosign map[string]interface{}
String
Egnyte map[string]interface{}
String
Firebase map[string]interface{}
String
Layer map[string]interface{}
String
Mscrm map[string]interface{}
String
Newrelic map[string]interface{}
String
Office365 map[string]interface{}
String
Rms map[string]interface{}
String
Salesforce map[string]interface{}
String
SalesforceApi map[string]interface{}
String
SalesforceSandboxApi map[string]interface{}
String
Samlp ClientAddonsSamlp
List(Resource). Configuration settings for a SAML add-on. For details, see SAML.
SapApi map[string]interface{}
String
Sentry map[string]interface{}
String
Sharepoint map[string]interface{}
String
Slack map[string]interface{}
String
Springcm map[string]interface{}
String
Wams map[string]interface{}
String
Wsfed map[string]interface{}
String
Zendesk map[string]interface{}
String
Zoom map[string]interface{}
String
aws {[key: string]: any}
String
azureBlob {[key: string]: any}
String
azureSb {[key: string]: any}
String
box {[key: string]: any}
String
cloudbees {[key: string]: any}
String
concur {[key: string]: any}
String
dropbox {[key: string]: any}
String
echosign {[key: string]: any}
String
egnyte {[key: string]: any}
String
firebase {[key: string]: any}
String
layer {[key: string]: any}
String
mscrm {[key: string]: any}
String
newrelic {[key: string]: any}
String
office365 {[key: string]: any}
String
rms {[key: string]: any}
String
salesforce {[key: string]: any}
String
salesforceApi {[key: string]: any}
String
salesforceSandboxApi {[key: string]: any}
String
samlp ClientAddonsSamlpArgs
List(Resource). Configuration settings for a SAML add-on. For details, see SAML.
sapApi {[key: string]: any}
String
sentry {[key: string]: any}
String
sharepoint {[key: string]: any}
String
slack {[key: string]: any}
String
springcm {[key: string]: any}
String
wams {[key: string]: any}
String
wsfed {[key: string]: any}
String
zendesk {[key: string]: any}
String
zoom {[key: string]: any}
String
aws Mapping[str, Any]
String
azure_blob Mapping[str, Any]
String
azure_sb Mapping[str, Any]
String
box Mapping[str, Any]
String
cloudbees Mapping[str, Any]
String
concur Mapping[str, Any]
String
dropbox Mapping[str, Any]
String
echosign Mapping[str, Any]
String
egnyte Mapping[str, Any]
String
firebase Mapping[str, Any]
String
layer Mapping[str, Any]
String
mscrm Mapping[str, Any]
String
newrelic Mapping[str, Any]
String
office365 Mapping[str, Any]
String
rms Mapping[str, Any]
String
salesforce Mapping[str, Any]
String
salesforce_api Mapping[str, Any]
String
salesforce_sandbox_api Mapping[str, Any]
String
samlp ClientAddonsSamlpArgs
List(Resource). Configuration settings for a SAML add-on. For details, see SAML.
sap_api Mapping[str, Any]
String
sentry Mapping[str, Any]
String
sharepoint Mapping[str, Any]
String
slack Mapping[str, Any]
String
springcm Mapping[str, Any]
String
wams Mapping[str, Any]
String
wsfed Mapping[str, Any]
String
zendesk Mapping[str, Any]
String
zoom Mapping[str, Any]
String

ClientAddonsSamlp

Audience string
String. Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
AuthnContextClassRef string
String. Class reference of the authentication context.
Binding string
String. Protocol binding used for SAML logout responses.
CreateUpnClaim bool
Boolean, (Default=true) Indicates whether or not a UPN claim should be created.
Destination string
String. Destination of the SAML Response. If not specified, it will be AssertionConsumerUrlof SAMLRequest or Callback URL if there was no SAMLRequest.
DigestAlgorithm string
String, (Default=sha1). Algorithm used to calculate the digest of the SAML Assertion or response. Options include defaultsha1 and sha256.
IncludeAttributeNameFormat bool
Boolean,(Default=true). Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion.
LifetimeInSeconds int
Integer, (Default=3600). Number of seconds during which the token is valid.
Logout ClientAddonsSamlpLogoutArgs
Map(Resource). Configuration settings for logout. For details, see Logout.
MapIdentities bool
Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available.
MapUnknownClaimsAsIs bool
Boolean, (Default=false). Indicates whether or not to add a prefix of http://schema.auth0.com to any claims that are not mapped to the common profile when passed through in the output assertion.
Mappings Dictionary<string, object>
Map(String). Mappings between the Auth0 user profile property name (name) and the output attributes on the SAML attribute in the assertion (value).
NameIdentifierFormat string
String, (Default=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified). Format of the name identifier.
NameIdentifierProbes List<string>
List(String). Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
PassthroughClaimsWithNoMapping bool
Boolean, (Default=true). Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion.
Recipient string
String. Recipient of the SAML Assertion (SubjectConfirmationData). Default is AssertionConsumerUrl on SAMLRequest or Callback URL if no SAMLRequest was sent.
SignResponse bool
Boolean. Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
SignatureAlgorithm string
String, (Default=rsa-sha1). Algorithm used to sign the SAML Assertion or response. Options include rsa-sha1 and rsa-sha256.
TypedAttributes bool
Boolean, (Default=true). Indicates whether or not we should infer the xs:type of the element. Types include xs:string, xs:boolean, xs:double, and xs:anyType. When set to false, all xs:type are xs:anyType.
Audience string
String. Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
AuthnContextClassRef string
String. Class reference of the authentication context.
Binding string
String. Protocol binding used for SAML logout responses.
CreateUpnClaim bool
Boolean, (Default=true) Indicates whether or not a UPN claim should be created.
Destination string
String. Destination of the SAML Response. If not specified, it will be AssertionConsumerUrlof SAMLRequest or Callback URL if there was no SAMLRequest.
DigestAlgorithm string
String, (Default=sha1). Algorithm used to calculate the digest of the SAML Assertion or response. Options include defaultsha1 and sha256.
IncludeAttributeNameFormat bool
Boolean,(Default=true). Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion.
LifetimeInSeconds int
Integer, (Default=3600). Number of seconds during which the token is valid.
Logout ClientAddonsSamlpLogout
Map(Resource). Configuration settings for logout. For details, see Logout.
MapIdentities bool
Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available.
MapUnknownClaimsAsIs bool
Boolean, (Default=false). Indicates whether or not to add a prefix of http://schema.auth0.com to any claims that are not mapped to the common profile when passed through in the output assertion.
Mappings map[string]interface{}
Map(String). Mappings between the Auth0 user profile property name (name) and the output attributes on the SAML attribute in the assertion (value).
NameIdentifierFormat string
String, (Default=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified). Format of the name identifier.
NameIdentifierProbes []string
List(String). Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
PassthroughClaimsWithNoMapping bool
Boolean, (Default=true). Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion.
Recipient string
String. Recipient of the SAML Assertion (SubjectConfirmationData). Default is AssertionConsumerUrl on SAMLRequest or Callback URL if no SAMLRequest was sent.
SignResponse bool
Boolean. Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
SignatureAlgorithm string
String, (Default=rsa-sha1). Algorithm used to sign the SAML Assertion or response. Options include rsa-sha1 and rsa-sha256.
TypedAttributes bool
Boolean, (Default=true). Indicates whether or not we should infer the xs:type of the element. Types include xs:string, xs:boolean, xs:double, and xs:anyType. When set to false, all xs:type are xs:anyType.
audience string
String. Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
authnContextClassRef string
String. Class reference of the authentication context.
binding string
String. Protocol binding used for SAML logout responses.
createUpnClaim boolean
Boolean, (Default=true) Indicates whether or not a UPN claim should be created.
destination string
String. Destination of the SAML Response. If not specified, it will be AssertionConsumerUrlof SAMLRequest or Callback URL if there was no SAMLRequest.
digestAlgorithm string
String, (Default=sha1). Algorithm used to calculate the digest of the SAML Assertion or response. Options include defaultsha1 and sha256.
includeAttributeNameFormat boolean
Boolean,(Default=true). Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion.
lifetimeInSeconds number
Integer, (Default=3600). Number of seconds during which the token is valid.
logout ClientAddonsSamlpLogoutArgs
Map(Resource). Configuration settings for logout. For details, see Logout.
mapIdentities boolean
Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available.
mapUnknownClaimsAsIs boolean
Boolean, (Default=false). Indicates whether or not to add a prefix of http://schema.auth0.com to any claims that are not mapped to the common profile when passed through in the output assertion.
mappings {[key: string]: any}
Map(String). Mappings between the Auth0 user profile property name (name) and the output attributes on the SAML attribute in the assertion (value).
nameIdentifierFormat string
String, (Default=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified). Format of the name identifier.
nameIdentifierProbes string[]
List(String). Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
passthroughClaimsWithNoMapping boolean
Boolean, (Default=true). Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion.
recipient string
String. Recipient of the SAML Assertion (SubjectConfirmationData). Default is AssertionConsumerUrl on SAMLRequest or Callback URL if no SAMLRequest was sent.
signResponse boolean
Boolean. Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
signatureAlgorithm string
String, (Default=rsa-sha1). Algorithm used to sign the SAML Assertion or response. Options include rsa-sha1 and rsa-sha256.
typedAttributes boolean
Boolean, (Default=true). Indicates whether or not we should infer the xs:type of the element. Types include xs:string, xs:boolean, xs:double, and xs:anyType. When set to false, all xs:type are xs:anyType.
audience str
String. Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
authn_context_class_ref str
String. Class reference of the authentication context.
binding str
String. Protocol binding used for SAML logout responses.
create_upn_claim bool
Boolean, (Default=true) Indicates whether or not a UPN claim should be created.
destination str
String. Destination of the SAML Response. If not specified, it will be AssertionConsumerUrlof SAMLRequest or Callback URL if there was no SAMLRequest.
digest_algorithm str
String, (Default=sha1). Algorithm used to calculate the digest of the SAML Assertion or response. Options include defaultsha1 and sha256.
include_attribute_name_format bool
Boolean,(Default=true). Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion.
lifetime_in_seconds int
Integer, (Default=3600). Number of seconds during which the token is valid.
logout ClientAddonsSamlpLogoutArgs
Map(Resource). Configuration settings for logout. For details, see Logout.
map_identities bool
Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available.
map_unknown_claims_as_is bool
Boolean, (Default=false). Indicates whether or not to add a prefix of http://schema.auth0.com to any claims that are not mapped to the common profile when passed through in the output assertion.
mappings Mapping[str, Any]
Map(String). Mappings between the Auth0 user profile property name (name) and the output attributes on the SAML attribute in the assertion (value).
name_identifier_format str
String, (Default=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified). Format of the name identifier.
name_identifier_probes Sequence[str]
List(String). Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
passthrough_claims_with_no_mapping bool
Boolean, (Default=true). Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion.
recipient str
String. Recipient of the SAML Assertion (SubjectConfirmationData). Default is AssertionConsumerUrl on SAMLRequest or Callback URL if no SAMLRequest was sent.
sign_response bool
Boolean. Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
signature_algorithm str
String, (Default=rsa-sha1). Algorithm used to sign the SAML Assertion or response. Options include rsa-sha1 and rsa-sha256.
typed_attributes bool
Boolean, (Default=true). Indicates whether or not we should infer the xs:type of the element. Types include xs:string, xs:boolean, xs:double, and xs:anyType. When set to false, all xs:type are xs:anyType.

ClientAddonsSamlpLogout

Callback string
String. Service provider’s Single Logout Service URL, to which Auth0 will send logout requests and responses.
SloEnabled bool
Boolean. Indicates whether or not Auth0 should notify service providers of session termination.
Callback string
String. Service provider’s Single Logout Service URL, to which Auth0 will send logout requests and responses.
SloEnabled bool
Boolean. Indicates whether or not Auth0 should notify service providers of session termination.
callback string
String. Service provider’s Single Logout Service URL, to which Auth0 will send logout requests and responses.
sloEnabled boolean
Boolean. Indicates whether or not Auth0 should notify service providers of session termination.
callback str
String. Service provider’s Single Logout Service URL, to which Auth0 will send logout requests and responses.
slo_enabled bool
Boolean. Indicates whether or not Auth0 should notify service providers of session termination.

ClientJwtConfiguration

Alg string
String. Algorithm used to sign JWTs.
LifetimeInSeconds int
Integer. Number of seconds during which the JWT will be valid.
Scopes Dictionary<string, string>
Map(String). Permissions (scopes) included in JWTs.
SecretEncoded bool
Boolean. Indicates whether or not the client secret is base64 encoded.
Alg string
String. Algorithm used to sign JWTs.
LifetimeInSeconds int
Integer. Number of seconds during which the JWT will be valid.
Scopes map[string]string
Map(String). Permissions (scopes) included in JWTs.
SecretEncoded bool
Boolean. Indicates whether or not the client secret is base64 encoded.
alg string
String. Algorithm used to sign JWTs.
lifetimeInSeconds number
Integer. Number of seconds during which the JWT will be valid.
scopes {[key: string]: string}
Map(String). Permissions (scopes) included in JWTs.
secretEncoded boolean
Boolean. Indicates whether or not the client secret is base64 encoded.
alg str
String. Algorithm used to sign JWTs.
lifetime_in_seconds int
Integer. Number of seconds during which the JWT will be valid.
scopes Mapping[str, str]
Map(String). Permissions (scopes) included in JWTs.
secret_encoded bool
Boolean. Indicates whether or not the client secret is base64 encoded.

ClientMobile

Android ClientMobileAndroidArgs
List(Resource). Configuration settings for Android native apps. For details, see Android.
Ios ClientMobileIosArgs
List(Resource). Configuration settings for i0S native apps. For details, see iOS.
Android ClientMobileAndroid
List(Resource). Configuration settings for Android native apps. For details, see Android.
Ios ClientMobileIos
List(Resource). Configuration settings for i0S native apps. For details, see iOS.
android ClientMobileAndroidArgs
List(Resource). Configuration settings for Android native apps. For details, see Android.
ios ClientMobileIosArgs
List(Resource). Configuration settings for i0S native apps. For details, see iOS.
android ClientMobileAndroidArgs
List(Resource). Configuration settings for Android native apps. For details, see Android.
ios ClientMobileIosArgs
List(Resource). Configuration settings for i0S native apps. For details, see iOS.

ClientMobileAndroid

AppPackageName string
String
Sha256CertFingerprints List<string>
List(String)
AppPackageName string
String
Sha256CertFingerprints []string
List(String)
appPackageName string
String
sha256CertFingerprints string[]
List(String)
app_package_name str
String
sha256_cert_fingerprints Sequence[str]
List(String)

ClientMobileIos

AppBundleIdentifier string
String
TeamId string
String
AppBundleIdentifier string
String
TeamId string
String
appBundleIdentifier string
String
teamId string
String
app_bundle_identifier str
String
team_id str
String

ClientRefreshToken

ExpirationType string
String. Options include expiring, non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is rotating, this must be set to expiring.
RotationType string
String. Options include rotating, non-rotating. When rotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
IdleTokenLifetime int
Integer. The time in seconds after which inactive refresh tokens will expire.
InfiniteIdleTokenLifetime bool
Boolean, (Default=false) Whether or not inactive refresh tokens should be remain valid indefinitely.
InfiniteTokenLifetime bool
Boolean, (Default=false) Whether or not refresh tokens should remain valid indefinitely. If false, token_lifetime should also be set
Leeway int
Integer. The amount of time in seconds in which a refresh token may be reused without trigging reuse detection.
TokenLifetime int
Integer. The absolute lifetime of a refresh token in seconds.
ExpirationType string
String. Options include expiring, non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is rotating, this must be set to expiring.
RotationType string
String. Options include rotating, non-rotating. When rotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
IdleTokenLifetime int
Integer. The time in seconds after which inactive refresh tokens will expire.
InfiniteIdleTokenLifetime bool
Boolean, (Default=false) Whether or not inactive refresh tokens should be remain valid indefinitely.
InfiniteTokenLifetime bool
Boolean, (Default=false) Whether or not refresh tokens should remain valid indefinitely. If false, token_lifetime should also be set
Leeway int
Integer. The amount of time in seconds in which a refresh token may be reused without trigging reuse detection.
TokenLifetime int
Integer. The absolute lifetime of a refresh token in seconds.
expirationType string
String. Options include expiring, non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is rotating, this must be set to expiring.
rotationType string
String. Options include rotating, non-rotating. When rotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
idleTokenLifetime number
Integer. The time in seconds after which inactive refresh tokens will expire.
infiniteIdleTokenLifetime boolean
Boolean, (Default=false) Whether or not inactive refresh tokens should be remain valid indefinitely.
infiniteTokenLifetime boolean
Boolean, (Default=false) Whether or not refresh tokens should remain valid indefinitely. If false, token_lifetime should also be set
leeway number
Integer. The amount of time in seconds in which a refresh token may be reused without trigging reuse detection.
tokenLifetime number
Integer. The absolute lifetime of a refresh token in seconds.
expiration_type str
String. Options include expiring, non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is rotating, this must be set to expiring.
rotation_type str
String. Options include rotating, non-rotating. When rotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
idle_token_lifetime int
Integer. The time in seconds after which inactive refresh tokens will expire.
infinite_idle_token_lifetime bool
Boolean, (Default=false) Whether or not inactive refresh tokens should be remain valid indefinitely.
infinite_token_lifetime bool
Boolean, (Default=false) Whether or not refresh tokens should remain valid indefinitely. If false, token_lifetime should also be set
leeway int
Integer. The amount of time in seconds in which a refresh token may be reused without trigging reuse detection.
token_lifetime int
Integer. The absolute lifetime of a refresh token in seconds.

Package Details

Repository
https://github.com/pulumi/pulumi-auth0
License
Apache-2.0
Notes
This Pulumi package is based on the auth0 Terraform Provider.