ResourceServer

With this resource, you can set up APIs that can be consumed from your authorized applications.

Example Usage

using Pulumi;
using Auth0 = Pulumi.Auth0;

class MyStack : Stack
{
    public MyStack()
    {
        var myResourceServer = new Auth0.ResourceServer("myResourceServer", new Auth0.ResourceServerArgs
        {
            AllowOfflineAccess = true,
            Identifier = "https://api.example.com",
            Scopes = 
            {
                new Auth0.Inputs.ResourceServerScopeArgs
                {
                    Description = "Create foos",
                    Value = "create:foo",
                },
                new Auth0.Inputs.ResourceServerScopeArgs
                {
                    Description = "Create bars",
                    Value = "create:bar",
                },
            },
            SigningAlg = "RS256",
            SkipConsentForVerifiableFirstPartyClients = true,
            TokenLifetime = 8600,
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewResourceServer(ctx, "myResourceServer", &auth0.ResourceServerArgs{
			AllowOfflineAccess: pulumi.Bool(true),
			Identifier:         pulumi.String("https://api.example.com"),
			Scopes: auth0.ResourceServerScopeArray{
				&auth0.ResourceServerScopeArgs{
					Description: pulumi.String("Create foos"),
					Value:       pulumi.String("create:foo"),
				},
				&auth0.ResourceServerScopeArgs{
					Description: pulumi.String("Create bars"),
					Value:       pulumi.String("create:bar"),
				},
			},
			SigningAlg: pulumi.String("RS256"),
			SkipConsentForVerifiableFirstPartyClients: pulumi.Bool(true),
			TokenLifetime: pulumi.Int(8600),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_auth0 as auth0

my_resource_server = auth0.ResourceServer("myResourceServer",
    allow_offline_access=True,
    identifier="https://api.example.com",
    scopes=[
        auth0.ResourceServerScopeArgs(
            description="Create foos",
            value="create:foo",
        ),
        auth0.ResourceServerScopeArgs(
            description="Create bars",
            value="create:bar",
        ),
    ],
    signing_alg="RS256",
    skip_consent_for_verifiable_first_party_clients=True,
    token_lifetime=8600)
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myResourceServer = new auth0.ResourceServer("my_resource_server", {
    allowOfflineAccess: true,
    identifier: "https://api.example.com",
    scopes: [
        {
            description: "Create foos",
            value: "create:foo",
        },
        {
            description: "Create bars",
            value: "create:bar",
        },
    ],
    signingAlg: "RS256",
    skipConsentForVerifiableFirstPartyClients: true,
    tokenLifetime: 8600,
});

Create a ResourceServer Resource

new ResourceServer(name: string, args?: ResourceServerArgs, opts?: CustomResourceOptions);
@overload
def ResourceServer(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   allow_offline_access: Optional[bool] = None,
                   enforce_policies: Optional[bool] = None,
                   identifier: Optional[str] = None,
                   name: Optional[str] = None,
                   options: Optional[Mapping[str, str]] = None,
                   scopes: Optional[Sequence[ResourceServerScopeArgs]] = None,
                   signing_alg: Optional[str] = None,
                   signing_secret: Optional[str] = None,
                   skip_consent_for_verifiable_first_party_clients: Optional[bool] = None,
                   token_dialect: Optional[str] = None,
                   token_lifetime: Optional[int] = None,
                   token_lifetime_for_web: Optional[int] = None,
                   verification_location: Optional[str] = None)
@overload
def ResourceServer(resource_name: str,
                   args: Optional[ResourceServerArgs] = None,
                   opts: Optional[ResourceOptions] = None)
func NewResourceServer(ctx *Context, name string, args *ResourceServerArgs, opts ...ResourceOption) (*ResourceServer, error)
public ResourceServer(string name, ResourceServerArgs? args = null, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args ResourceServerArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ResourceServerArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ResourceServerArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ResourceServerArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

ResourceServer Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The ResourceServer resource accepts the following input properties:

AllowOfflineAccess bool
Boolean. Indicates whether or not refresh tokens can be issued for this resource server.
EnforcePolicies bool
Boolean. Indicates whether or not authorization polices are enforced.
Identifier string
String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.
Name string
String. Friendly name for the resource server. Cannot include < or > characters.
Options Dictionary<string, string>
Map(String). Used to store additional metadata
Scopes List<ResourceServerScopeArgs>
Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.
SigningAlg string
String. Algorithm used to sign JWTs. Options include HS256 and RS256.
SigningSecret string
String. Secret used to sign tokens when using symmetric algorithms (HS256).
SkipConsentForVerifiableFirstPartyClients bool
Boolean. Indicates whether or not to skip user consent for applications flagged as first party.
TokenDialect string
String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).
TokenLifetime int
Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
TokenLifetimeForWeb int
Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.
VerificationLocation string
String
AllowOfflineAccess bool
Boolean. Indicates whether or not refresh tokens can be issued for this resource server.
EnforcePolicies bool
Boolean. Indicates whether or not authorization polices are enforced.
Identifier string
String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.
Name string
String. Friendly name for the resource server. Cannot include < or > characters.
Options map[string]string
Map(String). Used to store additional metadata
Scopes []ResourceServerScope
Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.
SigningAlg string
String. Algorithm used to sign JWTs. Options include HS256 and RS256.
SigningSecret string
String. Secret used to sign tokens when using symmetric algorithms (HS256).
SkipConsentForVerifiableFirstPartyClients bool
Boolean. Indicates whether or not to skip user consent for applications flagged as first party.
TokenDialect string
String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).
TokenLifetime int
Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
TokenLifetimeForWeb int
Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.
VerificationLocation string
String
allowOfflineAccess boolean
Boolean. Indicates whether or not refresh tokens can be issued for this resource server.
enforcePolicies boolean
Boolean. Indicates whether or not authorization polices are enforced.
identifier string
String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.
name string
String. Friendly name for the resource server. Cannot include < or > characters.
options {[key: string]: string}
Map(String). Used to store additional metadata
scopes ResourceServerScopeArgs[]
Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.
signingAlg string
String. Algorithm used to sign JWTs. Options include HS256 and RS256.
signingSecret string
String. Secret used to sign tokens when using symmetric algorithms (HS256).
skipConsentForVerifiableFirstPartyClients boolean
Boolean. Indicates whether or not to skip user consent for applications flagged as first party.
tokenDialect string
String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).
tokenLifetime number
Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
tokenLifetimeForWeb number
Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.
verificationLocation string
String
allow_offline_access bool
Boolean. Indicates whether or not refresh tokens can be issued for this resource server.
enforce_policies bool
Boolean. Indicates whether or not authorization polices are enforced.
identifier str
String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.
name str
String. Friendly name for the resource server. Cannot include < or > characters.
options Mapping[str, str]
Map(String). Used to store additional metadata
scopes Sequence[ResourceServerScopeArgs]
Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.
signing_alg str
String. Algorithm used to sign JWTs. Options include HS256 and RS256.
signing_secret str
String. Secret used to sign tokens when using symmetric algorithms (HS256).
skip_consent_for_verifiable_first_party_clients bool
Boolean. Indicates whether or not to skip user consent for applications flagged as first party.
token_dialect str
String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).
token_lifetime int
Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
token_lifetime_for_web int
Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.
verification_location str
String

Outputs

All input properties are implicitly available as output properties. Additionally, the ResourceServer resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing ResourceServer Resource

Get an existing ResourceServer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ResourceServerState, opts?: CustomResourceOptions): ResourceServer
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allow_offline_access: Optional[bool] = None,
        enforce_policies: Optional[bool] = None,
        identifier: Optional[str] = None,
        name: Optional[str] = None,
        options: Optional[Mapping[str, str]] = None,
        scopes: Optional[Sequence[ResourceServerScopeArgs]] = None,
        signing_alg: Optional[str] = None,
        signing_secret: Optional[str] = None,
        skip_consent_for_verifiable_first_party_clients: Optional[bool] = None,
        token_dialect: Optional[str] = None,
        token_lifetime: Optional[int] = None,
        token_lifetime_for_web: Optional[int] = None,
        verification_location: Optional[str] = None) -> ResourceServer
func GetResourceServer(ctx *Context, name string, id IDInput, state *ResourceServerState, opts ...ResourceOption) (*ResourceServer, error)
public static ResourceServer Get(string name, Input<string> id, ResourceServerState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowOfflineAccess bool
Boolean. Indicates whether or not refresh tokens can be issued for this resource server.
EnforcePolicies bool
Boolean. Indicates whether or not authorization polices are enforced.
Identifier string
String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.
Name string
String. Friendly name for the resource server. Cannot include < or > characters.
Options Dictionary<string, string>
Map(String). Used to store additional metadata
Scopes List<ResourceServerScopeArgs>
Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.
SigningAlg string
String. Algorithm used to sign JWTs. Options include HS256 and RS256.
SigningSecret string
String. Secret used to sign tokens when using symmetric algorithms (HS256).
SkipConsentForVerifiableFirstPartyClients bool
Boolean. Indicates whether or not to skip user consent for applications flagged as first party.
TokenDialect string
String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).
TokenLifetime int
Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
TokenLifetimeForWeb int
Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.
VerificationLocation string
String
AllowOfflineAccess bool
Boolean. Indicates whether or not refresh tokens can be issued for this resource server.
EnforcePolicies bool
Boolean. Indicates whether or not authorization polices are enforced.
Identifier string
String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.
Name string
String. Friendly name for the resource server. Cannot include < or > characters.
Options map[string]string
Map(String). Used to store additional metadata
Scopes []ResourceServerScope
Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.
SigningAlg string
String. Algorithm used to sign JWTs. Options include HS256 and RS256.
SigningSecret string
String. Secret used to sign tokens when using symmetric algorithms (HS256).
SkipConsentForVerifiableFirstPartyClients bool
Boolean. Indicates whether or not to skip user consent for applications flagged as first party.
TokenDialect string
String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).
TokenLifetime int
Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
TokenLifetimeForWeb int
Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.
VerificationLocation string
String
allowOfflineAccess boolean
Boolean. Indicates whether or not refresh tokens can be issued for this resource server.
enforcePolicies boolean
Boolean. Indicates whether or not authorization polices are enforced.
identifier string
String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.
name string
String. Friendly name for the resource server. Cannot include < or > characters.
options {[key: string]: string}
Map(String). Used to store additional metadata
scopes ResourceServerScopeArgs[]
Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.
signingAlg string
String. Algorithm used to sign JWTs. Options include HS256 and RS256.
signingSecret string
String. Secret used to sign tokens when using symmetric algorithms (HS256).
skipConsentForVerifiableFirstPartyClients boolean
Boolean. Indicates whether or not to skip user consent for applications flagged as first party.
tokenDialect string
String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).
tokenLifetime number
Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
tokenLifetimeForWeb number
Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.
verificationLocation string
String
allow_offline_access bool
Boolean. Indicates whether or not refresh tokens can be issued for this resource server.
enforce_policies bool
Boolean. Indicates whether or not authorization polices are enforced.
identifier str
String. Unique identifier for the resource server. Used as the audience parameter for authorization calls. Can not be changed once set.
name str
String. Friendly name for the resource server. Cannot include < or > characters.
options Mapping[str, str]
Map(String). Used to store additional metadata
scopes Sequence[ResourceServerScopeArgs]
Set(Resource). List of permissions (scopes) used by this resource server. For details, see Scopes.
signing_alg str
String. Algorithm used to sign JWTs. Options include HS256 and RS256.
signing_secret str
String. Secret used to sign tokens when using symmetric algorithms (HS256).
skip_consent_for_verifiable_first_party_clients bool
Boolean. Indicates whether or not to skip user consent for applications flagged as first party.
token_dialect str
String. Dialect of access tokens that should be issued for this resource server. Options include access_token or access_token_authz (includes permissions).
token_lifetime int
Integer. Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
token_lifetime_for_web int
Integer. Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the token_lifetime value.
verification_location str
String

Supporting Types

ResourceServerScope

Value string
String. Name of the permission (scope). Examples include read:appointments or delete:appointments.
Description string
String. Description of the permission (scope).
Value string
String. Name of the permission (scope). Examples include read:appointments or delete:appointments.
Description string
String. Description of the permission (scope).
value string
String. Name of the permission (scope). Examples include read:appointments or delete:appointments.
description string
String. Description of the permission (scope).
value str
String. Name of the permission (scope). Examples include read:appointments or delete:appointments.
description str
String. Description of the permission (scope).

Package Details

Repository
https://github.com/pulumi/pulumi-auth0
License
Apache-2.0
Notes
This Pulumi package is based on the auth0 Terraform Provider.