Module oidc

This provider is a derived work of the Terraform Provider distributed under MIT. If you encounter a bug or missing feature, first check the pulumi/pulumi-keycloak repo; however, if that doesn’t turn up anything, please consult the source mrparkers/terraform-provider-keycloak repo.

Resources

Others

Resources

Resource GoogleIdentityProvider

class GoogleIdentityProvider extends CustomResource

constructor

new GoogleIdentityProvider(name: string, args: GoogleIdentityProviderArgs, opts?: pulumi.CustomResourceOptions)

Create a GoogleIdentityProvider resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GoogleIdentityProviderState, opts?: pulumi.CustomResourceOptions): GoogleIdentityProvider

Get an existing GoogleIdentityProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is GoogleIdentityProvider

Returns true if the given object is an instance of GoogleIdentityProvider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property acceptsPromptNoneForwardFromClient

public acceptsPromptNoneForwardFromClient: pulumi.Output<boolean | undefined>;

This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.

property addReadTokenRoleOnCreate

public addReadTokenRoleOnCreate: pulumi.Output<boolean | undefined>;

Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.

property alias

public alias: pulumi.Output<string>;

The alias uniquely identifies an identity provider and it is also used to build the redirect uri. In case of google this is computed and always google

property authenticateByDefault

public authenticateByDefault: pulumi.Output<boolean | undefined>;

Enable/disable authenticate users by default.

property clientId

public clientId: pulumi.Output<string>;

Client ID.

property clientSecret

public clientSecret: pulumi.Output<string>;

Client Secret.

property defaultScopes

public defaultScopes: pulumi.Output<string | undefined>;

The scopes to be sent when asking for authorization. See the documentation for possible values, separator and default value’. Default: ‘openid profile email’

property disableUserInfo

public disableUserInfo: pulumi.Output<boolean | undefined>;

Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service.

property displayName

public displayName: pulumi.Output<string>;

Not used by this provider, Will be implicitly Google

property enabled

public enabled: pulumi.Output<boolean | undefined>;

Enable/disable this identity provider.

property extraConfig

public extraConfig: pulumi.Output<{[key: string]: any} | undefined>;

property firstBrokerLoginFlowAlias

public firstBrokerLoginFlowAlias: pulumi.Output<string | undefined>;

Alias of authentication flow, which is triggered after first login with this identity provider. Term ‘First Login’ means that there is not yet existing Keycloak account linked with the authenticated identity provider account.

property hideOnLoginPage

public hideOnLoginPage: pulumi.Output<boolean | undefined>;

Hide On Login Page.

property hostedDomain

public hostedDomain: pulumi.Output<string | undefined>;

Set ‘hd’ query parameter when logging in with Google. Google will list accounts only for this domain. Keycloak validates that the returned identity token has a claim for this domain. When ‘*’ is entered, any hosted account can be used.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property internalId

public internalId: pulumi.Output<string>;

Internal Identity Provider Id

property linkOnly

public linkOnly: pulumi.Output<boolean | undefined>;

If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don’t want to allow login from the provider, but want to integrate with a provider

property postBrokerLoginFlowAlias

public postBrokerLoginFlowAlias: pulumi.Output<string | undefined>;

Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don’t want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.

property providerId

public providerId: pulumi.Output<string | undefined>;

provider id, is always google, unless you have a extended custom implementation

property realm

public realm: pulumi.Output<string>;

Realm Name

property requestRefreshToken

public requestRefreshToken: pulumi.Output<boolean | undefined>;

Set ‘access_type’ query parameter to ‘offline’ when redirecting to google authorization endpoint, to get a refresh token back. Useful if planning to use Token Exchange to retrieve Google token to access Google APIs when the user is not at the browser.

property storeToken

public storeToken: pulumi.Output<boolean | undefined>;

Enable/disable if tokens must be stored after authenticating users.

property trustEmail

public trustEmail: pulumi.Output<boolean | undefined>;

If enabled then email provided by this provider is not verified even if verification is enabled for the realm.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property useUserIpParam

public useUserIpParam: pulumi.Output<boolean | undefined>;

Set ‘userIp’ query parameter when invoking on Google’s User Info service. This will use the user’s ip address. Useful if Google is throttling access to the User Info service.

Resource IdentityProvider

class IdentityProvider extends CustomResource

constructor

new IdentityProvider(name: string, args: IdentityProviderArgs, opts?: pulumi.CustomResourceOptions)

Create a IdentityProvider resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IdentityProviderState, opts?: pulumi.CustomResourceOptions): IdentityProvider

Get an existing IdentityProvider resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is IdentityProvider

Returns true if the given object is an instance of IdentityProvider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property acceptsPromptNoneForwardFromClient

public acceptsPromptNoneForwardFromClient: pulumi.Output<boolean | undefined>;

This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.

property addReadTokenRoleOnCreate

public addReadTokenRoleOnCreate: pulumi.Output<boolean | undefined>;

Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.

property alias

public alias: pulumi.Output<string>;

The alias uniquely identifies an identity provider and it is also used to build the redirect uri.

property authenticateByDefault

public authenticateByDefault: pulumi.Output<boolean | undefined>;

Enable/disable authenticate users by default.

property authorizationUrl

public authorizationUrl: pulumi.Output<string>;

OIDC authorization URL.

property backchannelSupported

public backchannelSupported: pulumi.Output<boolean | undefined>;

Does the external IDP support backchannel logout?

property clientId

public clientId: pulumi.Output<string>;

Client ID.

property clientSecret

public clientSecret: pulumi.Output<string>;

Client Secret.

property defaultScopes

public defaultScopes: pulumi.Output<string | undefined>;

The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to ‘openid’.

property displayName

public displayName: pulumi.Output<string | undefined>;

Friendly name for Identity Providers.

property enabled

public enabled: pulumi.Output<boolean | undefined>;

Enable/disable this identity provider.

property extraConfig

public extraConfig: pulumi.Output<{[key: string]: any} | undefined>;

property firstBrokerLoginFlowAlias

public firstBrokerLoginFlowAlias: pulumi.Output<string | undefined>;

Alias of authentication flow, which is triggered after first login with this identity provider. Term ‘First Login’ means that there is not yet existing Keycloak account linked with the authenticated identity provider account.

property hideOnLoginPage

public hideOnLoginPage: pulumi.Output<boolean | undefined>;

Hide On Login Page.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property internalId

public internalId: pulumi.Output<string>;

Internal Identity Provider Id

property jwksUrl

public jwksUrl: pulumi.Output<string | undefined>;

JSON Web Key Set URL

property linkOnly

public linkOnly: pulumi.Output<boolean | undefined>;

If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don’t want to allow login from the provider, but want to integrate with a provider

property loginHint

public loginHint: pulumi.Output<string | undefined>;

Login Hint.

property logoutUrl

public logoutUrl: pulumi.Output<string | undefined>;

Logout URL

property postBrokerLoginFlowAlias

public postBrokerLoginFlowAlias: pulumi.Output<string | undefined>;

Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don’t want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.

property providerId

public providerId: pulumi.Output<string | undefined>;

provider id, is always oidc, unless you have a custom implementation

property realm

public realm: pulumi.Output<string>;

Realm Name

property storeToken

public storeToken: pulumi.Output<boolean | undefined>;

Enable/disable if tokens must be stored after authenticating users.

property tokenUrl

public tokenUrl: pulumi.Output<string>;

Token URL.

property trustEmail

public trustEmail: pulumi.Output<boolean | undefined>;

If enabled then email provided by this provider is not verified even if verification is enabled for the realm.

property uiLocales

public uiLocales: pulumi.Output<boolean | undefined>;

Pass current locale to identity provider

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userInfoUrl

public userInfoUrl: pulumi.Output<string | undefined>;

User Info URL

property validateSignature

public validateSignature: pulumi.Output<boolean | undefined>;

Enable/disable signature validation of external IDP signatures.

Others

interface GoogleIdentityProviderArgs

interface GoogleIdentityProviderArgs

The set of arguments for constructing a GoogleIdentityProvider resource.

property acceptsPromptNoneForwardFromClient

acceptsPromptNoneForwardFromClient?: pulumi.Input<boolean>;

This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.

property addReadTokenRoleOnCreate

addReadTokenRoleOnCreate?: pulumi.Input<boolean>;

Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.

property authenticateByDefault

authenticateByDefault?: pulumi.Input<boolean>;

Enable/disable authenticate users by default.

property clientId

clientId: pulumi.Input<string>;

Client ID.

property clientSecret

clientSecret: pulumi.Input<string>;

Client Secret.

property defaultScopes

defaultScopes?: pulumi.Input<string>;

The scopes to be sent when asking for authorization. See the documentation for possible values, separator and default value’. Default: ‘openid profile email’

property disableUserInfo

disableUserInfo?: pulumi.Input<boolean>;

Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service.

property enabled

enabled?: pulumi.Input<boolean>;

Enable/disable this identity provider.

property extraConfig

extraConfig?: pulumi.Input<{[key: string]: any}>;

property firstBrokerLoginFlowAlias

firstBrokerLoginFlowAlias?: pulumi.Input<string>;

Alias of authentication flow, which is triggered after first login with this identity provider. Term ‘First Login’ means that there is not yet existing Keycloak account linked with the authenticated identity provider account.

property hideOnLoginPage

hideOnLoginPage?: pulumi.Input<boolean>;

Hide On Login Page.

property hostedDomain

hostedDomain?: pulumi.Input<string>;

Set ‘hd’ query parameter when logging in with Google. Google will list accounts only for this domain. Keycloak validates that the returned identity token has a claim for this domain. When ‘*’ is entered, any hosted account can be used.

property linkOnly

linkOnly?: pulumi.Input<boolean>;

If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don’t want to allow login from the provider, but want to integrate with a provider

property postBrokerLoginFlowAlias

postBrokerLoginFlowAlias?: pulumi.Input<string>;

Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don’t want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.

property providerId

providerId?: pulumi.Input<string>;

provider id, is always google, unless you have a extended custom implementation

property realm

realm: pulumi.Input<string>;

Realm Name

property requestRefreshToken

requestRefreshToken?: pulumi.Input<boolean>;

Set ‘access_type’ query parameter to ‘offline’ when redirecting to google authorization endpoint, to get a refresh token back. Useful if planning to use Token Exchange to retrieve Google token to access Google APIs when the user is not at the browser.

property storeToken

storeToken?: pulumi.Input<boolean>;

Enable/disable if tokens must be stored after authenticating users.

property trustEmail

trustEmail?: pulumi.Input<boolean>;

If enabled then email provided by this provider is not verified even if verification is enabled for the realm.

property useUserIpParam

useUserIpParam?: pulumi.Input<boolean>;

Set ‘userIp’ query parameter when invoking on Google’s User Info service. This will use the user’s ip address. Useful if Google is throttling access to the User Info service.

interface GoogleIdentityProviderState

interface GoogleIdentityProviderState

Input properties used for looking up and filtering GoogleIdentityProvider resources.

property acceptsPromptNoneForwardFromClient

acceptsPromptNoneForwardFromClient?: pulumi.Input<boolean>;

This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.

property addReadTokenRoleOnCreate

addReadTokenRoleOnCreate?: pulumi.Input<boolean>;

Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.

property alias

alias?: pulumi.Input<string>;

The alias uniquely identifies an identity provider and it is also used to build the redirect uri. In case of google this is computed and always google

property authenticateByDefault

authenticateByDefault?: pulumi.Input<boolean>;

Enable/disable authenticate users by default.

property clientId

clientId?: pulumi.Input<string>;

Client ID.

property clientSecret

clientSecret?: pulumi.Input<string>;

Client Secret.

property defaultScopes

defaultScopes?: pulumi.Input<string>;

The scopes to be sent when asking for authorization. See the documentation for possible values, separator and default value’. Default: ‘openid profile email’

property disableUserInfo

disableUserInfo?: pulumi.Input<boolean>;

Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service.

property displayName

displayName?: pulumi.Input<string>;

Not used by this provider, Will be implicitly Google

property enabled

enabled?: pulumi.Input<boolean>;

Enable/disable this identity provider.

property extraConfig

extraConfig?: pulumi.Input<{[key: string]: any}>;

property firstBrokerLoginFlowAlias

firstBrokerLoginFlowAlias?: pulumi.Input<string>;

Alias of authentication flow, which is triggered after first login with this identity provider. Term ‘First Login’ means that there is not yet existing Keycloak account linked with the authenticated identity provider account.

property hideOnLoginPage

hideOnLoginPage?: pulumi.Input<boolean>;

Hide On Login Page.

property hostedDomain

hostedDomain?: pulumi.Input<string>;

Set ‘hd’ query parameter when logging in with Google. Google will list accounts only for this domain. Keycloak validates that the returned identity token has a claim for this domain. When ‘*’ is entered, any hosted account can be used.

property internalId

internalId?: pulumi.Input<string>;

Internal Identity Provider Id

property linkOnly

linkOnly?: pulumi.Input<boolean>;

If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don’t want to allow login from the provider, but want to integrate with a provider

property postBrokerLoginFlowAlias

postBrokerLoginFlowAlias?: pulumi.Input<string>;

Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don’t want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.

property providerId

providerId?: pulumi.Input<string>;

provider id, is always google, unless you have a extended custom implementation

property realm

realm?: pulumi.Input<string>;

Realm Name

property requestRefreshToken

requestRefreshToken?: pulumi.Input<boolean>;

Set ‘access_type’ query parameter to ‘offline’ when redirecting to google authorization endpoint, to get a refresh token back. Useful if planning to use Token Exchange to retrieve Google token to access Google APIs when the user is not at the browser.

property storeToken

storeToken?: pulumi.Input<boolean>;

Enable/disable if tokens must be stored after authenticating users.

property trustEmail

trustEmail?: pulumi.Input<boolean>;

If enabled then email provided by this provider is not verified even if verification is enabled for the realm.

property useUserIpParam

useUserIpParam?: pulumi.Input<boolean>;

Set ‘userIp’ query parameter when invoking on Google’s User Info service. This will use the user’s ip address. Useful if Google is throttling access to the User Info service.

interface IdentityProviderArgs

interface IdentityProviderArgs

The set of arguments for constructing a IdentityProvider resource.

property acceptsPromptNoneForwardFromClient

acceptsPromptNoneForwardFromClient?: pulumi.Input<boolean>;

This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.

property addReadTokenRoleOnCreate

addReadTokenRoleOnCreate?: pulumi.Input<boolean>;

Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.

property alias

alias: pulumi.Input<string>;

The alias uniquely identifies an identity provider and it is also used to build the redirect uri.

property authenticateByDefault

authenticateByDefault?: pulumi.Input<boolean>;

Enable/disable authenticate users by default.

property authorizationUrl

authorizationUrl: pulumi.Input<string>;

OIDC authorization URL.

property backchannelSupported

backchannelSupported?: pulumi.Input<boolean>;

Does the external IDP support backchannel logout?

property clientId

clientId: pulumi.Input<string>;

Client ID.

property clientSecret

clientSecret: pulumi.Input<string>;

Client Secret.

property defaultScopes

defaultScopes?: pulumi.Input<string>;

The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to ‘openid’.

property displayName

displayName?: pulumi.Input<string>;

Friendly name for Identity Providers.

property enabled

enabled?: pulumi.Input<boolean>;

Enable/disable this identity provider.

property extraConfig

extraConfig?: pulumi.Input<{[key: string]: any}>;

property firstBrokerLoginFlowAlias

firstBrokerLoginFlowAlias?: pulumi.Input<string>;

Alias of authentication flow, which is triggered after first login with this identity provider. Term ‘First Login’ means that there is not yet existing Keycloak account linked with the authenticated identity provider account.

property hideOnLoginPage

hideOnLoginPage?: pulumi.Input<boolean>;

Hide On Login Page.

property jwksUrl

jwksUrl?: pulumi.Input<string>;

JSON Web Key Set URL

property linkOnly

linkOnly?: pulumi.Input<boolean>;

If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don’t want to allow login from the provider, but want to integrate with a provider

property loginHint

loginHint?: pulumi.Input<string>;

Login Hint.

property logoutUrl

logoutUrl?: pulumi.Input<string>;

Logout URL

property postBrokerLoginFlowAlias

postBrokerLoginFlowAlias?: pulumi.Input<string>;

Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don’t want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.

property providerId

providerId?: pulumi.Input<string>;

provider id, is always oidc, unless you have a custom implementation

property realm

realm: pulumi.Input<string>;

Realm Name

property storeToken

storeToken?: pulumi.Input<boolean>;

Enable/disable if tokens must be stored after authenticating users.

property tokenUrl

tokenUrl: pulumi.Input<string>;

Token URL.

property trustEmail

trustEmail?: pulumi.Input<boolean>;

If enabled then email provided by this provider is not verified even if verification is enabled for the realm.

property uiLocales

uiLocales?: pulumi.Input<boolean>;

Pass current locale to identity provider

property userInfoUrl

userInfoUrl?: pulumi.Input<string>;

User Info URL

property validateSignature

validateSignature?: pulumi.Input<boolean>;

Enable/disable signature validation of external IDP signatures.

interface IdentityProviderState

interface IdentityProviderState

Input properties used for looking up and filtering IdentityProvider resources.

property acceptsPromptNoneForwardFromClient

acceptsPromptNoneForwardFromClient?: pulumi.Input<boolean>;

This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.

property addReadTokenRoleOnCreate

addReadTokenRoleOnCreate?: pulumi.Input<boolean>;

Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role.

property alias

alias?: pulumi.Input<string>;

The alias uniquely identifies an identity provider and it is also used to build the redirect uri.

property authenticateByDefault

authenticateByDefault?: pulumi.Input<boolean>;

Enable/disable authenticate users by default.

property authorizationUrl

authorizationUrl?: pulumi.Input<string>;

OIDC authorization URL.

property backchannelSupported

backchannelSupported?: pulumi.Input<boolean>;

Does the external IDP support backchannel logout?

property clientId

clientId?: pulumi.Input<string>;

Client ID.

property clientSecret

clientSecret?: pulumi.Input<string>;

Client Secret.

property defaultScopes

defaultScopes?: pulumi.Input<string>;

The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to ‘openid’.

property displayName

displayName?: pulumi.Input<string>;

Friendly name for Identity Providers.

property enabled

enabled?: pulumi.Input<boolean>;

Enable/disable this identity provider.

property extraConfig

extraConfig?: pulumi.Input<{[key: string]: any}>;

property firstBrokerLoginFlowAlias

firstBrokerLoginFlowAlias?: pulumi.Input<string>;

Alias of authentication flow, which is triggered after first login with this identity provider. Term ‘First Login’ means that there is not yet existing Keycloak account linked with the authenticated identity provider account.

property hideOnLoginPage

hideOnLoginPage?: pulumi.Input<boolean>;

Hide On Login Page.

property internalId

internalId?: pulumi.Input<string>;

Internal Identity Provider Id

property jwksUrl

jwksUrl?: pulumi.Input<string>;

JSON Web Key Set URL

property linkOnly

linkOnly?: pulumi.Input<boolean>;

If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don’t want to allow login from the provider, but want to integrate with a provider

property loginHint

loginHint?: pulumi.Input<string>;

Login Hint.

property logoutUrl

logoutUrl?: pulumi.Input<string>;

Logout URL

property postBrokerLoginFlowAlias

postBrokerLoginFlowAlias?: pulumi.Input<string>;

Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don’t want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it.

property providerId

providerId?: pulumi.Input<string>;

provider id, is always oidc, unless you have a custom implementation

property realm

realm?: pulumi.Input<string>;

Realm Name

property storeToken

storeToken?: pulumi.Input<boolean>;

Enable/disable if tokens must be stored after authenticating users.

property tokenUrl

tokenUrl?: pulumi.Input<string>;

Token URL.

property trustEmail

trustEmail?: pulumi.Input<boolean>;

If enabled then email provided by this provider is not verified even if verification is enabled for the realm.

property uiLocales

uiLocales?: pulumi.Input<boolean>;

Pass current locale to identity provider

property userInfoUrl

userInfoUrl?: pulumi.Input<string>;

User Info URL

property validateSignature

validateSignature?: pulumi.Input<boolean>;

Enable/disable signature validation of external IDP signatures.