okta.auth.ServerPolicyClaim
Explore with Pulumi AI
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as okta from "@pulumi/okta";
const example = new okta.auth.ServerPolicyRule("example", {
authServerId: "<auth server id>",
grantTypeWhitelists: ["implicit"],
groupWhitelists: ["<group ids>"],
policyId: "<auth server policy id>",
priority: 1,
status: "ACTIVE",
});
import pulumi
import pulumi_okta as okta
example = okta.auth.ServerPolicyRule("example",
auth_server_id="<auth server id>",
grant_type_whitelists=["implicit"],
group_whitelists=["<group ids>"],
policy_id="<auth server policy id>",
priority=1,
status="ACTIVE")
package main
import (
"github.com/pulumi/pulumi-okta/sdk/v4/go/okta/auth"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth.NewServerPolicyRule(ctx, "example", &auth.ServerPolicyRuleArgs{
AuthServerId: pulumi.String("<auth server id>"),
GrantTypeWhitelists: pulumi.StringArray{
pulumi.String("implicit"),
},
GroupWhitelists: pulumi.StringArray{
pulumi.String("<group ids>"),
},
PolicyId: pulumi.String("<auth server policy id>"),
Priority: pulumi.Int(1),
Status: pulumi.String("ACTIVE"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Okta = Pulumi.Okta;
return await Deployment.RunAsync(() =>
{
var example = new Okta.Auth.ServerPolicyRule("example", new()
{
AuthServerId = "<auth server id>",
GrantTypeWhitelists = new[]
{
"implicit",
},
GroupWhitelists = new[]
{
"<group ids>",
},
PolicyId = "<auth server policy id>",
Priority = 1,
Status = "ACTIVE",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.okta.auth.ServerPolicyRule;
import com.pulumi.okta.auth.ServerPolicyRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ServerPolicyRule("example", ServerPolicyRuleArgs.builder()
.authServerId("<auth server id>")
.grantTypeWhitelists("implicit")
.groupWhitelists("<group ids>")
.policyId("<auth server policy id>")
.priority(1)
.status("ACTIVE")
.build());
}
}
resources:
example:
type: okta:auth:ServerPolicyRule
properties:
authServerId: <auth server id>
grantTypeWhitelists:
- implicit
groupWhitelists:
- <group ids>
policyId: <auth server policy id>
priority: 1
status: ACTIVE
Create ServerPolicyClaim Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ServerPolicyClaim(name: string, args: ServerPolicyClaimArgs, opts?: CustomResourceOptions);
@overload
def ServerPolicyClaim(resource_name: str,
args: ServerPolicyClaimArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ServerPolicyClaim(resource_name: str,
opts: Optional[ResourceOptions] = None,
access_token_lifetime_minutes: Optional[int] = None,
auth_server_id: Optional[str] = None,
grant_type_whitelists: Optional[Sequence[str]] = None,
group_blacklists: Optional[Sequence[str]] = None,
group_whitelists: Optional[Sequence[str]] = None,
inline_hook_id: Optional[str] = None,
name: Optional[str] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
refresh_token_lifetime_minutes: Optional[int] = None,
refresh_token_window_minutes: Optional[int] = None,
scope_whitelists: Optional[Sequence[str]] = None,
status: Optional[str] = None,
type: Optional[str] = None,
user_blacklists: Optional[Sequence[str]] = None,
user_whitelists: Optional[Sequence[str]] = None)
func NewServerPolicyClaim(ctx *Context, name string, args ServerPolicyClaimArgs, opts ...ResourceOption) (*ServerPolicyClaim, error)
public ServerPolicyClaim(string name, ServerPolicyClaimArgs args, CustomResourceOptions? opts = null)
public ServerPolicyClaim(String name, ServerPolicyClaimArgs args)
public ServerPolicyClaim(String name, ServerPolicyClaimArgs args, CustomResourceOptions options)
type: okta:auth:ServerPolicyClaim
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ServerPolicyClaimArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServerPolicyClaimArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServerPolicyClaimArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServerPolicyClaimArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServerPolicyClaimArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
Coming soon!
Coming soon!
Coming soon!
Coming soon!
Coming soon!
Coming soon!
ServerPolicyClaim Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ServerPolicyClaim resource accepts the following input properties:
- Auth
Server stringId - Auth Server ID.
- Grant
Type List<string>Whitelists - Accepted grant type values,
"authorization_code"
,"implicit"
,"password"
,"client_credentials"
,"urn:ietf:params:oauth:grant-type:saml2-bearer"
(Early Access Property),"urn:ietf:params:oauth:grant-type:token-exchange"
(Early Access Property),"urn:ietf:params:oauth:grant-type:device_code"
(Early Access Property),"interaction_code"
(OIE only). For"implicit"
value eitheruser_whitelist
orgroup_whitelist
should be set. - Policy
Id string - Auth Server Policy ID.
- Priority int
- Priority of the auth server policy rule.
- Access
Token intLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - Group
Blacklists List<string> - Specifies a set of Groups whose Users are to be excluded.
- Group
Whitelists List<string> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
"EVERYONE"
. - Inline
Hook stringId - The ID of the inline token to trigger.
- Name string
- Auth Server Policy Rule name.
- Refresh
Token intLifetime Minutes - Lifetime of refresh token.
- Refresh
Token intWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days)."refresh_token_window_minutes"
must be between"access_token_lifetime_minutes"
and"refresh_token_lifetime_minutes"
. - Scope
Whitelists List<string> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
"*"
. - Status string
- The status of the Auth Server Policy Rule.
- Type string
- The type of the Auth Server Policy Rule.
- User
Blacklists List<string> - Specifies a set of Users to be excluded.
- User
Whitelists List<string> - Specifies a set of Users to be included.
- Auth
Server stringId - Auth Server ID.
- Grant
Type []stringWhitelists - Accepted grant type values,
"authorization_code"
,"implicit"
,"password"
,"client_credentials"
,"urn:ietf:params:oauth:grant-type:saml2-bearer"
(Early Access Property),"urn:ietf:params:oauth:grant-type:token-exchange"
(Early Access Property),"urn:ietf:params:oauth:grant-type:device_code"
(Early Access Property),"interaction_code"
(OIE only). For"implicit"
value eitheruser_whitelist
orgroup_whitelist
should be set. - Policy
Id string - Auth Server Policy ID.
- Priority int
- Priority of the auth server policy rule.
- Access
Token intLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - Group
Blacklists []string - Specifies a set of Groups whose Users are to be excluded.
- Group
Whitelists []string - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
"EVERYONE"
. - Inline
Hook stringId - The ID of the inline token to trigger.
- Name string
- Auth Server Policy Rule name.
- Refresh
Token intLifetime Minutes - Lifetime of refresh token.
- Refresh
Token intWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days)."refresh_token_window_minutes"
must be between"access_token_lifetime_minutes"
and"refresh_token_lifetime_minutes"
. - Scope
Whitelists []string - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
"*"
. - Status string
- The status of the Auth Server Policy Rule.
- Type string
- The type of the Auth Server Policy Rule.
- User
Blacklists []string - Specifies a set of Users to be excluded.
- User
Whitelists []string - Specifies a set of Users to be included.
- auth
Server StringId - Auth Server ID.
- grant
Type List<String>Whitelists - Accepted grant type values,
"authorization_code"
,"implicit"
,"password"
,"client_credentials"
,"urn:ietf:params:oauth:grant-type:saml2-bearer"
(Early Access Property),"urn:ietf:params:oauth:grant-type:token-exchange"
(Early Access Property),"urn:ietf:params:oauth:grant-type:device_code"
(Early Access Property),"interaction_code"
(OIE only). For"implicit"
value eitheruser_whitelist
orgroup_whitelist
should be set. - policy
Id String - Auth Server Policy ID.
- priority Integer
- Priority of the auth server policy rule.
- access
Token IntegerLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - group
Blacklists List<String> - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists List<String> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
"EVERYONE"
. - inline
Hook StringId - The ID of the inline token to trigger.
- name String
- Auth Server Policy Rule name.
- refresh
Token IntegerLifetime Minutes - Lifetime of refresh token.
- refresh
Token IntegerWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days)."refresh_token_window_minutes"
must be between"access_token_lifetime_minutes"
and"refresh_token_lifetime_minutes"
. - scope
Whitelists List<String> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
"*"
. - status String
- The status of the Auth Server Policy Rule.
- type String
- The type of the Auth Server Policy Rule.
- user
Blacklists List<String> - Specifies a set of Users to be excluded.
- user
Whitelists List<String> - Specifies a set of Users to be included.
- auth
Server stringId - Auth Server ID.
- grant
Type string[]Whitelists - Accepted grant type values,
"authorization_code"
,"implicit"
,"password"
,"client_credentials"
,"urn:ietf:params:oauth:grant-type:saml2-bearer"
(Early Access Property),"urn:ietf:params:oauth:grant-type:token-exchange"
(Early Access Property),"urn:ietf:params:oauth:grant-type:device_code"
(Early Access Property),"interaction_code"
(OIE only). For"implicit"
value eitheruser_whitelist
orgroup_whitelist
should be set. - policy
Id string - Auth Server Policy ID.
- priority number
- Priority of the auth server policy rule.
- access
Token numberLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - group
Blacklists string[] - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists string[] - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
"EVERYONE"
. - inline
Hook stringId - The ID of the inline token to trigger.
- name string
- Auth Server Policy Rule name.
- refresh
Token numberLifetime Minutes - Lifetime of refresh token.
- refresh
Token numberWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days)."refresh_token_window_minutes"
must be between"access_token_lifetime_minutes"
and"refresh_token_lifetime_minutes"
. - scope
Whitelists string[] - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
"*"
. - status string
- The status of the Auth Server Policy Rule.
- type string
- The type of the Auth Server Policy Rule.
- user
Blacklists string[] - Specifies a set of Users to be excluded.
- user
Whitelists string[] - Specifies a set of Users to be included.
- auth_
server_ strid - Auth Server ID.
- grant_
type_ Sequence[str]whitelists - Accepted grant type values,
"authorization_code"
,"implicit"
,"password"
,"client_credentials"
,"urn:ietf:params:oauth:grant-type:saml2-bearer"
(Early Access Property),"urn:ietf:params:oauth:grant-type:token-exchange"
(Early Access Property),"urn:ietf:params:oauth:grant-type:device_code"
(Early Access Property),"interaction_code"
(OIE only). For"implicit"
value eitheruser_whitelist
orgroup_whitelist
should be set. - policy_
id str - Auth Server Policy ID.
- priority int
- Priority of the auth server policy rule.
- access_
token_ intlifetime_ minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - group_
blacklists Sequence[str] - Specifies a set of Groups whose Users are to be excluded.
- group_
whitelists Sequence[str] - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
"EVERYONE"
. - inline_
hook_ strid - The ID of the inline token to trigger.
- name str
- Auth Server Policy Rule name.
- refresh_
token_ intlifetime_ minutes - Lifetime of refresh token.
- refresh_
token_ intwindow_ minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days)."refresh_token_window_minutes"
must be between"access_token_lifetime_minutes"
and"refresh_token_lifetime_minutes"
. - scope_
whitelists Sequence[str] - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
"*"
. - status str
- The status of the Auth Server Policy Rule.
- type str
- The type of the Auth Server Policy Rule.
- user_
blacklists Sequence[str] - Specifies a set of Users to be excluded.
- user_
whitelists Sequence[str] - Specifies a set of Users to be included.
- auth
Server StringId - Auth Server ID.
- grant
Type List<String>Whitelists - Accepted grant type values,
"authorization_code"
,"implicit"
,"password"
,"client_credentials"
,"urn:ietf:params:oauth:grant-type:saml2-bearer"
(Early Access Property),"urn:ietf:params:oauth:grant-type:token-exchange"
(Early Access Property),"urn:ietf:params:oauth:grant-type:device_code"
(Early Access Property),"interaction_code"
(OIE only). For"implicit"
value eitheruser_whitelist
orgroup_whitelist
should be set. - policy
Id String - Auth Server Policy ID.
- priority Number
- Priority of the auth server policy rule.
- access
Token NumberLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - group
Blacklists List<String> - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists List<String> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
"EVERYONE"
. - inline
Hook StringId - The ID of the inline token to trigger.
- name String
- Auth Server Policy Rule name.
- refresh
Token NumberLifetime Minutes - Lifetime of refresh token.
- refresh
Token NumberWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days)."refresh_token_window_minutes"
must be between"access_token_lifetime_minutes"
and"refresh_token_lifetime_minutes"
. - scope
Whitelists List<String> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
"*"
. - status String
- The status of the Auth Server Policy Rule.
- type String
- The type of the Auth Server Policy Rule.
- user
Blacklists List<String> - Specifies a set of Users to be excluded.
- user
Whitelists List<String> - Specifies a set of Users to be included.
Outputs
All input properties are implicitly available as output properties. Additionally, the ServerPolicyClaim resource produces the following output properties:
Look up Existing ServerPolicyClaim Resource
Get an existing ServerPolicyClaim resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ServerPolicyClaimState, opts?: CustomResourceOptions): ServerPolicyClaim
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_token_lifetime_minutes: Optional[int] = None,
auth_server_id: Optional[str] = None,
grant_type_whitelists: Optional[Sequence[str]] = None,
group_blacklists: Optional[Sequence[str]] = None,
group_whitelists: Optional[Sequence[str]] = None,
inline_hook_id: Optional[str] = None,
name: Optional[str] = None,
policy_id: Optional[str] = None,
priority: Optional[int] = None,
refresh_token_lifetime_minutes: Optional[int] = None,
refresh_token_window_minutes: Optional[int] = None,
scope_whitelists: Optional[Sequence[str]] = None,
status: Optional[str] = None,
system: Optional[bool] = None,
type: Optional[str] = None,
user_blacklists: Optional[Sequence[str]] = None,
user_whitelists: Optional[Sequence[str]] = None) -> ServerPolicyClaim
func GetServerPolicyClaim(ctx *Context, name string, id IDInput, state *ServerPolicyClaimState, opts ...ResourceOption) (*ServerPolicyClaim, error)
public static ServerPolicyClaim Get(string name, Input<string> id, ServerPolicyClaimState? state, CustomResourceOptions? opts = null)
public static ServerPolicyClaim get(String name, Output<String> id, ServerPolicyClaimState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Token intLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - Auth
Server stringId - Auth Server ID.
- Grant
Type List<string>Whitelists - Accepted grant type values,
"authorization_code"
,"implicit"
,"password"
,"client_credentials"
,"urn:ietf:params:oauth:grant-type:saml2-bearer"
(Early Access Property),"urn:ietf:params:oauth:grant-type:token-exchange"
(Early Access Property),"urn:ietf:params:oauth:grant-type:device_code"
(Early Access Property),"interaction_code"
(OIE only). For"implicit"
value eitheruser_whitelist
orgroup_whitelist
should be set. - Group
Blacklists List<string> - Specifies a set of Groups whose Users are to be excluded.
- Group
Whitelists List<string> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
"EVERYONE"
. - Inline
Hook stringId - The ID of the inline token to trigger.
- Name string
- Auth Server Policy Rule name.
- Policy
Id string - Auth Server Policy ID.
- Priority int
- Priority of the auth server policy rule.
- Refresh
Token intLifetime Minutes - Lifetime of refresh token.
- Refresh
Token intWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days)."refresh_token_window_minutes"
must be between"access_token_lifetime_minutes"
and"refresh_token_lifetime_minutes"
. - Scope
Whitelists List<string> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
"*"
. - Status string
- The status of the Auth Server Policy Rule.
- System bool
- The rule is the system (default) rule for its associated policy.
- Type string
- The type of the Auth Server Policy Rule.
- User
Blacklists List<string> - Specifies a set of Users to be excluded.
- User
Whitelists List<string> - Specifies a set of Users to be included.
- Access
Token intLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - Auth
Server stringId - Auth Server ID.
- Grant
Type []stringWhitelists - Accepted grant type values,
"authorization_code"
,"implicit"
,"password"
,"client_credentials"
,"urn:ietf:params:oauth:grant-type:saml2-bearer"
(Early Access Property),"urn:ietf:params:oauth:grant-type:token-exchange"
(Early Access Property),"urn:ietf:params:oauth:grant-type:device_code"
(Early Access Property),"interaction_code"
(OIE only). For"implicit"
value eitheruser_whitelist
orgroup_whitelist
should be set. - Group
Blacklists []string - Specifies a set of Groups whose Users are to be excluded.
- Group
Whitelists []string - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
"EVERYONE"
. - Inline
Hook stringId - The ID of the inline token to trigger.
- Name string
- Auth Server Policy Rule name.
- Policy
Id string - Auth Server Policy ID.
- Priority int
- Priority of the auth server policy rule.
- Refresh
Token intLifetime Minutes - Lifetime of refresh token.
- Refresh
Token intWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days)."refresh_token_window_minutes"
must be between"access_token_lifetime_minutes"
and"refresh_token_lifetime_minutes"
. - Scope
Whitelists []string - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
"*"
. - Status string
- The status of the Auth Server Policy Rule.
- System bool
- The rule is the system (default) rule for its associated policy.
- Type string
- The type of the Auth Server Policy Rule.
- User
Blacklists []string - Specifies a set of Users to be excluded.
- User
Whitelists []string - Specifies a set of Users to be included.
- access
Token IntegerLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - auth
Server StringId - Auth Server ID.
- grant
Type List<String>Whitelists - Accepted grant type values,
"authorization_code"
,"implicit"
,"password"
,"client_credentials"
,"urn:ietf:params:oauth:grant-type:saml2-bearer"
(Early Access Property),"urn:ietf:params:oauth:grant-type:token-exchange"
(Early Access Property),"urn:ietf:params:oauth:grant-type:device_code"
(Early Access Property),"interaction_code"
(OIE only). For"implicit"
value eitheruser_whitelist
orgroup_whitelist
should be set. - group
Blacklists List<String> - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists List<String> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
"EVERYONE"
. - inline
Hook StringId - The ID of the inline token to trigger.
- name String
- Auth Server Policy Rule name.
- policy
Id String - Auth Server Policy ID.
- priority Integer
- Priority of the auth server policy rule.
- refresh
Token IntegerLifetime Minutes - Lifetime of refresh token.
- refresh
Token IntegerWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days)."refresh_token_window_minutes"
must be between"access_token_lifetime_minutes"
and"refresh_token_lifetime_minutes"
. - scope
Whitelists List<String> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
"*"
. - status String
- The status of the Auth Server Policy Rule.
- system Boolean
- The rule is the system (default) rule for its associated policy.
- type String
- The type of the Auth Server Policy Rule.
- user
Blacklists List<String> - Specifies a set of Users to be excluded.
- user
Whitelists List<String> - Specifies a set of Users to be included.
- access
Token numberLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - auth
Server stringId - Auth Server ID.
- grant
Type string[]Whitelists - Accepted grant type values,
"authorization_code"
,"implicit"
,"password"
,"client_credentials"
,"urn:ietf:params:oauth:grant-type:saml2-bearer"
(Early Access Property),"urn:ietf:params:oauth:grant-type:token-exchange"
(Early Access Property),"urn:ietf:params:oauth:grant-type:device_code"
(Early Access Property),"interaction_code"
(OIE only). For"implicit"
value eitheruser_whitelist
orgroup_whitelist
should be set. - group
Blacklists string[] - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists string[] - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
"EVERYONE"
. - inline
Hook stringId - The ID of the inline token to trigger.
- name string
- Auth Server Policy Rule name.
- policy
Id string - Auth Server Policy ID.
- priority number
- Priority of the auth server policy rule.
- refresh
Token numberLifetime Minutes - Lifetime of refresh token.
- refresh
Token numberWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days)."refresh_token_window_minutes"
must be between"access_token_lifetime_minutes"
and"refresh_token_lifetime_minutes"
. - scope
Whitelists string[] - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
"*"
. - status string
- The status of the Auth Server Policy Rule.
- system boolean
- The rule is the system (default) rule for its associated policy.
- type string
- The type of the Auth Server Policy Rule.
- user
Blacklists string[] - Specifies a set of Users to be excluded.
- user
Whitelists string[] - Specifies a set of Users to be included.
- access_
token_ intlifetime_ minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - auth_
server_ strid - Auth Server ID.
- grant_
type_ Sequence[str]whitelists - Accepted grant type values,
"authorization_code"
,"implicit"
,"password"
,"client_credentials"
,"urn:ietf:params:oauth:grant-type:saml2-bearer"
(Early Access Property),"urn:ietf:params:oauth:grant-type:token-exchange"
(Early Access Property),"urn:ietf:params:oauth:grant-type:device_code"
(Early Access Property),"interaction_code"
(OIE only). For"implicit"
value eitheruser_whitelist
orgroup_whitelist
should be set. - group_
blacklists Sequence[str] - Specifies a set of Groups whose Users are to be excluded.
- group_
whitelists Sequence[str] - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
"EVERYONE"
. - inline_
hook_ strid - The ID of the inline token to trigger.
- name str
- Auth Server Policy Rule name.
- policy_
id str - Auth Server Policy ID.
- priority int
- Priority of the auth server policy rule.
- refresh_
token_ intlifetime_ minutes - Lifetime of refresh token.
- refresh_
token_ intwindow_ minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days)."refresh_token_window_minutes"
must be between"access_token_lifetime_minutes"
and"refresh_token_lifetime_minutes"
. - scope_
whitelists Sequence[str] - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
"*"
. - status str
- The status of the Auth Server Policy Rule.
- system bool
- The rule is the system (default) rule for its associated policy.
- type str
- The type of the Auth Server Policy Rule.
- user_
blacklists Sequence[str] - Specifies a set of Users to be excluded.
- user_
whitelists Sequence[str] - Specifies a set of Users to be included.
- access
Token NumberLifetime Minutes - Lifetime of access token. Can be set to a value between 5 and 1440 minutes. Default is
60
. - auth
Server StringId - Auth Server ID.
- grant
Type List<String>Whitelists - Accepted grant type values,
"authorization_code"
,"implicit"
,"password"
,"client_credentials"
,"urn:ietf:params:oauth:grant-type:saml2-bearer"
(Early Access Property),"urn:ietf:params:oauth:grant-type:token-exchange"
(Early Access Property),"urn:ietf:params:oauth:grant-type:device_code"
(Early Access Property),"interaction_code"
(OIE only). For"implicit"
value eitheruser_whitelist
orgroup_whitelist
should be set. - group
Blacklists List<String> - Specifies a set of Groups whose Users are to be excluded.
- group
Whitelists List<String> - Specifies a set of Groups whose Users are to be included. Can be set to Group ID or to the following:
"EVERYONE"
. - inline
Hook StringId - The ID of the inline token to trigger.
- name String
- Auth Server Policy Rule name.
- policy
Id String - Auth Server Policy ID.
- priority Number
- Priority of the auth server policy rule.
- refresh
Token NumberLifetime Minutes - Lifetime of refresh token.
- refresh
Token NumberWindow Minutes - Window in which a refresh token can be used. It can be a value between 5 and 2628000 (5 years) minutes. Default is
10080
(7 days)."refresh_token_window_minutes"
must be between"access_token_lifetime_minutes"
and"refresh_token_lifetime_minutes"
. - scope
Whitelists List<String> - Scopes allowed for this policy rule. They can be whitelisted by name or all can be whitelisted with
"*"
. - status String
- The status of the Auth Server Policy Rule.
- system Boolean
- The rule is the system (default) rule for its associated policy.
- type String
- The type of the Auth Server Policy Rule.
- user
Blacklists List<String> - Specifies a set of Users to be excluded.
- user
Whitelists List<String> - Specifies a set of Users to be included.
Import
Authorization Server Policy Rule can be imported via the Auth Server ID, Policy ID, and Policy Rule ID.
$ pulumi import okta:auth/serverPolicyClaim:ServerPolicyClaim example <auth server id>/<policy id>/<policy rule id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Okta pulumi/pulumi-okta
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
okta
Terraform Provider.