Auth0 v2.18.0, Mar 20 23

auth0.Client

With this resource, you can set up applications that use Auth0 for authentication and configure allowed callback URLs and secrets for these applications.

Example Usage

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Client;
import com.pulumi.auth0.ClientArgs;
import com.pulumi.auth0.inputs.ClientAddonsArgs;
import com.pulumi.auth0.inputs.ClientAddonsSamlpArgs;
import com.pulumi.auth0.inputs.ClientJwtConfigurationArgs;
import com.pulumi.auth0.inputs.ClientMobileArgs;
import com.pulumi.auth0.inputs.ClientMobileIosArgs;
import com.pulumi.auth0.inputs.ClientRefreshTokenArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myClient = new Client("myClient", ClientArgs.builder()        
            .addons(ClientAddonsArgs.builder()
                .samlp(ClientAddonsSamlpArgs.builder()
                    .audience("https://example.com/saml")
                    .createUpnClaim(false)
                    .issuer("https://example.com")
                    .mapIdentities(false)
                    .mapUnknownClaimsAsIs(false)
                    .mappings(Map.ofEntries(
                        Map.entry("email", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"),
                        Map.entry("name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name")
                    ))
                    .nameIdentifierFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent")
                    .nameIdentifierProbes("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress")
                    .passthroughClaimsWithNoMapping(false)
                    .signingCert("""
-----BEGIN PUBLIC KEY-----
MIGf...bpP/t3
+JGNGIRMj1hF1rnb6QIDAQAB
-----END PUBLIC KEY-----

                    """)
                    .signingKey(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
                    .build())
                .build())
            .allowedLogoutUrls("https://example.com")
            .allowedOrigins("https://example.com")
            .appType("non_interactive")
            .callbacks("https://example.com/callback")
            .clientMetadata(Map.of("foo", "zoo"))
            .customLoginPageOn(true)
            .description("Test Applications Long Description")
            .grantTypes(            
                "authorization_code",
                "http://auth0.com/oauth/grant-type/password-realm",
                "implicit",
                "password",
                "refresh_token")
            .isFirstParty(true)
            .isTokenEndpointIpHeaderTrusted(true)
            .jwtConfiguration(ClientJwtConfigurationArgs.builder()
                .alg("RS256")
                .lifetimeInSeconds(300)
                .scopes(Map.of("foo", "bar"))
                .secretEncoded(true)
                .build())
            .mobile(ClientMobileArgs.builder()
                .ios(ClientMobileIosArgs.builder()
                    .appBundleIdentifier("com.my.bundle.id")
                    .teamId("9JA89QQLNQ")
                    .build())
                .build())
            .oidcConformant(false)
            .refreshToken(ClientRefreshTokenArgs.builder()
                .expirationType("expiring")
                .leeway(0)
                .rotationType("rotating")
                .tokenLifetime(2592000)
                .build())
            .tokenEndpointAuthMethod("client_secret_post")
            .webOrigins("https://example.com")
            .build());

    }
}

Coming soon!

resources:
  myClient:
    type: auth0:Client
    properties:
      addons:
        samlp:
          audience: https://example.com/saml
          createUpnClaim: false
          issuer: https://example.com
          mapIdentities: false
          mapUnknownClaimsAsIs: false
          mappings:
            email: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
            name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          nameIdentifierFormat: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
          nameIdentifierProbes:
            - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
          passthroughClaimsWithNoMapping: false
          signingCert: |+
            -----BEGIN PUBLIC KEY-----
            MIGf...bpP/t3
            +JGNGIRMj1hF1rnb6QIDAQAB
            -----END PUBLIC KEY-----            

          signingKey:
            - cert: |+
                -----BEGIN PUBLIC KEY-----
                MIGf...bpP/t3
                +JGNGIRMj1hF1rnb6QIDAQAB
                -----END PUBLIC KEY-----                

              key: |+
                -----BEGIN PRIVATE KEY-----
                MIGf...bpP/t3
                +JGNGIRMj1hF1rnb6QIDAQAB
                -----END PUBLIC KEY-----                

      allowedLogoutUrls:
        - https://example.com
      allowedOrigins:
        - https://example.com
      appType: non_interactive
      callbacks:
        - https://example.com/callback
      clientMetadata:
        foo: zoo
      customLoginPageOn: true
      description: Test Applications Long Description
      grantTypes:
        - authorization_code
        - http://auth0.com/oauth/grant-type/password-realm
        - implicit
        - password
        - refresh_token
      isFirstParty: true
      isTokenEndpointIpHeaderTrusted: true
      jwtConfiguration:
        alg: RS256
        lifetimeInSeconds: 300
        scopes:
          foo: bar
        secretEncoded: true
      mobile:
        ios:
          appBundleIdentifier: com.my.bundle.id
          teamId: 9JA89QQLNQ
      oidcConformant: false
      refreshToken:
        expirationType: expiring
        leeway: 0
        rotationType: rotating
        tokenLifetime: 2.592e+06
      tokenEndpointAuthMethod: client_secret_post
      webOrigins:
        - https://example.com

Create Client Resource

new Client(name: string, args?: ClientArgs, opts?: CustomResourceOptions);

@overload
def Client(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           addons: Optional[ClientAddonsArgs] = None,
           allowed_clients: Optional[Sequence[str]] = None,
           allowed_logout_urls: Optional[Sequence[str]] = None,
           allowed_origins: Optional[Sequence[str]] = None,
           app_type: Optional[str] = None,
           callbacks: Optional[Sequence[str]] = None,
           client_aliases: Optional[Sequence[str]] = None,
           client_metadata: Optional[Mapping[str, Any]] = None,
           client_secret_rotation_trigger: Optional[Mapping[str, Any]] = None,
           cross_origin_auth: Optional[bool] = None,
           cross_origin_loc: Optional[str] = None,
           custom_login_page: Optional[str] = None,
           custom_login_page_on: Optional[bool] = None,
           description: Optional[str] = None,
           encryption_key: Optional[Mapping[str, str]] = None,
           form_template: Optional[str] = None,
           grant_types: Optional[Sequence[str]] = None,
           initiate_login_uri: Optional[str] = None,
           is_first_party: Optional[bool] = None,
           is_token_endpoint_ip_header_trusted: Optional[bool] = None,
           jwt_configuration: Optional[ClientJwtConfigurationArgs] = None,
           logo_uri: Optional[str] = None,
           mobile: Optional[ClientMobileArgs] = None,
           name: Optional[str] = None,
           native_social_login: Optional[ClientNativeSocialLoginArgs] = None,
           oidc_conformant: Optional[bool] = None,
           organization_require_behavior: Optional[str] = None,
           organization_usage: Optional[str] = None,
           refresh_token: Optional[ClientRefreshTokenArgs] = None,
           sso: Optional[bool] = None,
           sso_disabled: Optional[bool] = None,
           token_endpoint_auth_method: Optional[str] = None,
           web_origins: Optional[Sequence[str]] = None)
@overload
def Client(resource_name: str,
           args: Optional[ClientArgs] = None,
           opts: Optional[ResourceOptions] = None)

func NewClient(ctx *Context, name string, args *ClientArgs, opts ...ResourceOption) (*Client, error)

public Client(string name, ClientArgs? args = null, CustomResourceOptions? opts = null)

public Client(String name, ClientArgs args)
public Client(String name, ClientArgs args, CustomResourceOptions options)

type: auth0:Client
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ClientArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ClientArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ClientArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ClientArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ClientArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Client Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Client resource accepts the following input properties:

Addons ClientAddonsArgs: Addons enabled for this client and their associated configurations.
AllowedClients List<string>: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
AllowedLogoutUrls List<string>: URLs that Auth0 may redirect to after logout.
AllowedOrigins List<string>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
AppType string: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
Callbacks List<string>: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
ClientAliases List<string>: List of audiences/realms for SAML protocol. Used by the wsfed addon.
ClientMetadata Dictionary<string, object>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
ClientSecretRotationTrigger Dictionary<string, object>: Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret.
CrossOriginAuth bool: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
CrossOriginLoc string: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
CustomLoginPage string: The content (HTML, CSS, JS) of the custom login page.
CustomLoginPageOn bool: Indicates whether a custom login page is to be used.
Description string: Description of the purpose of the client.
EncryptionKey Dictionary<string, string>: Encryption used for WS-Fed responses with this client.
FormTemplate string: HTML form template to be used for WS-Federation.
GrantTypes List<string>: Types of grants that this client is authorized to use.
InitiateLoginUri string: Initiate login URI. Must be HTTPS or an empty string.
IsFirstParty bool: Indicates whether this client is a first-party client.
IsTokenEndpointIpHeaderTrusted bool: Indicates whether the token endpoint IP header is trusted.
JwtConfiguration ClientJwtConfigurationArgs: Configuration settings for the JWTs issued for this client.
LogoUri string: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
Mobile ClientMobileArgs: Additional configuration for native mobile apps.
Name string: Name of the client.
NativeSocialLogin ClientNativeSocialLoginArgs: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
OidcConformant bool: Indicates whether this client will conform to strict OIDC specifications.
OrganizationRequireBehavior string: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default) or pre_login_prompt.
OrganizationUsage string: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
RefreshToken ClientRefreshTokenArgs: Configuration settings for the refresh tokens issued for this client.
Sso bool: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
SsoDisabled bool: Indicates whether or not SSO is disabled.
TokenEndpointAuthMethod string: Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
WebOrigins List<string>: URLs that represent valid web origins for use with web message response mode.

Addons ClientAddonsArgs: Addons enabled for this client and their associated configurations.
AllowedClients []string: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
AllowedLogoutUrls []string: URLs that Auth0 may redirect to after logout.
AllowedOrigins []string: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
AppType string: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
Callbacks []string: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
ClientAliases []string: List of audiences/realms for SAML protocol. Used by the wsfed addon.
ClientMetadata map[string]interface{}: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
ClientSecretRotationTrigger map[string]interface{}: Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret.
CrossOriginAuth bool: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
CrossOriginLoc string: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
CustomLoginPage string: The content (HTML, CSS, JS) of the custom login page.
CustomLoginPageOn bool: Indicates whether a custom login page is to be used.
Description string: Description of the purpose of the client.
EncryptionKey map[string]string: Encryption used for WS-Fed responses with this client.
FormTemplate string: HTML form template to be used for WS-Federation.
GrantTypes []string: Types of grants that this client is authorized to use.
InitiateLoginUri string: Initiate login URI. Must be HTTPS or an empty string.
IsFirstParty bool: Indicates whether this client is a first-party client.
IsTokenEndpointIpHeaderTrusted bool: Indicates whether the token endpoint IP header is trusted.
JwtConfiguration ClientJwtConfigurationArgs: Configuration settings for the JWTs issued for this client.
LogoUri string: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
Mobile ClientMobileArgs: Additional configuration for native mobile apps.
Name string: Name of the client.
NativeSocialLogin ClientNativeSocialLoginArgs: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
OidcConformant bool: Indicates whether this client will conform to strict OIDC specifications.
OrganizationRequireBehavior string: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default) or pre_login_prompt.
OrganizationUsage string: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
RefreshToken ClientRefreshTokenArgs: Configuration settings for the refresh tokens issued for this client.
Sso bool: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
SsoDisabled bool: Indicates whether or not SSO is disabled.
TokenEndpointAuthMethod string: Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
WebOrigins []string: URLs that represent valid web origins for use with web message response mode.

addons ClientAddonsArgs: Addons enabled for this client and their associated configurations.
allowedClients List<String>: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
allowedLogoutUrls List<String>: URLs that Auth0 may redirect to after logout.
allowedOrigins List<String>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType String: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks List<String>: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
clientAliases List<String>: List of audiences/realms for SAML protocol. Used by the wsfed addon.
clientMetadata Map<String,Object>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
clientSecretRotationTrigger Map<String,Object>: Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret.
crossOriginAuth Boolean: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
crossOriginLoc String: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
customLoginPage String: The content (HTML, CSS, JS) of the custom login page.
customLoginPageOn Boolean: Indicates whether a custom login page is to be used.
description String: Description of the purpose of the client.
encryptionKey Map<String,String>: Encryption used for WS-Fed responses with this client.
formTemplate String: HTML form template to be used for WS-Federation.
grantTypes List<String>: Types of grants that this client is authorized to use.
initiateLoginUri String: Initiate login URI. Must be HTTPS or an empty string.
isFirstParty Boolean: Indicates whether this client is a first-party client.
isTokenEndpointIpHeaderTrusted Boolean: Indicates whether the token endpoint IP header is trusted.
jwtConfiguration ClientJwtConfigurationArgs: Configuration settings for the JWTs issued for this client.
logoUri String: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobile ClientMobileArgs: Additional configuration for native mobile apps.
name String: Name of the client.
nativeSocialLogin ClientNativeSocialLoginArgs: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
oidcConformant Boolean: Indicates whether this client will conform to strict OIDC specifications.
organizationRequireBehavior String: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default) or pre_login_prompt.
organizationUsage String: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
refreshToken ClientRefreshTokenArgs: Configuration settings for the refresh tokens issued for this client.
sso Boolean: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
ssoDisabled Boolean: Indicates whether or not SSO is disabled.
tokenEndpointAuthMethod String: Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
webOrigins List<String>: URLs that represent valid web origins for use with web message response mode.

addons ClientAddonsArgs: Addons enabled for this client and their associated configurations.
allowedClients string[]: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
allowedLogoutUrls string[]: URLs that Auth0 may redirect to after logout.
allowedOrigins string[]: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType string: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks string[]: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
clientAliases string[]: List of audiences/realms for SAML protocol. Used by the wsfed addon.
clientMetadata {[key: string]: any}: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
clientSecretRotationTrigger {[key: string]: any}: Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret.
crossOriginAuth boolean: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
crossOriginLoc string: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
customLoginPage string: The content (HTML, CSS, JS) of the custom login page.
customLoginPageOn boolean: Indicates whether a custom login page is to be used.
description string: Description of the purpose of the client.
encryptionKey {[key: string]: string}: Encryption used for WS-Fed responses with this client.
formTemplate string: HTML form template to be used for WS-Federation.
grantTypes string[]: Types of grants that this client is authorized to use.
initiateLoginUri string: Initiate login URI. Must be HTTPS or an empty string.
isFirstParty boolean: Indicates whether this client is a first-party client.
isTokenEndpointIpHeaderTrusted boolean: Indicates whether the token endpoint IP header is trusted.
jwtConfiguration ClientJwtConfigurationArgs: Configuration settings for the JWTs issued for this client.
logoUri string: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobile ClientMobileArgs: Additional configuration for native mobile apps.
name string: Name of the client.
nativeSocialLogin ClientNativeSocialLoginArgs: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
oidcConformant boolean: Indicates whether this client will conform to strict OIDC specifications.
organizationRequireBehavior string: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default) or pre_login_prompt.
organizationUsage string: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
refreshToken ClientRefreshTokenArgs: Configuration settings for the refresh tokens issued for this client.
sso boolean: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
ssoDisabled boolean: Indicates whether or not SSO is disabled.
tokenEndpointAuthMethod string: Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
webOrigins string[]: URLs that represent valid web origins for use with web message response mode.

addons ClientAddonsArgs: Addons enabled for this client and their associated configurations.
allowed_clients Sequence[str]: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
allowed_logout_urls Sequence[str]: URLs that Auth0 may redirect to after logout.
allowed_origins Sequence[str]: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
app_type str: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks Sequence[str]: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
client_aliases Sequence[str]: List of audiences/realms for SAML protocol. Used by the wsfed addon.
client_metadata Mapping[str, Any]: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
client_secret_rotation_trigger Mapping[str, Any]: Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret.
cross_origin_auth bool: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
cross_origin_loc str: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
custom_login_page str: The content (HTML, CSS, JS) of the custom login page.
custom_login_page_on bool: Indicates whether a custom login page is to be used.
description str: Description of the purpose of the client.
encryption_key Mapping[str, str]: Encryption used for WS-Fed responses with this client.
form_template str: HTML form template to be used for WS-Federation.
grant_types Sequence[str]: Types of grants that this client is authorized to use.
initiate_login_uri str: Initiate login URI. Must be HTTPS or an empty string.
is_first_party bool: Indicates whether this client is a first-party client.
is_token_endpoint_ip_header_trusted bool: Indicates whether the token endpoint IP header is trusted.
jwt_configuration ClientJwtConfigurationArgs: Configuration settings for the JWTs issued for this client.
logo_uri str: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobile ClientMobileArgs: Additional configuration for native mobile apps.
name str: Name of the client.
native_social_login ClientNativeSocialLoginArgs: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
oidc_conformant bool: Indicates whether this client will conform to strict OIDC specifications.
organization_require_behavior str: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default) or pre_login_prompt.
organization_usage str: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
refresh_token ClientRefreshTokenArgs: Configuration settings for the refresh tokens issued for this client.
sso bool: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
sso_disabled bool: Indicates whether or not SSO is disabled.
token_endpoint_auth_method str: Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
web_origins Sequence[str]: URLs that represent valid web origins for use with web message response mode.

addons Property Map: Addons enabled for this client and their associated configurations.
allowedClients List<String>: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
allowedLogoutUrls List<String>: URLs that Auth0 may redirect to after logout.
allowedOrigins List<String>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType String: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks List<String>: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
clientAliases List<String>: List of audiences/realms for SAML protocol. Used by the wsfed addon.
clientMetadata Map<Any>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
clientSecretRotationTrigger Map<Any>: Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret.
crossOriginAuth Boolean: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
crossOriginLoc String: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
customLoginPage String: The content (HTML, CSS, JS) of the custom login page.
customLoginPageOn Boolean: Indicates whether a custom login page is to be used.
description String: Description of the purpose of the client.
encryptionKey Map<String>: Encryption used for WS-Fed responses with this client.
formTemplate String: HTML form template to be used for WS-Federation.
grantTypes List<String>: Types of grants that this client is authorized to use.
initiateLoginUri String: Initiate login URI. Must be HTTPS or an empty string.
isFirstParty Boolean: Indicates whether this client is a first-party client.
isTokenEndpointIpHeaderTrusted Boolean: Indicates whether the token endpoint IP header is trusted.
jwtConfiguration Property Map: Configuration settings for the JWTs issued for this client.
logoUri String: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobile Property Map: Additional configuration for native mobile apps.
name String: Name of the client.
nativeSocialLogin Property Map: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
oidcConformant Boolean: Indicates whether this client will conform to strict OIDC specifications.
organizationRequireBehavior String: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default) or pre_login_prompt.
organizationUsage String: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
refreshToken Property Map: Configuration settings for the refresh tokens issued for this client.
sso Boolean: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
ssoDisabled Boolean: Indicates whether or not SSO is disabled.
tokenEndpointAuthMethod String: Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
webOrigins List<String>: URLs that represent valid web origins for use with web message response mode.

Outputs

All input properties are implicitly available as output properties. Additionally, the Client resource produces the following output properties:

ClientId string: The ID of the client.
ClientSecret string: Secret for the client. Keep this private. To access this attribute you need to add the read:client_keys scope to the Terraform client. Otherwise, the attribute will contain an empty string.
Id string: The provider-assigned unique ID for this managed resource.
SigningKeys List<ImmutableDictionary<string, object>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.

ClientId string: The ID of the client.
ClientSecret string: Secret for the client. Keep this private. To access this attribute you need to add the read:client_keys scope to the Terraform client. Otherwise, the attribute will contain an empty string.
Id string: The provider-assigned unique ID for this managed resource.
SigningKeys []map[string]interface{}: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.

clientId String: The ID of the client.
clientSecret String: Secret for the client. Keep this private. To access this attribute you need to add the read:client_keys scope to the Terraform client. Otherwise, the attribute will contain an empty string.
id String: The provider-assigned unique ID for this managed resource.
signingKeys List<Map<String,Object>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.

clientId string: The ID of the client.
clientSecret string: Secret for the client. Keep this private. To access this attribute you need to add the read:client_keys scope to the Terraform client. Otherwise, the attribute will contain an empty string.
id string: The provider-assigned unique ID for this managed resource.
signingKeys {[key: string]: any}[]: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.

client_id str: The ID of the client.
client_secret str: Secret for the client. Keep this private. To access this attribute you need to add the read:client_keys scope to the Terraform client. Otherwise, the attribute will contain an empty string.
id str: The provider-assigned unique ID for this managed resource.
signing_keys Sequence[Mapping[str, Any]]: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.

clientId String: The ID of the client.
clientSecret String: Secret for the client. Keep this private. To access this attribute you need to add the read:client_keys scope to the Terraform client. Otherwise, the attribute will contain an empty string.
id String: The provider-assigned unique ID for this managed resource.
signingKeys List<Map<Any>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.

Look up Existing Client Resource

Get an existing Client resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ClientState, opts?: CustomResourceOptions): Client

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        addons: Optional[ClientAddonsArgs] = None,
        allowed_clients: Optional[Sequence[str]] = None,
        allowed_logout_urls: Optional[Sequence[str]] = None,
        allowed_origins: Optional[Sequence[str]] = None,
        app_type: Optional[str] = None,
        callbacks: Optional[Sequence[str]] = None,
        client_aliases: Optional[Sequence[str]] = None,
        client_id: Optional[str] = None,
        client_metadata: Optional[Mapping[str, Any]] = None,
        client_secret: Optional[str] = None,
        client_secret_rotation_trigger: Optional[Mapping[str, Any]] = None,
        cross_origin_auth: Optional[bool] = None,
        cross_origin_loc: Optional[str] = None,
        custom_login_page: Optional[str] = None,
        custom_login_page_on: Optional[bool] = None,
        description: Optional[str] = None,
        encryption_key: Optional[Mapping[str, str]] = None,
        form_template: Optional[str] = None,
        grant_types: Optional[Sequence[str]] = None,
        initiate_login_uri: Optional[str] = None,
        is_first_party: Optional[bool] = None,
        is_token_endpoint_ip_header_trusted: Optional[bool] = None,
        jwt_configuration: Optional[ClientJwtConfigurationArgs] = None,
        logo_uri: Optional[str] = None,
        mobile: Optional[ClientMobileArgs] = None,
        name: Optional[str] = None,
        native_social_login: Optional[ClientNativeSocialLoginArgs] = None,
        oidc_conformant: Optional[bool] = None,
        organization_require_behavior: Optional[str] = None,
        organization_usage: Optional[str] = None,
        refresh_token: Optional[ClientRefreshTokenArgs] = None,
        signing_keys: Optional[Sequence[Mapping[str, Any]]] = None,
        sso: Optional[bool] = None,
        sso_disabled: Optional[bool] = None,
        token_endpoint_auth_method: Optional[str] = None,
        web_origins: Optional[Sequence[str]] = None) -> Client

func GetClient(ctx *Context, name string, id IDInput, state *ClientState, opts ...ResourceOption) (*Client, error)

public static Client Get(string name, Input<string> id, ClientState? state, CustomResourceOptions? opts = null)

public static Client get(String name, Output<String> id, ClientState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Addons ClientAddonsArgs: Addons enabled for this client and their associated configurations.
AllowedClients List<string>: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
AllowedLogoutUrls List<string>: URLs that Auth0 may redirect to after logout.
AllowedOrigins List<string>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
AppType string: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
Callbacks List<string>: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
ClientAliases List<string>: List of audiences/realms for SAML protocol. Used by the wsfed addon.
ClientId string: The ID of the client.
ClientMetadata Dictionary<string, object>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
ClientSecret string: Secret for the client. Keep this private. To access this attribute you need to add the read:client_keys scope to the Terraform client. Otherwise, the attribute will contain an empty string.
ClientSecretRotationTrigger Dictionary<string, object>: Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret.
CrossOriginAuth bool: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
CrossOriginLoc string: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
CustomLoginPage string: The content (HTML, CSS, JS) of the custom login page.
CustomLoginPageOn bool: Indicates whether a custom login page is to be used.
Description string: Description of the purpose of the client.
EncryptionKey Dictionary<string, string>: Encryption used for WS-Fed responses with this client.
FormTemplate string: HTML form template to be used for WS-Federation.
GrantTypes List<string>: Types of grants that this client is authorized to use.
InitiateLoginUri string: Initiate login URI. Must be HTTPS or an empty string.
IsFirstParty bool: Indicates whether this client is a first-party client.
IsTokenEndpointIpHeaderTrusted bool: Indicates whether the token endpoint IP header is trusted.
JwtConfiguration ClientJwtConfigurationArgs: Configuration settings for the JWTs issued for this client.
LogoUri string: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
Mobile ClientMobileArgs: Additional configuration for native mobile apps.
Name string: Name of the client.
NativeSocialLogin ClientNativeSocialLoginArgs: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
OidcConformant bool: Indicates whether this client will conform to strict OIDC specifications.
OrganizationRequireBehavior string: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default) or pre_login_prompt.
OrganizationUsage string: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
RefreshToken ClientRefreshTokenArgs: Configuration settings for the refresh tokens issued for this client.
SigningKeys List<ImmutableDictionary<string, object>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
Sso bool: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
SsoDisabled bool: Indicates whether or not SSO is disabled.
TokenEndpointAuthMethod string: Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
WebOrigins List<string>: URLs that represent valid web origins for use with web message response mode.

Addons ClientAddonsArgs: Addons enabled for this client and their associated configurations.
AllowedClients []string: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
AllowedLogoutUrls []string: URLs that Auth0 may redirect to after logout.
AllowedOrigins []string: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
AppType string: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
Callbacks []string: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
ClientAliases []string: List of audiences/realms for SAML protocol. Used by the wsfed addon.
ClientId string: The ID of the client.
ClientMetadata map[string]interface{}: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
ClientSecret string: Secret for the client. Keep this private. To access this attribute you need to add the read:client_keys scope to the Terraform client. Otherwise, the attribute will contain an empty string.
ClientSecretRotationTrigger map[string]interface{}: Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret.
CrossOriginAuth bool: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
CrossOriginLoc string: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
CustomLoginPage string: The content (HTML, CSS, JS) of the custom login page.
CustomLoginPageOn bool: Indicates whether a custom login page is to be used.
Description string: Description of the purpose of the client.
EncryptionKey map[string]string: Encryption used for WS-Fed responses with this client.
FormTemplate string: HTML form template to be used for WS-Federation.
GrantTypes []string: Types of grants that this client is authorized to use.
InitiateLoginUri string: Initiate login URI. Must be HTTPS or an empty string.
IsFirstParty bool: Indicates whether this client is a first-party client.
IsTokenEndpointIpHeaderTrusted bool: Indicates whether the token endpoint IP header is trusted.
JwtConfiguration ClientJwtConfigurationArgs: Configuration settings for the JWTs issued for this client.
LogoUri string: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
Mobile ClientMobileArgs: Additional configuration for native mobile apps.
Name string: Name of the client.
NativeSocialLogin ClientNativeSocialLoginArgs: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
OidcConformant bool: Indicates whether this client will conform to strict OIDC specifications.
OrganizationRequireBehavior string: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default) or pre_login_prompt.
OrganizationUsage string: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
RefreshToken ClientRefreshTokenArgs: Configuration settings for the refresh tokens issued for this client.
SigningKeys []map[string]interface{}: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
Sso bool: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
SsoDisabled bool: Indicates whether or not SSO is disabled.
TokenEndpointAuthMethod string: Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
WebOrigins []string: URLs that represent valid web origins for use with web message response mode.

addons ClientAddonsArgs: Addons enabled for this client and their associated configurations.
allowedClients List<String>: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
allowedLogoutUrls List<String>: URLs that Auth0 may redirect to after logout.
allowedOrigins List<String>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType String: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks List<String>: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
clientAliases List<String>: List of audiences/realms for SAML protocol. Used by the wsfed addon.
clientId String: The ID of the client.
clientMetadata Map<String,Object>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
clientSecret String: Secret for the client. Keep this private. To access this attribute you need to add the read:client_keys scope to the Terraform client. Otherwise, the attribute will contain an empty string.
clientSecretRotationTrigger Map<String,Object>: Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret.
crossOriginAuth Boolean: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
crossOriginLoc String: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
customLoginPage String: The content (HTML, CSS, JS) of the custom login page.
customLoginPageOn Boolean: Indicates whether a custom login page is to be used.
description String: Description of the purpose of the client.
encryptionKey Map<String,String>: Encryption used for WS-Fed responses with this client.
formTemplate String: HTML form template to be used for WS-Federation.
grantTypes List<String>: Types of grants that this client is authorized to use.
initiateLoginUri String: Initiate login URI. Must be HTTPS or an empty string.
isFirstParty Boolean: Indicates whether this client is a first-party client.
isTokenEndpointIpHeaderTrusted Boolean: Indicates whether the token endpoint IP header is trusted.
jwtConfiguration ClientJwtConfigurationArgs: Configuration settings for the JWTs issued for this client.
logoUri String: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobile ClientMobileArgs: Additional configuration for native mobile apps.
name String: Name of the client.
nativeSocialLogin ClientNativeSocialLoginArgs: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
oidcConformant Boolean: Indicates whether this client will conform to strict OIDC specifications.
organizationRequireBehavior String: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default) or pre_login_prompt.
organizationUsage String: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
refreshToken ClientRefreshTokenArgs: Configuration settings for the refresh tokens issued for this client.
signingKeys List<Map<String,Object>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
sso Boolean: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
ssoDisabled Boolean: Indicates whether or not SSO is disabled.
tokenEndpointAuthMethod String: Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
webOrigins List<String>: URLs that represent valid web origins for use with web message response mode.

addons ClientAddonsArgs: Addons enabled for this client and their associated configurations.
allowedClients string[]: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
allowedLogoutUrls string[]: URLs that Auth0 may redirect to after logout.
allowedOrigins string[]: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType string: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks string[]: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
clientAliases string[]: List of audiences/realms for SAML protocol. Used by the wsfed addon.
clientId string: The ID of the client.
clientMetadata {[key: string]: any}: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
clientSecret string: Secret for the client. Keep this private. To access this attribute you need to add the read:client_keys scope to the Terraform client. Otherwise, the attribute will contain an empty string.
clientSecretRotationTrigger {[key: string]: any}: Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret.
crossOriginAuth boolean: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
crossOriginLoc string: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
customLoginPage string: The content (HTML, CSS, JS) of the custom login page.
customLoginPageOn boolean: Indicates whether a custom login page is to be used.
description string: Description of the purpose of the client.
encryptionKey {[key: string]: string}: Encryption used for WS-Fed responses with this client.
formTemplate string: HTML form template to be used for WS-Federation.
grantTypes string[]: Types of grants that this client is authorized to use.
initiateLoginUri string: Initiate login URI. Must be HTTPS or an empty string.
isFirstParty boolean: Indicates whether this client is a first-party client.
isTokenEndpointIpHeaderTrusted boolean: Indicates whether the token endpoint IP header is trusted.
jwtConfiguration ClientJwtConfigurationArgs: Configuration settings for the JWTs issued for this client.
logoUri string: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobile ClientMobileArgs: Additional configuration for native mobile apps.
name string: Name of the client.
nativeSocialLogin ClientNativeSocialLoginArgs: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
oidcConformant boolean: Indicates whether this client will conform to strict OIDC specifications.
organizationRequireBehavior string: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default) or pre_login_prompt.
organizationUsage string: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
refreshToken ClientRefreshTokenArgs: Configuration settings for the refresh tokens issued for this client.
signingKeys {[key: string]: any}[]: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
sso boolean: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
ssoDisabled boolean: Indicates whether or not SSO is disabled.
tokenEndpointAuthMethod string: Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
webOrigins string[]: URLs that represent valid web origins for use with web message response mode.

addons ClientAddonsArgs: Addons enabled for this client and their associated configurations.
allowed_clients Sequence[str]: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
allowed_logout_urls Sequence[str]: URLs that Auth0 may redirect to after logout.
allowed_origins Sequence[str]: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
app_type str: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks Sequence[str]: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
client_aliases Sequence[str]: List of audiences/realms for SAML protocol. Used by the wsfed addon.
client_id str: The ID of the client.
client_metadata Mapping[str, Any]: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
client_secret str: Secret for the client. Keep this private. To access this attribute you need to add the read:client_keys scope to the Terraform client. Otherwise, the attribute will contain an empty string.
client_secret_rotation_trigger Mapping[str, Any]: Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret.
cross_origin_auth bool: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
cross_origin_loc str: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
custom_login_page str: The content (HTML, CSS, JS) of the custom login page.
custom_login_page_on bool: Indicates whether a custom login page is to be used.
description str: Description of the purpose of the client.
encryption_key Mapping[str, str]: Encryption used for WS-Fed responses with this client.
form_template str: HTML form template to be used for WS-Federation.
grant_types Sequence[str]: Types of grants that this client is authorized to use.
initiate_login_uri str: Initiate login URI. Must be HTTPS or an empty string.
is_first_party bool: Indicates whether this client is a first-party client.
is_token_endpoint_ip_header_trusted bool: Indicates whether the token endpoint IP header is trusted.
jwt_configuration ClientJwtConfigurationArgs: Configuration settings for the JWTs issued for this client.
logo_uri str: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobile ClientMobileArgs: Additional configuration for native mobile apps.
name str: Name of the client.
native_social_login ClientNativeSocialLoginArgs: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
oidc_conformant bool: Indicates whether this client will conform to strict OIDC specifications.
organization_require_behavior str: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default) or pre_login_prompt.
organization_usage str: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
refresh_token ClientRefreshTokenArgs: Configuration settings for the refresh tokens issued for this client.
signing_keys Sequence[Mapping[str, Any]]: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
sso bool: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
sso_disabled bool: Indicates whether or not SSO is disabled.
token_endpoint_auth_method str: Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
web_origins Sequence[str]: URLs that represent valid web origins for use with web message response mode.

addons Property Map: Addons enabled for this client and their associated configurations.
allowedClients List<String>: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
allowedLogoutUrls List<String>: URLs that Auth0 may redirect to after logout.
allowedOrigins List<String>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType String: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks List<String>: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
clientAliases List<String>: List of audiences/realms for SAML protocol. Used by the wsfed addon.
clientId String: The ID of the client.
clientMetadata Map<Any>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
clientSecret String: Secret for the client. Keep this private. To access this attribute you need to add the read:client_keys scope to the Terraform client. Otherwise, the attribute will contain an empty string.
clientSecretRotationTrigger Map<Any>: Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret.
crossOriginAuth Boolean: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
crossOriginLoc String: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
customLoginPage String: The content (HTML, CSS, JS) of the custom login page.
customLoginPageOn Boolean: Indicates whether a custom login page is to be used.
description String: Description of the purpose of the client.
encryptionKey Map<String>: Encryption used for WS-Fed responses with this client.
formTemplate String: HTML form template to be used for WS-Federation.
grantTypes List<String>: Types of grants that this client is authorized to use.
initiateLoginUri String: Initiate login URI. Must be HTTPS or an empty string.
isFirstParty Boolean: Indicates whether this client is a first-party client.
isTokenEndpointIpHeaderTrusted Boolean: Indicates whether the token endpoint IP header is trusted.
jwtConfiguration Property Map: Configuration settings for the JWTs issued for this client.
logoUri String: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobile Property Map: Additional configuration for native mobile apps.
name String: Name of the client.
nativeSocialLogin Property Map: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
oidcConformant Boolean: Indicates whether this client will conform to strict OIDC specifications.
organizationRequireBehavior String: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default) or pre_login_prompt.
organizationUsage String: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
refreshToken Property Map: Configuration settings for the refresh tokens issued for this client.
signingKeys List<Map<Any>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
sso Boolean: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
ssoDisabled Boolean: Indicates whether or not SSO is disabled.
tokenEndpointAuthMethod String: Defines the requested authentication method for the token endpoint. Options include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic).
webOrigins List<String>: URLs that represent valid web origins for use with web message response mode.

Supporting Types

ClientAddons

Aws Dictionary<string, object>
AzureBlob Dictionary<string, object>
AzureSb Dictionary<string, object>
Box Dictionary<string, object>
Cloudbees Dictionary<string, object>
Concur Dictionary<string, object>
Dropbox Dictionary<string, object>
Echosign Dictionary<string, object>
Egnyte Dictionary<string, object>
Firebase Dictionary<string, object>
Layer Dictionary<string, object>
Mscrm Dictionary<string, object>
Newrelic Dictionary<string, object>
Office365 Dictionary<string, object>
Rms Dictionary<string, object>
Salesforce Dictionary<string, object>
SalesforceApi Dictionary<string, object>
SalesforceSandboxApi Dictionary<string, object>
Samlp ClientAddonsSamlp: Configuration settings for a SAML add-on.
SapApi Dictionary<string, object>
Sentry Dictionary<string, object>
Sharepoint Dictionary<string, object>
Slack Dictionary<string, object>
Springcm Dictionary<string, object>
Wams Dictionary<string, object>
Wsfed Dictionary<string, object>: WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and client_aliases properties on the client.
Zendesk Dictionary<string, object>
Zoom Dictionary<string, object>

Aws map[string]interface{}
AzureBlob map[string]interface{}
AzureSb map[string]interface{}
Box map[string]interface{}
Cloudbees map[string]interface{}
Concur map[string]interface{}
Dropbox map[string]interface{}
Echosign map[string]interface{}
Egnyte map[string]interface{}
Firebase map[string]interface{}
Layer map[string]interface{}
Mscrm map[string]interface{}
Newrelic map[string]interface{}
Office365 map[string]interface{}
Rms map[string]interface{}
Salesforce map[string]interface{}
SalesforceApi map[string]interface{}
SalesforceSandboxApi map[string]interface{}
Samlp ClientAddonsSamlp: Configuration settings for a SAML add-on.
SapApi map[string]interface{}
Sentry map[string]interface{}
Sharepoint map[string]interface{}
Slack map[string]interface{}
Springcm map[string]interface{}
Wams map[string]interface{}
Wsfed map[string]interface{}: WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and client_aliases properties on the client.
Zendesk map[string]interface{}
Zoom map[string]interface{}

aws Map<String,Object>
azureBlob Map<String,Object>
azureSb Map<String,Object>
box Map<String,Object>
cloudbees Map<String,Object>
concur Map<String,Object>
dropbox Map<String,Object>
echosign Map<String,Object>
egnyte Map<String,Object>
firebase Map<String,Object>
layer Map<String,Object>
mscrm Map<String,Object>
newrelic Map<String,Object>
office365 Map<String,Object>
rms Map<String,Object>
salesforce Map<String,Object>
salesforceApi Map<String,Object>
salesforceSandboxApi Map<String,Object>
samlp ClientAddonsSamlp: Configuration settings for a SAML add-on.
sapApi Map<String,Object>
sentry Map<String,Object>
sharepoint Map<String,Object>
slack Map<String,Object>
springcm Map<String,Object>
wams Map<String,Object>
wsfed Map<String,Object>: WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and client_aliases properties on the client.
zendesk Map<String,Object>
zoom Map<String,Object>

aws {[key: string]: any}
azureBlob {[key: string]: any}
azureSb {[key: string]: any}
box {[key: string]: any}
cloudbees {[key: string]: any}
concur {[key: string]: any}
dropbox {[key: string]: any}
echosign {[key: string]: any}
egnyte {[key: string]: any}
firebase {[key: string]: any}
layer {[key: string]: any}
mscrm {[key: string]: any}
newrelic {[key: string]: any}
office365 {[key: string]: any}
rms {[key: string]: any}
salesforce {[key: string]: any}
salesforceApi {[key: string]: any}
salesforceSandboxApi {[key: string]: any}
samlp ClientAddonsSamlp: Configuration settings for a SAML add-on.
sapApi {[key: string]: any}
sentry {[key: string]: any}
sharepoint {[key: string]: any}
slack {[key: string]: any}
springcm {[key: string]: any}
wams {[key: string]: any}
wsfed {[key: string]: any}: WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and client_aliases properties on the client.
zendesk {[key: string]: any}
zoom {[key: string]: any}

aws Mapping[str, Any]
azure_blob Mapping[str, Any]
azure_sb Mapping[str, Any]
box Mapping[str, Any]
cloudbees Mapping[str, Any]
concur Mapping[str, Any]
dropbox Mapping[str, Any]
echosign Mapping[str, Any]
egnyte Mapping[str, Any]
firebase Mapping[str, Any]
layer Mapping[str, Any]
mscrm Mapping[str, Any]
newrelic Mapping[str, Any]
office365 Mapping[str, Any]
rms Mapping[str, Any]
salesforce Mapping[str, Any]
salesforce_api Mapping[str, Any]
salesforce_sandbox_api Mapping[str, Any]
samlp ClientAddonsSamlp: Configuration settings for a SAML add-on.
sap_api Mapping[str, Any]
sentry Mapping[str, Any]
sharepoint Mapping[str, Any]
slack Mapping[str, Any]
springcm Mapping[str, Any]
wams Mapping[str, Any]
wsfed Mapping[str, Any]: WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and client_aliases properties on the client.
zendesk Mapping[str, Any]
zoom Mapping[str, Any]

aws Map<Any>
azureBlob Map<Any>
azureSb Map<Any>
box Map<Any>
cloudbees Map<Any>
concur Map<Any>
dropbox Map<Any>
echosign Map<Any>
egnyte Map<Any>
firebase Map<Any>
layer Map<Any>
mscrm Map<Any>
newrelic Map<Any>
office365 Map<Any>
rms Map<Any>
salesforce Map<Any>
salesforceApi Map<Any>
salesforceSandboxApi Map<Any>
samlp Property Map: Configuration settings for a SAML add-on.
sapApi Map<Any>
sentry Map<Any>
sharepoint Map<Any>
slack Map<Any>
springcm Map<Any>
wams Map<Any>
wsfed Map<Any>: WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and client_aliases properties on the client.
zendesk Map<Any>
zoom Map<Any>

ClientAddonsSamlp

Audience string
AuthnContextClassRef string
Binding string
CreateUpnClaim bool
Destination string
DigestAlgorithm string
IncludeAttributeNameFormat bool
Issuer string
LifetimeInSeconds int
Logout Dictionary<string, object>
MapIdentities bool
MapUnknownClaimsAsIs bool
Mappings Dictionary<string, object>
NameIdentifierFormat string
NameIdentifierProbes List<string>
PassthroughClaimsWithNoMapping bool
Recipient string
SignResponse bool
SignatureAlgorithm string
SigningCert string
TypedAttributes bool

Audience string
AuthnContextClassRef string
Binding string
CreateUpnClaim bool
Destination string
DigestAlgorithm string
IncludeAttributeNameFormat bool
Issuer string
LifetimeInSeconds int
Logout map[string]interface{}
MapIdentities bool
MapUnknownClaimsAsIs bool
Mappings map[string]interface{}
NameIdentifierFormat string
NameIdentifierProbes []string
PassthroughClaimsWithNoMapping bool
Recipient string
SignResponse bool
SignatureAlgorithm string
SigningCert string
TypedAttributes bool

audience String
authnContextClassRef String
binding String
createUpnClaim Boolean
destination String
digestAlgorithm String
includeAttributeNameFormat Boolean
issuer String
lifetimeInSeconds Integer
logout Map<String,Object>
mapIdentities Boolean
mapUnknownClaimsAsIs Boolean
mappings Map<String,Object>
nameIdentifierFormat String
nameIdentifierProbes List<String>
passthroughClaimsWithNoMapping Boolean
recipient String
signResponse Boolean
signatureAlgorithm String
signingCert String
typedAttributes Boolean

audience string
authnContextClassRef string
binding string
createUpnClaim boolean
destination string
digestAlgorithm string
includeAttributeNameFormat boolean
issuer string
lifetimeInSeconds number
logout {[key: string]: any}
mapIdentities boolean
mapUnknownClaimsAsIs boolean
mappings {[key: string]: any}
nameIdentifierFormat string
nameIdentifierProbes string[]
passthroughClaimsWithNoMapping boolean
recipient string
signResponse boolean
signatureAlgorithm string
signingCert string
typedAttributes boolean

audience str
authn_context_class_ref str
binding str
create_upn_claim bool
destination str
digest_algorithm str
include_attribute_name_format bool
issuer str
lifetime_in_seconds int
logout Mapping[str, Any]
map_identities bool
map_unknown_claims_as_is bool
mappings Mapping[str, Any]
name_identifier_format str
name_identifier_probes Sequence[str]
passthrough_claims_with_no_mapping bool
recipient str
sign_response bool
signature_algorithm str
signing_cert str
typed_attributes bool

audience String
authnContextClassRef String
binding String
createUpnClaim Boolean
destination String
digestAlgorithm String
includeAttributeNameFormat Boolean
issuer String
lifetimeInSeconds Number
logout Map<Any>
mapIdentities Boolean
mapUnknownClaimsAsIs Boolean
mappings Map<Any>
nameIdentifierFormat String
nameIdentifierProbes List<String>
passthroughClaimsWithNoMapping Boolean
recipient String
signResponse Boolean
signatureAlgorithm String
signingCert String
typedAttributes Boolean

ClientJwtConfiguration

Alg string: Algorithm used to sign JWTs.
LifetimeInSeconds int: Number of seconds during which the JWT will be valid.
Scopes Dictionary<string, string>: Permissions (scopes) included in JWTs.
SecretEncoded bool: Indicates whether the client secret is Base64-encoded.

Alg string: Algorithm used to sign JWTs.
LifetimeInSeconds int: Number of seconds during which the JWT will be valid.
Scopes map[string]string: Permissions (scopes) included in JWTs.
SecretEncoded bool: Indicates whether the client secret is Base64-encoded.

alg String: Algorithm used to sign JWTs.
lifetimeInSeconds Integer: Number of seconds during which the JWT will be valid.
scopes Map<String,String>: Permissions (scopes) included in JWTs.
secretEncoded Boolean: Indicates whether the client secret is Base64-encoded.

alg string: Algorithm used to sign JWTs.
lifetimeInSeconds number: Number of seconds during which the JWT will be valid.
scopes {[key: string]: string}: Permissions (scopes) included in JWTs.
secretEncoded boolean: Indicates whether the client secret is Base64-encoded.

alg str: Algorithm used to sign JWTs.
lifetime_in_seconds int: Number of seconds during which the JWT will be valid.
scopes Mapping[str, str]: Permissions (scopes) included in JWTs.
secret_encoded bool: Indicates whether the client secret is Base64-encoded.

alg String: Algorithm used to sign JWTs.
lifetimeInSeconds Number: Number of seconds during which the JWT will be valid.
scopes Map<String>: Permissions (scopes) included in JWTs.
secretEncoded Boolean: Indicates whether the client secret is Base64-encoded.

ClientMobile

Android ClientMobileAndroid: Configuration settings for Android native apps.
Ios ClientMobileIos: Configuration settings for i0S native apps.

Android ClientMobileAndroid: Configuration settings for Android native apps.
Ios ClientMobileIos: Configuration settings for i0S native apps.

android ClientMobileAndroid: Configuration settings for Android native apps.
ios ClientMobileIos: Configuration settings for i0S native apps.

android ClientMobileAndroid: Configuration settings for Android native apps.
ios ClientMobileIos: Configuration settings for i0S native apps.

android ClientMobileAndroid: Configuration settings for Android native apps.
ios ClientMobileIos: Configuration settings for i0S native apps.

android Property Map: Configuration settings for Android native apps.
ios Property Map: Configuration settings for i0S native apps.

enabled Boolean

enabled boolean

enabled bool

enabled Boolean

ClientNativeSocialLoginFacebook

Enabled bool

Enabled bool

enabled Boolean

enabled boolean

enabled bool

enabled Boolean

ClientRefreshToken

ExpirationType string: Options include expiring, non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is rotating, this must be set to expiring.
RotationType string: Options include rotating, non-rotating. When rotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
IdleTokenLifetime int: The time in seconds after which inactive refresh tokens will expire.
InfiniteIdleTokenLifetime bool: Whether inactive refresh tokens should remain valid indefinitely.
InfiniteTokenLifetime bool: Whether refresh tokens should remain valid indefinitely. If false, token_lifetime should also be set.
Leeway int: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
TokenLifetime int: The absolute lifetime of a refresh token in seconds.

ExpirationType string: Options include expiring, non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is rotating, this must be set to expiring.
RotationType string: Options include rotating, non-rotating. When rotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
IdleTokenLifetime int: The time in seconds after which inactive refresh tokens will expire.
InfiniteIdleTokenLifetime bool: Whether inactive refresh tokens should remain valid indefinitely.
InfiniteTokenLifetime bool: Whether refresh tokens should remain valid indefinitely. If false, token_lifetime should also be set.
Leeway int: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
TokenLifetime int: The absolute lifetime of a refresh token in seconds.

expirationType String: Options include expiring, non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is rotating, this must be set to expiring.
rotationType String: Options include rotating, non-rotating. When rotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
idleTokenLifetime Integer: The time in seconds after which inactive refresh tokens will expire.
infiniteIdleTokenLifetime Boolean: Whether inactive refresh tokens should remain valid indefinitely.
infiniteTokenLifetime Boolean: Whether refresh tokens should remain valid indefinitely. If false, token_lifetime should also be set.
leeway Integer: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
tokenLifetime Integer: The absolute lifetime of a refresh token in seconds.

expirationType string: Options include expiring, non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is rotating, this must be set to expiring.
rotationType string: Options include rotating, non-rotating. When rotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
idleTokenLifetime number: The time in seconds after which inactive refresh tokens will expire.
infiniteIdleTokenLifetime boolean: Whether inactive refresh tokens should remain valid indefinitely.
infiniteTokenLifetime boolean: Whether refresh tokens should remain valid indefinitely. If false, token_lifetime should also be set.
leeway number: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
tokenLifetime number: The absolute lifetime of a refresh token in seconds.

expiration_type str: Options include expiring, non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is rotating, this must be set to expiring.
rotation_type str: Options include rotating, non-rotating. When rotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
idle_token_lifetime int: The time in seconds after which inactive refresh tokens will expire.
infinite_idle_token_lifetime bool: Whether inactive refresh tokens should remain valid indefinitely.
infinite_token_lifetime bool: Whether refresh tokens should remain valid indefinitely. If false, token_lifetime should also be set.
leeway int: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
token_lifetime int: The absolute lifetime of a refresh token in seconds.

expirationType String: Options include expiring, non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is rotating, this must be set to expiring.
rotationType String: Options include rotating, non-rotating. When rotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
idleTokenLifetime Number: The time in seconds after which inactive refresh tokens will expire.
infiniteIdleTokenLifetime Boolean: Whether inactive refresh tokens should remain valid indefinitely.
infiniteTokenLifetime Boolean: Whether refresh tokens should remain valid indefinitely. If false, token_lifetime should also be set.
leeway Number: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
tokenLifetime Number: The absolute lifetime of a refresh token in seconds.

Import

A client can be imported using the client’s ID. # Example

 $ pulumi import auth0:index/client:Client my_client AaiyAPdpYdesoKnqjj8HJqRn4T5titww

Package Details

Repository: Auth0 pulumi/pulumi-auth0
License: Apache-2.0
Notes: This Pulumi package is based on the auth0 Terraform Provider.