Docs Home
Auth0 v3.21.0 published on Friday, May 23, 2025 by Pulumi
auth0.Client
Explore with Pulumi AI
With this resource, you can set up applications that use Auth0 for authentication and configure allowed callback URLs and secrets for these applications.
Create Client Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Client(name: string, args?: ClientArgs, opts?: CustomResourceOptions);@overload
def Client(resource_name: str,
args: Optional[ClientArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Client(resource_name: str,
opts: Optional[ResourceOptions] = None,
addons: Optional[ClientAddonsArgs] = None,
allowed_clients: Optional[Sequence[str]] = None,
allowed_logout_urls: Optional[Sequence[str]] = None,
allowed_origins: Optional[Sequence[str]] = None,
app_type: Optional[str] = None,
callbacks: Optional[Sequence[str]] = None,
client_aliases: Optional[Sequence[str]] = None,
client_metadata: Optional[Mapping[str, str]] = None,
compliance_level: Optional[str] = None,
cross_origin_auth: Optional[bool] = None,
cross_origin_loc: Optional[str] = None,
custom_login_page: Optional[str] = None,
custom_login_page_on: Optional[bool] = None,
default_organization: Optional[ClientDefaultOrganizationArgs] = None,
description: Optional[str] = None,
encryption_key: Optional[Mapping[str, str]] = None,
form_template: Optional[str] = None,
grant_types: Optional[Sequence[str]] = None,
initiate_login_uri: Optional[str] = None,
is_first_party: Optional[bool] = None,
is_token_endpoint_ip_header_trusted: Optional[bool] = None,
jwt_configuration: Optional[ClientJwtConfigurationArgs] = None,
logo_uri: Optional[str] = None,
mobile: Optional[ClientMobileArgs] = None,
name: Optional[str] = None,
native_social_login: Optional[ClientNativeSocialLoginArgs] = None,
oidc_backchannel_logout_urls: Optional[Sequence[str]] = None,
oidc_conformant: Optional[bool] = None,
oidc_logout: Optional[ClientOidcLogoutArgs] = None,
organization_require_behavior: Optional[str] = None,
organization_usage: Optional[str] = None,
refresh_token: Optional[ClientRefreshTokenArgs] = None,
require_proof_of_possession: Optional[bool] = None,
require_pushed_authorization_requests: Optional[bool] = None,
session_transfer: Optional[ClientSessionTransferArgs] = None,
sso: Optional[bool] = None,
sso_disabled: Optional[bool] = None,
token_exchange: Optional[ClientTokenExchangeArgs] = None,
web_origins: Optional[Sequence[str]] = None)func NewClient(ctx *Context, name string, args *ClientArgs, opts ...ResourceOption) (*Client, error)public Client(string name, ClientArgs? args = null, CustomResourceOptions? opts = null)
public Client(String name, ClientArgs args)
public Client(String name, ClientArgs args, CustomResourceOptions options)
type: auth0:Client
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ClientArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ClientArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ClientArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ClientArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ClientArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var clientResource = new Auth0.Client("clientResource", new()
{
Addons = new Auth0.Inputs.ClientAddonsArgs
{
Aws = new Auth0.Inputs.ClientAddonsAwsArgs
{
LifetimeInSeconds = 0,
Principal = "string",
Role = "string",
},
AzureBlob = new Auth0.Inputs.ClientAddonsAzureBlobArgs
{
AccountName = "string",
BlobDelete = false,
BlobName = "string",
BlobRead = false,
BlobWrite = false,
ContainerDelete = false,
ContainerList = false,
ContainerName = "string",
ContainerRead = false,
ContainerWrite = false,
Expiration = 0,
SignedIdentifier = "string",
StorageAccessKey = "string",
},
AzureSb = new Auth0.Inputs.ClientAddonsAzureSbArgs
{
EntityPath = "string",
Expiration = 0,
Namespace = "string",
SasKey = "string",
SasKeyName = "string",
},
Box = null,
Cloudbees = null,
Concur = null,
Dropbox = null,
Echosign = new Auth0.Inputs.ClientAddonsEchosignArgs
{
Domain = "string",
},
Egnyte = new Auth0.Inputs.ClientAddonsEgnyteArgs
{
Domain = "string",
},
Firebase = new Auth0.Inputs.ClientAddonsFirebaseArgs
{
ClientEmail = "string",
LifetimeInSeconds = 0,
PrivateKey = "string",
PrivateKeyId = "string",
Secret = "string",
},
Layer = new Auth0.Inputs.ClientAddonsLayerArgs
{
KeyId = "string",
PrivateKey = "string",
ProviderId = "string",
Expiration = 0,
Principal = "string",
},
Mscrm = new Auth0.Inputs.ClientAddonsMscrmArgs
{
Url = "string",
},
Newrelic = new Auth0.Inputs.ClientAddonsNewrelicArgs
{
Account = "string",
},
Office365 = new Auth0.Inputs.ClientAddonsOffice365Args
{
Connection = "string",
Domain = "string",
},
Rms = new Auth0.Inputs.ClientAddonsRmsArgs
{
Url = "string",
},
Salesforce = new Auth0.Inputs.ClientAddonsSalesforceArgs
{
EntityId = "string",
},
SalesforceApi = new Auth0.Inputs.ClientAddonsSalesforceApiArgs
{
ClientId = "string",
CommunityName = "string",
CommunityUrlSection = "string",
Principal = "string",
},
SalesforceSandboxApi = new Auth0.Inputs.ClientAddonsSalesforceSandboxApiArgs
{
ClientId = "string",
CommunityName = "string",
CommunityUrlSection = "string",
Principal = "string",
},
Samlp = new Auth0.Inputs.ClientAddonsSamlpArgs
{
Audience = "string",
AuthnContextClassRef = "string",
Binding = "string",
CreateUpnClaim = false,
Destination = "string",
DigestAlgorithm = "string",
FlexibleMappings = "string",
IncludeAttributeNameFormat = false,
Issuer = "string",
LifetimeInSeconds = 0,
Logout = new Auth0.Inputs.ClientAddonsSamlpLogoutArgs
{
Callback = "string",
SloEnabled = false,
},
MapIdentities = false,
MapUnknownClaimsAsIs = false,
Mappings =
{
{ "string", "string" },
},
NameIdentifierFormat = "string",
NameIdentifierProbes = new[]
{
"string",
},
PassthroughClaimsWithNoMapping = false,
Recipient = "string",
SignResponse = false,
SignatureAlgorithm = "string",
SigningCert = "string",
TypedAttributes = false,
},
SapApi = new Auth0.Inputs.ClientAddonsSapApiArgs
{
ClientId = "string",
NameIdentifierFormat = "string",
Scope = "string",
ServicePassword = "string",
TokenEndpointUrl = "string",
UsernameAttribute = "string",
},
Sentry = new Auth0.Inputs.ClientAddonsSentryArgs
{
BaseUrl = "string",
OrgSlug = "string",
},
Sharepoint = new Auth0.Inputs.ClientAddonsSharepointArgs
{
ExternalUrls = new[]
{
"string",
},
Url = "string",
},
Slack = new Auth0.Inputs.ClientAddonsSlackArgs
{
Team = "string",
},
Springcm = new Auth0.Inputs.ClientAddonsSpringcmArgs
{
AcsUrl = "string",
},
SsoIntegration = new Auth0.Inputs.ClientAddonsSsoIntegrationArgs
{
Name = "string",
Version = "string",
},
Wams = new Auth0.Inputs.ClientAddonsWamsArgs
{
MasterKey = "string",
},
Wsfed = null,
Zendesk = new Auth0.Inputs.ClientAddonsZendeskArgs
{
AccountName = "string",
},
Zoom = new Auth0.Inputs.ClientAddonsZoomArgs
{
Account = "string",
},
},
AllowedClients = new[]
{
"string",
},
AllowedLogoutUrls = new[]
{
"string",
},
AllowedOrigins = new[]
{
"string",
},
AppType = "string",
Callbacks = new[]
{
"string",
},
ClientAliases = new[]
{
"string",
},
ClientMetadata =
{
{ "string", "string" },
},
ComplianceLevel = "string",
CrossOriginAuth = false,
CrossOriginLoc = "string",
CustomLoginPage = "string",
CustomLoginPageOn = false,
DefaultOrganization = new Auth0.Inputs.ClientDefaultOrganizationArgs
{
Disable = false,
Flows = new[]
{
"string",
},
OrganizationId = "string",
},
Description = "string",
EncryptionKey =
{
{ "string", "string" },
},
FormTemplate = "string",
GrantTypes = new[]
{
"string",
},
InitiateLoginUri = "string",
IsFirstParty = false,
IsTokenEndpointIpHeaderTrusted = false,
JwtConfiguration = new Auth0.Inputs.ClientJwtConfigurationArgs
{
Alg = "string",
LifetimeInSeconds = 0,
Scopes =
{
{ "string", "string" },
},
SecretEncoded = false,
},
LogoUri = "string",
Mobile = new Auth0.Inputs.ClientMobileArgs
{
Android = new Auth0.Inputs.ClientMobileAndroidArgs
{
AppPackageName = "string",
Sha256CertFingerprints = new[]
{
"string",
},
},
Ios = new Auth0.Inputs.ClientMobileIosArgs
{
AppBundleIdentifier = "string",
TeamId = "string",
},
},
Name = "string",
NativeSocialLogin = new Auth0.Inputs.ClientNativeSocialLoginArgs
{
Apple = new Auth0.Inputs.ClientNativeSocialLoginAppleArgs
{
Enabled = false,
},
Facebook = new Auth0.Inputs.ClientNativeSocialLoginFacebookArgs
{
Enabled = false,
},
Google = new Auth0.Inputs.ClientNativeSocialLoginGoogleArgs
{
Enabled = false,
},
},
OidcConformant = false,
OidcLogout = new Auth0.Inputs.ClientOidcLogoutArgs
{
BackchannelLogoutUrls = new[]
{
"string",
},
BackchannelLogoutInitiators = new Auth0.Inputs.ClientOidcLogoutBackchannelLogoutInitiatorsArgs
{
Mode = "string",
SelectedInitiators = new[]
{
"string",
},
},
},
OrganizationRequireBehavior = "string",
OrganizationUsage = "string",
RefreshToken = new Auth0.Inputs.ClientRefreshTokenArgs
{
ExpirationType = "string",
RotationType = "string",
IdleTokenLifetime = 0,
InfiniteIdleTokenLifetime = false,
InfiniteTokenLifetime = false,
Leeway = 0,
Policies = new[]
{
new Auth0.Inputs.ClientRefreshTokenPolicyArgs
{
Audience = "string",
Scopes = new[]
{
"string",
},
},
},
TokenLifetime = 0,
},
RequireProofOfPossession = false,
RequirePushedAuthorizationRequests = false,
SessionTransfer = new Auth0.Inputs.ClientSessionTransferArgs
{
AllowRefreshToken = false,
AllowedAuthenticationMethods = new[]
{
"string",
},
CanCreateSessionTransferToken = false,
EnforceDeviceBinding = "string",
},
Sso = false,
SsoDisabled = false,
TokenExchange = new Auth0.Inputs.ClientTokenExchangeArgs
{
AllowAnyProfileOfTypes = new[]
{
"string",
},
},
WebOrigins = new[]
{
"string",
},
});
example, err := auth0.NewClient(ctx, "clientResource", &auth0.ClientArgs{
Addons: &auth0.ClientAddonsArgs{
Aws: &auth0.ClientAddonsAwsArgs{
LifetimeInSeconds: pulumi.Int(0),
Principal: pulumi.String("string"),
Role: pulumi.String("string"),
},
AzureBlob: &auth0.ClientAddonsAzureBlobArgs{
AccountName: pulumi.String("string"),
BlobDelete: pulumi.Bool(false),
BlobName: pulumi.String("string"),
BlobRead: pulumi.Bool(false),
BlobWrite: pulumi.Bool(false),
ContainerDelete: pulumi.Bool(false),
ContainerList: pulumi.Bool(false),
ContainerName: pulumi.String("string"),
ContainerRead: pulumi.Bool(false),
ContainerWrite: pulumi.Bool(false),
Expiration: pulumi.Int(0),
SignedIdentifier: pulumi.String("string"),
StorageAccessKey: pulumi.String("string"),
},
AzureSb: &auth0.ClientAddonsAzureSbArgs{
EntityPath: pulumi.String("string"),
Expiration: pulumi.Int(0),
Namespace: pulumi.String("string"),
SasKey: pulumi.String("string"),
SasKeyName: pulumi.String("string"),
},
Box: &auth0.ClientAddonsBoxArgs{},
Cloudbees: &auth0.ClientAddonsCloudbeesArgs{},
Concur: &auth0.ClientAddonsConcurArgs{},
Dropbox: &auth0.ClientAddonsDropboxArgs{},
Echosign: &auth0.ClientAddonsEchosignArgs{
Domain: pulumi.String("string"),
},
Egnyte: &auth0.ClientAddonsEgnyteArgs{
Domain: pulumi.String("string"),
},
Firebase: &auth0.ClientAddonsFirebaseArgs{
ClientEmail: pulumi.String("string"),
LifetimeInSeconds: pulumi.Int(0),
PrivateKey: pulumi.String("string"),
PrivateKeyId: pulumi.String("string"),
Secret: pulumi.String("string"),
},
Layer: &auth0.ClientAddonsLayerArgs{
KeyId: pulumi.String("string"),
PrivateKey: pulumi.String("string"),
ProviderId: pulumi.String("string"),
Expiration: pulumi.Int(0),
Principal: pulumi.String("string"),
},
Mscrm: &auth0.ClientAddonsMscrmArgs{
Url: pulumi.String("string"),
},
Newrelic: &auth0.ClientAddonsNewrelicArgs{
Account: pulumi.String("string"),
},
Office365: &auth0.ClientAddonsOffice365Args{
Connection: pulumi.String("string"),
Domain: pulumi.String("string"),
},
Rms: &auth0.ClientAddonsRmsArgs{
Url: pulumi.String("string"),
},
Salesforce: &auth0.ClientAddonsSalesforceArgs{
EntityId: pulumi.String("string"),
},
SalesforceApi: &auth0.ClientAddonsSalesforceApiArgs{
ClientId: pulumi.String("string"),
CommunityName: pulumi.String("string"),
CommunityUrlSection: pulumi.String("string"),
Principal: pulumi.String("string"),
},
SalesforceSandboxApi: &auth0.ClientAddonsSalesforceSandboxApiArgs{
ClientId: pulumi.String("string"),
CommunityName: pulumi.String("string"),
CommunityUrlSection: pulumi.String("string"),
Principal: pulumi.String("string"),
},
Samlp: &auth0.ClientAddonsSamlpArgs{
Audience: pulumi.String("string"),
AuthnContextClassRef: pulumi.String("string"),
Binding: pulumi.String("string"),
CreateUpnClaim: pulumi.Bool(false),
Destination: pulumi.String("string"),
DigestAlgorithm: pulumi.String("string"),
FlexibleMappings: pulumi.String("string"),
IncludeAttributeNameFormat: pulumi.Bool(false),
Issuer: pulumi.String("string"),
LifetimeInSeconds: pulumi.Int(0),
Logout: &auth0.ClientAddonsSamlpLogoutArgs{
Callback: pulumi.String("string"),
SloEnabled: pulumi.Bool(false),
},
MapIdentities: pulumi.Bool(false),
MapUnknownClaimsAsIs: pulumi.Bool(false),
Mappings: pulumi.StringMap{
"string": pulumi.String("string"),
},
NameIdentifierFormat: pulumi.String("string"),
NameIdentifierProbes: pulumi.StringArray{
pulumi.String("string"),
},
PassthroughClaimsWithNoMapping: pulumi.Bool(false),
Recipient: pulumi.String("string"),
SignResponse: pulumi.Bool(false),
SignatureAlgorithm: pulumi.String("string"),
SigningCert: pulumi.String("string"),
TypedAttributes: pulumi.Bool(false),
},
SapApi: &auth0.ClientAddonsSapApiArgs{
ClientId: pulumi.String("string"),
NameIdentifierFormat: pulumi.String("string"),
Scope: pulumi.String("string"),
ServicePassword: pulumi.String("string"),
TokenEndpointUrl: pulumi.String("string"),
UsernameAttribute: pulumi.String("string"),
},
Sentry: &auth0.ClientAddonsSentryArgs{
BaseUrl: pulumi.String("string"),
OrgSlug: pulumi.String("string"),
},
Sharepoint: &auth0.ClientAddonsSharepointArgs{
ExternalUrls: pulumi.StringArray{
pulumi.String("string"),
},
Url: pulumi.String("string"),
},
Slack: &auth0.ClientAddonsSlackArgs{
Team: pulumi.String("string"),
},
Springcm: &auth0.ClientAddonsSpringcmArgs{
AcsUrl: pulumi.String("string"),
},
SsoIntegration: &auth0.ClientAddonsSsoIntegrationArgs{
Name: pulumi.String("string"),
Version: pulumi.String("string"),
},
Wams: &auth0.ClientAddonsWamsArgs{
MasterKey: pulumi.String("string"),
},
Wsfed: &auth0.ClientAddonsWsfedArgs{},
Zendesk: &auth0.ClientAddonsZendeskArgs{
AccountName: pulumi.String("string"),
},
Zoom: &auth0.ClientAddonsZoomArgs{
Account: pulumi.String("string"),
},
},
AllowedClients: pulumi.StringArray{
pulumi.String("string"),
},
AllowedLogoutUrls: pulumi.StringArray{
pulumi.String("string"),
},
AllowedOrigins: pulumi.StringArray{
pulumi.String("string"),
},
AppType: pulumi.String("string"),
Callbacks: pulumi.StringArray{
pulumi.String("string"),
},
ClientAliases: pulumi.StringArray{
pulumi.String("string"),
},
ClientMetadata: pulumi.StringMap{
"string": pulumi.String("string"),
},
ComplianceLevel: pulumi.String("string"),
CrossOriginAuth: pulumi.Bool(false),
CrossOriginLoc: pulumi.String("string"),
CustomLoginPage: pulumi.String("string"),
CustomLoginPageOn: pulumi.Bool(false),
DefaultOrganization: &auth0.ClientDefaultOrganizationArgs{
Disable: pulumi.Bool(false),
Flows: pulumi.StringArray{
pulumi.String("string"),
},
OrganizationId: pulumi.String("string"),
},
Description: pulumi.String("string"),
EncryptionKey: pulumi.StringMap{
"string": pulumi.String("string"),
},
FormTemplate: pulumi.String("string"),
GrantTypes: pulumi.StringArray{
pulumi.String("string"),
},
InitiateLoginUri: pulumi.String("string"),
IsFirstParty: pulumi.Bool(false),
IsTokenEndpointIpHeaderTrusted: pulumi.Bool(false),
JwtConfiguration: &auth0.ClientJwtConfigurationArgs{
Alg: pulumi.String("string"),
LifetimeInSeconds: pulumi.Int(0),
Scopes: pulumi.StringMap{
"string": pulumi.String("string"),
},
SecretEncoded: pulumi.Bool(false),
},
LogoUri: pulumi.String("string"),
Mobile: &auth0.ClientMobileArgs{
Android: &auth0.ClientMobileAndroidArgs{
AppPackageName: pulumi.String("string"),
Sha256CertFingerprints: pulumi.StringArray{
pulumi.String("string"),
},
},
Ios: &auth0.ClientMobileIosArgs{
AppBundleIdentifier: pulumi.String("string"),
TeamId: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
NativeSocialLogin: &auth0.ClientNativeSocialLoginArgs{
Apple: &auth0.ClientNativeSocialLoginAppleArgs{
Enabled: pulumi.Bool(false),
},
Facebook: &auth0.ClientNativeSocialLoginFacebookArgs{
Enabled: pulumi.Bool(false),
},
Google: &auth0.ClientNativeSocialLoginGoogleArgs{
Enabled: pulumi.Bool(false),
},
},
OidcConformant: pulumi.Bool(false),
OidcLogout: &auth0.ClientOidcLogoutArgs{
BackchannelLogoutUrls: pulumi.StringArray{
pulumi.String("string"),
},
BackchannelLogoutInitiators: &auth0.ClientOidcLogoutBackchannelLogoutInitiatorsArgs{
Mode: pulumi.String("string"),
SelectedInitiators: pulumi.StringArray{
pulumi.String("string"),
},
},
},
OrganizationRequireBehavior: pulumi.String("string"),
OrganizationUsage: pulumi.String("string"),
RefreshToken: &auth0.ClientRefreshTokenArgs{
ExpirationType: pulumi.String("string"),
RotationType: pulumi.String("string"),
IdleTokenLifetime: pulumi.Int(0),
InfiniteIdleTokenLifetime: pulumi.Bool(false),
InfiniteTokenLifetime: pulumi.Bool(false),
Leeway: pulumi.Int(0),
Policies: auth0.ClientRefreshTokenPolicyArray{
&auth0.ClientRefreshTokenPolicyArgs{
Audience: pulumi.String("string"),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
},
},
TokenLifetime: pulumi.Int(0),
},
RequireProofOfPossession: pulumi.Bool(false),
RequirePushedAuthorizationRequests: pulumi.Bool(false),
SessionTransfer: &auth0.ClientSessionTransferArgs{
AllowRefreshToken: pulumi.Bool(false),
AllowedAuthenticationMethods: pulumi.StringArray{
pulumi.String("string"),
},
CanCreateSessionTransferToken: pulumi.Bool(false),
EnforceDeviceBinding: pulumi.String("string"),
},
Sso: pulumi.Bool(false),
SsoDisabled: pulumi.Bool(false),
TokenExchange: &auth0.ClientTokenExchangeArgs{
AllowAnyProfileOfTypes: pulumi.StringArray{
pulumi.String("string"),
},
},
WebOrigins: pulumi.StringArray{
pulumi.String("string"),
},
})
var clientResource = new Client("clientResource", ClientArgs.builder()
.addons(ClientAddonsArgs.builder()
.aws(ClientAddonsAwsArgs.builder()
.lifetimeInSeconds(0)
.principal("string")
.role("string")
.build())
.azureBlob(ClientAddonsAzureBlobArgs.builder()
.accountName("string")
.blobDelete(false)
.blobName("string")
.blobRead(false)
.blobWrite(false)
.containerDelete(false)
.containerList(false)
.containerName("string")
.containerRead(false)
.containerWrite(false)
.expiration(0)
.signedIdentifier("string")
.storageAccessKey("string")
.build())
.azureSb(ClientAddonsAzureSbArgs.builder()
.entityPath("string")
.expiration(0)
.namespace("string")
.sasKey("string")
.sasKeyName("string")
.build())
.box(ClientAddonsBoxArgs.builder()
.build())
.cloudbees(ClientAddonsCloudbeesArgs.builder()
.build())
.concur(ClientAddonsConcurArgs.builder()
.build())
.dropbox(ClientAddonsDropboxArgs.builder()
.build())
.echosign(ClientAddonsEchosignArgs.builder()
.domain("string")
.build())
.egnyte(ClientAddonsEgnyteArgs.builder()
.domain("string")
.build())
.firebase(ClientAddonsFirebaseArgs.builder()
.clientEmail("string")
.lifetimeInSeconds(0)
.privateKey("string")
.privateKeyId("string")
.secret("string")
.build())
.layer(ClientAddonsLayerArgs.builder()
.keyId("string")
.privateKey("string")
.providerId("string")
.expiration(0)
.principal("string")
.build())
.mscrm(ClientAddonsMscrmArgs.builder()
.url("string")
.build())
.newrelic(ClientAddonsNewrelicArgs.builder()
.account("string")
.build())
.office365(ClientAddonsOffice365Args.builder()
.connection("string")
.domain("string")
.build())
.rms(ClientAddonsRmsArgs.builder()
.url("string")
.build())
.salesforce(ClientAddonsSalesforceArgs.builder()
.entityId("string")
.build())
.salesforceApi(ClientAddonsSalesforceApiArgs.builder()
.clientId("string")
.communityName("string")
.communityUrlSection("string")
.principal("string")
.build())
.salesforceSandboxApi(ClientAddonsSalesforceSandboxApiArgs.builder()
.clientId("string")
.communityName("string")
.communityUrlSection("string")
.principal("string")
.build())
.samlp(ClientAddonsSamlpArgs.builder()
.audience("string")
.authnContextClassRef("string")
.binding("string")
.createUpnClaim(false)
.destination("string")
.digestAlgorithm("string")
.flexibleMappings("string")
.includeAttributeNameFormat(false)
.issuer("string")
.lifetimeInSeconds(0)
.logout(ClientAddonsSamlpLogoutArgs.builder()
.callback("string")
.sloEnabled(false)
.build())
.mapIdentities(false)
.mapUnknownClaimsAsIs(false)
.mappings(Map.of("string", "string"))
.nameIdentifierFormat("string")
.nameIdentifierProbes("string")
.passthroughClaimsWithNoMapping(false)
.recipient("string")
.signResponse(false)
.signatureAlgorithm("string")
.signingCert("string")
.typedAttributes(false)
.build())
.sapApi(ClientAddonsSapApiArgs.builder()
.clientId("string")
.nameIdentifierFormat("string")
.scope("string")
.servicePassword("string")
.tokenEndpointUrl("string")
.usernameAttribute("string")
.build())
.sentry(ClientAddonsSentryArgs.builder()
.baseUrl("string")
.orgSlug("string")
.build())
.sharepoint(ClientAddonsSharepointArgs.builder()
.externalUrls("string")
.url("string")
.build())
.slack(ClientAddonsSlackArgs.builder()
.team("string")
.build())
.springcm(ClientAddonsSpringcmArgs.builder()
.acsUrl("string")
.build())
.ssoIntegration(ClientAddonsSsoIntegrationArgs.builder()
.name("string")
.version("string")
.build())
.wams(ClientAddonsWamsArgs.builder()
.masterKey("string")
.build())
.wsfed(ClientAddonsWsfedArgs.builder()
.build())
.zendesk(ClientAddonsZendeskArgs.builder()
.accountName("string")
.build())
.zoom(ClientAddonsZoomArgs.builder()
.account("string")
.build())
.build())
.allowedClients("string")
.allowedLogoutUrls("string")
.allowedOrigins("string")
.appType("string")
.callbacks("string")
.clientAliases("string")
.clientMetadata(Map.of("string", "string"))
.complianceLevel("string")
.crossOriginAuth(false)
.crossOriginLoc("string")
.customLoginPage("string")
.customLoginPageOn(false)
.defaultOrganization(ClientDefaultOrganizationArgs.builder()
.disable(false)
.flows("string")
.organizationId("string")
.build())
.description("string")
.encryptionKey(Map.of("string", "string"))
.formTemplate("string")
.grantTypes("string")
.initiateLoginUri("string")
.isFirstParty(false)
.isTokenEndpointIpHeaderTrusted(false)
.jwtConfiguration(ClientJwtConfigurationArgs.builder()
.alg("string")
.lifetimeInSeconds(0)
.scopes(Map.of("string", "string"))
.secretEncoded(false)
.build())
.logoUri("string")
.mobile(ClientMobileArgs.builder()
.android(ClientMobileAndroidArgs.builder()
.appPackageName("string")
.sha256CertFingerprints("string")
.build())
.ios(ClientMobileIosArgs.builder()
.appBundleIdentifier("string")
.teamId("string")
.build())
.build())
.name("string")
.nativeSocialLogin(ClientNativeSocialLoginArgs.builder()
.apple(ClientNativeSocialLoginAppleArgs.builder()
.enabled(false)
.build())
.facebook(ClientNativeSocialLoginFacebookArgs.builder()
.enabled(false)
.build())
.google(ClientNativeSocialLoginGoogleArgs.builder()
.enabled(false)
.build())
.build())
.oidcConformant(false)
.oidcLogout(ClientOidcLogoutArgs.builder()
.backchannelLogoutUrls("string")
.backchannelLogoutInitiators(ClientOidcLogoutBackchannelLogoutInitiatorsArgs.builder()
.mode("string")
.selectedInitiators("string")
.build())
.build())
.organizationRequireBehavior("string")
.organizationUsage("string")
.refreshToken(ClientRefreshTokenArgs.builder()
.expirationType("string")
.rotationType("string")
.idleTokenLifetime(0)
.infiniteIdleTokenLifetime(false)
.infiniteTokenLifetime(false)
.leeway(0)
.policies(ClientRefreshTokenPolicyArgs.builder()
.audience("string")
.scopes("string")
.build())
.tokenLifetime(0)
.build())
.requireProofOfPossession(false)
.requirePushedAuthorizationRequests(false)
.sessionTransfer(ClientSessionTransferArgs.builder()
.allowRefreshToken(false)
.allowedAuthenticationMethods("string")
.canCreateSessionTransferToken(false)
.enforceDeviceBinding("string")
.build())
.sso(false)
.ssoDisabled(false)
.tokenExchange(ClientTokenExchangeArgs.builder()
.allowAnyProfileOfTypes("string")
.build())
.webOrigins("string")
.build());
client_resource = auth0.Client("clientResource",
addons={
"aws": {
"lifetime_in_seconds": 0,
"principal": "string",
"role": "string",
},
"azure_blob": {
"account_name": "string",
"blob_delete": False,
"blob_name": "string",
"blob_read": False,
"blob_write": False,
"container_delete": False,
"container_list": False,
"container_name": "string",
"container_read": False,
"container_write": False,
"expiration": 0,
"signed_identifier": "string",
"storage_access_key": "string",
},
"azure_sb": {
"entity_path": "string",
"expiration": 0,
"namespace": "string",
"sas_key": "string",
"sas_key_name": "string",
},
"box": {},
"cloudbees": {},
"concur": {},
"dropbox": {},
"echosign": {
"domain": "string",
},
"egnyte": {
"domain": "string",
},
"firebase": {
"client_email": "string",
"lifetime_in_seconds": 0,
"private_key": "string",
"private_key_id": "string",
"secret": "string",
},
"layer": {
"key_id": "string",
"private_key": "string",
"provider_id": "string",
"expiration": 0,
"principal": "string",
},
"mscrm": {
"url": "string",
},
"newrelic": {
"account": "string",
},
"office365": {
"connection": "string",
"domain": "string",
},
"rms": {
"url": "string",
},
"salesforce": {
"entity_id": "string",
},
"salesforce_api": {
"client_id": "string",
"community_name": "string",
"community_url_section": "string",
"principal": "string",
},
"salesforce_sandbox_api": {
"client_id": "string",
"community_name": "string",
"community_url_section": "string",
"principal": "string",
},
"samlp": {
"audience": "string",
"authn_context_class_ref": "string",
"binding": "string",
"create_upn_claim": False,
"destination": "string",
"digest_algorithm": "string",
"flexible_mappings": "string",
"include_attribute_name_format": False,
"issuer": "string",
"lifetime_in_seconds": 0,
"logout": {
"callback": "string",
"slo_enabled": False,
},
"map_identities": False,
"map_unknown_claims_as_is": False,
"mappings": {
"string": "string",
},
"name_identifier_format": "string",
"name_identifier_probes": ["string"],
"passthrough_claims_with_no_mapping": False,
"recipient": "string",
"sign_response": False,
"signature_algorithm": "string",
"signing_cert": "string",
"typed_attributes": False,
},
"sap_api": {
"client_id": "string",
"name_identifier_format": "string",
"scope": "string",
"service_password": "string",
"token_endpoint_url": "string",
"username_attribute": "string",
},
"sentry": {
"base_url": "string",
"org_slug": "string",
},
"sharepoint": {
"external_urls": ["string"],
"url": "string",
},
"slack": {
"team": "string",
},
"springcm": {
"acs_url": "string",
},
"sso_integration": {
"name": "string",
"version": "string",
},
"wams": {
"master_key": "string",
},
"wsfed": {},
"zendesk": {
"account_name": "string",
},
"zoom": {
"account": "string",
},
},
allowed_clients=["string"],
allowed_logout_urls=["string"],
allowed_origins=["string"],
app_type="string",
callbacks=["string"],
client_aliases=["string"],
client_metadata={
"string": "string",
},
compliance_level="string",
cross_origin_auth=False,
cross_origin_loc="string",
custom_login_page="string",
custom_login_page_on=False,
default_organization={
"disable": False,
"flows": ["string"],
"organization_id": "string",
},
description="string",
encryption_key={
"string": "string",
},
form_template="string",
grant_types=["string"],
initiate_login_uri="string",
is_first_party=False,
is_token_endpoint_ip_header_trusted=False,
jwt_configuration={
"alg": "string",
"lifetime_in_seconds": 0,
"scopes": {
"string": "string",
},
"secret_encoded": False,
},
logo_uri="string",
mobile={
"android": {
"app_package_name": "string",
"sha256_cert_fingerprints": ["string"],
},
"ios": {
"app_bundle_identifier": "string",
"team_id": "string",
},
},
name="string",
native_social_login={
"apple": {
"enabled": False,
},
"facebook": {
"enabled": False,
},
"google": {
"enabled": False,
},
},
oidc_conformant=False,
oidc_logout={
"backchannel_logout_urls": ["string"],
"backchannel_logout_initiators": {
"mode": "string",
"selected_initiators": ["string"],
},
},
organization_require_behavior="string",
organization_usage="string",
refresh_token={
"expiration_type": "string",
"rotation_type": "string",
"idle_token_lifetime": 0,
"infinite_idle_token_lifetime": False,
"infinite_token_lifetime": False,
"leeway": 0,
"policies": [{
"audience": "string",
"scopes": ["string"],
}],
"token_lifetime": 0,
},
require_proof_of_possession=False,
require_pushed_authorization_requests=False,
session_transfer={
"allow_refresh_token": False,
"allowed_authentication_methods": ["string"],
"can_create_session_transfer_token": False,
"enforce_device_binding": "string",
},
sso=False,
sso_disabled=False,
token_exchange={
"allow_any_profile_of_types": ["string"],
},
web_origins=["string"])
const clientResource = new auth0.Client("clientResource", {
addons: {
aws: {
lifetimeInSeconds: 0,
principal: "string",
role: "string",
},
azureBlob: {
accountName: "string",
blobDelete: false,
blobName: "string",
blobRead: false,
blobWrite: false,
containerDelete: false,
containerList: false,
containerName: "string",
containerRead: false,
containerWrite: false,
expiration: 0,
signedIdentifier: "string",
storageAccessKey: "string",
},
azureSb: {
entityPath: "string",
expiration: 0,
namespace: "string",
sasKey: "string",
sasKeyName: "string",
},
box: {},
cloudbees: {},
concur: {},
dropbox: {},
echosign: {
domain: "string",
},
egnyte: {
domain: "string",
},
firebase: {
clientEmail: "string",
lifetimeInSeconds: 0,
privateKey: "string",
privateKeyId: "string",
secret: "string",
},
layer: {
keyId: "string",
privateKey: "string",
providerId: "string",
expiration: 0,
principal: "string",
},
mscrm: {
url: "string",
},
newrelic: {
account: "string",
},
office365: {
connection: "string",
domain: "string",
},
rms: {
url: "string",
},
salesforce: {
entityId: "string",
},
salesforceApi: {
clientId: "string",
communityName: "string",
communityUrlSection: "string",
principal: "string",
},
salesforceSandboxApi: {
clientId: "string",
communityName: "string",
communityUrlSection: "string",
principal: "string",
},
samlp: {
audience: "string",
authnContextClassRef: "string",
binding: "string",
createUpnClaim: false,
destination: "string",
digestAlgorithm: "string",
flexibleMappings: "string",
includeAttributeNameFormat: false,
issuer: "string",
lifetimeInSeconds: 0,
logout: {
callback: "string",
sloEnabled: false,
},
mapIdentities: false,
mapUnknownClaimsAsIs: false,
mappings: {
string: "string",
},
nameIdentifierFormat: "string",
nameIdentifierProbes: ["string"],
passthroughClaimsWithNoMapping: false,
recipient: "string",
signResponse: false,
signatureAlgorithm: "string",
signingCert: "string",
typedAttributes: false,
},
sapApi: {
clientId: "string",
nameIdentifierFormat: "string",
scope: "string",
servicePassword: "string",
tokenEndpointUrl: "string",
usernameAttribute: "string",
},
sentry: {
baseUrl: "string",
orgSlug: "string",
},
sharepoint: {
externalUrls: ["string"],
url: "string",
},
slack: {
team: "string",
},
springcm: {
acsUrl: "string",
},
ssoIntegration: {
name: "string",
version: "string",
},
wams: {
masterKey: "string",
},
wsfed: {},
zendesk: {
accountName: "string",
},
zoom: {
account: "string",
},
},
allowedClients: ["string"],
allowedLogoutUrls: ["string"],
allowedOrigins: ["string"],
appType: "string",
callbacks: ["string"],
clientAliases: ["string"],
clientMetadata: {
string: "string",
},
complianceLevel: "string",
crossOriginAuth: false,
crossOriginLoc: "string",
customLoginPage: "string",
customLoginPageOn: false,
defaultOrganization: {
disable: false,
flows: ["string"],
organizationId: "string",
},
description: "string",
encryptionKey: {
string: "string",
},
formTemplate: "string",
grantTypes: ["string"],
initiateLoginUri: "string",
isFirstParty: false,
isTokenEndpointIpHeaderTrusted: false,
jwtConfiguration: {
alg: "string",
lifetimeInSeconds: 0,
scopes: {
string: "string",
},
secretEncoded: false,
},
logoUri: "string",
mobile: {
android: {
appPackageName: "string",
sha256CertFingerprints: ["string"],
},
ios: {
appBundleIdentifier: "string",
teamId: "string",
},
},
name: "string",
nativeSocialLogin: {
apple: {
enabled: false,
},
facebook: {
enabled: false,
},
google: {
enabled: false,
},
},
oidcConformant: false,
oidcLogout: {
backchannelLogoutUrls: ["string"],
backchannelLogoutInitiators: {
mode: "string",
selectedInitiators: ["string"],
},
},
organizationRequireBehavior: "string",
organizationUsage: "string",
refreshToken: {
expirationType: "string",
rotationType: "string",
idleTokenLifetime: 0,
infiniteIdleTokenLifetime: false,
infiniteTokenLifetime: false,
leeway: 0,
policies: [{
audience: "string",
scopes: ["string"],
}],
tokenLifetime: 0,
},
requireProofOfPossession: false,
requirePushedAuthorizationRequests: false,
sessionTransfer: {
allowRefreshToken: false,
allowedAuthenticationMethods: ["string"],
canCreateSessionTransferToken: false,
enforceDeviceBinding: "string",
},
sso: false,
ssoDisabled: false,
tokenExchange: {
allowAnyProfileOfTypes: ["string"],
},
webOrigins: ["string"],
});
type: auth0:Client
properties:
addons:
aws:
lifetimeInSeconds: 0
principal: string
role: string
azureBlob:
accountName: string
blobDelete: false
blobName: string
blobRead: false
blobWrite: false
containerDelete: false
containerList: false
containerName: string
containerRead: false
containerWrite: false
expiration: 0
signedIdentifier: string
storageAccessKey: string
azureSb:
entityPath: string
expiration: 0
namespace: string
sasKey: string
sasKeyName: string
box: {}
cloudbees: {}
concur: {}
dropbox: {}
echosign:
domain: string
egnyte:
domain: string
firebase:
clientEmail: string
lifetimeInSeconds: 0
privateKey: string
privateKeyId: string
secret: string
layer:
expiration: 0
keyId: string
principal: string
privateKey: string
providerId: string
mscrm:
url: string
newrelic:
account: string
office365:
connection: string
domain: string
rms:
url: string
salesforce:
entityId: string
salesforceApi:
clientId: string
communityName: string
communityUrlSection: string
principal: string
salesforceSandboxApi:
clientId: string
communityName: string
communityUrlSection: string
principal: string
samlp:
audience: string
authnContextClassRef: string
binding: string
createUpnClaim: false
destination: string
digestAlgorithm: string
flexibleMappings: string
includeAttributeNameFormat: false
issuer: string
lifetimeInSeconds: 0
logout:
callback: string
sloEnabled: false
mapIdentities: false
mapUnknownClaimsAsIs: false
mappings:
string: string
nameIdentifierFormat: string
nameIdentifierProbes:
- string
passthroughClaimsWithNoMapping: false
recipient: string
signResponse: false
signatureAlgorithm: string
signingCert: string
typedAttributes: false
sapApi:
clientId: string
nameIdentifierFormat: string
scope: string
servicePassword: string
tokenEndpointUrl: string
usernameAttribute: string
sentry:
baseUrl: string
orgSlug: string
sharepoint:
externalUrls:
- string
url: string
slack:
team: string
springcm:
acsUrl: string
ssoIntegration:
name: string
version: string
wams:
masterKey: string
wsfed: {}
zendesk:
accountName: string
zoom:
account: string
allowedClients:
- string
allowedLogoutUrls:
- string
allowedOrigins:
- string
appType: string
callbacks:
- string
clientAliases:
- string
clientMetadata:
string: string
complianceLevel: string
crossOriginAuth: false
crossOriginLoc: string
customLoginPage: string
customLoginPageOn: false
defaultOrganization:
disable: false
flows:
- string
organizationId: string
description: string
encryptionKey:
string: string
formTemplate: string
grantTypes:
- string
initiateLoginUri: string
isFirstParty: false
isTokenEndpointIpHeaderTrusted: false
jwtConfiguration:
alg: string
lifetimeInSeconds: 0
scopes:
string: string
secretEncoded: false
logoUri: string
mobile:
android:
appPackageName: string
sha256CertFingerprints:
- string
ios:
appBundleIdentifier: string
teamId: string
name: string
nativeSocialLogin:
apple:
enabled: false
facebook:
enabled: false
google:
enabled: false
oidcConformant: false
oidcLogout:
backchannelLogoutInitiators:
mode: string
selectedInitiators:
- string
backchannelLogoutUrls:
- string
organizationRequireBehavior: string
organizationUsage: string
refreshToken:
expirationType: string
idleTokenLifetime: 0
infiniteIdleTokenLifetime: false
infiniteTokenLifetime: false
leeway: 0
policies:
- audience: string
scopes:
- string
rotationType: string
tokenLifetime: 0
requireProofOfPossession: false
requirePushedAuthorizationRequests: false
sessionTransfer:
allowRefreshToken: false
allowedAuthenticationMethods:
- string
canCreateSessionTransferToken: false
enforceDeviceBinding: string
sso: false
ssoDisabled: false
tokenExchange:
allowAnyProfileOfTypes:
- string
webOrigins:
- string
Client Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Client resource accepts the following input properties:
- Addons
Client
Addons - Addons enabled for this client and their associated configurations.
- Allowed
Clients List<string> - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- Allowed
Logout List<string>Urls - URLs that Auth0 may redirect to after logout.
- Allowed
Origins List<string> - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- App
Type string - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - Callbacks List<string>
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- Client
Aliases List<string> - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- Client
Metadata Dictionary<string, string> - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - Compliance
Level string - Defines the compliance level for this client, which may restrict it's capabilities. Can be one of
none,fapi1_adv_pkj_par,fapi1_adv_mtls_par. - Cross
Origin boolAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). - Cross
Origin stringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- Custom
Login stringPage - The content (HTML, CSS, JS) of the custom login page.
- Custom
Login boolPage On - Indicates whether a custom login page is to be used.
- Default
Organization ClientDefault Organization - Configure and associate an organization with the Client
- Description string
- Description of the purpose of the client.
- Encryption
Key Dictionary<string, string> - Encryption used for WS-Fed responses with this client.
- Form
Template string - HTML form template to be used for WS-Federation.
- Grant
Types List<string> - Types of grants that this client is authorized to use.
- Initiate
Login stringUri - Initiate login URI. Must be HTTPS or an empty string.
- Is
First boolParty - Indicates whether this client is a first-party client.Defaults to true from the API
- Is
Token boolEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to
client_secret_postorclient_secret_basic. Setting this property when creating the resource, will default the authentication method toclient_secret_post. To change the authentication method toclient_secret_basicuse theauth0.ClientCredentialsresource. - Jwt
Configuration ClientJwt Configuration - Configuration settings for the JWTs issued for this client.
- Logo
Uri string - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- Mobile
Client
Mobile - Additional configuration for native mobile apps.
- Name string
- Name of the client.
-
Client
Native Social Login - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - Oidc
Backchannel List<string>Logout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- Oidc
Conformant bool - Indicates whether this client will conform to strict OIDC specifications.
- Oidc
Logout ClientOidc Logout - Configure OIDC logout for the Client
- Organization
Require stringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - Organization
Usage string - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - Refresh
Token ClientRefresh Token - Configuration settings for the refresh tokens issued for this client.
- Require
Proof boolOf Possession - Makes the use of Proof-of-Possession mandatory for this client.
- bool
- Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
- Session
Transfer ClientSession Transfer - Sso bool
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- Sso
Disabled bool - Indicates whether or not SSO is disabled.
- Token
Exchange ClientToken Exchange - Allows configuration for token exchange
- Web
Origins List<string> - URLs that represent valid web origins for use with web message response mode.
- Addons
Client
Addons Args - Addons enabled for this client and their associated configurations.
- Allowed
Clients []string - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- Allowed
Logout []stringUrls - URLs that Auth0 may redirect to after logout.
- Allowed
Origins []string - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- App
Type string - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - Callbacks []string
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- Client
Aliases []string - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- Client
Metadata map[string]string - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - Compliance
Level string - Defines the compliance level for this client, which may restrict it's capabilities. Can be one of
none,fapi1_adv_pkj_par,fapi1_adv_mtls_par. - Cross
Origin boolAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). - Cross
Origin stringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- Custom
Login stringPage - The content (HTML, CSS, JS) of the custom login page.
- Custom
Login boolPage On - Indicates whether a custom login page is to be used.
- Default
Organization ClientDefault Organization Args - Configure and associate an organization with the Client
- Description string
- Description of the purpose of the client.
- Encryption
Key map[string]string - Encryption used for WS-Fed responses with this client.
- Form
Template string - HTML form template to be used for WS-Federation.
- Grant
Types []string - Types of grants that this client is authorized to use.
- Initiate
Login stringUri - Initiate login URI. Must be HTTPS or an empty string.
- Is
First boolParty - Indicates whether this client is a first-party client.Defaults to true from the API
- Is
Token boolEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to
client_secret_postorclient_secret_basic. Setting this property when creating the resource, will default the authentication method toclient_secret_post. To change the authentication method toclient_secret_basicuse theauth0.ClientCredentialsresource. - Jwt
Configuration ClientJwt Configuration Args - Configuration settings for the JWTs issued for this client.
- Logo
Uri string - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- Mobile
Client
Mobile Args - Additional configuration for native mobile apps.
- Name string
- Name of the client.
-
Client
Native Social Login Args - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - Oidc
Backchannel []stringLogout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- Oidc
Conformant bool - Indicates whether this client will conform to strict OIDC specifications.
- Oidc
Logout ClientOidc Logout Args - Configure OIDC logout for the Client
- Organization
Require stringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - Organization
Usage string - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - Refresh
Token ClientRefresh Token Args - Configuration settings for the refresh tokens issued for this client.
- Require
Proof boolOf Possession - Makes the use of Proof-of-Possession mandatory for this client.
- bool
- Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
- Session
Transfer ClientSession Transfer Args - Sso bool
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- Sso
Disabled bool - Indicates whether or not SSO is disabled.
- Token
Exchange ClientToken Exchange Args - Allows configuration for token exchange
- Web
Origins []string - URLs that represent valid web origins for use with web message response mode.
- addons
Client
Addons - Addons enabled for this client and their associated configurations.
- allowed
Clients List<String> - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- allowed
Origins List<String> - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- app
Type String - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - callbacks List<String>
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- client
Aliases List<String> - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- client
Metadata Map<String,String> - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - compliance
Level String - Defines the compliance level for this client, which may restrict it's capabilities. Can be one of
none,fapi1_adv_pkj_par,fapi1_adv_mtls_par. - cross
Origin BooleanAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). - cross
Origin StringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- custom
Login StringPage - The content (HTML, CSS, JS) of the custom login page.
- custom
Login BooleanPage On - Indicates whether a custom login page is to be used.
- default
Organization ClientDefault Organization - Configure and associate an organization with the Client
- description String
- Description of the purpose of the client.
- encryption
Key Map<String,String> - Encryption used for WS-Fed responses with this client.
- form
Template String - HTML form template to be used for WS-Federation.
- grant
Types List<String> - Types of grants that this client is authorized to use.
- initiate
Login StringUri - Initiate login URI. Must be HTTPS or an empty string.
- is
First BooleanParty - Indicates whether this client is a first-party client.Defaults to true from the API
- is
Token BooleanEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to
client_secret_postorclient_secret_basic. Setting this property when creating the resource, will default the authentication method toclient_secret_post. To change the authentication method toclient_secret_basicuse theauth0.ClientCredentialsresource. - jwt
Configuration ClientJwt Configuration - Configuration settings for the JWTs issued for this client.
- logo
Uri String - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- mobile
Client
Mobile - Additional configuration for native mobile apps.
- name String
- Name of the client.
-
Client
Native Social Login - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - oidc
Backchannel List<String>Logout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- oidc
Conformant Boolean - Indicates whether this client will conform to strict OIDC specifications.
- oidc
Logout ClientOidc Logout - Configure OIDC logout for the Client
- organization
Require StringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - organization
Usage String - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - refresh
Token ClientRefresh Token - Configuration settings for the refresh tokens issued for this client.
- require
Proof BooleanOf Possession - Makes the use of Proof-of-Possession mandatory for this client.
- Boolean
- Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
- session
Transfer ClientSession Transfer - sso Boolean
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- sso
Disabled Boolean - Indicates whether or not SSO is disabled.
- token
Exchange ClientToken Exchange - Allows configuration for token exchange
- web
Origins List<String> - URLs that represent valid web origins for use with web message response mode.
- addons
Client
Addons - Addons enabled for this client and their associated configurations.
- allowed
Clients string[] - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- allowed
Logout string[]Urls - URLs that Auth0 may redirect to after logout.
- allowed
Origins string[] - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- app
Type string - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - callbacks string[]
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- client
Aliases string[] - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- client
Metadata {[key: string]: string} - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - compliance
Level string - Defines the compliance level for this client, which may restrict it's capabilities. Can be one of
none,fapi1_adv_pkj_par,fapi1_adv_mtls_par. - cross
Origin booleanAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). - cross
Origin stringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- custom
Login stringPage - The content (HTML, CSS, JS) of the custom login page.
- custom
Login booleanPage On - Indicates whether a custom login page is to be used.
- default
Organization ClientDefault Organization - Configure and associate an organization with the Client
- description string
- Description of the purpose of the client.
- encryption
Key {[key: string]: string} - Encryption used for WS-Fed responses with this client.
- form
Template string - HTML form template to be used for WS-Federation.
- grant
Types string[] - Types of grants that this client is authorized to use.
- initiate
Login stringUri - Initiate login URI. Must be HTTPS or an empty string.
- is
First booleanParty - Indicates whether this client is a first-party client.Defaults to true from the API
- is
Token booleanEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to
client_secret_postorclient_secret_basic. Setting this property when creating the resource, will default the authentication method toclient_secret_post. To change the authentication method toclient_secret_basicuse theauth0.ClientCredentialsresource. - jwt
Configuration ClientJwt Configuration - Configuration settings for the JWTs issued for this client.
- logo
Uri string - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- mobile
Client
Mobile - Additional configuration for native mobile apps.
- name string
- Name of the client.
-
Client
Native Social Login - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - oidc
Backchannel string[]Logout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- oidc
Conformant boolean - Indicates whether this client will conform to strict OIDC specifications.
- oidc
Logout ClientOidc Logout - Configure OIDC logout for the Client
- organization
Require stringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - organization
Usage string - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - refresh
Token ClientRefresh Token - Configuration settings for the refresh tokens issued for this client.
- require
Proof booleanOf Possession - Makes the use of Proof-of-Possession mandatory for this client.
- boolean
- Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
- session
Transfer ClientSession Transfer - sso boolean
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- sso
Disabled boolean - Indicates whether or not SSO is disabled.
- token
Exchange ClientToken Exchange - Allows configuration for token exchange
- web
Origins string[] - URLs that represent valid web origins for use with web message response mode.
- addons
Client
Addons Args - Addons enabled for this client and their associated configurations.
- allowed_
clients Sequence[str] - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- allowed_
logout_ Sequence[str]urls - URLs that Auth0 may redirect to after logout.
- allowed_
origins Sequence[str] - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- app_
type str - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - callbacks Sequence[str]
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- client_
aliases Sequence[str] - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- client_
metadata Mapping[str, str] - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - compliance_
level str - Defines the compliance level for this client, which may restrict it's capabilities. Can be one of
none,fapi1_adv_pkj_par,fapi1_adv_mtls_par. - cross_
origin_ boolauth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). - cross_
origin_ strloc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- custom_
login_ strpage - The content (HTML, CSS, JS) of the custom login page.
- custom_
login_ boolpage_ on - Indicates whether a custom login page is to be used.
- default_
organization ClientDefault Organization Args - Configure and associate an organization with the Client
- description str
- Description of the purpose of the client.
- encryption_
key Mapping[str, str] - Encryption used for WS-Fed responses with this client.
- form_
template str - HTML form template to be used for WS-Federation.
- grant_
types Sequence[str] - Types of grants that this client is authorized to use.
- initiate_
login_ struri - Initiate login URI. Must be HTTPS or an empty string.
- is_
first_ boolparty - Indicates whether this client is a first-party client.Defaults to true from the API
- is_
token_ boolendpoint_ ip_ header_ trusted - Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to
client_secret_postorclient_secret_basic. Setting this property when creating the resource, will default the authentication method toclient_secret_post. To change the authentication method toclient_secret_basicuse theauth0.ClientCredentialsresource. - jwt_
configuration ClientJwt Configuration Args - Configuration settings for the JWTs issued for this client.
- logo_
uri str - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- mobile
Client
Mobile Args - Additional configuration for native mobile apps.
- name str
- Name of the client.
-
Client
Native Social Login Args - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - oidc_
backchannel_ Sequence[str]logout_ urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- oidc_
conformant bool - Indicates whether this client will conform to strict OIDC specifications.
- oidc_
logout ClientOidc Logout Args - Configure OIDC logout for the Client
- organization_
require_ strbehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - organization_
usage str - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - refresh_
token ClientRefresh Token Args - Configuration settings for the refresh tokens issued for this client.
- require_
proof_ boolof_ possession - Makes the use of Proof-of-Possession mandatory for this client.
- bool
- Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
- session_
transfer ClientSession Transfer Args - sso bool
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- sso_
disabled bool - Indicates whether or not SSO is disabled.
- token_
exchange ClientToken Exchange Args - Allows configuration for token exchange
- web_
origins Sequence[str] - URLs that represent valid web origins for use with web message response mode.
- addons Property Map
- Addons enabled for this client and their associated configurations.
- allowed
Clients List<String> - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- allowed
Origins List<String> - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- app
Type String - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - callbacks List<String>
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- client
Aliases List<String> - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- client
Metadata Map<String> - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - compliance
Level String - Defines the compliance level for this client, which may restrict it's capabilities. Can be one of
none,fapi1_adv_pkj_par,fapi1_adv_mtls_par. - cross
Origin BooleanAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). - cross
Origin StringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- custom
Login StringPage - The content (HTML, CSS, JS) of the custom login page.
- custom
Login BooleanPage On - Indicates whether a custom login page is to be used.
- default
Organization Property Map - Configure and associate an organization with the Client
- description String
- Description of the purpose of the client.
- encryption
Key Map<String> - Encryption used for WS-Fed responses with this client.
- form
Template String - HTML form template to be used for WS-Federation.
- grant
Types List<String> - Types of grants that this client is authorized to use.
- initiate
Login StringUri - Initiate login URI. Must be HTTPS or an empty string.
- is
First BooleanParty - Indicates whether this client is a first-party client.Defaults to true from the API
- is
Token BooleanEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to
client_secret_postorclient_secret_basic. Setting this property when creating the resource, will default the authentication method toclient_secret_post. To change the authentication method toclient_secret_basicuse theauth0.ClientCredentialsresource. - jwt
Configuration Property Map - Configuration settings for the JWTs issued for this client.
- logo
Uri String - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- mobile Property Map
- Additional configuration for native mobile apps.
- name String
- Name of the client.
- Property Map
- Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - oidc
Backchannel List<String>Logout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- oidc
Conformant Boolean - Indicates whether this client will conform to strict OIDC specifications.
- oidc
Logout Property Map - Configure OIDC logout for the Client
- organization
Require StringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - organization
Usage String - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - refresh
Token Property Map - Configuration settings for the refresh tokens issued for this client.
- require
Proof BooleanOf Possession - Makes the use of Proof-of-Possession mandatory for this client.
- Boolean
- Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
- session
Transfer Property Map - sso Boolean
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- sso
Disabled Boolean - Indicates whether or not SSO is disabled.
- token
Exchange Property Map - Allows configuration for token exchange
- web
Origins List<String> - URLs that represent valid web origins for use with web message response mode.
Outputs
All input properties are implicitly available as output properties. Additionally, the Client resource produces the following output properties:
- Client
Id string - The ID of the client.
- Id string
- The provider-assigned unique ID for this managed resource.
- Signing
Keys List<ImmutableDictionary<string, string>> - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- Client
Id string - The ID of the client.
- Id string
- The provider-assigned unique ID for this managed resource.
- Signing
Keys []map[string]string - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- client
Id String - The ID of the client.
- id String
- The provider-assigned unique ID for this managed resource.
- signing
Keys List<Map<String,String>> - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- client
Id string - The ID of the client.
- id string
- The provider-assigned unique ID for this managed resource.
- signing
Keys {[key: string]: string}[] - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- client_
id str - The ID of the client.
- id str
- The provider-assigned unique ID for this managed resource.
- signing_
keys Sequence[Mapping[str, str]] - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- client
Id String - The ID of the client.
- id String
- The provider-assigned unique ID for this managed resource.
- signing
Keys List<Map<String>> - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
Look up Existing Client Resource
Get an existing Client resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ClientState, opts?: CustomResourceOptions): Client@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
addons: Optional[ClientAddonsArgs] = None,
allowed_clients: Optional[Sequence[str]] = None,
allowed_logout_urls: Optional[Sequence[str]] = None,
allowed_origins: Optional[Sequence[str]] = None,
app_type: Optional[str] = None,
callbacks: Optional[Sequence[str]] = None,
client_aliases: Optional[Sequence[str]] = None,
client_id: Optional[str] = None,
client_metadata: Optional[Mapping[str, str]] = None,
compliance_level: Optional[str] = None,
cross_origin_auth: Optional[bool] = None,
cross_origin_loc: Optional[str] = None,
custom_login_page: Optional[str] = None,
custom_login_page_on: Optional[bool] = None,
default_organization: Optional[ClientDefaultOrganizationArgs] = None,
description: Optional[str] = None,
encryption_key: Optional[Mapping[str, str]] = None,
form_template: Optional[str] = None,
grant_types: Optional[Sequence[str]] = None,
initiate_login_uri: Optional[str] = None,
is_first_party: Optional[bool] = None,
is_token_endpoint_ip_header_trusted: Optional[bool] = None,
jwt_configuration: Optional[ClientJwtConfigurationArgs] = None,
logo_uri: Optional[str] = None,
mobile: Optional[ClientMobileArgs] = None,
name: Optional[str] = None,
native_social_login: Optional[ClientNativeSocialLoginArgs] = None,
oidc_backchannel_logout_urls: Optional[Sequence[str]] = None,
oidc_conformant: Optional[bool] = None,
oidc_logout: Optional[ClientOidcLogoutArgs] = None,
organization_require_behavior: Optional[str] = None,
organization_usage: Optional[str] = None,
refresh_token: Optional[ClientRefreshTokenArgs] = None,
require_proof_of_possession: Optional[bool] = None,
require_pushed_authorization_requests: Optional[bool] = None,
session_transfer: Optional[ClientSessionTransferArgs] = None,
signing_keys: Optional[Sequence[Mapping[str, str]]] = None,
sso: Optional[bool] = None,
sso_disabled: Optional[bool] = None,
token_exchange: Optional[ClientTokenExchangeArgs] = None,
web_origins: Optional[Sequence[str]] = None) -> Clientfunc GetClient(ctx *Context, name string, id IDInput, state *ClientState, opts ...ResourceOption) (*Client, error)public static Client Get(string name, Input<string> id, ClientState? state, CustomResourceOptions? opts = null)public static Client get(String name, Output<String> id, ClientState state, CustomResourceOptions options)resources: _: type: auth0:Client get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Addons
Client
Addons - Addons enabled for this client and their associated configurations.
- Allowed
Clients List<string> - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- Allowed
Logout List<string>Urls - URLs that Auth0 may redirect to after logout.
- Allowed
Origins List<string> - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- App
Type string - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - Callbacks List<string>
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- Client
Aliases List<string> - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- Client
Id string - The ID of the client.
- Client
Metadata Dictionary<string, string> - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - Compliance
Level string - Defines the compliance level for this client, which may restrict it's capabilities. Can be one of
none,fapi1_adv_pkj_par,fapi1_adv_mtls_par. - Cross
Origin boolAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). - Cross
Origin stringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- Custom
Login stringPage - The content (HTML, CSS, JS) of the custom login page.
- Custom
Login boolPage On - Indicates whether a custom login page is to be used.
- Default
Organization ClientDefault Organization - Configure and associate an organization with the Client
- Description string
- Description of the purpose of the client.
- Encryption
Key Dictionary<string, string> - Encryption used for WS-Fed responses with this client.
- Form
Template string - HTML form template to be used for WS-Federation.
- Grant
Types List<string> - Types of grants that this client is authorized to use.
- Initiate
Login stringUri - Initiate login URI. Must be HTTPS or an empty string.
- Is
First boolParty - Indicates whether this client is a first-party client.Defaults to true from the API
- Is
Token boolEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to
client_secret_postorclient_secret_basic. Setting this property when creating the resource, will default the authentication method toclient_secret_post. To change the authentication method toclient_secret_basicuse theauth0.ClientCredentialsresource. - Jwt
Configuration ClientJwt Configuration - Configuration settings for the JWTs issued for this client.
- Logo
Uri string - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- Mobile
Client
Mobile - Additional configuration for native mobile apps.
- Name string
- Name of the client.
-
Client
Native Social Login - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - Oidc
Backchannel List<string>Logout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- Oidc
Conformant bool - Indicates whether this client will conform to strict OIDC specifications.
- Oidc
Logout ClientOidc Logout - Configure OIDC logout for the Client
- Organization
Require stringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - Organization
Usage string - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - Refresh
Token ClientRefresh Token - Configuration settings for the refresh tokens issued for this client.
- Require
Proof boolOf Possession - Makes the use of Proof-of-Possession mandatory for this client.
- bool
- Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
- Session
Transfer ClientSession Transfer - Signing
Keys List<ImmutableDictionary<string, string>> - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- Sso bool
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- Sso
Disabled bool - Indicates whether or not SSO is disabled.
- Token
Exchange ClientToken Exchange - Allows configuration for token exchange
- Web
Origins List<string> - URLs that represent valid web origins for use with web message response mode.
- Addons
Client
Addons Args - Addons enabled for this client and their associated configurations.
- Allowed
Clients []string - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- Allowed
Logout []stringUrls - URLs that Auth0 may redirect to after logout.
- Allowed
Origins []string - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- App
Type string - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - Callbacks []string
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- Client
Aliases []string - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- Client
Id string - The ID of the client.
- Client
Metadata map[string]string - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - Compliance
Level string - Defines the compliance level for this client, which may restrict it's capabilities. Can be one of
none,fapi1_adv_pkj_par,fapi1_adv_mtls_par. - Cross
Origin boolAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). - Cross
Origin stringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- Custom
Login stringPage - The content (HTML, CSS, JS) of the custom login page.
- Custom
Login boolPage On - Indicates whether a custom login page is to be used.
- Default
Organization ClientDefault Organization Args - Configure and associate an organization with the Client
- Description string
- Description of the purpose of the client.
- Encryption
Key map[string]string - Encryption used for WS-Fed responses with this client.
- Form
Template string - HTML form template to be used for WS-Federation.
- Grant
Types []string - Types of grants that this client is authorized to use.
- Initiate
Login stringUri - Initiate login URI. Must be HTTPS or an empty string.
- Is
First boolParty - Indicates whether this client is a first-party client.Defaults to true from the API
- Is
Token boolEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to
client_secret_postorclient_secret_basic. Setting this property when creating the resource, will default the authentication method toclient_secret_post. To change the authentication method toclient_secret_basicuse theauth0.ClientCredentialsresource. - Jwt
Configuration ClientJwt Configuration Args - Configuration settings for the JWTs issued for this client.
- Logo
Uri string - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- Mobile
Client
Mobile Args - Additional configuration for native mobile apps.
- Name string
- Name of the client.
-
Client
Native Social Login Args - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - Oidc
Backchannel []stringLogout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- Oidc
Conformant bool - Indicates whether this client will conform to strict OIDC specifications.
- Oidc
Logout ClientOidc Logout Args - Configure OIDC logout for the Client
- Organization
Require stringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - Organization
Usage string - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - Refresh
Token ClientRefresh Token Args - Configuration settings for the refresh tokens issued for this client.
- Require
Proof boolOf Possession - Makes the use of Proof-of-Possession mandatory for this client.
- bool
- Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
- Session
Transfer ClientSession Transfer Args - Signing
Keys []map[string]string - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- Sso bool
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- Sso
Disabled bool - Indicates whether or not SSO is disabled.
- Token
Exchange ClientToken Exchange Args - Allows configuration for token exchange
- Web
Origins []string - URLs that represent valid web origins for use with web message response mode.
- addons
Client
Addons - Addons enabled for this client and their associated configurations.
- allowed
Clients List<String> - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- allowed
Origins List<String> - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- app
Type String - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - callbacks List<String>
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- client
Aliases List<String> - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- client
Id String - The ID of the client.
- client
Metadata Map<String,String> - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - compliance
Level String - Defines the compliance level for this client, which may restrict it's capabilities. Can be one of
none,fapi1_adv_pkj_par,fapi1_adv_mtls_par. - cross
Origin BooleanAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). - cross
Origin StringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- custom
Login StringPage - The content (HTML, CSS, JS) of the custom login page.
- custom
Login BooleanPage On - Indicates whether a custom login page is to be used.
- default
Organization ClientDefault Organization - Configure and associate an organization with the Client
- description String
- Description of the purpose of the client.
- encryption
Key Map<String,String> - Encryption used for WS-Fed responses with this client.
- form
Template String - HTML form template to be used for WS-Federation.
- grant
Types List<String> - Types of grants that this client is authorized to use.
- initiate
Login StringUri - Initiate login URI. Must be HTTPS or an empty string.
- is
First BooleanParty - Indicates whether this client is a first-party client.Defaults to true from the API
- is
Token BooleanEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to
client_secret_postorclient_secret_basic. Setting this property when creating the resource, will default the authentication method toclient_secret_post. To change the authentication method toclient_secret_basicuse theauth0.ClientCredentialsresource. - jwt
Configuration ClientJwt Configuration - Configuration settings for the JWTs issued for this client.
- logo
Uri String - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- mobile
Client
Mobile - Additional configuration for native mobile apps.
- name String
- Name of the client.
-
Client
Native Social Login - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - oidc
Backchannel List<String>Logout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- oidc
Conformant Boolean - Indicates whether this client will conform to strict OIDC specifications.
- oidc
Logout ClientOidc Logout - Configure OIDC logout for the Client
- organization
Require StringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - organization
Usage String - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - refresh
Token ClientRefresh Token - Configuration settings for the refresh tokens issued for this client.
- require
Proof BooleanOf Possession - Makes the use of Proof-of-Possession mandatory for this client.
- Boolean
- Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
- session
Transfer ClientSession Transfer - signing
Keys List<Map<String,String>> - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- sso Boolean
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- sso
Disabled Boolean - Indicates whether or not SSO is disabled.
- token
Exchange ClientToken Exchange - Allows configuration for token exchange
- web
Origins List<String> - URLs that represent valid web origins for use with web message response mode.
- addons
Client
Addons - Addons enabled for this client and their associated configurations.
- allowed
Clients string[] - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- allowed
Logout string[]Urls - URLs that Auth0 may redirect to after logout.
- allowed
Origins string[] - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- app
Type string - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - callbacks string[]
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- client
Aliases string[] - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- client
Id string - The ID of the client.
- client
Metadata {[key: string]: string} - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - compliance
Level string - Defines the compliance level for this client, which may restrict it's capabilities. Can be one of
none,fapi1_adv_pkj_par,fapi1_adv_mtls_par. - cross
Origin booleanAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). - cross
Origin stringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- custom
Login stringPage - The content (HTML, CSS, JS) of the custom login page.
- custom
Login booleanPage On - Indicates whether a custom login page is to be used.
- default
Organization ClientDefault Organization - Configure and associate an organization with the Client
- description string
- Description of the purpose of the client.
- encryption
Key {[key: string]: string} - Encryption used for WS-Fed responses with this client.
- form
Template string - HTML form template to be used for WS-Federation.
- grant
Types string[] - Types of grants that this client is authorized to use.
- initiate
Login stringUri - Initiate login URI. Must be HTTPS or an empty string.
- is
First booleanParty - Indicates whether this client is a first-party client.Defaults to true from the API
- is
Token booleanEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to
client_secret_postorclient_secret_basic. Setting this property when creating the resource, will default the authentication method toclient_secret_post. To change the authentication method toclient_secret_basicuse theauth0.ClientCredentialsresource. - jwt
Configuration ClientJwt Configuration - Configuration settings for the JWTs issued for this client.
- logo
Uri string - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- mobile
Client
Mobile - Additional configuration for native mobile apps.
- name string
- Name of the client.
-
Client
Native Social Login - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - oidc
Backchannel string[]Logout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- oidc
Conformant boolean - Indicates whether this client will conform to strict OIDC specifications.
- oidc
Logout ClientOidc Logout - Configure OIDC logout for the Client
- organization
Require stringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - organization
Usage string - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - refresh
Token ClientRefresh Token - Configuration settings for the refresh tokens issued for this client.
- require
Proof booleanOf Possession - Makes the use of Proof-of-Possession mandatory for this client.
- boolean
- Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
- session
Transfer ClientSession Transfer - signing
Keys {[key: string]: string}[] - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- sso boolean
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- sso
Disabled boolean - Indicates whether or not SSO is disabled.
- token
Exchange ClientToken Exchange - Allows configuration for token exchange
- web
Origins string[] - URLs that represent valid web origins for use with web message response mode.
- addons
Client
Addons Args - Addons enabled for this client and their associated configurations.
- allowed_
clients Sequence[str] - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- allowed_
logout_ Sequence[str]urls - URLs that Auth0 may redirect to after logout.
- allowed_
origins Sequence[str] - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- app_
type str - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - callbacks Sequence[str]
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- client_
aliases Sequence[str] - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- client_
id str - The ID of the client.
- client_
metadata Mapping[str, str] - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - compliance_
level str - Defines the compliance level for this client, which may restrict it's capabilities. Can be one of
none,fapi1_adv_pkj_par,fapi1_adv_mtls_par. - cross_
origin_ boolauth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). - cross_
origin_ strloc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- custom_
login_ strpage - The content (HTML, CSS, JS) of the custom login page.
- custom_
login_ boolpage_ on - Indicates whether a custom login page is to be used.
- default_
organization ClientDefault Organization Args - Configure and associate an organization with the Client
- description str
- Description of the purpose of the client.
- encryption_
key Mapping[str, str] - Encryption used for WS-Fed responses with this client.
- form_
template str - HTML form template to be used for WS-Federation.
- grant_
types Sequence[str] - Types of grants that this client is authorized to use.
- initiate_
login_ struri - Initiate login URI. Must be HTTPS or an empty string.
- is_
first_ boolparty - Indicates whether this client is a first-party client.Defaults to true from the API
- is_
token_ boolendpoint_ ip_ header_ trusted - Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to
client_secret_postorclient_secret_basic. Setting this property when creating the resource, will default the authentication method toclient_secret_post. To change the authentication method toclient_secret_basicuse theauth0.ClientCredentialsresource. - jwt_
configuration ClientJwt Configuration Args - Configuration settings for the JWTs issued for this client.
- logo_
uri str - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- mobile
Client
Mobile Args - Additional configuration for native mobile apps.
- name str
- Name of the client.
-
Client
Native Social Login Args - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - oidc_
backchannel_ Sequence[str]logout_ urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- oidc_
conformant bool - Indicates whether this client will conform to strict OIDC specifications.
- oidc_
logout ClientOidc Logout Args - Configure OIDC logout for the Client
- organization_
require_ strbehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - organization_
usage str - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - refresh_
token ClientRefresh Token Args - Configuration settings for the refresh tokens issued for this client.
- require_
proof_ boolof_ possession - Makes the use of Proof-of-Possession mandatory for this client.
- bool
- Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
- session_
transfer ClientSession Transfer Args - signing_
keys Sequence[Mapping[str, str]] - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- sso bool
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- sso_
disabled bool - Indicates whether or not SSO is disabled.
- token_
exchange ClientToken Exchange Args - Allows configuration for token exchange
- web_
origins Sequence[str] - URLs that represent valid web origins for use with web message response mode.
- addons Property Map
- Addons enabled for this client and their associated configurations.
- allowed
Clients List<String> - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- allowed
Origins List<String> - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- app
Type String - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - callbacks List<String>
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- client
Aliases List<String> - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- client
Id String - The ID of the client.
- client
Metadata Map<String> - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - compliance
Level String - Defines the compliance level for this client, which may restrict it's capabilities. Can be one of
none,fapi1_adv_pkj_par,fapi1_adv_mtls_par. - cross
Origin BooleanAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). - cross
Origin StringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- custom
Login StringPage - The content (HTML, CSS, JS) of the custom login page.
- custom
Login BooleanPage On - Indicates whether a custom login page is to be used.
- default
Organization Property Map - Configure and associate an organization with the Client
- description String
- Description of the purpose of the client.
- encryption
Key Map<String> - Encryption used for WS-Fed responses with this client.
- form
Template String - HTML form template to be used for WS-Federation.
- grant
Types List<String> - Types of grants that this client is authorized to use.
- initiate
Login StringUri - Initiate login URI. Must be HTTPS or an empty string.
- is
First BooleanParty - Indicates whether this client is a first-party client.Defaults to true from the API
- is
Token BooleanEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to
client_secret_postorclient_secret_basic. Setting this property when creating the resource, will default the authentication method toclient_secret_post. To change the authentication method toclient_secret_basicuse theauth0.ClientCredentialsresource. - jwt
Configuration Property Map - Configuration settings for the JWTs issued for this client.
- logo
Uri String - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- mobile Property Map
- Additional configuration for native mobile apps.
- name String
- Name of the client.
- Property Map
- Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - oidc
Backchannel List<String>Logout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- oidc
Conformant Boolean - Indicates whether this client will conform to strict OIDC specifications.
- oidc
Logout Property Map - Configure OIDC logout for the Client
- organization
Require StringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - organization
Usage String - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - refresh
Token Property Map - Configuration settings for the refresh tokens issued for this client.
- require
Proof BooleanOf Possession - Makes the use of Proof-of-Possession mandatory for this client.
- Boolean
- Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
- session
Transfer Property Map - signing
Keys List<Map<String>> - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- sso Boolean
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- sso
Disabled Boolean - Indicates whether or not SSO is disabled.
- token
Exchange Property Map - Allows configuration for token exchange
- web
Origins List<String> - URLs that represent valid web origins for use with web message response mode.
Supporting Types
ClientAddons, ClientAddonsArgs
- Aws
Client
Addons Aws - AWS Addon configuration.
- Azure
Blob ClientAddons Azure Blob - Azure Blob Storage Addon configuration.
- Azure
Sb ClientAddons Azure Sb - Azure Storage Bus Addon configuration.
- Box
Client
Addons Box - Box SSO indicator (no configuration settings needed for Box SSO).
- Cloudbees
Client
Addons Cloudbees - CloudBees SSO indicator (no configuration settings needed for CloudBees SSO).
- Concur
Client
Addons Concur - Concur SSO indicator (no configuration settings needed for Concur SSO).
- Dropbox
Client
Addons Dropbox - Dropbox SSO indicator (no configuration settings needed for Dropbox SSO).
- Echosign
Client
Addons Echosign - Adobe EchoSign SSO configuration.
- Egnyte
Client
Addons Egnyte - Egnyte SSO configuration.
- Firebase
Client
Addons Firebase - Google Firebase addon configuration.
- Layer
Client
Addons Layer - Layer addon configuration.
- Mscrm
Client
Addons Mscrm - Microsoft Dynamics CRM SSO configuration.
- Newrelic
Client
Addons Newrelic - New Relic SSO configuration.
- Office365
Client
Addons Office365 - Microsoft Office 365 SSO configuration.
- Rms
Client
Addons Rms - Active Directory Rights Management Service SSO configuration.
- Salesforce
Client
Addons Salesforce - Salesforce SSO configuration.
- Salesforce
Api ClientAddons Salesforce Api - Salesforce API addon configuration.
- Salesforce
Sandbox ClientApi Addons Salesforce Sandbox Api - Salesforce Sandbox addon configuration.
- Samlp
Client
Addons Samlp - Configuration settings for a SAML add-on.
- Sap
Api ClientAddons Sap Api - SAP API addon configuration.
- Sentry
Client
Addons Sentry - Sentry SSO configuration.
-
Client
Addons Sharepoint - SharePoint SSO configuration.
- Slack
Client
Addons Slack - Slack team or workspace name usually first segment in your Slack URL, for example
https://acme-org.slack.comwould beacme-org. - Springcm
Client
Addons Springcm - SpringCM SSO configuration.
- Sso
Integration ClientAddons Sso Integration - Generic SSO configuration.
- Wams
Client
Addons Wams - Windows Azure Mobile Services addon configuration.
- Wsfed
Client
Addons Wsfed - WS-Fed (WIF) addon indicator. Actual configuration is stored in
callbackandclient_aliasesproperties on the client. - Zendesk
Client
Addons Zendesk - Zendesk SSO configuration.
- Zoom
Client
Addons Zoom - Zoom SSO configuration.
- Aws
Client
Addons Aws - AWS Addon configuration.
- Azure
Blob ClientAddons Azure Blob - Azure Blob Storage Addon configuration.
- Azure
Sb ClientAddons Azure Sb - Azure Storage Bus Addon configuration.
- Box
Client
Addons Box - Box SSO indicator (no configuration settings needed for Box SSO).
- Cloudbees
Client
Addons Cloudbees - CloudBees SSO indicator (no configuration settings needed for CloudBees SSO).
- Concur
Client
Addons Concur - Concur SSO indicator (no configuration settings needed for Concur SSO).
- Dropbox
Client
Addons Dropbox - Dropbox SSO indicator (no configuration settings needed for Dropbox SSO).
- Echosign
Client
Addons Echosign - Adobe EchoSign SSO configuration.
- Egnyte
Client
Addons Egnyte - Egnyte SSO configuration.
- Firebase
Client
Addons Firebase - Google Firebase addon configuration.
- Layer
Client
Addons Layer - Layer addon configuration.
- Mscrm
Client
Addons Mscrm - Microsoft Dynamics CRM SSO configuration.
- Newrelic
Client
Addons Newrelic - New Relic SSO configuration.
- Office365
Client
Addons Office365 - Microsoft Office 365 SSO configuration.
- Rms
Client
Addons Rms - Active Directory Rights Management Service SSO configuration.
- Salesforce
Client
Addons Salesforce - Salesforce SSO configuration.
- Salesforce
Api ClientAddons Salesforce Api - Salesforce API addon configuration.
- Salesforce
Sandbox ClientApi Addons Salesforce Sandbox Api - Salesforce Sandbox addon configuration.
- Samlp
Client
Addons Samlp - Configuration settings for a SAML add-on.
- Sap
Api ClientAddons Sap Api - SAP API addon configuration.
- Sentry
Client
Addons Sentry - Sentry SSO configuration.
-
Client
Addons Sharepoint - SharePoint SSO configuration.
- Slack
Client
Addons Slack - Slack team or workspace name usually first segment in your Slack URL, for example
https://acme-org.slack.comwould beacme-org. - Springcm
Client
Addons Springcm - SpringCM SSO configuration.
- Sso
Integration ClientAddons Sso Integration - Generic SSO configuration.
- Wams
Client
Addons Wams - Windows Azure Mobile Services addon configuration.
- Wsfed
Client
Addons Wsfed - WS-Fed (WIF) addon indicator. Actual configuration is stored in
callbackandclient_aliasesproperties on the client. - Zendesk
Client
Addons Zendesk - Zendesk SSO configuration.
- Zoom
Client
Addons Zoom - Zoom SSO configuration.
- aws
Client
Addons Aws - AWS Addon configuration.
- azure
Blob ClientAddons Azure Blob - Azure Blob Storage Addon configuration.
- azure
Sb ClientAddons Azure Sb - Azure Storage Bus Addon configuration.
- box
Client
Addons Box - Box SSO indicator (no configuration settings needed for Box SSO).
- cloudbees
Client
Addons Cloudbees - CloudBees SSO indicator (no configuration settings needed for CloudBees SSO).
- concur
Client
Addons Concur - Concur SSO indicator (no configuration settings needed for Concur SSO).
- dropbox
Client
Addons Dropbox - Dropbox SSO indicator (no configuration settings needed for Dropbox SSO).
- echosign
Client
Addons Echosign - Adobe EchoSign SSO configuration.
- egnyte
Client
Addons Egnyte - Egnyte SSO configuration.
- firebase
Client
Addons Firebase - Google Firebase addon configuration.
- layer
Client
Addons Layer - Layer addon configuration.
- mscrm
Client
Addons Mscrm - Microsoft Dynamics CRM SSO configuration.
- newrelic
Client
Addons Newrelic - New Relic SSO configuration.
- office365
Client
Addons Office365 - Microsoft Office 365 SSO configuration.
- rms
Client
Addons Rms - Active Directory Rights Management Service SSO configuration.
- salesforce
Client
Addons Salesforce - Salesforce SSO configuration.
- salesforce
Api ClientAddons Salesforce Api - Salesforce API addon configuration.
- salesforce
Sandbox ClientApi Addons Salesforce Sandbox Api - Salesforce Sandbox addon configuration.
- samlp
Client
Addons Samlp - Configuration settings for a SAML add-on.
- sap
Api ClientAddons Sap Api - SAP API addon configuration.
- sentry
Client
Addons Sentry - Sentry SSO configuration.
-
Client
Addons Sharepoint - SharePoint SSO configuration.
- slack
Client
Addons Slack - Slack team or workspace name usually first segment in your Slack URL, for example
https://acme-org.slack.comwould beacme-org. - springcm
Client
Addons Springcm - SpringCM SSO configuration.
- sso
Integration ClientAddons Sso Integration - Generic SSO configuration.
- wams
Client
Addons Wams - Windows Azure Mobile Services addon configuration.
- wsfed
Client
Addons Wsfed - WS-Fed (WIF) addon indicator. Actual configuration is stored in
callbackandclient_aliasesproperties on the client. - zendesk
Client
Addons Zendesk - Zendesk SSO configuration.
- zoom
Client
Addons Zoom - Zoom SSO configuration.
- aws
Client
Addons Aws - AWS Addon configuration.
- azure
Blob ClientAddons Azure Blob - Azure Blob Storage Addon configuration.
- azure
Sb ClientAddons Azure Sb - Azure Storage Bus Addon configuration.
- box
Client
Addons Box - Box SSO indicator (no configuration settings needed for Box SSO).
- cloudbees
Client
Addons Cloudbees - CloudBees SSO indicator (no configuration settings needed for CloudBees SSO).
- concur
Client
Addons Concur - Concur SSO indicator (no configuration settings needed for Concur SSO).
- dropbox
Client
Addons Dropbox - Dropbox SSO indicator (no configuration settings needed for Dropbox SSO).
- echosign
Client
Addons Echosign - Adobe EchoSign SSO configuration.
- egnyte
Client
Addons Egnyte - Egnyte SSO configuration.
- firebase
Client
Addons Firebase - Google Firebase addon configuration.
- layer
Client
Addons Layer - Layer addon configuration.
- mscrm
Client
Addons Mscrm - Microsoft Dynamics CRM SSO configuration.
- newrelic
Client
Addons Newrelic - New Relic SSO configuration.
- office365
Client
Addons Office365 - Microsoft Office 365 SSO configuration.
- rms
Client
Addons Rms - Active Directory Rights Management Service SSO configuration.
- salesforce
Client
Addons Salesforce - Salesforce SSO configuration.
- salesforce
Api ClientAddons Salesforce Api - Salesforce API addon configuration.
- salesforce
Sandbox ClientApi Addons Salesforce Sandbox Api - Salesforce Sandbox addon configuration.
- samlp
Client
Addons Samlp - Configuration settings for a SAML add-on.
- sap
Api ClientAddons Sap Api - SAP API addon configuration.
- sentry
Client
Addons Sentry - Sentry SSO configuration.
-
Client
Addons Sharepoint - SharePoint SSO configuration.
- slack
Client
Addons Slack - Slack team or workspace name usually first segment in your Slack URL, for example
https://acme-org.slack.comwould beacme-org. - springcm
Client
Addons Springcm - SpringCM SSO configuration.
- sso
Integration ClientAddons Sso Integration - Generic SSO configuration.
- wams
Client
Addons Wams - Windows Azure Mobile Services addon configuration.
- wsfed
Client
Addons Wsfed - WS-Fed (WIF) addon indicator. Actual configuration is stored in
callbackandclient_aliasesproperties on the client. - zendesk
Client
Addons Zendesk - Zendesk SSO configuration.
- zoom
Client
Addons Zoom - Zoom SSO configuration.
- aws
Client
Addons Aws - AWS Addon configuration.
- azure_
blob ClientAddons Azure Blob - Azure Blob Storage Addon configuration.
- azure_
sb ClientAddons Azure Sb - Azure Storage Bus Addon configuration.
- box
Client
Addons Box - Box SSO indicator (no configuration settings needed for Box SSO).
- cloudbees
Client
Addons Cloudbees - CloudBees SSO indicator (no configuration settings needed for CloudBees SSO).
- concur
Client
Addons Concur - Concur SSO indicator (no configuration settings needed for Concur SSO).
- dropbox
Client
Addons Dropbox - Dropbox SSO indicator (no configuration settings needed for Dropbox SSO).
- echosign
Client
Addons Echosign - Adobe EchoSign SSO configuration.
- egnyte
Client
Addons Egnyte - Egnyte SSO configuration.
- firebase
Client
Addons Firebase - Google Firebase addon configuration.
- layer
Client
Addons Layer - Layer addon configuration.
- mscrm
Client
Addons Mscrm - Microsoft Dynamics CRM SSO configuration.
- newrelic
Client
Addons Newrelic - New Relic SSO configuration.
- office365
Client
Addons Office365 - Microsoft Office 365 SSO configuration.
- rms
Client
Addons Rms - Active Directory Rights Management Service SSO configuration.
- salesforce
Client
Addons Salesforce - Salesforce SSO configuration.
- salesforce_
api ClientAddons Salesforce Api - Salesforce API addon configuration.
- salesforce_
sandbox_ Clientapi Addons Salesforce Sandbox Api - Salesforce Sandbox addon configuration.
- samlp
Client
Addons Samlp - Configuration settings for a SAML add-on.
- sap_
api ClientAddons Sap Api - SAP API addon configuration.
- sentry
Client
Addons Sentry - Sentry SSO configuration.
-
Client
Addons Sharepoint - SharePoint SSO configuration.
- slack
Client
Addons Slack - Slack team or workspace name usually first segment in your Slack URL, for example
https://acme-org.slack.comwould beacme-org. - springcm
Client
Addons Springcm - SpringCM SSO configuration.
- sso_
integration ClientAddons Sso Integration - Generic SSO configuration.
- wams
Client
Addons Wams - Windows Azure Mobile Services addon configuration.
- wsfed
Client
Addons Wsfed - WS-Fed (WIF) addon indicator. Actual configuration is stored in
callbackandclient_aliasesproperties on the client. - zendesk
Client
Addons Zendesk - Zendesk SSO configuration.
- zoom
Client
Addons Zoom - Zoom SSO configuration.
- aws Property Map
- AWS Addon configuration.
- azure
Blob Property Map - Azure Blob Storage Addon configuration.
- azure
Sb Property Map - Azure Storage Bus Addon configuration.
- box Property Map
- Box SSO indicator (no configuration settings needed for Box SSO).
- cloudbees Property Map
- CloudBees SSO indicator (no configuration settings needed for CloudBees SSO).
- concur Property Map
- Concur SSO indicator (no configuration settings needed for Concur SSO).
- dropbox Property Map
- Dropbox SSO indicator (no configuration settings needed for Dropbox SSO).
- echosign Property Map
- Adobe EchoSign SSO configuration.
- egnyte Property Map
- Egnyte SSO configuration.
- firebase Property Map
- Google Firebase addon configuration.
- layer Property Map
- Layer addon configuration.
- mscrm Property Map
- Microsoft Dynamics CRM SSO configuration.
- newrelic Property Map
- New Relic SSO configuration.
- office365 Property Map
- Microsoft Office 365 SSO configuration.
- rms Property Map
- Active Directory Rights Management Service SSO configuration.
- salesforce Property Map
- Salesforce SSO configuration.
- salesforce
Api Property Map - Salesforce API addon configuration.
- salesforce
Sandbox Property MapApi - Salesforce Sandbox addon configuration.
- samlp Property Map
- Configuration settings for a SAML add-on.
- sap
Api Property Map - SAP API addon configuration.
- sentry Property Map
- Sentry SSO configuration.
- Property Map
- SharePoint SSO configuration.
- slack Property Map
- Slack team or workspace name usually first segment in your Slack URL, for example
https://acme-org.slack.comwould beacme-org. - springcm Property Map
- SpringCM SSO configuration.
- sso
Integration Property Map - Generic SSO configuration.
- wams Property Map
- Windows Azure Mobile Services addon configuration.
- wsfed Property Map
- WS-Fed (WIF) addon indicator. Actual configuration is stored in
callbackandclient_aliasesproperties on the client. - zendesk Property Map
- Zendesk SSO configuration.
- zoom Property Map
- Zoom SSO configuration.
ClientAddonsAws, ClientAddonsAwsArgs
- Lifetime
In intSeconds - AWS token lifetime in seconds.
- Principal string
- AWS principal ARN, for example
arn:aws:iam::010616021751:saml-provider/idpname. - Role string
- AWS role ARN, for example
arn:aws:iam::010616021751:role/foo.
- Lifetime
In intSeconds - AWS token lifetime in seconds.
- Principal string
- AWS principal ARN, for example
arn:aws:iam::010616021751:saml-provider/idpname. - Role string
- AWS role ARN, for example
arn:aws:iam::010616021751:role/foo.
- lifetime
In IntegerSeconds - AWS token lifetime in seconds.
- principal String
- AWS principal ARN, for example
arn:aws:iam::010616021751:saml-provider/idpname. - role String
- AWS role ARN, for example
arn:aws:iam::010616021751:role/foo.
- lifetime
In numberSeconds - AWS token lifetime in seconds.
- principal string
- AWS principal ARN, for example
arn:aws:iam::010616021751:saml-provider/idpname. - role string
- AWS role ARN, for example
arn:aws:iam::010616021751:role/foo.
- lifetime_
in_ intseconds - AWS token lifetime in seconds.
- principal str
- AWS principal ARN, for example
arn:aws:iam::010616021751:saml-provider/idpname. - role str
- AWS role ARN, for example
arn:aws:iam::010616021751:role/foo.
- lifetime
In NumberSeconds - AWS token lifetime in seconds.
- principal String
- AWS principal ARN, for example
arn:aws:iam::010616021751:saml-provider/idpname. - role String
- AWS role ARN, for example
arn:aws:iam::010616021751:role/foo.
ClientAddonsAzureBlob, ClientAddonsAzureBlobArgs
- Account
Name string - Your Azure storage account name. Usually first segment in your Azure storage URL, for example
https://acme-org.blob.core.windows.netwould be the account nameacme-org. - Blob
Delete bool - Indicates if the issued token has permission to delete the blob.
- Blob
Name string - Entity to request a token for, such as
my-blob. If blank the computed SAS will apply to the entire storage container. - Blob
Read bool - Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
- Blob
Write bool - Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- Container
Delete bool - Indicates if issued token has permission to delete any blob in the container.
- Container
List bool - Indicates if the issued token has permission to list blobs in the container.
- Container
Name string - Container to request a token for, such as
my-container. - Container
Read bool - Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
- Container
Write bool - Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- Expiration int
- Expiration in minutes for the generated token (default of 5 minutes).
- Signed
Identifier string - Shared access policy identifier defined in your storage account resource.
- Storage
Access stringKey - Access key associated with this storage account.
- Account
Name string - Your Azure storage account name. Usually first segment in your Azure storage URL, for example
https://acme-org.blob.core.windows.netwould be the account nameacme-org. - Blob
Delete bool - Indicates if the issued token has permission to delete the blob.
- Blob
Name string - Entity to request a token for, such as
my-blob. If blank the computed SAS will apply to the entire storage container. - Blob
Read bool - Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
- Blob
Write bool - Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- Container
Delete bool - Indicates if issued token has permission to delete any blob in the container.
- Container
List bool - Indicates if the issued token has permission to list blobs in the container.
- Container
Name string - Container to request a token for, such as
my-container. - Container
Read bool - Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
- Container
Write bool - Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- Expiration int
- Expiration in minutes for the generated token (default of 5 minutes).
- Signed
Identifier string - Shared access policy identifier defined in your storage account resource.
- Storage
Access stringKey - Access key associated with this storage account.
- account
Name String - Your Azure storage account name. Usually first segment in your Azure storage URL, for example
https://acme-org.blob.core.windows.netwould be the account nameacme-org. - blob
Delete Boolean - Indicates if the issued token has permission to delete the blob.
- blob
Name String - Entity to request a token for, such as
my-blob. If blank the computed SAS will apply to the entire storage container. - blob
Read Boolean - Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
- blob
Write Boolean - Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- container
Delete Boolean - Indicates if issued token has permission to delete any blob in the container.
- container
List Boolean - Indicates if the issued token has permission to list blobs in the container.
- container
Name String - Container to request a token for, such as
my-container. - container
Read Boolean - Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
- container
Write Boolean - Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- expiration Integer
- Expiration in minutes for the generated token (default of 5 minutes).
- signed
Identifier String - Shared access policy identifier defined in your storage account resource.
- storage
Access StringKey - Access key associated with this storage account.
- account
Name string - Your Azure storage account name. Usually first segment in your Azure storage URL, for example
https://acme-org.blob.core.windows.netwould be the account nameacme-org. - blob
Delete boolean - Indicates if the issued token has permission to delete the blob.
- blob
Name string - Entity to request a token for, such as
my-blob. If blank the computed SAS will apply to the entire storage container. - blob
Read boolean - Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
- blob
Write boolean - Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- container
Delete boolean - Indicates if issued token has permission to delete any blob in the container.
- container
List boolean - Indicates if the issued token has permission to list blobs in the container.
- container
Name string - Container to request a token for, such as
my-container. - container
Read boolean - Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
- container
Write boolean - Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- expiration number
- Expiration in minutes for the generated token (default of 5 minutes).
- signed
Identifier string - Shared access policy identifier defined in your storage account resource.
- storage
Access stringKey - Access key associated with this storage account.
- account_
name str - Your Azure storage account name. Usually first segment in your Azure storage URL, for example
https://acme-org.blob.core.windows.netwould be the account nameacme-org. - blob_
delete bool - Indicates if the issued token has permission to delete the blob.
- blob_
name str - Entity to request a token for, such as
my-blob. If blank the computed SAS will apply to the entire storage container. - blob_
read bool - Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
- blob_
write bool - Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- container_
delete bool - Indicates if issued token has permission to delete any blob in the container.
- container_
list bool - Indicates if the issued token has permission to list blobs in the container.
- container_
name str - Container to request a token for, such as
my-container. - container_
read bool - Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
- container_
write bool - Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- expiration int
- Expiration in minutes for the generated token (default of 5 minutes).
- signed_
identifier str - Shared access policy identifier defined in your storage account resource.
- storage_
access_ strkey - Access key associated with this storage account.
- account
Name String - Your Azure storage account name. Usually first segment in your Azure storage URL, for example
https://acme-org.blob.core.windows.netwould be the account nameacme-org. - blob
Delete Boolean - Indicates if the issued token has permission to delete the blob.
- blob
Name String - Entity to request a token for, such as
my-blob. If blank the computed SAS will apply to the entire storage container. - blob
Read Boolean - Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
- blob
Write Boolean - Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- container
Delete Boolean - Indicates if issued token has permission to delete any blob in the container.
- container
List Boolean - Indicates if the issued token has permission to list blobs in the container.
- container
Name String - Container to request a token for, such as
my-container. - container
Read Boolean - Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
- container
Write Boolean - Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
- expiration Number
- Expiration in minutes for the generated token (default of 5 minutes).
- signed
Identifier String - Shared access policy identifier defined in your storage account resource.
- storage
Access StringKey - Access key associated with this storage account.
ClientAddonsAzureSb, ClientAddonsAzureSbArgs
- Entity
Path string - Entity you want to request a token for, such as
my-queue. - Expiration int
- Optional expiration in minutes for the generated token. Defaults to 5 minutes.
- Namespace string
- Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (for example
https://acme-org.servicebus.windows.netwould beacme-org). - Sas
Key string - Primary Key associated with your shared access policy.
- Sas
Key stringName - Your shared access policy name defined in your Service Bus entity.
- Entity
Path string - Entity you want to request a token for, such as
my-queue. - Expiration int
- Optional expiration in minutes for the generated token. Defaults to 5 minutes.
- Namespace string
- Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (for example
https://acme-org.servicebus.windows.netwould beacme-org). - Sas
Key string - Primary Key associated with your shared access policy.
- Sas
Key stringName - Your shared access policy name defined in your Service Bus entity.
- entity
Path String - Entity you want to request a token for, such as
my-queue. - expiration Integer
- Optional expiration in minutes for the generated token. Defaults to 5 minutes.
- namespace String
- Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (for example
https://acme-org.servicebus.windows.netwould beacme-org). - sas
Key String - Primary Key associated with your shared access policy.
- sas
Key StringName - Your shared access policy name defined in your Service Bus entity.
- entity
Path string - Entity you want to request a token for, such as
my-queue. - expiration number
- Optional expiration in minutes for the generated token. Defaults to 5 minutes.
- namespace string
- Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (for example
https://acme-org.servicebus.windows.netwould beacme-org). - sas
Key string - Primary Key associated with your shared access policy.
- sas
Key stringName - Your shared access policy name defined in your Service Bus entity.
- entity_
path str - Entity you want to request a token for, such as
my-queue. - expiration int
- Optional expiration in minutes for the generated token. Defaults to 5 minutes.
- namespace str
- Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (for example
https://acme-org.servicebus.windows.netwould beacme-org). - sas_
key str - Primary Key associated with your shared access policy.
- sas_
key_ strname - Your shared access policy name defined in your Service Bus entity.
- entity
Path String - Entity you want to request a token for, such as
my-queue. - expiration Number
- Optional expiration in minutes for the generated token. Defaults to 5 minutes.
- namespace String
- Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (for example
https://acme-org.servicebus.windows.netwould beacme-org). - sas
Key String - Primary Key associated with your shared access policy.
- sas
Key StringName - Your shared access policy name defined in your Service Bus entity.
ClientAddonsEchosign, ClientAddonsEchosignArgs
- Domain string
- Your custom domain found in your EchoSign URL, for example
https://acme-org.echosign.comwould beacme-org.
- Domain string
- Your custom domain found in your EchoSign URL, for example
https://acme-org.echosign.comwould beacme-org.
- domain String
- Your custom domain found in your EchoSign URL, for example
https://acme-org.echosign.comwould beacme-org.
- domain string
- Your custom domain found in your EchoSign URL, for example
https://acme-org.echosign.comwould beacme-org.
- domain str
- Your custom domain found in your EchoSign URL, for example
https://acme-org.echosign.comwould beacme-org.
- domain String
- Your custom domain found in your EchoSign URL, for example
https://acme-org.echosign.comwould beacme-org.
ClientAddonsEgnyte, ClientAddonsEgnyteArgs
- Domain string
- Your custom domain found in your Egnyte URL, for example
https://acme-org.echosign.comwould beacme-org.
- Domain string
- Your custom domain found in your Egnyte URL, for example
https://acme-org.echosign.comwould beacme-org.
- domain String
- Your custom domain found in your Egnyte URL, for example
https://acme-org.echosign.comwould beacme-org.
- domain string
- Your custom domain found in your Egnyte URL, for example
https://acme-org.echosign.comwould beacme-org.
- domain str
- Your custom domain found in your Egnyte URL, for example
https://acme-org.echosign.comwould beacme-org.
- domain String
- Your custom domain found in your Egnyte URL, for example
https://acme-org.echosign.comwould beacme-org.
ClientAddonsFirebase, ClientAddonsFirebaseArgs
- Client
Email string - ID of the Service Account you have created (shown as
client_emailin the generated JSON file, SDK v3+ tokens only). - Lifetime
In intSeconds - Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only).
- Private
Key string - Private Key for signing the token (SDK v3+ tokens only).
- Private
Key stringId - Optional ID of the private key to obtain the
kidheader claim from the issued token (SDK v3+ tokens only). - Secret string
- Google Firebase Secret. (SDK v2 only).
- Client
Email string - ID of the Service Account you have created (shown as
client_emailin the generated JSON file, SDK v3+ tokens only). - Lifetime
In intSeconds - Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only).
- Private
Key string - Private Key for signing the token (SDK v3+ tokens only).
- Private
Key stringId - Optional ID of the private key to obtain the
kidheader claim from the issued token (SDK v3+ tokens only). - Secret string
- Google Firebase Secret. (SDK v2 only).
- client
Email String - ID of the Service Account you have created (shown as
client_emailin the generated JSON file, SDK v3+ tokens only). - lifetime
In IntegerSeconds - Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only).
- private
Key String - Private Key for signing the token (SDK v3+ tokens only).
- private
Key StringId - Optional ID of the private key to obtain the
kidheader claim from the issued token (SDK v3+ tokens only). - secret String
- Google Firebase Secret. (SDK v2 only).
- client
Email string - ID of the Service Account you have created (shown as
client_emailin the generated JSON file, SDK v3+ tokens only). - lifetime
In numberSeconds - Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only).
- private
Key string - Private Key for signing the token (SDK v3+ tokens only).
- private
Key stringId - Optional ID of the private key to obtain the
kidheader claim from the issued token (SDK v3+ tokens only). - secret string
- Google Firebase Secret. (SDK v2 only).
- client_
email str - ID of the Service Account you have created (shown as
client_emailin the generated JSON file, SDK v3+ tokens only). - lifetime_
in_ intseconds - Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only).
- private_
key str - Private Key for signing the token (SDK v3+ tokens only).
- private_
key_ strid - Optional ID of the private key to obtain the
kidheader claim from the issued token (SDK v3+ tokens only). - secret str
- Google Firebase Secret. (SDK v2 only).
- client
Email String - ID of the Service Account you have created (shown as
client_emailin the generated JSON file, SDK v3+ tokens only). - lifetime
In NumberSeconds - Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only).
- private
Key String - Private Key for signing the token (SDK v3+ tokens only).
- private
Key StringId - Optional ID of the private key to obtain the
kidheader claim from the issued token (SDK v3+ tokens only). - secret String
- Google Firebase Secret. (SDK v2 only).
ClientAddonsLayer, ClientAddonsLayerArgs
- Key
Id string - Authentication Key identifier used to sign the Layer token.
- Private
Key string - Private key for signing the Layer token.
- Provider
Id string - Provider ID of your Layer account.
- Expiration int
- Optional expiration in minutes for the generated token. Defaults to 5 minutes.
- Principal string
- Name of the property used as the unique user ID in Layer. If not specified
user_idis used.
- Key
Id string - Authentication Key identifier used to sign the Layer token.
- Private
Key string - Private key for signing the Layer token.
- Provider
Id string - Provider ID of your Layer account.
- Expiration int
- Optional expiration in minutes for the generated token. Defaults to 5 minutes.
- Principal string
- Name of the property used as the unique user ID in Layer. If not specified
user_idis used.
- key
Id String - Authentication Key identifier used to sign the Layer token.
- private
Key String - Private key for signing the Layer token.
- provider
Id String - Provider ID of your Layer account.
- expiration Integer
- Optional expiration in minutes for the generated token. Defaults to 5 minutes.
- principal String
- Name of the property used as the unique user ID in Layer. If not specified
user_idis used.
- key
Id string - Authentication Key identifier used to sign the Layer token.
- private
Key string - Private key for signing the Layer token.
- provider
Id string - Provider ID of your Layer account.
- expiration number
- Optional expiration in minutes for the generated token. Defaults to 5 minutes.
- principal string
- Name of the property used as the unique user ID in Layer. If not specified
user_idis used.
- key_
id str - Authentication Key identifier used to sign the Layer token.
- private_
key str - Private key for signing the Layer token.
- provider_
id str - Provider ID of your Layer account.
- expiration int
- Optional expiration in minutes for the generated token. Defaults to 5 minutes.
- principal str
- Name of the property used as the unique user ID in Layer. If not specified
user_idis used.
- key
Id String - Authentication Key identifier used to sign the Layer token.
- private
Key String - Private key for signing the Layer token.
- provider
Id String - Provider ID of your Layer account.
- expiration Number
- Optional expiration in minutes for the generated token. Defaults to 5 minutes.
- principal String
- Name of the property used as the unique user ID in Layer. If not specified
user_idis used.
ClientAddonsMscrm, ClientAddonsMscrmArgs
- Url string
- Microsoft Dynamics CRM application URL.
- Url string
- Microsoft Dynamics CRM application URL.
- url String
- Microsoft Dynamics CRM application URL.
- url string
- Microsoft Dynamics CRM application URL.
- url str
- Microsoft Dynamics CRM application URL.
- url String
- Microsoft Dynamics CRM application URL.
ClientAddonsNewrelic, ClientAddonsNewrelicArgs
- Account string
- Your New Relic Account ID found in your New Relic URL after the
/accounts/path, for examplehttps://rpm.newrelic.com/accounts/123456/querywould be123456.
- Account string
- Your New Relic Account ID found in your New Relic URL after the
/accounts/path, for examplehttps://rpm.newrelic.com/accounts/123456/querywould be123456.
- account String
- Your New Relic Account ID found in your New Relic URL after the
/accounts/path, for examplehttps://rpm.newrelic.com/accounts/123456/querywould be123456.
- account string
- Your New Relic Account ID found in your New Relic URL after the
/accounts/path, for examplehttps://rpm.newrelic.com/accounts/123456/querywould be123456.
- account str
- Your New Relic Account ID found in your New Relic URL after the
/accounts/path, for examplehttps://rpm.newrelic.com/accounts/123456/querywould be123456.
- account String
- Your New Relic Account ID found in your New Relic URL after the
/accounts/path, for examplehttps://rpm.newrelic.com/accounts/123456/querywould be123456.
ClientAddonsOffice365, ClientAddonsOffice365Args
- Connection string
- Optional Auth0 database connection for testing an already-configured Office 365 tenant.
- Domain string
- Your Office 365 domain name, for example
acme-org.com.
- Connection string
- Optional Auth0 database connection for testing an already-configured Office 365 tenant.
- Domain string
- Your Office 365 domain name, for example
acme-org.com.
- connection String
- Optional Auth0 database connection for testing an already-configured Office 365 tenant.
- domain String
- Your Office 365 domain name, for example
acme-org.com.
- connection string
- Optional Auth0 database connection for testing an already-configured Office 365 tenant.
- domain string
- Your Office 365 domain name, for example
acme-org.com.
- connection str
- Optional Auth0 database connection for testing an already-configured Office 365 tenant.
- domain str
- Your Office 365 domain name, for example
acme-org.com.
- connection String
- Optional Auth0 database connection for testing an already-configured Office 365 tenant.
- domain String
- Your Office 365 domain name, for example
acme-org.com.
ClientAddonsRms, ClientAddonsRmsArgs
- Url string
- URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it.
- Url string
- URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it.
- url String
- URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it.
- url string
- URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it.
- url str
- URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it.
- url String
- URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it.
ClientAddonsSalesforce, ClientAddonsSalesforceArgs
- Entity
Id string - Arbitrary logical URL that identifies the Saleforce resource, for example
https://acme-org.com.
- Entity
Id string - Arbitrary logical URL that identifies the Saleforce resource, for example
https://acme-org.com.
- entity
Id String - Arbitrary logical URL that identifies the Saleforce resource, for example
https://acme-org.com.
- entity
Id string - Arbitrary logical URL that identifies the Saleforce resource, for example
https://acme-org.com.
- entity_
id str - Arbitrary logical URL that identifies the Saleforce resource, for example
https://acme-org.com.
- entity
Id String - Arbitrary logical URL that identifies the Saleforce resource, for example
https://acme-org.com.
ClientAddonsSalesforceApi, ClientAddonsSalesforceApiArgs
- Client
Id string - Consumer Key assigned by Salesforce to the Connected App.
- Community
Name string - Community name.
- Community
Url stringSection - Community URL section.
- Principal string
- Name of the property in the user object that maps to a Salesforce username, for example
email.
- Client
Id string - Consumer Key assigned by Salesforce to the Connected App.
- Community
Name string - Community name.
- Community
Url stringSection - Community URL section.
- Principal string
- Name of the property in the user object that maps to a Salesforce username, for example
email.
- client
Id String - Consumer Key assigned by Salesforce to the Connected App.
- community
Name String - Community name.
- community
Url StringSection - Community URL section.
- principal String
- Name of the property in the user object that maps to a Salesforce username, for example
email.
- client
Id string - Consumer Key assigned by Salesforce to the Connected App.
- community
Name string - Community name.
- community
Url stringSection - Community URL section.
- principal string
- Name of the property in the user object that maps to a Salesforce username, for example
email.
- client_
id str - Consumer Key assigned by Salesforce to the Connected App.
- community_
name str - Community name.
- community_
url_ strsection - Community URL section.
- principal str
- Name of the property in the user object that maps to a Salesforce username, for example
email.
- client
Id String - Consumer Key assigned by Salesforce to the Connected App.
- community
Name String - Community name.
- community
Url StringSection - Community URL section.
- principal String
- Name of the property in the user object that maps to a Salesforce username, for example
email.
ClientAddonsSalesforceSandboxApi, ClientAddonsSalesforceSandboxApiArgs
- Client
Id string - Consumer Key assigned by Salesforce to the Connected App.
- Community
Name string - Community name.
- Community
Url stringSection - Community URL section.
- Principal string
- Name of the property in the user object that maps to a Salesforce username, for example
email.
- Client
Id string - Consumer Key assigned by Salesforce to the Connected App.
- Community
Name string - Community name.
- Community
Url stringSection - Community URL section.
- Principal string
- Name of the property in the user object that maps to a Salesforce username, for example
email.
- client
Id String - Consumer Key assigned by Salesforce to the Connected App.
- community
Name String - Community name.
- community
Url StringSection - Community URL section.
- principal String
- Name of the property in the user object that maps to a Salesforce username, for example
email.
- client
Id string - Consumer Key assigned by Salesforce to the Connected App.
- community
Name string - Community name.
- community
Url stringSection - Community URL section.
- principal string
- Name of the property in the user object that maps to a Salesforce username, for example
email.
- client_
id str - Consumer Key assigned by Salesforce to the Connected App.
- community_
name str - Community name.
- community_
url_ strsection - Community URL section.
- principal str
- Name of the property in the user object that maps to a Salesforce username, for example
email.
- client
Id String - Consumer Key assigned by Salesforce to the Connected App.
- community
Name String - Community name.
- community
Url StringSection - Community URL section.
- principal String
- Name of the property in the user object that maps to a Salesforce username, for example
email.
ClientAddonsSamlp, ClientAddonsSamlpArgs
- Audience string
- Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
- Authn
Context stringClass Ref - Class reference of the authentication context.
- Binding string
- Protocol binding used for SAML logout responses.
- Create
Upn boolClaim - Indicates whether a UPN claim should be created. Defaults to
true. - Destination string
- Destination of the SAML Response. If not specified, it will be
AssertionConsumerUrlof SAMLRequest or callback URL if there was no SAMLRequest. - Digest
Algorithm string - Algorithm used to calculate the digest of the SAML Assertion or response. Options include
sha1andsha256. Defaults tosha1. - Flexible
Mappings string - This is a supporting attribute to
mappingsfield.Please note this is an experimental field. It should only be used when needed to send a map with keys as slices. - Include
Attribute boolName Format - Indicates whether or not we should infer the NameFormat based on the attribute name. If set to
false, the attribute NameFormat is not set in the assertion. Defaults totrue. - Issuer string
- Issuer of the SAML Assertion.
- Lifetime
In intSeconds - Number of seconds during which the token is valid. Defaults to
3600seconds. - Logout
Client
Addons Samlp Logout - Configuration settings for logout.
- Map
Identities bool - Indicates whether or not to add additional identity information in the token, such as the provider used and the
access_token, if available. Defaults totrue. - Map
Unknown boolClaims As Is - Indicates whether to add a prefix of
http://schema.auth0.comto any claims that are not mapped to the common profile when passed through in the output assertion. Defaults tofalse. - Mappings Dictionary<string, string>
- Mappings between the Auth0 user profile property name (
name) and the output attributes on the SAML attribute in the assertion (value). - Name
Identifier stringFormat - Format of the name identifier. Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified. - Name
Identifier List<string>Probes - Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
- Passthrough
Claims boolWith No Mapping - Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion. Defaults to
true. - Recipient string
- Recipient of the SAML Assertion (SubjectConfirmationData). Default is
AssertionConsumerUrlon SAMLRequest or callback URL if no SAMLRequest was sent. - Sign
Response bool - Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
- Signature
Algorithm string - Algorithm used to sign the SAML Assertion or response. Options include
rsa-sha1andrsa-sha256. Defaults torsa-sha1. - Signing
Cert string - Optionally indicates the public key certificate used to validate SAML requests. If set, SAML requests will be required to be signed. A sample value would be
-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n. - Typed
Attributes bool - Indicates whether or not we should infer the
xs:typeof the element. Types includexs:string,xs:boolean,xs:double, andxs:anyType. When set tofalse, allxs:typearexs:anyType. Defaults totrue.
- Audience string
- Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
- Authn
Context stringClass Ref - Class reference of the authentication context.
- Binding string
- Protocol binding used for SAML logout responses.
- Create
Upn boolClaim - Indicates whether a UPN claim should be created. Defaults to
true. - Destination string
- Destination of the SAML Response. If not specified, it will be
AssertionConsumerUrlof SAMLRequest or callback URL if there was no SAMLRequest. - Digest
Algorithm string - Algorithm used to calculate the digest of the SAML Assertion or response. Options include
sha1andsha256. Defaults tosha1. - Flexible
Mappings string - This is a supporting attribute to
mappingsfield.Please note this is an experimental field. It should only be used when needed to send a map with keys as slices. - Include
Attribute boolName Format - Indicates whether or not we should infer the NameFormat based on the attribute name. If set to
false, the attribute NameFormat is not set in the assertion. Defaults totrue. - Issuer string
- Issuer of the SAML Assertion.
- Lifetime
In intSeconds - Number of seconds during which the token is valid. Defaults to
3600seconds. - Logout
Client
Addons Samlp Logout - Configuration settings for logout.
- Map
Identities bool - Indicates whether or not to add additional identity information in the token, such as the provider used and the
access_token, if available. Defaults totrue. - Map
Unknown boolClaims As Is - Indicates whether to add a prefix of
http://schema.auth0.comto any claims that are not mapped to the common profile when passed through in the output assertion. Defaults tofalse. - Mappings map[string]string
- Mappings between the Auth0 user profile property name (
name) and the output attributes on the SAML attribute in the assertion (value). - Name
Identifier stringFormat - Format of the name identifier. Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified. - Name
Identifier []stringProbes - Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
- Passthrough
Claims boolWith No Mapping - Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion. Defaults to
true. - Recipient string
- Recipient of the SAML Assertion (SubjectConfirmationData). Default is
AssertionConsumerUrlon SAMLRequest or callback URL if no SAMLRequest was sent. - Sign
Response bool - Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
- Signature
Algorithm string - Algorithm used to sign the SAML Assertion or response. Options include
rsa-sha1andrsa-sha256. Defaults torsa-sha1. - Signing
Cert string - Optionally indicates the public key certificate used to validate SAML requests. If set, SAML requests will be required to be signed. A sample value would be
-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n. - Typed
Attributes bool - Indicates whether or not we should infer the
xs:typeof the element. Types includexs:string,xs:boolean,xs:double, andxs:anyType. When set tofalse, allxs:typearexs:anyType. Defaults totrue.
- audience String
- Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
- authn
Context StringClass Ref - Class reference of the authentication context.
- binding String
- Protocol binding used for SAML logout responses.
- create
Upn BooleanClaim - Indicates whether a UPN claim should be created. Defaults to
true. - destination String
- Destination of the SAML Response. If not specified, it will be
AssertionConsumerUrlof SAMLRequest or callback URL if there was no SAMLRequest. - digest
Algorithm String - Algorithm used to calculate the digest of the SAML Assertion or response. Options include
sha1andsha256. Defaults tosha1. - flexible
Mappings String - This is a supporting attribute to
mappingsfield.Please note this is an experimental field. It should only be used when needed to send a map with keys as slices. - include
Attribute BooleanName Format - Indicates whether or not we should infer the NameFormat based on the attribute name. If set to
false, the attribute NameFormat is not set in the assertion. Defaults totrue. - issuer String
- Issuer of the SAML Assertion.
- lifetime
In IntegerSeconds - Number of seconds during which the token is valid. Defaults to
3600seconds. - logout
Client
Addons Samlp Logout - Configuration settings for logout.
- map
Identities Boolean - Indicates whether or not to add additional identity information in the token, such as the provider used and the
access_token, if available. Defaults totrue. - map
Unknown BooleanClaims As Is - Indicates whether to add a prefix of
http://schema.auth0.comto any claims that are not mapped to the common profile when passed through in the output assertion. Defaults tofalse. - mappings Map<String,String>
- Mappings between the Auth0 user profile property name (
name) and the output attributes on the SAML attribute in the assertion (value). - name
Identifier StringFormat - Format of the name identifier. Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified. - name
Identifier List<String>Probes - Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
- passthrough
Claims BooleanWith No Mapping - Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion. Defaults to
true. - recipient String
- Recipient of the SAML Assertion (SubjectConfirmationData). Default is
AssertionConsumerUrlon SAMLRequest or callback URL if no SAMLRequest was sent. - sign
Response Boolean - Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
- signature
Algorithm String - Algorithm used to sign the SAML Assertion or response. Options include
rsa-sha1andrsa-sha256. Defaults torsa-sha1. - signing
Cert String - Optionally indicates the public key certificate used to validate SAML requests. If set, SAML requests will be required to be signed. A sample value would be
-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n. - typed
Attributes Boolean - Indicates whether or not we should infer the
xs:typeof the element. Types includexs:string,xs:boolean,xs:double, andxs:anyType. When set tofalse, allxs:typearexs:anyType. Defaults totrue.
- audience string
- Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
- authn
Context stringClass Ref - Class reference of the authentication context.
- binding string
- Protocol binding used for SAML logout responses.
- create
Upn booleanClaim - Indicates whether a UPN claim should be created. Defaults to
true. - destination string
- Destination of the SAML Response. If not specified, it will be
AssertionConsumerUrlof SAMLRequest or callback URL if there was no SAMLRequest. - digest
Algorithm string - Algorithm used to calculate the digest of the SAML Assertion or response. Options include
sha1andsha256. Defaults tosha1. - flexible
Mappings string - This is a supporting attribute to
mappingsfield.Please note this is an experimental field. It should only be used when needed to send a map with keys as slices. - include
Attribute booleanName Format - Indicates whether or not we should infer the NameFormat based on the attribute name. If set to
false, the attribute NameFormat is not set in the assertion. Defaults totrue. - issuer string
- Issuer of the SAML Assertion.
- lifetime
In numberSeconds - Number of seconds during which the token is valid. Defaults to
3600seconds. - logout
Client
Addons Samlp Logout - Configuration settings for logout.
- map
Identities boolean - Indicates whether or not to add additional identity information in the token, such as the provider used and the
access_token, if available. Defaults totrue. - map
Unknown booleanClaims As Is - Indicates whether to add a prefix of
http://schema.auth0.comto any claims that are not mapped to the common profile when passed through in the output assertion. Defaults tofalse. - mappings {[key: string]: string}
- Mappings between the Auth0 user profile property name (
name) and the output attributes on the SAML attribute in the assertion (value). - name
Identifier stringFormat - Format of the name identifier. Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified. - name
Identifier string[]Probes - Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
- passthrough
Claims booleanWith No Mapping - Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion. Defaults to
true. - recipient string
- Recipient of the SAML Assertion (SubjectConfirmationData). Default is
AssertionConsumerUrlon SAMLRequest or callback URL if no SAMLRequest was sent. - sign
Response boolean - Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
- signature
Algorithm string - Algorithm used to sign the SAML Assertion or response. Options include
rsa-sha1andrsa-sha256. Defaults torsa-sha1. - signing
Cert string - Optionally indicates the public key certificate used to validate SAML requests. If set, SAML requests will be required to be signed. A sample value would be
-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n. - typed
Attributes boolean - Indicates whether or not we should infer the
xs:typeof the element. Types includexs:string,xs:boolean,xs:double, andxs:anyType. When set tofalse, allxs:typearexs:anyType. Defaults totrue.
- audience str
- Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
- authn_
context_ strclass_ ref - Class reference of the authentication context.
- binding str
- Protocol binding used for SAML logout responses.
- create_
upn_ boolclaim - Indicates whether a UPN claim should be created. Defaults to
true. - destination str
- Destination of the SAML Response. If not specified, it will be
AssertionConsumerUrlof SAMLRequest or callback URL if there was no SAMLRequest. - digest_
algorithm str - Algorithm used to calculate the digest of the SAML Assertion or response. Options include
sha1andsha256. Defaults tosha1. - flexible_
mappings str - This is a supporting attribute to
mappingsfield.Please note this is an experimental field. It should only be used when needed to send a map with keys as slices. - include_
attribute_ boolname_ format - Indicates whether or not we should infer the NameFormat based on the attribute name. If set to
false, the attribute NameFormat is not set in the assertion. Defaults totrue. - issuer str
- Issuer of the SAML Assertion.
- lifetime_
in_ intseconds - Number of seconds during which the token is valid. Defaults to
3600seconds. - logout
Client
Addons Samlp Logout - Configuration settings for logout.
- map_
identities bool - Indicates whether or not to add additional identity information in the token, such as the provider used and the
access_token, if available. Defaults totrue. - map_
unknown_ boolclaims_ as_ is - Indicates whether to add a prefix of
http://schema.auth0.comto any claims that are not mapped to the common profile when passed through in the output assertion. Defaults tofalse. - mappings Mapping[str, str]
- Mappings between the Auth0 user profile property name (
name) and the output attributes on the SAML attribute in the assertion (value). - name_
identifier_ strformat - Format of the name identifier. Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified. - name_
identifier_ Sequence[str]probes - Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
- passthrough_
claims_ boolwith_ no_ mapping - Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion. Defaults to
true. - recipient str
- Recipient of the SAML Assertion (SubjectConfirmationData). Default is
AssertionConsumerUrlon SAMLRequest or callback URL if no SAMLRequest was sent. - sign_
response bool - Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
- signature_
algorithm str - Algorithm used to sign the SAML Assertion or response. Options include
rsa-sha1andrsa-sha256. Defaults torsa-sha1. - signing_
cert str - Optionally indicates the public key certificate used to validate SAML requests. If set, SAML requests will be required to be signed. A sample value would be
-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n. - typed_
attributes bool - Indicates whether or not we should infer the
xs:typeof the element. Types includexs:string,xs:boolean,xs:double, andxs:anyType. When set tofalse, allxs:typearexs:anyType. Defaults totrue.
- audience String
- Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
- authn
Context StringClass Ref - Class reference of the authentication context.
- binding String
- Protocol binding used for SAML logout responses.
- create
Upn BooleanClaim - Indicates whether a UPN claim should be created. Defaults to
true. - destination String
- Destination of the SAML Response. If not specified, it will be
AssertionConsumerUrlof SAMLRequest or callback URL if there was no SAMLRequest. - digest
Algorithm String - Algorithm used to calculate the digest of the SAML Assertion or response. Options include
sha1andsha256. Defaults tosha1. - flexible
Mappings String - This is a supporting attribute to
mappingsfield.Please note this is an experimental field. It should only be used when needed to send a map with keys as slices. - include
Attribute BooleanName Format - Indicates whether or not we should infer the NameFormat based on the attribute name. If set to
false, the attribute NameFormat is not set in the assertion. Defaults totrue. - issuer String
- Issuer of the SAML Assertion.
- lifetime
In NumberSeconds - Number of seconds during which the token is valid. Defaults to
3600seconds. - logout Property Map
- Configuration settings for logout.
- map
Identities Boolean - Indicates whether or not to add additional identity information in the token, such as the provider used and the
access_token, if available. Defaults totrue. - map
Unknown BooleanClaims As Is - Indicates whether to add a prefix of
http://schema.auth0.comto any claims that are not mapped to the common profile when passed through in the output assertion. Defaults tofalse. - mappings Map<String>
- Mappings between the Auth0 user profile property name (
name) and the output attributes on the SAML attribute in the assertion (value). - name
Identifier StringFormat - Format of the name identifier. Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified. - name
Identifier List<String>Probes - Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
- passthrough
Claims BooleanWith No Mapping - Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion. Defaults to
true. - recipient String
- Recipient of the SAML Assertion (SubjectConfirmationData). Default is
AssertionConsumerUrlon SAMLRequest or callback URL if no SAMLRequest was sent. - sign
Response Boolean - Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
- signature
Algorithm String - Algorithm used to sign the SAML Assertion or response. Options include
rsa-sha1andrsa-sha256. Defaults torsa-sha1. - signing
Cert String - Optionally indicates the public key certificate used to validate SAML requests. If set, SAML requests will be required to be signed. A sample value would be
-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n. - typed
Attributes Boolean - Indicates whether or not we should infer the
xs:typeof the element. Types includexs:string,xs:boolean,xs:double, andxs:anyType. When set tofalse, allxs:typearexs:anyType. Defaults totrue.
ClientAddonsSamlpLogout, ClientAddonsSamlpLogoutArgs
- Callback string
- The service provider (client application)'s Single Logout Service URL, where Auth0 will send logout requests and responses.
- Slo
Enabled bool - Controls whether Auth0 should notify service providers of session termination.
- Callback string
- The service provider (client application)'s Single Logout Service URL, where Auth0 will send logout requests and responses.
- Slo
Enabled bool - Controls whether Auth0 should notify service providers of session termination.
- callback String
- The service provider (client application)'s Single Logout Service URL, where Auth0 will send logout requests and responses.
- slo
Enabled Boolean - Controls whether Auth0 should notify service providers of session termination.
- callback string
- The service provider (client application)'s Single Logout Service URL, where Auth0 will send logout requests and responses.
- slo
Enabled boolean - Controls whether Auth0 should notify service providers of session termination.
- callback str
- The service provider (client application)'s Single Logout Service URL, where Auth0 will send logout requests and responses.
- slo_
enabled bool - Controls whether Auth0 should notify service providers of session termination.
- callback String
- The service provider (client application)'s Single Logout Service URL, where Auth0 will send logout requests and responses.
- slo
Enabled Boolean - Controls whether Auth0 should notify service providers of session termination.
ClientAddonsSapApi, ClientAddonsSapApiArgs
- Client
Id string - If activated in the OAuth 2.0 client configuration (transaction
SOAUTH2) the SAML attributeclientidmust be set and equal theclientid` form parameter of the access token request. - Name
Identifier stringFormat - NameID element of the Subject which can be used to express the user's identity. Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified. - Scope string
- Requested scope for SAP APIs.
- Service
Password string - Service account password to use to authenticate API calls to the token endpoint.
- Token
Endpoint stringUrl - The OAuth2 token endpoint URL of your SAP OData server.
- Username
Attribute string - Name of the property in the user object that maps to a SAP username, for example
email.
- Client
Id string - If activated in the OAuth 2.0 client configuration (transaction
SOAUTH2) the SAML attributeclientidmust be set and equal theclientid` form parameter of the access token request. - Name
Identifier stringFormat - NameID element of the Subject which can be used to express the user's identity. Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified. - Scope string
- Requested scope for SAP APIs.
- Service
Password string - Service account password to use to authenticate API calls to the token endpoint.
- Token
Endpoint stringUrl - The OAuth2 token endpoint URL of your SAP OData server.
- Username
Attribute string - Name of the property in the user object that maps to a SAP username, for example
email.
- client
Id String - If activated in the OAuth 2.0 client configuration (transaction
SOAUTH2) the SAML attributeclientidmust be set and equal theclientid` form parameter of the access token request. - name
Identifier StringFormat - NameID element of the Subject which can be used to express the user's identity. Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified. - scope String
- Requested scope for SAP APIs.
- service
Password String - Service account password to use to authenticate API calls to the token endpoint.
- token
Endpoint StringUrl - The OAuth2 token endpoint URL of your SAP OData server.
- username
Attribute String - Name of the property in the user object that maps to a SAP username, for example
email.
- client
Id string - If activated in the OAuth 2.0 client configuration (transaction
SOAUTH2) the SAML attributeclientidmust be set and equal theclientid` form parameter of the access token request. - name
Identifier stringFormat - NameID element of the Subject which can be used to express the user's identity. Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified. - scope string
- Requested scope for SAP APIs.
- service
Password string - Service account password to use to authenticate API calls to the token endpoint.
- token
Endpoint stringUrl - The OAuth2 token endpoint URL of your SAP OData server.
- username
Attribute string - Name of the property in the user object that maps to a SAP username, for example
email.
- client_
id str - If activated in the OAuth 2.0 client configuration (transaction
SOAUTH2) the SAML attributeclientidmust be set and equal theclientid` form parameter of the access token request. - name_
identifier_ strformat - NameID element of the Subject which can be used to express the user's identity. Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified. - scope str
- Requested scope for SAP APIs.
- service_
password str - Service account password to use to authenticate API calls to the token endpoint.
- token_
endpoint_ strurl - The OAuth2 token endpoint URL of your SAP OData server.
- username_
attribute str - Name of the property in the user object that maps to a SAP username, for example
email.
- client
Id String - If activated in the OAuth 2.0 client configuration (transaction
SOAUTH2) the SAML attributeclientidmust be set and equal theclientid` form parameter of the access token request. - name
Identifier StringFormat - NameID element of the Subject which can be used to express the user's identity. Defaults to
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified. - scope String
- Requested scope for SAP APIs.
- service
Password String - Service account password to use to authenticate API calls to the token endpoint.
- token
Endpoint StringUrl - The OAuth2 token endpoint URL of your SAP OData server.
- username
Attribute String - Name of the property in the user object that maps to a SAP username, for example
email.
ClientAddonsSentry, ClientAddonsSentryArgs
ClientAddonsSharepoint, ClientAddonsSharepointArgs
- External
Urls List<string> - External SharePoint application URLs if exposed to the Internet.
- Url string
- Internal SharePoint application URL.
- External
Urls []string - External SharePoint application URLs if exposed to the Internet.
- Url string
- Internal SharePoint application URL.
- external
Urls List<String> - External SharePoint application URLs if exposed to the Internet.
- url String
- Internal SharePoint application URL.
- external
Urls string[] - External SharePoint application URLs if exposed to the Internet.
- url string
- Internal SharePoint application URL.
- external_
urls Sequence[str] - External SharePoint application URLs if exposed to the Internet.
- url str
- Internal SharePoint application URL.
- external
Urls List<String> - External SharePoint application URLs if exposed to the Internet.
- url String
- Internal SharePoint application URL.
ClientAddonsSlack, ClientAddonsSlackArgs
- Team string
- Slack team name.
- Team string
- Slack team name.
- team String
- Slack team name.
- team string
- Slack team name.
- team str
- Slack team name.
- team String
- Slack team name.
ClientAddonsSpringcm, ClientAddonsSpringcmArgs
- Acs
Url string - SpringCM ACS URL, for example
https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx.
- Acs
Url string - SpringCM ACS URL, for example
https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx.
- acs
Url String - SpringCM ACS URL, for example
https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx.
- acs
Url string - SpringCM ACS URL, for example
https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx.
- acs_
url str - SpringCM ACS URL, for example
https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx.
- acs
Url String - SpringCM ACS URL, for example
https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx.
ClientAddonsSsoIntegration, ClientAddonsSsoIntegrationArgs
ClientAddonsWams, ClientAddonsWamsArgs
- Master
Key string - Your master key for Windows Azure Mobile Services.
- Master
Key string - Your master key for Windows Azure Mobile Services.
- master
Key String - Your master key for Windows Azure Mobile Services.
- master
Key string - Your master key for Windows Azure Mobile Services.
- master_
key str - Your master key for Windows Azure Mobile Services.
- master
Key String - Your master key for Windows Azure Mobile Services.
ClientAddonsZendesk, ClientAddonsZendeskArgs
- Account
Name string - Zendesk account name. Usually the first segment in your Zendesk URL, for example
https://acme-org.zendesk.comwould beacme-org.
- Account
Name string - Zendesk account name. Usually the first segment in your Zendesk URL, for example
https://acme-org.zendesk.comwould beacme-org.
- account
Name String - Zendesk account name. Usually the first segment in your Zendesk URL, for example
https://acme-org.zendesk.comwould beacme-org.
- account
Name string - Zendesk account name. Usually the first segment in your Zendesk URL, for example
https://acme-org.zendesk.comwould beacme-org.
- account_
name str - Zendesk account name. Usually the first segment in your Zendesk URL, for example
https://acme-org.zendesk.comwould beacme-org.
- account
Name String - Zendesk account name. Usually the first segment in your Zendesk URL, for example
https://acme-org.zendesk.comwould beacme-org.
ClientAddonsZoom, ClientAddonsZoomArgs
- Account string
- Zoom account name. Usually the first segment of your Zoom URL, for example
https://acme-org.zoom.uswould beacme-org.
- Account string
- Zoom account name. Usually the first segment of your Zoom URL, for example
https://acme-org.zoom.uswould beacme-org.
- account String
- Zoom account name. Usually the first segment of your Zoom URL, for example
https://acme-org.zoom.uswould beacme-org.
- account string
- Zoom account name. Usually the first segment of your Zoom URL, for example
https://acme-org.zoom.uswould beacme-org.
- account str
- Zoom account name. Usually the first segment of your Zoom URL, for example
https://acme-org.zoom.uswould beacme-org.
- account String
- Zoom account name. Usually the first segment of your Zoom URL, for example
https://acme-org.zoom.uswould beacme-org.
ClientDefaultOrganization, ClientDefaultOrganizationArgs
- Disable bool
- If set, the
default_organizationwill be removed. - Flows List<string>
- Definition of the flow that needs to be configured. Eg. client_credentials
- Organization
Id string - The unique identifier of the organization
- Disable bool
- If set, the
default_organizationwill be removed. - Flows []string
- Definition of the flow that needs to be configured. Eg. client_credentials
- Organization
Id string - The unique identifier of the organization
- disable Boolean
- If set, the
default_organizationwill be removed. - flows List<String>
- Definition of the flow that needs to be configured. Eg. client_credentials
- organization
Id String - The unique identifier of the organization
- disable boolean
- If set, the
default_organizationwill be removed. - flows string[]
- Definition of the flow that needs to be configured. Eg. client_credentials
- organization
Id string - The unique identifier of the organization
- disable bool
- If set, the
default_organizationwill be removed. - flows Sequence[str]
- Definition of the flow that needs to be configured. Eg. client_credentials
- organization_
id str - The unique identifier of the organization
- disable Boolean
- If set, the
default_organizationwill be removed. - flows List<String>
- Definition of the flow that needs to be configured. Eg. client_credentials
- organization
Id String - The unique identifier of the organization
ClientJwtConfiguration, ClientJwtConfigurationArgs
- Alg string
- Algorithm used to sign JWTs. Can be one of
HS256,RS256,PS256. - Lifetime
In intSeconds - Number of seconds during which the JWT will be valid.
- Scopes Dictionary<string, string>
- Permissions (scopes) included in JWTs.
- Secret
Encoded bool - Indicates whether the client secret is Base64-encoded.
- Alg string
- Algorithm used to sign JWTs. Can be one of
HS256,RS256,PS256. - Lifetime
In intSeconds - Number of seconds during which the JWT will be valid.
- Scopes map[string]string
- Permissions (scopes) included in JWTs.
- Secret
Encoded bool - Indicates whether the client secret is Base64-encoded.
- alg String
- Algorithm used to sign JWTs. Can be one of
HS256,RS256,PS256. - lifetime
In IntegerSeconds - Number of seconds during which the JWT will be valid.
- scopes Map<String,String>
- Permissions (scopes) included in JWTs.
- secret
Encoded Boolean - Indicates whether the client secret is Base64-encoded.
- alg string
- Algorithm used to sign JWTs. Can be one of
HS256,RS256,PS256. - lifetime
In numberSeconds - Number of seconds during which the JWT will be valid.
- scopes {[key: string]: string}
- Permissions (scopes) included in JWTs.
- secret
Encoded boolean - Indicates whether the client secret is Base64-encoded.
- alg str
- Algorithm used to sign JWTs. Can be one of
HS256,RS256,PS256. - lifetime_
in_ intseconds - Number of seconds during which the JWT will be valid.
- scopes Mapping[str, str]
- Permissions (scopes) included in JWTs.
- secret_
encoded bool - Indicates whether the client secret is Base64-encoded.
- alg String
- Algorithm used to sign JWTs. Can be one of
HS256,RS256,PS256. - lifetime
In NumberSeconds - Number of seconds during which the JWT will be valid.
- scopes Map<String>
- Permissions (scopes) included in JWTs.
- secret
Encoded Boolean - Indicates whether the client secret is Base64-encoded.
ClientMobile, ClientMobileArgs
- Android
Client
Mobile Android - Configuration settings for Android native apps.
- Ios
Client
Mobile Ios - Configuration settings for i0S native apps.
- Android
Client
Mobile Android - Configuration settings for Android native apps.
- Ios
Client
Mobile Ios - Configuration settings for i0S native apps.
- android
Client
Mobile Android - Configuration settings for Android native apps.
- ios
Client
Mobile Ios - Configuration settings for i0S native apps.
- android
Client
Mobile Android - Configuration settings for Android native apps.
- ios
Client
Mobile Ios - Configuration settings for i0S native apps.
- android
Client
Mobile Android - Configuration settings for Android native apps.
- ios
Client
Mobile Ios - Configuration settings for i0S native apps.
- android Property Map
- Configuration settings for Android native apps.
- ios Property Map
- Configuration settings for i0S native apps.
ClientMobileAndroid, ClientMobileAndroidArgs
- App
Package stringName - Sha256Cert
Fingerprints List<string>
- App
Package stringName - Sha256Cert
Fingerprints []string
- app
Package StringName - sha256Cert
Fingerprints List<String>
- app
Package stringName - sha256Cert
Fingerprints string[]
- app_
package_ strname - sha256_
cert_ Sequence[str]fingerprints
- app
Package StringName - sha256Cert
Fingerprints List<String>
ClientMobileIos, ClientMobileIosArgs
- App
Bundle stringIdentifier - Team
Id string
- App
Bundle stringIdentifier - Team
Id string
- app
Bundle StringIdentifier - team
Id String
- app
Bundle stringIdentifier - team
Id string
- app_
bundle_ stridentifier - team_
id str
- app
Bundle StringIdentifier - team
Id String
ClientNativeSocialLogin, ClientNativeSocialLoginArgs
ClientNativeSocialLoginApple, ClientNativeSocialLoginAppleArgs
- Enabled bool
- Enabled bool
- enabled Boolean
- enabled boolean
- enabled bool
- enabled Boolean
ClientNativeSocialLoginFacebook, ClientNativeSocialLoginFacebookArgs
- Enabled bool
- Enabled bool
- enabled Boolean
- enabled boolean
- enabled bool
- enabled Boolean
ClientNativeSocialLoginGoogle, ClientNativeSocialLoginGoogleArgs
- Enabled bool
- Enabled bool
- enabled Boolean
- enabled boolean
- enabled bool
- enabled Boolean
ClientOidcLogout, ClientOidcLogoutArgs
- Backchannel
Logout List<string>Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- Backchannel
Logout ClientInitiators Oidc Logout Backchannel Logout Initiators - Configure OIDC logout initiators for the Client
- Backchannel
Logout []stringUrls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- Backchannel
Logout ClientInitiators Oidc Logout Backchannel Logout Initiators - Configure OIDC logout initiators for the Client
- backchannel
Logout List<String>Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- backchannel
Logout ClientInitiators Oidc Logout Backchannel Logout Initiators - Configure OIDC logout initiators for the Client
- backchannel
Logout string[]Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- backchannel
Logout ClientInitiators Oidc Logout Backchannel Logout Initiators - Configure OIDC logout initiators for the Client
- backchannel_
logout_ Sequence[str]urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- backchannel_
logout_ Clientinitiators Oidc Logout Backchannel Logout Initiators - Configure OIDC logout initiators for the Client
- backchannel
Logout List<String>Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- backchannel
Logout Property MapInitiators - Configure OIDC logout initiators for the Client
ClientOidcLogoutBackchannelLogoutInitiators, ClientOidcLogoutBackchannelLogoutInitiatorsArgs
- Mode string
- Determines the configuration method for enabling initiators.
customenables only the initiators listed in the backchannellogoutselected_initiators set,allenables all current and future initiators. - Selected
Initiators List<string> - Contains the list of initiators to be enabled for the given client.
- Mode string
- Determines the configuration method for enabling initiators.
customenables only the initiators listed in the backchannellogoutselected_initiators set,allenables all current and future initiators. - Selected
Initiators []string - Contains the list of initiators to be enabled for the given client.
- mode String
- Determines the configuration method for enabling initiators.
customenables only the initiators listed in the backchannellogoutselected_initiators set,allenables all current and future initiators. - selected
Initiators List<String> - Contains the list of initiators to be enabled for the given client.
- mode string
- Determines the configuration method for enabling initiators.
customenables only the initiators listed in the backchannellogoutselected_initiators set,allenables all current and future initiators. - selected
Initiators string[] - Contains the list of initiators to be enabled for the given client.
- mode str
- Determines the configuration method for enabling initiators.
customenables only the initiators listed in the backchannellogoutselected_initiators set,allenables all current and future initiators. - selected_
initiators Sequence[str] - Contains the list of initiators to be enabled for the given client.
- mode String
- Determines the configuration method for enabling initiators.
customenables only the initiators listed in the backchannellogoutselected_initiators set,allenables all current and future initiators. - selected
Initiators List<String> - Contains the list of initiators to be enabled for the given client.
ClientRefreshToken, ClientRefreshTokenArgs
- Expiration
Type string - Options include
expiring,non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation isrotating, this must be set toexpiring. - Rotation
Type string - Options include
rotating,non-rotating. Whenrotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. - Idle
Token intLifetime - The time in seconds after which inactive refresh tokens will expire.
- Infinite
Idle boolToken Lifetime - Whether inactive refresh tokens should remain valid indefinitely.
- Infinite
Token boolLifetime - Whether refresh tokens should remain valid indefinitely. If false,
token_lifetimeshould also be set. - Leeway int
- The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
- Policies
List<Client
Refresh Token Policy> - A collection of policies governing multi-resource refresh token exchange (MRRT), defining how refresh tokens can be used across different resource servers
- Token
Lifetime int - The absolute lifetime of a refresh token in seconds.
- Expiration
Type string - Options include
expiring,non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation isrotating, this must be set toexpiring. - Rotation
Type string - Options include
rotating,non-rotating. Whenrotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. - Idle
Token intLifetime - The time in seconds after which inactive refresh tokens will expire.
- Infinite
Idle boolToken Lifetime - Whether inactive refresh tokens should remain valid indefinitely.
- Infinite
Token boolLifetime - Whether refresh tokens should remain valid indefinitely. If false,
token_lifetimeshould also be set. - Leeway int
- The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
- Policies
[]Client
Refresh Token Policy - A collection of policies governing multi-resource refresh token exchange (MRRT), defining how refresh tokens can be used across different resource servers
- Token
Lifetime int - The absolute lifetime of a refresh token in seconds.
- expiration
Type String - Options include
expiring,non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation isrotating, this must be set toexpiring. - rotation
Type String - Options include
rotating,non-rotating. Whenrotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. - idle
Token IntegerLifetime - The time in seconds after which inactive refresh tokens will expire.
- infinite
Idle BooleanToken Lifetime - Whether inactive refresh tokens should remain valid indefinitely.
- infinite
Token BooleanLifetime - Whether refresh tokens should remain valid indefinitely. If false,
token_lifetimeshould also be set. - leeway Integer
- The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
- policies
List<Client
Refresh Token Policy> - A collection of policies governing multi-resource refresh token exchange (MRRT), defining how refresh tokens can be used across different resource servers
- token
Lifetime Integer - The absolute lifetime of a refresh token in seconds.
- expiration
Type string - Options include
expiring,non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation isrotating, this must be set toexpiring. - rotation
Type string - Options include
rotating,non-rotating. Whenrotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. - idle
Token numberLifetime - The time in seconds after which inactive refresh tokens will expire.
- infinite
Idle booleanToken Lifetime - Whether inactive refresh tokens should remain valid indefinitely.
- infinite
Token booleanLifetime - Whether refresh tokens should remain valid indefinitely. If false,
token_lifetimeshould also be set. - leeway number
- The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
- policies
Client
Refresh Token Policy[] - A collection of policies governing multi-resource refresh token exchange (MRRT), defining how refresh tokens can be used across different resource servers
- token
Lifetime number - The absolute lifetime of a refresh token in seconds.
- expiration_
type str - Options include
expiring,non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation isrotating, this must be set toexpiring. - rotation_
type str - Options include
rotating,non-rotating. Whenrotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. - idle_
token_ intlifetime - The time in seconds after which inactive refresh tokens will expire.
- infinite_
idle_ booltoken_ lifetime - Whether inactive refresh tokens should remain valid indefinitely.
- infinite_
token_ boollifetime - Whether refresh tokens should remain valid indefinitely. If false,
token_lifetimeshould also be set. - leeway int
- The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
- policies
Sequence[Client
Refresh Token Policy] - A collection of policies governing multi-resource refresh token exchange (MRRT), defining how refresh tokens can be used across different resource servers
- token_
lifetime int - The absolute lifetime of a refresh token in seconds.
- expiration
Type String - Options include
expiring,non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation isrotating, this must be set toexpiring. - rotation
Type String - Options include
rotating,non-rotating. Whenrotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. - idle
Token NumberLifetime - The time in seconds after which inactive refresh tokens will expire.
- infinite
Idle BooleanToken Lifetime - Whether inactive refresh tokens should remain valid indefinitely.
- infinite
Token BooleanLifetime - Whether refresh tokens should remain valid indefinitely. If false,
token_lifetimeshould also be set. - leeway Number
- The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
- policies List<Property Map>
- A collection of policies governing multi-resource refresh token exchange (MRRT), defining how refresh tokens can be used across different resource servers
- token
Lifetime Number - The absolute lifetime of a refresh token in seconds.
ClientRefreshTokenPolicy, ClientRefreshTokenPolicyArgs
ClientSessionTransfer, ClientSessionTransferArgs
- Allow
Refresh boolToken - Indicates whether the application is allowed to use a refresh token when using a sessiontransfertoken session.
- Allowed
Authentication List<string>Methods - Can
Create boolSession Transfer Token - Indicates whether the application(Native app) can use the Token Exchange endpoint to create a sessiontransfertoken
- Enforce
Device stringBinding - Configures the level of device binding enforced when a sessiontransfertoken is consumed. Can be one of
ip,asnornone.
- Allow
Refresh boolToken - Indicates whether the application is allowed to use a refresh token when using a sessiontransfertoken session.
- Allowed
Authentication []stringMethods - Can
Create boolSession Transfer Token - Indicates whether the application(Native app) can use the Token Exchange endpoint to create a sessiontransfertoken
- Enforce
Device stringBinding - Configures the level of device binding enforced when a sessiontransfertoken is consumed. Can be one of
ip,asnornone.
- allow
Refresh BooleanToken - Indicates whether the application is allowed to use a refresh token when using a sessiontransfertoken session.
- allowed
Authentication List<String>Methods - can
Create BooleanSession Transfer Token - Indicates whether the application(Native app) can use the Token Exchange endpoint to create a sessiontransfertoken
- enforce
Device StringBinding - Configures the level of device binding enforced when a sessiontransfertoken is consumed. Can be one of
ip,asnornone.
- allow
Refresh booleanToken - Indicates whether the application is allowed to use a refresh token when using a sessiontransfertoken session.
- allowed
Authentication string[]Methods - can
Create booleanSession Transfer Token - Indicates whether the application(Native app) can use the Token Exchange endpoint to create a sessiontransfertoken
- enforce
Device stringBinding - Configures the level of device binding enforced when a sessiontransfertoken is consumed. Can be one of
ip,asnornone.
- allow_
refresh_ booltoken - Indicates whether the application is allowed to use a refresh token when using a sessiontransfertoken session.
- allowed_
authentication_ Sequence[str]methods - can_
create_ boolsession_ transfer_ token - Indicates whether the application(Native app) can use the Token Exchange endpoint to create a sessiontransfertoken
- enforce_
device_ strbinding - Configures the level of device binding enforced when a sessiontransfertoken is consumed. Can be one of
ip,asnornone.
- allow
Refresh BooleanToken - Indicates whether the application is allowed to use a refresh token when using a sessiontransfertoken session.
- allowed
Authentication List<String>Methods - can
Create BooleanSession Transfer Token - Indicates whether the application(Native app) can use the Token Exchange endpoint to create a sessiontransfertoken
- enforce
Device StringBinding - Configures the level of device binding enforced when a sessiontransfertoken is consumed. Can be one of
ip,asnornone.
ClientTokenExchange, ClientTokenExchangeArgs
- Allow
Any List<string>Profile Of Types - List of allowed profile types for token exchange
- Allow
Any []stringProfile Of Types - List of allowed profile types for token exchange
- allow
Any List<String>Profile Of Types - List of allowed profile types for token exchange
- allow
Any string[]Profile Of Types - List of allowed profile types for token exchange
- allow_
any_ Sequence[str]profile_ of_ types - List of allowed profile types for token exchange
- allow
Any List<String>Profile Of Types - List of allowed profile types for token exchange
Import
This resource can be imported by specifying the client ID.
Example:
$ pulumi import auth0:index/client:Client my_client "AaiyAPdpYdesoKnqjj8HJqRn4T5titww"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Auth0 pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
auth0Terraform Provider.