ClientCimd

Auth0 v3.41.0, Apr 28 26

Viewing docs for Auth0 v3.41.0
published on Tuesday, Apr 28, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-auth0

Viewing docs for Auth0 v3.41.0
published on Tuesday, Apr 28, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-auth0

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const minimalClient = new auth0.ClientCimd("minimal_client", {externalClientId: "https://mcp-agent1.example.com/oauth/metadata.json"});
const myMcpAgent = new auth0.ClientCimd("my_mcp_agent", {
    externalClientId: "https://mcp-agent2.example.com/.well-known/client.json",
    externalClientIdVersion: 1,
    description: "MCP Agent - Production",
    appType: "spa",
    oidcConformant: true,
    allowedOrigins: ["https://mcp-agent2.example.com"],
    webOrigins: ["https://mcp-agent2.example.com"],
    grantTypes: [
        "authorization_code",
        "refresh_token",
    ],
    clientMetadata: {
        environment: "production",
    },
    jwtConfiguration: {
        lifetimeInSeconds: 300,
        alg: "RS256",
    },
    refreshToken: {
        rotationType: "rotating",
        expirationType: "expiring",
        tokenLifetime: 2592000,
        idleTokenLifetime: 1296000,
        infiniteTokenLifetime: false,
        infiniteIdleTokenLifetime: false,
        leeway: 0,
    },
});

import pulumi
import pulumi_auth0 as auth0

minimal_client = auth0.ClientCimd("minimal_client", external_client_id="https://mcp-agent1.example.com/oauth/metadata.json")
my_mcp_agent = auth0.ClientCimd("my_mcp_agent",
    external_client_id="https://mcp-agent2.example.com/.well-known/client.json",
    external_client_id_version=1,
    description="MCP Agent - Production",
    app_type="spa",
    oidc_conformant=True,
    allowed_origins=["https://mcp-agent2.example.com"],
    web_origins=["https://mcp-agent2.example.com"],
    grant_types=[
        "authorization_code",
        "refresh_token",
    ],
    client_metadata={
        "environment": "production",
    },
    jwt_configuration={
        "lifetime_in_seconds": 300,
        "alg": "RS256",
    },
    refresh_token={
        "rotation_type": "rotating",
        "expiration_type": "expiring",
        "token_lifetime": 2592000,
        "idle_token_lifetime": 1296000,
        "infinite_token_lifetime": False,
        "infinite_idle_token_lifetime": False,
        "leeway": 0,
    })

package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewClientCimd(ctx, "minimal_client", &auth0.ClientCimdArgs{
			ExternalClientId: pulumi.String("https://mcp-agent1.example.com/oauth/metadata.json"),
		})
		if err != nil {
			return err
		}
		_, err = auth0.NewClientCimd(ctx, "my_mcp_agent", &auth0.ClientCimdArgs{
			ExternalClientId:        pulumi.String("https://mcp-agent2.example.com/.well-known/client.json"),
			ExternalClientIdVersion: pulumi.Int(1),
			Description:             pulumi.String("MCP Agent - Production"),
			AppType:                 pulumi.String("spa"),
			OidcConformant:          pulumi.Bool(true),
			AllowedOrigins: pulumi.StringArray{
				pulumi.String("https://mcp-agent2.example.com"),
			},
			WebOrigins: pulumi.StringArray{
				pulumi.String("https://mcp-agent2.example.com"),
			},
			GrantTypes: pulumi.StringArray{
				pulumi.String("authorization_code"),
				pulumi.String("refresh_token"),
			},
			ClientMetadata: pulumi.StringMap{
				"environment": pulumi.String("production"),
			},
			JwtConfiguration: &auth0.ClientCimdJwtConfigurationArgs{
				LifetimeInSeconds: pulumi.Int(300),
				Alg:               pulumi.String("RS256"),
			},
			RefreshToken: &auth0.ClientCimdRefreshTokenArgs{
				RotationType:              pulumi.String("rotating"),
				ExpirationType:            pulumi.String("expiring"),
				TokenLifetime:             pulumi.Int(2592000),
				IdleTokenLifetime:         pulumi.Int(1296000),
				InfiniteTokenLifetime:     pulumi.Bool(false),
				InfiniteIdleTokenLifetime: pulumi.Bool(false),
				Leeway:                    pulumi.Int(0),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var minimalClient = new Auth0.Index.ClientCimd("minimal_client", new()
    {
        ExternalClientId = "https://mcp-agent1.example.com/oauth/metadata.json",
    });

    var myMcpAgent = new Auth0.Index.ClientCimd("my_mcp_agent", new()
    {
        ExternalClientId = "https://mcp-agent2.example.com/.well-known/client.json",
        ExternalClientIdVersion = 1,
        Description = "MCP Agent - Production",
        AppType = "spa",
        OidcConformant = true,
        AllowedOrigins = new[]
        {
            "https://mcp-agent2.example.com",
        },
        WebOrigins = new[]
        {
            "https://mcp-agent2.example.com",
        },
        GrantTypes = new[]
        {
            "authorization_code",
            "refresh_token",
        },
        ClientMetadata = 
        {
            { "environment", "production" },
        },
        JwtConfiguration = new Auth0.Inputs.ClientCimdJwtConfigurationArgs
        {
            LifetimeInSeconds = 300,
            Alg = "RS256",
        },
        RefreshToken = new Auth0.Inputs.ClientCimdRefreshTokenArgs
        {
            RotationType = "rotating",
            ExpirationType = "expiring",
            TokenLifetime = 2592000,
            IdleTokenLifetime = 1296000,
            InfiniteTokenLifetime = false,
            InfiniteIdleTokenLifetime = false,
            Leeway = 0,
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.ClientCimd;
import com.pulumi.auth0.ClientCimdArgs;
import com.pulumi.auth0.inputs.ClientCimdJwtConfigurationArgs;
import com.pulumi.auth0.inputs.ClientCimdRefreshTokenArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var minimalClient = new ClientCimd("minimalClient", ClientCimdArgs.builder()
            .externalClientId("https://mcp-agent1.example.com/oauth/metadata.json")
            .build());

        var myMcpAgent = new ClientCimd("myMcpAgent", ClientCimdArgs.builder()
            .externalClientId("https://mcp-agent2.example.com/.well-known/client.json")
            .externalClientIdVersion(1)
            .description("MCP Agent - Production")
            .appType("spa")
            .oidcConformant(true)
            .allowedOrigins("https://mcp-agent2.example.com")
            .webOrigins("https://mcp-agent2.example.com")
            .grantTypes(            
                "authorization_code",
                "refresh_token")
            .clientMetadata(Map.of("environment", "production"))
            .jwtConfiguration(ClientCimdJwtConfigurationArgs.builder()
                .lifetimeInSeconds(300)
                .alg("RS256")
                .build())
            .refreshToken(ClientCimdRefreshTokenArgs.builder()
                .rotationType("rotating")
                .expirationType("expiring")
                .tokenLifetime(2592000)
                .idleTokenLifetime(1296000)
                .infiniteTokenLifetime(false)
                .infiniteIdleTokenLifetime(false)
                .leeway(0)
                .build())
            .build());

    }
}

resources:
  minimalClient:
    type: auth0:ClientCimd
    name: minimal_client
    properties:
      externalClientId: https://mcp-agent1.example.com/oauth/metadata.json
  myMcpAgent:
    type: auth0:ClientCimd
    name: my_mcp_agent
    properties:
      externalClientId: https://mcp-agent2.example.com/.well-known/client.json
      externalClientIdVersion: 1
      description: MCP Agent - Production
      appType: spa
      oidcConformant: true
      allowedOrigins:
        - https://mcp-agent2.example.com
      webOrigins:
        - https://mcp-agent2.example.com
      grantTypes:
        - authorization_code
        - refresh_token
      clientMetadata:
        environment: production
      jwtConfiguration:
        lifetimeInSeconds: 300
        alg: RS256
      refreshToken:
        rotationType: rotating
        expirationType: expiring
        tokenLifetime: 2.592e+06
        idleTokenLifetime: 1.296e+06
        infiniteTokenLifetime: false
        infiniteIdleTokenLifetime: false
        leeway: 0

Create ClientCimd Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new ClientCimd(name: string, args: ClientCimdArgs, opts?: CustomResourceOptions);

@overload
def ClientCimd(resource_name: str,
               args: ClientCimdArgs,
               opts: Optional[ResourceOptions] = None)

@overload
def ClientCimd(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               external_client_id: Optional[str] = None,
               jwt_configuration: Optional[ClientCimdJwtConfigurationArgs] = None,
               organization_discovery_methods: Optional[Sequence[str]] = None,
               default_organization: Optional[ClientCimdDefaultOrganizationArgs] = None,
               description: Optional[str] = None,
               app_type: Optional[str] = None,
               external_client_id_version: Optional[int] = None,
               client_metadata: Optional[Mapping[str, str]] = None,
               grant_types: Optional[Sequence[str]] = None,
               oidc_conformant: Optional[bool] = None,
               allowed_origins: Optional[Sequence[str]] = None,
               redirection_policy: Optional[str] = None,
               refresh_token: Optional[ClientCimdRefreshTokenArgs] = None,
               require_proof_of_possession: Optional[bool] = None,
               skip_non_verifiable_callback_uri_confirmation_prompt: Optional[bool] = None,
               token_quota: Optional[ClientCimdTokenQuotaArgs] = None,
               web_origins: Optional[Sequence[str]] = None)

func NewClientCimd(ctx *Context, name string, args ClientCimdArgs, opts ...ResourceOption) (*ClientCimd, error)

public ClientCimd(string name, ClientCimdArgs args, CustomResourceOptions? opts = null)

public ClientCimd(String name, ClientCimdArgs args)
public ClientCimd(String name, ClientCimdArgs args, CustomResourceOptions options)

type: auth0:ClientCimd
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ClientCimdArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ClientCimdArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ClientCimdArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ClientCimdArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ClientCimdArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var clientCimdResource = new Auth0.ClientCimd("clientCimdResource", new()
{
    ExternalClientId = "string",
    JwtConfiguration = new Auth0.Inputs.ClientCimdJwtConfigurationArgs
    {
        Alg = "string",
        LifetimeInSeconds = 0,
        SecretEncoded = false,
    },
    OrganizationDiscoveryMethods = new[]
    {
        "string",
    },
    DefaultOrganization = new Auth0.Inputs.ClientCimdDefaultOrganizationArgs
    {
        Flows = new[]
        {
            "string",
        },
        OrganizationId = "string",
    },
    Description = "string",
    AppType = "string",
    ExternalClientIdVersion = 0,
    ClientMetadata = 
    {
        { "string", "string" },
    },
    GrantTypes = new[]
    {
        "string",
    },
    OidcConformant = false,
    AllowedOrigins = new[]
    {
        "string",
    },
    RedirectionPolicy = "string",
    RefreshToken = new Auth0.Inputs.ClientCimdRefreshTokenArgs
    {
        ExpirationType = "string",
        IdleTokenLifetime = 0,
        InfiniteIdleTokenLifetime = false,
        InfiniteTokenLifetime = false,
        Leeway = 0,
        RotationType = "string",
        TokenLifetime = 0,
    },
    RequireProofOfPossession = false,
    SkipNonVerifiableCallbackUriConfirmationPrompt = false,
    TokenQuota = new Auth0.Inputs.ClientCimdTokenQuotaArgs
    {
        ClientCredentials = new Auth0.Inputs.ClientCimdTokenQuotaClientCredentialsArgs
        {
            Enforce = false,
            PerDay = 0,
            PerHour = 0,
        },
    },
    WebOrigins = new[]
    {
        "string",
    },
});

example, err := auth0.NewClientCimd(ctx, "clientCimdResource", &auth0.ClientCimdArgs{
	ExternalClientId: pulumi.String("string"),
	JwtConfiguration: &auth0.ClientCimdJwtConfigurationArgs{
		Alg:               pulumi.String("string"),
		LifetimeInSeconds: pulumi.Int(0),
		SecretEncoded:     pulumi.Bool(false),
	},
	OrganizationDiscoveryMethods: pulumi.StringArray{
		pulumi.String("string"),
	},
	DefaultOrganization: &auth0.ClientCimdDefaultOrganizationArgs{
		Flows: pulumi.StringArray{
			pulumi.String("string"),
		},
		OrganizationId: pulumi.String("string"),
	},
	Description:             pulumi.String("string"),
	AppType:                 pulumi.String("string"),
	ExternalClientIdVersion: pulumi.Int(0),
	ClientMetadata: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	GrantTypes: pulumi.StringArray{
		pulumi.String("string"),
	},
	OidcConformant: pulumi.Bool(false),
	AllowedOrigins: pulumi.StringArray{
		pulumi.String("string"),
	},
	RedirectionPolicy: pulumi.String("string"),
	RefreshToken: &auth0.ClientCimdRefreshTokenArgs{
		ExpirationType:            pulumi.String("string"),
		IdleTokenLifetime:         pulumi.Int(0),
		InfiniteIdleTokenLifetime: pulumi.Bool(false),
		InfiniteTokenLifetime:     pulumi.Bool(false),
		Leeway:                    pulumi.Int(0),
		RotationType:              pulumi.String("string"),
		TokenLifetime:             pulumi.Int(0),
	},
	RequireProofOfPossession:                       pulumi.Bool(false),
	SkipNonVerifiableCallbackUriConfirmationPrompt: pulumi.Bool(false),
	TokenQuota: &auth0.ClientCimdTokenQuotaArgs{
		ClientCredentials: &auth0.ClientCimdTokenQuotaClientCredentialsArgs{
			Enforce: pulumi.Bool(false),
			PerDay:  pulumi.Int(0),
			PerHour: pulumi.Int(0),
		},
	},
	WebOrigins: pulumi.StringArray{
		pulumi.String("string"),
	},
})

var clientCimdResource = new ClientCimd("clientCimdResource", ClientCimdArgs.builder()
    .externalClientId("string")
    .jwtConfiguration(ClientCimdJwtConfigurationArgs.builder()
        .alg("string")
        .lifetimeInSeconds(0)
        .secretEncoded(false)
        .build())
    .organizationDiscoveryMethods("string")
    .defaultOrganization(ClientCimdDefaultOrganizationArgs.builder()
        .flows("string")
        .organizationId("string")
        .build())
    .description("string")
    .appType("string")
    .externalClientIdVersion(0)
    .clientMetadata(Map.of("string", "string"))
    .grantTypes("string")
    .oidcConformant(false)
    .allowedOrigins("string")
    .redirectionPolicy("string")
    .refreshToken(ClientCimdRefreshTokenArgs.builder()
        .expirationType("string")
        .idleTokenLifetime(0)
        .infiniteIdleTokenLifetime(false)
        .infiniteTokenLifetime(false)
        .leeway(0)
        .rotationType("string")
        .tokenLifetime(0)
        .build())
    .requireProofOfPossession(false)
    .skipNonVerifiableCallbackUriConfirmationPrompt(false)
    .tokenQuota(ClientCimdTokenQuotaArgs.builder()
        .clientCredentials(ClientCimdTokenQuotaClientCredentialsArgs.builder()
            .enforce(false)
            .perDay(0)
            .perHour(0)
            .build())
        .build())
    .webOrigins("string")
    .build());

client_cimd_resource = auth0.ClientCimd("clientCimdResource",
    external_client_id="string",
    jwt_configuration={
        "alg": "string",
        "lifetime_in_seconds": 0,
        "secret_encoded": False,
    },
    organization_discovery_methods=["string"],
    default_organization={
        "flows": ["string"],
        "organization_id": "string",
    },
    description="string",
    app_type="string",
    external_client_id_version=0,
    client_metadata={
        "string": "string",
    },
    grant_types=["string"],
    oidc_conformant=False,
    allowed_origins=["string"],
    redirection_policy="string",
    refresh_token={
        "expiration_type": "string",
        "idle_token_lifetime": 0,
        "infinite_idle_token_lifetime": False,
        "infinite_token_lifetime": False,
        "leeway": 0,
        "rotation_type": "string",
        "token_lifetime": 0,
    },
    require_proof_of_possession=False,
    skip_non_verifiable_callback_uri_confirmation_prompt=False,
    token_quota={
        "client_credentials": {
            "enforce": False,
            "per_day": 0,
            "per_hour": 0,
        },
    },
    web_origins=["string"])

const clientCimdResource = new auth0.ClientCimd("clientCimdResource", {
    externalClientId: "string",
    jwtConfiguration: {
        alg: "string",
        lifetimeInSeconds: 0,
        secretEncoded: false,
    },
    organizationDiscoveryMethods: ["string"],
    defaultOrganization: {
        flows: ["string"],
        organizationId: "string",
    },
    description: "string",
    appType: "string",
    externalClientIdVersion: 0,
    clientMetadata: {
        string: "string",
    },
    grantTypes: ["string"],
    oidcConformant: false,
    allowedOrigins: ["string"],
    redirectionPolicy: "string",
    refreshToken: {
        expirationType: "string",
        idleTokenLifetime: 0,
        infiniteIdleTokenLifetime: false,
        infiniteTokenLifetime: false,
        leeway: 0,
        rotationType: "string",
        tokenLifetime: 0,
    },
    requireProofOfPossession: false,
    skipNonVerifiableCallbackUriConfirmationPrompt: false,
    tokenQuota: {
        clientCredentials: {
            enforce: false,
            perDay: 0,
            perHour: 0,
        },
    },
    webOrigins: ["string"],
});

type: auth0:ClientCimd
properties:
    allowedOrigins:
        - string
    appType: string
    clientMetadata:
        string: string
    defaultOrganization:
        flows:
            - string
        organizationId: string
    description: string
    externalClientId: string
    externalClientIdVersion: 0
    grantTypes:
        - string
    jwtConfiguration:
        alg: string
        lifetimeInSeconds: 0
        secretEncoded: false
    oidcConformant: false
    organizationDiscoveryMethods:
        - string
    redirectionPolicy: string
    refreshToken:
        expirationType: string
        idleTokenLifetime: 0
        infiniteIdleTokenLifetime: false
        infiniteTokenLifetime: false
        leeway: 0
        rotationType: string
        tokenLifetime: 0
    requireProofOfPossession: false
    skipNonVerifiableCallbackUriConfirmationPrompt: false
    tokenQuota:
        clientCredentials:
            enforce: false
            perDay: 0
            perHour: 0
    webOrigins:
        - string

ClientCimd Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ClientCimd resource accepts the following input properties:

ExternalClientId string: The HTTPS URL of the Client ID Metadata Document. Must include a path component (e.g. https://app.example.com/client.json). This value is immutable after creation.
AllowedOrigins List<string>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
AppType string: Type of application the client represents. CIMD clients only support native, spa, and regularWeb.
ClientMetadata Dictionary<string, string>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
DefaultOrganization ClientCimdDefaultOrganization: Configure and associate an organization with the Client
Description string: Description of the purpose of the client.
ExternalClientIdVersion int: Version number for externalclientid metadata document changes. Update this value to sync the client with the latest values of the json metadata document.
GrantTypes List<string>: Types of grants that this client is authorized to use. CIMD clients support authorizationCode and refreshToken.
JwtConfiguration ClientCimdJwtConfiguration: Configuration settings for the JWTs issued for this client.
OidcConformant bool: Whether this client conforms to strict OIDC specifications. Must be true for CIMD clients.
OrganizationDiscoveryMethods List<string>: Methods for discovering organizations during the preloginprompt. Can include email (allows users to find their organization by entering their email address) and/or organizationName (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that organizationRequireBehavior is set to preLoginPrompt.
RedirectionPolicy string: Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows.
RefreshToken ClientCimdRefreshToken: Configuration settings for the refresh tokens issued for this client.
RequireProofOfPossession bool: Makes the use of Proof-of-Possession mandatory for this client.
SkipNonVerifiableCallbackUriConfirmationPrompt bool: Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it.
TokenQuota ClientCimdTokenQuota: The token quota configuration.
WebOrigins List<string>: URLs that represent valid web origins for use with web message response mode.

ExternalClientId string: The HTTPS URL of the Client ID Metadata Document. Must include a path component (e.g. https://app.example.com/client.json). This value is immutable after creation.
AllowedOrigins []string: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
AppType string: Type of application the client represents. CIMD clients only support native, spa, and regularWeb.
ClientMetadata map[string]string: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
DefaultOrganization ClientCimdDefaultOrganizationArgs: Configure and associate an organization with the Client
Description string: Description of the purpose of the client.
ExternalClientIdVersion int: Version number for externalclientid metadata document changes. Update this value to sync the client with the latest values of the json metadata document.
GrantTypes []string: Types of grants that this client is authorized to use. CIMD clients support authorizationCode and refreshToken.
JwtConfiguration ClientCimdJwtConfigurationArgs: Configuration settings for the JWTs issued for this client.
OidcConformant bool: Whether this client conforms to strict OIDC specifications. Must be true for CIMD clients.
OrganizationDiscoveryMethods []string: Methods for discovering organizations during the preloginprompt. Can include email (allows users to find their organization by entering their email address) and/or organizationName (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that organizationRequireBehavior is set to preLoginPrompt.
RedirectionPolicy string: Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows.
RefreshToken ClientCimdRefreshTokenArgs: Configuration settings for the refresh tokens issued for this client.
RequireProofOfPossession bool: Makes the use of Proof-of-Possession mandatory for this client.
SkipNonVerifiableCallbackUriConfirmationPrompt bool: Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it.
TokenQuota ClientCimdTokenQuotaArgs: The token quota configuration.
WebOrigins []string: URLs that represent valid web origins for use with web message response mode.

externalClientId String: The HTTPS URL of the Client ID Metadata Document. Must include a path component (e.g. https://app.example.com/client.json). This value is immutable after creation.
allowedOrigins List<String>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType String: Type of application the client represents. CIMD clients only support native, spa, and regularWeb.
clientMetadata Map<String,String>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
defaultOrganization ClientCimdDefaultOrganization: Configure and associate an organization with the Client
description String: Description of the purpose of the client.
externalClientIdVersion Integer: Version number for externalclientid metadata document changes. Update this value to sync the client with the latest values of the json metadata document.
grantTypes List<String>: Types of grants that this client is authorized to use. CIMD clients support authorizationCode and refreshToken.
jwtConfiguration ClientCimdJwtConfiguration: Configuration settings for the JWTs issued for this client.
oidcConformant Boolean: Whether this client conforms to strict OIDC specifications. Must be true for CIMD clients.
organizationDiscoveryMethods List<String>: Methods for discovering organizations during the preloginprompt. Can include email (allows users to find their organization by entering their email address) and/or organizationName (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that organizationRequireBehavior is set to preLoginPrompt.
redirectionPolicy String: Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows.
refreshToken ClientCimdRefreshToken: Configuration settings for the refresh tokens issued for this client.
requireProofOfPossession Boolean: Makes the use of Proof-of-Possession mandatory for this client.
skipNonVerifiableCallbackUriConfirmationPrompt Boolean: Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it.
tokenQuota ClientCimdTokenQuota: The token quota configuration.
webOrigins List<String>: URLs that represent valid web origins for use with web message response mode.

externalClientId string: The HTTPS URL of the Client ID Metadata Document. Must include a path component (e.g. https://app.example.com/client.json). This value is immutable after creation.
allowedOrigins string[]: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType string: Type of application the client represents. CIMD clients only support native, spa, and regularWeb.
clientMetadata {[key: string]: string}: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
defaultOrganization ClientCimdDefaultOrganization: Configure and associate an organization with the Client
description string: Description of the purpose of the client.
externalClientIdVersion number: Version number for externalclientid metadata document changes. Update this value to sync the client with the latest values of the json metadata document.
grantTypes string[]: Types of grants that this client is authorized to use. CIMD clients support authorizationCode and refreshToken.
jwtConfiguration ClientCimdJwtConfiguration: Configuration settings for the JWTs issued for this client.
oidcConformant boolean: Whether this client conforms to strict OIDC specifications. Must be true for CIMD clients.
organizationDiscoveryMethods string[]: Methods for discovering organizations during the preloginprompt. Can include email (allows users to find their organization by entering their email address) and/or organizationName (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that organizationRequireBehavior is set to preLoginPrompt.
redirectionPolicy string: Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows.
refreshToken ClientCimdRefreshToken: Configuration settings for the refresh tokens issued for this client.
requireProofOfPossession boolean: Makes the use of Proof-of-Possession mandatory for this client.
skipNonVerifiableCallbackUriConfirmationPrompt boolean: Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it.
tokenQuota ClientCimdTokenQuota: The token quota configuration.
webOrigins string[]: URLs that represent valid web origins for use with web message response mode.

external_client_id str: The HTTPS URL of the Client ID Metadata Document. Must include a path component (e.g. https://app.example.com/client.json). This value is immutable after creation.
allowed_origins Sequence[str]: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
app_type str: Type of application the client represents. CIMD clients only support native, spa, and regularWeb.
client_metadata Mapping[str, str]: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
default_organization ClientCimdDefaultOrganizationArgs: Configure and associate an organization with the Client
description str: Description of the purpose of the client.
external_client_id_version int: Version number for externalclientid metadata document changes. Update this value to sync the client with the latest values of the json metadata document.
grant_types Sequence[str]: Types of grants that this client is authorized to use. CIMD clients support authorizationCode and refreshToken.
jwt_configuration ClientCimdJwtConfigurationArgs: Configuration settings for the JWTs issued for this client.
oidc_conformant bool: Whether this client conforms to strict OIDC specifications. Must be true for CIMD clients.
organization_discovery_methods Sequence[str]: Methods for discovering organizations during the preloginprompt. Can include email (allows users to find their organization by entering their email address) and/or organizationName (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that organizationRequireBehavior is set to preLoginPrompt.
redirection_policy str: Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows.
refresh_token ClientCimdRefreshTokenArgs: Configuration settings for the refresh tokens issued for this client.
require_proof_of_possession bool: Makes the use of Proof-of-Possession mandatory for this client.
skip_non_verifiable_callback_uri_confirmation_prompt bool: Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it.
token_quota ClientCimdTokenQuotaArgs: The token quota configuration.
web_origins Sequence[str]: URLs that represent valid web origins for use with web message response mode.

externalClientId String: The HTTPS URL of the Client ID Metadata Document. Must include a path component (e.g. https://app.example.com/client.json). This value is immutable after creation.
allowedOrigins List<String>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType String: Type of application the client represents. CIMD clients only support native, spa, and regularWeb.
clientMetadata Map<String>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
defaultOrganization Property Map: Configure and associate an organization with the Client
description String: Description of the purpose of the client.
externalClientIdVersion Number: Version number for externalclientid metadata document changes. Update this value to sync the client with the latest values of the json metadata document.
grantTypes List<String>: Types of grants that this client is authorized to use. CIMD clients support authorizationCode and refreshToken.
jwtConfiguration Property Map: Configuration settings for the JWTs issued for this client.
oidcConformant Boolean: Whether this client conforms to strict OIDC specifications. Must be true for CIMD clients.
organizationDiscoveryMethods List<String>: Methods for discovering organizations during the preloginprompt. Can include email (allows users to find their organization by entering their email address) and/or organizationName (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that organizationRequireBehavior is set to preLoginPrompt.
redirectionPolicy String: Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows.
refreshToken Property Map: Configuration settings for the refresh tokens issued for this client.
requireProofOfPossession Boolean: Makes the use of Proof-of-Possession mandatory for this client.
skipNonVerifiableCallbackUriConfirmationPrompt Boolean: Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it.
tokenQuota Property Map: The token quota configuration.
webOrigins List<String>: URLs that represent valid web origins for use with web message response mode.

Outputs

All input properties are implicitly available as output properties. Additionally, the ClientCimd resource produces the following output properties:

Callbacks List<string>: URLs that Auth0 may call back after authentication. Derived from the CIMD metadata document.
ClientId string: The ID of the client.
ExternalMetadataCreatedBy string: Who created the external metadata client: admin (via Management API) or client (self-registered).
ExternalMetadataType string: Type of external metadata. Always cimd for CIMD-registered clients.
Id string: The provider-assigned unique ID for this managed resource.
IsFirstParty bool: Whether this is a first-party client. Always false for CIMD clients.
JwksUri string: URL for the JSON Web Key Set (JWKS) containing the public keys used for privateKeyJwt authentication.
LogoUri string: URL of the logo for this client, derived from the CIMD metadata document.
Name string: Name of the client, derived from the CIMD metadata document.
SigningKeys List<ImmutableDictionary<string, string>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
ThirdPartySecurityMode string: Security mode for third-party clients. strict enforces enhanced security controls
Validations List<ClientCimdValidation>: Validation result of the CIMD metadata document.

Callbacks []string: URLs that Auth0 may call back after authentication. Derived from the CIMD metadata document.
ClientId string: The ID of the client.
ExternalMetadataCreatedBy string: Who created the external metadata client: admin (via Management API) or client (self-registered).
ExternalMetadataType string: Type of external metadata. Always cimd for CIMD-registered clients.
Id string: The provider-assigned unique ID for this managed resource.
IsFirstParty bool: Whether this is a first-party client. Always false for CIMD clients.
JwksUri string: URL for the JSON Web Key Set (JWKS) containing the public keys used for privateKeyJwt authentication.
LogoUri string: URL of the logo for this client, derived from the CIMD metadata document.
Name string: Name of the client, derived from the CIMD metadata document.
SigningKeys []map[string]string: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
ThirdPartySecurityMode string: Security mode for third-party clients. strict enforces enhanced security controls
Validations []ClientCimdValidation: Validation result of the CIMD metadata document.

callbacks List<String>: URLs that Auth0 may call back after authentication. Derived from the CIMD metadata document.
clientId String: The ID of the client.
externalMetadataCreatedBy String: Who created the external metadata client: admin (via Management API) or client (self-registered).
externalMetadataType String: Type of external metadata. Always cimd for CIMD-registered clients.
id String: The provider-assigned unique ID for this managed resource.
isFirstParty Boolean: Whether this is a first-party client. Always false for CIMD clients.
jwksUri String: URL for the JSON Web Key Set (JWKS) containing the public keys used for privateKeyJwt authentication.
logoUri String: URL of the logo for this client, derived from the CIMD metadata document.
name String: Name of the client, derived from the CIMD metadata document.
signingKeys List<Map<String,String>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
thirdPartySecurityMode String: Security mode for third-party clients. strict enforces enhanced security controls
validations List<ClientCimdValidation>: Validation result of the CIMD metadata document.

callbacks string[]: URLs that Auth0 may call back after authentication. Derived from the CIMD metadata document.
clientId string: The ID of the client.
externalMetadataCreatedBy string: Who created the external metadata client: admin (via Management API) or client (self-registered).
externalMetadataType string: Type of external metadata. Always cimd for CIMD-registered clients.
id string: The provider-assigned unique ID for this managed resource.
isFirstParty boolean: Whether this is a first-party client. Always false for CIMD clients.
jwksUri string: URL for the JSON Web Key Set (JWKS) containing the public keys used for privateKeyJwt authentication.
logoUri string: URL of the logo for this client, derived from the CIMD metadata document.
name string: Name of the client, derived from the CIMD metadata document.
signingKeys {[key: string]: string}[]: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
thirdPartySecurityMode string: Security mode for third-party clients. strict enforces enhanced security controls
validations ClientCimdValidation[]: Validation result of the CIMD metadata document.

callbacks Sequence[str]: URLs that Auth0 may call back after authentication. Derived from the CIMD metadata document.
client_id str: The ID of the client.
external_metadata_created_by str: Who created the external metadata client: admin (via Management API) or client (self-registered).
external_metadata_type str: Type of external metadata. Always cimd for CIMD-registered clients.
id str: The provider-assigned unique ID for this managed resource.
is_first_party bool: Whether this is a first-party client. Always false for CIMD clients.
jwks_uri str: URL for the JSON Web Key Set (JWKS) containing the public keys used for privateKeyJwt authentication.
logo_uri str: URL of the logo for this client, derived from the CIMD metadata document.
name str: Name of the client, derived from the CIMD metadata document.
signing_keys Sequence[Mapping[str, str]]: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
third_party_security_mode str: Security mode for third-party clients. strict enforces enhanced security controls
validations Sequence[ClientCimdValidation]: Validation result of the CIMD metadata document.

callbacks List<String>: URLs that Auth0 may call back after authentication. Derived from the CIMD metadata document.
clientId String: The ID of the client.
externalMetadataCreatedBy String: Who created the external metadata client: admin (via Management API) or client (self-registered).
externalMetadataType String: Type of external metadata. Always cimd for CIMD-registered clients.
id String: The provider-assigned unique ID for this managed resource.
isFirstParty Boolean: Whether this is a first-party client. Always false for CIMD clients.
jwksUri String: URL for the JSON Web Key Set (JWKS) containing the public keys used for privateKeyJwt authentication.
logoUri String: URL of the logo for this client, derived from the CIMD metadata document.
name String: Name of the client, derived from the CIMD metadata document.
signingKeys List<Map<String>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
thirdPartySecurityMode String: Security mode for third-party clients. strict enforces enhanced security controls
validations List<Property Map>: Validation result of the CIMD metadata document.

Look up Existing ClientCimd Resource

Get an existing ClientCimd resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ClientCimdState, opts?: CustomResourceOptions): ClientCimd

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        allowed_origins: Optional[Sequence[str]] = None,
        app_type: Optional[str] = None,
        callbacks: Optional[Sequence[str]] = None,
        client_id: Optional[str] = None,
        client_metadata: Optional[Mapping[str, str]] = None,
        default_organization: Optional[ClientCimdDefaultOrganizationArgs] = None,
        description: Optional[str] = None,
        external_client_id: Optional[str] = None,
        external_client_id_version: Optional[int] = None,
        external_metadata_created_by: Optional[str] = None,
        external_metadata_type: Optional[str] = None,
        grant_types: Optional[Sequence[str]] = None,
        is_first_party: Optional[bool] = None,
        jwks_uri: Optional[str] = None,
        jwt_configuration: Optional[ClientCimdJwtConfigurationArgs] = None,
        logo_uri: Optional[str] = None,
        name: Optional[str] = None,
        oidc_conformant: Optional[bool] = None,
        organization_discovery_methods: Optional[Sequence[str]] = None,
        redirection_policy: Optional[str] = None,
        refresh_token: Optional[ClientCimdRefreshTokenArgs] = None,
        require_proof_of_possession: Optional[bool] = None,
        signing_keys: Optional[Sequence[Mapping[str, str]]] = None,
        skip_non_verifiable_callback_uri_confirmation_prompt: Optional[bool] = None,
        third_party_security_mode: Optional[str] = None,
        token_quota: Optional[ClientCimdTokenQuotaArgs] = None,
        validations: Optional[Sequence[ClientCimdValidationArgs]] = None,
        web_origins: Optional[Sequence[str]] = None) -> ClientCimd

func GetClientCimd(ctx *Context, name string, id IDInput, state *ClientCimdState, opts ...ResourceOption) (*ClientCimd, error)

public static ClientCimd Get(string name, Input<string> id, ClientCimdState? state, CustomResourceOptions? opts = null)

public static ClientCimd get(String name, Output<String> id, ClientCimdState state, CustomResourceOptions options)

resources:  _:    type: auth0:ClientCimd    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AllowedOrigins List<string>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
AppType string: Type of application the client represents. CIMD clients only support native, spa, and regularWeb.
Callbacks List<string>: URLs that Auth0 may call back after authentication. Derived from the CIMD metadata document.
ClientId string: The ID of the client.
ClientMetadata Dictionary<string, string>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
DefaultOrganization ClientCimdDefaultOrganization: Configure and associate an organization with the Client
Description string: Description of the purpose of the client.
ExternalClientId string: The HTTPS URL of the Client ID Metadata Document. Must include a path component (e.g. https://app.example.com/client.json). This value is immutable after creation.
ExternalClientIdVersion int: Version number for externalclientid metadata document changes. Update this value to sync the client with the latest values of the json metadata document.
ExternalMetadataCreatedBy string: Who created the external metadata client: admin (via Management API) or client (self-registered).
ExternalMetadataType string: Type of external metadata. Always cimd for CIMD-registered clients.
GrantTypes List<string>: Types of grants that this client is authorized to use. CIMD clients support authorizationCode and refreshToken.
IsFirstParty bool: Whether this is a first-party client. Always false for CIMD clients.
JwksUri string: URL for the JSON Web Key Set (JWKS) containing the public keys used for privateKeyJwt authentication.
JwtConfiguration ClientCimdJwtConfiguration: Configuration settings for the JWTs issued for this client.
LogoUri string: URL of the logo for this client, derived from the CIMD metadata document.
Name string: Name of the client, derived from the CIMD metadata document.
OidcConformant bool: Whether this client conforms to strict OIDC specifications. Must be true for CIMD clients.
OrganizationDiscoveryMethods List<string>: Methods for discovering organizations during the preloginprompt. Can include email (allows users to find their organization by entering their email address) and/or organizationName (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that organizationRequireBehavior is set to preLoginPrompt.
RedirectionPolicy string: Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows.
RefreshToken ClientCimdRefreshToken: Configuration settings for the refresh tokens issued for this client.
RequireProofOfPossession bool: Makes the use of Proof-of-Possession mandatory for this client.
SigningKeys List<ImmutableDictionary<string, string>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
SkipNonVerifiableCallbackUriConfirmationPrompt bool: Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it.
ThirdPartySecurityMode string: Security mode for third-party clients. strict enforces enhanced security controls
TokenQuota ClientCimdTokenQuota: The token quota configuration.
Validations List<ClientCimdValidation>: Validation result of the CIMD metadata document.
WebOrigins List<string>: URLs that represent valid web origins for use with web message response mode.

AllowedOrigins []string: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
AppType string: Type of application the client represents. CIMD clients only support native, spa, and regularWeb.
Callbacks []string: URLs that Auth0 may call back after authentication. Derived from the CIMD metadata document.
ClientId string: The ID of the client.
ClientMetadata map[string]string: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
DefaultOrganization ClientCimdDefaultOrganizationArgs: Configure and associate an organization with the Client
Description string: Description of the purpose of the client.
ExternalClientId string: The HTTPS URL of the Client ID Metadata Document. Must include a path component (e.g. https://app.example.com/client.json). This value is immutable after creation.
ExternalClientIdVersion int: Version number for externalclientid metadata document changes. Update this value to sync the client with the latest values of the json metadata document.
ExternalMetadataCreatedBy string: Who created the external metadata client: admin (via Management API) or client (self-registered).
ExternalMetadataType string: Type of external metadata. Always cimd for CIMD-registered clients.
GrantTypes []string: Types of grants that this client is authorized to use. CIMD clients support authorizationCode and refreshToken.
IsFirstParty bool: Whether this is a first-party client. Always false for CIMD clients.
JwksUri string: URL for the JSON Web Key Set (JWKS) containing the public keys used for privateKeyJwt authentication.
JwtConfiguration ClientCimdJwtConfigurationArgs: Configuration settings for the JWTs issued for this client.
LogoUri string: URL of the logo for this client, derived from the CIMD metadata document.
Name string: Name of the client, derived from the CIMD metadata document.
OidcConformant bool: Whether this client conforms to strict OIDC specifications. Must be true for CIMD clients.
OrganizationDiscoveryMethods []string: Methods for discovering organizations during the preloginprompt. Can include email (allows users to find their organization by entering their email address) and/or organizationName (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that organizationRequireBehavior is set to preLoginPrompt.
RedirectionPolicy string: Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows.
RefreshToken ClientCimdRefreshTokenArgs: Configuration settings for the refresh tokens issued for this client.
RequireProofOfPossession bool: Makes the use of Proof-of-Possession mandatory for this client.
SigningKeys []map[string]string: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
SkipNonVerifiableCallbackUriConfirmationPrompt bool: Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it.
ThirdPartySecurityMode string: Security mode for third-party clients. strict enforces enhanced security controls
TokenQuota ClientCimdTokenQuotaArgs: The token quota configuration.
Validations []ClientCimdValidationArgs: Validation result of the CIMD metadata document.
WebOrigins []string: URLs that represent valid web origins for use with web message response mode.

allowedOrigins List<String>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType String: Type of application the client represents. CIMD clients only support native, spa, and regularWeb.
callbacks List<String>: URLs that Auth0 may call back after authentication. Derived from the CIMD metadata document.
clientId String: The ID of the client.
clientMetadata Map<String,String>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
defaultOrganization ClientCimdDefaultOrganization: Configure and associate an organization with the Client
description String: Description of the purpose of the client.
externalClientId String: The HTTPS URL of the Client ID Metadata Document. Must include a path component (e.g. https://app.example.com/client.json). This value is immutable after creation.
externalClientIdVersion Integer: Version number for externalclientid metadata document changes. Update this value to sync the client with the latest values of the json metadata document.
externalMetadataCreatedBy String: Who created the external metadata client: admin (via Management API) or client (self-registered).
externalMetadataType String: Type of external metadata. Always cimd for CIMD-registered clients.
grantTypes List<String>: Types of grants that this client is authorized to use. CIMD clients support authorizationCode and refreshToken.
isFirstParty Boolean: Whether this is a first-party client. Always false for CIMD clients.
jwksUri String: URL for the JSON Web Key Set (JWKS) containing the public keys used for privateKeyJwt authentication.
jwtConfiguration ClientCimdJwtConfiguration: Configuration settings for the JWTs issued for this client.
logoUri String: URL of the logo for this client, derived from the CIMD metadata document.
name String: Name of the client, derived from the CIMD metadata document.
oidcConformant Boolean: Whether this client conforms to strict OIDC specifications. Must be true for CIMD clients.
organizationDiscoveryMethods List<String>: Methods for discovering organizations during the preloginprompt. Can include email (allows users to find their organization by entering their email address) and/or organizationName (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that organizationRequireBehavior is set to preLoginPrompt.
redirectionPolicy String: Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows.
refreshToken ClientCimdRefreshToken: Configuration settings for the refresh tokens issued for this client.
requireProofOfPossession Boolean: Makes the use of Proof-of-Possession mandatory for this client.
signingKeys List<Map<String,String>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
skipNonVerifiableCallbackUriConfirmationPrompt Boolean: Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it.
thirdPartySecurityMode String: Security mode for third-party clients. strict enforces enhanced security controls
tokenQuota ClientCimdTokenQuota: The token quota configuration.
validations List<ClientCimdValidation>: Validation result of the CIMD metadata document.
webOrigins List<String>: URLs that represent valid web origins for use with web message response mode.

allowedOrigins string[]: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType string: Type of application the client represents. CIMD clients only support native, spa, and regularWeb.
callbacks string[]: URLs that Auth0 may call back after authentication. Derived from the CIMD metadata document.
clientId string: The ID of the client.
clientMetadata {[key: string]: string}: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
defaultOrganization ClientCimdDefaultOrganization: Configure and associate an organization with the Client
description string: Description of the purpose of the client.
externalClientId string: The HTTPS URL of the Client ID Metadata Document. Must include a path component (e.g. https://app.example.com/client.json). This value is immutable after creation.
externalClientIdVersion number: Version number for externalclientid metadata document changes. Update this value to sync the client with the latest values of the json metadata document.
externalMetadataCreatedBy string: Who created the external metadata client: admin (via Management API) or client (self-registered).
externalMetadataType string: Type of external metadata. Always cimd for CIMD-registered clients.
grantTypes string[]: Types of grants that this client is authorized to use. CIMD clients support authorizationCode and refreshToken.
isFirstParty boolean: Whether this is a first-party client. Always false for CIMD clients.
jwksUri string: URL for the JSON Web Key Set (JWKS) containing the public keys used for privateKeyJwt authentication.
jwtConfiguration ClientCimdJwtConfiguration: Configuration settings for the JWTs issued for this client.
logoUri string: URL of the logo for this client, derived from the CIMD metadata document.
name string: Name of the client, derived from the CIMD metadata document.
oidcConformant boolean: Whether this client conforms to strict OIDC specifications. Must be true for CIMD clients.
organizationDiscoveryMethods string[]: Methods for discovering organizations during the preloginprompt. Can include email (allows users to find their organization by entering their email address) and/or organizationName (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that organizationRequireBehavior is set to preLoginPrompt.
redirectionPolicy string: Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows.
refreshToken ClientCimdRefreshToken: Configuration settings for the refresh tokens issued for this client.
requireProofOfPossession boolean: Makes the use of Proof-of-Possession mandatory for this client.
signingKeys {[key: string]: string}[]: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
skipNonVerifiableCallbackUriConfirmationPrompt boolean: Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it.
thirdPartySecurityMode string: Security mode for third-party clients. strict enforces enhanced security controls
tokenQuota ClientCimdTokenQuota: The token quota configuration.
validations ClientCimdValidation[]: Validation result of the CIMD metadata document.
webOrigins string[]: URLs that represent valid web origins for use with web message response mode.

allowed_origins Sequence[str]: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
app_type str: Type of application the client represents. CIMD clients only support native, spa, and regularWeb.
callbacks Sequence[str]: URLs that Auth0 may call back after authentication. Derived from the CIMD metadata document.
client_id str: The ID of the client.
client_metadata Mapping[str, str]: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
default_organization ClientCimdDefaultOrganizationArgs: Configure and associate an organization with the Client
description str: Description of the purpose of the client.
external_client_id str: The HTTPS URL of the Client ID Metadata Document. Must include a path component (e.g. https://app.example.com/client.json). This value is immutable after creation.
external_client_id_version int: Version number for externalclientid metadata document changes. Update this value to sync the client with the latest values of the json metadata document.
external_metadata_created_by str: Who created the external metadata client: admin (via Management API) or client (self-registered).
external_metadata_type str: Type of external metadata. Always cimd for CIMD-registered clients.
grant_types Sequence[str]: Types of grants that this client is authorized to use. CIMD clients support authorizationCode and refreshToken.
is_first_party bool: Whether this is a first-party client. Always false for CIMD clients.
jwks_uri str: URL for the JSON Web Key Set (JWKS) containing the public keys used for privateKeyJwt authentication.
jwt_configuration ClientCimdJwtConfigurationArgs: Configuration settings for the JWTs issued for this client.
logo_uri str: URL of the logo for this client, derived from the CIMD metadata document.
name str: Name of the client, derived from the CIMD metadata document.
oidc_conformant bool: Whether this client conforms to strict OIDC specifications. Must be true for CIMD clients.
organization_discovery_methods Sequence[str]: Methods for discovering organizations during the preloginprompt. Can include email (allows users to find their organization by entering their email address) and/or organizationName (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that organizationRequireBehavior is set to preLoginPrompt.
redirection_policy str: Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows.
refresh_token ClientCimdRefreshTokenArgs: Configuration settings for the refresh tokens issued for this client.
require_proof_of_possession bool: Makes the use of Proof-of-Possession mandatory for this client.
signing_keys Sequence[Mapping[str, str]]: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
skip_non_verifiable_callback_uri_confirmation_prompt bool: Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it.
third_party_security_mode str: Security mode for third-party clients. strict enforces enhanced security controls
token_quota ClientCimdTokenQuotaArgs: The token quota configuration.
validations Sequence[ClientCimdValidationArgs]: Validation result of the CIMD metadata document.
web_origins Sequence[str]: URLs that represent valid web origins for use with web message response mode.

allowedOrigins List<String>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType String: Type of application the client represents. CIMD clients only support native, spa, and regularWeb.
callbacks List<String>: URLs that Auth0 may call back after authentication. Derived from the CIMD metadata document.
clientId String: The ID of the client.
clientMetadata Map<String>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
defaultOrganization Property Map: Configure and associate an organization with the Client
description String: Description of the purpose of the client.
externalClientId String: The HTTPS URL of the Client ID Metadata Document. Must include a path component (e.g. https://app.example.com/client.json). This value is immutable after creation.
externalClientIdVersion Number: Version number for externalclientid metadata document changes. Update this value to sync the client with the latest values of the json metadata document.
externalMetadataCreatedBy String: Who created the external metadata client: admin (via Management API) or client (self-registered).
externalMetadataType String: Type of external metadata. Always cimd for CIMD-registered clients.
grantTypes List<String>: Types of grants that this client is authorized to use. CIMD clients support authorizationCode and refreshToken.
isFirstParty Boolean: Whether this is a first-party client. Always false for CIMD clients.
jwksUri String: URL for the JSON Web Key Set (JWKS) containing the public keys used for privateKeyJwt authentication.
jwtConfiguration Property Map: Configuration settings for the JWTs issued for this client.
logoUri String: URL of the logo for this client, derived from the CIMD metadata document.
name String: Name of the client, derived from the CIMD metadata document.
oidcConformant Boolean: Whether this client conforms to strict OIDC specifications. Must be true for CIMD clients.
organizationDiscoveryMethods List<String>: Methods for discovering organizations during the preloginprompt. Can include email (allows users to find their organization by entering their email address) and/or organizationName (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that organizationRequireBehavior is set to preLoginPrompt.
redirectionPolicy String: Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows.
refreshToken Property Map: Configuration settings for the refresh tokens issued for this client.
requireProofOfPossession Boolean: Makes the use of Proof-of-Possession mandatory for this client.
signingKeys List<Map<String>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
skipNonVerifiableCallbackUriConfirmationPrompt Boolean: Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it.
thirdPartySecurityMode String: Security mode for third-party clients. strict enforces enhanced security controls
tokenQuota Property Map: The token quota configuration.
validations List<Property Map>: Validation result of the CIMD metadata document.
webOrigins List<String>: URLs that represent valid web origins for use with web message response mode.

Supporting Types

ClientCimdDefaultOrganization, ClientCimdDefaultOrganizationArgs

Flows List<string>: Definition of the flow that needs to be configured. Eg. client_credentials
OrganizationId string: The unique identifier of the organization

Flows []string: Definition of the flow that needs to be configured. Eg. client_credentials
OrganizationId string: The unique identifier of the organization

flows List<String>: Definition of the flow that needs to be configured. Eg. client_credentials
organizationId String: The unique identifier of the organization

flows string[]: Definition of the flow that needs to be configured. Eg. client_credentials
organizationId string: The unique identifier of the organization

flows Sequence[str]: Definition of the flow that needs to be configured. Eg. client_credentials
organization_id str: The unique identifier of the organization

flows List<String>: Definition of the flow that needs to be configured. Eg. client_credentials
organizationId String: The unique identifier of the organization

ClientCimdJwtConfiguration, ClientCimdJwtConfigurationArgs

Alg string: Algorithm used to sign JWTs. CIMD clients support RS256, RS512, and PS256 (asymmetric only).
LifetimeInSeconds int: Number of seconds during which the JWT will be valid.
SecretEncoded bool: Indicates whether the client secret is Base64-encoded.

Alg string: Algorithm used to sign JWTs. CIMD clients support RS256, RS512, and PS256 (asymmetric only).
LifetimeInSeconds int: Number of seconds during which the JWT will be valid.
SecretEncoded bool: Indicates whether the client secret is Base64-encoded.

alg String: Algorithm used to sign JWTs. CIMD clients support RS256, RS512, and PS256 (asymmetric only).
lifetimeInSeconds Integer: Number of seconds during which the JWT will be valid.
secretEncoded Boolean: Indicates whether the client secret is Base64-encoded.

alg string: Algorithm used to sign JWTs. CIMD clients support RS256, RS512, and PS256 (asymmetric only).
lifetimeInSeconds number: Number of seconds during which the JWT will be valid.
secretEncoded boolean: Indicates whether the client secret is Base64-encoded.

alg str: Algorithm used to sign JWTs. CIMD clients support RS256, RS512, and PS256 (asymmetric only).
lifetime_in_seconds int: Number of seconds during which the JWT will be valid.
secret_encoded bool: Indicates whether the client secret is Base64-encoded.

alg String: Algorithm used to sign JWTs. CIMD clients support RS256, RS512, and PS256 (asymmetric only).
lifetimeInSeconds Number: Number of seconds during which the JWT will be valid.
secretEncoded Boolean: Indicates whether the client secret is Base64-encoded.

ClientCimdRefreshToken, ClientCimdRefreshTokenArgs

ExpirationType string: Refresh token expiration type. Must be expiring for CIMD clients.
IdleTokenLifetime int: The time in seconds after which inactive refresh tokens will expire.
InfiniteIdleTokenLifetime bool: Whether inactive refresh tokens should remain valid indefinitely. Must be false for CIMD clients.
InfiniteTokenLifetime bool: Whether refresh tokens should remain valid indefinitely. If false, tokenLifetime should also be set.
Leeway int: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
RotationType string: Refresh token rotation type.Valid values are rotating and non-rotating
TokenLifetime int: The absolute lifetime of a refresh token in seconds.

ExpirationType string: Refresh token expiration type. Must be expiring for CIMD clients.
IdleTokenLifetime int: The time in seconds after which inactive refresh tokens will expire.
InfiniteIdleTokenLifetime bool: Whether inactive refresh tokens should remain valid indefinitely. Must be false for CIMD clients.
InfiniteTokenLifetime bool: Whether refresh tokens should remain valid indefinitely. If false, tokenLifetime should also be set.
Leeway int: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
RotationType string: Refresh token rotation type.Valid values are rotating and non-rotating
TokenLifetime int: The absolute lifetime of a refresh token in seconds.

expirationType String: Refresh token expiration type. Must be expiring for CIMD clients.
idleTokenLifetime Integer: The time in seconds after which inactive refresh tokens will expire.
infiniteIdleTokenLifetime Boolean: Whether inactive refresh tokens should remain valid indefinitely. Must be false for CIMD clients.
infiniteTokenLifetime Boolean: Whether refresh tokens should remain valid indefinitely. If false, tokenLifetime should also be set.
leeway Integer: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
rotationType String: Refresh token rotation type.Valid values are rotating and non-rotating
tokenLifetime Integer: The absolute lifetime of a refresh token in seconds.

expirationType string: Refresh token expiration type. Must be expiring for CIMD clients.
idleTokenLifetime number: The time in seconds after which inactive refresh tokens will expire.
infiniteIdleTokenLifetime boolean: Whether inactive refresh tokens should remain valid indefinitely. Must be false for CIMD clients.
infiniteTokenLifetime boolean: Whether refresh tokens should remain valid indefinitely. If false, tokenLifetime should also be set.
leeway number: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
rotationType string: Refresh token rotation type.Valid values are rotating and non-rotating
tokenLifetime number: The absolute lifetime of a refresh token in seconds.

expiration_type str: Refresh token expiration type. Must be expiring for CIMD clients.
idle_token_lifetime int: The time in seconds after which inactive refresh tokens will expire.
infinite_idle_token_lifetime bool: Whether inactive refresh tokens should remain valid indefinitely. Must be false for CIMD clients.
infinite_token_lifetime bool: Whether refresh tokens should remain valid indefinitely. If false, tokenLifetime should also be set.
leeway int: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
rotation_type str: Refresh token rotation type.Valid values are rotating and non-rotating
token_lifetime int: The absolute lifetime of a refresh token in seconds.

expirationType String: Refresh token expiration type. Must be expiring for CIMD clients.
idleTokenLifetime Number: The time in seconds after which inactive refresh tokens will expire.
infiniteIdleTokenLifetime Boolean: Whether inactive refresh tokens should remain valid indefinitely. Must be false for CIMD clients.
infiniteTokenLifetime Boolean: Whether refresh tokens should remain valid indefinitely. If false, tokenLifetime should also be set.
leeway Number: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
rotationType String: Refresh token rotation type.Valid values are rotating and non-rotating
tokenLifetime Number: The absolute lifetime of a refresh token in seconds.

ClientCimdTokenQuota, ClientCimdTokenQuotaArgs

ClientCredentials ClientCimdTokenQuotaClientCredentials: The token quota configuration for client credentials.

ClientCredentials ClientCimdTokenQuotaClientCredentials: The token quota configuration for client credentials.

clientCredentials ClientCimdTokenQuotaClientCredentials: The token quota configuration for client credentials.

clientCredentials ClientCimdTokenQuotaClientCredentials: The token quota configuration for client credentials.

client_credentials ClientCimdTokenQuotaClientCredentials: The token quota configuration for client credentials.

clientCredentials Property Map: The token quota configuration for client credentials.

ClientCimdTokenQuotaClientCredentials, ClientCimdTokenQuotaClientCredentialsArgs

Enforce bool: If enabled, the quota will be enforced and requests in excess of the quota will fail. If disabled, the quota will not be enforced, but notifications for requests exceeding the quota will be available in logs.
PerDay int: Maximum number of issued tokens per day
PerHour int: Maximum number of issued tokens per hour

Enforce bool: If enabled, the quota will be enforced and requests in excess of the quota will fail. If disabled, the quota will not be enforced, but notifications for requests exceeding the quota will be available in logs.
PerDay int: Maximum number of issued tokens per day
PerHour int: Maximum number of issued tokens per hour

enforce Boolean: If enabled, the quota will be enforced and requests in excess of the quota will fail. If disabled, the quota will not be enforced, but notifications for requests exceeding the quota will be available in logs.
perDay Integer: Maximum number of issued tokens per day
perHour Integer: Maximum number of issued tokens per hour

enforce boolean: If enabled, the quota will be enforced and requests in excess of the quota will fail. If disabled, the quota will not be enforced, but notifications for requests exceeding the quota will be available in logs.
perDay number: Maximum number of issued tokens per day
perHour number: Maximum number of issued tokens per hour

enforce bool: If enabled, the quota will be enforced and requests in excess of the quota will fail. If disabled, the quota will not be enforced, but notifications for requests exceeding the quota will be available in logs.
per_day int: Maximum number of issued tokens per day
per_hour int: Maximum number of issued tokens per hour

enforce Boolean: If enabled, the quota will be enforced and requests in excess of the quota will fail. If disabled, the quota will not be enforced, but notifications for requests exceeding the quota will be available in logs.
perDay Number: Maximum number of issued tokens per day
perHour Number: Maximum number of issued tokens per hour

ClientCimdValidation, ClientCimdValidationArgs

Valid bool: Whether the metadata document passed validation.
Violations List<string>: Array of validation violation messages, if any. Violations indicate issues that prevented the metadata document from being fully processed.
Warnings List<string>: Array of warning messages, if any. Warnings indicate non-critical issues such as unsupported properties being ignored.

Valid bool: Whether the metadata document passed validation.
Violations []string: Array of validation violation messages, if any. Violations indicate issues that prevented the metadata document from being fully processed.
Warnings []string: Array of warning messages, if any. Warnings indicate non-critical issues such as unsupported properties being ignored.

valid Boolean: Whether the metadata document passed validation.
violations List<String>: Array of validation violation messages, if any. Violations indicate issues that prevented the metadata document from being fully processed.
warnings List<String>: Array of warning messages, if any. Warnings indicate non-critical issues such as unsupported properties being ignored.

valid boolean: Whether the metadata document passed validation.
violations string[]: Array of validation violation messages, if any. Violations indicate issues that prevented the metadata document from being fully processed.
warnings string[]: Array of warning messages, if any. Warnings indicate non-critical issues such as unsupported properties being ignored.

valid bool: Whether the metadata document passed validation.
violations Sequence[str]: Array of validation violation messages, if any. Violations indicate issues that prevented the metadata document from being fully processed.
warnings Sequence[str]: Array of warning messages, if any. Warnings indicate non-critical issues such as unsupported properties being ignored.

valid Boolean: Whether the metadata document passed validation.
violations List<String>: Array of validation violation messages, if any. Violations indicate issues that prevented the metadata document from being fully processed.
warnings List<String>: Array of warning messages, if any. Warnings indicate non-critical issues such as unsupported properties being ignored.

Import

This resource can be imported by specifying the client ID. Generally CIMD clients have a “tpc_” prefix in their client ID.

Example:

$ pulumi import auth0:index/clientCimd:ClientCimd my_mcp_agent "tpc_5FPpaVyZGSNRCBzTb2zURZ"

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Auth0 pulumi/pulumi-auth0
License: Apache-2.0
Notes: This Pulumi package is based on the auth0 Terraform Provider.

Viewing docs for Auth0 v3.41.0
published on Tuesday, Apr 28, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-auth0

auth0.ClientCimd

On this page

On this page

Example Usage

Create ClientCimd Resource

Constructor syntax

Parameters

Constructor example

ClientCimd Resource Properties

Inputs

Outputs

Look up Existing ClientCimd Resource

Supporting Types

ClientCimdDefaultOrganization, ClientCimdDefaultOrganizationArgs

ClientCimdJwtConfiguration, ClientCimdJwtConfigurationArgs

ClientCimdRefreshToken, ClientCimdRefreshTokenArgs

ClientCimdTokenQuota, ClientCimdTokenQuotaArgs

ClientCimdTokenQuotaClientCredentials, ClientCimdTokenQuotaClientCredentialsArgs

ClientCimdValidation, ClientCimdValidationArgs

Import

Package Details

On this page

On this page