1. Packages
  2. Auth0
  3. API Docs
  4. ClientCredentials
Auth0 v3.4.0 published on Wednesday, Jun 19, 2024 by Pulumi

auth0.ClientCredentials

Explore with Pulumi AI

auth0 logo
Auth0 v3.4.0 published on Wednesday, Jun 19, 2024 by Pulumi

    With this resource, you can configure the method to use when making requests to any endpoint that requires this client to authenticate.

    Refer to the client secret rotation guide for instructions on how to rotate client secrets with zero downtime.

    Create ClientCredentials Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ClientCredentials(name: string, args: ClientCredentialsArgs, opts?: CustomResourceOptions);
    @overload
    def ClientCredentials(resource_name: str,
                          args: ClientCredentialsArgs,
                          opts: Optional[ResourceOptions] = None)
    
    @overload
    def ClientCredentials(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          authentication_method: Optional[str] = None,
                          client_id: Optional[str] = None,
                          client_secret: Optional[str] = None,
                          private_key_jwt: Optional[ClientCredentialsPrivateKeyJwtArgs] = None)
    func NewClientCredentials(ctx *Context, name string, args ClientCredentialsArgs, opts ...ResourceOption) (*ClientCredentials, error)
    public ClientCredentials(string name, ClientCredentialsArgs args, CustomResourceOptions? opts = null)
    public ClientCredentials(String name, ClientCredentialsArgs args)
    public ClientCredentials(String name, ClientCredentialsArgs args, CustomResourceOptions options)
    
    type: auth0:ClientCredentials
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ClientCredentialsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ClientCredentialsArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ClientCredentialsArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ClientCredentialsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ClientCredentialsArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var clientCredentialsResource = new Auth0.ClientCredentials("clientCredentialsResource", new()
    {
        AuthenticationMethod = "string",
        ClientId = "string",
        ClientSecret = "string",
        PrivateKeyJwt = new Auth0.Inputs.ClientCredentialsPrivateKeyJwtArgs
        {
            Credentials = new[]
            {
                new Auth0.Inputs.ClientCredentialsPrivateKeyJwtCredentialArgs
                {
                    CredentialType = "string",
                    Pem = "string",
                    Algorithm = "string",
                    CreatedAt = "string",
                    ExpiresAt = "string",
                    Id = "string",
                    KeyId = "string",
                    Name = "string",
                    ParseExpiryFromCert = false,
                    UpdatedAt = "string",
                },
            },
        },
    });
    
    example, err := auth0.NewClientCredentials(ctx, "clientCredentialsResource", &auth0.ClientCredentialsArgs{
    	AuthenticationMethod: pulumi.String("string"),
    	ClientId:             pulumi.String("string"),
    	ClientSecret:         pulumi.String("string"),
    	PrivateKeyJwt: &auth0.ClientCredentialsPrivateKeyJwtArgs{
    		Credentials: auth0.ClientCredentialsPrivateKeyJwtCredentialArray{
    			&auth0.ClientCredentialsPrivateKeyJwtCredentialArgs{
    				CredentialType:      pulumi.String("string"),
    				Pem:                 pulumi.String("string"),
    				Algorithm:           pulumi.String("string"),
    				CreatedAt:           pulumi.String("string"),
    				ExpiresAt:           pulumi.String("string"),
    				Id:                  pulumi.String("string"),
    				KeyId:               pulumi.String("string"),
    				Name:                pulumi.String("string"),
    				ParseExpiryFromCert: pulumi.Bool(false),
    				UpdatedAt:           pulumi.String("string"),
    			},
    		},
    	},
    })
    
    var clientCredentialsResource = new ClientCredentials("clientCredentialsResource", ClientCredentialsArgs.builder()
        .authenticationMethod("string")
        .clientId("string")
        .clientSecret("string")
        .privateKeyJwt(ClientCredentialsPrivateKeyJwtArgs.builder()
            .credentials(ClientCredentialsPrivateKeyJwtCredentialArgs.builder()
                .credentialType("string")
                .pem("string")
                .algorithm("string")
                .createdAt("string")
                .expiresAt("string")
                .id("string")
                .keyId("string")
                .name("string")
                .parseExpiryFromCert(false)
                .updatedAt("string")
                .build())
            .build())
        .build());
    
    client_credentials_resource = auth0.ClientCredentials("clientCredentialsResource",
        authentication_method="string",
        client_id="string",
        client_secret="string",
        private_key_jwt=auth0.ClientCredentialsPrivateKeyJwtArgs(
            credentials=[auth0.ClientCredentialsPrivateKeyJwtCredentialArgs(
                credential_type="string",
                pem="string",
                algorithm="string",
                created_at="string",
                expires_at="string",
                id="string",
                key_id="string",
                name="string",
                parse_expiry_from_cert=False,
                updated_at="string",
            )],
        ))
    
    const clientCredentialsResource = new auth0.ClientCredentials("clientCredentialsResource", {
        authenticationMethod: "string",
        clientId: "string",
        clientSecret: "string",
        privateKeyJwt: {
            credentials: [{
                credentialType: "string",
                pem: "string",
                algorithm: "string",
                createdAt: "string",
                expiresAt: "string",
                id: "string",
                keyId: "string",
                name: "string",
                parseExpiryFromCert: false,
                updatedAt: "string",
            }],
        },
    });
    
    type: auth0:ClientCredentials
    properties:
        authenticationMethod: string
        clientId: string
        clientSecret: string
        privateKeyJwt:
            credentials:
                - algorithm: string
                  createdAt: string
                  credentialType: string
                  expiresAt: string
                  id: string
                  keyId: string
                  name: string
                  parseExpiryFromCert: false
                  pem: string
                  updatedAt: string
    

    ClientCredentials Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ClientCredentials resource accepts the following input properties:

    AuthenticationMethod string
    Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include none (public client without a client secret), client_secret_post (confidential client using HTTP POST parameters), client_secret_basic (confidential client using HTTP Basic), private_key_jwt (confidential client using a Private Key JWT).
    ClientId string
    The ID of the client for which to configure the authentication method.
    ClientSecret string
    PrivateKeyJwt ClientCredentialsPrivateKeyJwt
    Defines private_key_jwt client authentication method.
    AuthenticationMethod string
    Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include none (public client without a client secret), client_secret_post (confidential client using HTTP POST parameters), client_secret_basic (confidential client using HTTP Basic), private_key_jwt (confidential client using a Private Key JWT).
    ClientId string
    The ID of the client for which to configure the authentication method.
    ClientSecret string
    PrivateKeyJwt ClientCredentialsPrivateKeyJwtArgs
    Defines private_key_jwt client authentication method.
    authenticationMethod String
    Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include none (public client without a client secret), client_secret_post (confidential client using HTTP POST parameters), client_secret_basic (confidential client using HTTP Basic), private_key_jwt (confidential client using a Private Key JWT).
    clientId String
    The ID of the client for which to configure the authentication method.
    clientSecret String
    privateKeyJwt ClientCredentialsPrivateKeyJwt
    Defines private_key_jwt client authentication method.
    authenticationMethod string
    Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include none (public client without a client secret), client_secret_post (confidential client using HTTP POST parameters), client_secret_basic (confidential client using HTTP Basic), private_key_jwt (confidential client using a Private Key JWT).
    clientId string
    The ID of the client for which to configure the authentication method.
    clientSecret string
    privateKeyJwt ClientCredentialsPrivateKeyJwt
    Defines private_key_jwt client authentication method.
    authentication_method str
    Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include none (public client without a client secret), client_secret_post (confidential client using HTTP POST parameters), client_secret_basic (confidential client using HTTP Basic), private_key_jwt (confidential client using a Private Key JWT).
    client_id str
    The ID of the client for which to configure the authentication method.
    client_secret str
    private_key_jwt ClientCredentialsPrivateKeyJwtArgs
    Defines private_key_jwt client authentication method.
    authenticationMethod String
    Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include none (public client without a client secret), client_secret_post (confidential client using HTTP POST parameters), client_secret_basic (confidential client using HTTP Basic), private_key_jwt (confidential client using a Private Key JWT).
    clientId String
    The ID of the client for which to configure the authentication method.
    clientSecret String
    privateKeyJwt Property Map
    Defines private_key_jwt client authentication method.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ClientCredentials resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing ClientCredentials Resource

    Get an existing ClientCredentials resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ClientCredentialsState, opts?: CustomResourceOptions): ClientCredentials
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            authentication_method: Optional[str] = None,
            client_id: Optional[str] = None,
            client_secret: Optional[str] = None,
            private_key_jwt: Optional[ClientCredentialsPrivateKeyJwtArgs] = None) -> ClientCredentials
    func GetClientCredentials(ctx *Context, name string, id IDInput, state *ClientCredentialsState, opts ...ResourceOption) (*ClientCredentials, error)
    public static ClientCredentials Get(string name, Input<string> id, ClientCredentialsState? state, CustomResourceOptions? opts = null)
    public static ClientCredentials get(String name, Output<String> id, ClientCredentialsState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AuthenticationMethod string
    Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include none (public client without a client secret), client_secret_post (confidential client using HTTP POST parameters), client_secret_basic (confidential client using HTTP Basic), private_key_jwt (confidential client using a Private Key JWT).
    ClientId string
    The ID of the client for which to configure the authentication method.
    ClientSecret string
    PrivateKeyJwt ClientCredentialsPrivateKeyJwt
    Defines private_key_jwt client authentication method.
    AuthenticationMethod string
    Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include none (public client without a client secret), client_secret_post (confidential client using HTTP POST parameters), client_secret_basic (confidential client using HTTP Basic), private_key_jwt (confidential client using a Private Key JWT).
    ClientId string
    The ID of the client for which to configure the authentication method.
    ClientSecret string
    PrivateKeyJwt ClientCredentialsPrivateKeyJwtArgs
    Defines private_key_jwt client authentication method.
    authenticationMethod String
    Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include none (public client without a client secret), client_secret_post (confidential client using HTTP POST parameters), client_secret_basic (confidential client using HTTP Basic), private_key_jwt (confidential client using a Private Key JWT).
    clientId String
    The ID of the client for which to configure the authentication method.
    clientSecret String
    privateKeyJwt ClientCredentialsPrivateKeyJwt
    Defines private_key_jwt client authentication method.
    authenticationMethod string
    Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include none (public client without a client secret), client_secret_post (confidential client using HTTP POST parameters), client_secret_basic (confidential client using HTTP Basic), private_key_jwt (confidential client using a Private Key JWT).
    clientId string
    The ID of the client for which to configure the authentication method.
    clientSecret string
    privateKeyJwt ClientCredentialsPrivateKeyJwt
    Defines private_key_jwt client authentication method.
    authentication_method str
    Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include none (public client without a client secret), client_secret_post (confidential client using HTTP POST parameters), client_secret_basic (confidential client using HTTP Basic), private_key_jwt (confidential client using a Private Key JWT).
    client_id str
    The ID of the client for which to configure the authentication method.
    client_secret str
    private_key_jwt ClientCredentialsPrivateKeyJwtArgs
    Defines private_key_jwt client authentication method.
    authenticationMethod String
    Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include none (public client without a client secret), client_secret_post (confidential client using HTTP POST parameters), client_secret_basic (confidential client using HTTP Basic), private_key_jwt (confidential client using a Private Key JWT).
    clientId String
    The ID of the client for which to configure the authentication method.
    clientSecret String
    privateKeyJwt Property Map
    Defines private_key_jwt client authentication method.

    Supporting Types

    ClientCredentialsPrivateKeyJwt, ClientCredentialsPrivateKeyJwtArgs

    Credentials List<ClientCredentialsPrivateKeyJwtCredential>
    Client credentials available for use when Private Key JWT is in use as the client authentication method. A maximum of 2 client credentials can be set.
    Credentials []ClientCredentialsPrivateKeyJwtCredential
    Client credentials available for use when Private Key JWT is in use as the client authentication method. A maximum of 2 client credentials can be set.
    credentials List<ClientCredentialsPrivateKeyJwtCredential>
    Client credentials available for use when Private Key JWT is in use as the client authentication method. A maximum of 2 client credentials can be set.
    credentials ClientCredentialsPrivateKeyJwtCredential[]
    Client credentials available for use when Private Key JWT is in use as the client authentication method. A maximum of 2 client credentials can be set.
    credentials Sequence[ClientCredentialsPrivateKeyJwtCredential]
    Client credentials available for use when Private Key JWT is in use as the client authentication method. A maximum of 2 client credentials can be set.
    credentials List<Property Map>
    Client credentials available for use when Private Key JWT is in use as the client authentication method. A maximum of 2 client credentials can be set.

    ClientCredentialsPrivateKeyJwtCredential, ClientCredentialsPrivateKeyJwtCredentialArgs

    CredentialType string
    Credential type. Supported types: public_key.
    Pem string
    PEM-formatted public key (SPKI and PKCS1) or X509 certificate. Must be JSON escaped.
    Algorithm string
    Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
    CreatedAt string
    The ISO 8601 formatted date the credential was created.
    ExpiresAt string
    The ISO 8601 formatted date representing the expiration of the credential. It is not possible to set this to never expire after it has been set. Recreate the certificate if needed.
    Id string
    The ID of the client credential.
    KeyId string
    The key identifier of the credential, generated on creation.
    Name string
    Friendly name for a credential.
    ParseExpiryFromCert bool
    Parse expiry from x509 certificate. If true, attempts to parse the expiry date from the provided PEM. If also the expires_at is set the credential expiry will be set to the explicit expires_at value.
    UpdatedAt string
    The ISO 8601 formatted date the credential was updated.
    CredentialType string
    Credential type. Supported types: public_key.
    Pem string
    PEM-formatted public key (SPKI and PKCS1) or X509 certificate. Must be JSON escaped.
    Algorithm string
    Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
    CreatedAt string
    The ISO 8601 formatted date the credential was created.
    ExpiresAt string
    The ISO 8601 formatted date representing the expiration of the credential. It is not possible to set this to never expire after it has been set. Recreate the certificate if needed.
    Id string
    The ID of the client credential.
    KeyId string
    The key identifier of the credential, generated on creation.
    Name string
    Friendly name for a credential.
    ParseExpiryFromCert bool
    Parse expiry from x509 certificate. If true, attempts to parse the expiry date from the provided PEM. If also the expires_at is set the credential expiry will be set to the explicit expires_at value.
    UpdatedAt string
    The ISO 8601 formatted date the credential was updated.
    credentialType String
    Credential type. Supported types: public_key.
    pem String
    PEM-formatted public key (SPKI and PKCS1) or X509 certificate. Must be JSON escaped.
    algorithm String
    Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
    createdAt String
    The ISO 8601 formatted date the credential was created.
    expiresAt String
    The ISO 8601 formatted date representing the expiration of the credential. It is not possible to set this to never expire after it has been set. Recreate the certificate if needed.
    id String
    The ID of the client credential.
    keyId String
    The key identifier of the credential, generated on creation.
    name String
    Friendly name for a credential.
    parseExpiryFromCert Boolean
    Parse expiry from x509 certificate. If true, attempts to parse the expiry date from the provided PEM. If also the expires_at is set the credential expiry will be set to the explicit expires_at value.
    updatedAt String
    The ISO 8601 formatted date the credential was updated.
    credentialType string
    Credential type. Supported types: public_key.
    pem string
    PEM-formatted public key (SPKI and PKCS1) or X509 certificate. Must be JSON escaped.
    algorithm string
    Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
    createdAt string
    The ISO 8601 formatted date the credential was created.
    expiresAt string
    The ISO 8601 formatted date representing the expiration of the credential. It is not possible to set this to never expire after it has been set. Recreate the certificate if needed.
    id string
    The ID of the client credential.
    keyId string
    The key identifier of the credential, generated on creation.
    name string
    Friendly name for a credential.
    parseExpiryFromCert boolean
    Parse expiry from x509 certificate. If true, attempts to parse the expiry date from the provided PEM. If also the expires_at is set the credential expiry will be set to the explicit expires_at value.
    updatedAt string
    The ISO 8601 formatted date the credential was updated.
    credential_type str
    Credential type. Supported types: public_key.
    pem str
    PEM-formatted public key (SPKI and PKCS1) or X509 certificate. Must be JSON escaped.
    algorithm str
    Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
    created_at str
    The ISO 8601 formatted date the credential was created.
    expires_at str
    The ISO 8601 formatted date representing the expiration of the credential. It is not possible to set this to never expire after it has been set. Recreate the certificate if needed.
    id str
    The ID of the client credential.
    key_id str
    The key identifier of the credential, generated on creation.
    name str
    Friendly name for a credential.
    parse_expiry_from_cert bool
    Parse expiry from x509 certificate. If true, attempts to parse the expiry date from the provided PEM. If also the expires_at is set the credential expiry will be set to the explicit expires_at value.
    updated_at str
    The ISO 8601 formatted date the credential was updated.
    credentialType String
    Credential type. Supported types: public_key.
    pem String
    PEM-formatted public key (SPKI and PKCS1) or X509 certificate. Must be JSON escaped.
    algorithm String
    Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
    createdAt String
    The ISO 8601 formatted date the credential was created.
    expiresAt String
    The ISO 8601 formatted date representing the expiration of the credential. It is not possible to set this to never expire after it has been set. Recreate the certificate if needed.
    id String
    The ID of the client credential.
    keyId String
    The key identifier of the credential, generated on creation.
    name String
    Friendly name for a credential.
    parseExpiryFromCert Boolean
    Parse expiry from x509 certificate. If true, attempts to parse the expiry date from the provided PEM. If also the expires_at is set the credential expiry will be set to the explicit expires_at value.
    updatedAt String
    The ISO 8601 formatted date the credential was updated.

    Import

    This resource can be imported by specifying the client ID.

    Example:

    $ pulumi import auth0:index/clientCredentials:ClientCredentials my_creds "AaiyAPdpYdesoKnqjj8HJqRn4T5titww"
    

    ~> Importing this resource when the authentication_method is set to private_key_jwt will force the resource to be recreated.

    This is to be expected, because the pem file can’t be checked for differences.

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Auth0 pulumi/pulumi-auth0
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the auth0 Terraform Provider.
    auth0 logo
    Auth0 v3.4.0 published on Wednesday, Jun 19, 2024 by Pulumi