Auth0 v3.18.0, Apr 18 25

Auth0 v3.18.0 published on Friday, Apr 18, 2025 by Pulumi

auth0.getClient

Explore with Pulumi AI

Auth0 v3.18.0 published on Friday, Apr 18, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

// An Auth0 Client loaded using its name.
const some_client_by_name = auth0.getClient({
    name: "Name of my Application",
});
// An Auth0 Client loaded using its ID.
const some_client_by_id = auth0.getClient({
    clientId: "abcdefghkijklmnopqrstuvwxyz0123456789",
});

import pulumi
import pulumi_auth0 as auth0

# An Auth0 Client loaded using its name.
some_client_by_name = auth0.get_client(name="Name of my Application")
# An Auth0 Client loaded using its ID.
some_client_by_id = auth0.get_client(client_id="abcdefghkijklmnopqrstuvwxyz0123456789")

package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// An Auth0 Client loaded using its name.
		_, err := auth0.LookupClient(ctx, &auth0.LookupClientArgs{
			Name: pulumi.StringRef("Name of my Application"),
		}, nil)
		if err != nil {
			return err
		}
		// An Auth0 Client loaded using its ID.
		_, err = auth0.LookupClient(ctx, &auth0.LookupClientArgs{
			ClientId: pulumi.StringRef("abcdefghkijklmnopqrstuvwxyz0123456789"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    // An Auth0 Client loaded using its name.
    var some_client_by_name = Auth0.GetClient.Invoke(new()
    {
        Name = "Name of my Application",
    });

    // An Auth0 Client loaded using its ID.
    var some_client_by_id = Auth0.GetClient.Invoke(new()
    {
        ClientId = "abcdefghkijklmnopqrstuvwxyz0123456789",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Auth0Functions;
import com.pulumi.auth0.inputs.GetClientArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // An Auth0 Client loaded using its name.
        final var some-client-by-name = Auth0Functions.getClient(GetClientArgs.builder()
            .name("Name of my Application")
            .build());

        // An Auth0 Client loaded using its ID.
        final var some-client-by-id = Auth0Functions.getClient(GetClientArgs.builder()
            .clientId("abcdefghkijklmnopqrstuvwxyz0123456789")
            .build());

    }
}

variables:
  # An Auth0 Client loaded using its name.
  some-client-by-name:
    fn::invoke:
      function: auth0:getClient
      arguments:
        name: Name of my Application
  # An Auth0 Client loaded using its ID.
  some-client-by-id:
    fn::invoke:
      function: auth0:getClient
      arguments:
        clientId: abcdefghkijklmnopqrstuvwxyz0123456789

Using getClient

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getClient(args: GetClientArgs, opts?: InvokeOptions): Promise<GetClientResult>
function getClientOutput(args: GetClientOutputArgs, opts?: InvokeOptions): Output<GetClientResult>

def get_client(client_id: Optional[str] = None,
               name: Optional[str] = None,
               opts: Optional[InvokeOptions] = None) -> GetClientResult
def get_client_output(client_id: Optional[pulumi.Input[str]] = None,
               name: Optional[pulumi.Input[str]] = None,
               opts: Optional[InvokeOptions] = None) -> Output[GetClientResult]

func LookupClient(ctx *Context, args *LookupClientArgs, opts ...InvokeOption) (*LookupClientResult, error)
func LookupClientOutput(ctx *Context, args *LookupClientOutputArgs, opts ...InvokeOption) LookupClientResultOutput

> Note: This function is named LookupClient in the Go SDK.

public static class GetClient 
{
    public static Task<GetClientResult> InvokeAsync(GetClientArgs args, InvokeOptions? opts = null)
    public static Output<GetClientResult> Invoke(GetClientInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetClientResult> getClient(GetClientArgs args, InvokeOptions options)
public static Output<GetClientResult> getClient(GetClientArgs args, InvokeOptions options)

fn::invoke:
  function: auth0:index/getClient:getClient
  arguments:
    # arguments dictionary

The following arguments are supported:

ClientId string: The ID of the client. If not provided, name must be set.
Name string: The name of the client. If not provided, client_id must be set.

ClientId string: The ID of the client. If not provided, name must be set.
Name string: The name of the client. If not provided, client_id must be set.

clientId String: The ID of the client. If not provided, name must be set.
name String: The name of the client. If not provided, client_id must be set.

clientId string: The ID of the client. If not provided, name must be set.
name string: The name of the client. If not provided, client_id must be set.

client_id str: The ID of the client. If not provided, name must be set.
name str: The name of the client. If not provided, client_id must be set.

clientId String: The ID of the client. If not provided, name must be set.
name String: The name of the client. If not provided, client_id must be set.

getClient Result

The following output properties are available:

Addons List<GetClientAddon>: Addons enabled for this client and their associated configurations.
AllowedClients List<string>: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
AllowedLogoutUrls List<string>: URLs that Auth0 may redirect to after logout.
AllowedOrigins List<string>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
AppType string: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
Callbacks List<string>: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
ClientAliases List<string>: List of audiences/realms for SAML protocol. Used by the wsfed addon.
ClientAuthenticationMethods List<GetClientClientAuthenticationMethod>: Defines client authentication methods.
ClientMetadata Dictionary<string, string>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
ClientSecret string
ComplianceLevel string: Defines the compliance level for this client, which may restrict it's capabilities. Can be one of none, fapi1_adv_pkj_par, fapi1_adv_mtls_par.
CrossOriginAuth bool: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).
CrossOriginLoc string: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
CustomLoginPage string: The content (HTML, CSS, JS) of the custom login page.
CustomLoginPageOn bool: Indicates whether a custom login page is to be used.
DefaultOrganizations List<GetClientDefaultOrganization>: Configure and associate an organization with the Client
Description string: Description of the purpose of the client.
EncryptionKey Dictionary<string, string>: Encryption used for WS-Fed responses with this client.
FormTemplate string: HTML form template to be used for WS-Federation.
GrantTypes List<string>: Types of grants that this client is authorized to use.
Id string: The provider-assigned unique ID for this managed resource.
InitiateLoginUri string: Initiate login URI. Must be HTTPS or an empty string.
IsFirstParty bool: Indicates whether this client is a first-party client.Defaults to true from the API
IsTokenEndpointIpHeaderTrusted bool: Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to client_secret_post or client_secret_basic. Setting this property when creating the resource, will default the authentication method to client_secret_post. To change the authentication method to client_secret_basic use the auth0.ClientCredentials resource.
JwtConfigurations List<GetClientJwtConfiguration>: Configuration settings for the JWTs issued for this client.
LogoUri string: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
Mobiles List<GetClientMobile>: Additional configuration for native mobile apps.
NativeSocialLogins List<GetClientNativeSocialLogin>: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
OidcBackchannelLogoutUrls List<string>: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
OidcConformant bool: Indicates whether this client will conform to strict OIDC specifications.
OidcLogouts List<GetClientOidcLogout>: Configure OIDC logout for the Client
OrganizationRequireBehavior string: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default), pre_login_prompt or post_login_prompt.
OrganizationUsage string: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
RefreshTokens List<GetClientRefreshToken>: Configuration settings for the refresh tokens issued for this client.
RequireProofOfPossession bool: Makes the use of Proof-of-Possession mandatory for this client.
RequirePushedAuthorizationRequests bool: Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
SignedRequestObjects List<GetClientSignedRequestObject>: Configuration for JWT-secured Authorization Requests(JAR).
SigningKeys List<ImmutableDictionary<string, string>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
Sso bool: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
SsoDisabled bool: Indicates whether or not SSO is disabled.
TokenEndpointAuthMethod string: The authentication method for the token endpoint. Results include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic), Managing a client's authentication method can be done via the auth0.ClientCredentials resource.
TokenExchanges List<GetClientTokenExchange>: Allows configuration for token exchange
WebOrigins List<string>: URLs that represent valid web origins for use with web message response mode.
ClientId string: The ID of the client. If not provided, name must be set.
Name string: The name of the client. If not provided, client_id must be set.

Addons []GetClientAddon: Addons enabled for this client and their associated configurations.
AllowedClients []string: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
AllowedLogoutUrls []string: URLs that Auth0 may redirect to after logout.
AllowedOrigins []string: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
AppType string: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
Callbacks []string: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
ClientAliases []string: List of audiences/realms for SAML protocol. Used by the wsfed addon.
ClientAuthenticationMethods []GetClientClientAuthenticationMethod: Defines client authentication methods.
ClientMetadata map[string]string: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
ClientSecret string
ComplianceLevel string: Defines the compliance level for this client, which may restrict it's capabilities. Can be one of none, fapi1_adv_pkj_par, fapi1_adv_mtls_par.
CrossOriginAuth bool: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).
CrossOriginLoc string: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
CustomLoginPage string: The content (HTML, CSS, JS) of the custom login page.
CustomLoginPageOn bool: Indicates whether a custom login page is to be used.
DefaultOrganizations []GetClientDefaultOrganization: Configure and associate an organization with the Client
Description string: Description of the purpose of the client.
EncryptionKey map[string]string: Encryption used for WS-Fed responses with this client.
FormTemplate string: HTML form template to be used for WS-Federation.
GrantTypes []string: Types of grants that this client is authorized to use.
Id string: The provider-assigned unique ID for this managed resource.
InitiateLoginUri string: Initiate login URI. Must be HTTPS or an empty string.
IsFirstParty bool: Indicates whether this client is a first-party client.Defaults to true from the API
IsTokenEndpointIpHeaderTrusted bool: Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to client_secret_post or client_secret_basic. Setting this property when creating the resource, will default the authentication method to client_secret_post. To change the authentication method to client_secret_basic use the auth0.ClientCredentials resource.
JwtConfigurations []GetClientJwtConfiguration: Configuration settings for the JWTs issued for this client.
LogoUri string: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
Mobiles []GetClientMobile: Additional configuration for native mobile apps.
NativeSocialLogins []GetClientNativeSocialLogin: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
OidcBackchannelLogoutUrls []string: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
OidcConformant bool: Indicates whether this client will conform to strict OIDC specifications.
OidcLogouts []GetClientOidcLogout: Configure OIDC logout for the Client
OrganizationRequireBehavior string: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default), pre_login_prompt or post_login_prompt.
OrganizationUsage string: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
RefreshTokens []GetClientRefreshToken: Configuration settings for the refresh tokens issued for this client.
RequireProofOfPossession bool: Makes the use of Proof-of-Possession mandatory for this client.
RequirePushedAuthorizationRequests bool: Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
SignedRequestObjects []GetClientSignedRequestObject: Configuration for JWT-secured Authorization Requests(JAR).
SigningKeys []map[string]string: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
Sso bool: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
SsoDisabled bool: Indicates whether or not SSO is disabled.
TokenEndpointAuthMethod string: The authentication method for the token endpoint. Results include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic), Managing a client's authentication method can be done via the auth0.ClientCredentials resource.
TokenExchanges []GetClientTokenExchange: Allows configuration for token exchange
WebOrigins []string: URLs that represent valid web origins for use with web message response mode.
ClientId string: The ID of the client. If not provided, name must be set.
Name string: The name of the client. If not provided, client_id must be set.

addons List<GetClientAddon>: Addons enabled for this client and their associated configurations.
allowedClients List<String>: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
allowedLogoutUrls List<String>: URLs that Auth0 may redirect to after logout.
allowedOrigins List<String>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType String: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks List<String>: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
clientAliases List<String>: List of audiences/realms for SAML protocol. Used by the wsfed addon.
clientAuthenticationMethods List<GetClientClientAuthenticationMethod>: Defines client authentication methods.
clientMetadata Map<String,String>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
clientSecret String
complianceLevel String: Defines the compliance level for this client, which may restrict it's capabilities. Can be one of none, fapi1_adv_pkj_par, fapi1_adv_mtls_par.
crossOriginAuth Boolean: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).
crossOriginLoc String: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
customLoginPage String: The content (HTML, CSS, JS) of the custom login page.
customLoginPageOn Boolean: Indicates whether a custom login page is to be used.
defaultOrganizations List<GetClientDefaultOrganization>: Configure and associate an organization with the Client
description String: Description of the purpose of the client.
encryptionKey Map<String,String>: Encryption used for WS-Fed responses with this client.
formTemplate String: HTML form template to be used for WS-Federation.
grantTypes List<String>: Types of grants that this client is authorized to use.
id String: The provider-assigned unique ID for this managed resource.
initiateLoginUri String: Initiate login URI. Must be HTTPS or an empty string.
isFirstParty Boolean: Indicates whether this client is a first-party client.Defaults to true from the API
isTokenEndpointIpHeaderTrusted Boolean: Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to client_secret_post or client_secret_basic. Setting this property when creating the resource, will default the authentication method to client_secret_post. To change the authentication method to client_secret_basic use the auth0.ClientCredentials resource.
jwtConfigurations List<GetClientJwtConfiguration>: Configuration settings for the JWTs issued for this client.
logoUri String: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobiles List<GetClientMobile>: Additional configuration for native mobile apps.
nativeSocialLogins List<GetClientNativeSocialLogin>: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
oidcBackchannelLogoutUrls List<String>: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
oidcConformant Boolean: Indicates whether this client will conform to strict OIDC specifications.
oidcLogouts List<GetClientOidcLogout>: Configure OIDC logout for the Client
organizationRequireBehavior String: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default), pre_login_prompt or post_login_prompt.
organizationUsage String: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
refreshTokens List<GetClientRefreshToken>: Configuration settings for the refresh tokens issued for this client.
requireProofOfPossession Boolean: Makes the use of Proof-of-Possession mandatory for this client.
requirePushedAuthorizationRequests Boolean: Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
signedRequestObjects List<GetClientSignedRequestObject>: Configuration for JWT-secured Authorization Requests(JAR).
signingKeys List<Map<String,String>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
sso Boolean: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
ssoDisabled Boolean: Indicates whether or not SSO is disabled.
tokenEndpointAuthMethod String: The authentication method for the token endpoint. Results include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic), Managing a client's authentication method can be done via the auth0.ClientCredentials resource.
tokenExchanges List<GetClientTokenExchange>: Allows configuration for token exchange
webOrigins List<String>: URLs that represent valid web origins for use with web message response mode.
clientId String: The ID of the client. If not provided, name must be set.
name String: The name of the client. If not provided, client_id must be set.

addons GetClientAddon[]: Addons enabled for this client and their associated configurations.
allowedClients string[]: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
allowedLogoutUrls string[]: URLs that Auth0 may redirect to after logout.
allowedOrigins string[]: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType string: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks string[]: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
clientAliases string[]: List of audiences/realms for SAML protocol. Used by the wsfed addon.
clientAuthenticationMethods GetClientClientAuthenticationMethod[]: Defines client authentication methods.
clientMetadata {[key: string]: string}: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
clientSecret string
complianceLevel string: Defines the compliance level for this client, which may restrict it's capabilities. Can be one of none, fapi1_adv_pkj_par, fapi1_adv_mtls_par.
crossOriginAuth boolean: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).
crossOriginLoc string: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
customLoginPage string: The content (HTML, CSS, JS) of the custom login page.
customLoginPageOn boolean: Indicates whether a custom login page is to be used.
defaultOrganizations GetClientDefaultOrganization[]: Configure and associate an organization with the Client
description string: Description of the purpose of the client.
encryptionKey {[key: string]: string}: Encryption used for WS-Fed responses with this client.
formTemplate string: HTML form template to be used for WS-Federation.
grantTypes string[]: Types of grants that this client is authorized to use.
id string: The provider-assigned unique ID for this managed resource.
initiateLoginUri string: Initiate login URI. Must be HTTPS or an empty string.
isFirstParty boolean: Indicates whether this client is a first-party client.Defaults to true from the API
isTokenEndpointIpHeaderTrusted boolean: Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to client_secret_post or client_secret_basic. Setting this property when creating the resource, will default the authentication method to client_secret_post. To change the authentication method to client_secret_basic use the auth0.ClientCredentials resource.
jwtConfigurations GetClientJwtConfiguration[]: Configuration settings for the JWTs issued for this client.
logoUri string: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobiles GetClientMobile[]: Additional configuration for native mobile apps.
nativeSocialLogins GetClientNativeSocialLogin[]: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
oidcBackchannelLogoutUrls string[]: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
oidcConformant boolean: Indicates whether this client will conform to strict OIDC specifications.
oidcLogouts GetClientOidcLogout[]: Configure OIDC logout for the Client
organizationRequireBehavior string: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default), pre_login_prompt or post_login_prompt.
organizationUsage string: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
refreshTokens GetClientRefreshToken[]: Configuration settings for the refresh tokens issued for this client.
requireProofOfPossession boolean: Makes the use of Proof-of-Possession mandatory for this client.
requirePushedAuthorizationRequests boolean: Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
signedRequestObjects GetClientSignedRequestObject[]: Configuration for JWT-secured Authorization Requests(JAR).
signingKeys {[key: string]: string}[]: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
sso boolean: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
ssoDisabled boolean: Indicates whether or not SSO is disabled.
tokenEndpointAuthMethod string: The authentication method for the token endpoint. Results include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic), Managing a client's authentication method can be done via the auth0.ClientCredentials resource.
tokenExchanges GetClientTokenExchange[]: Allows configuration for token exchange
webOrigins string[]: URLs that represent valid web origins for use with web message response mode.
clientId string: The ID of the client. If not provided, name must be set.
name string: The name of the client. If not provided, client_id must be set.

addons Sequence[GetClientAddon]: Addons enabled for this client and their associated configurations.
allowed_clients Sequence[str]: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
allowed_logout_urls Sequence[str]: URLs that Auth0 may redirect to after logout.
allowed_origins Sequence[str]: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
app_type str: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks Sequence[str]: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
client_aliases Sequence[str]: List of audiences/realms for SAML protocol. Used by the wsfed addon.
client_authentication_methods Sequence[GetClientClientAuthenticationMethod]: Defines client authentication methods.
client_metadata Mapping[str, str]: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
client_secret str
compliance_level str: Defines the compliance level for this client, which may restrict it's capabilities. Can be one of none, fapi1_adv_pkj_par, fapi1_adv_mtls_par.
cross_origin_auth bool: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).
cross_origin_loc str: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
custom_login_page str: The content (HTML, CSS, JS) of the custom login page.
custom_login_page_on bool: Indicates whether a custom login page is to be used.
default_organizations Sequence[GetClientDefaultOrganization]: Configure and associate an organization with the Client
description str: Description of the purpose of the client.
encryption_key Mapping[str, str]: Encryption used for WS-Fed responses with this client.
form_template str: HTML form template to be used for WS-Federation.
grant_types Sequence[str]: Types of grants that this client is authorized to use.
id str: The provider-assigned unique ID for this managed resource.
initiate_login_uri str: Initiate login URI. Must be HTTPS or an empty string.
is_first_party bool: Indicates whether this client is a first-party client.Defaults to true from the API
is_token_endpoint_ip_header_trusted bool: Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to client_secret_post or client_secret_basic. Setting this property when creating the resource, will default the authentication method to client_secret_post. To change the authentication method to client_secret_basic use the auth0.ClientCredentials resource.
jwt_configurations Sequence[GetClientJwtConfiguration]: Configuration settings for the JWTs issued for this client.
logo_uri str: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobiles Sequence[GetClientMobile]: Additional configuration for native mobile apps.
native_social_logins Sequence[GetClientNativeSocialLogin]: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
oidc_backchannel_logout_urls Sequence[str]: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
oidc_conformant bool: Indicates whether this client will conform to strict OIDC specifications.
oidc_logouts Sequence[GetClientOidcLogout]: Configure OIDC logout for the Client
organization_require_behavior str: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default), pre_login_prompt or post_login_prompt.
organization_usage str: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
refresh_tokens Sequence[GetClientRefreshToken]: Configuration settings for the refresh tokens issued for this client.
require_proof_of_possession bool: Makes the use of Proof-of-Possession mandatory for this client.
require_pushed_authorization_requests bool: Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
signed_request_objects Sequence[GetClientSignedRequestObject]: Configuration for JWT-secured Authorization Requests(JAR).
signing_keys Sequence[Mapping[str, str]]: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
sso bool: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
sso_disabled bool: Indicates whether or not SSO is disabled.
token_endpoint_auth_method str: The authentication method for the token endpoint. Results include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic), Managing a client's authentication method can be done via the auth0.ClientCredentials resource.
token_exchanges Sequence[GetClientTokenExchange]: Allows configuration for token exchange
web_origins Sequence[str]: URLs that represent valid web origins for use with web message response mode.
client_id str: The ID of the client. If not provided, name must be set.
name str: The name of the client. If not provided, client_id must be set.

addons List<Property Map>: Addons enabled for this client and their associated configurations.
allowedClients List<String>: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
allowedLogoutUrls List<String>: URLs that Auth0 may redirect to after logout.
allowedOrigins List<String>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType String: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks List<String>: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
clientAliases List<String>: List of audiences/realms for SAML protocol. Used by the wsfed addon.
clientAuthenticationMethods List<Property Map>: Defines client authentication methods.
clientMetadata Map<String>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
clientSecret String
complianceLevel String: Defines the compliance level for this client, which may restrict it's capabilities. Can be one of none, fapi1_adv_pkj_par, fapi1_adv_mtls_par.
crossOriginAuth Boolean: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).
crossOriginLoc String: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
customLoginPage String: The content (HTML, CSS, JS) of the custom login page.
customLoginPageOn Boolean: Indicates whether a custom login page is to be used.
defaultOrganizations List<Property Map>: Configure and associate an organization with the Client
description String: Description of the purpose of the client.
encryptionKey Map<String>: Encryption used for WS-Fed responses with this client.
formTemplate String: HTML form template to be used for WS-Federation.
grantTypes List<String>: Types of grants that this client is authorized to use.
id String: The provider-assigned unique ID for this managed resource.
initiateLoginUri String: Initiate login URI. Must be HTTPS or an empty string.
isFirstParty Boolean: Indicates whether this client is a first-party client.Defaults to true from the API
isTokenEndpointIpHeaderTrusted Boolean: Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to client_secret_post or client_secret_basic. Setting this property when creating the resource, will default the authentication method to client_secret_post. To change the authentication method to client_secret_basic use the auth0.ClientCredentials resource.
jwtConfigurations List<Property Map>: Configuration settings for the JWTs issued for this client.
logoUri String: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobiles List<Property Map>: Additional configuration for native mobile apps.
nativeSocialLogins List<Property Map>: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
oidcBackchannelLogoutUrls List<String>: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
oidcConformant Boolean: Indicates whether this client will conform to strict OIDC specifications.
oidcLogouts List<Property Map>: Configure OIDC logout for the Client
organizationRequireBehavior String: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default), pre_login_prompt or post_login_prompt.
organizationUsage String: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
refreshTokens List<Property Map>: Configuration settings for the refresh tokens issued for this client.
requireProofOfPossession Boolean: Makes the use of Proof-of-Possession mandatory for this client.
requirePushedAuthorizationRequests Boolean: Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it.
signedRequestObjects List<Property Map>: Configuration for JWT-secured Authorization Requests(JAR).
signingKeys List<Map<String>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
sso Boolean: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
ssoDisabled Boolean: Indicates whether or not SSO is disabled.
tokenEndpointAuthMethod String: The authentication method for the token endpoint. Results include none (public client without a client secret), client_secret_post (client uses HTTP POST parameters), client_secret_basic (client uses HTTP Basic), Managing a client's authentication method can be done via the auth0.ClientCredentials resource.
tokenExchanges List<Property Map>: Allows configuration for token exchange
webOrigins List<String>: URLs that represent valid web origins for use with web message response mode.
clientId String: The ID of the client. If not provided, name must be set.
name String: The name of the client. If not provided, client_id must be set.

Supporting Types

GetClientAddon

Aws List<GetClientAddonAw>: AWS Addon configuration.
AzureBlobs List<GetClientAddonAzureBlob>: Azure Blob Storage Addon configuration.
AzureSbs List<GetClientAddonAzureSb>: Azure Storage Bus Addon configuration.
Boxes List<GetClientAddonBox>: Box SSO indicator (no configuration settings needed for Box SSO).
Cloudbees List<GetClientAddonCloudbee>: CloudBees SSO indicator (no configuration settings needed for CloudBees SSO).
Concurs List<GetClientAddonConcur>: Concur SSO indicator (no configuration settings needed for Concur SSO).
Dropboxes List<GetClientAddonDropbox>: Dropbox SSO indicator (no configuration settings needed for Dropbox SSO).
Echosigns List<GetClientAddonEchosign>: Adobe EchoSign SSO configuration.
Egnytes List<GetClientAddonEgnyte>: Egnyte SSO configuration.
Firebases List<GetClientAddonFirebase>: Google Firebase addon configuration.
Layers List<GetClientAddonLayer>: Layer addon configuration.
Mscrms List<GetClientAddonMscrm>: Microsoft Dynamics CRM SSO configuration.
Newrelics List<GetClientAddonNewrelic>: New Relic SSO configuration.
Office365s List<GetClientAddonOffice365>: Microsoft Office 365 SSO configuration.
Rms List<GetClientAddonRm>: Active Directory Rights Management Service SSO configuration.
SalesforceApis List<GetClientAddonSalesforceApi>: Salesforce API addon configuration.
SalesforceSandboxApis List<GetClientAddonSalesforceSandboxApi>: Salesforce Sandbox addon configuration.
Salesforces List<GetClientAddonSalesforce>: Salesforce SSO configuration.
Samlps List<GetClientAddonSamlp>: Configuration settings for a SAML add-on.
SapApis List<GetClientAddonSapApi>: SAP API addon configuration.
Sentries List<GetClientAddonSentry>: Sentry SSO configuration.
Sharepoints List<GetClientAddonSharepoint>: SharePoint SSO configuration.
Slacks List<GetClientAddonSlack>: Slack team or workspace name usually first segment in your Slack URL, for example https://acme-org.slack.com would be acme-org.
Springcms List<GetClientAddonSpringcm>: SpringCM SSO configuration.
SsoIntegrations List<GetClientAddonSsoIntegration>: Generic SSO configuration.
Wams List<GetClientAddonWam>: Windows Azure Mobile Services addon configuration.
Wsfeds List<GetClientAddonWsfed>: WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and client_aliases properties on the client.
Zendesks List<GetClientAddonZendesk>: Zendesk SSO configuration.
Zooms List<GetClientAddonZoom>: Zoom SSO configuration.

Aws []GetClientAddonAw: AWS Addon configuration.
AzureBlobs []GetClientAddonAzureBlob: Azure Blob Storage Addon configuration.
AzureSbs []GetClientAddonAzureSb: Azure Storage Bus Addon configuration.
Boxes []GetClientAddonBox: Box SSO indicator (no configuration settings needed for Box SSO).
Cloudbees []GetClientAddonCloudbee: CloudBees SSO indicator (no configuration settings needed for CloudBees SSO).
Concurs []GetClientAddonConcur: Concur SSO indicator (no configuration settings needed for Concur SSO).
Dropboxes []GetClientAddonDropbox: Dropbox SSO indicator (no configuration settings needed for Dropbox SSO).
Echosigns []GetClientAddonEchosign: Adobe EchoSign SSO configuration.
Egnytes []GetClientAddonEgnyte: Egnyte SSO configuration.
Firebases []GetClientAddonFirebase: Google Firebase addon configuration.
Layers []GetClientAddonLayer: Layer addon configuration.
Mscrms []GetClientAddonMscrm: Microsoft Dynamics CRM SSO configuration.
Newrelics []GetClientAddonNewrelic: New Relic SSO configuration.
Office365s []GetClientAddonOffice365: Microsoft Office 365 SSO configuration.
Rms []GetClientAddonRm: Active Directory Rights Management Service SSO configuration.
SalesforceApis []GetClientAddonSalesforceApi: Salesforce API addon configuration.
SalesforceSandboxApis []GetClientAddonSalesforceSandboxApi: Salesforce Sandbox addon configuration.
Salesforces []GetClientAddonSalesforce: Salesforce SSO configuration.
Samlps []GetClientAddonSamlp: Configuration settings for a SAML add-on.
SapApis []GetClientAddonSapApi: SAP API addon configuration.
Sentries []GetClientAddonSentry: Sentry SSO configuration.
Sharepoints []GetClientAddonSharepoint: SharePoint SSO configuration.
Slacks []GetClientAddonSlack: Slack team or workspace name usually first segment in your Slack URL, for example https://acme-org.slack.com would be acme-org.
Springcms []GetClientAddonSpringcm: SpringCM SSO configuration.
SsoIntegrations []GetClientAddonSsoIntegration: Generic SSO configuration.
Wams []GetClientAddonWam: Windows Azure Mobile Services addon configuration.
Wsfeds []GetClientAddonWsfed: WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and client_aliases properties on the client.
Zendesks []GetClientAddonZendesk: Zendesk SSO configuration.
Zooms []GetClientAddonZoom: Zoom SSO configuration.

aws List<GetClientAddonAw>: AWS Addon configuration.
azureBlobs List<GetClientAddonAzureBlob>: Azure Blob Storage Addon configuration.
azureSbs List<GetClientAddonAzureSb>: Azure Storage Bus Addon configuration.
boxes List<GetClientAddonBox>: Box SSO indicator (no configuration settings needed for Box SSO).
cloudbees List<GetClientAddonCloudbee>: CloudBees SSO indicator (no configuration settings needed for CloudBees SSO).
concurs List<GetClientAddonConcur>: Concur SSO indicator (no configuration settings needed for Concur SSO).
dropboxes List<GetClientAddonDropbox>: Dropbox SSO indicator (no configuration settings needed for Dropbox SSO).
echosigns List<GetClientAddonEchosign>: Adobe EchoSign SSO configuration.
egnytes List<GetClientAddonEgnyte>: Egnyte SSO configuration.
firebases List<GetClientAddonFirebase>: Google Firebase addon configuration.
layers List<GetClientAddonLayer>: Layer addon configuration.
mscrms List<GetClientAddonMscrm>: Microsoft Dynamics CRM SSO configuration.
newrelics List<GetClientAddonNewrelic>: New Relic SSO configuration.
office365s List<GetClientAddonOffice365>: Microsoft Office 365 SSO configuration.
rms List<GetClientAddonRm>: Active Directory Rights Management Service SSO configuration.
salesforceApis List<GetClientAddonSalesforceApi>: Salesforce API addon configuration.
salesforceSandboxApis List<GetClientAddonSalesforceSandboxApi>: Salesforce Sandbox addon configuration.
salesforces List<GetClientAddonSalesforce>: Salesforce SSO configuration.
samlps List<GetClientAddonSamlp>: Configuration settings for a SAML add-on.
sapApis List<GetClientAddonSapApi>: SAP API addon configuration.
sentries List<GetClientAddonSentry>: Sentry SSO configuration.
sharepoints List<GetClientAddonSharepoint>: SharePoint SSO configuration.
slacks List<GetClientAddonSlack>: Slack team or workspace name usually first segment in your Slack URL, for example https://acme-org.slack.com would be acme-org.
springcms List<GetClientAddonSpringcm>: SpringCM SSO configuration.
ssoIntegrations List<GetClientAddonSsoIntegration>: Generic SSO configuration.
wams List<GetClientAddonWam>: Windows Azure Mobile Services addon configuration.
wsfeds List<GetClientAddonWsfed>: WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and client_aliases properties on the client.
zendesks List<GetClientAddonZendesk>: Zendesk SSO configuration.
zooms List<GetClientAddonZoom>: Zoom SSO configuration.

aws GetClientAddonAw[]: AWS Addon configuration.
azureBlobs GetClientAddonAzureBlob[]: Azure Blob Storage Addon configuration.
azureSbs GetClientAddonAzureSb[]: Azure Storage Bus Addon configuration.
boxes GetClientAddonBox[]: Box SSO indicator (no configuration settings needed for Box SSO).
cloudbees GetClientAddonCloudbee[]: CloudBees SSO indicator (no configuration settings needed for CloudBees SSO).
concurs GetClientAddonConcur[]: Concur SSO indicator (no configuration settings needed for Concur SSO).
dropboxes GetClientAddonDropbox[]: Dropbox SSO indicator (no configuration settings needed for Dropbox SSO).
echosigns GetClientAddonEchosign[]: Adobe EchoSign SSO configuration.
egnytes GetClientAddonEgnyte[]: Egnyte SSO configuration.
firebases GetClientAddonFirebase[]: Google Firebase addon configuration.
layers GetClientAddonLayer[]: Layer addon configuration.
mscrms GetClientAddonMscrm[]: Microsoft Dynamics CRM SSO configuration.
newrelics GetClientAddonNewrelic[]: New Relic SSO configuration.
office365s GetClientAddonOffice365[]: Microsoft Office 365 SSO configuration.
rms GetClientAddonRm[]: Active Directory Rights Management Service SSO configuration.
salesforceApis GetClientAddonSalesforceApi[]: Salesforce API addon configuration.
salesforceSandboxApis GetClientAddonSalesforceSandboxApi[]: Salesforce Sandbox addon configuration.
salesforces GetClientAddonSalesforce[]: Salesforce SSO configuration.
samlps GetClientAddonSamlp[]: Configuration settings for a SAML add-on.
sapApis GetClientAddonSapApi[]: SAP API addon configuration.
sentries GetClientAddonSentry[]: Sentry SSO configuration.
sharepoints GetClientAddonSharepoint[]: SharePoint SSO configuration.
slacks GetClientAddonSlack[]: Slack team or workspace name usually first segment in your Slack URL, for example https://acme-org.slack.com would be acme-org.
springcms GetClientAddonSpringcm[]: SpringCM SSO configuration.
ssoIntegrations GetClientAddonSsoIntegration[]: Generic SSO configuration.
wams GetClientAddonWam[]: Windows Azure Mobile Services addon configuration.
wsfeds GetClientAddonWsfed[]: WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and client_aliases properties on the client.
zendesks GetClientAddonZendesk[]: Zendesk SSO configuration.
zooms GetClientAddonZoom[]: Zoom SSO configuration.

aws Sequence[GetClientAddonAw]: AWS Addon configuration.
azure_blobs Sequence[GetClientAddonAzureBlob]: Azure Blob Storage Addon configuration.
azure_sbs Sequence[GetClientAddonAzureSb]: Azure Storage Bus Addon configuration.
boxes Sequence[GetClientAddonBox]: Box SSO indicator (no configuration settings needed for Box SSO).
cloudbees Sequence[GetClientAddonCloudbee]: CloudBees SSO indicator (no configuration settings needed for CloudBees SSO).
concurs Sequence[GetClientAddonConcur]: Concur SSO indicator (no configuration settings needed for Concur SSO).
dropboxes Sequence[GetClientAddonDropbox]: Dropbox SSO indicator (no configuration settings needed for Dropbox SSO).
echosigns Sequence[GetClientAddonEchosign]: Adobe EchoSign SSO configuration.
egnytes Sequence[GetClientAddonEgnyte]: Egnyte SSO configuration.
firebases Sequence[GetClientAddonFirebase]: Google Firebase addon configuration.
layers Sequence[GetClientAddonLayer]: Layer addon configuration.
mscrms Sequence[GetClientAddonMscrm]: Microsoft Dynamics CRM SSO configuration.
newrelics Sequence[GetClientAddonNewrelic]: New Relic SSO configuration.
office365s Sequence[GetClientAddonOffice365]: Microsoft Office 365 SSO configuration.
rms Sequence[GetClientAddonRm]: Active Directory Rights Management Service SSO configuration.
salesforce_apis Sequence[GetClientAddonSalesforceApi]: Salesforce API addon configuration.
salesforce_sandbox_apis Sequence[GetClientAddonSalesforceSandboxApi]: Salesforce Sandbox addon configuration.
salesforces Sequence[GetClientAddonSalesforce]: Salesforce SSO configuration.
samlps Sequence[GetClientAddonSamlp]: Configuration settings for a SAML add-on.
sap_apis Sequence[GetClientAddonSapApi]: SAP API addon configuration.
sentries Sequence[GetClientAddonSentry]: Sentry SSO configuration.
sharepoints Sequence[GetClientAddonSharepoint]: SharePoint SSO configuration.
slacks Sequence[GetClientAddonSlack]: Slack team or workspace name usually first segment in your Slack URL, for example https://acme-org.slack.com would be acme-org.
springcms Sequence[GetClientAddonSpringcm]: SpringCM SSO configuration.
sso_integrations Sequence[GetClientAddonSsoIntegration]: Generic SSO configuration.
wams Sequence[GetClientAddonWam]: Windows Azure Mobile Services addon configuration.
wsfeds Sequence[GetClientAddonWsfed]: WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and client_aliases properties on the client.
zendesks Sequence[GetClientAddonZendesk]: Zendesk SSO configuration.
zooms Sequence[GetClientAddonZoom]: Zoom SSO configuration.

aws List<Property Map>: AWS Addon configuration.
azureBlobs List<Property Map>: Azure Blob Storage Addon configuration.
azureSbs List<Property Map>: Azure Storage Bus Addon configuration.
boxes List<Property Map>: Box SSO indicator (no configuration settings needed for Box SSO).
cloudbees List<Property Map>: CloudBees SSO indicator (no configuration settings needed for CloudBees SSO).
concurs List<Property Map>: Concur SSO indicator (no configuration settings needed for Concur SSO).
dropboxes List<Property Map>: Dropbox SSO indicator (no configuration settings needed for Dropbox SSO).
echosigns List<Property Map>: Adobe EchoSign SSO configuration.
egnytes List<Property Map>: Egnyte SSO configuration.
firebases List<Property Map>: Google Firebase addon configuration.
layers List<Property Map>: Layer addon configuration.
mscrms List<Property Map>: Microsoft Dynamics CRM SSO configuration.
newrelics List<Property Map>: New Relic SSO configuration.
office365s List<Property Map>: Microsoft Office 365 SSO configuration.
rms List<Property Map>: Active Directory Rights Management Service SSO configuration.
salesforceApis List<Property Map>: Salesforce API addon configuration.
salesforceSandboxApis List<Property Map>: Salesforce Sandbox addon configuration.
salesforces List<Property Map>: Salesforce SSO configuration.
samlps List<Property Map>: Configuration settings for a SAML add-on.
sapApis List<Property Map>: SAP API addon configuration.
sentries List<Property Map>: Sentry SSO configuration.
sharepoints List<Property Map>: SharePoint SSO configuration.
slacks List<Property Map>: Slack team or workspace name usually first segment in your Slack URL, for example https://acme-org.slack.com would be acme-org.
springcms List<Property Map>: SpringCM SSO configuration.
ssoIntegrations List<Property Map>: Generic SSO configuration.
wams List<Property Map>: Windows Azure Mobile Services addon configuration.
wsfeds List<Property Map>: WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and client_aliases properties on the client.
zendesks List<Property Map>: Zendesk SSO configuration.
zooms List<Property Map>: Zoom SSO configuration.

GetClientAddonAw

LifetimeInSeconds int: AWS token lifetime in seconds.
Principal string: AWS principal ARN, for example arn:aws:iam::010616021751:saml-provider/idpname.
Role string: AWS role ARN, for example arn:aws:iam::010616021751:role/foo.

LifetimeInSeconds int: AWS token lifetime in seconds.
Principal string: AWS principal ARN, for example arn:aws:iam::010616021751:saml-provider/idpname.
Role string: AWS role ARN, for example arn:aws:iam::010616021751:role/foo.

lifetimeInSeconds Integer: AWS token lifetime in seconds.
principal String: AWS principal ARN, for example arn:aws:iam::010616021751:saml-provider/idpname.
role String: AWS role ARN, for example arn:aws:iam::010616021751:role/foo.

lifetimeInSeconds number: AWS token lifetime in seconds.
principal string: AWS principal ARN, for example arn:aws:iam::010616021751:saml-provider/idpname.
role string: AWS role ARN, for example arn:aws:iam::010616021751:role/foo.

lifetime_in_seconds int: AWS token lifetime in seconds.
principal str: AWS principal ARN, for example arn:aws:iam::010616021751:saml-provider/idpname.
role str: AWS role ARN, for example arn:aws:iam::010616021751:role/foo.

lifetimeInSeconds Number: AWS token lifetime in seconds.
principal String: AWS principal ARN, for example arn:aws:iam::010616021751:saml-provider/idpname.
role String: AWS role ARN, for example arn:aws:iam::010616021751:role/foo.

GetClientAddonAzureBlob

AccountName string: Your Azure storage account name. Usually first segment in your Azure storage URL, for example https://acme-org.blob.core.windows.net would be the account name acme-org.
BlobDelete bool: Indicates if the issued token has permission to delete the blob.
BlobName string: Entity to request a token for, such as my-blob. If blank the computed SAS will apply to the entire storage container.
BlobRead bool: Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
BlobWrite bool: Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
ContainerDelete bool: Indicates if issued token has permission to delete any blob in the container.
ContainerList bool: Indicates if the issued token has permission to list blobs in the container.
ContainerName string: Container to request a token for, such as my-container.
ContainerRead bool: Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
ContainerWrite bool: Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
Expiration int: Expiration in minutes for the generated token (default of 5 minutes).
SignedIdentifier string: Shared access policy identifier defined in your storage account resource.
StorageAccessKey string: Access key associated with this storage account.

AccountName string: Your Azure storage account name. Usually first segment in your Azure storage URL, for example https://acme-org.blob.core.windows.net would be the account name acme-org.
BlobDelete bool: Indicates if the issued token has permission to delete the blob.
BlobName string: Entity to request a token for, such as my-blob. If blank the computed SAS will apply to the entire storage container.
BlobRead bool: Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
BlobWrite bool: Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
ContainerDelete bool: Indicates if issued token has permission to delete any blob in the container.
ContainerList bool: Indicates if the issued token has permission to list blobs in the container.
ContainerName string: Container to request a token for, such as my-container.
ContainerRead bool: Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
ContainerWrite bool: Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
Expiration int: Expiration in minutes for the generated token (default of 5 minutes).
SignedIdentifier string: Shared access policy identifier defined in your storage account resource.
StorageAccessKey string: Access key associated with this storage account.

accountName String: Your Azure storage account name. Usually first segment in your Azure storage URL, for example https://acme-org.blob.core.windows.net would be the account name acme-org.
blobDelete Boolean: Indicates if the issued token has permission to delete the blob.
blobName String: Entity to request a token for, such as my-blob. If blank the computed SAS will apply to the entire storage container.
blobRead Boolean: Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
blobWrite Boolean: Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
containerDelete Boolean: Indicates if issued token has permission to delete any blob in the container.
containerList Boolean: Indicates if the issued token has permission to list blobs in the container.
containerName String: Container to request a token for, such as my-container.
containerRead Boolean: Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
containerWrite Boolean: Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
expiration Integer: Expiration in minutes for the generated token (default of 5 minutes).
signedIdentifier String: Shared access policy identifier defined in your storage account resource.
storageAccessKey String: Access key associated with this storage account.

accountName string: Your Azure storage account name. Usually first segment in your Azure storage URL, for example https://acme-org.blob.core.windows.net would be the account name acme-org.
blobDelete boolean: Indicates if the issued token has permission to delete the blob.
blobName string: Entity to request a token for, such as my-blob. If blank the computed SAS will apply to the entire storage container.
blobRead boolean: Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
blobWrite boolean: Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
containerDelete boolean: Indicates if issued token has permission to delete any blob in the container.
containerList boolean: Indicates if the issued token has permission to list blobs in the container.
containerName string: Container to request a token for, such as my-container.
containerRead boolean: Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
containerWrite boolean: Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
expiration number: Expiration in minutes for the generated token (default of 5 minutes).
signedIdentifier string: Shared access policy identifier defined in your storage account resource.
storageAccessKey string: Access key associated with this storage account.

account_name str: Your Azure storage account name. Usually first segment in your Azure storage URL, for example https://acme-org.blob.core.windows.net would be the account name acme-org.
blob_delete bool: Indicates if the issued token has permission to delete the blob.
blob_name str: Entity to request a token for, such as my-blob. If blank the computed SAS will apply to the entire storage container.
blob_read bool: Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
blob_write bool: Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
container_delete bool: Indicates if issued token has permission to delete any blob in the container.
container_list bool: Indicates if the issued token has permission to list blobs in the container.
container_name str: Container to request a token for, such as my-container.
container_read bool: Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
container_write bool: Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
expiration int: Expiration in minutes for the generated token (default of 5 minutes).
signed_identifier str: Shared access policy identifier defined in your storage account resource.
storage_access_key str: Access key associated with this storage account.

accountName String: Your Azure storage account name. Usually first segment in your Azure storage URL, for example https://acme-org.blob.core.windows.net would be the account name acme-org.
blobDelete Boolean: Indicates if the issued token has permission to delete the blob.
blobName String: Entity to request a token for, such as my-blob. If blank the computed SAS will apply to the entire storage container.
blobRead Boolean: Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
blobWrite Boolean: Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
containerDelete Boolean: Indicates if issued token has permission to delete any blob in the container.
containerList Boolean: Indicates if the issued token has permission to list blobs in the container.
containerName String: Container to request a token for, such as my-container.
containerRead Boolean: Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation.
containerWrite Boolean: Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
expiration Number: Expiration in minutes for the generated token (default of 5 minutes).
signedIdentifier String: Shared access policy identifier defined in your storage account resource.
storageAccessKey String: Access key associated with this storage account.

GetClientAddonAzureSb

EntityPath string: Entity you want to request a token for, such as my-queue.
Expiration int: Optional expiration in minutes for the generated token. Defaults to 5 minutes.
Namespace string: Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (for example https://acme-org.servicebus.windows.net would be acme-org).
SasKey string: Primary Key associated with your shared access policy.
SasKeyName string: Your shared access policy name defined in your Service Bus entity.

EntityPath string: Entity you want to request a token for, such as my-queue.
Expiration int: Optional expiration in minutes for the generated token. Defaults to 5 minutes.
Namespace string: Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (for example https://acme-org.servicebus.windows.net would be acme-org).
SasKey string: Primary Key associated with your shared access policy.
SasKeyName string: Your shared access policy name defined in your Service Bus entity.

entityPath String: Entity you want to request a token for, such as my-queue.
expiration Integer: Optional expiration in minutes for the generated token. Defaults to 5 minutes.
namespace String: Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (for example https://acme-org.servicebus.windows.net would be acme-org).
sasKey String: Primary Key associated with your shared access policy.
sasKeyName String: Your shared access policy name defined in your Service Bus entity.

entityPath string: Entity you want to request a token for, such as my-queue.
expiration number: Optional expiration in minutes for the generated token. Defaults to 5 minutes.
namespace string: Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (for example https://acme-org.servicebus.windows.net would be acme-org).
sasKey string: Primary Key associated with your shared access policy.
sasKeyName string: Your shared access policy name defined in your Service Bus entity.

entity_path str: Entity you want to request a token for, such as my-queue.
expiration int: Optional expiration in minutes for the generated token. Defaults to 5 minutes.
namespace str: Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (for example https://acme-org.servicebus.windows.net would be acme-org).
sas_key str: Primary Key associated with your shared access policy.
sas_key_name str: Your shared access policy name defined in your Service Bus entity.

entityPath String: Entity you want to request a token for, such as my-queue.
expiration Number: Optional expiration in minutes for the generated token. Defaults to 5 minutes.
namespace String: Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (for example https://acme-org.servicebus.windows.net would be acme-org).
sasKey String: Primary Key associated with your shared access policy.
sasKeyName String: Your shared access policy name defined in your Service Bus entity.

GetClientAddonEchosign

Domain string: Your custom domain found in your EchoSign URL, for example https://acme-org.echosign.com would be acme-org.

Domain string: Your custom domain found in your EchoSign URL, for example https://acme-org.echosign.com would be acme-org.

domain String: Your custom domain found in your EchoSign URL, for example https://acme-org.echosign.com would be acme-org.

domain string: Your custom domain found in your EchoSign URL, for example https://acme-org.echosign.com would be acme-org.

domain str: Your custom domain found in your EchoSign URL, for example https://acme-org.echosign.com would be acme-org.

domain String: Your custom domain found in your EchoSign URL, for example https://acme-org.echosign.com would be acme-org.

GetClientAddonEgnyte

Domain string: Your custom domain found in your Egnyte URL, for example https://acme-org.echosign.com would be acme-org.

Domain string: Your custom domain found in your Egnyte URL, for example https://acme-org.echosign.com would be acme-org.

domain String: Your custom domain found in your Egnyte URL, for example https://acme-org.echosign.com would be acme-org.

domain string: Your custom domain found in your Egnyte URL, for example https://acme-org.echosign.com would be acme-org.

domain str: Your custom domain found in your Egnyte URL, for example https://acme-org.echosign.com would be acme-org.

domain String: Your custom domain found in your Egnyte URL, for example https://acme-org.echosign.com would be acme-org.

GetClientAddonFirebase

ClientEmail string: ID of the Service Account you have created (shown as client_email in the generated JSON file, SDK v3+ tokens only).
LifetimeInSeconds int: Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only).
PrivateKey string: Private Key for signing the token (SDK v3+ tokens only).
PrivateKeyId string: Optional ID of the private key to obtain the kid header claim from the issued token (SDK v3+ tokens only).
Secret string: Google Firebase Secret. (SDK v2 only).

ClientEmail string: ID of the Service Account you have created (shown as client_email in the generated JSON file, SDK v3+ tokens only).
LifetimeInSeconds int: Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only).
PrivateKey string: Private Key for signing the token (SDK v3+ tokens only).
PrivateKeyId string: Optional ID of the private key to obtain the kid header claim from the issued token (SDK v3+ tokens only).
Secret string: Google Firebase Secret. (SDK v2 only).

clientEmail String: ID of the Service Account you have created (shown as client_email in the generated JSON file, SDK v3+ tokens only).
lifetimeInSeconds Integer: Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only).
privateKey String: Private Key for signing the token (SDK v3+ tokens only).
privateKeyId String: Optional ID of the private key to obtain the kid header claim from the issued token (SDK v3+ tokens only).
secret String: Google Firebase Secret. (SDK v2 only).

clientEmail string: ID of the Service Account you have created (shown as client_email in the generated JSON file, SDK v3+ tokens only).
lifetimeInSeconds number: Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only).
privateKey string: Private Key for signing the token (SDK v3+ tokens only).
privateKeyId string: Optional ID of the private key to obtain the kid header claim from the issued token (SDK v3+ tokens only).
secret string: Google Firebase Secret. (SDK v2 only).

client_email str: ID of the Service Account you have created (shown as client_email in the generated JSON file, SDK v3+ tokens only).
lifetime_in_seconds int: Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only).
private_key str: Private Key for signing the token (SDK v3+ tokens only).
private_key_id str: Optional ID of the private key to obtain the kid header claim from the issued token (SDK v3+ tokens only).
secret str: Google Firebase Secret. (SDK v2 only).

clientEmail String: ID of the Service Account you have created (shown as client_email in the generated JSON file, SDK v3+ tokens only).
lifetimeInSeconds Number: Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only).
privateKey String: Private Key for signing the token (SDK v3+ tokens only).
privateKeyId String: Optional ID of the private key to obtain the kid header claim from the issued token (SDK v3+ tokens only).
secret String: Google Firebase Secret. (SDK v2 only).

GetClientAddonLayer

Expiration int: Optional expiration in minutes for the generated token. Defaults to 5 minutes.
KeyId string: Authentication Key identifier used to sign the Layer token.
Principal string: Name of the property used as the unique user ID in Layer. If not specified user_id is used.
PrivateKey string: Private key for signing the Layer token.
ProviderId string: Provider ID of your Layer account.

Expiration int: Optional expiration in minutes for the generated token. Defaults to 5 minutes.
KeyId string: Authentication Key identifier used to sign the Layer token.
Principal string: Name of the property used as the unique user ID in Layer. If not specified user_id is used.
PrivateKey string: Private key for signing the Layer token.
ProviderId string: Provider ID of your Layer account.

expiration Integer: Optional expiration in minutes for the generated token. Defaults to 5 minutes.
keyId String: Authentication Key identifier used to sign the Layer token.
principal String: Name of the property used as the unique user ID in Layer. If not specified user_id is used.
privateKey String: Private key for signing the Layer token.
providerId String: Provider ID of your Layer account.

expiration number: Optional expiration in minutes for the generated token. Defaults to 5 minutes.
keyId string: Authentication Key identifier used to sign the Layer token.
principal string: Name of the property used as the unique user ID in Layer. If not specified user_id is used.
privateKey string: Private key for signing the Layer token.
providerId string: Provider ID of your Layer account.

expiration int: Optional expiration in minutes for the generated token. Defaults to 5 minutes.
key_id str: Authentication Key identifier used to sign the Layer token.
principal str: Name of the property used as the unique user ID in Layer. If not specified user_id is used.
private_key str: Private key for signing the Layer token.
provider_id str: Provider ID of your Layer account.

expiration Number: Optional expiration in minutes for the generated token. Defaults to 5 minutes.
keyId String: Authentication Key identifier used to sign the Layer token.
principal String: Name of the property used as the unique user ID in Layer. If not specified user_id is used.
privateKey String: Private key for signing the Layer token.
providerId String: Provider ID of your Layer account.

GetClientAddonMscrm

Url string: Microsoft Dynamics CRM application URL.

Url string: Microsoft Dynamics CRM application URL.

url String: Microsoft Dynamics CRM application URL.

url string: Microsoft Dynamics CRM application URL.

url str: Microsoft Dynamics CRM application URL.

url String: Microsoft Dynamics CRM application URL.

GetClientAddonNewrelic

Account string: Your New Relic Account ID found in your New Relic URL after the /accounts/ path, for example https://rpm.newrelic.com/accounts/123456/query would be 123456.

Account string: Your New Relic Account ID found in your New Relic URL after the /accounts/ path, for example https://rpm.newrelic.com/accounts/123456/query would be 123456.

account String: Your New Relic Account ID found in your New Relic URL after the /accounts/ path, for example https://rpm.newrelic.com/accounts/123456/query would be 123456.

account string: Your New Relic Account ID found in your New Relic URL after the /accounts/ path, for example https://rpm.newrelic.com/accounts/123456/query would be 123456.

account str: Your New Relic Account ID found in your New Relic URL after the /accounts/ path, for example https://rpm.newrelic.com/accounts/123456/query would be 123456.

account String: Your New Relic Account ID found in your New Relic URL after the /accounts/ path, for example https://rpm.newrelic.com/accounts/123456/query would be 123456.

GetClientAddonOffice365

Connection string: Optional Auth0 database connection for testing an already-configured Office 365 tenant.
Domain string: Your Office 365 domain name, for example acme-org.com.

Connection string: Optional Auth0 database connection for testing an already-configured Office 365 tenant.
Domain string: Your Office 365 domain name, for example acme-org.com.

connection String: Optional Auth0 database connection for testing an already-configured Office 365 tenant.
domain String: Your Office 365 domain name, for example acme-org.com.

connection string: Optional Auth0 database connection for testing an already-configured Office 365 tenant.
domain string: Your Office 365 domain name, for example acme-org.com.

connection str: Optional Auth0 database connection for testing an already-configured Office 365 tenant.
domain str: Your Office 365 domain name, for example acme-org.com.

connection String: Optional Auth0 database connection for testing an already-configured Office 365 tenant.
domain String: Your Office 365 domain name, for example acme-org.com.

GetClientAddonRm

Url string: URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it.

Url string: URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it.

url String: URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it.

url string: URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it.

url str: URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it.

url String: URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it.

GetClientAddonSalesforce

EntityId string: Arbitrary logical URL that identifies the Saleforce resource, for example https://acme-org.com.

EntityId string: Arbitrary logical URL that identifies the Saleforce resource, for example https://acme-org.com.

entityId String: Arbitrary logical URL that identifies the Saleforce resource, for example https://acme-org.com.

entityId string: Arbitrary logical URL that identifies the Saleforce resource, for example https://acme-org.com.

entity_id str: Arbitrary logical URL that identifies the Saleforce resource, for example https://acme-org.com.

entityId String: Arbitrary logical URL that identifies the Saleforce resource, for example https://acme-org.com.

GetClientAddonSalesforceApi

ClientId string: Consumer Key assigned by Salesforce to the Connected App.
CommunityName string: Community name.
CommunityUrlSection string: Community URL section.
Principal string: Name of the property in the user object that maps to a Salesforce username, for example email.

ClientId string: Consumer Key assigned by Salesforce to the Connected App.
CommunityName string: Community name.
CommunityUrlSection string: Community URL section.
Principal string: Name of the property in the user object that maps to a Salesforce username, for example email.

clientId String: Consumer Key assigned by Salesforce to the Connected App.
communityName String: Community name.
communityUrlSection String: Community URL section.
principal String: Name of the property in the user object that maps to a Salesforce username, for example email.

clientId string: Consumer Key assigned by Salesforce to the Connected App.
communityName string: Community name.
communityUrlSection string: Community URL section.
principal string: Name of the property in the user object that maps to a Salesforce username, for example email.

client_id str: Consumer Key assigned by Salesforce to the Connected App.
community_name str: Community name.
community_url_section str: Community URL section.
principal str: Name of the property in the user object that maps to a Salesforce username, for example email.

clientId String: Consumer Key assigned by Salesforce to the Connected App.
communityName String: Community name.
communityUrlSection String: Community URL section.
principal String: Name of the property in the user object that maps to a Salesforce username, for example email.

GetClientAddonSalesforceSandboxApi

ClientId string: Consumer Key assigned by Salesforce to the Connected App.
CommunityName string: Community name.
CommunityUrlSection string: Community URL section.
Principal string: Name of the property in the user object that maps to a Salesforce username, for example email.

ClientId string: Consumer Key assigned by Salesforce to the Connected App.
CommunityName string: Community name.
CommunityUrlSection string: Community URL section.
Principal string: Name of the property in the user object that maps to a Salesforce username, for example email.

clientId String: Consumer Key assigned by Salesforce to the Connected App.
communityName String: Community name.
communityUrlSection String: Community URL section.
principal String: Name of the property in the user object that maps to a Salesforce username, for example email.

clientId string: Consumer Key assigned by Salesforce to the Connected App.
communityName string: Community name.
communityUrlSection string: Community URL section.
principal string: Name of the property in the user object that maps to a Salesforce username, for example email.

client_id str: Consumer Key assigned by Salesforce to the Connected App.
community_name str: Community name.
community_url_section str: Community URL section.
principal str: Name of the property in the user object that maps to a Salesforce username, for example email.

clientId String: Consumer Key assigned by Salesforce to the Connected App.
communityName String: Community name.
communityUrlSection String: Community URL section.
principal String: Name of the property in the user object that maps to a Salesforce username, for example email.

GetClientAddonSamlp

Audience string: Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
AuthnContextClassRef string: Class reference of the authentication context.
Binding string: Protocol binding used for SAML logout responses.
CreateUpnClaim bool: Indicates whether a UPN claim should be created. Defaults to true.
Destination string: Destination of the SAML Response. If not specified, it will be AssertionConsumerUrl of SAMLRequest or callback URL if there was no SAMLRequest.
DigestAlgorithm string: Algorithm used to calculate the digest of the SAML Assertion or response. Options include sha1 and sha256. Defaults to sha1.
IncludeAttributeNameFormat bool: Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion. Defaults to true.
Issuer string: Issuer of the SAML Assertion.
LifetimeInSeconds int: Number of seconds during which the token is valid. Defaults to 3600 seconds.
Logouts List<GetClientAddonSamlpLogout>: Configuration settings for logout.
MapIdentities bool: Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. Defaults to true.
MapUnknownClaimsAsIs bool: Indicates whether to add a prefix of http://schema.auth0.com to any claims that are not mapped to the common profile when passed through in the output assertion. Defaults to false.
Mappings Dictionary<string, string>: Mappings between the Auth0 user profile property name (name) and the output attributes on the SAML attribute in the assertion (value).
NameIdentifierFormat string: Format of the name identifier. Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
NameIdentifierProbes List<string>: Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
PassthroughClaimsWithNoMapping bool: Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion. Defaults to true.
Recipient string: Recipient of the SAML Assertion (SubjectConfirmationData). Default is AssertionConsumerUrl on SAMLRequest or callback URL if no SAMLRequest was sent.
SignResponse bool: Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
SignatureAlgorithm string: Algorithm used to sign the SAML Assertion or response. Options include rsa-sha1 and rsa-sha256. Defaults to rsa-sha1.
SigningCert string: Optionally indicates the public key certificate used to validate SAML requests. If set, SAML requests will be required to be signed. A sample value would be -----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n.
TypedAttributes bool: Indicates whether or not we should infer the xs:type of the element. Types include xs:string, xs:boolean, xs:double, and xs:anyType. When set to false, all xs:type are xs:anyType. Defaults to true.

Audience string: Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
AuthnContextClassRef string: Class reference of the authentication context.
Binding string: Protocol binding used for SAML logout responses.
CreateUpnClaim bool: Indicates whether a UPN claim should be created. Defaults to true.
Destination string: Destination of the SAML Response. If not specified, it will be AssertionConsumerUrl of SAMLRequest or callback URL if there was no SAMLRequest.
DigestAlgorithm string: Algorithm used to calculate the digest of the SAML Assertion or response. Options include sha1 and sha256. Defaults to sha1.
IncludeAttributeNameFormat bool: Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion. Defaults to true.
Issuer string: Issuer of the SAML Assertion.
LifetimeInSeconds int: Number of seconds during which the token is valid. Defaults to 3600 seconds.
Logouts []GetClientAddonSamlpLogout: Configuration settings for logout.
MapIdentities bool: Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. Defaults to true.
MapUnknownClaimsAsIs bool: Indicates whether to add a prefix of http://schema.auth0.com to any claims that are not mapped to the common profile when passed through in the output assertion. Defaults to false.
Mappings map[string]string: Mappings between the Auth0 user profile property name (name) and the output attributes on the SAML attribute in the assertion (value).
NameIdentifierFormat string: Format of the name identifier. Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
NameIdentifierProbes []string: Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
PassthroughClaimsWithNoMapping bool: Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion. Defaults to true.
Recipient string: Recipient of the SAML Assertion (SubjectConfirmationData). Default is AssertionConsumerUrl on SAMLRequest or callback URL if no SAMLRequest was sent.
SignResponse bool: Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
SignatureAlgorithm string: Algorithm used to sign the SAML Assertion or response. Options include rsa-sha1 and rsa-sha256. Defaults to rsa-sha1.
SigningCert string: Optionally indicates the public key certificate used to validate SAML requests. If set, SAML requests will be required to be signed. A sample value would be -----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n.
TypedAttributes bool: Indicates whether or not we should infer the xs:type of the element. Types include xs:string, xs:boolean, xs:double, and xs:anyType. When set to false, all xs:type are xs:anyType. Defaults to true.

audience String: Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
authnContextClassRef String: Class reference of the authentication context.
binding String: Protocol binding used for SAML logout responses.
createUpnClaim Boolean: Indicates whether a UPN claim should be created. Defaults to true.
destination String: Destination of the SAML Response. If not specified, it will be AssertionConsumerUrl of SAMLRequest or callback URL if there was no SAMLRequest.
digestAlgorithm String: Algorithm used to calculate the digest of the SAML Assertion or response. Options include sha1 and sha256. Defaults to sha1.
includeAttributeNameFormat Boolean: Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion. Defaults to true.
issuer String: Issuer of the SAML Assertion.
lifetimeInSeconds Integer: Number of seconds during which the token is valid. Defaults to 3600 seconds.
logouts List<GetClientAddonSamlpLogout>: Configuration settings for logout.
mapIdentities Boolean: Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. Defaults to true.
mapUnknownClaimsAsIs Boolean: Indicates whether to add a prefix of http://schema.auth0.com to any claims that are not mapped to the common profile when passed through in the output assertion. Defaults to false.
mappings Map<String,String>: Mappings between the Auth0 user profile property name (name) and the output attributes on the SAML attribute in the assertion (value).
nameIdentifierFormat String: Format of the name identifier. Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
nameIdentifierProbes List<String>: Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
passthroughClaimsWithNoMapping Boolean: Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion. Defaults to true.
recipient String: Recipient of the SAML Assertion (SubjectConfirmationData). Default is AssertionConsumerUrl on SAMLRequest or callback URL if no SAMLRequest was sent.
signResponse Boolean: Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
signatureAlgorithm String: Algorithm used to sign the SAML Assertion or response. Options include rsa-sha1 and rsa-sha256. Defaults to rsa-sha1.
signingCert String: Optionally indicates the public key certificate used to validate SAML requests. If set, SAML requests will be required to be signed. A sample value would be -----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n.
typedAttributes Boolean: Indicates whether or not we should infer the xs:type of the element. Types include xs:string, xs:boolean, xs:double, and xs:anyType. When set to false, all xs:type are xs:anyType. Defaults to true.

audience string: Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
authnContextClassRef string: Class reference of the authentication context.
binding string: Protocol binding used for SAML logout responses.
createUpnClaim boolean: Indicates whether a UPN claim should be created. Defaults to true.
destination string: Destination of the SAML Response. If not specified, it will be AssertionConsumerUrl of SAMLRequest or callback URL if there was no SAMLRequest.
digestAlgorithm string: Algorithm used to calculate the digest of the SAML Assertion or response. Options include sha1 and sha256. Defaults to sha1.
includeAttributeNameFormat boolean: Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion. Defaults to true.
issuer string: Issuer of the SAML Assertion.
lifetimeInSeconds number: Number of seconds during which the token is valid. Defaults to 3600 seconds.
logouts GetClientAddonSamlpLogout[]: Configuration settings for logout.
mapIdentities boolean: Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. Defaults to true.
mapUnknownClaimsAsIs boolean: Indicates whether to add a prefix of http://schema.auth0.com to any claims that are not mapped to the common profile when passed through in the output assertion. Defaults to false.
mappings {[key: string]: string}: Mappings between the Auth0 user profile property name (name) and the output attributes on the SAML attribute in the assertion (value).
nameIdentifierFormat string: Format of the name identifier. Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
nameIdentifierProbes string[]: Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
passthroughClaimsWithNoMapping boolean: Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion. Defaults to true.
recipient string: Recipient of the SAML Assertion (SubjectConfirmationData). Default is AssertionConsumerUrl on SAMLRequest or callback URL if no SAMLRequest was sent.
signResponse boolean: Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
signatureAlgorithm string: Algorithm used to sign the SAML Assertion or response. Options include rsa-sha1 and rsa-sha256. Defaults to rsa-sha1.
signingCert string: Optionally indicates the public key certificate used to validate SAML requests. If set, SAML requests will be required to be signed. A sample value would be -----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n.
typedAttributes boolean: Indicates whether or not we should infer the xs:type of the element. Types include xs:string, xs:boolean, xs:double, and xs:anyType. When set to false, all xs:type are xs:anyType. Defaults to true.

audience str: Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
authn_context_class_ref str: Class reference of the authentication context.
binding str: Protocol binding used for SAML logout responses.
create_upn_claim bool: Indicates whether a UPN claim should be created. Defaults to true.
destination str: Destination of the SAML Response. If not specified, it will be AssertionConsumerUrl of SAMLRequest or callback URL if there was no SAMLRequest.
digest_algorithm str: Algorithm used to calculate the digest of the SAML Assertion or response. Options include sha1 and sha256. Defaults to sha1.
include_attribute_name_format bool: Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion. Defaults to true.
issuer str: Issuer of the SAML Assertion.
lifetime_in_seconds int: Number of seconds during which the token is valid. Defaults to 3600 seconds.
logouts Sequence[GetClientAddonSamlpLogout]: Configuration settings for logout.
map_identities bool: Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. Defaults to true.
map_unknown_claims_as_is bool: Indicates whether to add a prefix of http://schema.auth0.com to any claims that are not mapped to the common profile when passed through in the output assertion. Defaults to false.
mappings Mapping[str, str]: Mappings between the Auth0 user profile property name (name) and the output attributes on the SAML attribute in the assertion (value).
name_identifier_format str: Format of the name identifier. Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
name_identifier_probes Sequence[str]: Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
passthrough_claims_with_no_mapping bool: Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion. Defaults to true.
recipient str: Recipient of the SAML Assertion (SubjectConfirmationData). Default is AssertionConsumerUrl on SAMLRequest or callback URL if no SAMLRequest was sent.
sign_response bool: Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
signature_algorithm str: Algorithm used to sign the SAML Assertion or response. Options include rsa-sha1 and rsa-sha256. Defaults to rsa-sha1.
signing_cert str: Optionally indicates the public key certificate used to validate SAML requests. If set, SAML requests will be required to be signed. A sample value would be -----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n.
typed_attributes bool: Indicates whether or not we should infer the xs:type of the element. Types include xs:string, xs:boolean, xs:double, and xs:anyType. When set to false, all xs:type are xs:anyType. Defaults to true.

audience String: Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
authnContextClassRef String: Class reference of the authentication context.
binding String: Protocol binding used for SAML logout responses.
createUpnClaim Boolean: Indicates whether a UPN claim should be created. Defaults to true.
destination String: Destination of the SAML Response. If not specified, it will be AssertionConsumerUrl of SAMLRequest or callback URL if there was no SAMLRequest.
digestAlgorithm String: Algorithm used to calculate the digest of the SAML Assertion or response. Options include sha1 and sha256. Defaults to sha1.
includeAttributeNameFormat Boolean: Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion. Defaults to true.
issuer String: Issuer of the SAML Assertion.
lifetimeInSeconds Number: Number of seconds during which the token is valid. Defaults to 3600 seconds.
logouts List<Property Map>: Configuration settings for logout.
mapIdentities Boolean: Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available. Defaults to true.
mapUnknownClaimsAsIs Boolean: Indicates whether to add a prefix of http://schema.auth0.com to any claims that are not mapped to the common profile when passed through in the output assertion. Defaults to false.
mappings Map<String>: Mappings between the Auth0 user profile property name (name) and the output attributes on the SAML attribute in the assertion (value).
nameIdentifierFormat String: Format of the name identifier. Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
nameIdentifierProbes List<String>: Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
passthroughClaimsWithNoMapping Boolean: Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion. Defaults to true.
recipient String: Recipient of the SAML Assertion (SubjectConfirmationData). Default is AssertionConsumerUrl on SAMLRequest or callback URL if no SAMLRequest was sent.
signResponse Boolean: Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
signatureAlgorithm String: Algorithm used to sign the SAML Assertion or response. Options include rsa-sha1 and rsa-sha256. Defaults to rsa-sha1.
signingCert String: Optionally indicates the public key certificate used to validate SAML requests. If set, SAML requests will be required to be signed. A sample value would be -----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n.
typedAttributes Boolean: Indicates whether or not we should infer the xs:type of the element. Types include xs:string, xs:boolean, xs:double, and xs:anyType. When set to false, all xs:type are xs:anyType. Defaults to true.

GetClientAddonSamlpLogout

Callback string: The service provider (client application)'s Single Logout Service URL, where Auth0 will send logout requests and responses.
SloEnabled bool: Controls whether Auth0 should notify service providers of session termination.

Callback string: The service provider (client application)'s Single Logout Service URL, where Auth0 will send logout requests and responses.
SloEnabled bool: Controls whether Auth0 should notify service providers of session termination.

callback String: The service provider (client application)'s Single Logout Service URL, where Auth0 will send logout requests and responses.
sloEnabled Boolean: Controls whether Auth0 should notify service providers of session termination.

callback string: The service provider (client application)'s Single Logout Service URL, where Auth0 will send logout requests and responses.
sloEnabled boolean: Controls whether Auth0 should notify service providers of session termination.

callback str: The service provider (client application)'s Single Logout Service URL, where Auth0 will send logout requests and responses.
slo_enabled bool: Controls whether Auth0 should notify service providers of session termination.

callback String: The service provider (client application)'s Single Logout Service URL, where Auth0 will send logout requests and responses.
sloEnabled Boolean: Controls whether Auth0 should notify service providers of session termination.

GetClientAddonSapApi

ClientId string: If activated in the OAuth 2.0 client configuration (transaction SOAUTH2) the SAML attribute client_idmust be set and equal theclient_id` form parameter of the access token request.
NameIdentifierFormat string: NameID element of the Subject which can be used to express the user's identity. Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
Scope string: Requested scope for SAP APIs.
ServicePassword string: Service account password to use to authenticate API calls to the token endpoint.
TokenEndpointUrl string: The OAuth2 token endpoint URL of your SAP OData server.
UsernameAttribute string: Name of the property in the user object that maps to a SAP username, for example email.

ClientId string: If activated in the OAuth 2.0 client configuration (transaction SOAUTH2) the SAML attribute client_idmust be set and equal theclient_id` form parameter of the access token request.
NameIdentifierFormat string: NameID element of the Subject which can be used to express the user's identity. Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
Scope string: Requested scope for SAP APIs.
ServicePassword string: Service account password to use to authenticate API calls to the token endpoint.
TokenEndpointUrl string: The OAuth2 token endpoint URL of your SAP OData server.
UsernameAttribute string: Name of the property in the user object that maps to a SAP username, for example email.

clientId String: If activated in the OAuth 2.0 client configuration (transaction SOAUTH2) the SAML attribute client_idmust be set and equal theclient_id` form parameter of the access token request.
nameIdentifierFormat String: NameID element of the Subject which can be used to express the user's identity. Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
scope String: Requested scope for SAP APIs.
servicePassword String: Service account password to use to authenticate API calls to the token endpoint.
tokenEndpointUrl String: The OAuth2 token endpoint URL of your SAP OData server.
usernameAttribute String: Name of the property in the user object that maps to a SAP username, for example email.

clientId string: If activated in the OAuth 2.0 client configuration (transaction SOAUTH2) the SAML attribute client_idmust be set and equal theclient_id` form parameter of the access token request.
nameIdentifierFormat string: NameID element of the Subject which can be used to express the user's identity. Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
scope string: Requested scope for SAP APIs.
servicePassword string: Service account password to use to authenticate API calls to the token endpoint.
tokenEndpointUrl string: The OAuth2 token endpoint URL of your SAP OData server.
usernameAttribute string: Name of the property in the user object that maps to a SAP username, for example email.

client_id str: If activated in the OAuth 2.0 client configuration (transaction SOAUTH2) the SAML attribute client_idmust be set and equal theclient_id` form parameter of the access token request.
name_identifier_format str: NameID element of the Subject which can be used to express the user's identity. Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
scope str: Requested scope for SAP APIs.
service_password str: Service account password to use to authenticate API calls to the token endpoint.
token_endpoint_url str: The OAuth2 token endpoint URL of your SAP OData server.
username_attribute str: Name of the property in the user object that maps to a SAP username, for example email.

clientId String: If activated in the OAuth 2.0 client configuration (transaction SOAUTH2) the SAML attribute client_idmust be set and equal theclient_id` form parameter of the access token request.
nameIdentifierFormat String: NameID element of the Subject which can be used to express the user's identity. Defaults to urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified.
scope String: Requested scope for SAP APIs.
servicePassword String: Service account password to use to authenticate API calls to the token endpoint.
tokenEndpointUrl String: The OAuth2 token endpoint URL of your SAP OData server.
usernameAttribute String: Name of the property in the user object that maps to a SAP username, for example email.

GetClientAddonSentry

BaseUrl string: URL prefix only if running Sentry Community Edition, otherwise leave empty.
OrgSlug string: Generated slug for your Sentry organization. Found in your Sentry URL, for example https://sentry.acme.com/acme-org/ would be acme-org.

BaseUrl string: URL prefix only if running Sentry Community Edition, otherwise leave empty.
OrgSlug string: Generated slug for your Sentry organization. Found in your Sentry URL, for example https://sentry.acme.com/acme-org/ would be acme-org.

baseUrl String: URL prefix only if running Sentry Community Edition, otherwise leave empty.
orgSlug String: Generated slug for your Sentry organization. Found in your Sentry URL, for example https://sentry.acme.com/acme-org/ would be acme-org.

baseUrl string: URL prefix only if running Sentry Community Edition, otherwise leave empty.
orgSlug string: Generated slug for your Sentry organization. Found in your Sentry URL, for example https://sentry.acme.com/acme-org/ would be acme-org.

base_url str: URL prefix only if running Sentry Community Edition, otherwise leave empty.
org_slug str: Generated slug for your Sentry organization. Found in your Sentry URL, for example https://sentry.acme.com/acme-org/ would be acme-org.

baseUrl String: URL prefix only if running Sentry Community Edition, otherwise leave empty.
orgSlug String: Generated slug for your Sentry organization. Found in your Sentry URL, for example https://sentry.acme.com/acme-org/ would be acme-org.

GetClientAddonSharepoint

ExternalUrls List<string>: External SharePoint application URLs if exposed to the Internet.
Url string: Internal SharePoint application URL.

ExternalUrls []string: External SharePoint application URLs if exposed to the Internet.
Url string: Internal SharePoint application URL.

externalUrls List<String>: External SharePoint application URLs if exposed to the Internet.
url String: Internal SharePoint application URL.

externalUrls string[]: External SharePoint application URLs if exposed to the Internet.
url string: Internal SharePoint application URL.

external_urls Sequence[str]: External SharePoint application URLs if exposed to the Internet.
url str: Internal SharePoint application URL.

externalUrls List<String>: External SharePoint application URLs if exposed to the Internet.
url String: Internal SharePoint application URL.

GetClientAddonSlack

Team string: Slack team name.

Team string: Slack team name.

team String: Slack team name.

team string: Slack team name.

team str: Slack team name.

team String: Slack team name.

GetClientAddonSpringcm

AcsUrl string: SpringCM ACS URL, for example https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx.

AcsUrl string: SpringCM ACS URL, for example https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx.

acsUrl String: SpringCM ACS URL, for example https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx.

acsUrl string: SpringCM ACS URL, for example https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx.

acs_url str: SpringCM ACS URL, for example https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx.

acsUrl String: SpringCM ACS URL, for example https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx.

GetClientAddonSsoIntegration

Name string: SSO integration name.
Version string: SSO integration version installed.

Name string: SSO integration name.
Version string: SSO integration version installed.

name String: SSO integration name.
version String: SSO integration version installed.

name string: SSO integration name.
version string: SSO integration version installed.

name str: SSO integration name.
version str: SSO integration version installed.

name String: SSO integration name.
version String: SSO integration version installed.

GetClientAddonWam

MasterKey string: Your master key for Windows Azure Mobile Services.

MasterKey string: Your master key for Windows Azure Mobile Services.

masterKey String: Your master key for Windows Azure Mobile Services.

masterKey string: Your master key for Windows Azure Mobile Services.

master_key str: Your master key for Windows Azure Mobile Services.

masterKey String: Your master key for Windows Azure Mobile Services.

GetClientAddonZendesk

AccountName string: Zendesk account name. Usually the first segment in your Zendesk URL, for example https://acme-org.zendesk.com would be acme-org.

AccountName string: Zendesk account name. Usually the first segment in your Zendesk URL, for example https://acme-org.zendesk.com would be acme-org.

accountName String: Zendesk account name. Usually the first segment in your Zendesk URL, for example https://acme-org.zendesk.com would be acme-org.

accountName string: Zendesk account name. Usually the first segment in your Zendesk URL, for example https://acme-org.zendesk.com would be acme-org.

account_name str: Zendesk account name. Usually the first segment in your Zendesk URL, for example https://acme-org.zendesk.com would be acme-org.

accountName String: Zendesk account name. Usually the first segment in your Zendesk URL, for example https://acme-org.zendesk.com would be acme-org.

GetClientAddonZoom

Account string: Zoom account name. Usually the first segment of your Zoom URL, for example https://acme-org.zoom.us would be acme-org.

Account string: Zoom account name. Usually the first segment of your Zoom URL, for example https://acme-org.zoom.us would be acme-org.

account String: Zoom account name. Usually the first segment of your Zoom URL, for example https://acme-org.zoom.us would be acme-org.

account string: Zoom account name. Usually the first segment of your Zoom URL, for example https://acme-org.zoom.us would be acme-org.

account str: Zoom account name. Usually the first segment of your Zoom URL, for example https://acme-org.zoom.us would be acme-org.

account String: Zoom account name. Usually the first segment of your Zoom URL, for example https://acme-org.zoom.us would be acme-org.

GetClientClientAuthenticationMethod

PrivateKeyJwts List<GetClientClientAuthenticationMethodPrivateKeyJwt>: If this is defined, the client is enabled to use the Private Key JWT authentication method.
SelfSignedTlsClientAuths List<GetClientClientAuthenticationMethodSelfSignedTlsClientAuth>: If this is defined, the client is enabled to use the mTLS authentication method utilizing a self-signed certificate.
TlsClientAuths List<GetClientClientAuthenticationMethodTlsClientAuth>: If this is defined, the client is enabled to use the CA-based mTLS authentication method.

PrivateKeyJwts []GetClientClientAuthenticationMethodPrivateKeyJwt: If this is defined, the client is enabled to use the Private Key JWT authentication method.
SelfSignedTlsClientAuths []GetClientClientAuthenticationMethodSelfSignedTlsClientAuth: If this is defined, the client is enabled to use the mTLS authentication method utilizing a self-signed certificate.
TlsClientAuths []GetClientClientAuthenticationMethodTlsClientAuth: If this is defined, the client is enabled to use the CA-based mTLS authentication method.

privateKeyJwts List<GetClientClientAuthenticationMethodPrivateKeyJwt>: If this is defined, the client is enabled to use the Private Key JWT authentication method.
selfSignedTlsClientAuths List<GetClientClientAuthenticationMethodSelfSignedTlsClientAuth>: If this is defined, the client is enabled to use the mTLS authentication method utilizing a self-signed certificate.
tlsClientAuths List<GetClientClientAuthenticationMethodTlsClientAuth>: If this is defined, the client is enabled to use the CA-based mTLS authentication method.

privateKeyJwts GetClientClientAuthenticationMethodPrivateKeyJwt[]: If this is defined, the client is enabled to use the Private Key JWT authentication method.
selfSignedTlsClientAuths GetClientClientAuthenticationMethodSelfSignedTlsClientAuth[]: If this is defined, the client is enabled to use the mTLS authentication method utilizing a self-signed certificate.
tlsClientAuths GetClientClientAuthenticationMethodTlsClientAuth[]: If this is defined, the client is enabled to use the CA-based mTLS authentication method.

private_key_jwts Sequence[GetClientClientAuthenticationMethodPrivateKeyJwt]: If this is defined, the client is enabled to use the Private Key JWT authentication method.
self_signed_tls_client_auths Sequence[GetClientClientAuthenticationMethodSelfSignedTlsClientAuth]: If this is defined, the client is enabled to use the mTLS authentication method utilizing a self-signed certificate.
tls_client_auths Sequence[GetClientClientAuthenticationMethodTlsClientAuth]: If this is defined, the client is enabled to use the CA-based mTLS authentication method.

privateKeyJwts List<Property Map>: If this is defined, the client is enabled to use the Private Key JWT authentication method.
selfSignedTlsClientAuths List<Property Map>: If this is defined, the client is enabled to use the mTLS authentication method utilizing a self-signed certificate.
tlsClientAuths List<Property Map>: If this is defined, the client is enabled to use the CA-based mTLS authentication method.

GetClientClientAuthenticationMethodPrivateKeyJwt

Credentials List<GetClientClientAuthenticationMethodPrivateKeyJwtCredential>: Credentials that will be enabled on the client for Private Key JWT authentication.

Credentials []GetClientClientAuthenticationMethodPrivateKeyJwtCredential: Credentials that will be enabled on the client for Private Key JWT authentication.

credentials List<GetClientClientAuthenticationMethodPrivateKeyJwtCredential>: Credentials that will be enabled on the client for Private Key JWT authentication.

credentials GetClientClientAuthenticationMethodPrivateKeyJwtCredential[]: Credentials that will be enabled on the client for Private Key JWT authentication.

credentials Sequence[GetClientClientAuthenticationMethodPrivateKeyJwtCredential]: Credentials that will be enabled on the client for Private Key JWT authentication.

credentials List<Property Map>: Credentials that will be enabled on the client for Private Key JWT authentication.

GetClientClientAuthenticationMethodPrivateKeyJwtCredential

Algorithm string: Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
CreatedAt string: The ISO 8601 formatted date the credential was created.
CredentialType string: Credential type. Supported types: public_key.
ExpiresAt string: The ISO 8601 formatted date representing the expiration of the credential.
Id string: The ID of the client credential.
KeyId string: The key identifier of the credential, generated on creation.
Name string: Friendly name for a credential.
UpdatedAt string: The ISO 8601 formatted date the credential was updated.

Algorithm string: Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
CreatedAt string: The ISO 8601 formatted date the credential was created.
CredentialType string: Credential type. Supported types: public_key.
ExpiresAt string: The ISO 8601 formatted date representing the expiration of the credential.
Id string: The ID of the client credential.
KeyId string: The key identifier of the credential, generated on creation.
Name string: Friendly name for a credential.
UpdatedAt string: The ISO 8601 formatted date the credential was updated.

algorithm String: Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
createdAt String: The ISO 8601 formatted date the credential was created.
credentialType String: Credential type. Supported types: public_key.
expiresAt String: The ISO 8601 formatted date representing the expiration of the credential.
id String: The ID of the client credential.
keyId String: The key identifier of the credential, generated on creation.
name String: Friendly name for a credential.
updatedAt String: The ISO 8601 formatted date the credential was updated.

algorithm string: Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
createdAt string: The ISO 8601 formatted date the credential was created.
credentialType string: Credential type. Supported types: public_key.
expiresAt string: The ISO 8601 formatted date representing the expiration of the credential.
id string: The ID of the client credential.
keyId string: The key identifier of the credential, generated on creation.
name string: Friendly name for a credential.
updatedAt string: The ISO 8601 formatted date the credential was updated.

algorithm str: Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
created_at str: The ISO 8601 formatted date the credential was created.
credential_type str: Credential type. Supported types: public_key.
expires_at str: The ISO 8601 formatted date representing the expiration of the credential.
id str: The ID of the client credential.
key_id str: The key identifier of the credential, generated on creation.
name str: Friendly name for a credential.
updated_at str: The ISO 8601 formatted date the credential was updated.

algorithm String: Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
createdAt String: The ISO 8601 formatted date the credential was created.
credentialType String: Credential type. Supported types: public_key.
expiresAt String: The ISO 8601 formatted date representing the expiration of the credential.
id String: The ID of the client credential.
keyId String: The key identifier of the credential, generated on creation.
name String: Friendly name for a credential.
updatedAt String: The ISO 8601 formatted date the credential was updated.

GetClientClientAuthenticationMethodSelfSignedTlsClientAuth

Credentials List<GetClientClientAuthenticationMethodSelfSignedTlsClientAuthCredential>: Credentials that will be enabled on the client for mTLS authentication utilizing self-signed certificates.

Credentials []GetClientClientAuthenticationMethodSelfSignedTlsClientAuthCredential: Credentials that will be enabled on the client for mTLS authentication utilizing self-signed certificates.

credentials List<GetClientClientAuthenticationMethodSelfSignedTlsClientAuthCredential>: Credentials that will be enabled on the client for mTLS authentication utilizing self-signed certificates.

credentials GetClientClientAuthenticationMethodSelfSignedTlsClientAuthCredential[]: Credentials that will be enabled on the client for mTLS authentication utilizing self-signed certificates.

credentials Sequence[GetClientClientAuthenticationMethodSelfSignedTlsClientAuthCredential]: Credentials that will be enabled on the client for mTLS authentication utilizing self-signed certificates.

credentials List<Property Map>: Credentials that will be enabled on the client for mTLS authentication utilizing self-signed certificates.

GetClientClientAuthenticationMethodSelfSignedTlsClientAuthCredential

CreatedAt string: The ISO 8601 formatted date the credential was created.
CredentialType string: Credential type. Supported types: x509_cert.
Id string: The ID of the client credential.
Name string: Friendly name for a credential.
UpdatedAt string: The ISO 8601 formatted date the credential was updated.

CreatedAt string: The ISO 8601 formatted date the credential was created.
CredentialType string: Credential type. Supported types: x509_cert.
Id string: The ID of the client credential.
Name string: Friendly name for a credential.
UpdatedAt string: The ISO 8601 formatted date the credential was updated.

createdAt String: The ISO 8601 formatted date the credential was created.
credentialType String: Credential type. Supported types: x509_cert.
id String: The ID of the client credential.
name String: Friendly name for a credential.
updatedAt String: The ISO 8601 formatted date the credential was updated.

createdAt string: The ISO 8601 formatted date the credential was created.
credentialType string: Credential type. Supported types: x509_cert.
id string: The ID of the client credential.
name string: Friendly name for a credential.
updatedAt string: The ISO 8601 formatted date the credential was updated.

created_at str: The ISO 8601 formatted date the credential was created.
credential_type str: Credential type. Supported types: x509_cert.
id str: The ID of the client credential.
name str: Friendly name for a credential.
updated_at str: The ISO 8601 formatted date the credential was updated.

createdAt String: The ISO 8601 formatted date the credential was created.
credentialType String: Credential type. Supported types: x509_cert.
id String: The ID of the client credential.
name String: Friendly name for a credential.
updatedAt String: The ISO 8601 formatted date the credential was updated.

GetClientClientAuthenticationMethodTlsClientAuth

Credentials List<GetClientClientAuthenticationMethodTlsClientAuthCredential>: Credentials that will be enabled on the client for CA-based mTLS authentication.

Credentials []GetClientClientAuthenticationMethodTlsClientAuthCredential: Credentials that will be enabled on the client for CA-based mTLS authentication.

credentials List<GetClientClientAuthenticationMethodTlsClientAuthCredential>: Credentials that will be enabled on the client for CA-based mTLS authentication.

credentials GetClientClientAuthenticationMethodTlsClientAuthCredential[]: Credentials that will be enabled on the client for CA-based mTLS authentication.

credentials Sequence[GetClientClientAuthenticationMethodTlsClientAuthCredential]: Credentials that will be enabled on the client for CA-based mTLS authentication.

credentials List<Property Map>: Credentials that will be enabled on the client for CA-based mTLS authentication.

GetClientClientAuthenticationMethodTlsClientAuthCredential

CreatedAt string: The ISO 8601 formatted date the credential was created.
CredentialType string: Credential type. Supported types: cert_subject_dn.
Id string: The ID of the client credential.
Name string: Friendly name for a credential.
SubjectDn string: Subject Distinguished Name. Mutually exlusive with pem property.
UpdatedAt string: The ISO 8601 formatted date the credential was updated.

CreatedAt string: The ISO 8601 formatted date the credential was created.
CredentialType string: Credential type. Supported types: cert_subject_dn.
Id string: The ID of the client credential.
Name string: Friendly name for a credential.
SubjectDn string: Subject Distinguished Name. Mutually exlusive with pem property.
UpdatedAt string: The ISO 8601 formatted date the credential was updated.

createdAt String: The ISO 8601 formatted date the credential was created.
credentialType String: Credential type. Supported types: cert_subject_dn.
id String: The ID of the client credential.
name String: Friendly name for a credential.
subjectDn String: Subject Distinguished Name. Mutually exlusive with pem property.
updatedAt String: The ISO 8601 formatted date the credential was updated.

createdAt string: The ISO 8601 formatted date the credential was created.
credentialType string: Credential type. Supported types: cert_subject_dn.
id string: The ID of the client credential.
name string: Friendly name for a credential.
subjectDn string: Subject Distinguished Name. Mutually exlusive with pem property.
updatedAt string: The ISO 8601 formatted date the credential was updated.

created_at str: The ISO 8601 formatted date the credential was created.
credential_type str: Credential type. Supported types: cert_subject_dn.
id str: The ID of the client credential.
name str: Friendly name for a credential.
subject_dn str: Subject Distinguished Name. Mutually exlusive with pem property.
updated_at str: The ISO 8601 formatted date the credential was updated.

createdAt String: The ISO 8601 formatted date the credential was created.
credentialType String: Credential type. Supported types: cert_subject_dn.
id String: The ID of the client credential.
name String: Friendly name for a credential.
subjectDn String: Subject Distinguished Name. Mutually exlusive with pem property.
updatedAt String: The ISO 8601 formatted date the credential was updated.

GetClientDefaultOrganization

Disable bool: If set, the default_organization will be removed.
Flows List<string>: Definition of the flow that needs to be configured. Eg. client_credentials
OrganizationId string: The unique identifier of the organization

Disable bool: If set, the default_organization will be removed.
Flows []string: Definition of the flow that needs to be configured. Eg. client_credentials
OrganizationId string: The unique identifier of the organization

disable Boolean: If set, the default_organization will be removed.
flows List<String>: Definition of the flow that needs to be configured. Eg. client_credentials
organizationId String: The unique identifier of the organization

disable boolean: If set, the default_organization will be removed.
flows string[]: Definition of the flow that needs to be configured. Eg. client_credentials
organizationId string: The unique identifier of the organization

disable bool: If set, the default_organization will be removed.
flows Sequence[str]: Definition of the flow that needs to be configured. Eg. client_credentials
organization_id str: The unique identifier of the organization

disable Boolean: If set, the default_organization will be removed.
flows List<String>: Definition of the flow that needs to be configured. Eg. client_credentials
organizationId String: The unique identifier of the organization

GetClientJwtConfiguration

Alg string: Algorithm used to sign JWTs. Can be one of HS256, RS256, PS256.
LifetimeInSeconds int: Number of seconds during which the JWT will be valid.
Scopes Dictionary<string, string>: Permissions (scopes) included in JWTs.
SecretEncoded bool: Indicates whether the client secret is Base64-encoded.

Alg string: Algorithm used to sign JWTs. Can be one of HS256, RS256, PS256.
LifetimeInSeconds int: Number of seconds during which the JWT will be valid.
Scopes map[string]string: Permissions (scopes) included in JWTs.
SecretEncoded bool: Indicates whether the client secret is Base64-encoded.

alg String: Algorithm used to sign JWTs. Can be one of HS256, RS256, PS256.
lifetimeInSeconds Integer: Number of seconds during which the JWT will be valid.
scopes Map<String,String>: Permissions (scopes) included in JWTs.
secretEncoded Boolean: Indicates whether the client secret is Base64-encoded.

alg string: Algorithm used to sign JWTs. Can be one of HS256, RS256, PS256.
lifetimeInSeconds number: Number of seconds during which the JWT will be valid.
scopes {[key: string]: string}: Permissions (scopes) included in JWTs.
secretEncoded boolean: Indicates whether the client secret is Base64-encoded.

alg str: Algorithm used to sign JWTs. Can be one of HS256, RS256, PS256.
lifetime_in_seconds int: Number of seconds during which the JWT will be valid.
scopes Mapping[str, str]: Permissions (scopes) included in JWTs.
secret_encoded bool: Indicates whether the client secret is Base64-encoded.

alg String: Algorithm used to sign JWTs. Can be one of HS256, RS256, PS256.
lifetimeInSeconds Number: Number of seconds during which the JWT will be valid.
scopes Map<String>: Permissions (scopes) included in JWTs.
secretEncoded Boolean: Indicates whether the client secret is Base64-encoded.

GetClientMobile

Androids List<GetClientMobileAndroid>: Configuration settings for Android native apps.
Ios List<GetClientMobileIo>: Configuration settings for i0S native apps.

Androids []GetClientMobileAndroid: Configuration settings for Android native apps.
Ios []GetClientMobileIo: Configuration settings for i0S native apps.

androids List<GetClientMobileAndroid>: Configuration settings for Android native apps.
ios List<GetClientMobileIo>: Configuration settings for i0S native apps.

androids GetClientMobileAndroid[]: Configuration settings for Android native apps.
ios GetClientMobileIo[]: Configuration settings for i0S native apps.

androids Sequence[GetClientMobileAndroid]: Configuration settings for Android native apps.
ios Sequence[GetClientMobileIo]: Configuration settings for i0S native apps.

androids List<Property Map>: Configuration settings for Android native apps.
ios List<Property Map>: Configuration settings for i0S native apps.

enabled Boolean

enabled boolean

enabled bool

enabled Boolean

GetClientNativeSocialLoginFacebook

Enabled bool

Enabled bool

enabled Boolean

enabled boolean

enabled bool

enabled Boolean

GetClientNativeSocialLoginGoogle

Enabled bool

Enabled bool

enabled Boolean

enabled boolean

enabled bool

enabled Boolean

GetClientOidcLogout

BackchannelLogoutInitiators List<GetClientOidcLogoutBackchannelLogoutInitiator>: Configure OIDC logout initiators for the Client
BackchannelLogoutUrls List<string>: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.

BackchannelLogoutInitiators []GetClientOidcLogoutBackchannelLogoutInitiator: Configure OIDC logout initiators for the Client
BackchannelLogoutUrls []string: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.

backchannelLogoutInitiators List<GetClientOidcLogoutBackchannelLogoutInitiator>: Configure OIDC logout initiators for the Client
backchannelLogoutUrls List<String>: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.

backchannelLogoutInitiators GetClientOidcLogoutBackchannelLogoutInitiator[]: Configure OIDC logout initiators for the Client
backchannelLogoutUrls string[]: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.

backchannel_logout_initiators Sequence[GetClientOidcLogoutBackchannelLogoutInitiator]: Configure OIDC logout initiators for the Client
backchannel_logout_urls Sequence[str]: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.

backchannelLogoutInitiators List<Property Map>: Configure OIDC logout initiators for the Client
backchannelLogoutUrls List<String>: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.

GetClientOidcLogoutBackchannelLogoutInitiator

Mode string: Determines the configuration method for enabling initiators. custom enables only the initiators listed in the backchannel_logout_selected_initiators set, all enables all current and future initiators.
SelectedInitiators List<string>: Contains the list of initiators to be enabled for the given client.

Mode string: Determines the configuration method for enabling initiators. custom enables only the initiators listed in the backchannel_logout_selected_initiators set, all enables all current and future initiators.
SelectedInitiators []string: Contains the list of initiators to be enabled for the given client.

mode String: Determines the configuration method for enabling initiators. custom enables only the initiators listed in the backchannel_logout_selected_initiators set, all enables all current and future initiators.
selectedInitiators List<String>: Contains the list of initiators to be enabled for the given client.

mode string: Determines the configuration method for enabling initiators. custom enables only the initiators listed in the backchannel_logout_selected_initiators set, all enables all current and future initiators.
selectedInitiators string[]: Contains the list of initiators to be enabled for the given client.

mode str: Determines the configuration method for enabling initiators. custom enables only the initiators listed in the backchannel_logout_selected_initiators set, all enables all current and future initiators.
selected_initiators Sequence[str]: Contains the list of initiators to be enabled for the given client.

mode String: Determines the configuration method for enabling initiators. custom enables only the initiators listed in the backchannel_logout_selected_initiators set, all enables all current and future initiators.
selectedInitiators List<String>: Contains the list of initiators to be enabled for the given client.

GetClientRefreshToken

ExpirationType string: Options include expiring, non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is rotating, this must be set to expiring.
IdleTokenLifetime int: The time in seconds after which inactive refresh tokens will expire.
InfiniteIdleTokenLifetime bool: Whether inactive refresh tokens should remain valid indefinitely.
InfiniteTokenLifetime bool: Whether refresh tokens should remain valid indefinitely. If false, token_lifetime should also be set.
Leeway int: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
RotationType string: Options include rotating, non-rotating. When rotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
TokenLifetime int: The absolute lifetime of a refresh token in seconds.

ExpirationType string: Options include expiring, non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is rotating, this must be set to expiring.
IdleTokenLifetime int: The time in seconds after which inactive refresh tokens will expire.
InfiniteIdleTokenLifetime bool: Whether inactive refresh tokens should remain valid indefinitely.
InfiniteTokenLifetime bool: Whether refresh tokens should remain valid indefinitely. If false, token_lifetime should also be set.
Leeway int: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
RotationType string: Options include rotating, non-rotating. When rotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
TokenLifetime int: The absolute lifetime of a refresh token in seconds.

expirationType String: Options include expiring, non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is rotating, this must be set to expiring.
idleTokenLifetime Integer: The time in seconds after which inactive refresh tokens will expire.
infiniteIdleTokenLifetime Boolean: Whether inactive refresh tokens should remain valid indefinitely.
infiniteTokenLifetime Boolean: Whether refresh tokens should remain valid indefinitely. If false, token_lifetime should also be set.
leeway Integer: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
rotationType String: Options include rotating, non-rotating. When rotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
tokenLifetime Integer: The absolute lifetime of a refresh token in seconds.

expirationType string: Options include expiring, non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is rotating, this must be set to expiring.
idleTokenLifetime number: The time in seconds after which inactive refresh tokens will expire.
infiniteIdleTokenLifetime boolean: Whether inactive refresh tokens should remain valid indefinitely.
infiniteTokenLifetime boolean: Whether refresh tokens should remain valid indefinitely. If false, token_lifetime should also be set.
leeway number: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
rotationType string: Options include rotating, non-rotating. When rotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
tokenLifetime number: The absolute lifetime of a refresh token in seconds.

expiration_type str: Options include expiring, non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is rotating, this must be set to expiring.
idle_token_lifetime int: The time in seconds after which inactive refresh tokens will expire.
infinite_idle_token_lifetime bool: Whether inactive refresh tokens should remain valid indefinitely.
infinite_token_lifetime bool: Whether refresh tokens should remain valid indefinitely. If false, token_lifetime should also be set.
leeway int: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
rotation_type str: Options include rotating, non-rotating. When rotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
token_lifetime int: The absolute lifetime of a refresh token in seconds.

expirationType String: Options include expiring, non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is rotating, this must be set to expiring.
idleTokenLifetime Number: The time in seconds after which inactive refresh tokens will expire.
infiniteIdleTokenLifetime Boolean: Whether inactive refresh tokens should remain valid indefinitely.
infiniteTokenLifetime Boolean: Whether refresh tokens should remain valid indefinitely. If false, token_lifetime should also be set.
leeway Number: The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
rotationType String: Options include rotating, non-rotating. When rotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
tokenLifetime Number: The absolute lifetime of a refresh token in seconds.

GetClientSignedRequestObject

Credentials List<GetClientSignedRequestObjectCredential>: Credentials that will be enabled on the client for JWT-secured authorization requests.
Required bool: Require JWT-secured authorization requests.

Credentials []GetClientSignedRequestObjectCredential: Credentials that will be enabled on the client for JWT-secured authorization requests.
Required bool: Require JWT-secured authorization requests.

credentials List<GetClientSignedRequestObjectCredential>: Credentials that will be enabled on the client for JWT-secured authorization requests.
required Boolean: Require JWT-secured authorization requests.

credentials GetClientSignedRequestObjectCredential[]: Credentials that will be enabled on the client for JWT-secured authorization requests.
required boolean: Require JWT-secured authorization requests.

credentials Sequence[GetClientSignedRequestObjectCredential]: Credentials that will be enabled on the client for JWT-secured authorization requests.
required bool: Require JWT-secured authorization requests.

credentials List<Property Map>: Credentials that will be enabled on the client for JWT-secured authorization requests.
required Boolean: Require JWT-secured authorization requests.

GetClientSignedRequestObjectCredential

Algorithm string: Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
CreatedAt string: The ISO 8601 formatted date the credential was created.
CredentialType string: Credential type. Supported types: public_key.
ExpiresAt string: The ISO 8601 formatted date representing the expiration of the credential.
Id string: The ID of the client credential.
KeyId string: The key identifier of the credential, generated on creation.
Name string: Friendly name for a credential.
UpdatedAt string: The ISO 8601 formatted date the credential was updated.

Algorithm string: Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
CreatedAt string: The ISO 8601 formatted date the credential was created.
CredentialType string: Credential type. Supported types: public_key.
ExpiresAt string: The ISO 8601 formatted date representing the expiration of the credential.
Id string: The ID of the client credential.
KeyId string: The key identifier of the credential, generated on creation.
Name string: Friendly name for a credential.
UpdatedAt string: The ISO 8601 formatted date the credential was updated.

algorithm String: Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
createdAt String: The ISO 8601 formatted date the credential was created.
credentialType String: Credential type. Supported types: public_key.
expiresAt String: The ISO 8601 formatted date representing the expiration of the credential.
id String: The ID of the client credential.
keyId String: The key identifier of the credential, generated on creation.
name String: Friendly name for a credential.
updatedAt String: The ISO 8601 formatted date the credential was updated.

algorithm string: Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
createdAt string: The ISO 8601 formatted date the credential was created.
credentialType string: Credential type. Supported types: public_key.
expiresAt string: The ISO 8601 formatted date representing the expiration of the credential.
id string: The ID of the client credential.
keyId string: The key identifier of the credential, generated on creation.
name string: Friendly name for a credential.
updatedAt string: The ISO 8601 formatted date the credential was updated.

algorithm str: Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
created_at str: The ISO 8601 formatted date the credential was created.
credential_type str: Credential type. Supported types: public_key.
expires_at str: The ISO 8601 formatted date representing the expiration of the credential.
id str: The ID of the client credential.
key_id str: The key identifier of the credential, generated on creation.
name str: Friendly name for a credential.
updated_at str: The ISO 8601 formatted date the credential was updated.

algorithm String: Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used.
createdAt String: The ISO 8601 formatted date the credential was created.
credentialType String: Credential type. Supported types: public_key.
expiresAt String: The ISO 8601 formatted date representing the expiration of the credential.
id String: The ID of the client credential.
keyId String: The key identifier of the credential, generated on creation.
name String: Friendly name for a credential.
updatedAt String: The ISO 8601 formatted date the credential was updated.

GetClientTokenExchange

AllowAnyProfileOfTypes List<string>: List of allowed profile types for token exchange

AllowAnyProfileOfTypes []string: List of allowed profile types for token exchange

allowAnyProfileOfTypes List<String>: List of allowed profile types for token exchange

allowAnyProfileOfTypes string[]: List of allowed profile types for token exchange

allow_any_profile_of_types Sequence[str]: List of allowed profile types for token exchange

allowAnyProfileOfTypes List<String>: List of allowed profile types for token exchange

Package Details

Repository: Auth0 pulumi/pulumi-auth0
License: Apache-2.0
Notes: This Pulumi package is based on the auth0 Terraform Provider.

Auth0 v3.18.0 published on Friday, Apr 18, 2025 by Pulumi

pulumi/pulumi-auth0

auth0.getClient

On this page

On this page

Example Usage

Using getClient

getClient Result

Supporting Types

GetClientAddon

GetClientAddonAw

GetClientAddonAzureBlob

GetClientAddonAzureSb

GetClientAddonEchosign

GetClientAddonEgnyte

GetClientAddonFirebase

GetClientAddonLayer

GetClientAddonMscrm

GetClientAddonNewrelic

GetClientAddonOffice365

GetClientAddonRm

GetClientAddonSalesforce

GetClientAddonSalesforceApi

GetClientAddonSalesforceSandboxApi

GetClientAddonSamlp

GetClientAddonSamlpLogout

GetClientAddonSapApi

GetClientAddonSentry

GetClientAddonSharepoint

GetClientAddonSlack

GetClientAddonSpringcm

GetClientAddonSsoIntegration

GetClientAddonWam

GetClientAddonZendesk

GetClientAddonZoom

GetClientClientAuthenticationMethod

GetClientClientAuthenticationMethodPrivateKeyJwt

GetClientClientAuthenticationMethodPrivateKeyJwtCredential

GetClientClientAuthenticationMethodSelfSignedTlsClientAuth

GetClientClientAuthenticationMethodSelfSignedTlsClientAuthCredential

GetClientClientAuthenticationMethodTlsClientAuth

GetClientClientAuthenticationMethodTlsClientAuthCredential

GetClientDefaultOrganization

GetClientJwtConfiguration

GetClientMobile

GetClientMobileAndroid

GetClientMobileIo

GetClientNativeSocialLogin

GetClientNativeSocialLoginApple

GetClientNativeSocialLoginFacebook

GetClientNativeSocialLoginGoogle

GetClientOidcLogout

GetClientOidcLogoutBackchannelLogoutInitiator

GetClientRefreshToken

GetClientSignedRequestObject

GetClientSignedRequestObjectCredential

GetClientTokenExchange

Package Details

On this page

On this page