Data source to retrieve a client grants based on client_id and/or audience
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const myClient = new auth0.Client("my_client", {name: "Example Application (Managed by Terraform)"});
const myResourceServer = new auth0.ResourceServer("my_resource_server", {
name: "Example Resource Server (Managed by Terraform)",
identifier: "https://api.example.com/client-grant",
authorizationDetails: [{
type: "payment",
}],
subjectTypeAuthorization: {
user: {
policy: "allow_all",
},
},
});
const myScopes = new auth0.ResourceServerScopes("my_scopes", {
resourceServerIdentifier: myResourceServer.identifier,
scopes: [{
name: "create:foo",
}],
}, {
dependsOn: [myResourceServer],
});
const myClientGrant = new auth0.ClientGrant("my_client_grant", {
clientId: myClient.id,
audience: myResourceServer.identifier,
authorizationDetailsTypes: ["payment"],
subjectType: "user",
allowAllScopes: true,
});
const filterByClientId = auth0.getClientGrantsOutput({
clientId: myClient.id,
});
const filterByAudience = auth0.getClientGrantsOutput({
audience: myResourceServer.identifier,
});
const filterByClientIdAndAudience = auth0.getClientGrantsOutput({
clientId: myClient.id,
audience: myResourceServer.identifier,
});
import pulumi
import pulumi_auth0 as auth0
my_client = auth0.Client("my_client", name="Example Application (Managed by Terraform)")
my_resource_server = auth0.ResourceServer("my_resource_server",
name="Example Resource Server (Managed by Terraform)",
identifier="https://api.example.com/client-grant",
authorization_details=[{
"type": "payment",
}],
subject_type_authorization={
"user": {
"policy": "allow_all",
},
})
my_scopes = auth0.ResourceServerScopes("my_scopes",
resource_server_identifier=my_resource_server.identifier,
scopes=[{
"name": "create:foo",
}],
opts = pulumi.ResourceOptions(depends_on=[my_resource_server]))
my_client_grant = auth0.ClientGrant("my_client_grant",
client_id=my_client.id,
audience=my_resource_server.identifier,
authorization_details_types=["payment"],
subject_type="user",
allow_all_scopes=True)
filter_by_client_id = auth0.get_client_grants_output(client_id=my_client.id)
filter_by_audience = auth0.get_client_grants_output(audience=my_resource_server.identifier)
filter_by_client_id_and_audience = auth0.get_client_grants_output(client_id=my_client.id,
audience=my_resource_server.identifier)
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
myClient, err := auth0.NewClient(ctx, "my_client", &auth0.ClientArgs{
Name: pulumi.String("Example Application (Managed by Terraform)"),
})
if err != nil {
return err
}
myResourceServer, err := auth0.NewResourceServer(ctx, "my_resource_server", &auth0.ResourceServerArgs{
Name: pulumi.String("Example Resource Server (Managed by Terraform)"),
Identifier: pulumi.String("https://api.example.com/client-grant"),
AuthorizationDetails: auth0.ResourceServerAuthorizationDetailArray{
&auth0.ResourceServerAuthorizationDetailArgs{
Type: pulumi.String("payment"),
},
},
SubjectTypeAuthorization: &auth0.ResourceServerSubjectTypeAuthorizationArgs{
User: &auth0.ResourceServerSubjectTypeAuthorizationUserArgs{
Policy: pulumi.String("allow_all"),
},
},
})
if err != nil {
return err
}
_, err = auth0.NewResourceServerScopes(ctx, "my_scopes", &auth0.ResourceServerScopesArgs{
ResourceServerIdentifier: myResourceServer.Identifier,
Scopes: auth0.ResourceServerScopesScopeArray{
&auth0.ResourceServerScopesScopeArgs{
Name: pulumi.String("create:foo"),
},
},
}, pulumi.DependsOn([]pulumi.Resource{
myResourceServer,
}))
if err != nil {
return err
}
_, err = auth0.NewClientGrant(ctx, "my_client_grant", &auth0.ClientGrantArgs{
ClientId: myClient.ID(),
Audience: myResourceServer.Identifier,
AuthorizationDetailsTypes: pulumi.StringArray{
pulumi.String("payment"),
},
SubjectType: pulumi.String("user"),
AllowAllScopes: pulumi.Bool(true),
})
if err != nil {
return err
}
_ = auth0.GetClientGrantsOutput(ctx, auth0.GetClientGrantsOutputArgs{
ClientId: myClient.ID(),
}, nil)
_ = auth0.GetClientGrantsOutput(ctx, auth0.GetClientGrantsOutputArgs{
Audience: myResourceServer.Identifier,
}, nil)
_ = auth0.GetClientGrantsOutput(ctx, auth0.GetClientGrantsOutputArgs{
ClientId: myClient.ID(),
Audience: myResourceServer.Identifier,
}, nil)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var myClient = new Auth0.Client("my_client", new()
{
Name = "Example Application (Managed by Terraform)",
});
var myResourceServer = new Auth0.ResourceServer("my_resource_server", new()
{
Name = "Example Resource Server (Managed by Terraform)",
Identifier = "https://api.example.com/client-grant",
AuthorizationDetails = new[]
{
new Auth0.Inputs.ResourceServerAuthorizationDetailArgs
{
Type = "payment",
},
},
SubjectTypeAuthorization = new Auth0.Inputs.ResourceServerSubjectTypeAuthorizationArgs
{
User = new Auth0.Inputs.ResourceServerSubjectTypeAuthorizationUserArgs
{
Policy = "allow_all",
},
},
});
var myScopes = new Auth0.ResourceServerScopes("my_scopes", new()
{
ResourceServerIdentifier = myResourceServer.Identifier,
Scopes = new[]
{
new Auth0.Inputs.ResourceServerScopesScopeArgs
{
Name = "create:foo",
},
},
}, new CustomResourceOptions
{
DependsOn =
{
myResourceServer,
},
});
var myClientGrant = new Auth0.ClientGrant("my_client_grant", new()
{
ClientId = myClient.Id,
Audience = myResourceServer.Identifier,
AuthorizationDetailsTypes = new[]
{
"payment",
},
SubjectType = "user",
AllowAllScopes = true,
});
var filterByClientId = Auth0.GetClientGrants.Invoke(new()
{
ClientId = myClient.Id,
});
var filterByAudience = Auth0.GetClientGrants.Invoke(new()
{
Audience = myResourceServer.Identifier,
});
var filterByClientIdAndAudience = Auth0.GetClientGrants.Invoke(new()
{
ClientId = myClient.Id,
Audience = myResourceServer.Identifier,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Client;
import com.pulumi.auth0.ClientArgs;
import com.pulumi.auth0.ResourceServer;
import com.pulumi.auth0.ResourceServerArgs;
import com.pulumi.auth0.inputs.ResourceServerAuthorizationDetailArgs;
import com.pulumi.auth0.inputs.ResourceServerSubjectTypeAuthorizationArgs;
import com.pulumi.auth0.inputs.ResourceServerSubjectTypeAuthorizationUserArgs;
import com.pulumi.auth0.ResourceServerScopes;
import com.pulumi.auth0.ResourceServerScopesArgs;
import com.pulumi.auth0.inputs.ResourceServerScopesScopeArgs;
import com.pulumi.auth0.ClientGrant;
import com.pulumi.auth0.ClientGrantArgs;
import com.pulumi.auth0.Auth0Functions;
import com.pulumi.auth0.inputs.GetClientGrantsArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myClient = new Client("myClient", ClientArgs.builder()
.name("Example Application (Managed by Terraform)")
.build());
var myResourceServer = new ResourceServer("myResourceServer", ResourceServerArgs.builder()
.name("Example Resource Server (Managed by Terraform)")
.identifier("https://api.example.com/client-grant")
.authorizationDetails(ResourceServerAuthorizationDetailArgs.builder()
.type("payment")
.build())
.subjectTypeAuthorization(ResourceServerSubjectTypeAuthorizationArgs.builder()
.user(ResourceServerSubjectTypeAuthorizationUserArgs.builder()
.policy("allow_all")
.build())
.build())
.build());
var myScopes = new ResourceServerScopes("myScopes", ResourceServerScopesArgs.builder()
.resourceServerIdentifier(myResourceServer.identifier())
.scopes(ResourceServerScopesScopeArgs.builder()
.name("create:foo")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(myResourceServer)
.build());
var myClientGrant = new ClientGrant("myClientGrant", ClientGrantArgs.builder()
.clientId(myClient.id())
.audience(myResourceServer.identifier())
.authorizationDetailsTypes("payment")
.subjectType("user")
.allowAllScopes(true)
.build());
final var filterByClientId = Auth0Functions.getClientGrants(GetClientGrantsArgs.builder()
.clientId(myClient.id())
.build());
final var filterByAudience = Auth0Functions.getClientGrants(GetClientGrantsArgs.builder()
.audience(myResourceServer.identifier())
.build());
final var filterByClientIdAndAudience = Auth0Functions.getClientGrants(GetClientGrantsArgs.builder()
.clientId(myClient.id())
.audience(myResourceServer.identifier())
.build());
}
}
resources:
myClient:
type: auth0:Client
name: my_client
properties:
name: Example Application (Managed by Terraform)
myResourceServer:
type: auth0:ResourceServer
name: my_resource_server
properties:
name: Example Resource Server (Managed by Terraform)
identifier: https://api.example.com/client-grant
authorizationDetails:
- type: payment
subjectTypeAuthorization:
user:
policy: allow_all
myScopes:
type: auth0:ResourceServerScopes
name: my_scopes
properties:
resourceServerIdentifier: ${myResourceServer.identifier}
scopes:
- name: create:foo
options:
dependsOn:
- ${myResourceServer}
myClientGrant:
type: auth0:ClientGrant
name: my_client_grant
properties:
clientId: ${myClient.id}
audience: ${myResourceServer.identifier}
authorizationDetailsTypes:
- payment
subjectType: user
allowAllScopes: true
variables:
filterByClientId:
fn::invoke:
function: auth0:getClientGrants
arguments:
clientId: ${myClient.id}
filterByAudience:
fn::invoke:
function: auth0:getClientGrants
arguments:
audience: ${myResourceServer.identifier}
filterByClientIdAndAudience:
fn::invoke:
function: auth0:getClientGrants
arguments:
clientId: ${myClient.id}
audience: ${myResourceServer.identifier}
Using getClientGrants
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getClientGrants(args: GetClientGrantsArgs, opts?: InvokeOptions): Promise<GetClientGrantsResult>
function getClientGrantsOutput(args: GetClientGrantsOutputArgs, opts?: InvokeOptions): Output<GetClientGrantsResult>def get_client_grants(audience: Optional[str] = None,
client_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetClientGrantsResult
def get_client_grants_output(audience: Optional[pulumi.Input[str]] = None,
client_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetClientGrantsResult]func GetClientGrants(ctx *Context, args *GetClientGrantsArgs, opts ...InvokeOption) (*GetClientGrantsResult, error)
func GetClientGrantsOutput(ctx *Context, args *GetClientGrantsOutputArgs, opts ...InvokeOption) GetClientGrantsResultOutput> Note: This function is named GetClientGrants in the Go SDK.
public static class GetClientGrants
{
public static Task<GetClientGrantsResult> InvokeAsync(GetClientGrantsArgs args, InvokeOptions? opts = null)
public static Output<GetClientGrantsResult> Invoke(GetClientGrantsInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetClientGrantsResult> getClientGrants(GetClientGrantsArgs args, InvokeOptions options)
public static Output<GetClientGrantsResult> getClientGrants(GetClientGrantsArgs args, InvokeOptions options)
fn::invoke:
function: auth0:index/getClientGrants:getClientGrants
arguments:
# arguments dictionaryThe following arguments are supported:
getClientGrants Result
The following output properties are available:
- Client
Grants List<GetClient Grants Client Grant> - List of client grants matching the criteria.
- Id string
- The provider-assigned unique ID for this managed resource.
- Audience string
- The audience to filter by.
- Client
Id string - The ID of the client to filter by.
- Client
Grants []GetClient Grants Client Grant - List of client grants matching the criteria.
- Id string
- The provider-assigned unique ID for this managed resource.
- Audience string
- The audience to filter by.
- Client
Id string - The ID of the client to filter by.
- client
Grants List<GetClient Grants Client Grant> - List of client grants matching the criteria.
- id String
- The provider-assigned unique ID for this managed resource.
- audience String
- The audience to filter by.
- client
Id String - The ID of the client to filter by.
- client
Grants GetClient Grants Client Grant[] - List of client grants matching the criteria.
- id string
- The provider-assigned unique ID for this managed resource.
- audience string
- The audience to filter by.
- client
Id string - The ID of the client to filter by.
- client_
grants Sequence[GetClient Grants Client Grant] - List of client grants matching the criteria.
- id str
- The provider-assigned unique ID for this managed resource.
- audience str
- The audience to filter by.
- client_
id str - The ID of the client to filter by.
- client
Grants List<Property Map> - List of client grants matching the criteria.
- id String
- The provider-assigned unique ID for this managed resource.
- audience String
- The audience to filter by.
- client
Id String - The ID of the client to filter by.
Supporting Types
GetClientGrantsClientGrant
- Allow
All boolScopes - When enabled, all scopes configured on the resource server are allowed for this client grant. EA Only.
- Audience string
- The audience of the client grant.
- Client
Id string - The client ID associated with the grant.
- Id string
- The ID of the client grant.
- Scopes List<string>
- List of granted scopes.
- Subject
Type string - The subject type (usually 'client').
- Allow
All boolScopes - When enabled, all scopes configured on the resource server are allowed for this client grant. EA Only.
- Audience string
- The audience of the client grant.
- Client
Id string - The client ID associated with the grant.
- Id string
- The ID of the client grant.
- Scopes []string
- List of granted scopes.
- Subject
Type string - The subject type (usually 'client').
- allow
All BooleanScopes - When enabled, all scopes configured on the resource server are allowed for this client grant. EA Only.
- audience String
- The audience of the client grant.
- client
Id String - The client ID associated with the grant.
- id String
- The ID of the client grant.
- scopes List<String>
- List of granted scopes.
- subject
Type String - The subject type (usually 'client').
- allow
All booleanScopes - When enabled, all scopes configured on the resource server are allowed for this client grant. EA Only.
- audience string
- The audience of the client grant.
- client
Id string - The client ID associated with the grant.
- id string
- The ID of the client grant.
- scopes string[]
- List of granted scopes.
- subject
Type string - The subject type (usually 'client').
- allow_
all_ boolscopes - When enabled, all scopes configured on the resource server are allowed for this client grant. EA Only.
- audience str
- The audience of the client grant.
- client_
id str - The client ID associated with the grant.
- id str
- The ID of the client grant.
- scopes Sequence[str]
- List of granted scopes.
- subject_
type str - The subject type (usually 'client').
- allow
All BooleanScopes - When enabled, all scopes configured on the resource server are allowed for this client grant. EA Only.
- audience String
- The audience of the client grant.
- client
Id String - The client ID associated with the grant.
- id String
- The ID of the client grant.
- scopes List<String>
- List of granted scopes.
- subject
Type String - The subject type (usually 'client').
Package Details
- Repository
- Auth0 pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
auth0Terraform Provider.
