getGlobalClient

Auth0 v2.24.3 (2.x), Mar 9 26

Viewing docs for Auth0 v2.24.3 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-auth0

Viewing docs for Auth0 v2.24.3 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-auth0

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var @global = Auth0.GetGlobalClient.Invoke();

});

package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.LookupGlobalClient(ctx, nil, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Auth0Functions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var global = Auth0Functions.getGlobalClient();

    }
}

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const global = auth0.getGlobalClient({});

import pulumi
import pulumi_auth0 as auth0

global_ = auth0.get_global_client()

variables:
  global:
    fn::invoke:
      Function: auth0:getGlobalClient
      Arguments: {}

Using getGlobalClient

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getGlobalClient(opts?: InvokeOptions): Promise<GetGlobalClientResult>
function getGlobalClientOutput(opts?: InvokeOptions): Output<GetGlobalClientResult>

def get_global_client(opts: Optional[InvokeOptions] = None) -> GetGlobalClientResult
def get_global_client_output(opts: Optional[InvokeOptions] = None) -> Output[GetGlobalClientResult]

func LookupGlobalClient(ctx *Context, opts ...InvokeOption) (*LookupGlobalClientResult, error)
func LookupGlobalClientOutput(ctx *Context, opts ...InvokeOption) LookupGlobalClientResultOutput

> Note: This function is named LookupGlobalClient in the Go SDK.

public static class GetGlobalClient 
{
    public static Task<GetGlobalClientResult> InvokeAsync(InvokeOptions? opts = null)
    public static Output<GetGlobalClientResult> Invoke(InvokeOptions? opts = null)
}

public static CompletableFuture<GetGlobalClientResult> getGlobalClient(InvokeOptions options)
public static Output<GetGlobalClientResult> getGlobalClient(InvokeOptions options)

fn::invoke:
  function: auth0:index/getGlobalClient:getGlobalClient
  arguments:
    # arguments dictionary

getGlobalClient Result

The following output properties are available:

Addons List<GetGlobalClientAddon>: Addons enabled for this client and their associated configurations.
AllowedClients List<string>: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
AllowedLogoutUrls List<string>: URLs that Auth0 may redirect to after logout.
AllowedOrigins List<string>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
AppType string: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
Callbacks List<string>: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
ClientAliases List<string>: List of audiences/realms for SAML protocol. Used by the wsfed addon.
ClientId string: The ID of the client.
ClientMetadata Dictionary<string, object>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
ClientSecret string
CrossOriginAuth bool: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
CrossOriginLoc string: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
CustomLoginPage string: The content (HTML, CSS, JS) of the custom login page.
CustomLoginPageOn bool: Indicates whether a custom login page is to be used.
Description string: Description of the purpose of the client.
EncryptionKey Dictionary<string, string>: Encryption used for WS-Fed responses with this client.
FormTemplate string: HTML form template to be used for WS-Federation.
GrantTypes List<string>: Types of grants that this client is authorized to use.
Id string: The provider-assigned unique ID for this managed resource.
InitiateLoginUri string: Initiate login URI. Must be HTTPS or an empty string.
IsFirstParty bool: Indicates whether this client is a first-party client.
IsTokenEndpointIpHeaderTrusted bool: Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
JwtConfigurations List<GetGlobalClientJwtConfiguration>: Configuration settings for the JWTs issued for this client.
LogoUri string: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
Mobiles List<GetGlobalClientMobile>: Additional configuration for native mobile apps.
Name string: Name of the client.
NativeSocialLogins List<GetGlobalClientNativeSocialLogin>: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
OidcBackchannelLogoutUrls List<string>: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
OidcConformant bool: Indicates whether this client will conform to strict OIDC specifications.
OrganizationRequireBehavior string: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default), pre_login_prompt or post_login_prompt.
OrganizationUsage string: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
RefreshTokens List<GetGlobalClientRefreshToken>: Configuration settings for the refresh tokens issued for this client.
SigningKeys List<ImmutableDictionary<string, object>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
Sso bool: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
SsoDisabled bool: Indicates whether or not SSO is disabled.
TokenEndpointAuthMethod string
WebOrigins List<string>: URLs that represent valid web origins for use with web message response mode.

Addons []GetGlobalClientAddon: Addons enabled for this client and their associated configurations.
AllowedClients []string: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
AllowedLogoutUrls []string: URLs that Auth0 may redirect to after logout.
AllowedOrigins []string: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
AppType string: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
Callbacks []string: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
ClientAliases []string: List of audiences/realms for SAML protocol. Used by the wsfed addon.
ClientId string: The ID of the client.
ClientMetadata map[string]interface{}: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
ClientSecret string
CrossOriginAuth bool: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
CrossOriginLoc string: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
CustomLoginPage string: The content (HTML, CSS, JS) of the custom login page.
CustomLoginPageOn bool: Indicates whether a custom login page is to be used.
Description string: Description of the purpose of the client.
EncryptionKey map[string]string: Encryption used for WS-Fed responses with this client.
FormTemplate string: HTML form template to be used for WS-Federation.
GrantTypes []string: Types of grants that this client is authorized to use.
Id string: The provider-assigned unique ID for this managed resource.
InitiateLoginUri string: Initiate login URI. Must be HTTPS or an empty string.
IsFirstParty bool: Indicates whether this client is a first-party client.
IsTokenEndpointIpHeaderTrusted bool: Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
JwtConfigurations []GetGlobalClientJwtConfiguration: Configuration settings for the JWTs issued for this client.
LogoUri string: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
Mobiles []GetGlobalClientMobile: Additional configuration for native mobile apps.
Name string: Name of the client.
NativeSocialLogins []GetGlobalClientNativeSocialLogin: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
OidcBackchannelLogoutUrls []string: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
OidcConformant bool: Indicates whether this client will conform to strict OIDC specifications.
OrganizationRequireBehavior string: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default), pre_login_prompt or post_login_prompt.
OrganizationUsage string: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
RefreshTokens []GetGlobalClientRefreshToken: Configuration settings for the refresh tokens issued for this client.
SigningKeys []map[string]interface{}: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
Sso bool: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
SsoDisabled bool: Indicates whether or not SSO is disabled.
TokenEndpointAuthMethod string
WebOrigins []string: URLs that represent valid web origins for use with web message response mode.

addons List<GetGlobalClientAddon>: Addons enabled for this client and their associated configurations.
allowedClients List<String>: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
allowedLogoutUrls List<String>: URLs that Auth0 may redirect to after logout.
allowedOrigins List<String>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType String: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks List<String>: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
clientAliases List<String>: List of audiences/realms for SAML protocol. Used by the wsfed addon.
clientId String: The ID of the client.
clientMetadata Map<String,Object>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
clientSecret String
crossOriginAuth Boolean: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
crossOriginLoc String: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
customLoginPage String: The content (HTML, CSS, JS) of the custom login page.
customLoginPageOn Boolean: Indicates whether a custom login page is to be used.
description String: Description of the purpose of the client.
encryptionKey Map<String,String>: Encryption used for WS-Fed responses with this client.
formTemplate String: HTML form template to be used for WS-Federation.
grantTypes List<String>: Types of grants that this client is authorized to use.
id String: The provider-assigned unique ID for this managed resource.
initiateLoginUri String: Initiate login URI. Must be HTTPS or an empty string.
isFirstParty Boolean: Indicates whether this client is a first-party client.
isTokenEndpointIpHeaderTrusted Boolean: Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
jwtConfigurations List<GetGlobalClientJwtConfiguration>: Configuration settings for the JWTs issued for this client.
logoUri String: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobiles List<GetGlobalClientMobile>: Additional configuration for native mobile apps.
name String: Name of the client.
nativeSocialLogins List<GetGlobalClientNativeSocialLogin>: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
oidcBackchannelLogoutUrls List<String>: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
oidcConformant Boolean: Indicates whether this client will conform to strict OIDC specifications.
organizationRequireBehavior String: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default), pre_login_prompt or post_login_prompt.
organizationUsage String: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
refreshTokens List<GetGlobalClientRefreshToken>: Configuration settings for the refresh tokens issued for this client.
signingKeys List<Map<String,Object>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
sso Boolean: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
ssoDisabled Boolean: Indicates whether or not SSO is disabled.
tokenEndpointAuthMethod String
webOrigins List<String>: URLs that represent valid web origins for use with web message response mode.

addons GetGlobalClientAddon[]: Addons enabled for this client and their associated configurations.
allowedClients string[]: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
allowedLogoutUrls string[]: URLs that Auth0 may redirect to after logout.
allowedOrigins string[]: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType string: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks string[]: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
clientAliases string[]: List of audiences/realms for SAML protocol. Used by the wsfed addon.
clientId string: The ID of the client.
clientMetadata {[key: string]: any}: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
clientSecret string
crossOriginAuth boolean: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
crossOriginLoc string: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
customLoginPage string: The content (HTML, CSS, JS) of the custom login page.
customLoginPageOn boolean: Indicates whether a custom login page is to be used.
description string: Description of the purpose of the client.
encryptionKey {[key: string]: string}: Encryption used for WS-Fed responses with this client.
formTemplate string: HTML form template to be used for WS-Federation.
grantTypes string[]: Types of grants that this client is authorized to use.
id string: The provider-assigned unique ID for this managed resource.
initiateLoginUri string: Initiate login URI. Must be HTTPS or an empty string.
isFirstParty boolean: Indicates whether this client is a first-party client.
isTokenEndpointIpHeaderTrusted boolean: Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
jwtConfigurations GetGlobalClientJwtConfiguration[]: Configuration settings for the JWTs issued for this client.
logoUri string: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobiles GetGlobalClientMobile[]: Additional configuration for native mobile apps.
name string: Name of the client.
nativeSocialLogins GetGlobalClientNativeSocialLogin[]: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
oidcBackchannelLogoutUrls string[]: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
oidcConformant boolean: Indicates whether this client will conform to strict OIDC specifications.
organizationRequireBehavior string: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default), pre_login_prompt or post_login_prompt.
organizationUsage string: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
refreshTokens GetGlobalClientRefreshToken[]: Configuration settings for the refresh tokens issued for this client.
signingKeys {[key: string]: any}[]: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
sso boolean: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
ssoDisabled boolean: Indicates whether or not SSO is disabled.
tokenEndpointAuthMethod string
webOrigins string[]: URLs that represent valid web origins for use with web message response mode.

addons Sequence[GetGlobalClientAddon]: Addons enabled for this client and their associated configurations.
allowed_clients Sequence[str]: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
allowed_logout_urls Sequence[str]: URLs that Auth0 may redirect to after logout.
allowed_origins Sequence[str]: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
app_type str: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks Sequence[str]: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
client_aliases Sequence[str]: List of audiences/realms for SAML protocol. Used by the wsfed addon.
client_id str: The ID of the client.
client_metadata Mapping[str, Any]: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
client_secret str
cross_origin_auth bool: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
cross_origin_loc str: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
custom_login_page str: The content (HTML, CSS, JS) of the custom login page.
custom_login_page_on bool: Indicates whether a custom login page is to be used.
description str: Description of the purpose of the client.
encryption_key Mapping[str, str]: Encryption used for WS-Fed responses with this client.
form_template str: HTML form template to be used for WS-Federation.
grant_types Sequence[str]: Types of grants that this client is authorized to use.
id str: The provider-assigned unique ID for this managed resource.
initiate_login_uri str: Initiate login URI. Must be HTTPS or an empty string.
is_first_party bool: Indicates whether this client is a first-party client.
is_token_endpoint_ip_header_trusted bool: Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
jwt_configurations Sequence[GetGlobalClientJwtConfiguration]: Configuration settings for the JWTs issued for this client.
logo_uri str: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobiles Sequence[GetGlobalClientMobile]: Additional configuration for native mobile apps.
name str: Name of the client.
native_social_logins Sequence[GetGlobalClientNativeSocialLogin]: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
oidc_backchannel_logout_urls Sequence[str]: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
oidc_conformant bool: Indicates whether this client will conform to strict OIDC specifications.
organization_require_behavior str: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default), pre_login_prompt or post_login_prompt.
organization_usage str: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
refresh_tokens Sequence[GetGlobalClientRefreshToken]: Configuration settings for the refresh tokens issued for this client.
signing_keys Sequence[Mapping[str, Any]]: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
sso bool: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
sso_disabled bool: Indicates whether or not SSO is disabled.
token_endpoint_auth_method str
web_origins Sequence[str]: URLs that represent valid web origins for use with web message response mode.

addons List<Property Map>: Addons enabled for this client and their associated configurations.
allowedClients List<String>: List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
allowedLogoutUrls List<String>: URLs that Auth0 may redirect to after logout.
allowedOrigins List<String>: URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
appType String: Type of application the client represents. Possible values are: native, spa, regular_web, non_interactive, sso_integration. Specific SSO integrations types accepted as well are: rms, box, cloudbees, concur, dropbox, mscrm, echosign, egnyte, newrelic, office365, salesforce, sentry, sharepoint, slack, springcm, zendesk, zoom.
callbacks List<String>: URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
clientAliases List<String>: List of audiences/realms for SAML protocol. Used by the wsfed addon.
clientId String: The ID of the client.
clientMetadata Map<Any>: Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space].
clientSecret String
crossOriginAuth Boolean: Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false). Requires the coa_toggle_enabled feature flag to be enabled on the tenant by the support team.
crossOriginLoc String: URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
customLoginPage String: The content (HTML, CSS, JS) of the custom login page.
customLoginPageOn Boolean: Indicates whether a custom login page is to be used.
description String: Description of the purpose of the client.
encryptionKey Map<String>: Encryption used for WS-Fed responses with this client.
formTemplate String: HTML form template to be used for WS-Federation.
grantTypes List<String>: Types of grants that this client is authorized to use.
id String: The provider-assigned unique ID for this managed resource.
initiateLoginUri String: Initiate login URI. Must be HTTPS or an empty string.
isFirstParty Boolean: Indicates whether this client is a first-party client.
isTokenEndpointIpHeaderTrusted Boolean: Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
jwtConfigurations List<Property Map>: Configuration settings for the JWTs issued for this client.
logoUri String: URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
mobiles List<Property Map>: Additional configuration for native mobile apps.
name String: Name of the client.
nativeSocialLogins List<Property Map>: Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to false in order to change the app_type.
oidcBackchannelLogoutUrls List<String>: Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
oidcConformant Boolean: Indicates whether this client will conform to strict OIDC specifications.
organizationRequireBehavior String: Defines how to proceed during an authentication transaction when organization_usage = "require". Can be no_prompt (default), pre_login_prompt or post_login_prompt.
organizationUsage String: Defines how to proceed during an authentication transaction with regards to an organization. Can be deny (default), allow or require.
refreshTokens List<Property Map>: Configuration settings for the refresh tokens issued for this client.
signingKeys List<Map<Any>>: List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
sso Boolean: Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
ssoDisabled Boolean: Indicates whether or not SSO is disabled.
tokenEndpointAuthMethod String
webOrigins List<String>: URLs that represent valid web origins for use with web message response mode.