Viewing docs for Auth0 v2.24.3 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
Viewing docs for Auth0 v2.24.3 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
Import
The auth0_global_client can be imported using the global client’s ID. # You can find the ID of the global client by going to the API Explorer and fetching the clients that have "global"true. # Example
$ pulumi import auth0:index/globalClient:GlobalClient global XaiyAXXXYdXXXXnqjj8HXXXXXT5titww
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var @global = new Auth0.GlobalClient("global", new()
{
Callbacks = new[]
{
"http://somehostname.com/a/callback",
},
CustomLoginPage = @"<html>
<head><title>My Custom Login Page</title></head>
<body>
I should probably have a login form here
</body>
</html>
",
CustomLoginPageOn = true,
});
});
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewGlobalClient(ctx, "global", &auth0.GlobalClientArgs{
Callbacks: pulumi.StringArray{
pulumi.String("http://somehostname.com/a/callback"),
},
CustomLoginPage: pulumi.String(`<html>
<head><title>My Custom Login Page</title></head>
<body>
I should probably have a login form here
</body>
</html>
`),
CustomLoginPageOn: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.GlobalClient;
import com.pulumi.auth0.GlobalClientArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var global = new GlobalClient("global", GlobalClientArgs.builder()
.callbacks("http://somehostname.com/a/callback")
.customLoginPage("""
<html>
<head><title>My Custom Login Page</title></head>
<body>
I should probably have a login form here
</body>
</html>
""")
.customLoginPageOn(true)
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const global = new auth0.GlobalClient("global", {
callbacks: ["http://somehostname.com/a/callback"],
customLoginPage: `<html>
<head><title>My Custom Login Page</title></head>
<body>
I should probably have a login form here
</body>
</html>
`,
customLoginPageOn: true,
});
import pulumi
import pulumi_auth0 as auth0
global_ = auth0.GlobalClient("global",
callbacks=["http://somehostname.com/a/callback"],
custom_login_page="""<html>
<head><title>My Custom Login Page</title></head>
<body>
I should probably have a login form here
</body>
</html>
""",
custom_login_page_on=True)
resources:
global:
type: auth0:GlobalClient
properties:
callbacks:
- http://somehostname.com/a/callback
customLoginPage: |+
<html>
<head><title>My Custom Login Page</title></head>
<body>
I should probably have a login form here
</body>
</html>
# Auth0 Universal Login - Custom Login Page
customLoginPageOn: true
Create GlobalClient Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GlobalClient(name: string, args?: GlobalClientArgs, opts?: CustomResourceOptions);@overload
def GlobalClient(resource_name: str,
args: Optional[GlobalClientArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def GlobalClient(resource_name: str,
opts: Optional[ResourceOptions] = None,
addons: Optional[GlobalClientAddonsArgs] = None,
allowed_clients: Optional[Sequence[str]] = None,
allowed_logout_urls: Optional[Sequence[str]] = None,
allowed_origins: Optional[Sequence[str]] = None,
app_type: Optional[str] = None,
callbacks: Optional[Sequence[str]] = None,
client_aliases: Optional[Sequence[str]] = None,
client_id: Optional[str] = None,
client_metadata: Optional[Mapping[str, Any]] = None,
client_secret: Optional[str] = None,
client_secret_rotation_trigger: Optional[Mapping[str, Any]] = None,
cross_origin_auth: Optional[bool] = None,
cross_origin_loc: Optional[str] = None,
custom_login_page: Optional[str] = None,
custom_login_page_on: Optional[bool] = None,
description: Optional[str] = None,
encryption_key: Optional[Mapping[str, str]] = None,
form_template: Optional[str] = None,
grant_types: Optional[Sequence[str]] = None,
initiate_login_uri: Optional[str] = None,
is_first_party: Optional[bool] = None,
is_token_endpoint_ip_header_trusted: Optional[bool] = None,
jwt_configuration: Optional[GlobalClientJwtConfigurationArgs] = None,
logo_uri: Optional[str] = None,
mobile: Optional[GlobalClientMobileArgs] = None,
name: Optional[str] = None,
native_social_login: Optional[GlobalClientNativeSocialLoginArgs] = None,
oidc_backchannel_logout_urls: Optional[Sequence[str]] = None,
oidc_conformant: Optional[bool] = None,
organization_require_behavior: Optional[str] = None,
organization_usage: Optional[str] = None,
refresh_token: Optional[GlobalClientRefreshTokenArgs] = None,
signing_keys: Optional[Sequence[Mapping[str, Any]]] = None,
sso: Optional[bool] = None,
sso_disabled: Optional[bool] = None,
token_endpoint_auth_method: Optional[str] = None,
web_origins: Optional[Sequence[str]] = None)func NewGlobalClient(ctx *Context, name string, args *GlobalClientArgs, opts ...ResourceOption) (*GlobalClient, error)public GlobalClient(string name, GlobalClientArgs? args = null, CustomResourceOptions? opts = null)
public GlobalClient(String name, GlobalClientArgs args)
public GlobalClient(String name, GlobalClientArgs args, CustomResourceOptions options)
type: auth0:GlobalClient
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GlobalClientArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GlobalClientArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GlobalClientArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GlobalClientArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GlobalClientArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var globalClientResource = new Auth0.GlobalClient("globalClientResource", new()
{
Addons = new Auth0.Inputs.GlobalClientAddonsArgs
{
Aws =
{
{ "string", "any" },
},
AzureBlob =
{
{ "string", "any" },
},
AzureSb =
{
{ "string", "any" },
},
Box =
{
{ "string", "any" },
},
Cloudbees =
{
{ "string", "any" },
},
Concur =
{
{ "string", "any" },
},
Dropbox =
{
{ "string", "any" },
},
Echosign =
{
{ "string", "any" },
},
Egnyte =
{
{ "string", "any" },
},
Firebase =
{
{ "string", "any" },
},
Layer =
{
{ "string", "any" },
},
Mscrm =
{
{ "string", "any" },
},
Newrelic =
{
{ "string", "any" },
},
Office365 =
{
{ "string", "any" },
},
Rms =
{
{ "string", "any" },
},
Salesforce =
{
{ "string", "any" },
},
SalesforceApi =
{
{ "string", "any" },
},
SalesforceSandboxApi =
{
{ "string", "any" },
},
Samlp = new Auth0.Inputs.GlobalClientAddonsSamlpArgs
{
Audience = "string",
AuthnContextClassRef = "string",
Binding = "string",
CreateUpnClaim = false,
Destination = "string",
DigestAlgorithm = "string",
IncludeAttributeNameFormat = false,
Issuer = "string",
LifetimeInSeconds = 0,
Logout =
{
{ "string", "any" },
},
MapIdentities = false,
MapUnknownClaimsAsIs = false,
Mappings =
{
{ "string", "any" },
},
NameIdentifierFormat = "string",
NameIdentifierProbes = new[]
{
"string",
},
PassthroughClaimsWithNoMapping = false,
Recipient = "string",
SignResponse = false,
SignatureAlgorithm = "string",
SigningCert = "string",
TypedAttributes = false,
},
SapApi =
{
{ "string", "any" },
},
Sentry =
{
{ "string", "any" },
},
Sharepoint =
{
{ "string", "any" },
},
Slack =
{
{ "string", "any" },
},
Springcm =
{
{ "string", "any" },
},
Wams =
{
{ "string", "any" },
},
Wsfed =
{
{ "string", "any" },
},
Zendesk =
{
{ "string", "any" },
},
Zoom =
{
{ "string", "any" },
},
},
AllowedClients = new[]
{
"string",
},
AllowedLogoutUrls = new[]
{
"string",
},
AllowedOrigins = new[]
{
"string",
},
AppType = "string",
Callbacks = new[]
{
"string",
},
ClientAliases = new[]
{
"string",
},
ClientId = "string",
ClientMetadata =
{
{ "string", "any" },
},
CrossOriginAuth = false,
CrossOriginLoc = "string",
CustomLoginPage = "string",
CustomLoginPageOn = false,
Description = "string",
EncryptionKey =
{
{ "string", "string" },
},
FormTemplate = "string",
GrantTypes = new[]
{
"string",
},
InitiateLoginUri = "string",
IsFirstParty = false,
IsTokenEndpointIpHeaderTrusted = false,
JwtConfiguration = new Auth0.Inputs.GlobalClientJwtConfigurationArgs
{
Alg = "string",
LifetimeInSeconds = 0,
Scopes =
{
{ "string", "string" },
},
SecretEncoded = false,
},
LogoUri = "string",
Mobile = new Auth0.Inputs.GlobalClientMobileArgs
{
Android = new Auth0.Inputs.GlobalClientMobileAndroidArgs
{
AppPackageName = "string",
Sha256CertFingerprints = new[]
{
"string",
},
},
Ios = new Auth0.Inputs.GlobalClientMobileIosArgs
{
AppBundleIdentifier = "string",
TeamId = "string",
},
},
Name = "string",
NativeSocialLogin = new Auth0.Inputs.GlobalClientNativeSocialLoginArgs
{
Apple = new Auth0.Inputs.GlobalClientNativeSocialLoginAppleArgs
{
Enabled = false,
},
Facebook = new Auth0.Inputs.GlobalClientNativeSocialLoginFacebookArgs
{
Enabled = false,
},
},
OidcBackchannelLogoutUrls = new[]
{
"string",
},
OidcConformant = false,
OrganizationRequireBehavior = "string",
OrganizationUsage = "string",
RefreshToken = new Auth0.Inputs.GlobalClientRefreshTokenArgs
{
ExpirationType = "string",
RotationType = "string",
IdleTokenLifetime = 0,
InfiniteIdleTokenLifetime = false,
InfiniteTokenLifetime = false,
Leeway = 0,
TokenLifetime = 0,
},
SigningKeys = new[]
{
{
{ "string", "any" },
},
},
Sso = false,
SsoDisabled = false,
WebOrigins = new[]
{
"string",
},
});
example, err := auth0.NewGlobalClient(ctx, "globalClientResource", &auth0.GlobalClientArgs{
Addons: &auth0.GlobalClientAddonsArgs{
Aws: pulumi.Map{
"string": pulumi.Any("any"),
},
AzureBlob: pulumi.Map{
"string": pulumi.Any("any"),
},
AzureSb: pulumi.Map{
"string": pulumi.Any("any"),
},
Box: pulumi.Map{
"string": pulumi.Any("any"),
},
Cloudbees: pulumi.Map{
"string": pulumi.Any("any"),
},
Concur: pulumi.Map{
"string": pulumi.Any("any"),
},
Dropbox: pulumi.Map{
"string": pulumi.Any("any"),
},
Echosign: pulumi.Map{
"string": pulumi.Any("any"),
},
Egnyte: pulumi.Map{
"string": pulumi.Any("any"),
},
Firebase: pulumi.Map{
"string": pulumi.Any("any"),
},
Layer: pulumi.Map{
"string": pulumi.Any("any"),
},
Mscrm: pulumi.Map{
"string": pulumi.Any("any"),
},
Newrelic: pulumi.Map{
"string": pulumi.Any("any"),
},
Office365: pulumi.Map{
"string": pulumi.Any("any"),
},
Rms: pulumi.Map{
"string": pulumi.Any("any"),
},
Salesforce: pulumi.Map{
"string": pulumi.Any("any"),
},
SalesforceApi: pulumi.Map{
"string": pulumi.Any("any"),
},
SalesforceSandboxApi: pulumi.Map{
"string": pulumi.Any("any"),
},
Samlp: &auth0.GlobalClientAddonsSamlpArgs{
Audience: pulumi.String("string"),
AuthnContextClassRef: pulumi.String("string"),
Binding: pulumi.String("string"),
CreateUpnClaim: pulumi.Bool(false),
Destination: pulumi.String("string"),
DigestAlgorithm: pulumi.String("string"),
IncludeAttributeNameFormat: pulumi.Bool(false),
Issuer: pulumi.String("string"),
LifetimeInSeconds: pulumi.Int(0),
Logout: pulumi.Map{
"string": pulumi.Any("any"),
},
MapIdentities: pulumi.Bool(false),
MapUnknownClaimsAsIs: pulumi.Bool(false),
Mappings: pulumi.Map{
"string": pulumi.Any("any"),
},
NameIdentifierFormat: pulumi.String("string"),
NameIdentifierProbes: pulumi.StringArray{
pulumi.String("string"),
},
PassthroughClaimsWithNoMapping: pulumi.Bool(false),
Recipient: pulumi.String("string"),
SignResponse: pulumi.Bool(false),
SignatureAlgorithm: pulumi.String("string"),
SigningCert: pulumi.String("string"),
TypedAttributes: pulumi.Bool(false),
},
SapApi: pulumi.Map{
"string": pulumi.Any("any"),
},
Sentry: pulumi.Map{
"string": pulumi.Any("any"),
},
Sharepoint: pulumi.Map{
"string": pulumi.Any("any"),
},
Slack: pulumi.Map{
"string": pulumi.Any("any"),
},
Springcm: pulumi.Map{
"string": pulumi.Any("any"),
},
Wams: pulumi.Map{
"string": pulumi.Any("any"),
},
Wsfed: pulumi.Map{
"string": pulumi.Any("any"),
},
Zendesk: pulumi.Map{
"string": pulumi.Any("any"),
},
Zoom: pulumi.Map{
"string": pulumi.Any("any"),
},
},
AllowedClients: pulumi.StringArray{
pulumi.String("string"),
},
AllowedLogoutUrls: pulumi.StringArray{
pulumi.String("string"),
},
AllowedOrigins: pulumi.StringArray{
pulumi.String("string"),
},
AppType: pulumi.String("string"),
Callbacks: pulumi.StringArray{
pulumi.String("string"),
},
ClientAliases: pulumi.StringArray{
pulumi.String("string"),
},
ClientId: pulumi.String("string"),
ClientMetadata: pulumi.Map{
"string": pulumi.Any("any"),
},
CrossOriginAuth: pulumi.Bool(false),
CrossOriginLoc: pulumi.String("string"),
CustomLoginPage: pulumi.String("string"),
CustomLoginPageOn: pulumi.Bool(false),
Description: pulumi.String("string"),
EncryptionKey: pulumi.StringMap{
"string": pulumi.String("string"),
},
FormTemplate: pulumi.String("string"),
GrantTypes: pulumi.StringArray{
pulumi.String("string"),
},
InitiateLoginUri: pulumi.String("string"),
IsFirstParty: pulumi.Bool(false),
IsTokenEndpointIpHeaderTrusted: pulumi.Bool(false),
JwtConfiguration: &auth0.GlobalClientJwtConfigurationArgs{
Alg: pulumi.String("string"),
LifetimeInSeconds: pulumi.Int(0),
Scopes: pulumi.StringMap{
"string": pulumi.String("string"),
},
SecretEncoded: pulumi.Bool(false),
},
LogoUri: pulumi.String("string"),
Mobile: &auth0.GlobalClientMobileArgs{
Android: &auth0.GlobalClientMobileAndroidArgs{
AppPackageName: pulumi.String("string"),
Sha256CertFingerprints: pulumi.StringArray{
pulumi.String("string"),
},
},
Ios: &auth0.GlobalClientMobileIosArgs{
AppBundleIdentifier: pulumi.String("string"),
TeamId: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
NativeSocialLogin: &auth0.GlobalClientNativeSocialLoginArgs{
Apple: &auth0.GlobalClientNativeSocialLoginAppleArgs{
Enabled: pulumi.Bool(false),
},
Facebook: &auth0.GlobalClientNativeSocialLoginFacebookArgs{
Enabled: pulumi.Bool(false),
},
},
OidcBackchannelLogoutUrls: pulumi.StringArray{
pulumi.String("string"),
},
OidcConformant: pulumi.Bool(false),
OrganizationRequireBehavior: pulumi.String("string"),
OrganizationUsage: pulumi.String("string"),
RefreshToken: &auth0.GlobalClientRefreshTokenArgs{
ExpirationType: pulumi.String("string"),
RotationType: pulumi.String("string"),
IdleTokenLifetime: pulumi.Int(0),
InfiniteIdleTokenLifetime: pulumi.Bool(false),
InfiniteTokenLifetime: pulumi.Bool(false),
Leeway: pulumi.Int(0),
TokenLifetime: pulumi.Int(0),
},
SigningKeys: pulumi.MapArray{
pulumi.Map{
"string": pulumi.Any("any"),
},
},
Sso: pulumi.Bool(false),
SsoDisabled: pulumi.Bool(false),
WebOrigins: pulumi.StringArray{
pulumi.String("string"),
},
})
var globalClientResource = new GlobalClient("globalClientResource", GlobalClientArgs.builder()
.addons(GlobalClientAddonsArgs.builder()
.aws(Map.of("string", "any"))
.azureBlob(Map.of("string", "any"))
.azureSb(Map.of("string", "any"))
.box(Map.of("string", "any"))
.cloudbees(Map.of("string", "any"))
.concur(Map.of("string", "any"))
.dropbox(Map.of("string", "any"))
.echosign(Map.of("string", "any"))
.egnyte(Map.of("string", "any"))
.firebase(Map.of("string", "any"))
.layer(Map.of("string", "any"))
.mscrm(Map.of("string", "any"))
.newrelic(Map.of("string", "any"))
.office365(Map.of("string", "any"))
.rms(Map.of("string", "any"))
.salesforce(Map.of("string", "any"))
.salesforceApi(Map.of("string", "any"))
.salesforceSandboxApi(Map.of("string", "any"))
.samlp(GlobalClientAddonsSamlpArgs.builder()
.audience("string")
.authnContextClassRef("string")
.binding("string")
.createUpnClaim(false)
.destination("string")
.digestAlgorithm("string")
.includeAttributeNameFormat(false)
.issuer("string")
.lifetimeInSeconds(0)
.logout(Map.of("string", "any"))
.mapIdentities(false)
.mapUnknownClaimsAsIs(false)
.mappings(Map.of("string", "any"))
.nameIdentifierFormat("string")
.nameIdentifierProbes("string")
.passthroughClaimsWithNoMapping(false)
.recipient("string")
.signResponse(false)
.signatureAlgorithm("string")
.signingCert("string")
.typedAttributes(false)
.build())
.sapApi(Map.of("string", "any"))
.sentry(Map.of("string", "any"))
.sharepoint(Map.of("string", "any"))
.slack(Map.of("string", "any"))
.springcm(Map.of("string", "any"))
.wams(Map.of("string", "any"))
.wsfed(Map.of("string", "any"))
.zendesk(Map.of("string", "any"))
.zoom(Map.of("string", "any"))
.build())
.allowedClients("string")
.allowedLogoutUrls("string")
.allowedOrigins("string")
.appType("string")
.callbacks("string")
.clientAliases("string")
.clientId("string")
.clientMetadata(Map.of("string", "any"))
.crossOriginAuth(false)
.crossOriginLoc("string")
.customLoginPage("string")
.customLoginPageOn(false)
.description("string")
.encryptionKey(Map.of("string", "string"))
.formTemplate("string")
.grantTypes("string")
.initiateLoginUri("string")
.isFirstParty(false)
.isTokenEndpointIpHeaderTrusted(false)
.jwtConfiguration(GlobalClientJwtConfigurationArgs.builder()
.alg("string")
.lifetimeInSeconds(0)
.scopes(Map.of("string", "string"))
.secretEncoded(false)
.build())
.logoUri("string")
.mobile(GlobalClientMobileArgs.builder()
.android(GlobalClientMobileAndroidArgs.builder()
.appPackageName("string")
.sha256CertFingerprints("string")
.build())
.ios(GlobalClientMobileIosArgs.builder()
.appBundleIdentifier("string")
.teamId("string")
.build())
.build())
.name("string")
.nativeSocialLogin(GlobalClientNativeSocialLoginArgs.builder()
.apple(GlobalClientNativeSocialLoginAppleArgs.builder()
.enabled(false)
.build())
.facebook(GlobalClientNativeSocialLoginFacebookArgs.builder()
.enabled(false)
.build())
.build())
.oidcBackchannelLogoutUrls("string")
.oidcConformant(false)
.organizationRequireBehavior("string")
.organizationUsage("string")
.refreshToken(GlobalClientRefreshTokenArgs.builder()
.expirationType("string")
.rotationType("string")
.idleTokenLifetime(0)
.infiniteIdleTokenLifetime(false)
.infiniteTokenLifetime(false)
.leeway(0)
.tokenLifetime(0)
.build())
.signingKeys(Map.of("string", "any"))
.sso(false)
.ssoDisabled(false)
.webOrigins("string")
.build());
global_client_resource = auth0.GlobalClient("globalClientResource",
addons={
"aws": {
"string": "any",
},
"azure_blob": {
"string": "any",
},
"azure_sb": {
"string": "any",
},
"box": {
"string": "any",
},
"cloudbees": {
"string": "any",
},
"concur": {
"string": "any",
},
"dropbox": {
"string": "any",
},
"echosign": {
"string": "any",
},
"egnyte": {
"string": "any",
},
"firebase": {
"string": "any",
},
"layer": {
"string": "any",
},
"mscrm": {
"string": "any",
},
"newrelic": {
"string": "any",
},
"office365": {
"string": "any",
},
"rms": {
"string": "any",
},
"salesforce": {
"string": "any",
},
"salesforce_api": {
"string": "any",
},
"salesforce_sandbox_api": {
"string": "any",
},
"samlp": {
"audience": "string",
"authn_context_class_ref": "string",
"binding": "string",
"create_upn_claim": False,
"destination": "string",
"digest_algorithm": "string",
"include_attribute_name_format": False,
"issuer": "string",
"lifetime_in_seconds": 0,
"logout": {
"string": "any",
},
"map_identities": False,
"map_unknown_claims_as_is": False,
"mappings": {
"string": "any",
},
"name_identifier_format": "string",
"name_identifier_probes": ["string"],
"passthrough_claims_with_no_mapping": False,
"recipient": "string",
"sign_response": False,
"signature_algorithm": "string",
"signing_cert": "string",
"typed_attributes": False,
},
"sap_api": {
"string": "any",
},
"sentry": {
"string": "any",
},
"sharepoint": {
"string": "any",
},
"slack": {
"string": "any",
},
"springcm": {
"string": "any",
},
"wams": {
"string": "any",
},
"wsfed": {
"string": "any",
},
"zendesk": {
"string": "any",
},
"zoom": {
"string": "any",
},
},
allowed_clients=["string"],
allowed_logout_urls=["string"],
allowed_origins=["string"],
app_type="string",
callbacks=["string"],
client_aliases=["string"],
client_id="string",
client_metadata={
"string": "any",
},
cross_origin_auth=False,
cross_origin_loc="string",
custom_login_page="string",
custom_login_page_on=False,
description="string",
encryption_key={
"string": "string",
},
form_template="string",
grant_types=["string"],
initiate_login_uri="string",
is_first_party=False,
is_token_endpoint_ip_header_trusted=False,
jwt_configuration={
"alg": "string",
"lifetime_in_seconds": 0,
"scopes": {
"string": "string",
},
"secret_encoded": False,
},
logo_uri="string",
mobile={
"android": {
"app_package_name": "string",
"sha256_cert_fingerprints": ["string"],
},
"ios": {
"app_bundle_identifier": "string",
"team_id": "string",
},
},
name="string",
native_social_login={
"apple": {
"enabled": False,
},
"facebook": {
"enabled": False,
},
},
oidc_backchannel_logout_urls=["string"],
oidc_conformant=False,
organization_require_behavior="string",
organization_usage="string",
refresh_token={
"expiration_type": "string",
"rotation_type": "string",
"idle_token_lifetime": 0,
"infinite_idle_token_lifetime": False,
"infinite_token_lifetime": False,
"leeway": 0,
"token_lifetime": 0,
},
signing_keys=[{
"string": "any",
}],
sso=False,
sso_disabled=False,
web_origins=["string"])
const globalClientResource = new auth0.GlobalClient("globalClientResource", {
addons: {
aws: {
string: "any",
},
azureBlob: {
string: "any",
},
azureSb: {
string: "any",
},
box: {
string: "any",
},
cloudbees: {
string: "any",
},
concur: {
string: "any",
},
dropbox: {
string: "any",
},
echosign: {
string: "any",
},
egnyte: {
string: "any",
},
firebase: {
string: "any",
},
layer: {
string: "any",
},
mscrm: {
string: "any",
},
newrelic: {
string: "any",
},
office365: {
string: "any",
},
rms: {
string: "any",
},
salesforce: {
string: "any",
},
salesforceApi: {
string: "any",
},
salesforceSandboxApi: {
string: "any",
},
samlp: {
audience: "string",
authnContextClassRef: "string",
binding: "string",
createUpnClaim: false,
destination: "string",
digestAlgorithm: "string",
includeAttributeNameFormat: false,
issuer: "string",
lifetimeInSeconds: 0,
logout: {
string: "any",
},
mapIdentities: false,
mapUnknownClaimsAsIs: false,
mappings: {
string: "any",
},
nameIdentifierFormat: "string",
nameIdentifierProbes: ["string"],
passthroughClaimsWithNoMapping: false,
recipient: "string",
signResponse: false,
signatureAlgorithm: "string",
signingCert: "string",
typedAttributes: false,
},
sapApi: {
string: "any",
},
sentry: {
string: "any",
},
sharepoint: {
string: "any",
},
slack: {
string: "any",
},
springcm: {
string: "any",
},
wams: {
string: "any",
},
wsfed: {
string: "any",
},
zendesk: {
string: "any",
},
zoom: {
string: "any",
},
},
allowedClients: ["string"],
allowedLogoutUrls: ["string"],
allowedOrigins: ["string"],
appType: "string",
callbacks: ["string"],
clientAliases: ["string"],
clientId: "string",
clientMetadata: {
string: "any",
},
crossOriginAuth: false,
crossOriginLoc: "string",
customLoginPage: "string",
customLoginPageOn: false,
description: "string",
encryptionKey: {
string: "string",
},
formTemplate: "string",
grantTypes: ["string"],
initiateLoginUri: "string",
isFirstParty: false,
isTokenEndpointIpHeaderTrusted: false,
jwtConfiguration: {
alg: "string",
lifetimeInSeconds: 0,
scopes: {
string: "string",
},
secretEncoded: false,
},
logoUri: "string",
mobile: {
android: {
appPackageName: "string",
sha256CertFingerprints: ["string"],
},
ios: {
appBundleIdentifier: "string",
teamId: "string",
},
},
name: "string",
nativeSocialLogin: {
apple: {
enabled: false,
},
facebook: {
enabled: false,
},
},
oidcBackchannelLogoutUrls: ["string"],
oidcConformant: false,
organizationRequireBehavior: "string",
organizationUsage: "string",
refreshToken: {
expirationType: "string",
rotationType: "string",
idleTokenLifetime: 0,
infiniteIdleTokenLifetime: false,
infiniteTokenLifetime: false,
leeway: 0,
tokenLifetime: 0,
},
signingKeys: [{
string: "any",
}],
sso: false,
ssoDisabled: false,
webOrigins: ["string"],
});
type: auth0:GlobalClient
properties:
addons:
aws:
string: any
azureBlob:
string: any
azureSb:
string: any
box:
string: any
cloudbees:
string: any
concur:
string: any
dropbox:
string: any
echosign:
string: any
egnyte:
string: any
firebase:
string: any
layer:
string: any
mscrm:
string: any
newrelic:
string: any
office365:
string: any
rms:
string: any
salesforce:
string: any
salesforceApi:
string: any
salesforceSandboxApi:
string: any
samlp:
audience: string
authnContextClassRef: string
binding: string
createUpnClaim: false
destination: string
digestAlgorithm: string
includeAttributeNameFormat: false
issuer: string
lifetimeInSeconds: 0
logout:
string: any
mapIdentities: false
mapUnknownClaimsAsIs: false
mappings:
string: any
nameIdentifierFormat: string
nameIdentifierProbes:
- string
passthroughClaimsWithNoMapping: false
recipient: string
signResponse: false
signatureAlgorithm: string
signingCert: string
typedAttributes: false
sapApi:
string: any
sentry:
string: any
sharepoint:
string: any
slack:
string: any
springcm:
string: any
wams:
string: any
wsfed:
string: any
zendesk:
string: any
zoom:
string: any
allowedClients:
- string
allowedLogoutUrls:
- string
allowedOrigins:
- string
appType: string
callbacks:
- string
clientAliases:
- string
clientId: string
clientMetadata:
string: any
crossOriginAuth: false
crossOriginLoc: string
customLoginPage: string
customLoginPageOn: false
description: string
encryptionKey:
string: string
formTemplate: string
grantTypes:
- string
initiateLoginUri: string
isFirstParty: false
isTokenEndpointIpHeaderTrusted: false
jwtConfiguration:
alg: string
lifetimeInSeconds: 0
scopes:
string: string
secretEncoded: false
logoUri: string
mobile:
android:
appPackageName: string
sha256CertFingerprints:
- string
ios:
appBundleIdentifier: string
teamId: string
name: string
nativeSocialLogin:
apple:
enabled: false
facebook:
enabled: false
oidcBackchannelLogoutUrls:
- string
oidcConformant: false
organizationRequireBehavior: string
organizationUsage: string
refreshToken:
expirationType: string
idleTokenLifetime: 0
infiniteIdleTokenLifetime: false
infiniteTokenLifetime: false
leeway: 0
rotationType: string
tokenLifetime: 0
signingKeys:
- string: any
sso: false
ssoDisabled: false
webOrigins:
- string
GlobalClient Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GlobalClient resource accepts the following input properties:
- Addons
Global
Client Addons - Addons enabled for this client and their associated configurations.
- Allowed
Clients List<string> - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- Allowed
Logout List<string>Urls - URLs that Auth0 may redirect to after logout.
- Allowed
Origins List<string> - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- App
Type string - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - Callbacks List<string>
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- Client
Aliases List<string> - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- Client
Id string - The ID of the client.
- Client
Metadata Dictionary<string, object> - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - Client
Secret string - Secret for the client. Keep this private. To access this attribute you need to add the
read:client_keysscope to the Terraform client. Otherwise, the attribute will contain an empty string. Use this attribute on theauth0_client_credentialsresource instead, to allow managing it directly or use theauth0_clientdata source to read this property. - Client
Secret Dictionary<string, object>Rotation Trigger - Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret for instructions on how to rotate client secrets with zero downtime.
- Cross
Origin boolAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). Requires thecoa_toggle_enabledfeature flag to be enabled on the tenant by the support team. - Cross
Origin stringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- Custom
Login stringPage - The content (HTML, CSS, JS) of the custom login page.
- Custom
Login boolPage On - Indicates whether a custom login page is to be used.
- Description string
- Description of the purpose of the client.
- Encryption
Key Dictionary<string, string> - Encryption used for WS-Fed responses with this client.
- Form
Template string - HTML form template to be used for WS-Federation.
- Grant
Types List<string> - Types of grants that this client is authorized to use.
- Initiate
Login stringUri - Initiate login URI. Must be HTTPS or an empty string.
- Is
First boolParty - Indicates whether this client is a first-party client.
- Is
Token boolEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
- Jwt
Configuration GlobalClient Jwt Configuration - Configuration settings for the JWTs issued for this client.
- Logo
Uri string - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- Mobile
Global
Client Mobile - Additional configuration for native mobile apps.
- Name string
- Name of the client.
-
Global
Client Native Social Login - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - Oidc
Backchannel List<string>Logout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- Oidc
Conformant bool - Indicates whether this client will conform to strict OIDC specifications.
- Organization
Require stringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - Organization
Usage string - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - Refresh
Token GlobalClient Refresh Token - Configuration settings for the refresh tokens issued for this client.
- Signing
Keys List<ImmutableDictionary<string, object>> - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- Sso bool
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- Sso
Disabled bool - Indicates whether or not SSO is disabled.
- Token
Endpoint stringAuth Method - Defines the requested authentication method for the token endpoint. Options include
none(public client without a client secret),client_secret_post(client uses HTTP POST parameters),client_secret_basic(client uses HTTP Basic). Managing the authentication method through this attribute is deprecated and it will be removed in a future major version. Migrate to theauth0_client_credentialsresource to manage a client's authentication method instead. Check the MIGRATION GUIDE on how to do that. - Web
Origins List<string> - URLs that represent valid web origins for use with web message response mode.
- Addons
Global
Client Addons Args - Addons enabled for this client and their associated configurations.
- Allowed
Clients []string - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- Allowed
Logout []stringUrls - URLs that Auth0 may redirect to after logout.
- Allowed
Origins []string - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- App
Type string - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - Callbacks []string
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- Client
Aliases []string - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- Client
Id string - The ID of the client.
- Client
Metadata map[string]interface{} - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - Client
Secret string - Secret for the client. Keep this private. To access this attribute you need to add the
read:client_keysscope to the Terraform client. Otherwise, the attribute will contain an empty string. Use this attribute on theauth0_client_credentialsresource instead, to allow managing it directly or use theauth0_clientdata source to read this property. - Client
Secret map[string]interface{}Rotation Trigger - Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret for instructions on how to rotate client secrets with zero downtime.
- Cross
Origin boolAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). Requires thecoa_toggle_enabledfeature flag to be enabled on the tenant by the support team. - Cross
Origin stringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- Custom
Login stringPage - The content (HTML, CSS, JS) of the custom login page.
- Custom
Login boolPage On - Indicates whether a custom login page is to be used.
- Description string
- Description of the purpose of the client.
- Encryption
Key map[string]string - Encryption used for WS-Fed responses with this client.
- Form
Template string - HTML form template to be used for WS-Federation.
- Grant
Types []string - Types of grants that this client is authorized to use.
- Initiate
Login stringUri - Initiate login URI. Must be HTTPS or an empty string.
- Is
First boolParty - Indicates whether this client is a first-party client.
- Is
Token boolEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
- Jwt
Configuration GlobalClient Jwt Configuration Args - Configuration settings for the JWTs issued for this client.
- Logo
Uri string - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- Mobile
Global
Client Mobile Args - Additional configuration for native mobile apps.
- Name string
- Name of the client.
-
Global
Client Native Social Login Args - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - Oidc
Backchannel []stringLogout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- Oidc
Conformant bool - Indicates whether this client will conform to strict OIDC specifications.
- Organization
Require stringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - Organization
Usage string - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - Refresh
Token GlobalClient Refresh Token Args - Configuration settings for the refresh tokens issued for this client.
- Signing
Keys []map[string]interface{} - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- Sso bool
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- Sso
Disabled bool - Indicates whether or not SSO is disabled.
- Token
Endpoint stringAuth Method - Defines the requested authentication method for the token endpoint. Options include
none(public client without a client secret),client_secret_post(client uses HTTP POST parameters),client_secret_basic(client uses HTTP Basic). Managing the authentication method through this attribute is deprecated and it will be removed in a future major version. Migrate to theauth0_client_credentialsresource to manage a client's authentication method instead. Check the MIGRATION GUIDE on how to do that. - Web
Origins []string - URLs that represent valid web origins for use with web message response mode.
- addons
Global
Client Addons - Addons enabled for this client and their associated configurations.
- allowed
Clients List<String> - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- allowed
Origins List<String> - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- app
Type String - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - callbacks List<String>
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- client
Aliases List<String> - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- client
Id String - The ID of the client.
- client
Metadata Map<String,Object> - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - client
Secret String - Secret for the client. Keep this private. To access this attribute you need to add the
read:client_keysscope to the Terraform client. Otherwise, the attribute will contain an empty string. Use this attribute on theauth0_client_credentialsresource instead, to allow managing it directly or use theauth0_clientdata source to read this property. - client
Secret Map<String,Object>Rotation Trigger - Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret for instructions on how to rotate client secrets with zero downtime.
- cross
Origin BooleanAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). Requires thecoa_toggle_enabledfeature flag to be enabled on the tenant by the support team. - cross
Origin StringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- custom
Login StringPage - The content (HTML, CSS, JS) of the custom login page.
- custom
Login BooleanPage On - Indicates whether a custom login page is to be used.
- description String
- Description of the purpose of the client.
- encryption
Key Map<String,String> - Encryption used for WS-Fed responses with this client.
- form
Template String - HTML form template to be used for WS-Federation.
- grant
Types List<String> - Types of grants that this client is authorized to use.
- initiate
Login StringUri - Initiate login URI. Must be HTTPS or an empty string.
- is
First BooleanParty - Indicates whether this client is a first-party client.
- is
Token BooleanEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
- jwt
Configuration GlobalClient Jwt Configuration - Configuration settings for the JWTs issued for this client.
- logo
Uri String - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- mobile
Global
Client Mobile - Additional configuration for native mobile apps.
- name String
- Name of the client.
-
Global
Client Native Social Login - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - oidc
Backchannel List<String>Logout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- oidc
Conformant Boolean - Indicates whether this client will conform to strict OIDC specifications.
- organization
Require StringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - organization
Usage String - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - refresh
Token GlobalClient Refresh Token - Configuration settings for the refresh tokens issued for this client.
- signing
Keys List<Map<String,Object>> - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- sso Boolean
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- sso
Disabled Boolean - Indicates whether or not SSO is disabled.
- token
Endpoint StringAuth Method - Defines the requested authentication method for the token endpoint. Options include
none(public client without a client secret),client_secret_post(client uses HTTP POST parameters),client_secret_basic(client uses HTTP Basic). Managing the authentication method through this attribute is deprecated and it will be removed in a future major version. Migrate to theauth0_client_credentialsresource to manage a client's authentication method instead. Check the MIGRATION GUIDE on how to do that. - web
Origins List<String> - URLs that represent valid web origins for use with web message response mode.
- addons
Global
Client Addons - Addons enabled for this client and their associated configurations.
- allowed
Clients string[] - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- allowed
Logout string[]Urls - URLs that Auth0 may redirect to after logout.
- allowed
Origins string[] - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- app
Type string - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - callbacks string[]
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- client
Aliases string[] - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- client
Id string - The ID of the client.
- client
Metadata {[key: string]: any} - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - client
Secret string - Secret for the client. Keep this private. To access this attribute you need to add the
read:client_keysscope to the Terraform client. Otherwise, the attribute will contain an empty string. Use this attribute on theauth0_client_credentialsresource instead, to allow managing it directly or use theauth0_clientdata source to read this property. - client
Secret {[key: string]: any}Rotation Trigger - Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret for instructions on how to rotate client secrets with zero downtime.
- cross
Origin booleanAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). Requires thecoa_toggle_enabledfeature flag to be enabled on the tenant by the support team. - cross
Origin stringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- custom
Login stringPage - The content (HTML, CSS, JS) of the custom login page.
- custom
Login booleanPage On - Indicates whether a custom login page is to be used.
- description string
- Description of the purpose of the client.
- encryption
Key {[key: string]: string} - Encryption used for WS-Fed responses with this client.
- form
Template string - HTML form template to be used for WS-Federation.
- grant
Types string[] - Types of grants that this client is authorized to use.
- initiate
Login stringUri - Initiate login URI. Must be HTTPS or an empty string.
- is
First booleanParty - Indicates whether this client is a first-party client.
- is
Token booleanEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
- jwt
Configuration GlobalClient Jwt Configuration - Configuration settings for the JWTs issued for this client.
- logo
Uri string - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- mobile
Global
Client Mobile - Additional configuration for native mobile apps.
- name string
- Name of the client.
-
Global
Client Native Social Login - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - oidc
Backchannel string[]Logout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- oidc
Conformant boolean - Indicates whether this client will conform to strict OIDC specifications.
- organization
Require stringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - organization
Usage string - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - refresh
Token GlobalClient Refresh Token - Configuration settings for the refresh tokens issued for this client.
- signing
Keys {[key: string]: any}[] - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- sso boolean
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- sso
Disabled boolean - Indicates whether or not SSO is disabled.
- token
Endpoint stringAuth Method - Defines the requested authentication method for the token endpoint. Options include
none(public client without a client secret),client_secret_post(client uses HTTP POST parameters),client_secret_basic(client uses HTTP Basic). Managing the authentication method through this attribute is deprecated and it will be removed in a future major version. Migrate to theauth0_client_credentialsresource to manage a client's authentication method instead. Check the MIGRATION GUIDE on how to do that. - web
Origins string[] - URLs that represent valid web origins for use with web message response mode.
- addons
Global
Client Addons Args - Addons enabled for this client and their associated configurations.
- allowed_
clients Sequence[str] - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- allowed_
logout_ Sequence[str]urls - URLs that Auth0 may redirect to after logout.
- allowed_
origins Sequence[str] - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- app_
type str - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - callbacks Sequence[str]
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- client_
aliases Sequence[str] - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- client_
id str - The ID of the client.
- client_
metadata Mapping[str, Any] - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - client_
secret str - Secret for the client. Keep this private. To access this attribute you need to add the
read:client_keysscope to the Terraform client. Otherwise, the attribute will contain an empty string. Use this attribute on theauth0_client_credentialsresource instead, to allow managing it directly or use theauth0_clientdata source to read this property. - client_
secret_ Mapping[str, Any]rotation_ trigger - Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret for instructions on how to rotate client secrets with zero downtime.
- cross_
origin_ boolauth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). Requires thecoa_toggle_enabledfeature flag to be enabled on the tenant by the support team. - cross_
origin_ strloc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- custom_
login_ strpage - The content (HTML, CSS, JS) of the custom login page.
- custom_
login_ boolpage_ on - Indicates whether a custom login page is to be used.
- description str
- Description of the purpose of the client.
- encryption_
key Mapping[str, str] - Encryption used for WS-Fed responses with this client.
- form_
template str - HTML form template to be used for WS-Federation.
- grant_
types Sequence[str] - Types of grants that this client is authorized to use.
- initiate_
login_ struri - Initiate login URI. Must be HTTPS or an empty string.
- is_
first_ boolparty - Indicates whether this client is a first-party client.
- is_
token_ boolendpoint_ ip_ header_ trusted - Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
- jwt_
configuration GlobalClient Jwt Configuration Args - Configuration settings for the JWTs issued for this client.
- logo_
uri str - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- mobile
Global
Client Mobile Args - Additional configuration for native mobile apps.
- name str
- Name of the client.
-
Global
Client Native Social Login Args - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - oidc_
backchannel_ Sequence[str]logout_ urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- oidc_
conformant bool - Indicates whether this client will conform to strict OIDC specifications.
- organization_
require_ strbehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - organization_
usage str - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - refresh_
token GlobalClient Refresh Token Args - Configuration settings for the refresh tokens issued for this client.
- signing_
keys Sequence[Mapping[str, Any]] - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- sso bool
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- sso_
disabled bool - Indicates whether or not SSO is disabled.
- token_
endpoint_ strauth_ method - Defines the requested authentication method for the token endpoint. Options include
none(public client without a client secret),client_secret_post(client uses HTTP POST parameters),client_secret_basic(client uses HTTP Basic). Managing the authentication method through this attribute is deprecated and it will be removed in a future major version. Migrate to theauth0_client_credentialsresource to manage a client's authentication method instead. Check the MIGRATION GUIDE on how to do that. - web_
origins Sequence[str] - URLs that represent valid web origins for use with web message response mode.
- addons Property Map
- Addons enabled for this client and their associated configurations.
- allowed
Clients List<String> - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- allowed
Origins List<String> - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- app
Type String - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - callbacks List<String>
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- client
Aliases List<String> - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- client
Id String - The ID of the client.
- client
Metadata Map<Any> - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - client
Secret String - Secret for the client. Keep this private. To access this attribute you need to add the
read:client_keysscope to the Terraform client. Otherwise, the attribute will contain an empty string. Use this attribute on theauth0_client_credentialsresource instead, to allow managing it directly or use theauth0_clientdata source to read this property. - client
Secret Map<Any>Rotation Trigger - Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret for instructions on how to rotate client secrets with zero downtime.
- cross
Origin BooleanAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). Requires thecoa_toggle_enabledfeature flag to be enabled on the tenant by the support team. - cross
Origin StringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- custom
Login StringPage - The content (HTML, CSS, JS) of the custom login page.
- custom
Login BooleanPage On - Indicates whether a custom login page is to be used.
- description String
- Description of the purpose of the client.
- encryption
Key Map<String> - Encryption used for WS-Fed responses with this client.
- form
Template String - HTML form template to be used for WS-Federation.
- grant
Types List<String> - Types of grants that this client is authorized to use.
- initiate
Login StringUri - Initiate login URI. Must be HTTPS or an empty string.
- is
First BooleanParty - Indicates whether this client is a first-party client.
- is
Token BooleanEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
- jwt
Configuration Property Map - Configuration settings for the JWTs issued for this client.
- logo
Uri String - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- mobile Property Map
- Additional configuration for native mobile apps.
- name String
- Name of the client.
- Property Map
- Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - oidc
Backchannel List<String>Logout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- oidc
Conformant Boolean - Indicates whether this client will conform to strict OIDC specifications.
- organization
Require StringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - organization
Usage String - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - refresh
Token Property Map - Configuration settings for the refresh tokens issued for this client.
- signing
Keys List<Map<Any>> - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- sso Boolean
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- sso
Disabled Boolean - Indicates whether or not SSO is disabled.
- token
Endpoint StringAuth Method - Defines the requested authentication method for the token endpoint. Options include
none(public client without a client secret),client_secret_post(client uses HTTP POST parameters),client_secret_basic(client uses HTTP Basic). Managing the authentication method through this attribute is deprecated and it will be removed in a future major version. Migrate to theauth0_client_credentialsresource to manage a client's authentication method instead. Check the MIGRATION GUIDE on how to do that. - web
Origins List<String> - URLs that represent valid web origins for use with web message response mode.
Outputs
All input properties are implicitly available as output properties. Additionally, the GlobalClient resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing GlobalClient Resource
Get an existing GlobalClient resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GlobalClientState, opts?: CustomResourceOptions): GlobalClient@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
addons: Optional[GlobalClientAddonsArgs] = None,
allowed_clients: Optional[Sequence[str]] = None,
allowed_logout_urls: Optional[Sequence[str]] = None,
allowed_origins: Optional[Sequence[str]] = None,
app_type: Optional[str] = None,
callbacks: Optional[Sequence[str]] = None,
client_aliases: Optional[Sequence[str]] = None,
client_id: Optional[str] = None,
client_metadata: Optional[Mapping[str, Any]] = None,
client_secret: Optional[str] = None,
client_secret_rotation_trigger: Optional[Mapping[str, Any]] = None,
cross_origin_auth: Optional[bool] = None,
cross_origin_loc: Optional[str] = None,
custom_login_page: Optional[str] = None,
custom_login_page_on: Optional[bool] = None,
description: Optional[str] = None,
encryption_key: Optional[Mapping[str, str]] = None,
form_template: Optional[str] = None,
grant_types: Optional[Sequence[str]] = None,
initiate_login_uri: Optional[str] = None,
is_first_party: Optional[bool] = None,
is_token_endpoint_ip_header_trusted: Optional[bool] = None,
jwt_configuration: Optional[GlobalClientJwtConfigurationArgs] = None,
logo_uri: Optional[str] = None,
mobile: Optional[GlobalClientMobileArgs] = None,
name: Optional[str] = None,
native_social_login: Optional[GlobalClientNativeSocialLoginArgs] = None,
oidc_backchannel_logout_urls: Optional[Sequence[str]] = None,
oidc_conformant: Optional[bool] = None,
organization_require_behavior: Optional[str] = None,
organization_usage: Optional[str] = None,
refresh_token: Optional[GlobalClientRefreshTokenArgs] = None,
signing_keys: Optional[Sequence[Mapping[str, Any]]] = None,
sso: Optional[bool] = None,
sso_disabled: Optional[bool] = None,
token_endpoint_auth_method: Optional[str] = None,
web_origins: Optional[Sequence[str]] = None) -> GlobalClientfunc GetGlobalClient(ctx *Context, name string, id IDInput, state *GlobalClientState, opts ...ResourceOption) (*GlobalClient, error)public static GlobalClient Get(string name, Input<string> id, GlobalClientState? state, CustomResourceOptions? opts = null)public static GlobalClient get(String name, Output<String> id, GlobalClientState state, CustomResourceOptions options)resources: _: type: auth0:GlobalClient get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Addons
Global
Client Addons - Addons enabled for this client and their associated configurations.
- Allowed
Clients List<string> - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- Allowed
Logout List<string>Urls - URLs that Auth0 may redirect to after logout.
- Allowed
Origins List<string> - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- App
Type string - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - Callbacks List<string>
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- Client
Aliases List<string> - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- Client
Id string - The ID of the client.
- Client
Metadata Dictionary<string, object> - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - Client
Secret string - Secret for the client. Keep this private. To access this attribute you need to add the
read:client_keysscope to the Terraform client. Otherwise, the attribute will contain an empty string. Use this attribute on theauth0_client_credentialsresource instead, to allow managing it directly or use theauth0_clientdata source to read this property. - Client
Secret Dictionary<string, object>Rotation Trigger - Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret for instructions on how to rotate client secrets with zero downtime.
- Cross
Origin boolAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). Requires thecoa_toggle_enabledfeature flag to be enabled on the tenant by the support team. - Cross
Origin stringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- Custom
Login stringPage - The content (HTML, CSS, JS) of the custom login page.
- Custom
Login boolPage On - Indicates whether a custom login page is to be used.
- Description string
- Description of the purpose of the client.
- Encryption
Key Dictionary<string, string> - Encryption used for WS-Fed responses with this client.
- Form
Template string - HTML form template to be used for WS-Federation.
- Grant
Types List<string> - Types of grants that this client is authorized to use.
- Initiate
Login stringUri - Initiate login URI. Must be HTTPS or an empty string.
- Is
First boolParty - Indicates whether this client is a first-party client.
- Is
Token boolEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
- Jwt
Configuration GlobalClient Jwt Configuration - Configuration settings for the JWTs issued for this client.
- Logo
Uri string - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- Mobile
Global
Client Mobile - Additional configuration for native mobile apps.
- Name string
- Name of the client.
-
Global
Client Native Social Login - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - Oidc
Backchannel List<string>Logout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- Oidc
Conformant bool - Indicates whether this client will conform to strict OIDC specifications.
- Organization
Require stringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - Organization
Usage string - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - Refresh
Token GlobalClient Refresh Token - Configuration settings for the refresh tokens issued for this client.
- Signing
Keys List<ImmutableDictionary<string, object>> - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- Sso bool
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- Sso
Disabled bool - Indicates whether or not SSO is disabled.
- Token
Endpoint stringAuth Method - Defines the requested authentication method for the token endpoint. Options include
none(public client without a client secret),client_secret_post(client uses HTTP POST parameters),client_secret_basic(client uses HTTP Basic). Managing the authentication method through this attribute is deprecated and it will be removed in a future major version. Migrate to theauth0_client_credentialsresource to manage a client's authentication method instead. Check the MIGRATION GUIDE on how to do that. - Web
Origins List<string> - URLs that represent valid web origins for use with web message response mode.
- Addons
Global
Client Addons Args - Addons enabled for this client and their associated configurations.
- Allowed
Clients []string - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- Allowed
Logout []stringUrls - URLs that Auth0 may redirect to after logout.
- Allowed
Origins []string - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- App
Type string - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - Callbacks []string
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- Client
Aliases []string - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- Client
Id string - The ID of the client.
- Client
Metadata map[string]interface{} - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - Client
Secret string - Secret for the client. Keep this private. To access this attribute you need to add the
read:client_keysscope to the Terraform client. Otherwise, the attribute will contain an empty string. Use this attribute on theauth0_client_credentialsresource instead, to allow managing it directly or use theauth0_clientdata source to read this property. - Client
Secret map[string]interface{}Rotation Trigger - Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret for instructions on how to rotate client secrets with zero downtime.
- Cross
Origin boolAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). Requires thecoa_toggle_enabledfeature flag to be enabled on the tenant by the support team. - Cross
Origin stringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- Custom
Login stringPage - The content (HTML, CSS, JS) of the custom login page.
- Custom
Login boolPage On - Indicates whether a custom login page is to be used.
- Description string
- Description of the purpose of the client.
- Encryption
Key map[string]string - Encryption used for WS-Fed responses with this client.
- Form
Template string - HTML form template to be used for WS-Federation.
- Grant
Types []string - Types of grants that this client is authorized to use.
- Initiate
Login stringUri - Initiate login URI. Must be HTTPS or an empty string.
- Is
First boolParty - Indicates whether this client is a first-party client.
- Is
Token boolEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
- Jwt
Configuration GlobalClient Jwt Configuration Args - Configuration settings for the JWTs issued for this client.
- Logo
Uri string - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- Mobile
Global
Client Mobile Args - Additional configuration for native mobile apps.
- Name string
- Name of the client.
-
Global
Client Native Social Login Args - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - Oidc
Backchannel []stringLogout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- Oidc
Conformant bool - Indicates whether this client will conform to strict OIDC specifications.
- Organization
Require stringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - Organization
Usage string - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - Refresh
Token GlobalClient Refresh Token Args - Configuration settings for the refresh tokens issued for this client.
- Signing
Keys []map[string]interface{} - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- Sso bool
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- Sso
Disabled bool - Indicates whether or not SSO is disabled.
- Token
Endpoint stringAuth Method - Defines the requested authentication method for the token endpoint. Options include
none(public client without a client secret),client_secret_post(client uses HTTP POST parameters),client_secret_basic(client uses HTTP Basic). Managing the authentication method through this attribute is deprecated and it will be removed in a future major version. Migrate to theauth0_client_credentialsresource to manage a client's authentication method instead. Check the MIGRATION GUIDE on how to do that. - Web
Origins []string - URLs that represent valid web origins for use with web message response mode.
- addons
Global
Client Addons - Addons enabled for this client and their associated configurations.
- allowed
Clients List<String> - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- allowed
Origins List<String> - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- app
Type String - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - callbacks List<String>
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- client
Aliases List<String> - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- client
Id String - The ID of the client.
- client
Metadata Map<String,Object> - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - client
Secret String - Secret for the client. Keep this private. To access this attribute you need to add the
read:client_keysscope to the Terraform client. Otherwise, the attribute will contain an empty string. Use this attribute on theauth0_client_credentialsresource instead, to allow managing it directly or use theauth0_clientdata source to read this property. - client
Secret Map<String,Object>Rotation Trigger - Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret for instructions on how to rotate client secrets with zero downtime.
- cross
Origin BooleanAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). Requires thecoa_toggle_enabledfeature flag to be enabled on the tenant by the support team. - cross
Origin StringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- custom
Login StringPage - The content (HTML, CSS, JS) of the custom login page.
- custom
Login BooleanPage On - Indicates whether a custom login page is to be used.
- description String
- Description of the purpose of the client.
- encryption
Key Map<String,String> - Encryption used for WS-Fed responses with this client.
- form
Template String - HTML form template to be used for WS-Federation.
- grant
Types List<String> - Types of grants that this client is authorized to use.
- initiate
Login StringUri - Initiate login URI. Must be HTTPS or an empty string.
- is
First BooleanParty - Indicates whether this client is a first-party client.
- is
Token BooleanEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
- jwt
Configuration GlobalClient Jwt Configuration - Configuration settings for the JWTs issued for this client.
- logo
Uri String - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- mobile
Global
Client Mobile - Additional configuration for native mobile apps.
- name String
- Name of the client.
-
Global
Client Native Social Login - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - oidc
Backchannel List<String>Logout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- oidc
Conformant Boolean - Indicates whether this client will conform to strict OIDC specifications.
- organization
Require StringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - organization
Usage String - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - refresh
Token GlobalClient Refresh Token - Configuration settings for the refresh tokens issued for this client.
- signing
Keys List<Map<String,Object>> - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- sso Boolean
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- sso
Disabled Boolean - Indicates whether or not SSO is disabled.
- token
Endpoint StringAuth Method - Defines the requested authentication method for the token endpoint. Options include
none(public client without a client secret),client_secret_post(client uses HTTP POST parameters),client_secret_basic(client uses HTTP Basic). Managing the authentication method through this attribute is deprecated and it will be removed in a future major version. Migrate to theauth0_client_credentialsresource to manage a client's authentication method instead. Check the MIGRATION GUIDE on how to do that. - web
Origins List<String> - URLs that represent valid web origins for use with web message response mode.
- addons
Global
Client Addons - Addons enabled for this client and their associated configurations.
- allowed
Clients string[] - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- allowed
Logout string[]Urls - URLs that Auth0 may redirect to after logout.
- allowed
Origins string[] - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- app
Type string - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - callbacks string[]
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- client
Aliases string[] - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- client
Id string - The ID of the client.
- client
Metadata {[key: string]: any} - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - client
Secret string - Secret for the client. Keep this private. To access this attribute you need to add the
read:client_keysscope to the Terraform client. Otherwise, the attribute will contain an empty string. Use this attribute on theauth0_client_credentialsresource instead, to allow managing it directly or use theauth0_clientdata source to read this property. - client
Secret {[key: string]: any}Rotation Trigger - Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret for instructions on how to rotate client secrets with zero downtime.
- cross
Origin booleanAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). Requires thecoa_toggle_enabledfeature flag to be enabled on the tenant by the support team. - cross
Origin stringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- custom
Login stringPage - The content (HTML, CSS, JS) of the custom login page.
- custom
Login booleanPage On - Indicates whether a custom login page is to be used.
- description string
- Description of the purpose of the client.
- encryption
Key {[key: string]: string} - Encryption used for WS-Fed responses with this client.
- form
Template string - HTML form template to be used for WS-Federation.
- grant
Types string[] - Types of grants that this client is authorized to use.
- initiate
Login stringUri - Initiate login URI. Must be HTTPS or an empty string.
- is
First booleanParty - Indicates whether this client is a first-party client.
- is
Token booleanEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
- jwt
Configuration GlobalClient Jwt Configuration - Configuration settings for the JWTs issued for this client.
- logo
Uri string - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- mobile
Global
Client Mobile - Additional configuration for native mobile apps.
- name string
- Name of the client.
-
Global
Client Native Social Login - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - oidc
Backchannel string[]Logout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- oidc
Conformant boolean - Indicates whether this client will conform to strict OIDC specifications.
- organization
Require stringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - organization
Usage string - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - refresh
Token GlobalClient Refresh Token - Configuration settings for the refresh tokens issued for this client.
- signing
Keys {[key: string]: any}[] - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- sso boolean
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- sso
Disabled boolean - Indicates whether or not SSO is disabled.
- token
Endpoint stringAuth Method - Defines the requested authentication method for the token endpoint. Options include
none(public client without a client secret),client_secret_post(client uses HTTP POST parameters),client_secret_basic(client uses HTTP Basic). Managing the authentication method through this attribute is deprecated and it will be removed in a future major version. Migrate to theauth0_client_credentialsresource to manage a client's authentication method instead. Check the MIGRATION GUIDE on how to do that. - web
Origins string[] - URLs that represent valid web origins for use with web message response mode.
- addons
Global
Client Addons Args - Addons enabled for this client and their associated configurations.
- allowed_
clients Sequence[str] - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- allowed_
logout_ Sequence[str]urls - URLs that Auth0 may redirect to after logout.
- allowed_
origins Sequence[str] - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- app_
type str - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - callbacks Sequence[str]
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- client_
aliases Sequence[str] - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- client_
id str - The ID of the client.
- client_
metadata Mapping[str, Any] - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - client_
secret str - Secret for the client. Keep this private. To access this attribute you need to add the
read:client_keysscope to the Terraform client. Otherwise, the attribute will contain an empty string. Use this attribute on theauth0_client_credentialsresource instead, to allow managing it directly or use theauth0_clientdata source to read this property. - client_
secret_ Mapping[str, Any]rotation_ trigger - Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret for instructions on how to rotate client secrets with zero downtime.
- cross_
origin_ boolauth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). Requires thecoa_toggle_enabledfeature flag to be enabled on the tenant by the support team. - cross_
origin_ strloc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- custom_
login_ strpage - The content (HTML, CSS, JS) of the custom login page.
- custom_
login_ boolpage_ on - Indicates whether a custom login page is to be used.
- description str
- Description of the purpose of the client.
- encryption_
key Mapping[str, str] - Encryption used for WS-Fed responses with this client.
- form_
template str - HTML form template to be used for WS-Federation.
- grant_
types Sequence[str] - Types of grants that this client is authorized to use.
- initiate_
login_ struri - Initiate login URI. Must be HTTPS or an empty string.
- is_
first_ boolparty - Indicates whether this client is a first-party client.
- is_
token_ boolendpoint_ ip_ header_ trusted - Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
- jwt_
configuration GlobalClient Jwt Configuration Args - Configuration settings for the JWTs issued for this client.
- logo_
uri str - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- mobile
Global
Client Mobile Args - Additional configuration for native mobile apps.
- name str
- Name of the client.
-
Global
Client Native Social Login Args - Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - oidc_
backchannel_ Sequence[str]logout_ urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- oidc_
conformant bool - Indicates whether this client will conform to strict OIDC specifications.
- organization_
require_ strbehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - organization_
usage str - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - refresh_
token GlobalClient Refresh Token Args - Configuration settings for the refresh tokens issued for this client.
- signing_
keys Sequence[Mapping[str, Any]] - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- sso bool
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- sso_
disabled bool - Indicates whether or not SSO is disabled.
- token_
endpoint_ strauth_ method - Defines the requested authentication method for the token endpoint. Options include
none(public client without a client secret),client_secret_post(client uses HTTP POST parameters),client_secret_basic(client uses HTTP Basic). Managing the authentication method through this attribute is deprecated and it will be removed in a future major version. Migrate to theauth0_client_credentialsresource to manage a client's authentication method instead. Check the MIGRATION GUIDE on how to do that. - web_
origins Sequence[str] - URLs that represent valid web origins for use with web message response mode.
- addons Property Map
- Addons enabled for this client and their associated configurations.
- allowed
Clients List<String> - List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed.
- allowed
Logout List<String>Urls - URLs that Auth0 may redirect to after logout.
- allowed
Origins List<String> - URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
- app
Type String - Type of application the client represents. Possible values are:
native,spa,regular_web,non_interactive,sso_integration. Specific SSO integrations types accepted as well are:rms,box,cloudbees,concur,dropbox,mscrm,echosign,egnyte,newrelic,office365,salesforce,sentry,sharepoint,slack,springcm,zendesk,zoom. - callbacks List<String>
- URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://.
- client
Aliases List<String> - List of audiences/realms for SAML protocol. Used by the wsfed addon.
- client
Id String - The ID of the client.
- client
Metadata Map<Any> - Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters:
:,-+=_*?"/\()<>@ [Tab] [Space]. - client
Secret String - Secret for the client. Keep this private. To access this attribute you need to add the
read:client_keysscope to the Terraform client. Otherwise, the attribute will contain an empty string. Use this attribute on theauth0_client_credentialsresource instead, to allow managing it directly or use theauth0_clientdata source to read this property. - client
Secret Map<Any>Rotation Trigger - Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: rotate-client-secret for instructions on how to rotate client secrets with zero downtime.
- cross
Origin BooleanAuth - Whether this client can be used to make cross-origin authentication requests (
true) or it is not allowed to make such requests (false). Requires thecoa_toggle_enabledfeature flag to be enabled on the tenant by the support team. - cross
Origin StringLoc - URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
- custom
Login StringPage - The content (HTML, CSS, JS) of the custom login page.
- custom
Login BooleanPage On - Indicates whether a custom login page is to be used.
- description String
- Description of the purpose of the client.
- encryption
Key Map<String> - Encryption used for WS-Fed responses with this client.
- form
Template String - HTML form template to be used for WS-Federation.
- grant
Types List<String> - Types of grants that this client is authorized to use.
- initiate
Login StringUri - Initiate login URI. Must be HTTPS or an empty string.
- is
First BooleanParty - Indicates whether this client is a first-party client.
- is
Token BooleanEndpoint Ip Header Trusted - Indicates whether the token endpoint IP header is trusted. This attribute can only be updated after the client gets created.
- jwt
Configuration Property Map - Configuration settings for the JWTs issued for this client.
- logo
Uri String - URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
- mobile Property Map
- Additional configuration for native mobile apps.
- name String
- Name of the client.
- Property Map
- Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to
falsein order to change theapp_type. - oidc
Backchannel List<String>Logout Urls - Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
- oidc
Conformant Boolean - Indicates whether this client will conform to strict OIDC specifications.
- organization
Require StringBehavior - Defines how to proceed during an authentication transaction when
organization_usage = "require". Can beno_prompt(default),pre_login_promptorpost_login_prompt. - organization
Usage String - Defines how to proceed during an authentication transaction with regards to an organization. Can be
deny(default),alloworrequire. - refresh
Token Property Map - Configuration settings for the refresh tokens issued for this client.
- signing
Keys List<Map<Any>> - List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- sso Boolean
- Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- sso
Disabled Boolean - Indicates whether or not SSO is disabled.
- token
Endpoint StringAuth Method - Defines the requested authentication method for the token endpoint. Options include
none(public client without a client secret),client_secret_post(client uses HTTP POST parameters),client_secret_basic(client uses HTTP Basic). Managing the authentication method through this attribute is deprecated and it will be removed in a future major version. Migrate to theauth0_client_credentialsresource to manage a client's authentication method instead. Check the MIGRATION GUIDE on how to do that. - web
Origins List<String> - URLs that represent valid web origins for use with web message response mode.
Supporting Types
GlobalClientAddons, GlobalClientAddonsArgs
- Aws Dictionary<string, object>
- Azure
Blob Dictionary<string, object> - Azure
Sb Dictionary<string, object> - Box Dictionary<string, object>
- Cloudbees Dictionary<string, object>
- Concur Dictionary<string, object>
- Dropbox Dictionary<string, object>
- Echosign Dictionary<string, object>
- Egnyte Dictionary<string, object>
- Firebase Dictionary<string, object>
- Layer Dictionary<string, object>
- Mscrm Dictionary<string, object>
- Newrelic Dictionary<string, object>
- Office365 Dictionary<string, object>
- Rms Dictionary<string, object>
- Salesforce Dictionary<string, object>
- Salesforce
Api Dictionary<string, object> - Salesforce
Sandbox Dictionary<string, object>Api - Samlp
Global
Client Addons Samlp - Configuration settings for a SAML add-on.
- Sap
Api Dictionary<string, object> - Sentry Dictionary<string, object>
- Dictionary<string, object>
- Slack Dictionary<string, object>
- Springcm Dictionary<string, object>
- Wams Dictionary<string, object>
- Wsfed Dictionary<string, object>
- WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and
client_aliasesproperties on the client. - Zendesk Dictionary<string, object>
- Zoom Dictionary<string, object>
- Aws map[string]interface{}
- Azure
Blob map[string]interface{} - Azure
Sb map[string]interface{} - Box map[string]interface{}
- Cloudbees map[string]interface{}
- Concur map[string]interface{}
- Dropbox map[string]interface{}
- Echosign map[string]interface{}
- Egnyte map[string]interface{}
- Firebase map[string]interface{}
- Layer map[string]interface{}
- Mscrm map[string]interface{}
- Newrelic map[string]interface{}
- Office365 map[string]interface{}
- Rms map[string]interface{}
- Salesforce map[string]interface{}
- Salesforce
Api map[string]interface{} - Salesforce
Sandbox map[string]interface{}Api - Samlp
Global
Client Addons Samlp - Configuration settings for a SAML add-on.
- Sap
Api map[string]interface{} - Sentry map[string]interface{}
- map[string]interface{}
- Slack map[string]interface{}
- Springcm map[string]interface{}
- Wams map[string]interface{}
- Wsfed map[string]interface{}
- WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and
client_aliasesproperties on the client. - Zendesk map[string]interface{}
- Zoom map[string]interface{}
- aws Map<String,Object>
- azure
Blob Map<String,Object> - azure
Sb Map<String,Object> - box Map<String,Object>
- cloudbees Map<String,Object>
- concur Map<String,Object>
- dropbox Map<String,Object>
- echosign Map<String,Object>
- egnyte Map<String,Object>
- firebase Map<String,Object>
- layer Map<String,Object>
- mscrm Map<String,Object>
- newrelic Map<String,Object>
- office365 Map<String,Object>
- rms Map<String,Object>
- salesforce Map<String,Object>
- salesforce
Api Map<String,Object> - salesforce
Sandbox Map<String,Object>Api - samlp
Global
Client Addons Samlp - Configuration settings for a SAML add-on.
- sap
Api Map<String,Object> - sentry Map<String,Object>
- Map<String,Object>
- slack Map<String,Object>
- springcm Map<String,Object>
- wams Map<String,Object>
- wsfed Map<String,Object>
- WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and
client_aliasesproperties on the client. - zendesk Map<String,Object>
- zoom Map<String,Object>
- aws {[key: string]: any}
- azure
Blob {[key: string]: any} - azure
Sb {[key: string]: any} - box {[key: string]: any}
- cloudbees {[key: string]: any}
- concur {[key: string]: any}
- dropbox {[key: string]: any}
- echosign {[key: string]: any}
- egnyte {[key: string]: any}
- firebase {[key: string]: any}
- layer {[key: string]: any}
- mscrm {[key: string]: any}
- newrelic {[key: string]: any}
- office365 {[key: string]: any}
- rms {[key: string]: any}
- salesforce {[key: string]: any}
- salesforce
Api {[key: string]: any} - salesforce
Sandbox {[key: string]: any}Api - samlp
Global
Client Addons Samlp - Configuration settings for a SAML add-on.
- sap
Api {[key: string]: any} - sentry {[key: string]: any}
- {[key: string]: any}
- slack {[key: string]: any}
- springcm {[key: string]: any}
- wams {[key: string]: any}
- wsfed {[key: string]: any}
- WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and
client_aliasesproperties on the client. - zendesk {[key: string]: any}
- zoom {[key: string]: any}
- aws Mapping[str, Any]
- azure_
blob Mapping[str, Any] - azure_
sb Mapping[str, Any] - box Mapping[str, Any]
- cloudbees Mapping[str, Any]
- concur Mapping[str, Any]
- dropbox Mapping[str, Any]
- echosign Mapping[str, Any]
- egnyte Mapping[str, Any]
- firebase Mapping[str, Any]
- layer Mapping[str, Any]
- mscrm Mapping[str, Any]
- newrelic Mapping[str, Any]
- office365 Mapping[str, Any]
- rms Mapping[str, Any]
- salesforce Mapping[str, Any]
- salesforce_
api Mapping[str, Any] - salesforce_
sandbox_ Mapping[str, Any]api - samlp
Global
Client Addons Samlp - Configuration settings for a SAML add-on.
- sap_
api Mapping[str, Any] - sentry Mapping[str, Any]
- Mapping[str, Any]
- slack Mapping[str, Any]
- springcm Mapping[str, Any]
- wams Mapping[str, Any]
- wsfed Mapping[str, Any]
- WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and
client_aliasesproperties on the client. - zendesk Mapping[str, Any]
- zoom Mapping[str, Any]
- aws Map<Any>
- azure
Blob Map<Any> - azure
Sb Map<Any> - box Map<Any>
- cloudbees Map<Any>
- concur Map<Any>
- dropbox Map<Any>
- echosign Map<Any>
- egnyte Map<Any>
- firebase Map<Any>
- layer Map<Any>
- mscrm Map<Any>
- newrelic Map<Any>
- office365 Map<Any>
- rms Map<Any>
- salesforce Map<Any>
- salesforce
Api Map<Any> - salesforce
Sandbox Map<Any>Api - samlp Property Map
- Configuration settings for a SAML add-on.
- sap
Api Map<Any> - sentry Map<Any>
- Map<Any>
- slack Map<Any>
- springcm Map<Any>
- wams Map<Any>
- wsfed Map<Any>
- WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and
client_aliasesproperties on the client. - zendesk Map<Any>
- zoom Map<Any>
GlobalClientAddonsSamlp, GlobalClientAddonsSamlpArgs
- Audience string
- Authn
Context stringClass Ref - Binding string
- Create
Upn boolClaim - Destination string
- Digest
Algorithm string - Include
Attribute boolName Format - Issuer string
- Lifetime
In intSeconds - Logout Dictionary<string, object>
- Map
Identities bool - Map
Unknown boolClaims As Is - Mappings Dictionary<string, object>
- Name
Identifier stringFormat - Name
Identifier List<string>Probes - Passthrough
Claims boolWith No Mapping - Recipient string
- Sign
Response bool - Signature
Algorithm string - Signing
Cert string - Typed
Attributes bool
- Audience string
- Authn
Context stringClass Ref - Binding string
- Create
Upn boolClaim - Destination string
- Digest
Algorithm string - Include
Attribute boolName Format - Issuer string
- Lifetime
In intSeconds - Logout map[string]interface{}
- Map
Identities bool - Map
Unknown boolClaims As Is - Mappings map[string]interface{}
- Name
Identifier stringFormat - Name
Identifier []stringProbes - Passthrough
Claims boolWith No Mapping - Recipient string
- Sign
Response bool - Signature
Algorithm string - Signing
Cert string - Typed
Attributes bool
- audience String
- authn
Context StringClass Ref - binding String
- create
Upn BooleanClaim - destination String
- digest
Algorithm String - include
Attribute BooleanName Format - issuer String
- lifetime
In IntegerSeconds - logout Map<String,Object>
- map
Identities Boolean - map
Unknown BooleanClaims As Is - mappings Map<String,Object>
- name
Identifier StringFormat - name
Identifier List<String>Probes - passthrough
Claims BooleanWith No Mapping - recipient String
- sign
Response Boolean - signature
Algorithm String - signing
Cert String - typed
Attributes Boolean
- audience string
- authn
Context stringClass Ref - binding string
- create
Upn booleanClaim - destination string
- digest
Algorithm string - include
Attribute booleanName Format - issuer string
- lifetime
In numberSeconds - logout {[key: string]: any}
- map
Identities boolean - map
Unknown booleanClaims As Is - mappings {[key: string]: any}
- name
Identifier stringFormat - name
Identifier string[]Probes - passthrough
Claims booleanWith No Mapping - recipient string
- sign
Response boolean - signature
Algorithm string - signing
Cert string - typed
Attributes boolean
- audience str
- authn_
context_ strclass_ ref - binding str
- create_
upn_ boolclaim - destination str
- digest_
algorithm str - include_
attribute_ boolname_ format - issuer str
- lifetime_
in_ intseconds - logout Mapping[str, Any]
- map_
identities bool - map_
unknown_ boolclaims_ as_ is - mappings Mapping[str, Any]
- name_
identifier_ strformat - name_
identifier_ Sequence[str]probes - passthrough_
claims_ boolwith_ no_ mapping - recipient str
- sign_
response bool - signature_
algorithm str - signing_
cert str - typed_
attributes bool
- audience String
- authn
Context StringClass Ref - binding String
- create
Upn BooleanClaim - destination String
- digest
Algorithm String - include
Attribute BooleanName Format - issuer String
- lifetime
In NumberSeconds - logout Map<Any>
- map
Identities Boolean - map
Unknown BooleanClaims As Is - mappings Map<Any>
- name
Identifier StringFormat - name
Identifier List<String>Probes - passthrough
Claims BooleanWith No Mapping - recipient String
- sign
Response Boolean - signature
Algorithm String - signing
Cert String - typed
Attributes Boolean
GlobalClientJwtConfiguration, GlobalClientJwtConfigurationArgs
- Alg string
- Algorithm used to sign JWTs.
- Lifetime
In intSeconds - Number of seconds during which the JWT will be valid.
- Scopes Dictionary<string, string>
- Permissions (scopes) included in JWTs.
- Secret
Encoded bool - Indicates whether the client secret is Base64-encoded.
- Alg string
- Algorithm used to sign JWTs.
- Lifetime
In intSeconds - Number of seconds during which the JWT will be valid.
- Scopes map[string]string
- Permissions (scopes) included in JWTs.
- Secret
Encoded bool - Indicates whether the client secret is Base64-encoded.
- alg String
- Algorithm used to sign JWTs.
- lifetime
In IntegerSeconds - Number of seconds during which the JWT will be valid.
- scopes Map<String,String>
- Permissions (scopes) included in JWTs.
- secret
Encoded Boolean - Indicates whether the client secret is Base64-encoded.
- alg string
- Algorithm used to sign JWTs.
- lifetime
In numberSeconds - Number of seconds during which the JWT will be valid.
- scopes {[key: string]: string}
- Permissions (scopes) included in JWTs.
- secret
Encoded boolean - Indicates whether the client secret is Base64-encoded.
- alg str
- Algorithm used to sign JWTs.
- lifetime_
in_ intseconds - Number of seconds during which the JWT will be valid.
- scopes Mapping[str, str]
- Permissions (scopes) included in JWTs.
- secret_
encoded bool - Indicates whether the client secret is Base64-encoded.
- alg String
- Algorithm used to sign JWTs.
- lifetime
In NumberSeconds - Number of seconds during which the JWT will be valid.
- scopes Map<String>
- Permissions (scopes) included in JWTs.
- secret
Encoded Boolean - Indicates whether the client secret is Base64-encoded.
GlobalClientMobile, GlobalClientMobileArgs
- Android
Global
Client Mobile Android - Configuration settings for Android native apps.
- Ios
Global
Client Mobile Ios - Configuration settings for i0S native apps.
- Android
Global
Client Mobile Android - Configuration settings for Android native apps.
- Ios
Global
Client Mobile Ios - Configuration settings for i0S native apps.
- android
Global
Client Mobile Android - Configuration settings for Android native apps.
- ios
Global
Client Mobile Ios - Configuration settings for i0S native apps.
- android
Global
Client Mobile Android - Configuration settings for Android native apps.
- ios
Global
Client Mobile Ios - Configuration settings for i0S native apps.
- android
Global
Client Mobile Android - Configuration settings for Android native apps.
- ios
Global
Client Mobile Ios - Configuration settings for i0S native apps.
- android Property Map
- Configuration settings for Android native apps.
- ios Property Map
- Configuration settings for i0S native apps.
GlobalClientMobileAndroid, GlobalClientMobileAndroidArgs
- App
Package stringName - Sha256Cert
Fingerprints List<string>
- App
Package stringName - Sha256Cert
Fingerprints []string
- app
Package StringName - sha256Cert
Fingerprints List<String>
- app
Package stringName - sha256Cert
Fingerprints string[]
- app_
package_ strname - sha256_
cert_ Sequence[str]fingerprints
- app
Package StringName - sha256Cert
Fingerprints List<String>
GlobalClientMobileIos, GlobalClientMobileIosArgs
- App
Bundle stringIdentifier - Team
Id string
- App
Bundle stringIdentifier - Team
Id string
- app
Bundle StringIdentifier - team
Id String
- app
Bundle stringIdentifier - team
Id string
- app_
bundle_ stridentifier - team_
id str
- app
Bundle StringIdentifier - team
Id String
GlobalClientNativeSocialLogin, GlobalClientNativeSocialLoginArgs
GlobalClientNativeSocialLoginApple, GlobalClientNativeSocialLoginAppleArgs
- Enabled bool
- Enabled bool
- enabled Boolean
- enabled boolean
- enabled bool
- enabled Boolean
GlobalClientNativeSocialLoginFacebook, GlobalClientNativeSocialLoginFacebookArgs
- Enabled bool
- Enabled bool
- enabled Boolean
- enabled boolean
- enabled bool
- enabled Boolean
GlobalClientRefreshToken, GlobalClientRefreshTokenArgs
- Expiration
Type string - Options include
expiring,non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation isrotating, this must be set toexpiring. - Rotation
Type string - Options include
rotating,non-rotating. Whenrotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. - Idle
Token intLifetime - The time in seconds after which inactive refresh tokens will expire.
- Infinite
Idle boolToken Lifetime - Whether inactive refresh tokens should remain valid indefinitely.
- Infinite
Token boolLifetime - Whether refresh tokens should remain valid indefinitely. If false,
token_lifetimeshould also be set. - Leeway int
- The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
- Token
Lifetime int - The absolute lifetime of a refresh token in seconds.
- Expiration
Type string - Options include
expiring,non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation isrotating, this must be set toexpiring. - Rotation
Type string - Options include
rotating,non-rotating. Whenrotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. - Idle
Token intLifetime - The time in seconds after which inactive refresh tokens will expire.
- Infinite
Idle boolToken Lifetime - Whether inactive refresh tokens should remain valid indefinitely.
- Infinite
Token boolLifetime - Whether refresh tokens should remain valid indefinitely. If false,
token_lifetimeshould also be set. - Leeway int
- The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
- Token
Lifetime int - The absolute lifetime of a refresh token in seconds.
- expiration
Type String - Options include
expiring,non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation isrotating, this must be set toexpiring. - rotation
Type String - Options include
rotating,non-rotating. Whenrotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. - idle
Token IntegerLifetime - The time in seconds after which inactive refresh tokens will expire.
- infinite
Idle BooleanToken Lifetime - Whether inactive refresh tokens should remain valid indefinitely.
- infinite
Token BooleanLifetime - Whether refresh tokens should remain valid indefinitely. If false,
token_lifetimeshould also be set. - leeway Integer
- The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
- token
Lifetime Integer - The absolute lifetime of a refresh token in seconds.
- expiration
Type string - Options include
expiring,non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation isrotating, this must be set toexpiring. - rotation
Type string - Options include
rotating,non-rotating. Whenrotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. - idle
Token numberLifetime - The time in seconds after which inactive refresh tokens will expire.
- infinite
Idle booleanToken Lifetime - Whether inactive refresh tokens should remain valid indefinitely.
- infinite
Token booleanLifetime - Whether refresh tokens should remain valid indefinitely. If false,
token_lifetimeshould also be set. - leeway number
- The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
- token
Lifetime number - The absolute lifetime of a refresh token in seconds.
- expiration_
type str - Options include
expiring,non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation isrotating, this must be set toexpiring. - rotation_
type str - Options include
rotating,non-rotating. Whenrotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. - idle_
token_ intlifetime - The time in seconds after which inactive refresh tokens will expire.
- infinite_
idle_ booltoken_ lifetime - Whether inactive refresh tokens should remain valid indefinitely.
- infinite_
token_ boollifetime - Whether refresh tokens should remain valid indefinitely. If false,
token_lifetimeshould also be set. - leeway int
- The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
- token_
lifetime int - The absolute lifetime of a refresh token in seconds.
- expiration
Type String - Options include
expiring,non-expiring. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation isrotating, this must be set toexpiring. - rotation
Type String - Options include
rotating,non-rotating. Whenrotating, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. - idle
Token NumberLifetime - The time in seconds after which inactive refresh tokens will expire.
- infinite
Idle BooleanToken Lifetime - Whether inactive refresh tokens should remain valid indefinitely.
- infinite
Token BooleanLifetime - Whether refresh tokens should remain valid indefinitely. If false,
token_lifetimeshould also be set. - leeway Number
- The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
- token
Lifetime Number - The absolute lifetime of a refresh token in seconds.
Package Details
- Repository
- Auth0 pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
auth0Terraform Provider.
Viewing docs for Auth0 v2.24.3 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
