azure-native.containerservice.getJWTAuthenticator

Azure Native v3.13.0, Jan 28 26

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.13.0 published on Wednesday, Jan 28, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-azure-native

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.13.0 published on Wednesday, Jan 28, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-azure-native

Using getJWTAuthenticator

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getJWTAuthenticator(args: GetJWTAuthenticatorArgs, opts?: InvokeOptions): Promise<GetJWTAuthenticatorResult>
function getJWTAuthenticatorOutput(args: GetJWTAuthenticatorOutputArgs, opts?: InvokeOptions): Output<GetJWTAuthenticatorResult>

def get_jwt_authenticator(jwt_authenticator_name: Optional[str] = None,
                          resource_group_name: Optional[str] = None,
                          resource_name: Optional[str] = None,
                          opts: Optional[InvokeOptions] = None) -> GetJWTAuthenticatorResult
def get_jwt_authenticator_output(jwt_authenticator_name: Optional[pulumi.Input[str]] = None,
                          resource_group_name: Optional[pulumi.Input[str]] = None,
                          resource_name: Optional[pulumi.Input[str]] = None,
                          opts: Optional[InvokeOptions] = None) -> Output[GetJWTAuthenticatorResult]

func LookupJWTAuthenticator(ctx *Context, args *LookupJWTAuthenticatorArgs, opts ...InvokeOption) (*LookupJWTAuthenticatorResult, error)
func LookupJWTAuthenticatorOutput(ctx *Context, args *LookupJWTAuthenticatorOutputArgs, opts ...InvokeOption) LookupJWTAuthenticatorResultOutput

> Note: This function is named LookupJWTAuthenticator in the Go SDK.

public static class GetJWTAuthenticator 
{
    public static Task<GetJWTAuthenticatorResult> InvokeAsync(GetJWTAuthenticatorArgs args, InvokeOptions? opts = null)
    public static Output<GetJWTAuthenticatorResult> Invoke(GetJWTAuthenticatorInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetJWTAuthenticatorResult> getJWTAuthenticator(GetJWTAuthenticatorArgs args, InvokeOptions options)
public static Output<GetJWTAuthenticatorResult> getJWTAuthenticator(GetJWTAuthenticatorArgs args, InvokeOptions options)

fn::invoke:
  function: azure-native:containerservice:getJWTAuthenticator
  arguments:
    # arguments dictionary

The following arguments are supported:

JwtAuthenticatorName string: The name of the JWT authenticator.
ResourceGroupName string: The name of the resource group. The name is case insensitive.
ResourceName string: The name of the managed cluster resource.

JwtAuthenticatorName string: The name of the JWT authenticator.
ResourceGroupName string: The name of the resource group. The name is case insensitive.
ResourceName string: The name of the managed cluster resource.

jwtAuthenticatorName String: The name of the JWT authenticator.
resourceGroupName String: The name of the resource group. The name is case insensitive.
resourceName String: The name of the managed cluster resource.

jwtAuthenticatorName string: The name of the JWT authenticator.
resourceGroupName string: The name of the resource group. The name is case insensitive.
resourceName string: The name of the managed cluster resource.

jwt_authenticator_name str: The name of the JWT authenticator.
resource_group_name str: The name of the resource group. The name is case insensitive.
resource_name str: The name of the managed cluster resource.

jwtAuthenticatorName String: The name of the JWT authenticator.
resourceGroupName String: The name of the resource group. The name is case insensitive.
resourceName String: The name of the managed cluster resource.

getJWTAuthenticator Result

The following output properties are available:

AzureApiVersion string: The Azure API version of the resource.
Id string: Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
Name string: The name of the resource
Properties Pulumi.AzureNative.ContainerService.Outputs.JWTAuthenticatorPropertiesResponse: The properties of JWTAuthenticator. For details on how to configure the properties of a JWT authenticator, please refer to the Kubernetes documentation: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration. Please note that not all fields available in the Kubernetes documentation are supported by AKS. For troubleshooting, please see https://aka.ms/aks-external-issuers-docs.
SystemData Pulumi.AzureNative.ContainerService.Outputs.SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
Type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

AzureApiVersion string: The Azure API version of the resource.
Id string: Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
Name string: The name of the resource
Properties JWTAuthenticatorPropertiesResponse: The properties of JWTAuthenticator. For details on how to configure the properties of a JWT authenticator, please refer to the Kubernetes documentation: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration. Please note that not all fields available in the Kubernetes documentation are supported by AKS. For troubleshooting, please see https://aka.ms/aks-external-issuers-docs.
SystemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
Type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

azureApiVersion String: The Azure API version of the resource.
id String: Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
name String: The name of the resource
properties JWTAuthenticatorPropertiesResponse: The properties of JWTAuthenticator. For details on how to configure the properties of a JWT authenticator, please refer to the Kubernetes documentation: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration. Please note that not all fields available in the Kubernetes documentation are supported by AKS. For troubleshooting, please see https://aka.ms/aks-external-issuers-docs.
systemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type String: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

azureApiVersion string: The Azure API version of the resource.
id string: Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
name string: The name of the resource
properties JWTAuthenticatorPropertiesResponse: The properties of JWTAuthenticator. For details on how to configure the properties of a JWT authenticator, please refer to the Kubernetes documentation: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration. Please note that not all fields available in the Kubernetes documentation are supported by AKS. For troubleshooting, please see https://aka.ms/aks-external-issuers-docs.
systemData SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type string: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

azure_api_version str: The Azure API version of the resource.
id str: Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
name str: The name of the resource
properties JWTAuthenticatorPropertiesResponse: The properties of JWTAuthenticator. For details on how to configure the properties of a JWT authenticator, please refer to the Kubernetes documentation: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration. Please note that not all fields available in the Kubernetes documentation are supported by AKS. For troubleshooting, please see https://aka.ms/aks-external-issuers-docs.
system_data SystemDataResponse: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type str: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

azureApiVersion String: The Azure API version of the resource.
id String: Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
name String: The name of the resource
properties Property Map: The properties of JWTAuthenticator. For details on how to configure the properties of a JWT authenticator, please refer to the Kubernetes documentation: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#using-authentication-configuration. Please note that not all fields available in the Kubernetes documentation are supported by AKS. For troubleshooting, please see https://aka.ms/aks-external-issuers-docs.
systemData Property Map: Azure Resource Manager metadata containing createdBy and modifiedBy information.
type String: The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

Supporting Types

JWTAuthenticatorClaimMappingExpressionResponse

Expression string: The CEL expression used to access token claims.

Expression string: The CEL expression used to access token claims.

expression String: The CEL expression used to access token claims.

expression string: The CEL expression used to access token claims.

expression str: The CEL expression used to access token claims.

expression String: The CEL expression used to access token claims.

JWTAuthenticatorClaimMappingsResponse

Username Pulumi.AzureNative.ContainerService.Inputs.JWTAuthenticatorClaimMappingExpressionResponse: The expression to extract username attribute from the token claims.
Extra List<Pulumi.AzureNative.ContainerService.Inputs.JWTAuthenticatorExtraClaimMappingExpressionResponse>: The expression to extract extra attribute from the token claims. When not provided, no extra attributes are extracted from the token claims.
Groups Pulumi.AzureNative.ContainerService.Inputs.JWTAuthenticatorClaimMappingExpressionResponse: The expression to extract groups attribute from the token claims. When not provided, no groups are extracted from the token claims.
Uid Pulumi.AzureNative.ContainerService.Inputs.JWTAuthenticatorClaimMappingExpressionResponse: The expression to extract uid attribute from the token claims. When not provided, no uid is extracted from the token claims.

Username JWTAuthenticatorClaimMappingExpressionResponse: The expression to extract username attribute from the token claims.
Extra []JWTAuthenticatorExtraClaimMappingExpressionResponse: The expression to extract extra attribute from the token claims. When not provided, no extra attributes are extracted from the token claims.
Groups JWTAuthenticatorClaimMappingExpressionResponse: The expression to extract groups attribute from the token claims. When not provided, no groups are extracted from the token claims.
Uid JWTAuthenticatorClaimMappingExpressionResponse: The expression to extract uid attribute from the token claims. When not provided, no uid is extracted from the token claims.

username JWTAuthenticatorClaimMappingExpressionResponse: The expression to extract username attribute from the token claims.
extra List<JWTAuthenticatorExtraClaimMappingExpressionResponse>: The expression to extract extra attribute from the token claims. When not provided, no extra attributes are extracted from the token claims.
groups JWTAuthenticatorClaimMappingExpressionResponse: The expression to extract groups attribute from the token claims. When not provided, no groups are extracted from the token claims.
uid JWTAuthenticatorClaimMappingExpressionResponse: The expression to extract uid attribute from the token claims. When not provided, no uid is extracted from the token claims.

username JWTAuthenticatorClaimMappingExpressionResponse: The expression to extract username attribute from the token claims.
extra JWTAuthenticatorExtraClaimMappingExpressionResponse[]: The expression to extract extra attribute from the token claims. When not provided, no extra attributes are extracted from the token claims.
groups JWTAuthenticatorClaimMappingExpressionResponse: The expression to extract groups attribute from the token claims. When not provided, no groups are extracted from the token claims.
uid JWTAuthenticatorClaimMappingExpressionResponse: The expression to extract uid attribute from the token claims. When not provided, no uid is extracted from the token claims.

username JWTAuthenticatorClaimMappingExpressionResponse: The expression to extract username attribute from the token claims.
extra Sequence[JWTAuthenticatorExtraClaimMappingExpressionResponse]: The expression to extract extra attribute from the token claims. When not provided, no extra attributes are extracted from the token claims.
groups JWTAuthenticatorClaimMappingExpressionResponse: The expression to extract groups attribute from the token claims. When not provided, no groups are extracted from the token claims.
uid JWTAuthenticatorClaimMappingExpressionResponse: The expression to extract uid attribute from the token claims. When not provided, no uid is extracted from the token claims.

username Property Map: The expression to extract username attribute from the token claims.
extra List<Property Map>: The expression to extract extra attribute from the token claims. When not provided, no extra attributes are extracted from the token claims.
groups Property Map: The expression to extract groups attribute from the token claims. When not provided, no groups are extracted from the token claims.
uid Property Map: The expression to extract uid attribute from the token claims. When not provided, no uid is extracted from the token claims.

JWTAuthenticatorExtraClaimMappingExpressionResponse

Key string: The key of the extra attribute.
ValueExpression string: The CEL expression used to extract the value of the extra attribute.

Key string: The key of the extra attribute.
ValueExpression string: The CEL expression used to extract the value of the extra attribute.

key String: The key of the extra attribute.
valueExpression String: The CEL expression used to extract the value of the extra attribute.

key string: The key of the extra attribute.
valueExpression string: The CEL expression used to extract the value of the extra attribute.

key str: The key of the extra attribute.
value_expression str: The CEL expression used to extract the value of the extra attribute.

key String: The key of the extra attribute.
valueExpression String: The CEL expression used to extract the value of the extra attribute.

JWTAuthenticatorIssuerResponse

Audiences List<string>: The set of acceptable audiences the JWT must be issued to. At least one is required. When multiple is set, AudienceMatchPolicy is used in API Server configuration.
Url string: The issuer URL. The URL must begin with the scheme https and cannot contain a query string or fragment. This must match the "iss" claim in the presented JWT, and the issuer returned from discovery.

Audiences []string: The set of acceptable audiences the JWT must be issued to. At least one is required. When multiple is set, AudienceMatchPolicy is used in API Server configuration.
Url string: The issuer URL. The URL must begin with the scheme https and cannot contain a query string or fragment. This must match the "iss" claim in the presented JWT, and the issuer returned from discovery.

audiences List<String>: The set of acceptable audiences the JWT must be issued to. At least one is required. When multiple is set, AudienceMatchPolicy is used in API Server configuration.
url String: The issuer URL. The URL must begin with the scheme https and cannot contain a query string or fragment. This must match the "iss" claim in the presented JWT, and the issuer returned from discovery.

audiences string[]: The set of acceptable audiences the JWT must be issued to. At least one is required. When multiple is set, AudienceMatchPolicy is used in API Server configuration.
url string: The issuer URL. The URL must begin with the scheme https and cannot contain a query string or fragment. This must match the "iss" claim in the presented JWT, and the issuer returned from discovery.

audiences Sequence[str]: The set of acceptable audiences the JWT must be issued to. At least one is required. When multiple is set, AudienceMatchPolicy is used in API Server configuration.
url str: The issuer URL. The URL must begin with the scheme https and cannot contain a query string or fragment. This must match the "iss" claim in the presented JWT, and the issuer returned from discovery.

audiences List<String>: The set of acceptable audiences the JWT must be issued to. At least one is required. When multiple is set, AudienceMatchPolicy is used in API Server configuration.
url String: The issuer URL. The URL must begin with the scheme https and cannot contain a query string or fragment. This must match the "iss" claim in the presented JWT, and the issuer returned from discovery.

JWTAuthenticatorPropertiesResponse

ClaimMappings Pulumi.AzureNative.ContainerService.Inputs.JWTAuthenticatorClaimMappingsResponse: The mappings that define how user attributes are extracted from the token claims.
Issuer Pulumi.AzureNative.ContainerService.Inputs.JWTAuthenticatorIssuerResponse: The JWT OIDC issuer details.
ProvisioningState string: The current provisioning state of the JWT authenticator.
ClaimValidationRules List<Pulumi.AzureNative.ContainerService.Inputs.JWTAuthenticatorValidationRuleResponse>: The rules that are applied to validate token claims to authenticate users. All the expressions must evaluate to true for validation to succeed.
UserValidationRules List<Pulumi.AzureNative.ContainerService.Inputs.JWTAuthenticatorValidationRuleResponse>: The rules that are applied to the mapped user before completing authentication. All the expressions must evaluate to true for validation to succeed.

ClaimMappings JWTAuthenticatorClaimMappingsResponse: The mappings that define how user attributes are extracted from the token claims.
Issuer JWTAuthenticatorIssuerResponse: The JWT OIDC issuer details.
ProvisioningState string: The current provisioning state of the JWT authenticator.
ClaimValidationRules []JWTAuthenticatorValidationRuleResponse: The rules that are applied to validate token claims to authenticate users. All the expressions must evaluate to true for validation to succeed.
UserValidationRules []JWTAuthenticatorValidationRuleResponse: The rules that are applied to the mapped user before completing authentication. All the expressions must evaluate to true for validation to succeed.

claimMappings JWTAuthenticatorClaimMappingsResponse: The mappings that define how user attributes are extracted from the token claims.
issuer JWTAuthenticatorIssuerResponse: The JWT OIDC issuer details.
provisioningState String: The current provisioning state of the JWT authenticator.
claimValidationRules List<JWTAuthenticatorValidationRuleResponse>: The rules that are applied to validate token claims to authenticate users. All the expressions must evaluate to true for validation to succeed.
userValidationRules List<JWTAuthenticatorValidationRuleResponse>: The rules that are applied to the mapped user before completing authentication. All the expressions must evaluate to true for validation to succeed.

claimMappings JWTAuthenticatorClaimMappingsResponse: The mappings that define how user attributes are extracted from the token claims.
issuer JWTAuthenticatorIssuerResponse: The JWT OIDC issuer details.
provisioningState string: The current provisioning state of the JWT authenticator.
claimValidationRules JWTAuthenticatorValidationRuleResponse[]: The rules that are applied to validate token claims to authenticate users. All the expressions must evaluate to true for validation to succeed.
userValidationRules JWTAuthenticatorValidationRuleResponse[]: The rules that are applied to the mapped user before completing authentication. All the expressions must evaluate to true for validation to succeed.

claim_mappings JWTAuthenticatorClaimMappingsResponse: The mappings that define how user attributes are extracted from the token claims.
issuer JWTAuthenticatorIssuerResponse: The JWT OIDC issuer details.
provisioning_state str: The current provisioning state of the JWT authenticator.
claim_validation_rules Sequence[JWTAuthenticatorValidationRuleResponse]: The rules that are applied to validate token claims to authenticate users. All the expressions must evaluate to true for validation to succeed.
user_validation_rules Sequence[JWTAuthenticatorValidationRuleResponse]: The rules that are applied to the mapped user before completing authentication. All the expressions must evaluate to true for validation to succeed.

claimMappings Property Map: The mappings that define how user attributes are extracted from the token claims.
issuer Property Map: The JWT OIDC issuer details.
provisioningState String: The current provisioning state of the JWT authenticator.
claimValidationRules List<Property Map>: The rules that are applied to validate token claims to authenticate users. All the expressions must evaluate to true for validation to succeed.
userValidationRules List<Property Map>: The rules that are applied to the mapped user before completing authentication. All the expressions must evaluate to true for validation to succeed.

JWTAuthenticatorValidationRuleResponse

Expression string: The CEL expression used to validate the claim or attribute.
Message string: The validation error message.

Expression string: The CEL expression used to validate the claim or attribute.
Message string: The validation error message.

expression String: The CEL expression used to validate the claim or attribute.
message String: The validation error message.

expression string: The CEL expression used to validate the claim or attribute.
message string: The validation error message.

expression str: The CEL expression used to validate the claim or attribute.
message str: The validation error message.

expression String: The CEL expression used to validate the claim or attribute.
message String: The validation error message.

SystemDataResponse

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

CreatedAt string: The timestamp of resource creation (UTC).
CreatedBy string: The identity that created the resource.
CreatedByType string: The type of identity that created the resource.
LastModifiedAt string: The timestamp of resource last modification (UTC)
LastModifiedBy string: The identity that last modified the resource.
LastModifiedByType string: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

createdAt string: The timestamp of resource creation (UTC).
createdBy string: The identity that created the resource.
createdByType string: The type of identity that created the resource.
lastModifiedAt string: The timestamp of resource last modification (UTC)
lastModifiedBy string: The identity that last modified the resource.
lastModifiedByType string: The type of identity that last modified the resource.

created_at str: The timestamp of resource creation (UTC).
created_by str: The identity that created the resource.
created_by_type str: The type of identity that created the resource.
last_modified_at str: The timestamp of resource last modification (UTC)
last_modified_by str: The identity that last modified the resource.
last_modified_by_type str: The type of identity that last modified the resource.

createdAt String: The timestamp of resource creation (UTC).
createdBy String: The identity that created the resource.
createdByType String: The type of identity that created the resource.
lastModifiedAt String: The timestamp of resource last modification (UTC)
lastModifiedBy String: The identity that last modified the resource.
lastModifiedByType String: The type of identity that last modified the resource.

Package Details

Repository: Azure Native pulumi/pulumi-azure-native
License: Apache-2.0

This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.

Azure Native v3.13.0 published on Wednesday, Jan 28, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-azure-native

azure-native.containerservice.getJWTAuthenticator

On this page

On this page

Using getJWTAuthenticator

getJWTAuthenticator Result

Supporting Types

JWTAuthenticatorClaimMappingExpressionResponse

JWTAuthenticatorClaimMappingsResponse

JWTAuthenticatorExtraClaimMappingExpressionResponse

JWTAuthenticatorIssuerResponse

JWTAuthenticatorPropertiesResponse

JWTAuthenticatorValidationRuleResponse

SystemDataResponse

Package Details

On this page

On this page