fusionauth.FusionAuthApplication
Explore with Pulumi AI
# Application Resource
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fusionauth from "pulumi-fusionauth";
const forum = new fusionauth.FusionAuthApplication("forum", {
tenantId: fusionauth_tenant.portal.id,
authenticationTokenConfigurationEnabled: false,
formConfiguration: {
adminRegistrationFormId: fusionauth_form.admin_registration.id,
selfServiceFormId: fusionauth_form.self_service.id,
},
jwtConfiguration: {
accessTokenId: fusionauth_key.access_token.id,
enabled: true,
idTokenKeyId: fusionauth_key.id_token.id,
refreshTokenTtlMinutes: 43200,
ttlSeconds: 3600,
},
lambdaConfiguration: {
accessTokenPopulateId: fusionauth_lambda.token_populate.id,
idTokenPopulateId: fusionauth_lambda.id_token_populate.id,
},
loginConfiguration: {
allowTokenRefresh: false,
generateRefreshTokens: false,
requireAuthentication: true,
},
multiFactorConfiguration: {
emailTemplateId: "859f394b-22a6-4fa6-ba55-de700df9e950",
smsTemplateId: "17760f96-dca7-448b-9a8f-c49016aa7210",
loginPolicy: "Required",
trustPolicy: "Any",
},
oauthConfiguration: {
authorizedOriginUrls: ["http://www.example.com/oauth-callback"],
authorizedUrlValidationPolicy: "ExactMatch",
enabledGrants: [
"authorization_code",
"implicit",
],
generateRefreshTokens: false,
logoutBehavior: "AllApplications",
logoutUrl: "http://www.example.com/logout",
requireClientAuthentication: false,
providedScopePolicies: [{
address: {
enabled: false,
required: false,
},
email: {
enabled: false,
required: false,
},
phone: {
enabled: false,
required: false,
},
profile: {
enabled: false,
required: false,
},
}],
},
registrationConfiguration: {
birthDate: {
enabled: false,
required: false,
},
confirmPassword: false,
enabled: false,
firstName: {
enabled: false,
required: false,
},
fullName: {
enabled: false,
required: false,
},
lastName: {
enabled: false,
required: false,
},
loginIdType: "",
middleName: {
enabled: false,
required: false,
},
mobilePhone: {
enabled: false,
required: false,
},
preferredLanguages: {
enabled: false,
required: false,
},
type: "",
},
passwordlessConfigurationEnabled: false,
registrationDeletePolicy: {
unverifiedEnabled: true,
unverifiedNumberOfDaysToRetain: 30,
},
});
import pulumi
import theogravity_pulumi_fusionauth as fusionauth
forum = fusionauth.FusionAuthApplication("forum",
tenant_id=fusionauth_tenant["portal"]["id"],
authentication_token_configuration_enabled=False,
form_configuration={
"admin_registration_form_id": fusionauth_form["admin_registration"]["id"],
"self_service_form_id": fusionauth_form["self_service"]["id"],
},
jwt_configuration={
"access_token_id": fusionauth_key["access_token"]["id"],
"enabled": True,
"id_token_key_id": fusionauth_key["id_token"]["id"],
"refresh_token_ttl_minutes": 43200,
"ttl_seconds": 3600,
},
lambda_configuration={
"access_token_populate_id": fusionauth_lambda["token_populate"]["id"],
"id_token_populate_id": fusionauth_lambda["id_token_populate"]["id"],
},
login_configuration={
"allow_token_refresh": False,
"generate_refresh_tokens": False,
"require_authentication": True,
},
multi_factor_configuration={
"email_template_id": "859f394b-22a6-4fa6-ba55-de700df9e950",
"sms_template_id": "17760f96-dca7-448b-9a8f-c49016aa7210",
"login_policy": "Required",
"trust_policy": "Any",
},
oauth_configuration={
"authorized_origin_urls": ["http://www.example.com/oauth-callback"],
"authorized_url_validation_policy": "ExactMatch",
"enabled_grants": [
"authorization_code",
"implicit",
],
"generate_refresh_tokens": False,
"logout_behavior": "AllApplications",
"logout_url": "http://www.example.com/logout",
"require_client_authentication": False,
"provided_scope_policies": [{
"address": {
"enabled": False,
"required": False,
},
"email": {
"enabled": False,
"required": False,
},
"phone": {
"enabled": False,
"required": False,
},
"profile": {
"enabled": False,
"required": False,
},
}],
},
registration_configuration={
"birth_date": {
"enabled": False,
"required": False,
},
"confirm_password": False,
"enabled": False,
"first_name": {
"enabled": False,
"required": False,
},
"full_name": {
"enabled": False,
"required": False,
},
"last_name": {
"enabled": False,
"required": False,
},
"login_id_type": "",
"middle_name": {
"enabled": False,
"required": False,
},
"mobile_phone": {
"enabled": False,
"required": False,
},
"preferred_languages": {
"enabled": False,
"required": False,
},
"type": "",
},
passwordless_configuration_enabled=False,
registration_delete_policy={
"unverified_enabled": True,
"unverified_number_of_days_to_retain": 30,
})
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := fusionauth.NewFusionAuthApplication(ctx, "forum", &fusionauth.FusionAuthApplicationArgs{
TenantId: pulumi.Any(fusionauth_tenant.Portal.Id),
AuthenticationTokenConfigurationEnabled: pulumi.Bool(false),
FormConfiguration: &fusionauth.FusionAuthApplicationFormConfigurationArgs{
AdminRegistrationFormId: pulumi.Any(fusionauth_form.Admin_registration.Id),
SelfServiceFormId: pulumi.Any(fusionauth_form.Self_service.Id),
},
JwtConfiguration: &fusionauth.FusionAuthApplicationJwtConfigurationArgs{
AccessTokenId: pulumi.Any(fusionauth_key.Access_token.Id),
Enabled: pulumi.Bool(true),
IdTokenKeyId: pulumi.Any(fusionauth_key.Id_token.Id),
RefreshTokenTtlMinutes: pulumi.Int(43200),
TtlSeconds: pulumi.Int(3600),
},
LambdaConfiguration: &fusionauth.FusionAuthApplicationLambdaConfigurationArgs{
AccessTokenPopulateId: pulumi.Any(fusionauth_lambda.Token_populate.Id),
IdTokenPopulateId: pulumi.Any(fusionauth_lambda.Id_token_populate.Id),
},
LoginConfiguration: &fusionauth.FusionAuthApplicationLoginConfigurationArgs{
AllowTokenRefresh: pulumi.Bool(false),
GenerateRefreshTokens: pulumi.Bool(false),
RequireAuthentication: pulumi.Bool(true),
},
MultiFactorConfiguration: &fusionauth.FusionAuthApplicationMultiFactorConfigurationArgs{
EmailTemplateId: pulumi.String("859f394b-22a6-4fa6-ba55-de700df9e950"),
SmsTemplateId: pulumi.String("17760f96-dca7-448b-9a8f-c49016aa7210"),
LoginPolicy: pulumi.String("Required"),
TrustPolicy: pulumi.String("Any"),
},
OauthConfiguration: &fusionauth.FusionAuthApplicationOauthConfigurationArgs{
AuthorizedOriginUrls: pulumi.StringArray{
pulumi.String("http://www.example.com/oauth-callback"),
},
AuthorizedUrlValidationPolicy: pulumi.String("ExactMatch"),
EnabledGrants: pulumi.StringArray{
pulumi.String("authorization_code"),
pulumi.String("implicit"),
},
GenerateRefreshTokens: pulumi.Bool(false),
LogoutBehavior: pulumi.String("AllApplications"),
LogoutUrl: pulumi.String("http://www.example.com/logout"),
RequireClientAuthentication: pulumi.Bool(false),
ProvidedScopePolicies: fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArray{
&fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs{
Address: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
Email: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
Phone: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
Profile: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
},
},
},
RegistrationConfiguration: &fusionauth.FusionAuthApplicationRegistrationConfigurationArgs{
BirthDate: &fusionauth.FusionAuthApplicationRegistrationConfigurationBirthDateArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
ConfirmPassword: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
FirstName: &fusionauth.FusionAuthApplicationRegistrationConfigurationFirstNameArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
FullName: &fusionauth.FusionAuthApplicationRegistrationConfigurationFullNameArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
LastName: &fusionauth.FusionAuthApplicationRegistrationConfigurationLastNameArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
LoginIdType: pulumi.String(""),
MiddleName: &fusionauth.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
MobilePhone: &fusionauth.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
PreferredLanguages: &fusionauth.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
Type: pulumi.String(""),
},
PasswordlessConfigurationEnabled: pulumi.Bool(false),
RegistrationDeletePolicy: &fusionauth.FusionAuthApplicationRegistrationDeletePolicyArgs{
UnverifiedEnabled: pulumi.Bool(true),
UnverifiedNumberOfDaysToRetain: pulumi.Int(30),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fusionauth = theogravity.Fusionauth;
return await Deployment.RunAsync(() =>
{
var forum = new Fusionauth.FusionAuthApplication("forum", new()
{
TenantId = fusionauth_tenant.Portal.Id,
AuthenticationTokenConfigurationEnabled = false,
FormConfiguration = new Fusionauth.Inputs.FusionAuthApplicationFormConfigurationArgs
{
AdminRegistrationFormId = fusionauth_form.Admin_registration.Id,
SelfServiceFormId = fusionauth_form.Self_service.Id,
},
JwtConfiguration = new Fusionauth.Inputs.FusionAuthApplicationJwtConfigurationArgs
{
AccessTokenId = fusionauth_key.Access_token.Id,
Enabled = true,
IdTokenKeyId = fusionauth_key.Id_token.Id,
RefreshTokenTtlMinutes = 43200,
TtlSeconds = 3600,
},
LambdaConfiguration = new Fusionauth.Inputs.FusionAuthApplicationLambdaConfigurationArgs
{
AccessTokenPopulateId = fusionauth_lambda.Token_populate.Id,
IdTokenPopulateId = fusionauth_lambda.Id_token_populate.Id,
},
LoginConfiguration = new Fusionauth.Inputs.FusionAuthApplicationLoginConfigurationArgs
{
AllowTokenRefresh = false,
GenerateRefreshTokens = false,
RequireAuthentication = true,
},
MultiFactorConfiguration = new Fusionauth.Inputs.FusionAuthApplicationMultiFactorConfigurationArgs
{
EmailTemplateId = "859f394b-22a6-4fa6-ba55-de700df9e950",
SmsTemplateId = "17760f96-dca7-448b-9a8f-c49016aa7210",
LoginPolicy = "Required",
TrustPolicy = "Any",
},
OauthConfiguration = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationArgs
{
AuthorizedOriginUrls = new[]
{
"http://www.example.com/oauth-callback",
},
AuthorizedUrlValidationPolicy = "ExactMatch",
EnabledGrants = new[]
{
"authorization_code",
"implicit",
},
GenerateRefreshTokens = false,
LogoutBehavior = "AllApplications",
LogoutUrl = "http://www.example.com/logout",
RequireClientAuthentication = false,
ProvidedScopePolicies = new[]
{
new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs
{
Address = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs
{
Enabled = false,
Required = false,
},
Email = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs
{
Enabled = false,
Required = false,
},
Phone = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs
{
Enabled = false,
Required = false,
},
Profile = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs
{
Enabled = false,
Required = false,
},
},
},
},
RegistrationConfiguration = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationArgs
{
BirthDate = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationBirthDateArgs
{
Enabled = false,
Required = false,
},
ConfirmPassword = false,
Enabled = false,
FirstName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFirstNameArgs
{
Enabled = false,
Required = false,
},
FullName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFullNameArgs
{
Enabled = false,
Required = false,
},
LastName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationLastNameArgs
{
Enabled = false,
Required = false,
},
LoginIdType = "",
MiddleName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs
{
Enabled = false,
Required = false,
},
MobilePhone = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs
{
Enabled = false,
Required = false,
},
PreferredLanguages = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs
{
Enabled = false,
Required = false,
},
Type = "",
},
PasswordlessConfigurationEnabled = false,
RegistrationDeletePolicy = new Fusionauth.Inputs.FusionAuthApplicationRegistrationDeletePolicyArgs
{
UnverifiedEnabled = true,
UnverifiedNumberOfDaysToRetain = 30,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fusionauth.FusionAuthApplication;
import com.pulumi.fusionauth.FusionAuthApplicationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationFormConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationJwtConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationLambdaConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationLoginConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationMultiFactorConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationOauthConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationBirthDateArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationFirstNameArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationFullNameArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationLastNameArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationDeletePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var forum = new FusionAuthApplication("forum", FusionAuthApplicationArgs.builder()
.tenantId(fusionauth_tenant.portal().id())
.authenticationTokenConfigurationEnabled(false)
.formConfiguration(FusionAuthApplicationFormConfigurationArgs.builder()
.adminRegistrationFormId(fusionauth_form.admin_registration().id())
.selfServiceFormId(fusionauth_form.self_service().id())
.build())
.jwtConfiguration(FusionAuthApplicationJwtConfigurationArgs.builder()
.accessTokenId(fusionauth_key.access_token().id())
.enabled(true)
.idTokenKeyId(fusionauth_key.id_token().id())
.refreshTokenTtlMinutes(43200)
.ttlSeconds(3600)
.build())
.lambdaConfiguration(FusionAuthApplicationLambdaConfigurationArgs.builder()
.accessTokenPopulateId(fusionauth_lambda.token_populate().id())
.idTokenPopulateId(fusionauth_lambda.id_token_populate().id())
.build())
.loginConfiguration(FusionAuthApplicationLoginConfigurationArgs.builder()
.allowTokenRefresh(false)
.generateRefreshTokens(false)
.requireAuthentication(true)
.build())
.multiFactorConfiguration(FusionAuthApplicationMultiFactorConfigurationArgs.builder()
.emailTemplateId("859f394b-22a6-4fa6-ba55-de700df9e950")
.smsTemplateId("17760f96-dca7-448b-9a8f-c49016aa7210")
.loginPolicy("Required")
.trustPolicy("Any")
.build())
.oauthConfiguration(FusionAuthApplicationOauthConfigurationArgs.builder()
.authorizedOriginUrls("http://www.example.com/oauth-callback")
.authorizedUrlValidationPolicy("ExactMatch")
.enabledGrants(
"authorization_code",
"implicit")
.generateRefreshTokens(false)
.logoutBehavior("AllApplications")
.logoutUrl("http://www.example.com/logout")
.requireClientAuthentication(false)
.providedScopePolicies(FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs.builder()
.address(FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs.builder()
.enabled(false)
.required(false)
.build())
.email(FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs.builder()
.enabled(false)
.required(false)
.build())
.phone(FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs.builder()
.enabled(false)
.required(false)
.build())
.profile(FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs.builder()
.enabled(false)
.required(false)
.build())
.build())
.build())
.registrationConfiguration(FusionAuthApplicationRegistrationConfigurationArgs.builder()
.birthDate(FusionAuthApplicationRegistrationConfigurationBirthDateArgs.builder()
.enabled(false)
.required(false)
.build())
.confirmPassword(false)
.enabled(false)
.firstName(FusionAuthApplicationRegistrationConfigurationFirstNameArgs.builder()
.enabled(false)
.required(false)
.build())
.fullName(FusionAuthApplicationRegistrationConfigurationFullNameArgs.builder()
.enabled(false)
.required(false)
.build())
.lastName(FusionAuthApplicationRegistrationConfigurationLastNameArgs.builder()
.enabled(false)
.required(false)
.build())
.loginIdType("")
.middleName(FusionAuthApplicationRegistrationConfigurationMiddleNameArgs.builder()
.enabled(false)
.required(false)
.build())
.mobilePhone(FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs.builder()
.enabled(false)
.required(false)
.build())
.preferredLanguages(FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs.builder()
.enabled(false)
.required(false)
.build())
.type("")
.build())
.passwordlessConfigurationEnabled(false)
.registrationDeletePolicy(FusionAuthApplicationRegistrationDeletePolicyArgs.builder()
.unverifiedEnabled(true)
.unverifiedNumberOfDaysToRetain(30)
.build())
.build());
}
}
resources:
forum:
type: fusionauth:FusionAuthApplication
properties:
tenantId: ${fusionauth_tenant.portal.id}
authenticationTokenConfigurationEnabled: false
formConfiguration:
adminRegistrationFormId: ${fusionauth_form.admin_registration.id}
selfServiceFormId: ${fusionauth_form.self_service.id}
jwtConfiguration:
accessTokenId: ${fusionauth_key.access_token.id}
enabled: true
idTokenKeyId: ${fusionauth_key.id_token.id}
refreshTokenTtlMinutes: 43200
ttlSeconds: 3600
lambdaConfiguration:
accessTokenPopulateId: ${fusionauth_lambda.token_populate.id}
idTokenPopulateId: ${fusionauth_lambda.id_token_populate.id}
loginConfiguration:
allowTokenRefresh: false
generateRefreshTokens: false
requireAuthentication: true
multiFactorConfiguration:
emailTemplateId: 859f394b-22a6-4fa6-ba55-de700df9e950
smsTemplateId: 17760f96-dca7-448b-9a8f-c49016aa7210
loginPolicy: Required
trustPolicy: Any
oauthConfiguration:
authorizedOriginUrls:
- http://www.example.com/oauth-callback
authorizedUrlValidationPolicy: ExactMatch
enabledGrants:
- authorization_code
- implicit
generateRefreshTokens: false
logoutBehavior: AllApplications
logoutUrl: http://www.example.com/logout
requireClientAuthentication: false
providedScopePolicies:
- address:
enabled: false
required: false
email:
enabled: false
required: false
phone:
enabled: false
required: false
profile:
enabled: false
required: false
registrationConfiguration:
birthDate:
enabled: false
required: false
confirmPassword: false
enabled: false
firstName:
enabled: false
required: false
fullName:
enabled: false
required: false
lastName:
enabled: false
required: false
loginIdType: ""
middleName:
enabled: false
required: false
mobilePhone:
enabled: false
required: false
preferredLanguages:
enabled: false
required: false
type: ""
passwordlessConfigurationEnabled: false
registrationDeletePolicy:
unverifiedEnabled: true
unverifiedNumberOfDaysToRetain: 30
Create FusionAuthApplication Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FusionAuthApplication(name: string, args: FusionAuthApplicationArgs, opts?: CustomResourceOptions);
@overload
def FusionAuthApplication(resource_name: str,
args: FusionAuthApplicationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FusionAuthApplication(resource_name: str,
opts: Optional[ResourceOptions] = None,
tenant_id: Optional[str] = None,
multi_factor_configuration: Optional[FusionAuthApplicationMultiFactorConfigurationArgs] = None,
clean_speak_configuration: Optional[FusionAuthApplicationCleanSpeakConfigurationArgs] = None,
oauth_configuration: Optional[FusionAuthApplicationOauthConfigurationArgs] = None,
data: Optional[Mapping[str, str]] = None,
email_configuration: Optional[FusionAuthApplicationEmailConfigurationArgs] = None,
form_configuration: Optional[FusionAuthApplicationFormConfigurationArgs] = None,
jwt_configuration: Optional[FusionAuthApplicationJwtConfigurationArgs] = None,
lambda_configuration: Optional[FusionAuthApplicationLambdaConfigurationArgs] = None,
passwordless_configuration_enabled: Optional[bool] = None,
access_control_configuration: Optional[FusionAuthApplicationAccessControlConfigurationArgs] = None,
webauthn_configuration: Optional[FusionAuthApplicationWebauthnConfigurationArgs] = None,
authentication_token_configuration_enabled: Optional[bool] = None,
login_configuration: Optional[FusionAuthApplicationLoginConfigurationArgs] = None,
registration_configuration: Optional[FusionAuthApplicationRegistrationConfigurationArgs] = None,
registration_delete_policy: Optional[FusionAuthApplicationRegistrationDeletePolicyArgs] = None,
samlv2_configuration: Optional[FusionAuthApplicationSamlv2ConfigurationArgs] = None,
application_id: Optional[str] = None,
theme_id: Optional[str] = None,
verification_email_template_id: Optional[str] = None,
verification_strategy: Optional[str] = None,
verify_registration: Optional[bool] = None,
name: Optional[str] = None)
func NewFusionAuthApplication(ctx *Context, name string, args FusionAuthApplicationArgs, opts ...ResourceOption) (*FusionAuthApplication, error)
public FusionAuthApplication(string name, FusionAuthApplicationArgs args, CustomResourceOptions? opts = null)
public FusionAuthApplication(String name, FusionAuthApplicationArgs args)
public FusionAuthApplication(String name, FusionAuthApplicationArgs args, CustomResourceOptions options)
type: fusionauth:FusionAuthApplication
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FusionAuthApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FusionAuthApplicationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FusionAuthApplicationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FusionAuthApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FusionAuthApplicationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var fusionAuthApplicationResource = new Fusionauth.FusionAuthApplication("fusionAuthApplicationResource", new()
{
TenantId = "string",
MultiFactorConfiguration = new Fusionauth.Inputs.FusionAuthApplicationMultiFactorConfigurationArgs
{
EmailTemplateId = "string",
LoginPolicy = "string",
SmsTemplateId = "string",
TrustPolicy = "string",
},
CleanSpeakConfiguration = new Fusionauth.Inputs.FusionAuthApplicationCleanSpeakConfigurationArgs
{
ApplicationIds = new[]
{
"string",
},
UsernameModeration = new Fusionauth.Inputs.FusionAuthApplicationCleanSpeakConfigurationUsernameModerationArgs
{
ApplicationId = "string",
Enabled = false,
},
},
OauthConfiguration = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationArgs
{
ScopeHandlingPolicy = "string",
UnknownScopePolicy = "string",
GenerateRefreshTokens = false,
LogoutBehavior = "string",
ClientId = "string",
ClientSecret = "string",
ConsentMode = "string",
Debug = false,
DeviceVerificationUrl = "string",
EnabledGrants = new[]
{
"string",
},
AuthorizedOriginUrls = new[]
{
"string",
},
ClientAuthenticationPolicy = "string",
LogoutUrl = "string",
ProofKeyForCodeExchangePolicy = "string",
ProvidedScopePolicies = new[]
{
new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs
{
Address = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs
{
Enabled = false,
Required = false,
},
Email = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs
{
Enabled = false,
Required = false,
},
Phone = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs
{
Enabled = false,
Required = false,
},
Profile = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs
{
Enabled = false,
Required = false,
},
},
},
Relationship = "string",
RequireRegistration = false,
AuthorizedUrlValidationPolicy = "string",
AuthorizedRedirectUrls = new[]
{
"string",
},
},
Data =
{
{ "string", "string" },
},
EmailConfiguration = new Fusionauth.Inputs.FusionAuthApplicationEmailConfigurationArgs
{
EmailUpdateTemplateId = "string",
EmailVerificationTemplateId = "string",
EmailVerifiedTemplateId = "string",
ForgotPasswordTemplateId = "string",
LoginIdInUseOnCreateTemplateId = "string",
LoginIdInUseOnUpdateTemplateId = "string",
LoginNewDeviceTemplateId = "string",
LoginSuspiciousTemplateId = "string",
PasswordResetSuccessTemplateId = "string",
PasswordUpdateTemplateId = "string",
PasswordlessEmailTemplateId = "string",
SetPasswordEmailTemplateId = "string",
TwoFactorMethodAddTemplateId = "string",
TwoFactorMethodRemoveTemplateId = "string",
},
FormConfiguration = new Fusionauth.Inputs.FusionAuthApplicationFormConfigurationArgs
{
AdminRegistrationFormId = "string",
SelfServiceFormConfiguration = new Fusionauth.Inputs.FusionAuthApplicationFormConfigurationSelfServiceFormConfigurationArgs
{
RequireCurrentPasswordOnPasswordChange = false,
},
SelfServiceFormId = "string",
},
JwtConfiguration = new Fusionauth.Inputs.FusionAuthApplicationJwtConfigurationArgs
{
AccessTokenId = "string",
Enabled = false,
IdTokenKeyId = "string",
RefreshTokenExpirationPolicy = "string",
RefreshTokenSlidingWindowMaximumTtlInMinutes = 0,
RefreshTokenTtlMinutes = 0,
RefreshTokenUsagePolicy = "string",
TtlSeconds = 0,
},
LambdaConfiguration = new Fusionauth.Inputs.FusionAuthApplicationLambdaConfigurationArgs
{
AccessTokenPopulateId = "string",
IdTokenPopulateId = "string",
Samlv2PopulateId = "string",
SelfServiceRegistrationValidationId = "string",
UserinfoPopulateId = "string",
},
PasswordlessConfigurationEnabled = false,
AccessControlConfiguration = new Fusionauth.Inputs.FusionAuthApplicationAccessControlConfigurationArgs
{
UiIpAccessControlListId = "string",
},
WebauthnConfiguration = new Fusionauth.Inputs.FusionAuthApplicationWebauthnConfigurationArgs
{
BootstrapWorkflowEnabled = false,
Enabled = false,
ReauthenticationWorkflowEnabled = false,
},
AuthenticationTokenConfigurationEnabled = false,
LoginConfiguration = new Fusionauth.Inputs.FusionAuthApplicationLoginConfigurationArgs
{
AllowTokenRefresh = false,
GenerateRefreshTokens = false,
RequireAuthentication = false,
},
RegistrationConfiguration = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationArgs
{
BirthDate = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationBirthDateArgs
{
Enabled = false,
Required = false,
},
ConfirmPassword = false,
Enabled = false,
FirstName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFirstNameArgs
{
Enabled = false,
Required = false,
},
FormId = "string",
FullName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFullNameArgs
{
Enabled = false,
Required = false,
},
LastName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationLastNameArgs
{
Enabled = false,
Required = false,
},
LoginIdType = "string",
MiddleName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs
{
Enabled = false,
Required = false,
},
MobilePhone = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs
{
Enabled = false,
Required = false,
},
PreferredLanguages = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs
{
Enabled = false,
Required = false,
},
Type = "string",
},
RegistrationDeletePolicy = new Fusionauth.Inputs.FusionAuthApplicationRegistrationDeletePolicyArgs
{
UnverifiedEnabled = false,
UnverifiedNumberOfDaysToRetain = 0,
},
Samlv2Configuration = new Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationArgs
{
AuthorizedRedirectUrls = new[]
{
"string",
},
Issuer = "string",
Debug = false,
KeyId = "string",
AssertionEncryptionConfiguration = new Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfigurationArgs
{
DigestAlgorithm = "string",
Enabled = false,
EncryptionAlgorithm = "string",
KeyLocation = "string",
KeyTransportAlgorithm = "string",
KeyTransportEncryptionKeyId = "string",
MaskGenerationFunction = "string",
},
DefaultVerificationKeyId = "string",
Enabled = false,
InitiatedLogin = new Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationInitiatedLoginArgs
{
Enabled = false,
NameIdFormat = "string",
},
Audience = "string",
LoginHintConfiguration = new Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationLoginHintConfigurationArgs
{
Enabled = false,
ParameterName = "string",
},
Logout = new Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationLogoutArgs
{
Behavior = "string",
DefaultVerificationKeyId = "string",
KeyId = "string",
RequireSignedRequests = false,
SingleLogout = new Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogoutArgs
{
Enabled = false,
KeyId = "string",
Url = "string",
XmlSignatureCanonicalizationMethod = "string",
},
XmlSignatureCanonicalizationMethod = "string",
},
LogoutUrl = "string",
RequiredSignedRequests = false,
XmlSignatureCanonicalizationMethod = "string",
XmlSignatureLocation = "string",
},
ApplicationId = "string",
ThemeId = "string",
VerificationEmailTemplateId = "string",
VerificationStrategy = "string",
VerifyRegistration = false,
Name = "string",
});
example, err := fusionauth.NewFusionAuthApplication(ctx, "fusionAuthApplicationResource", &fusionauth.FusionAuthApplicationArgs{
TenantId: pulumi.String("string"),
MultiFactorConfiguration: &fusionauth.FusionAuthApplicationMultiFactorConfigurationArgs{
EmailTemplateId: pulumi.String("string"),
LoginPolicy: pulumi.String("string"),
SmsTemplateId: pulumi.String("string"),
TrustPolicy: pulumi.String("string"),
},
CleanSpeakConfiguration: &fusionauth.FusionAuthApplicationCleanSpeakConfigurationArgs{
ApplicationIds: pulumi.StringArray{
pulumi.String("string"),
},
UsernameModeration: &fusionauth.FusionAuthApplicationCleanSpeakConfigurationUsernameModerationArgs{
ApplicationId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
},
},
OauthConfiguration: &fusionauth.FusionAuthApplicationOauthConfigurationArgs{
ScopeHandlingPolicy: pulumi.String("string"),
UnknownScopePolicy: pulumi.String("string"),
GenerateRefreshTokens: pulumi.Bool(false),
LogoutBehavior: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
ConsentMode: pulumi.String("string"),
Debug: pulumi.Bool(false),
DeviceVerificationUrl: pulumi.String("string"),
EnabledGrants: pulumi.StringArray{
pulumi.String("string"),
},
AuthorizedOriginUrls: pulumi.StringArray{
pulumi.String("string"),
},
ClientAuthenticationPolicy: pulumi.String("string"),
LogoutUrl: pulumi.String("string"),
ProofKeyForCodeExchangePolicy: pulumi.String("string"),
ProvidedScopePolicies: fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArray{
&fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs{
Address: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
Email: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
Phone: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
Profile: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
},
},
Relationship: pulumi.String("string"),
RequireRegistration: pulumi.Bool(false),
AuthorizedUrlValidationPolicy: pulumi.String("string"),
AuthorizedRedirectUrls: pulumi.StringArray{
pulumi.String("string"),
},
},
Data: pulumi.StringMap{
"string": pulumi.String("string"),
},
EmailConfiguration: &fusionauth.FusionAuthApplicationEmailConfigurationArgs{
EmailUpdateTemplateId: pulumi.String("string"),
EmailVerificationTemplateId: pulumi.String("string"),
EmailVerifiedTemplateId: pulumi.String("string"),
ForgotPasswordTemplateId: pulumi.String("string"),
LoginIdInUseOnCreateTemplateId: pulumi.String("string"),
LoginIdInUseOnUpdateTemplateId: pulumi.String("string"),
LoginNewDeviceTemplateId: pulumi.String("string"),
LoginSuspiciousTemplateId: pulumi.String("string"),
PasswordResetSuccessTemplateId: pulumi.String("string"),
PasswordUpdateTemplateId: pulumi.String("string"),
PasswordlessEmailTemplateId: pulumi.String("string"),
SetPasswordEmailTemplateId: pulumi.String("string"),
TwoFactorMethodAddTemplateId: pulumi.String("string"),
TwoFactorMethodRemoveTemplateId: pulumi.String("string"),
},
FormConfiguration: &fusionauth.FusionAuthApplicationFormConfigurationArgs{
AdminRegistrationFormId: pulumi.String("string"),
SelfServiceFormConfiguration: &fusionauth.FusionAuthApplicationFormConfigurationSelfServiceFormConfigurationArgs{
RequireCurrentPasswordOnPasswordChange: pulumi.Bool(false),
},
SelfServiceFormId: pulumi.String("string"),
},
JwtConfiguration: &fusionauth.FusionAuthApplicationJwtConfigurationArgs{
AccessTokenId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
IdTokenKeyId: pulumi.String("string"),
RefreshTokenExpirationPolicy: pulumi.String("string"),
RefreshTokenSlidingWindowMaximumTtlInMinutes: pulumi.Int(0),
RefreshTokenTtlMinutes: pulumi.Int(0),
RefreshTokenUsagePolicy: pulumi.String("string"),
TtlSeconds: pulumi.Int(0),
},
LambdaConfiguration: &fusionauth.FusionAuthApplicationLambdaConfigurationArgs{
AccessTokenPopulateId: pulumi.String("string"),
IdTokenPopulateId: pulumi.String("string"),
Samlv2PopulateId: pulumi.String("string"),
SelfServiceRegistrationValidationId: pulumi.String("string"),
UserinfoPopulateId: pulumi.String("string"),
},
PasswordlessConfigurationEnabled: pulumi.Bool(false),
AccessControlConfiguration: &fusionauth.FusionAuthApplicationAccessControlConfigurationArgs{
UiIpAccessControlListId: pulumi.String("string"),
},
WebauthnConfiguration: &fusionauth.FusionAuthApplicationWebauthnConfigurationArgs{
BootstrapWorkflowEnabled: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
ReauthenticationWorkflowEnabled: pulumi.Bool(false),
},
AuthenticationTokenConfigurationEnabled: pulumi.Bool(false),
LoginConfiguration: &fusionauth.FusionAuthApplicationLoginConfigurationArgs{
AllowTokenRefresh: pulumi.Bool(false),
GenerateRefreshTokens: pulumi.Bool(false),
RequireAuthentication: pulumi.Bool(false),
},
RegistrationConfiguration: &fusionauth.FusionAuthApplicationRegistrationConfigurationArgs{
BirthDate: &fusionauth.FusionAuthApplicationRegistrationConfigurationBirthDateArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
ConfirmPassword: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
FirstName: &fusionauth.FusionAuthApplicationRegistrationConfigurationFirstNameArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
FormId: pulumi.String("string"),
FullName: &fusionauth.FusionAuthApplicationRegistrationConfigurationFullNameArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
LastName: &fusionauth.FusionAuthApplicationRegistrationConfigurationLastNameArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
LoginIdType: pulumi.String("string"),
MiddleName: &fusionauth.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
MobilePhone: &fusionauth.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
PreferredLanguages: &fusionauth.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
Type: pulumi.String("string"),
},
RegistrationDeletePolicy: &fusionauth.FusionAuthApplicationRegistrationDeletePolicyArgs{
UnverifiedEnabled: pulumi.Bool(false),
UnverifiedNumberOfDaysToRetain: pulumi.Int(0),
},
Samlv2Configuration: &fusionauth.FusionAuthApplicationSamlv2ConfigurationArgs{
AuthorizedRedirectUrls: pulumi.StringArray{
pulumi.String("string"),
},
Issuer: pulumi.String("string"),
Debug: pulumi.Bool(false),
KeyId: pulumi.String("string"),
AssertionEncryptionConfiguration: &fusionauth.FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfigurationArgs{
DigestAlgorithm: pulumi.String("string"),
Enabled: pulumi.Bool(false),
EncryptionAlgorithm: pulumi.String("string"),
KeyLocation: pulumi.String("string"),
KeyTransportAlgorithm: pulumi.String("string"),
KeyTransportEncryptionKeyId: pulumi.String("string"),
MaskGenerationFunction: pulumi.String("string"),
},
DefaultVerificationKeyId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
InitiatedLogin: &fusionauth.FusionAuthApplicationSamlv2ConfigurationInitiatedLoginArgs{
Enabled: pulumi.Bool(false),
NameIdFormat: pulumi.String("string"),
},
Audience: pulumi.String("string"),
LoginHintConfiguration: &fusionauth.FusionAuthApplicationSamlv2ConfigurationLoginHintConfigurationArgs{
Enabled: pulumi.Bool(false),
ParameterName: pulumi.String("string"),
},
Logout: &fusionauth.FusionAuthApplicationSamlv2ConfigurationLogoutArgs{
Behavior: pulumi.String("string"),
DefaultVerificationKeyId: pulumi.String("string"),
KeyId: pulumi.String("string"),
RequireSignedRequests: pulumi.Bool(false),
SingleLogout: &fusionauth.FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogoutArgs{
Enabled: pulumi.Bool(false),
KeyId: pulumi.String("string"),
Url: pulumi.String("string"),
XmlSignatureCanonicalizationMethod: pulumi.String("string"),
},
XmlSignatureCanonicalizationMethod: pulumi.String("string"),
},
LogoutUrl: pulumi.String("string"),
RequiredSignedRequests: pulumi.Bool(false),
XmlSignatureCanonicalizationMethod: pulumi.String("string"),
XmlSignatureLocation: pulumi.String("string"),
},
ApplicationId: pulumi.String("string"),
ThemeId: pulumi.String("string"),
VerificationEmailTemplateId: pulumi.String("string"),
VerificationStrategy: pulumi.String("string"),
VerifyRegistration: pulumi.Bool(false),
Name: pulumi.String("string"),
})
var fusionAuthApplicationResource = new FusionAuthApplication("fusionAuthApplicationResource", FusionAuthApplicationArgs.builder()
.tenantId("string")
.multiFactorConfiguration(FusionAuthApplicationMultiFactorConfigurationArgs.builder()
.emailTemplateId("string")
.loginPolicy("string")
.smsTemplateId("string")
.trustPolicy("string")
.build())
.cleanSpeakConfiguration(FusionAuthApplicationCleanSpeakConfigurationArgs.builder()
.applicationIds("string")
.usernameModeration(FusionAuthApplicationCleanSpeakConfigurationUsernameModerationArgs.builder()
.applicationId("string")
.enabled(false)
.build())
.build())
.oauthConfiguration(FusionAuthApplicationOauthConfigurationArgs.builder()
.scopeHandlingPolicy("string")
.unknownScopePolicy("string")
.generateRefreshTokens(false)
.logoutBehavior("string")
.clientId("string")
.clientSecret("string")
.consentMode("string")
.debug(false)
.deviceVerificationUrl("string")
.enabledGrants("string")
.authorizedOriginUrls("string")
.clientAuthenticationPolicy("string")
.logoutUrl("string")
.proofKeyForCodeExchangePolicy("string")
.providedScopePolicies(FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs.builder()
.address(FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs.builder()
.enabled(false)
.required(false)
.build())
.email(FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs.builder()
.enabled(false)
.required(false)
.build())
.phone(FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs.builder()
.enabled(false)
.required(false)
.build())
.profile(FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs.builder()
.enabled(false)
.required(false)
.build())
.build())
.relationship("string")
.requireRegistration(false)
.authorizedUrlValidationPolicy("string")
.authorizedRedirectUrls("string")
.build())
.data(Map.of("string", "string"))
.emailConfiguration(FusionAuthApplicationEmailConfigurationArgs.builder()
.emailUpdateTemplateId("string")
.emailVerificationTemplateId("string")
.emailVerifiedTemplateId("string")
.forgotPasswordTemplateId("string")
.loginIdInUseOnCreateTemplateId("string")
.loginIdInUseOnUpdateTemplateId("string")
.loginNewDeviceTemplateId("string")
.loginSuspiciousTemplateId("string")
.passwordResetSuccessTemplateId("string")
.passwordUpdateTemplateId("string")
.passwordlessEmailTemplateId("string")
.setPasswordEmailTemplateId("string")
.twoFactorMethodAddTemplateId("string")
.twoFactorMethodRemoveTemplateId("string")
.build())
.formConfiguration(FusionAuthApplicationFormConfigurationArgs.builder()
.adminRegistrationFormId("string")
.selfServiceFormConfiguration(FusionAuthApplicationFormConfigurationSelfServiceFormConfigurationArgs.builder()
.requireCurrentPasswordOnPasswordChange(false)
.build())
.selfServiceFormId("string")
.build())
.jwtConfiguration(FusionAuthApplicationJwtConfigurationArgs.builder()
.accessTokenId("string")
.enabled(false)
.idTokenKeyId("string")
.refreshTokenExpirationPolicy("string")
.refreshTokenSlidingWindowMaximumTtlInMinutes(0)
.refreshTokenTtlMinutes(0)
.refreshTokenUsagePolicy("string")
.ttlSeconds(0)
.build())
.lambdaConfiguration(FusionAuthApplicationLambdaConfigurationArgs.builder()
.accessTokenPopulateId("string")
.idTokenPopulateId("string")
.samlv2PopulateId("string")
.selfServiceRegistrationValidationId("string")
.userinfoPopulateId("string")
.build())
.passwordlessConfigurationEnabled(false)
.accessControlConfiguration(FusionAuthApplicationAccessControlConfigurationArgs.builder()
.uiIpAccessControlListId("string")
.build())
.webauthnConfiguration(FusionAuthApplicationWebauthnConfigurationArgs.builder()
.bootstrapWorkflowEnabled(false)
.enabled(false)
.reauthenticationWorkflowEnabled(false)
.build())
.authenticationTokenConfigurationEnabled(false)
.loginConfiguration(FusionAuthApplicationLoginConfigurationArgs.builder()
.allowTokenRefresh(false)
.generateRefreshTokens(false)
.requireAuthentication(false)
.build())
.registrationConfiguration(FusionAuthApplicationRegistrationConfigurationArgs.builder()
.birthDate(FusionAuthApplicationRegistrationConfigurationBirthDateArgs.builder()
.enabled(false)
.required(false)
.build())
.confirmPassword(false)
.enabled(false)
.firstName(FusionAuthApplicationRegistrationConfigurationFirstNameArgs.builder()
.enabled(false)
.required(false)
.build())
.formId("string")
.fullName(FusionAuthApplicationRegistrationConfigurationFullNameArgs.builder()
.enabled(false)
.required(false)
.build())
.lastName(FusionAuthApplicationRegistrationConfigurationLastNameArgs.builder()
.enabled(false)
.required(false)
.build())
.loginIdType("string")
.middleName(FusionAuthApplicationRegistrationConfigurationMiddleNameArgs.builder()
.enabled(false)
.required(false)
.build())
.mobilePhone(FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs.builder()
.enabled(false)
.required(false)
.build())
.preferredLanguages(FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs.builder()
.enabled(false)
.required(false)
.build())
.type("string")
.build())
.registrationDeletePolicy(FusionAuthApplicationRegistrationDeletePolicyArgs.builder()
.unverifiedEnabled(false)
.unverifiedNumberOfDaysToRetain(0)
.build())
.samlv2Configuration(FusionAuthApplicationSamlv2ConfigurationArgs.builder()
.authorizedRedirectUrls("string")
.issuer("string")
.debug(false)
.keyId("string")
.assertionEncryptionConfiguration(FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfigurationArgs.builder()
.digestAlgorithm("string")
.enabled(false)
.encryptionAlgorithm("string")
.keyLocation("string")
.keyTransportAlgorithm("string")
.keyTransportEncryptionKeyId("string")
.maskGenerationFunction("string")
.build())
.defaultVerificationKeyId("string")
.enabled(false)
.initiatedLogin(FusionAuthApplicationSamlv2ConfigurationInitiatedLoginArgs.builder()
.enabled(false)
.nameIdFormat("string")
.build())
.audience("string")
.loginHintConfiguration(FusionAuthApplicationSamlv2ConfigurationLoginHintConfigurationArgs.builder()
.enabled(false)
.parameterName("string")
.build())
.logout(FusionAuthApplicationSamlv2ConfigurationLogoutArgs.builder()
.behavior("string")
.defaultVerificationKeyId("string")
.keyId("string")
.requireSignedRequests(false)
.singleLogout(FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogoutArgs.builder()
.enabled(false)
.keyId("string")
.url("string")
.xmlSignatureCanonicalizationMethod("string")
.build())
.xmlSignatureCanonicalizationMethod("string")
.build())
.logoutUrl("string")
.requiredSignedRequests(false)
.xmlSignatureCanonicalizationMethod("string")
.xmlSignatureLocation("string")
.build())
.applicationId("string")
.themeId("string")
.verificationEmailTemplateId("string")
.verificationStrategy("string")
.verifyRegistration(false)
.name("string")
.build());
fusion_auth_application_resource = fusionauth.FusionAuthApplication("fusionAuthApplicationResource",
tenant_id="string",
multi_factor_configuration={
"email_template_id": "string",
"login_policy": "string",
"sms_template_id": "string",
"trust_policy": "string",
},
clean_speak_configuration={
"application_ids": ["string"],
"username_moderation": {
"application_id": "string",
"enabled": False,
},
},
oauth_configuration={
"scope_handling_policy": "string",
"unknown_scope_policy": "string",
"generate_refresh_tokens": False,
"logout_behavior": "string",
"client_id": "string",
"client_secret": "string",
"consent_mode": "string",
"debug": False,
"device_verification_url": "string",
"enabled_grants": ["string"],
"authorized_origin_urls": ["string"],
"client_authentication_policy": "string",
"logout_url": "string",
"proof_key_for_code_exchange_policy": "string",
"provided_scope_policies": [{
"address": {
"enabled": False,
"required": False,
},
"email": {
"enabled": False,
"required": False,
},
"phone": {
"enabled": False,
"required": False,
},
"profile": {
"enabled": False,
"required": False,
},
}],
"relationship": "string",
"require_registration": False,
"authorized_url_validation_policy": "string",
"authorized_redirect_urls": ["string"],
},
data={
"string": "string",
},
email_configuration={
"email_update_template_id": "string",
"email_verification_template_id": "string",
"email_verified_template_id": "string",
"forgot_password_template_id": "string",
"login_id_in_use_on_create_template_id": "string",
"login_id_in_use_on_update_template_id": "string",
"login_new_device_template_id": "string",
"login_suspicious_template_id": "string",
"password_reset_success_template_id": "string",
"password_update_template_id": "string",
"passwordless_email_template_id": "string",
"set_password_email_template_id": "string",
"two_factor_method_add_template_id": "string",
"two_factor_method_remove_template_id": "string",
},
form_configuration={
"admin_registration_form_id": "string",
"self_service_form_configuration": {
"require_current_password_on_password_change": False,
},
"self_service_form_id": "string",
},
jwt_configuration={
"access_token_id": "string",
"enabled": False,
"id_token_key_id": "string",
"refresh_token_expiration_policy": "string",
"refresh_token_sliding_window_maximum_ttl_in_minutes": 0,
"refresh_token_ttl_minutes": 0,
"refresh_token_usage_policy": "string",
"ttl_seconds": 0,
},
lambda_configuration={
"access_token_populate_id": "string",
"id_token_populate_id": "string",
"samlv2_populate_id": "string",
"self_service_registration_validation_id": "string",
"userinfo_populate_id": "string",
},
passwordless_configuration_enabled=False,
access_control_configuration={
"ui_ip_access_control_list_id": "string",
},
webauthn_configuration={
"bootstrap_workflow_enabled": False,
"enabled": False,
"reauthentication_workflow_enabled": False,
},
authentication_token_configuration_enabled=False,
login_configuration={
"allow_token_refresh": False,
"generate_refresh_tokens": False,
"require_authentication": False,
},
registration_configuration={
"birth_date": {
"enabled": False,
"required": False,
},
"confirm_password": False,
"enabled": False,
"first_name": {
"enabled": False,
"required": False,
},
"form_id": "string",
"full_name": {
"enabled": False,
"required": False,
},
"last_name": {
"enabled": False,
"required": False,
},
"login_id_type": "string",
"middle_name": {
"enabled": False,
"required": False,
},
"mobile_phone": {
"enabled": False,
"required": False,
},
"preferred_languages": {
"enabled": False,
"required": False,
},
"type": "string",
},
registration_delete_policy={
"unverified_enabled": False,
"unverified_number_of_days_to_retain": 0,
},
samlv2_configuration={
"authorized_redirect_urls": ["string"],
"issuer": "string",
"debug": False,
"key_id": "string",
"assertion_encryption_configuration": {
"digest_algorithm": "string",
"enabled": False,
"encryption_algorithm": "string",
"key_location": "string",
"key_transport_algorithm": "string",
"key_transport_encryption_key_id": "string",
"mask_generation_function": "string",
},
"default_verification_key_id": "string",
"enabled": False,
"initiated_login": {
"enabled": False,
"name_id_format": "string",
},
"audience": "string",
"login_hint_configuration": {
"enabled": False,
"parameter_name": "string",
},
"logout": {
"behavior": "string",
"default_verification_key_id": "string",
"key_id": "string",
"require_signed_requests": False,
"single_logout": {
"enabled": False,
"key_id": "string",
"url": "string",
"xml_signature_canonicalization_method": "string",
},
"xml_signature_canonicalization_method": "string",
},
"logout_url": "string",
"required_signed_requests": False,
"xml_signature_canonicalization_method": "string",
"xml_signature_location": "string",
},
application_id="string",
theme_id="string",
verification_email_template_id="string",
verification_strategy="string",
verify_registration=False,
name="string")
const fusionAuthApplicationResource = new fusionauth.FusionAuthApplication("fusionAuthApplicationResource", {
tenantId: "string",
multiFactorConfiguration: {
emailTemplateId: "string",
loginPolicy: "string",
smsTemplateId: "string",
trustPolicy: "string",
},
cleanSpeakConfiguration: {
applicationIds: ["string"],
usernameModeration: {
applicationId: "string",
enabled: false,
},
},
oauthConfiguration: {
scopeHandlingPolicy: "string",
unknownScopePolicy: "string",
generateRefreshTokens: false,
logoutBehavior: "string",
clientId: "string",
clientSecret: "string",
consentMode: "string",
debug: false,
deviceVerificationUrl: "string",
enabledGrants: ["string"],
authorizedOriginUrls: ["string"],
clientAuthenticationPolicy: "string",
logoutUrl: "string",
proofKeyForCodeExchangePolicy: "string",
providedScopePolicies: [{
address: {
enabled: false,
required: false,
},
email: {
enabled: false,
required: false,
},
phone: {
enabled: false,
required: false,
},
profile: {
enabled: false,
required: false,
},
}],
relationship: "string",
requireRegistration: false,
authorizedUrlValidationPolicy: "string",
authorizedRedirectUrls: ["string"],
},
data: {
string: "string",
},
emailConfiguration: {
emailUpdateTemplateId: "string",
emailVerificationTemplateId: "string",
emailVerifiedTemplateId: "string",
forgotPasswordTemplateId: "string",
loginIdInUseOnCreateTemplateId: "string",
loginIdInUseOnUpdateTemplateId: "string",
loginNewDeviceTemplateId: "string",
loginSuspiciousTemplateId: "string",
passwordResetSuccessTemplateId: "string",
passwordUpdateTemplateId: "string",
passwordlessEmailTemplateId: "string",
setPasswordEmailTemplateId: "string",
twoFactorMethodAddTemplateId: "string",
twoFactorMethodRemoveTemplateId: "string",
},
formConfiguration: {
adminRegistrationFormId: "string",
selfServiceFormConfiguration: {
requireCurrentPasswordOnPasswordChange: false,
},
selfServiceFormId: "string",
},
jwtConfiguration: {
accessTokenId: "string",
enabled: false,
idTokenKeyId: "string",
refreshTokenExpirationPolicy: "string",
refreshTokenSlidingWindowMaximumTtlInMinutes: 0,
refreshTokenTtlMinutes: 0,
refreshTokenUsagePolicy: "string",
ttlSeconds: 0,
},
lambdaConfiguration: {
accessTokenPopulateId: "string",
idTokenPopulateId: "string",
samlv2PopulateId: "string",
selfServiceRegistrationValidationId: "string",
userinfoPopulateId: "string",
},
passwordlessConfigurationEnabled: false,
accessControlConfiguration: {
uiIpAccessControlListId: "string",
},
webauthnConfiguration: {
bootstrapWorkflowEnabled: false,
enabled: false,
reauthenticationWorkflowEnabled: false,
},
authenticationTokenConfigurationEnabled: false,
loginConfiguration: {
allowTokenRefresh: false,
generateRefreshTokens: false,
requireAuthentication: false,
},
registrationConfiguration: {
birthDate: {
enabled: false,
required: false,
},
confirmPassword: false,
enabled: false,
firstName: {
enabled: false,
required: false,
},
formId: "string",
fullName: {
enabled: false,
required: false,
},
lastName: {
enabled: false,
required: false,
},
loginIdType: "string",
middleName: {
enabled: false,
required: false,
},
mobilePhone: {
enabled: false,
required: false,
},
preferredLanguages: {
enabled: false,
required: false,
},
type: "string",
},
registrationDeletePolicy: {
unverifiedEnabled: false,
unverifiedNumberOfDaysToRetain: 0,
},
samlv2Configuration: {
authorizedRedirectUrls: ["string"],
issuer: "string",
debug: false,
keyId: "string",
assertionEncryptionConfiguration: {
digestAlgorithm: "string",
enabled: false,
encryptionAlgorithm: "string",
keyLocation: "string",
keyTransportAlgorithm: "string",
keyTransportEncryptionKeyId: "string",
maskGenerationFunction: "string",
},
defaultVerificationKeyId: "string",
enabled: false,
initiatedLogin: {
enabled: false,
nameIdFormat: "string",
},
audience: "string",
loginHintConfiguration: {
enabled: false,
parameterName: "string",
},
logout: {
behavior: "string",
defaultVerificationKeyId: "string",
keyId: "string",
requireSignedRequests: false,
singleLogout: {
enabled: false,
keyId: "string",
url: "string",
xmlSignatureCanonicalizationMethod: "string",
},
xmlSignatureCanonicalizationMethod: "string",
},
logoutUrl: "string",
requiredSignedRequests: false,
xmlSignatureCanonicalizationMethod: "string",
xmlSignatureLocation: "string",
},
applicationId: "string",
themeId: "string",
verificationEmailTemplateId: "string",
verificationStrategy: "string",
verifyRegistration: false,
name: "string",
});
type: fusionauth:FusionAuthApplication
properties:
accessControlConfiguration:
uiIpAccessControlListId: string
applicationId: string
authenticationTokenConfigurationEnabled: false
cleanSpeakConfiguration:
applicationIds:
- string
usernameModeration:
applicationId: string
enabled: false
data:
string: string
emailConfiguration:
emailUpdateTemplateId: string
emailVerificationTemplateId: string
emailVerifiedTemplateId: string
forgotPasswordTemplateId: string
loginIdInUseOnCreateTemplateId: string
loginIdInUseOnUpdateTemplateId: string
loginNewDeviceTemplateId: string
loginSuspiciousTemplateId: string
passwordResetSuccessTemplateId: string
passwordUpdateTemplateId: string
passwordlessEmailTemplateId: string
setPasswordEmailTemplateId: string
twoFactorMethodAddTemplateId: string
twoFactorMethodRemoveTemplateId: string
formConfiguration:
adminRegistrationFormId: string
selfServiceFormConfiguration:
requireCurrentPasswordOnPasswordChange: false
selfServiceFormId: string
jwtConfiguration:
accessTokenId: string
enabled: false
idTokenKeyId: string
refreshTokenExpirationPolicy: string
refreshTokenSlidingWindowMaximumTtlInMinutes: 0
refreshTokenTtlMinutes: 0
refreshTokenUsagePolicy: string
ttlSeconds: 0
lambdaConfiguration:
accessTokenPopulateId: string
idTokenPopulateId: string
samlv2PopulateId: string
selfServiceRegistrationValidationId: string
userinfoPopulateId: string
loginConfiguration:
allowTokenRefresh: false
generateRefreshTokens: false
requireAuthentication: false
multiFactorConfiguration:
emailTemplateId: string
loginPolicy: string
smsTemplateId: string
trustPolicy: string
name: string
oauthConfiguration:
authorizedOriginUrls:
- string
authorizedRedirectUrls:
- string
authorizedUrlValidationPolicy: string
clientAuthenticationPolicy: string
clientId: string
clientSecret: string
consentMode: string
debug: false
deviceVerificationUrl: string
enabledGrants:
- string
generateRefreshTokens: false
logoutBehavior: string
logoutUrl: string
proofKeyForCodeExchangePolicy: string
providedScopePolicies:
- address:
enabled: false
required: false
email:
enabled: false
required: false
phone:
enabled: false
required: false
profile:
enabled: false
required: false
relationship: string
requireRegistration: false
scopeHandlingPolicy: string
unknownScopePolicy: string
passwordlessConfigurationEnabled: false
registrationConfiguration:
birthDate:
enabled: false
required: false
confirmPassword: false
enabled: false
firstName:
enabled: false
required: false
formId: string
fullName:
enabled: false
required: false
lastName:
enabled: false
required: false
loginIdType: string
middleName:
enabled: false
required: false
mobilePhone:
enabled: false
required: false
preferredLanguages:
enabled: false
required: false
type: string
registrationDeletePolicy:
unverifiedEnabled: false
unverifiedNumberOfDaysToRetain: 0
samlv2Configuration:
assertionEncryptionConfiguration:
digestAlgorithm: string
enabled: false
encryptionAlgorithm: string
keyLocation: string
keyTransportAlgorithm: string
keyTransportEncryptionKeyId: string
maskGenerationFunction: string
audience: string
authorizedRedirectUrls:
- string
debug: false
defaultVerificationKeyId: string
enabled: false
initiatedLogin:
enabled: false
nameIdFormat: string
issuer: string
keyId: string
loginHintConfiguration:
enabled: false
parameterName: string
logout:
behavior: string
defaultVerificationKeyId: string
keyId: string
requireSignedRequests: false
singleLogout:
enabled: false
keyId: string
url: string
xmlSignatureCanonicalizationMethod: string
xmlSignatureCanonicalizationMethod: string
logoutUrl: string
requiredSignedRequests: false
xmlSignatureCanonicalizationMethod: string
xmlSignatureLocation: string
tenantId: string
themeId: string
verificationEmailTemplateId: string
verificationStrategy: string
verifyRegistration: false
webauthnConfiguration:
bootstrapWorkflowEnabled: false
enabled: false
reauthenticationWorkflowEnabled: false
FusionAuthApplication Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FusionAuthApplication resource accepts the following input properties:
- Tenant
Id string - The Id of the Tenant that this Application belongs to.
- Access
Control theogravity.Configuration Fusionauth. Inputs. Fusion Auth Application Access Control Configuration - Application
Id string - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- Authentication
Token boolConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- Clean
Speak theogravity.Configuration Fusionauth. Inputs. Fusion Auth Application Clean Speak Configuration - Data Dictionary<string, string>
- An object that can hold any information about the Application that should be persisted.
- Email
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Email Configuration - Form
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Form Configuration - Jwt
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Jwt Configuration - Lambda
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Lambda Configuration - Login
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Login Configuration - Multi
Factor theogravity.Configuration Fusionauth. Inputs. Fusion Auth Application Multi Factor Configuration - Name string
- The name of the Application.
- Oauth
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Oauth Configuration - Passwordless
Configuration boolEnabled - Determines if passwordless login is enabled for this application.
- Registration
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration - Registration
Delete theogravity.Policy Fusionauth. Inputs. Fusion Auth Application Registration Delete Policy - Samlv2Configuration
theogravity.
Fusionauth. Inputs. Fusion Auth Application Samlv2Configuration - Theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- Verification
Email stringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- Verification
Strategy string - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- Verify
Registration bool - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- Webauthn
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Webauthn Configuration
- Tenant
Id string - The Id of the Tenant that this Application belongs to.
- Access
Control FusionConfiguration Auth Application Access Control Configuration Args - Application
Id string - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- Authentication
Token boolConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- Clean
Speak FusionConfiguration Auth Application Clean Speak Configuration Args - Data map[string]string
- An object that can hold any information about the Application that should be persisted.
- Email
Configuration FusionAuth Application Email Configuration Args - Form
Configuration FusionAuth Application Form Configuration Args - Jwt
Configuration FusionAuth Application Jwt Configuration Args - Lambda
Configuration FusionAuth Application Lambda Configuration Args - Login
Configuration FusionAuth Application Login Configuration Args - Multi
Factor FusionConfiguration Auth Application Multi Factor Configuration Args - Name string
- The name of the Application.
- Oauth
Configuration FusionAuth Application Oauth Configuration Args - Passwordless
Configuration boolEnabled - Determines if passwordless login is enabled for this application.
- Registration
Configuration FusionAuth Application Registration Configuration Args - Registration
Delete FusionPolicy Auth Application Registration Delete Policy Args - Samlv2Configuration
Fusion
Auth Application Samlv2Configuration Args - Theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- Verification
Email stringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- Verification
Strategy string - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- Verify
Registration bool - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- Webauthn
Configuration FusionAuth Application Webauthn Configuration Args
- tenant
Id String - The Id of the Tenant that this Application belongs to.
- access
Control FusionConfiguration Auth Application Access Control Configuration - application
Id String - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- authentication
Token BooleanConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- clean
Speak FusionConfiguration Auth Application Clean Speak Configuration - data Map<String,String>
- An object that can hold any information about the Application that should be persisted.
- email
Configuration FusionAuth Application Email Configuration - form
Configuration FusionAuth Application Form Configuration - jwt
Configuration FusionAuth Application Jwt Configuration - lambda
Configuration FusionAuth Application Lambda Configuration - login
Configuration FusionAuth Application Login Configuration - multi
Factor FusionConfiguration Auth Application Multi Factor Configuration - name String
- The name of the Application.
- oauth
Configuration FusionAuth Application Oauth Configuration - passwordless
Configuration BooleanEnabled - Determines if passwordless login is enabled for this application.
- registration
Configuration FusionAuth Application Registration Configuration - registration
Delete FusionPolicy Auth Application Registration Delete Policy - samlv2Configuration
Fusion
Auth Application Samlv2Configuration - theme
Id String - The unique Id of the theme to be used to style the login page and other end user templates.
- verification
Email StringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- verification
Strategy String - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- verify
Registration Boolean - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- webauthn
Configuration FusionAuth Application Webauthn Configuration
- tenant
Id string - The Id of the Tenant that this Application belongs to.
- access
Control FusionConfiguration Auth Application Access Control Configuration - application
Id string - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- authentication
Token booleanConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- clean
Speak FusionConfiguration Auth Application Clean Speak Configuration - data {[key: string]: string}
- An object that can hold any information about the Application that should be persisted.
- email
Configuration FusionAuth Application Email Configuration - form
Configuration FusionAuth Application Form Configuration - jwt
Configuration FusionAuth Application Jwt Configuration - lambda
Configuration FusionAuth Application Lambda Configuration - login
Configuration FusionAuth Application Login Configuration - multi
Factor FusionConfiguration Auth Application Multi Factor Configuration - name string
- The name of the Application.
- oauth
Configuration FusionAuth Application Oauth Configuration - passwordless
Configuration booleanEnabled - Determines if passwordless login is enabled for this application.
- registration
Configuration FusionAuth Application Registration Configuration - registration
Delete FusionPolicy Auth Application Registration Delete Policy - samlv2Configuration
Fusion
Auth Application Samlv2Configuration - theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- verification
Email stringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- verification
Strategy string - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- verify
Registration boolean - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- webauthn
Configuration FusionAuth Application Webauthn Configuration
- tenant_
id str - The Id of the Tenant that this Application belongs to.
- access_
control_ Fusionconfiguration Auth Application Access Control Configuration Args - application_
id str - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- authentication_
token_ boolconfiguration_ enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- clean_
speak_ Fusionconfiguration Auth Application Clean Speak Configuration Args - data Mapping[str, str]
- An object that can hold any information about the Application that should be persisted.
- email_
configuration FusionAuth Application Email Configuration Args - form_
configuration FusionAuth Application Form Configuration Args - jwt_
configuration FusionAuth Application Jwt Configuration Args - lambda_
configuration FusionAuth Application Lambda Configuration Args - login_
configuration FusionAuth Application Login Configuration Args - multi_
factor_ Fusionconfiguration Auth Application Multi Factor Configuration Args - name str
- The name of the Application.
- oauth_
configuration FusionAuth Application Oauth Configuration Args - passwordless_
configuration_ boolenabled - Determines if passwordless login is enabled for this application.
- registration_
configuration FusionAuth Application Registration Configuration Args - registration_
delete_ Fusionpolicy Auth Application Registration Delete Policy Args - samlv2_
configuration FusionAuth Application Samlv2Configuration Args - theme_
id str - The unique Id of the theme to be used to style the login page and other end user templates.
- verification_
email_ strtemplate_ id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- verification_
strategy str - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- verify_
registration bool - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- webauthn_
configuration FusionAuth Application Webauthn Configuration Args
- tenant
Id String - The Id of the Tenant that this Application belongs to.
- access
Control Property MapConfiguration - application
Id String - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- authentication
Token BooleanConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- clean
Speak Property MapConfiguration - data Map<String>
- An object that can hold any information about the Application that should be persisted.
- email
Configuration Property Map - form
Configuration Property Map - jwt
Configuration Property Map - lambda
Configuration Property Map - login
Configuration Property Map - multi
Factor Property MapConfiguration - name String
- The name of the Application.
- oauth
Configuration Property Map - passwordless
Configuration BooleanEnabled - Determines if passwordless login is enabled for this application.
- registration
Configuration Property Map - registration
Delete Property MapPolicy - samlv2Configuration Property Map
- theme
Id String - The unique Id of the theme to be used to style the login page and other end user templates.
- verification
Email StringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- verification
Strategy String - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- verify
Registration Boolean - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- webauthn
Configuration Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the FusionAuthApplication resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Insert
Instant int - The instant that the Application was added to the FusionAuth database.
- Last
Update intInstant - The instant that the Application was last updated in the FusionAuth database.
- Id string
- The provider-assigned unique ID for this managed resource.
- Insert
Instant int - The instant that the Application was added to the FusionAuth database.
- Last
Update intInstant - The instant that the Application was last updated in the FusionAuth database.
- id String
- The provider-assigned unique ID for this managed resource.
- insert
Instant Integer - The instant that the Application was added to the FusionAuth database.
- last
Update IntegerInstant - The instant that the Application was last updated in the FusionAuth database.
- id string
- The provider-assigned unique ID for this managed resource.
- insert
Instant number - The instant that the Application was added to the FusionAuth database.
- last
Update numberInstant - The instant that the Application was last updated in the FusionAuth database.
- id str
- The provider-assigned unique ID for this managed resource.
- insert_
instant int - The instant that the Application was added to the FusionAuth database.
- last_
update_ intinstant - The instant that the Application was last updated in the FusionAuth database.
- id String
- The provider-assigned unique ID for this managed resource.
- insert
Instant Number - The instant that the Application was added to the FusionAuth database.
- last
Update NumberInstant - The instant that the Application was last updated in the FusionAuth database.
Look up Existing FusionAuthApplication Resource
Get an existing FusionAuthApplication resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FusionAuthApplicationState, opts?: CustomResourceOptions): FusionAuthApplication
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_control_configuration: Optional[FusionAuthApplicationAccessControlConfigurationArgs] = None,
application_id: Optional[str] = None,
authentication_token_configuration_enabled: Optional[bool] = None,
clean_speak_configuration: Optional[FusionAuthApplicationCleanSpeakConfigurationArgs] = None,
data: Optional[Mapping[str, str]] = None,
email_configuration: Optional[FusionAuthApplicationEmailConfigurationArgs] = None,
form_configuration: Optional[FusionAuthApplicationFormConfigurationArgs] = None,
insert_instant: Optional[int] = None,
jwt_configuration: Optional[FusionAuthApplicationJwtConfigurationArgs] = None,
lambda_configuration: Optional[FusionAuthApplicationLambdaConfigurationArgs] = None,
last_update_instant: Optional[int] = None,
login_configuration: Optional[FusionAuthApplicationLoginConfigurationArgs] = None,
multi_factor_configuration: Optional[FusionAuthApplicationMultiFactorConfigurationArgs] = None,
name: Optional[str] = None,
oauth_configuration: Optional[FusionAuthApplicationOauthConfigurationArgs] = None,
passwordless_configuration_enabled: Optional[bool] = None,
registration_configuration: Optional[FusionAuthApplicationRegistrationConfigurationArgs] = None,
registration_delete_policy: Optional[FusionAuthApplicationRegistrationDeletePolicyArgs] = None,
samlv2_configuration: Optional[FusionAuthApplicationSamlv2ConfigurationArgs] = None,
tenant_id: Optional[str] = None,
theme_id: Optional[str] = None,
verification_email_template_id: Optional[str] = None,
verification_strategy: Optional[str] = None,
verify_registration: Optional[bool] = None,
webauthn_configuration: Optional[FusionAuthApplicationWebauthnConfigurationArgs] = None) -> FusionAuthApplication
func GetFusionAuthApplication(ctx *Context, name string, id IDInput, state *FusionAuthApplicationState, opts ...ResourceOption) (*FusionAuthApplication, error)
public static FusionAuthApplication Get(string name, Input<string> id, FusionAuthApplicationState? state, CustomResourceOptions? opts = null)
public static FusionAuthApplication get(String name, Output<String> id, FusionAuthApplicationState state, CustomResourceOptions options)
resources: _: type: fusionauth:FusionAuthApplication get: id: ${id}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Control theogravity.Configuration Fusionauth. Inputs. Fusion Auth Application Access Control Configuration - Application
Id string - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- Authentication
Token boolConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- Clean
Speak theogravity.Configuration Fusionauth. Inputs. Fusion Auth Application Clean Speak Configuration - Data Dictionary<string, string>
- An object that can hold any information about the Application that should be persisted.
- Email
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Email Configuration - Form
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Form Configuration - Insert
Instant int - The instant that the Application was added to the FusionAuth database.
- Jwt
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Jwt Configuration - Lambda
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Lambda Configuration - Last
Update intInstant - The instant that the Application was last updated in the FusionAuth database.
- Login
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Login Configuration - Multi
Factor theogravity.Configuration Fusionauth. Inputs. Fusion Auth Application Multi Factor Configuration - Name string
- The name of the Application.
- Oauth
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Oauth Configuration - Passwordless
Configuration boolEnabled - Determines if passwordless login is enabled for this application.
- Registration
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration - Registration
Delete theogravity.Policy Fusionauth. Inputs. Fusion Auth Application Registration Delete Policy - Samlv2Configuration
theogravity.
Fusionauth. Inputs. Fusion Auth Application Samlv2Configuration - Tenant
Id string - The Id of the Tenant that this Application belongs to.
- Theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- Verification
Email stringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- Verification
Strategy string - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- Verify
Registration bool - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- Webauthn
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Webauthn Configuration
- Access
Control FusionConfiguration Auth Application Access Control Configuration Args - Application
Id string - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- Authentication
Token boolConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- Clean
Speak FusionConfiguration Auth Application Clean Speak Configuration Args - Data map[string]string
- An object that can hold any information about the Application that should be persisted.
- Email
Configuration FusionAuth Application Email Configuration Args - Form
Configuration FusionAuth Application Form Configuration Args - Insert
Instant int - The instant that the Application was added to the FusionAuth database.
- Jwt
Configuration FusionAuth Application Jwt Configuration Args - Lambda
Configuration FusionAuth Application Lambda Configuration Args - Last
Update intInstant - The instant that the Application was last updated in the FusionAuth database.
- Login
Configuration FusionAuth Application Login Configuration Args - Multi
Factor FusionConfiguration Auth Application Multi Factor Configuration Args - Name string
- The name of the Application.
- Oauth
Configuration FusionAuth Application Oauth Configuration Args - Passwordless
Configuration boolEnabled - Determines if passwordless login is enabled for this application.
- Registration
Configuration FusionAuth Application Registration Configuration Args - Registration
Delete FusionPolicy Auth Application Registration Delete Policy Args - Samlv2Configuration
Fusion
Auth Application Samlv2Configuration Args - Tenant
Id string - The Id of the Tenant that this Application belongs to.
- Theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- Verification
Email stringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- Verification
Strategy string - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- Verify
Registration bool - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- Webauthn
Configuration FusionAuth Application Webauthn Configuration Args
- access
Control FusionConfiguration Auth Application Access Control Configuration - application
Id String - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- authentication
Token BooleanConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- clean
Speak FusionConfiguration Auth Application Clean Speak Configuration - data Map<String,String>
- An object that can hold any information about the Application that should be persisted.
- email
Configuration FusionAuth Application Email Configuration - form
Configuration FusionAuth Application Form Configuration - insert
Instant Integer - The instant that the Application was added to the FusionAuth database.
- jwt
Configuration FusionAuth Application Jwt Configuration - lambda
Configuration FusionAuth Application Lambda Configuration - last
Update IntegerInstant - The instant that the Application was last updated in the FusionAuth database.
- login
Configuration FusionAuth Application Login Configuration - multi
Factor FusionConfiguration Auth Application Multi Factor Configuration - name String
- The name of the Application.
- oauth
Configuration FusionAuth Application Oauth Configuration - passwordless
Configuration BooleanEnabled - Determines if passwordless login is enabled for this application.
- registration
Configuration FusionAuth Application Registration Configuration - registration
Delete FusionPolicy Auth Application Registration Delete Policy - samlv2Configuration
Fusion
Auth Application Samlv2Configuration - tenant
Id String - The Id of the Tenant that this Application belongs to.
- theme
Id String - The unique Id of the theme to be used to style the login page and other end user templates.
- verification
Email StringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- verification
Strategy String - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- verify
Registration Boolean - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- webauthn
Configuration FusionAuth Application Webauthn Configuration
- access
Control FusionConfiguration Auth Application Access Control Configuration - application
Id string - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- authentication
Token booleanConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- clean
Speak FusionConfiguration Auth Application Clean Speak Configuration - data {[key: string]: string}
- An object that can hold any information about the Application that should be persisted.
- email
Configuration FusionAuth Application Email Configuration - form
Configuration FusionAuth Application Form Configuration - insert
Instant number - The instant that the Application was added to the FusionAuth database.
- jwt
Configuration FusionAuth Application Jwt Configuration - lambda
Configuration FusionAuth Application Lambda Configuration - last
Update numberInstant - The instant that the Application was last updated in the FusionAuth database.
- login
Configuration FusionAuth Application Login Configuration - multi
Factor FusionConfiguration Auth Application Multi Factor Configuration - name string
- The name of the Application.
- oauth
Configuration FusionAuth Application Oauth Configuration - passwordless
Configuration booleanEnabled - Determines if passwordless login is enabled for this application.
- registration
Configuration FusionAuth Application Registration Configuration - registration
Delete FusionPolicy Auth Application Registration Delete Policy - samlv2Configuration
Fusion
Auth Application Samlv2Configuration - tenant
Id string - The Id of the Tenant that this Application belongs to.
- theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- verification
Email stringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- verification
Strategy string - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- verify
Registration boolean - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- webauthn
Configuration FusionAuth Application Webauthn Configuration
- access_
control_ Fusionconfiguration Auth Application Access Control Configuration Args - application_
id str - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- authentication_
token_ boolconfiguration_ enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- clean_
speak_ Fusionconfiguration Auth Application Clean Speak Configuration Args - data Mapping[str, str]
- An object that can hold any information about the Application that should be persisted.
- email_
configuration FusionAuth Application Email Configuration Args - form_
configuration FusionAuth Application Form Configuration Args - insert_
instant int - The instant that the Application was added to the FusionAuth database.
- jwt_
configuration FusionAuth Application Jwt Configuration Args - lambda_
configuration FusionAuth Application Lambda Configuration Args - last_
update_ intinstant - The instant that the Application was last updated in the FusionAuth database.
- login_
configuration FusionAuth Application Login Configuration Args - multi_
factor_ Fusionconfiguration Auth Application Multi Factor Configuration Args - name str
- The name of the Application.
- oauth_
configuration FusionAuth Application Oauth Configuration Args - passwordless_
configuration_ boolenabled - Determines if passwordless login is enabled for this application.
- registration_
configuration FusionAuth Application Registration Configuration Args - registration_
delete_ Fusionpolicy Auth Application Registration Delete Policy Args - samlv2_
configuration FusionAuth Application Samlv2Configuration Args - tenant_
id str - The Id of the Tenant that this Application belongs to.
- theme_
id str - The unique Id of the theme to be used to style the login page and other end user templates.
- verification_
email_ strtemplate_ id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- verification_
strategy str - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- verify_
registration bool - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- webauthn_
configuration FusionAuth Application Webauthn Configuration Args
- access
Control Property MapConfiguration - application
Id String - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- authentication
Token BooleanConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- clean
Speak Property MapConfiguration - data Map<String>
- An object that can hold any information about the Application that should be persisted.
- email
Configuration Property Map - form
Configuration Property Map - insert
Instant Number - The instant that the Application was added to the FusionAuth database.
- jwt
Configuration Property Map - lambda
Configuration Property Map - last
Update NumberInstant - The instant that the Application was last updated in the FusionAuth database.
- login
Configuration Property Map - multi
Factor Property MapConfiguration - name String
- The name of the Application.
- oauth
Configuration Property Map - passwordless
Configuration BooleanEnabled - Determines if passwordless login is enabled for this application.
- registration
Configuration Property Map - registration
Delete Property MapPolicy - samlv2Configuration Property Map
- tenant
Id String - The Id of the Tenant that this Application belongs to.
- theme
Id String - The unique Id of the theme to be used to style the login page and other end user templates.
- verification
Email StringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- verification
Strategy String - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- verify
Registration Boolean - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- webauthn
Configuration Property Map
Supporting Types
FusionAuthApplicationAccessControlConfiguration, FusionAuthApplicationAccessControlConfigurationArgs
- Ui
Ip stringAccess Control List Id - The Id of the IP Access Control List limiting access to this application.
- Ui
Ip stringAccess Control List Id - The Id of the IP Access Control List limiting access to this application.
- ui
Ip StringAccess Control List Id - The Id of the IP Access Control List limiting access to this application.
- ui
Ip stringAccess Control List Id - The Id of the IP Access Control List limiting access to this application.
- ui_
ip_ straccess_ control_ list_ id - The Id of the IP Access Control List limiting access to this application.
- ui
Ip StringAccess Control List Id - The Id of the IP Access Control List limiting access to this application.
FusionAuthApplicationCleanSpeakConfiguration, FusionAuthApplicationCleanSpeakConfigurationArgs
- Application
Ids List<string> - An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
- Username
Moderation theogravity.Fusionauth. Inputs. Fusion Auth Application Clean Speak Configuration Username Moderation
- Application
Ids []string - An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
- Username
Moderation FusionAuth Application Clean Speak Configuration Username Moderation
- application
Ids List<String> - An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
- username
Moderation FusionAuth Application Clean Speak Configuration Username Moderation
- application
Ids string[] - An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
- username
Moderation FusionAuth Application Clean Speak Configuration Username Moderation
- application_
ids Sequence[str] - An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
- username_
moderation FusionAuth Application Clean Speak Configuration Username Moderation
- application
Ids List<String> - An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
- username
Moderation Property Map
FusionAuthApplicationCleanSpeakConfigurationUsernameModeration, FusionAuthApplicationCleanSpeakConfigurationUsernameModerationArgs
- Application
Id string - The Id of the CleanSpeak application that usernames are sent to for moderation.
- Enabled bool
- True if CleanSpeak username moderation is enabled.
- Application
Id string - The Id of the CleanSpeak application that usernames are sent to for moderation.
- Enabled bool
- True if CleanSpeak username moderation is enabled.
- application
Id String - The Id of the CleanSpeak application that usernames are sent to for moderation.
- enabled Boolean
- True if CleanSpeak username moderation is enabled.
- application
Id string - The Id of the CleanSpeak application that usernames are sent to for moderation.
- enabled boolean
- True if CleanSpeak username moderation is enabled.
- application_
id str - The Id of the CleanSpeak application that usernames are sent to for moderation.
- enabled bool
- True if CleanSpeak username moderation is enabled.
- application
Id String - The Id of the CleanSpeak application that usernames are sent to for moderation.
- enabled Boolean
- True if CleanSpeak username moderation is enabled.
FusionAuthApplicationEmailConfiguration, FusionAuthApplicationEmailConfigurationArgs
- Email
Update stringTemplate Id - The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Email
Verification stringTemplate Id - The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Email
Verified stringTemplate Id - The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Forgot
Password stringTemplate Id - The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Login
Id stringIn Use On Create Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Login
Id stringIn Use On Update Template Id - The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Login
New stringDevice Template Id - The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Login
Suspicious stringTemplate Id - The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Password
Reset stringSuccess Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Password
Update stringTemplate Id - The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Passwordless
Email stringTemplate Id - The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Set
Password stringEmail Template Id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Two
Factor stringMethod Add Template Id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Two
Factor stringMethod Remove Template Id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Email
Update stringTemplate Id - The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Email
Verification stringTemplate Id - The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Email
Verified stringTemplate Id - The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Forgot
Password stringTemplate Id - The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Login
Id stringIn Use On Create Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Login
Id stringIn Use On Update Template Id - The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Login
New stringDevice Template Id - The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Login
Suspicious stringTemplate Id - The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Password
Reset stringSuccess Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Password
Update stringTemplate Id - The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Passwordless
Email stringTemplate Id - The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Set
Password stringEmail Template Id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Two
Factor stringMethod Add Template Id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Two
Factor stringMethod Remove Template Id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Update StringTemplate Id - The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Verification StringTemplate Id - The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Verified StringTemplate Id - The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- forgot
Password StringTemplate Id - The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Id StringIn Use On Create Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Id StringIn Use On Update Template Id - The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
New StringDevice Template Id - The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Suspicious StringTemplate Id - The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- password
Reset StringSuccess Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- password
Update StringTemplate Id - The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- passwordless
Email StringTemplate Id - The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- set
Password StringEmail Template Id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- two
Factor StringMethod Add Template Id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- two
Factor StringMethod Remove Template Id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Update stringTemplate Id - The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Verification stringTemplate Id - The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Verified stringTemplate Id - The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- forgot
Password stringTemplate Id - The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Id stringIn Use On Create Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Id stringIn Use On Update Template Id - The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
New stringDevice Template Id - The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Suspicious stringTemplate Id - The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- password
Reset stringSuccess Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- password
Update stringTemplate Id - The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- passwordless
Email stringTemplate Id - The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- set
Password stringEmail Template Id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- two
Factor stringMethod Add Template Id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- two
Factor stringMethod Remove Template Id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email_
update_ strtemplate_ id - The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email_
verification_ strtemplate_ id - The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email_
verified_ strtemplate_ id - The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- forgot_
password_ strtemplate_ id - The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login_
id_ strin_ use_ on_ create_ template_ id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login_
id_ strin_ use_ on_ update_ template_ id - The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login_
new_ strdevice_ template_ id - The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login_
suspicious_ strtemplate_ id - The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- password_
reset_ strsuccess_ template_ id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- password_
update_ strtemplate_ id - The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- passwordless_
email_ strtemplate_ id - The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- set_
password_ stremail_ template_ id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- two_
factor_ strmethod_ add_ template_ id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- two_
factor_ strmethod_ remove_ template_ id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Update StringTemplate Id - The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Verification StringTemplate Id - The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Verified StringTemplate Id - The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- forgot
Password StringTemplate Id - The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Id StringIn Use On Create Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Id StringIn Use On Update Template Id - The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
New StringDevice Template Id - The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Suspicious StringTemplate Id - The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- password
Reset StringSuccess Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- password
Update StringTemplate Id - The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- passwordless
Email StringTemplate Id - The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- set
Password StringEmail Template Id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- two
Factor StringMethod Add Template Id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- two
Factor StringMethod Remove Template Id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
FusionAuthApplicationFormConfiguration, FusionAuthApplicationFormConfigurationArgs
- Admin
Registration stringForm Id - The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
- Self
Service theogravity.Form Configuration Fusionauth. Inputs. Fusion Auth Application Form Configuration Self Service Form Configuration - Self
Service stringForm Id - The unique Id of the form to to enable authenticated users to manage their profile on the account page.
- Admin
Registration stringForm Id - The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
- Self
Service FusionForm Configuration Auth Application Form Configuration Self Service Form Configuration - Self
Service stringForm Id - The unique Id of the form to to enable authenticated users to manage their profile on the account page.
- admin
Registration StringForm Id - The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
- self
Service FusionForm Configuration Auth Application Form Configuration Self Service Form Configuration - self
Service StringForm Id - The unique Id of the form to to enable authenticated users to manage their profile on the account page.
- admin
Registration stringForm Id - The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
- self
Service FusionForm Configuration Auth Application Form Configuration Self Service Form Configuration - self
Service stringForm Id - The unique Id of the form to to enable authenticated users to manage their profile on the account page.
- admin_
registration_ strform_ id - The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
- self_
service_ Fusionform_ configuration Auth Application Form Configuration Self Service Form Configuration - self_
service_ strform_ id - The unique Id of the form to to enable authenticated users to manage their profile on the account page.
- admin
Registration StringForm Id - The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
- self
Service Property MapForm Configuration - self
Service StringForm Id - The unique Id of the form to to enable authenticated users to manage their profile on the account page.
FusionAuthApplicationFormConfigurationSelfServiceFormConfiguration, FusionAuthApplicationFormConfigurationSelfServiceFormConfigurationArgs
- Require
Current boolPassword On Password Change - When enabled a user will be required to provide their current password when changing their password on a self-service account form.
- Require
Current boolPassword On Password Change - When enabled a user will be required to provide their current password when changing their password on a self-service account form.
- require
Current BooleanPassword On Password Change - When enabled a user will be required to provide their current password when changing their password on a self-service account form.
- require
Current booleanPassword On Password Change - When enabled a user will be required to provide their current password when changing their password on a self-service account form.
- require_
current_ boolpassword_ on_ password_ change - When enabled a user will be required to provide their current password when changing their password on a self-service account form.
- require
Current BooleanPassword On Password Change - When enabled a user will be required to provide their current password when changing their password on a self-service account form.
FusionAuthApplicationJwtConfiguration, FusionAuthApplicationJwtConfigurationArgs
- Access
Token stringId - The Id of the signing key used to sign the access token.
- Enabled bool
- Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
- Id
Token stringKey Id - The Id of the signing key used to sign the Id token.
- Refresh
Token stringExpiration Policy - The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until
refresh_token_sliding_window_maximum_ttl_in_minutes
is reached. - Refresh
Token intSliding Window Maximum Ttl In Minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of
SlidingWindowWithMaximumLifetime
. Value must be greater than 0. - Refresh
Token intTtl Minutes - The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
- Refresh
Token stringUsage Policy - The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
- Ttl
Seconds int - The length of time in seconds the JWT will live before it is expired and no longer valid.
- Access
Token stringId - The Id of the signing key used to sign the access token.
- Enabled bool
- Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
- Id
Token stringKey Id - The Id of the signing key used to sign the Id token.
- Refresh
Token stringExpiration Policy - The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until
refresh_token_sliding_window_maximum_ttl_in_minutes
is reached. - Refresh
Token intSliding Window Maximum Ttl In Minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of
SlidingWindowWithMaximumLifetime
. Value must be greater than 0. - Refresh
Token intTtl Minutes - The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
- Refresh
Token stringUsage Policy - The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
- Ttl
Seconds int - The length of time in seconds the JWT will live before it is expired and no longer valid.
- access
Token StringId - The Id of the signing key used to sign the access token.
- enabled Boolean
- Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
- id
Token StringKey Id - The Id of the signing key used to sign the Id token.
- refresh
Token StringExpiration Policy - The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until
refresh_token_sliding_window_maximum_ttl_in_minutes
is reached. - refresh
Token IntegerSliding Window Maximum Ttl In Minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of
SlidingWindowWithMaximumLifetime
. Value must be greater than 0. - refresh
Token IntegerTtl Minutes - The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
- refresh
Token StringUsage Policy - The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
- ttl
Seconds Integer - The length of time in seconds the JWT will live before it is expired and no longer valid.
- access
Token stringId - The Id of the signing key used to sign the access token.
- enabled boolean
- Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
- id
Token stringKey Id - The Id of the signing key used to sign the Id token.
- refresh
Token stringExpiration Policy - The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until
refresh_token_sliding_window_maximum_ttl_in_minutes
is reached. - refresh
Token numberSliding Window Maximum Ttl In Minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of
SlidingWindowWithMaximumLifetime
. Value must be greater than 0. - refresh
Token numberTtl Minutes - The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
- refresh
Token stringUsage Policy - The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
- ttl
Seconds number - The length of time in seconds the JWT will live before it is expired and no longer valid.
- access_
token_ strid - The Id of the signing key used to sign the access token.
- enabled bool
- Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
- id_
token_ strkey_ id - The Id of the signing key used to sign the Id token.
- refresh_
token_ strexpiration_ policy - The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until
refresh_token_sliding_window_maximum_ttl_in_minutes
is reached. - refresh_
token_ intsliding_ window_ maximum_ ttl_ in_ minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of
SlidingWindowWithMaximumLifetime
. Value must be greater than 0. - refresh_
token_ intttl_ minutes - The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
- refresh_
token_ strusage_ policy - The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
- ttl_
seconds int - The length of time in seconds the JWT will live before it is expired and no longer valid.
- access
Token StringId - The Id of the signing key used to sign the access token.
- enabled Boolean
- Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
- id
Token StringKey Id - The Id of the signing key used to sign the Id token.
- refresh
Token StringExpiration Policy - The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until
refresh_token_sliding_window_maximum_ttl_in_minutes
is reached. - refresh
Token NumberSliding Window Maximum Ttl In Minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of
SlidingWindowWithMaximumLifetime
. Value must be greater than 0. - refresh
Token NumberTtl Minutes - The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
- refresh
Token StringUsage Policy - The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
- ttl
Seconds Number - The length of time in seconds the JWT will live before it is expired and no longer valid.
FusionAuthApplicationLambdaConfiguration, FusionAuthApplicationLambdaConfigurationArgs
- Access
Token stringPopulate Id - The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
- Id
Token stringPopulate Id - The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
- Samlv2Populate
Id string - The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
- Self
Service stringRegistration Validation Id - The unique Id of the lambda that will be used to perform additional validation on registration form steps.
- Userinfo
Populate stringId - The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
- Access
Token stringPopulate Id - The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
- Id
Token stringPopulate Id - The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
- Samlv2Populate
Id string - The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
- Self
Service stringRegistration Validation Id - The unique Id of the lambda that will be used to perform additional validation on registration form steps.
- Userinfo
Populate stringId - The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
- access
Token StringPopulate Id - The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
- id
Token StringPopulate Id - The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
- samlv2Populate
Id String - The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
- self
Service StringRegistration Validation Id - The unique Id of the lambda that will be used to perform additional validation on registration form steps.
- userinfo
Populate StringId - The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
- access
Token stringPopulate Id - The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
- id
Token stringPopulate Id - The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
- samlv2Populate
Id string - The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
- self
Service stringRegistration Validation Id - The unique Id of the lambda that will be used to perform additional validation on registration form steps.
- userinfo
Populate stringId - The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
- access_
token_ strpopulate_ id - The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
- id_
token_ strpopulate_ id - The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
- samlv2_
populate_ strid - The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
- self_
service_ strregistration_ validation_ id - The unique Id of the lambda that will be used to perform additional validation on registration form steps.
- userinfo_
populate_ strid - The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
- access
Token StringPopulate Id - The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
- id
Token StringPopulate Id - The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
- samlv2Populate
Id String - The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
- self
Service StringRegistration Validation Id - The unique Id of the lambda that will be used to perform additional validation on registration form steps.
- userinfo
Populate StringId - The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
FusionAuthApplicationLoginConfiguration, FusionAuthApplicationLoginConfigurationArgs
- Allow
Token boolRefresh - Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
- Generate
Refresh boolTokens - Indicates if a Refresh Token should be issued from the Login API
- Require
Authentication bool - Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
- Allow
Token boolRefresh - Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
- Generate
Refresh boolTokens - Indicates if a Refresh Token should be issued from the Login API
- Require
Authentication bool - Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
- allow
Token BooleanRefresh - Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
- generate
Refresh BooleanTokens - Indicates if a Refresh Token should be issued from the Login API
- require
Authentication Boolean - Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
- allow
Token booleanRefresh - Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
- generate
Refresh booleanTokens - Indicates if a Refresh Token should be issued from the Login API
- require
Authentication boolean - Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
- allow_
token_ boolrefresh - Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
- generate_
refresh_ booltokens - Indicates if a Refresh Token should be issued from the Login API
- require_
authentication bool - Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
- allow
Token BooleanRefresh - Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
- generate
Refresh BooleanTokens - Indicates if a Refresh Token should be issued from the Login API
- require
Authentication Boolean - Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
FusionAuthApplicationMultiFactorConfiguration, FusionAuthApplicationMultiFactorConfigurationArgs
- Email
Template stringId - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- Login
Policy string - When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are
Enabled
,Disabled
orRequired
. - Sms
Template stringId - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- Trust
Policy string - When
multi_factor_configuration.login_policy
is set toEnabled
, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values areAny
,This
orNone
.
- Email
Template stringId - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- Login
Policy string - When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are
Enabled
,Disabled
orRequired
. - Sms
Template stringId - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- Trust
Policy string - When
multi_factor_configuration.login_policy
is set toEnabled
, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values areAny
,This
orNone
.
- email
Template StringId - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- login
Policy String - When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are
Enabled
,Disabled
orRequired
. - sms
Template StringId - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- trust
Policy String - When
multi_factor_configuration.login_policy
is set toEnabled
, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values areAny
,This
orNone
.
- email
Template stringId - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- login
Policy string - When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are
Enabled
,Disabled
orRequired
. - sms
Template stringId - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- trust
Policy string - When
multi_factor_configuration.login_policy
is set toEnabled
, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values areAny
,This
orNone
.
- email_
template_ strid - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- login_
policy str - When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are
Enabled
,Disabled
orRequired
. - sms_
template_ strid - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- trust_
policy str - When
multi_factor_configuration.login_policy
is set toEnabled
, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values areAny
,This
orNone
.
- email
Template StringId - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- login
Policy String - When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are
Enabled
,Disabled
orRequired
. - sms
Template StringId - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- trust
Policy String - When
multi_factor_configuration.login_policy
is set toEnabled
, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values areAny
,This
orNone
.
FusionAuthApplicationOauthConfiguration, FusionAuthApplicationOauthConfigurationArgs
- Scope
Handling stringPolicy - Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:
Compatibility
- OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.Strict
- OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
- Unknown
Scope stringPolicy - Controls the policy for handling unknown scopes on an OAuth request. The possible values are:
Allow
- Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.Remove
- Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.Reject
- Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
- List<string>
- An array of URLs that are the authorized origins for FusionAuth OAuth.
- List<string>
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- string
- Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
- Client
Authentication stringPolicy - Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
- Client
Id string - The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- Client
Secret string - The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- Consent
Mode string - Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when
application.oauthConfiguration.relationship
isThirdParty
. The possible values are:AlwaysPrompt
- Always prompt the user for consent.RememberDecision
- Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’sexternalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds
value.NeverPrompt
- The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were aFirstParty
application. This configuration is meant for testing purposes only and should not be used in production.
- Debug bool
- Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
- Device
Verification stringUrl - The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
- Enabled
Grants List<string> - The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
- Generate
Refresh boolTokens - Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
- Logout
Behavior string - Behavior when /oauth2/logout is called.
- Logout
Url string - The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
- Proof
Key stringFor Code Exchange Policy - Determines the PKCE requirements when using the authorization code grant.
- Provided
Scope List<theogravity.Policies Fusionauth. Inputs. Fusion Auth Application Oauth Configuration Provided Scope Policy> - Configures which of the default scopes are enabled and required.
- Relationship string
- The application’s relationship to the OAuth server. The possible values are:
FirstParty
- The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.ThirdParty
- The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’soauthConfiguration.consentMode
value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
- Require
Client boolAuthentication - Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.
- Require
Registration bool - When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
- Scope
Handling stringPolicy - Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:
Compatibility
- OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.Strict
- OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
- Unknown
Scope stringPolicy - Controls the policy for handling unknown scopes on an OAuth request. The possible values are:
Allow
- Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.Remove
- Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.Reject
- Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
- []string
- An array of URLs that are the authorized origins for FusionAuth OAuth.
- []string
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- string
- Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
- Client
Authentication stringPolicy - Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
- Client
Id string - The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- Client
Secret string - The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- Consent
Mode string - Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when
application.oauthConfiguration.relationship
isThirdParty
. The possible values are:AlwaysPrompt
- Always prompt the user for consent.RememberDecision
- Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’sexternalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds
value.NeverPrompt
- The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were aFirstParty
application. This configuration is meant for testing purposes only and should not be used in production.
- Debug bool
- Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
- Device
Verification stringUrl - The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
- Enabled
Grants []string - The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
- Generate
Refresh boolTokens - Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
- Logout
Behavior string - Behavior when /oauth2/logout is called.
- Logout
Url string - The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
- Proof
Key stringFor Code Exchange Policy - Determines the PKCE requirements when using the authorization code grant.
- Provided
Scope []FusionPolicies Auth Application Oauth Configuration Provided Scope Policy - Configures which of the default scopes are enabled and required.
- Relationship string
- The application’s relationship to the OAuth server. The possible values are:
FirstParty
- The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.ThirdParty
- The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’soauthConfiguration.consentMode
value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
- Require
Client boolAuthentication - Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.
- Require
Registration bool - When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
- scope
Handling StringPolicy - Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:
Compatibility
- OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.Strict
- OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
- unknown
Scope StringPolicy - Controls the policy for handling unknown scopes on an OAuth request. The possible values are:
Allow
- Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.Remove
- Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.Reject
- Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
- List<String>
- An array of URLs that are the authorized origins for FusionAuth OAuth.
- List<String>
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- String
- Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
- client
Authentication StringPolicy - Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
- client
Id String - The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- client
Secret String - The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- consent
Mode String - Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when
application.oauthConfiguration.relationship
isThirdParty
. The possible values are:AlwaysPrompt
- Always prompt the user for consent.RememberDecision
- Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’sexternalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds
value.NeverPrompt
- The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were aFirstParty
application. This configuration is meant for testing purposes only and should not be used in production.
- debug Boolean
- Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
- device
Verification StringUrl - The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
- enabled
Grants List<String> - The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
- generate
Refresh BooleanTokens - Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
- logout
Behavior String - Behavior when /oauth2/logout is called.
- logout
Url String - The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
- proof
Key StringFor Code Exchange Policy - Determines the PKCE requirements when using the authorization code grant.
- provided
Scope List<FusionPolicies Auth Application Oauth Configuration Provided Scope Policy> - Configures which of the default scopes are enabled and required.
- relationship String
- The application’s relationship to the OAuth server. The possible values are:
FirstParty
- The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.ThirdParty
- The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’soauthConfiguration.consentMode
value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
- require
Client BooleanAuthentication - Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.
- require
Registration Boolean - When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
- scope
Handling stringPolicy - Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:
Compatibility
- OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.Strict
- OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
- unknown
Scope stringPolicy - Controls the policy for handling unknown scopes on an OAuth request. The possible values are:
Allow
- Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.Remove
- Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.Reject
- Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
- string[]
- An array of URLs that are the authorized origins for FusionAuth OAuth.
- string[]
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- string
- Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
- client
Authentication stringPolicy - Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
- client
Id string - The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- client
Secret string - The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- consent
Mode string - Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when
application.oauthConfiguration.relationship
isThirdParty
. The possible values are:AlwaysPrompt
- Always prompt the user for consent.RememberDecision
- Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’sexternalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds
value.NeverPrompt
- The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were aFirstParty
application. This configuration is meant for testing purposes only and should not be used in production.
- debug boolean
- Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
- device
Verification stringUrl - The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
- enabled
Grants string[] - The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
- generate
Refresh booleanTokens - Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
- logout
Behavior string - Behavior when /oauth2/logout is called.
- logout
Url string - The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
- proof
Key stringFor Code Exchange Policy - Determines the PKCE requirements when using the authorization code grant.
- provided
Scope FusionPolicies Auth Application Oauth Configuration Provided Scope Policy[] - Configures which of the default scopes are enabled and required.
- relationship string
- The application’s relationship to the OAuth server. The possible values are:
FirstParty
- The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.ThirdParty
- The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’soauthConfiguration.consentMode
value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
- require
Client booleanAuthentication - Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.
- require
Registration boolean - When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
- scope_
handling_ strpolicy - Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:
Compatibility
- OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.Strict
- OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
- unknown_
scope_ strpolicy - Controls the policy for handling unknown scopes on an OAuth request. The possible values are:
Allow
- Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.Remove
- Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.Reject
- Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
- Sequence[str]
- An array of URLs that are the authorized origins for FusionAuth OAuth.
- Sequence[str]
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- str
- Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
- client_
authentication_ strpolicy - Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
- client_
id str - The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- client_
secret str - The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- consent_
mode str - Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when
application.oauthConfiguration.relationship
isThirdParty
. The possible values are:AlwaysPrompt
- Always prompt the user for consent.RememberDecision
- Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’sexternalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds
value.NeverPrompt
- The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were aFirstParty
application. This configuration is meant for testing purposes only and should not be used in production.
- debug bool
- Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
- device_
verification_ strurl - The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
- enabled_
grants Sequence[str] - The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
- generate_
refresh_ booltokens - Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
- logout_
behavior str - Behavior when /oauth2/logout is called.
- logout_
url str - The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
- proof_
key_ strfor_ code_ exchange_ policy - Determines the PKCE requirements when using the authorization code grant.
- provided_
scope_ Sequence[Fusionpolicies Auth Application Oauth Configuration Provided Scope Policy] - Configures which of the default scopes are enabled and required.
- relationship str
- The application’s relationship to the OAuth server. The possible values are:
FirstParty
- The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.ThirdParty
- The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’soauthConfiguration.consentMode
value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
- require_
client_ boolauthentication - Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.
- require_
registration bool - When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
- scope
Handling StringPolicy - Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:
Compatibility
- OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.Strict
- OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
- unknown
Scope StringPolicy - Controls the policy for handling unknown scopes on an OAuth request. The possible values are:
Allow
- Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.Remove
- Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.Reject
- Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
- List<String>
- An array of URLs that are the authorized origins for FusionAuth OAuth.
- List<String>
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- String
- Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
- client
Authentication StringPolicy - Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
- client
Id String - The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- client
Secret String - The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- consent
Mode String - Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when
application.oauthConfiguration.relationship
isThirdParty
. The possible values are:AlwaysPrompt
- Always prompt the user for consent.RememberDecision
- Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’sexternalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds
value.NeverPrompt
- The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were aFirstParty
application. This configuration is meant for testing purposes only and should not be used in production.
- debug Boolean
- Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
- device
Verification StringUrl - The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
- enabled
Grants List<String> - The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
- generate
Refresh BooleanTokens - Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
- logout
Behavior String - Behavior when /oauth2/logout is called.
- logout
Url String - The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
- proof
Key StringFor Code Exchange Policy - Determines the PKCE requirements when using the authorization code grant.
- provided
Scope List<Property Map>Policies - Configures which of the default scopes are enabled and required.
- relationship String
- The application’s relationship to the OAuth server. The possible values are:
FirstParty
- The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.ThirdParty
- The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’soauthConfiguration.consentMode
value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
- require
Client BooleanAuthentication - Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.
- require
Registration Boolean - When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
FusionAuthApplicationOauthConfigurationProvidedScopePolicy, FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs
- Address
theogravity.
Fusionauth. Inputs. Fusion Auth Application Oauth Configuration Provided Scope Policy Address - Email
theogravity.
Fusionauth. Inputs. Fusion Auth Application Oauth Configuration Provided Scope Policy Email - Phone
theogravity.
Fusionauth. Inputs. Fusion Auth Application Oauth Configuration Provided Scope Policy Phone - Profile
theogravity.
Fusionauth. Inputs. Fusion Auth Application Oauth Configuration Provided Scope Policy Profile
FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddress, FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs
FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmail, FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs
FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhone, FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs
FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfile, FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs
FusionAuthApplicationRegistrationConfiguration, FusionAuthApplicationRegistrationConfigurationArgs
- Birth
Date theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration Birth Date - Confirm
Password bool - Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
- Enabled bool
- Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
- First
Name theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration First Name - Form
Id string - The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
- Full
Name theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration Full Name - Last
Name theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration Last Name - Login
Id stringType - The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
- Middle
Name theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration Middle Name - Mobile
Phone theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration Mobile Phone - Preferred
Languages theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration Preferred Languages - Type string
- The type of registration flow.
- Birth
Date FusionAuth Application Registration Configuration Birth Date - Confirm
Password bool - Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
- Enabled bool
- Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
- First
Name FusionAuth Application Registration Configuration First Name - Form
Id string - The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
- Full
Name FusionAuth Application Registration Configuration Full Name - Last
Name FusionAuth Application Registration Configuration Last Name - Login
Id stringType - The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
- Middle
Name FusionAuth Application Registration Configuration Middle Name - Mobile
Phone FusionAuth Application Registration Configuration Mobile Phone - Preferred
Languages FusionAuth Application Registration Configuration Preferred Languages - Type string
- The type of registration flow.
- birth
Date FusionAuth Application Registration Configuration Birth Date - confirm
Password Boolean - Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
- enabled Boolean
- Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
- first
Name FusionAuth Application Registration Configuration First Name - form
Id String - The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
- full
Name FusionAuth Application Registration Configuration Full Name - last
Name FusionAuth Application Registration Configuration Last Name - login
Id StringType - The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
- middle
Name FusionAuth Application Registration Configuration Middle Name - mobile
Phone FusionAuth Application Registration Configuration Mobile Phone - preferred
Languages FusionAuth Application Registration Configuration Preferred Languages - type String
- The type of registration flow.
- birth
Date FusionAuth Application Registration Configuration Birth Date - confirm
Password boolean - Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
- enabled boolean
- Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
- first
Name FusionAuth Application Registration Configuration First Name - form
Id string - The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
- full
Name FusionAuth Application Registration Configuration Full Name - last
Name FusionAuth Application Registration Configuration Last Name - login
Id stringType - The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
- middle
Name FusionAuth Application Registration Configuration Middle Name - mobile
Phone FusionAuth Application Registration Configuration Mobile Phone - preferred
Languages FusionAuth Application Registration Configuration Preferred Languages - type string
- The type of registration flow.
- birth_
date FusionAuth Application Registration Configuration Birth Date - confirm_
password bool - Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
- enabled bool
- Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
- first_
name FusionAuth Application Registration Configuration First Name - form_
id str - The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
- full_
name FusionAuth Application Registration Configuration Full Name - last_
name FusionAuth Application Registration Configuration Last Name - login_
id_ strtype - The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
- middle_
name FusionAuth Application Registration Configuration Middle Name - mobile_
phone FusionAuth Application Registration Configuration Mobile Phone - preferred_
languages FusionAuth Application Registration Configuration Preferred Languages - type str
- The type of registration flow.
- birth
Date Property Map - confirm
Password Boolean - Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
- enabled Boolean
- Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
- first
Name Property Map - form
Id String - The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
- full
Name Property Map - last
Name Property Map - login
Id StringType - The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
- middle
Name Property Map - mobile
Phone Property Map - preferred
Languages Property Map - type String
- The type of registration flow.
FusionAuthApplicationRegistrationConfigurationBirthDate, FusionAuthApplicationRegistrationConfigurationBirthDateArgs
FusionAuthApplicationRegistrationConfigurationFirstName, FusionAuthApplicationRegistrationConfigurationFirstNameArgs
FusionAuthApplicationRegistrationConfigurationFullName, FusionAuthApplicationRegistrationConfigurationFullNameArgs
FusionAuthApplicationRegistrationConfigurationLastName, FusionAuthApplicationRegistrationConfigurationLastNameArgs
FusionAuthApplicationRegistrationConfigurationMiddleName, FusionAuthApplicationRegistrationConfigurationMiddleNameArgs
FusionAuthApplicationRegistrationConfigurationMobilePhone, FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs
FusionAuthApplicationRegistrationConfigurationPreferredLanguages, FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs
FusionAuthApplicationRegistrationDeletePolicy, FusionAuthApplicationRegistrationDeletePolicyArgs
- Unverified
Enabled bool - Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
- Unverified
Number intOf Days To Retain - The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
- Unverified
Enabled bool - Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
- Unverified
Number intOf Days To Retain - The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
- unverified
Enabled Boolean - Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
- unverified
Number IntegerOf Days To Retain - The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
- unverified
Enabled boolean - Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
- unverified
Number numberOf Days To Retain - The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
- unverified_
enabled bool - Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
- unverified_
number_ intof_ days_ to_ retain - The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
- unverified
Enabled Boolean - Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
- unverified
Number NumberOf Days To Retain - The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
FusionAuthApplicationSamlv2Configuration, FusionAuthApplicationSamlv2ConfigurationArgs
- List<string>
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- Issuer string
- The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
- Assertion
Encryption theogravity.Configuration Fusionauth. Inputs. Fusion Auth Application Samlv2Configuration Assertion Encryption Configuration - Audience string
- The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
- Callback
Url string - The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.
- Debug bool
- Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
- Default
Verification stringKey Id - Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
- Enabled bool
- Whether or not the SAML IdP for this Application is enabled or not.
- Initiated
Login theogravity.Fusionauth. Inputs. Fusion Auth Application Samlv2Configuration Initiated Login - Key
Id string - The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
- Login
Hint theogravity.Configuration Fusionauth. Inputs. Fusion Auth Application Samlv2Configuration Login Hint Configuration - Logout
theogravity.
Fusionauth. Inputs. Fusion Auth Application Samlv2Configuration Logout - Logout
Url string - The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
- Required
Signed boolRequests - If set to true, will force verification through the key store.
- Xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- Xml
Signature stringLocation - The location to place the XML signature when signing a successful SAML response.
- []string
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- Issuer string
- The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
- Assertion
Encryption FusionConfiguration Auth Application Samlv2Configuration Assertion Encryption Configuration - Audience string
- The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
- Callback
Url string - The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.
- Debug bool
- Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
- Default
Verification stringKey Id - Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
- Enabled bool
- Whether or not the SAML IdP for this Application is enabled or not.
- Initiated
Login FusionAuth Application Samlv2Configuration Initiated Login - Key
Id string - The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
- Login
Hint FusionConfiguration Auth Application Samlv2Configuration Login Hint Configuration - Logout
Fusion
Auth Application Samlv2Configuration Logout - Logout
Url string - The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
- Required
Signed boolRequests - If set to true, will force verification through the key store.
- Xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- Xml
Signature stringLocation - The location to place the XML signature when signing a successful SAML response.
- List<String>
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- issuer String
- The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
- assertion
Encryption FusionConfiguration Auth Application Samlv2Configuration Assertion Encryption Configuration - audience String
- The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
- callback
Url String - The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.
- debug Boolean
- Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
- default
Verification StringKey Id - Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
- enabled Boolean
- Whether or not the SAML IdP for this Application is enabled or not.
- initiated
Login FusionAuth Application Samlv2Configuration Initiated Login - key
Id String - The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
- login
Hint FusionConfiguration Auth Application Samlv2Configuration Login Hint Configuration - logout
Fusion
Auth Application Samlv2Configuration Logout - logout
Url String - The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
- required
Signed BooleanRequests - If set to true, will force verification through the key store.
- xml
Signature StringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- xml
Signature StringLocation - The location to place the XML signature when signing a successful SAML response.
- string[]
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- issuer string
- The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
- assertion
Encryption FusionConfiguration Auth Application Samlv2Configuration Assertion Encryption Configuration - audience string
- The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
- callback
Url string - The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.
- debug boolean
- Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
- default
Verification stringKey Id - Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
- enabled boolean
- Whether or not the SAML IdP for this Application is enabled or not.
- initiated
Login FusionAuth Application Samlv2Configuration Initiated Login - key
Id string - The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
- login
Hint FusionConfiguration Auth Application Samlv2Configuration Login Hint Configuration - logout
Fusion
Auth Application Samlv2Configuration Logout - logout
Url string - The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
- required
Signed booleanRequests - If set to true, will force verification through the key store.
- xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- xml
Signature stringLocation - The location to place the XML signature when signing a successful SAML response.
- Sequence[str]
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- issuer str
- The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
- assertion_
encryption_ Fusionconfiguration Auth Application Samlv2Configuration Assertion Encryption Configuration - audience str
- The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
- callback_
url str - The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.
- debug bool
- Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
- default_
verification_ strkey_ id - Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
- enabled bool
- Whether or not the SAML IdP for this Application is enabled or not.
- initiated_
login FusionAuth Application Samlv2Configuration Initiated Login - key_
id str - The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
- login_
hint_ Fusionconfiguration Auth Application Samlv2Configuration Login Hint Configuration - logout
Fusion
Auth Application Samlv2Configuration Logout - logout_
url str - The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
- required_
signed_ boolrequests - If set to true, will force verification through the key store.
- xml_
signature_ strcanonicalization_ method - The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- xml_
signature_ strlocation - The location to place the XML signature when signing a successful SAML response.
- List<String>
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- issuer String
- The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
- assertion
Encryption Property MapConfiguration - audience String
- The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
- callback
Url String - The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.
- debug Boolean
- Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
- default
Verification StringKey Id - Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
- enabled Boolean
- Whether or not the SAML IdP for this Application is enabled or not.
- initiated
Login Property Map - key
Id String - The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
- login
Hint Property MapConfiguration - logout Property Map
- logout
Url String - The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
- required
Signed BooleanRequests - If set to true, will force verification through the key store.
- xml
Signature StringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- xml
Signature StringLocation - The location to place the XML signature when signing a successful SAML response.
FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfiguration, FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfigurationArgs
- Digest
Algorithm string - The message digest algorithm to use when encrypting the symmetric key for transport. The possible values are: SHA1 - SHA-1 hashing algorithm, SHA256 - SHA-256 hashing algorithm, SHA384 - SHA-384 hashing algorithm or SHA512 - SHA-512 hashing algorithm. Using SHA256 or higher is recommended.
- Enabled bool
- Determines if SAML assertion encryption is enabled for this Application.
- Encryption
Algorithm string - The symmetric key encryption algorithm that will be used to encrypt SAML assertions. A new symmetric key will be generated every time an assertion is encrypted. AES ciphers can operate in Cipher Block Chaining (CBC) or Galois/Counter Mode (GCM). The possible values are: AES128, AES192, AES256, AES128GCM, AES192GCM, AES256GCM or TripleDES.
- Key
Location string - The location that the encrypted symmetric key information will be placed in the SAML response in relation to the EncryptedData element containing the encrypted assertion value. The possible values are: Child (The EncryptedKey element will be wrapped in a KeyInfo element and added inside the EncryptedData) or Sibling (The EncryptedKey element will be added to the document as a sibling of EncryptedData).
- Key
Transport stringAlgorithm - The encryption algorithm used to encrypt the symmetric key for transport in the SAML response. The possible values are: RSAv15, RSA_OAEP or RSA_OAEP_MGF1P.
- Key
Transport stringEncryption Key Id - The unique Id of the Key used to encrypt the symmetric key for transport in the SAML response. The selected Key must contain an RSA certificate. This parameter is required when application.samlv2Configuration.assertionEncryptionConfiguration.enabled is set to true.
- Mask
Generation stringFunction - The mask generation function and hash function to use for the Optimal Asymmetric Encryption Padding when encrypting a symmetric key for transport. The possible values are: MGF1_SHA1, MGF1_SHA224, MGF1_SHA256, MGF1_SHA384 or MGF1_SHA512. This value is only used when the
application.samlv2Configuration.assertionEncryptionConfiguration.keyTransportAlgorithm
is set to RSA_OAEP. RSAv15 does not require a message digest function, and RSA_OAEP_MGF1P will always use MGF1_SHA1 regardless of this value.
- Digest
Algorithm string - The message digest algorithm to use when encrypting the symmetric key for transport. The possible values are: SHA1 - SHA-1 hashing algorithm, SHA256 - SHA-256 hashing algorithm, SHA384 - SHA-384 hashing algorithm or SHA512 - SHA-512 hashing algorithm. Using SHA256 or higher is recommended.
- Enabled bool
- Determines if SAML assertion encryption is enabled for this Application.
- Encryption
Algorithm string - The symmetric key encryption algorithm that will be used to encrypt SAML assertions. A new symmetric key will be generated every time an assertion is encrypted. AES ciphers can operate in Cipher Block Chaining (CBC) or Galois/Counter Mode (GCM). The possible values are: AES128, AES192, AES256, AES128GCM, AES192GCM, AES256GCM or TripleDES.
- Key
Location string - The location that the encrypted symmetric key information will be placed in the SAML response in relation to the EncryptedData element containing the encrypted assertion value. The possible values are: Child (The EncryptedKey element will be wrapped in a KeyInfo element and added inside the EncryptedData) or Sibling (The EncryptedKey element will be added to the document as a sibling of EncryptedData).
- Key
Transport stringAlgorithm - The encryption algorithm used to encrypt the symmetric key for transport in the SAML response. The possible values are: RSAv15, RSA_OAEP or RSA_OAEP_MGF1P.
- Key
Transport stringEncryption Key Id - The unique Id of the Key used to encrypt the symmetric key for transport in the SAML response. The selected Key must contain an RSA certificate. This parameter is required when application.samlv2Configuration.assertionEncryptionConfiguration.enabled is set to true.
- Mask
Generation stringFunction - The mask generation function and hash function to use for the Optimal Asymmetric Encryption Padding when encrypting a symmetric key for transport. The possible values are: MGF1_SHA1, MGF1_SHA224, MGF1_SHA256, MGF1_SHA384 or MGF1_SHA512. This value is only used when the
application.samlv2Configuration.assertionEncryptionConfiguration.keyTransportAlgorithm
is set to RSA_OAEP. RSAv15 does not require a message digest function, and RSA_OAEP_MGF1P will always use MGF1_SHA1 regardless of this value.
- digest
Algorithm String - The message digest algorithm to use when encrypting the symmetric key for transport. The possible values are: SHA1 - SHA-1 hashing algorithm, SHA256 - SHA-256 hashing algorithm, SHA384 - SHA-384 hashing algorithm or SHA512 - SHA-512 hashing algorithm. Using SHA256 or higher is recommended.
- enabled Boolean
- Determines if SAML assertion encryption is enabled for this Application.
- encryption
Algorithm String - The symmetric key encryption algorithm that will be used to encrypt SAML assertions. A new symmetric key will be generated every time an assertion is encrypted. AES ciphers can operate in Cipher Block Chaining (CBC) or Galois/Counter Mode (GCM). The possible values are: AES128, AES192, AES256, AES128GCM, AES192GCM, AES256GCM or TripleDES.
- key
Location String - The location that the encrypted symmetric key information will be placed in the SAML response in relation to the EncryptedData element containing the encrypted assertion value. The possible values are: Child (The EncryptedKey element will be wrapped in a KeyInfo element and added inside the EncryptedData) or Sibling (The EncryptedKey element will be added to the document as a sibling of EncryptedData).
- key
Transport StringAlgorithm - The encryption algorithm used to encrypt the symmetric key for transport in the SAML response. The possible values are: RSAv15, RSA_OAEP or RSA_OAEP_MGF1P.
- key
Transport StringEncryption Key Id - The unique Id of the Key used to encrypt the symmetric key for transport in the SAML response. The selected Key must contain an RSA certificate. This parameter is required when application.samlv2Configuration.assertionEncryptionConfiguration.enabled is set to true.
- mask
Generation StringFunction - The mask generation function and hash function to use for the Optimal Asymmetric Encryption Padding when encrypting a symmetric key for transport. The possible values are: MGF1_SHA1, MGF1_SHA224, MGF1_SHA256, MGF1_SHA384 or MGF1_SHA512. This value is only used when the
application.samlv2Configuration.assertionEncryptionConfiguration.keyTransportAlgorithm
is set to RSA_OAEP. RSAv15 does not require a message digest function, and RSA_OAEP_MGF1P will always use MGF1_SHA1 regardless of this value.
- digest
Algorithm string - The message digest algorithm to use when encrypting the symmetric key for transport. The possible values are: SHA1 - SHA-1 hashing algorithm, SHA256 - SHA-256 hashing algorithm, SHA384 - SHA-384 hashing algorithm or SHA512 - SHA-512 hashing algorithm. Using SHA256 or higher is recommended.
- enabled boolean
- Determines if SAML assertion encryption is enabled for this Application.
- encryption
Algorithm string - The symmetric key encryption algorithm that will be used to encrypt SAML assertions. A new symmetric key will be generated every time an assertion is encrypted. AES ciphers can operate in Cipher Block Chaining (CBC) or Galois/Counter Mode (GCM). The possible values are: AES128, AES192, AES256, AES128GCM, AES192GCM, AES256GCM or TripleDES.
- key
Location string - The location that the encrypted symmetric key information will be placed in the SAML response in relation to the EncryptedData element containing the encrypted assertion value. The possible values are: Child (The EncryptedKey element will be wrapped in a KeyInfo element and added inside the EncryptedData) or Sibling (The EncryptedKey element will be added to the document as a sibling of EncryptedData).
- key
Transport stringAlgorithm - The encryption algorithm used to encrypt the symmetric key for transport in the SAML response. The possible values are: RSAv15, RSA_OAEP or RSA_OAEP_MGF1P.
- key
Transport stringEncryption Key Id - The unique Id of the Key used to encrypt the symmetric key for transport in the SAML response. The selected Key must contain an RSA certificate. This parameter is required when application.samlv2Configuration.assertionEncryptionConfiguration.enabled is set to true.
- mask
Generation stringFunction - The mask generation function and hash function to use for the Optimal Asymmetric Encryption Padding when encrypting a symmetric key for transport. The possible values are: MGF1_SHA1, MGF1_SHA224, MGF1_SHA256, MGF1_SHA384 or MGF1_SHA512. This value is only used when the
application.samlv2Configuration.assertionEncryptionConfiguration.keyTransportAlgorithm
is set to RSA_OAEP. RSAv15 does not require a message digest function, and RSA_OAEP_MGF1P will always use MGF1_SHA1 regardless of this value.
- digest_
algorithm str - The message digest algorithm to use when encrypting the symmetric key for transport. The possible values are: SHA1 - SHA-1 hashing algorithm, SHA256 - SHA-256 hashing algorithm, SHA384 - SHA-384 hashing algorithm or SHA512 - SHA-512 hashing algorithm. Using SHA256 or higher is recommended.
- enabled bool
- Determines if SAML assertion encryption is enabled for this Application.
- encryption_
algorithm str - The symmetric key encryption algorithm that will be used to encrypt SAML assertions. A new symmetric key will be generated every time an assertion is encrypted. AES ciphers can operate in Cipher Block Chaining (CBC) or Galois/Counter Mode (GCM). The possible values are: AES128, AES192, AES256, AES128GCM, AES192GCM, AES256GCM or TripleDES.
- key_
location str - The location that the encrypted symmetric key information will be placed in the SAML response in relation to the EncryptedData element containing the encrypted assertion value. The possible values are: Child (The EncryptedKey element will be wrapped in a KeyInfo element and added inside the EncryptedData) or Sibling (The EncryptedKey element will be added to the document as a sibling of EncryptedData).
- key_
transport_ stralgorithm - The encryption algorithm used to encrypt the symmetric key for transport in the SAML response. The possible values are: RSAv15, RSA_OAEP or RSA_OAEP_MGF1P.
- key_
transport_ strencryption_ key_ id - The unique Id of the Key used to encrypt the symmetric key for transport in the SAML response. The selected Key must contain an RSA certificate. This parameter is required when application.samlv2Configuration.assertionEncryptionConfiguration.enabled is set to true.
- mask_
generation_ strfunction - The mask generation function and hash function to use for the Optimal Asymmetric Encryption Padding when encrypting a symmetric key for transport. The possible values are: MGF1_SHA1, MGF1_SHA224, MGF1_SHA256, MGF1_SHA384 or MGF1_SHA512. This value is only used when the
application.samlv2Configuration.assertionEncryptionConfiguration.keyTransportAlgorithm
is set to RSA_OAEP. RSAv15 does not require a message digest function, and RSA_OAEP_MGF1P will always use MGF1_SHA1 regardless of this value.
- digest
Algorithm String - The message digest algorithm to use when encrypting the symmetric key for transport. The possible values are: SHA1 - SHA-1 hashing algorithm, SHA256 - SHA-256 hashing algorithm, SHA384 - SHA-384 hashing algorithm or SHA512 - SHA-512 hashing algorithm. Using SHA256 or higher is recommended.
- enabled Boolean
- Determines if SAML assertion encryption is enabled for this Application.
- encryption
Algorithm String - The symmetric key encryption algorithm that will be used to encrypt SAML assertions. A new symmetric key will be generated every time an assertion is encrypted. AES ciphers can operate in Cipher Block Chaining (CBC) or Galois/Counter Mode (GCM). The possible values are: AES128, AES192, AES256, AES128GCM, AES192GCM, AES256GCM or TripleDES.
- key
Location String - The location that the encrypted symmetric key information will be placed in the SAML response in relation to the EncryptedData element containing the encrypted assertion value. The possible values are: Child (The EncryptedKey element will be wrapped in a KeyInfo element and added inside the EncryptedData) or Sibling (The EncryptedKey element will be added to the document as a sibling of EncryptedData).
- key
Transport StringAlgorithm - The encryption algorithm used to encrypt the symmetric key for transport in the SAML response. The possible values are: RSAv15, RSA_OAEP or RSA_OAEP_MGF1P.
- key
Transport StringEncryption Key Id - The unique Id of the Key used to encrypt the symmetric key for transport in the SAML response. The selected Key must contain an RSA certificate. This parameter is required when application.samlv2Configuration.assertionEncryptionConfiguration.enabled is set to true.
- mask
Generation StringFunction - The mask generation function and hash function to use for the Optimal Asymmetric Encryption Padding when encrypting a symmetric key for transport. The possible values are: MGF1_SHA1, MGF1_SHA224, MGF1_SHA256, MGF1_SHA384 or MGF1_SHA512. This value is only used when the
application.samlv2Configuration.assertionEncryptionConfiguration.keyTransportAlgorithm
is set to RSA_OAEP. RSAv15 does not require a message digest function, and RSA_OAEP_MGF1P will always use MGF1_SHA1 regardless of this value.
FusionAuthApplicationSamlv2ConfigurationInitiatedLogin, FusionAuthApplicationSamlv2ConfigurationInitiatedLoginArgs
- Enabled bool
- Determines if SAML v2 IdP initiated login is enabled for this application. See application.samlv2Configuration.authorizedRedirectURLs for information on which destination URLs are allowed.
- Name
Id stringFormat - The value sent in the AuthN response to the SAML v2 Service Provider in the NameID assertion.
- Enabled bool
- Determines if SAML v2 IdP initiated login is enabled for this application. See application.samlv2Configuration.authorizedRedirectURLs for information on which destination URLs are allowed.
- Name
Id stringFormat - The value sent in the AuthN response to the SAML v2 Service Provider in the NameID assertion.
- enabled Boolean
- Determines if SAML v2 IdP initiated login is enabled for this application. See application.samlv2Configuration.authorizedRedirectURLs for information on which destination URLs are allowed.
- name
Id StringFormat - The value sent in the AuthN response to the SAML v2 Service Provider in the NameID assertion.
- enabled boolean
- Determines if SAML v2 IdP initiated login is enabled for this application. See application.samlv2Configuration.authorizedRedirectURLs for information on which destination URLs are allowed.
- name
Id stringFormat - The value sent in the AuthN response to the SAML v2 Service Provider in the NameID assertion.
- enabled bool
- Determines if SAML v2 IdP initiated login is enabled for this application. See application.samlv2Configuration.authorizedRedirectURLs for information on which destination URLs are allowed.
- name_
id_ strformat - The value sent in the AuthN response to the SAML v2 Service Provider in the NameID assertion.
- enabled Boolean
- Determines if SAML v2 IdP initiated login is enabled for this application. See application.samlv2Configuration.authorizedRedirectURLs for information on which destination URLs are allowed.
- name
Id StringFormat - The value sent in the AuthN response to the SAML v2 Service Provider in the NameID assertion.
FusionAuthApplicationSamlv2ConfigurationLoginHintConfiguration, FusionAuthApplicationSamlv2ConfigurationLoginHintConfigurationArgs
- Enabled bool
- When enabled, FusionAuth will accept a username or email address as a login hint on a custom HTTP request parameter.
- Parameter
Name string - The name of the parameter that will be used to pass the login hint to the SAML v2 IdP.
- Enabled bool
- When enabled, FusionAuth will accept a username or email address as a login hint on a custom HTTP request parameter.
- Parameter
Name string - The name of the parameter that will be used to pass the login hint to the SAML v2 IdP.
- enabled Boolean
- When enabled, FusionAuth will accept a username or email address as a login hint on a custom HTTP request parameter.
- parameter
Name String - The name of the parameter that will be used to pass the login hint to the SAML v2 IdP.
- enabled boolean
- When enabled, FusionAuth will accept a username or email address as a login hint on a custom HTTP request parameter.
- parameter
Name string - The name of the parameter that will be used to pass the login hint to the SAML v2 IdP.
- enabled bool
- When enabled, FusionAuth will accept a username or email address as a login hint on a custom HTTP request parameter.
- parameter_
name str - The name of the parameter that will be used to pass the login hint to the SAML v2 IdP.
- enabled Boolean
- When enabled, FusionAuth will accept a username or email address as a login hint on a custom HTTP request parameter.
- parameter
Name String - The name of the parameter that will be used to pass the login hint to the SAML v2 IdP.
FusionAuthApplicationSamlv2ConfigurationLogout, FusionAuthApplicationSamlv2ConfigurationLogoutArgs
- Behavior string
- This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
- Default
Verification stringKey Id - The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
- Key
Id string - The unique Id of the Key used to sign the SAML Logout response.
- Require
Signed boolRequests - Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
- Single
Logout theogravity.Fusionauth. Inputs. Fusion Auth Application Samlv2Configuration Logout Single Logout - Xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- Behavior string
- This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
- Default
Verification stringKey Id - The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
- Key
Id string - The unique Id of the Key used to sign the SAML Logout response.
- Require
Signed boolRequests - Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
- Single
Logout FusionAuth Application Samlv2Configuration Logout Single Logout - Xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- behavior String
- This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
- default
Verification StringKey Id - The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
- key
Id String - The unique Id of the Key used to sign the SAML Logout response.
- require
Signed BooleanRequests - Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
- single
Logout FusionAuth Application Samlv2Configuration Logout Single Logout - xml
Signature StringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- behavior string
- This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
- default
Verification stringKey Id - The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
- key
Id string - The unique Id of the Key used to sign the SAML Logout response.
- require
Signed booleanRequests - Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
- single
Logout FusionAuth Application Samlv2Configuration Logout Single Logout - xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- behavior str
- This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
- default_
verification_ strkey_ id - The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
- key_
id str - The unique Id of the Key used to sign the SAML Logout response.
- require_
signed_ boolrequests - Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
- single_
logout FusionAuth Application Samlv2Configuration Logout Single Logout - xml_
signature_ strcanonicalization_ method - The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- behavior String
- This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
- default
Verification StringKey Id - The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
- key
Id String - The unique Id of the Key used to sign the SAML Logout response.
- require
Signed BooleanRequests - Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
- single
Logout Property Map - xml
Signature StringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout, FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogoutArgs
- Enabled bool
- Whether or not SAML Single Logout for this SAML IdP is enabled.
- Key
Id string - The unique Id of the Key used to sign the SAML Single Logout response.
- Url string
- The URL at which you want to receive the LogoutRequest from FusionAuth.
- Xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- Enabled bool
- Whether or not SAML Single Logout for this SAML IdP is enabled.
- Key
Id string - The unique Id of the Key used to sign the SAML Single Logout response.
- Url string
- The URL at which you want to receive the LogoutRequest from FusionAuth.
- Xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- enabled Boolean
- Whether or not SAML Single Logout for this SAML IdP is enabled.
- key
Id String - The unique Id of the Key used to sign the SAML Single Logout response.
- url String
- The URL at which you want to receive the LogoutRequest from FusionAuth.
- xml
Signature StringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- enabled boolean
- Whether or not SAML Single Logout for this SAML IdP is enabled.
- key
Id string - The unique Id of the Key used to sign the SAML Single Logout response.
- url string
- The URL at which you want to receive the LogoutRequest from FusionAuth.
- xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- enabled bool
- Whether or not SAML Single Logout for this SAML IdP is enabled.
- key_
id str - The unique Id of the Key used to sign the SAML Single Logout response.
- url str
- The URL at which you want to receive the LogoutRequest from FusionAuth.
- xml_
signature_ strcanonicalization_ method - The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- enabled Boolean
- Whether or not SAML Single Logout for this SAML IdP is enabled.
- key
Id String - The unique Id of the Key used to sign the SAML Single Logout response.
- url String
- The URL at which you want to receive the LogoutRequest from FusionAuth.
- xml
Signature StringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
FusionAuthApplicationWebauthnConfiguration, FusionAuthApplicationWebauthnConfigurationArgs
- Bootstrap
Workflow boolEnabled - Indicates if this application enables WebAuthn workflows based on the configuration defined here or the Tenant WebAuthn configuration. If this is false, WebAuthn workflows will be enabled based on the Tenant configuration. If true, WebAuthn workflows will be enabled according to the configuration of this application.
- Enabled bool
- Whether the WebAuthn bootstrap workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
- Reauthentication
Workflow boolEnabled - Whether the WebAuthn reauthentication workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
- Bootstrap
Workflow boolEnabled - Indicates if this application enables WebAuthn workflows based on the configuration defined here or the Tenant WebAuthn configuration. If this is false, WebAuthn workflows will be enabled based on the Tenant configuration. If true, WebAuthn workflows will be enabled according to the configuration of this application.
- Enabled bool
- Whether the WebAuthn bootstrap workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
- Reauthentication
Workflow boolEnabled - Whether the WebAuthn reauthentication workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
- bootstrap
Workflow BooleanEnabled - Indicates if this application enables WebAuthn workflows based on the configuration defined here or the Tenant WebAuthn configuration. If this is false, WebAuthn workflows will be enabled based on the Tenant configuration. If true, WebAuthn workflows will be enabled according to the configuration of this application.
- enabled Boolean
- Whether the WebAuthn bootstrap workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
- reauthentication
Workflow BooleanEnabled - Whether the WebAuthn reauthentication workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
- bootstrap
Workflow booleanEnabled - Indicates if this application enables WebAuthn workflows based on the configuration defined here or the Tenant WebAuthn configuration. If this is false, WebAuthn workflows will be enabled based on the Tenant configuration. If true, WebAuthn workflows will be enabled according to the configuration of this application.
- enabled boolean
- Whether the WebAuthn bootstrap workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
- reauthentication
Workflow booleanEnabled - Whether the WebAuthn reauthentication workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
- bootstrap_
workflow_ boolenabled - Indicates if this application enables WebAuthn workflows based on the configuration defined here or the Tenant WebAuthn configuration. If this is false, WebAuthn workflows will be enabled based on the Tenant configuration. If true, WebAuthn workflows will be enabled according to the configuration of this application.
- enabled bool
- Whether the WebAuthn bootstrap workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
- reauthentication_
workflow_ boolenabled - Whether the WebAuthn reauthentication workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
- bootstrap
Workflow BooleanEnabled - Indicates if this application enables WebAuthn workflows based on the configuration defined here or the Tenant WebAuthn configuration. If this is false, WebAuthn workflows will be enabled based on the Tenant configuration. If true, WebAuthn workflows will be enabled according to the configuration of this application.
- enabled Boolean
- Whether the WebAuthn bootstrap workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
- reauthentication
Workflow BooleanEnabled - Whether the WebAuthn reauthentication workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
Package Details
- Repository
- fusionauth theogravity/pulumi-fusionauth
- License
- MIT
- Notes
- This Pulumi package is based on the
fusionauth
Terraform Provider.