1. Packages
  2. FusionAuth
  3. API Docs
  4. FusionAuthApplication
FusionAuth v4.0.1 published on Saturday, Sep 30, 2023 by Theo Gravity

fusionauth.FusionAuthApplication

Explore with Pulumi AI

fusionauth logo
FusionAuth v4.0.1 published on Saturday, Sep 30, 2023 by Theo Gravity

    # Application Resource

    Applications API

    Example Usage

    using System.Collections.Generic;
    using Pulumi;
    using Fusionauth = theogravity.Fusionauth;
    
    return await Deployment.RunAsync(() => 
    {
        var forum = new Fusionauth.FusionAuthApplication("forum", new()
        {
            TenantId = fusionauth_tenant.Portal.Id,
            AuthenticationTokenConfigurationEnabled = false,
            FormConfiguration = new Fusionauth.Inputs.FusionAuthApplicationFormConfigurationArgs
            {
                AdminRegistrationFormId = fusionauth_form.Admin_registration.Id,
                SelfServiceFormId = fusionauth_form.Self_service.Id,
            },
            JwtConfiguration = new Fusionauth.Inputs.FusionAuthApplicationJwtConfigurationArgs
            {
                AccessTokenId = fusionauth_key.Access_token.Id,
                Enabled = true,
                IdTokenKeyId = fusionauth_key.Id_token.Id,
                RefreshTokenTtlMinutes = 43200,
                TtlSeconds = 3600,
            },
            LambdaConfiguration = new Fusionauth.Inputs.FusionAuthApplicationLambdaConfigurationArgs
            {
                AccessTokenPopulateId = fusionauth_lambda.Token_populate.Id,
                IdTokenPopulateId = fusionauth_lambda.Id_token_populate.Id,
            },
            LoginConfiguration = new Fusionauth.Inputs.FusionAuthApplicationLoginConfigurationArgs
            {
                AllowTokenRefresh = false,
                GenerateRefreshTokens = false,
                RequireAuthentication = true,
            },
            MultiFactorConfiguration = new Fusionauth.Inputs.FusionAuthApplicationMultiFactorConfigurationArgs
            {
                EmailTemplateId = "859f394b-22a6-4fa6-ba55-de700df9e950",
                SmsTemplateId = "17760f96-dca7-448b-9a8f-c49016aa7210",
                LoginPolicy = "Required",
                TrustPolicy = "Any",
            },
            OauthConfiguration = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationArgs
            {
                AuthorizedOriginUrls = new[]
                {
                    "http://www.example.com/oauth-callback",
                },
                AuthorizedUrlValidationPolicy = "ExactMatch",
                EnabledGrants = new[]
                {
                    "authorization_code",
                    "implicit",
                },
                GenerateRefreshTokens = false,
                LogoutBehavior = "AllApplications",
                LogoutUrl = "http://www.example.com/logout",
                RequireClientAuthentication = false,
            },
            RegistrationConfiguration = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationArgs
            {
                BirthDate = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationBirthDateArgs
                {
                    Enabled = false,
                    Required = false,
                },
                ConfirmPassword = false,
                Enabled = false,
                FirstName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFirstNameArgs
                {
                    Enabled = false,
                    Required = false,
                },
                FullName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFullNameArgs
                {
                    Enabled = false,
                    Required = false,
                },
                LastName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationLastNameArgs
                {
                    Enabled = false,
                    Required = false,
                },
                LoginIdType = "",
                MiddleName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs
                {
                    Enabled = false,
                    Required = false,
                },
                MobilePhone = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs
                {
                    Enabled = false,
                    Required = false,
                },
                Type = "",
            },
            PasswordlessConfigurationEnabled = false,
            RegistrationDeletePolicy = new Fusionauth.Inputs.FusionAuthApplicationRegistrationDeletePolicyArgs
            {
                UnverifiedEnabled = true,
                UnverifiedNumberOfDaysToRetain = 30,
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/theogravity/pulumi-fusionauth/sdk/v3/go/fusionauth"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := fusionauth.NewFusionAuthApplication(ctx, "forum", &fusionauth.FusionAuthApplicationArgs{
    			TenantId:                                pulumi.Any(fusionauth_tenant.Portal.Id),
    			AuthenticationTokenConfigurationEnabled: pulumi.Bool(false),
    			FormConfiguration: &fusionauth.FusionAuthApplicationFormConfigurationArgs{
    				AdminRegistrationFormId: pulumi.Any(fusionauth_form.Admin_registration.Id),
    				SelfServiceFormId:       pulumi.Any(fusionauth_form.Self_service.Id),
    			},
    			JwtConfiguration: &fusionauth.FusionAuthApplicationJwtConfigurationArgs{
    				AccessTokenId:          pulumi.Any(fusionauth_key.Access_token.Id),
    				Enabled:                pulumi.Bool(true),
    				IdTokenKeyId:           pulumi.Any(fusionauth_key.Id_token.Id),
    				RefreshTokenTtlMinutes: pulumi.Int(43200),
    				TtlSeconds:             pulumi.Int(3600),
    			},
    			LambdaConfiguration: &fusionauth.FusionAuthApplicationLambdaConfigurationArgs{
    				AccessTokenPopulateId: pulumi.Any(fusionauth_lambda.Token_populate.Id),
    				IdTokenPopulateId:     pulumi.Any(fusionauth_lambda.Id_token_populate.Id),
    			},
    			LoginConfiguration: &fusionauth.FusionAuthApplicationLoginConfigurationArgs{
    				AllowTokenRefresh:     pulumi.Bool(false),
    				GenerateRefreshTokens: pulumi.Bool(false),
    				RequireAuthentication: pulumi.Bool(true),
    			},
    			MultiFactorConfiguration: &fusionauth.FusionAuthApplicationMultiFactorConfigurationArgs{
    				EmailTemplateId: pulumi.String("859f394b-22a6-4fa6-ba55-de700df9e950"),
    				SmsTemplateId:   pulumi.String("17760f96-dca7-448b-9a8f-c49016aa7210"),
    				LoginPolicy:     pulumi.String("Required"),
    				TrustPolicy:     pulumi.String("Any"),
    			},
    			OauthConfiguration: &fusionauth.FusionAuthApplicationOauthConfigurationArgs{
    				AuthorizedOriginUrls: pulumi.StringArray{
    					pulumi.String("http://www.example.com/oauth-callback"),
    				},
    				AuthorizedUrlValidationPolicy: pulumi.String("ExactMatch"),
    				EnabledGrants: pulumi.StringArray{
    					pulumi.String("authorization_code"),
    					pulumi.String("implicit"),
    				},
    				GenerateRefreshTokens:       pulumi.Bool(false),
    				LogoutBehavior:              pulumi.String("AllApplications"),
    				LogoutUrl:                   pulumi.String("http://www.example.com/logout"),
    				RequireClientAuthentication: pulumi.Bool(false),
    			},
    			RegistrationConfiguration: &fusionauth.FusionAuthApplicationRegistrationConfigurationArgs{
    				BirthDate: &fusionauth.FusionAuthApplicationRegistrationConfigurationBirthDateArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    				ConfirmPassword: pulumi.Bool(false),
    				Enabled:         pulumi.Bool(false),
    				FirstName: &fusionauth.FusionAuthApplicationRegistrationConfigurationFirstNameArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    				FullName: &fusionauth.FusionAuthApplicationRegistrationConfigurationFullNameArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    				LastName: &fusionauth.FusionAuthApplicationRegistrationConfigurationLastNameArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    				LoginIdType: pulumi.String(""),
    				MiddleName: &fusionauth.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    				MobilePhone: &fusionauth.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    				Type: pulumi.String(""),
    			},
    			PasswordlessConfigurationEnabled: pulumi.Bool(false),
    			RegistrationDeletePolicy: &fusionauth.FusionAuthApplicationRegistrationDeletePolicyArgs{
    				UnverifiedEnabled:              pulumi.Bool(true),
    				UnverifiedNumberOfDaysToRetain: pulumi.Int(30),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fusionauth.FusionAuthApplication;
    import com.pulumi.fusionauth.FusionAuthApplicationArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationFormConfigurationArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationJwtConfigurationArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationLambdaConfigurationArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationLoginConfigurationArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationMultiFactorConfigurationArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationOauthConfigurationArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationBirthDateArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationFirstNameArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationFullNameArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationLastNameArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationDeletePolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var forum = new FusionAuthApplication("forum", FusionAuthApplicationArgs.builder()        
                .tenantId(fusionauth_tenant.portal().id())
                .authenticationTokenConfigurationEnabled(false)
                .formConfiguration(FusionAuthApplicationFormConfigurationArgs.builder()
                    .adminRegistrationFormId(fusionauth_form.admin_registration().id())
                    .selfServiceFormId(fusionauth_form.self_service().id())
                    .build())
                .jwtConfiguration(FusionAuthApplicationJwtConfigurationArgs.builder()
                    .accessTokenId(fusionauth_key.access_token().id())
                    .enabled(true)
                    .idTokenKeyId(fusionauth_key.id_token().id())
                    .refreshTokenTtlMinutes(43200)
                    .ttlSeconds(3600)
                    .build())
                .lambdaConfiguration(FusionAuthApplicationLambdaConfigurationArgs.builder()
                    .accessTokenPopulateId(fusionauth_lambda.token_populate().id())
                    .idTokenPopulateId(fusionauth_lambda.id_token_populate().id())
                    .build())
                .loginConfiguration(FusionAuthApplicationLoginConfigurationArgs.builder()
                    .allowTokenRefresh(false)
                    .generateRefreshTokens(false)
                    .requireAuthentication(true)
                    .build())
                .multiFactorConfiguration(FusionAuthApplicationMultiFactorConfigurationArgs.builder()
                    .emailTemplateId("859f394b-22a6-4fa6-ba55-de700df9e950")
                    .smsTemplateId("17760f96-dca7-448b-9a8f-c49016aa7210")
                    .loginPolicy("Required")
                    .trustPolicy("Any")
                    .build())
                .oauthConfiguration(FusionAuthApplicationOauthConfigurationArgs.builder()
                    .authorizedOriginUrls("http://www.example.com/oauth-callback")
                    .authorizedUrlValidationPolicy("ExactMatch")
                    .enabledGrants(                
                        "authorization_code",
                        "implicit")
                    .generateRefreshTokens(false)
                    .logoutBehavior("AllApplications")
                    .logoutUrl("http://www.example.com/logout")
                    .requireClientAuthentication(false)
                    .build())
                .registrationConfiguration(FusionAuthApplicationRegistrationConfigurationArgs.builder()
                    .birthDate(FusionAuthApplicationRegistrationConfigurationBirthDateArgs.builder()
                        .enabled(false)
                        .required(false)
                        .build())
                    .confirmPassword(false)
                    .enabled(false)
                    .firstName(FusionAuthApplicationRegistrationConfigurationFirstNameArgs.builder()
                        .enabled(false)
                        .required(false)
                        .build())
                    .fullName(FusionAuthApplicationRegistrationConfigurationFullNameArgs.builder()
                        .enabled(false)
                        .required(false)
                        .build())
                    .lastName(FusionAuthApplicationRegistrationConfigurationLastNameArgs.builder()
                        .enabled(false)
                        .required(false)
                        .build())
                    .loginIdType("")
                    .middleName(FusionAuthApplicationRegistrationConfigurationMiddleNameArgs.builder()
                        .enabled(false)
                        .required(false)
                        .build())
                    .mobilePhone(FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs.builder()
                        .enabled(false)
                        .required(false)
                        .build())
                    .type("")
                    .build())
                .passwordlessConfigurationEnabled(false)
                .registrationDeletePolicy(FusionAuthApplicationRegistrationDeletePolicyArgs.builder()
                    .unverifiedEnabled(true)
                    .unverifiedNumberOfDaysToRetain(30)
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import theogravity_pulumi-fusionauth as fusionauth
    
    forum = fusionauth.FusionAuthApplication("forum",
        tenant_id=fusionauth_tenant["portal"]["id"],
        authentication_token_configuration_enabled=False,
        form_configuration=fusionauth.FusionAuthApplicationFormConfigurationArgs(
            admin_registration_form_id=fusionauth_form["admin_registration"]["id"],
            self_service_form_id=fusionauth_form["self_service"]["id"],
        ),
        jwt_configuration=fusionauth.FusionAuthApplicationJwtConfigurationArgs(
            access_token_id=fusionauth_key["access_token"]["id"],
            enabled=True,
            id_token_key_id=fusionauth_key["id_token"]["id"],
            refresh_token_ttl_minutes=43200,
            ttl_seconds=3600,
        ),
        lambda_configuration=fusionauth.FusionAuthApplicationLambdaConfigurationArgs(
            access_token_populate_id=fusionauth_lambda["token_populate"]["id"],
            id_token_populate_id=fusionauth_lambda["id_token_populate"]["id"],
        ),
        login_configuration=fusionauth.FusionAuthApplicationLoginConfigurationArgs(
            allow_token_refresh=False,
            generate_refresh_tokens=False,
            require_authentication=True,
        ),
        multi_factor_configuration=fusionauth.FusionAuthApplicationMultiFactorConfigurationArgs(
            email_template_id="859f394b-22a6-4fa6-ba55-de700df9e950",
            sms_template_id="17760f96-dca7-448b-9a8f-c49016aa7210",
            login_policy="Required",
            trust_policy="Any",
        ),
        oauth_configuration=fusionauth.FusionAuthApplicationOauthConfigurationArgs(
            authorized_origin_urls=["http://www.example.com/oauth-callback"],
            authorized_url_validation_policy="ExactMatch",
            enabled_grants=[
                "authorization_code",
                "implicit",
            ],
            generate_refresh_tokens=False,
            logout_behavior="AllApplications",
            logout_url="http://www.example.com/logout",
            require_client_authentication=False,
        ),
        registration_configuration=fusionauth.FusionAuthApplicationRegistrationConfigurationArgs(
            birth_date=fusionauth.FusionAuthApplicationRegistrationConfigurationBirthDateArgs(
                enabled=False,
                required=False,
            ),
            confirm_password=False,
            enabled=False,
            first_name=fusionauth.FusionAuthApplicationRegistrationConfigurationFirstNameArgs(
                enabled=False,
                required=False,
            ),
            full_name=fusionauth.FusionAuthApplicationRegistrationConfigurationFullNameArgs(
                enabled=False,
                required=False,
            ),
            last_name=fusionauth.FusionAuthApplicationRegistrationConfigurationLastNameArgs(
                enabled=False,
                required=False,
            ),
            login_id_type="",
            middle_name=fusionauth.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs(
                enabled=False,
                required=False,
            ),
            mobile_phone=fusionauth.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs(
                enabled=False,
                required=False,
            ),
            type="",
        ),
        passwordless_configuration_enabled=False,
        registration_delete_policy=fusionauth.FusionAuthApplicationRegistrationDeletePolicyArgs(
            unverified_enabled=True,
            unverified_number_of_days_to_retain=30,
        ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as fusionauth from "pulumi-fusionauth";
    
    const forum = new fusionauth.FusionAuthApplication("forum", {
        tenantId: fusionauth_tenant.portal.id,
        authenticationTokenConfigurationEnabled: false,
        formConfiguration: {
            adminRegistrationFormId: fusionauth_form.admin_registration.id,
            selfServiceFormId: fusionauth_form.self_service.id,
        },
        jwtConfiguration: {
            accessTokenId: fusionauth_key.access_token.id,
            enabled: true,
            idTokenKeyId: fusionauth_key.id_token.id,
            refreshTokenTtlMinutes: 43200,
            ttlSeconds: 3600,
        },
        lambdaConfiguration: {
            accessTokenPopulateId: fusionauth_lambda.token_populate.id,
            idTokenPopulateId: fusionauth_lambda.id_token_populate.id,
        },
        loginConfiguration: {
            allowTokenRefresh: false,
            generateRefreshTokens: false,
            requireAuthentication: true,
        },
        multiFactorConfiguration: {
            emailTemplateId: "859f394b-22a6-4fa6-ba55-de700df9e950",
            smsTemplateId: "17760f96-dca7-448b-9a8f-c49016aa7210",
            loginPolicy: "Required",
            trustPolicy: "Any",
        },
        oauthConfiguration: {
            authorizedOriginUrls: ["http://www.example.com/oauth-callback"],
            authorizedUrlValidationPolicy: "ExactMatch",
            enabledGrants: [
                "authorization_code",
                "implicit",
            ],
            generateRefreshTokens: false,
            logoutBehavior: "AllApplications",
            logoutUrl: "http://www.example.com/logout",
            requireClientAuthentication: false,
        },
        registrationConfiguration: {
            birthDate: {
                enabled: false,
                required: false,
            },
            confirmPassword: false,
            enabled: false,
            firstName: {
                enabled: false,
                required: false,
            },
            fullName: {
                enabled: false,
                required: false,
            },
            lastName: {
                enabled: false,
                required: false,
            },
            loginIdType: "",
            middleName: {
                enabled: false,
                required: false,
            },
            mobilePhone: {
                enabled: false,
                required: false,
            },
            type: "",
        },
        passwordlessConfigurationEnabled: false,
        registrationDeletePolicy: {
            unverifiedEnabled: true,
            unverifiedNumberOfDaysToRetain: 30,
        },
    });
    
    resources:
      forum:
        type: fusionauth:FusionAuthApplication
        properties:
          tenantId: ${fusionauth_tenant.portal.id}
          authenticationTokenConfigurationEnabled: false
          formConfiguration:
            adminRegistrationFormId: ${fusionauth_form.admin_registration.id}
            selfServiceFormId: ${fusionauth_form.self_service.id}
          jwtConfiguration:
            accessTokenId: ${fusionauth_key.access_token.id}
            enabled: true
            idTokenKeyId: ${fusionauth_key.id_token.id}
            refreshTokenTtlMinutes: 43200
            ttlSeconds: 3600
          lambdaConfiguration:
            accessTokenPopulateId: ${fusionauth_lambda.token_populate.id}
            idTokenPopulateId: ${fusionauth_lambda.id_token_populate.id}
          loginConfiguration:
            allowTokenRefresh: false
            generateRefreshTokens: false
            requireAuthentication: true
          multiFactorConfiguration:
            emailTemplateId: 859f394b-22a6-4fa6-ba55-de700df9e950
            smsTemplateId: 17760f96-dca7-448b-9a8f-c49016aa7210
            loginPolicy: Required
            trustPolicy: Any
          oauthConfiguration:
            authorizedOriginUrls:
              - http://www.example.com/oauth-callback
            authorizedUrlValidationPolicy: ExactMatch
            enabledGrants:
              - authorization_code
              - implicit
            generateRefreshTokens: false
            logoutBehavior: AllApplications
            logoutUrl: http://www.example.com/logout
            requireClientAuthentication: false
          registrationConfiguration:
            birthDate:
              enabled: false
              required: false
            confirmPassword: false
            enabled: false
            firstName:
              enabled: false
              required: false
            fullName:
              enabled: false
              required: false
            lastName:
              enabled: false
              required: false
            loginIdType:
            middleName:
              enabled: false
              required: false
            mobilePhone:
              enabled: false
              required: false
            type:
          passwordlessConfigurationEnabled: false
          registrationDeletePolicy:
            unverifiedEnabled: true
            unverifiedNumberOfDaysToRetain: 30
    

    Create FusionAuthApplication Resource

    new FusionAuthApplication(name: string, args: FusionAuthApplicationArgs, opts?: CustomResourceOptions);
    @overload
    def FusionAuthApplication(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              access_control_configuration: Optional[FusionAuthApplicationAccessControlConfigurationArgs] = None,
                              application_id: Optional[str] = None,
                              authentication_token_configuration_enabled: Optional[bool] = None,
                              clean_speak_configuration: Optional[FusionAuthApplicationCleanSpeakConfigurationArgs] = None,
                              data: Optional[Mapping[str, Any]] = None,
                              email_configuration: Optional[FusionAuthApplicationEmailConfigurationArgs] = None,
                              form_configuration: Optional[FusionAuthApplicationFormConfigurationArgs] = None,
                              jwt_configuration: Optional[FusionAuthApplicationJwtConfigurationArgs] = None,
                              lambda_configuration: Optional[FusionAuthApplicationLambdaConfigurationArgs] = None,
                              login_configuration: Optional[FusionAuthApplicationLoginConfigurationArgs] = None,
                              multi_factor_configuration: Optional[FusionAuthApplicationMultiFactorConfigurationArgs] = None,
                              name: Optional[str] = None,
                              oauth_configuration: Optional[FusionAuthApplicationOauthConfigurationArgs] = None,
                              passwordless_configuration_enabled: Optional[bool] = None,
                              registration_configuration: Optional[FusionAuthApplicationRegistrationConfigurationArgs] = None,
                              registration_delete_policy: Optional[FusionAuthApplicationRegistrationDeletePolicyArgs] = None,
                              samlv2_configuration: Optional[FusionAuthApplicationSamlv2ConfigurationArgs] = None,
                              tenant_id: Optional[str] = None,
                              theme_id: Optional[str] = None,
                              verification_email_template_id: Optional[str] = None,
                              verification_strategy: Optional[str] = None,
                              verify_registration: Optional[bool] = None)
    @overload
    def FusionAuthApplication(resource_name: str,
                              args: FusionAuthApplicationArgs,
                              opts: Optional[ResourceOptions] = None)
    func NewFusionAuthApplication(ctx *Context, name string, args FusionAuthApplicationArgs, opts ...ResourceOption) (*FusionAuthApplication, error)
    public FusionAuthApplication(string name, FusionAuthApplicationArgs args, CustomResourceOptions? opts = null)
    public FusionAuthApplication(String name, FusionAuthApplicationArgs args)
    public FusionAuthApplication(String name, FusionAuthApplicationArgs args, CustomResourceOptions options)
    
    type: fusionauth:FusionAuthApplication
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args FusionAuthApplicationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FusionAuthApplicationArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FusionAuthApplicationArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FusionAuthApplicationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FusionAuthApplicationArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    FusionAuthApplication Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The FusionAuthApplication resource accepts the following input properties:

    TenantId string
    AccessControlConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationAccessControlConfiguration
    ApplicationId string

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    AuthenticationTokenConfigurationEnabled bool

    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.

    CleanSpeakConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationCleanSpeakConfiguration
    Data Dictionary<string, object>

    An object that can hold any information about the Application that should be persisted.

    EmailConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationEmailConfiguration
    FormConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationFormConfiguration
    JwtConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationJwtConfiguration
    LambdaConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationLambdaConfiguration
    LoginConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationLoginConfiguration
    MultiFactorConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationMultiFactorConfiguration
    Name string

    The name of the Application.

    OauthConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationOauthConfiguration
    PasswordlessConfigurationEnabled bool

    Determines if passwordless login is enabled for this application.

    RegistrationConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfiguration
    RegistrationDeletePolicy theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationDeletePolicy
    Samlv2Configuration theogravity.Fusionauth.Inputs.FusionAuthApplicationSamlv2Configuration
    ThemeId string

    The unique Id of the theme to be used to style the login page and other end user templates.

    VerificationEmailTemplateId string

    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.

    VerificationStrategy string

    The process by which the user will verify their email address. Possible values are ClickableLink or FormField

    VerifyRegistration bool

    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.

    TenantId string
    AccessControlConfiguration FusionAuthApplicationAccessControlConfigurationArgs
    ApplicationId string

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    AuthenticationTokenConfigurationEnabled bool

    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.

    CleanSpeakConfiguration FusionAuthApplicationCleanSpeakConfigurationArgs
    Data map[string]interface{}

    An object that can hold any information about the Application that should be persisted.

    EmailConfiguration FusionAuthApplicationEmailConfigurationArgs
    FormConfiguration FusionAuthApplicationFormConfigurationArgs
    JwtConfiguration FusionAuthApplicationJwtConfigurationArgs
    LambdaConfiguration FusionAuthApplicationLambdaConfigurationArgs
    LoginConfiguration FusionAuthApplicationLoginConfigurationArgs
    MultiFactorConfiguration FusionAuthApplicationMultiFactorConfigurationArgs
    Name string

    The name of the Application.

    OauthConfiguration FusionAuthApplicationOauthConfigurationArgs
    PasswordlessConfigurationEnabled bool

    Determines if passwordless login is enabled for this application.

    RegistrationConfiguration FusionAuthApplicationRegistrationConfigurationArgs
    RegistrationDeletePolicy FusionAuthApplicationRegistrationDeletePolicyArgs
    Samlv2Configuration FusionAuthApplicationSamlv2ConfigurationArgs
    ThemeId string

    The unique Id of the theme to be used to style the login page and other end user templates.

    VerificationEmailTemplateId string

    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.

    VerificationStrategy string

    The process by which the user will verify their email address. Possible values are ClickableLink or FormField

    VerifyRegistration bool

    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.

    tenantId String
    accessControlConfiguration FusionAuthApplicationAccessControlConfiguration
    applicationId String

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    authenticationTokenConfigurationEnabled Boolean

    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.

    cleanSpeakConfiguration FusionAuthApplicationCleanSpeakConfiguration
    data Map<String,Object>

    An object that can hold any information about the Application that should be persisted.

    emailConfiguration FusionAuthApplicationEmailConfiguration
    formConfiguration FusionAuthApplicationFormConfiguration
    jwtConfiguration FusionAuthApplicationJwtConfiguration
    lambdaConfiguration FusionAuthApplicationLambdaConfiguration
    loginConfiguration FusionAuthApplicationLoginConfiguration
    multiFactorConfiguration FusionAuthApplicationMultiFactorConfiguration
    name String

    The name of the Application.

    oauthConfiguration FusionAuthApplicationOauthConfiguration
    passwordlessConfigurationEnabled Boolean

    Determines if passwordless login is enabled for this application.

    registrationConfiguration FusionAuthApplicationRegistrationConfiguration
    registrationDeletePolicy FusionAuthApplicationRegistrationDeletePolicy
    samlv2Configuration FusionAuthApplicationSamlv2Configuration
    themeId String

    The unique Id of the theme to be used to style the login page and other end user templates.

    verificationEmailTemplateId String

    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.

    verificationStrategy String

    The process by which the user will verify their email address. Possible values are ClickableLink or FormField

    verifyRegistration Boolean

    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.

    tenantId string
    accessControlConfiguration FusionAuthApplicationAccessControlConfiguration
    applicationId string

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    authenticationTokenConfigurationEnabled boolean

    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.

    cleanSpeakConfiguration FusionAuthApplicationCleanSpeakConfiguration
    data {[key: string]: any}

    An object that can hold any information about the Application that should be persisted.

    emailConfiguration FusionAuthApplicationEmailConfiguration
    formConfiguration FusionAuthApplicationFormConfiguration
    jwtConfiguration FusionAuthApplicationJwtConfiguration
    lambdaConfiguration FusionAuthApplicationLambdaConfiguration
    loginConfiguration FusionAuthApplicationLoginConfiguration
    multiFactorConfiguration FusionAuthApplicationMultiFactorConfiguration
    name string

    The name of the Application.

    oauthConfiguration FusionAuthApplicationOauthConfiguration
    passwordlessConfigurationEnabled boolean

    Determines if passwordless login is enabled for this application.

    registrationConfiguration FusionAuthApplicationRegistrationConfiguration
    registrationDeletePolicy FusionAuthApplicationRegistrationDeletePolicy
    samlv2Configuration FusionAuthApplicationSamlv2Configuration
    themeId string

    The unique Id of the theme to be used to style the login page and other end user templates.

    verificationEmailTemplateId string

    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.

    verificationStrategy string

    The process by which the user will verify their email address. Possible values are ClickableLink or FormField

    verifyRegistration boolean

    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.

    tenant_id str
    access_control_configuration FusionAuthApplicationAccessControlConfigurationArgs
    application_id str

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    authentication_token_configuration_enabled bool

    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.

    clean_speak_configuration FusionAuthApplicationCleanSpeakConfigurationArgs
    data Mapping[str, Any]

    An object that can hold any information about the Application that should be persisted.

    email_configuration FusionAuthApplicationEmailConfigurationArgs
    form_configuration FusionAuthApplicationFormConfigurationArgs
    jwt_configuration FusionAuthApplicationJwtConfigurationArgs
    lambda_configuration FusionAuthApplicationLambdaConfigurationArgs
    login_configuration FusionAuthApplicationLoginConfigurationArgs
    multi_factor_configuration FusionAuthApplicationMultiFactorConfigurationArgs
    name str

    The name of the Application.

    oauth_configuration FusionAuthApplicationOauthConfigurationArgs
    passwordless_configuration_enabled bool

    Determines if passwordless login is enabled for this application.

    registration_configuration FusionAuthApplicationRegistrationConfigurationArgs
    registration_delete_policy FusionAuthApplicationRegistrationDeletePolicyArgs
    samlv2_configuration FusionAuthApplicationSamlv2ConfigurationArgs
    theme_id str

    The unique Id of the theme to be used to style the login page and other end user templates.

    verification_email_template_id str

    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.

    verification_strategy str

    The process by which the user will verify their email address. Possible values are ClickableLink or FormField

    verify_registration bool

    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.

    tenantId String
    accessControlConfiguration Property Map
    applicationId String

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    authenticationTokenConfigurationEnabled Boolean

    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.

    cleanSpeakConfiguration Property Map
    data Map<Any>

    An object that can hold any information about the Application that should be persisted.

    emailConfiguration Property Map
    formConfiguration Property Map
    jwtConfiguration Property Map
    lambdaConfiguration Property Map
    loginConfiguration Property Map
    multiFactorConfiguration Property Map
    name String

    The name of the Application.

    oauthConfiguration Property Map
    passwordlessConfigurationEnabled Boolean

    Determines if passwordless login is enabled for this application.

    registrationConfiguration Property Map
    registrationDeletePolicy Property Map
    samlv2Configuration Property Map
    themeId String

    The unique Id of the theme to be used to style the login page and other end user templates.

    verificationEmailTemplateId String

    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.

    verificationStrategy String

    The process by which the user will verify their email address. Possible values are ClickableLink or FormField

    verifyRegistration Boolean

    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FusionAuthApplication resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    Id string

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    id string

    The provider-assigned unique ID for this managed resource.

    id str

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    Look up Existing FusionAuthApplication Resource

    Get an existing FusionAuthApplication resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FusionAuthApplicationState, opts?: CustomResourceOptions): FusionAuthApplication
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            access_control_configuration: Optional[FusionAuthApplicationAccessControlConfigurationArgs] = None,
            application_id: Optional[str] = None,
            authentication_token_configuration_enabled: Optional[bool] = None,
            clean_speak_configuration: Optional[FusionAuthApplicationCleanSpeakConfigurationArgs] = None,
            data: Optional[Mapping[str, Any]] = None,
            email_configuration: Optional[FusionAuthApplicationEmailConfigurationArgs] = None,
            form_configuration: Optional[FusionAuthApplicationFormConfigurationArgs] = None,
            jwt_configuration: Optional[FusionAuthApplicationJwtConfigurationArgs] = None,
            lambda_configuration: Optional[FusionAuthApplicationLambdaConfigurationArgs] = None,
            login_configuration: Optional[FusionAuthApplicationLoginConfigurationArgs] = None,
            multi_factor_configuration: Optional[FusionAuthApplicationMultiFactorConfigurationArgs] = None,
            name: Optional[str] = None,
            oauth_configuration: Optional[FusionAuthApplicationOauthConfigurationArgs] = None,
            passwordless_configuration_enabled: Optional[bool] = None,
            registration_configuration: Optional[FusionAuthApplicationRegistrationConfigurationArgs] = None,
            registration_delete_policy: Optional[FusionAuthApplicationRegistrationDeletePolicyArgs] = None,
            samlv2_configuration: Optional[FusionAuthApplicationSamlv2ConfigurationArgs] = None,
            tenant_id: Optional[str] = None,
            theme_id: Optional[str] = None,
            verification_email_template_id: Optional[str] = None,
            verification_strategy: Optional[str] = None,
            verify_registration: Optional[bool] = None) -> FusionAuthApplication
    func GetFusionAuthApplication(ctx *Context, name string, id IDInput, state *FusionAuthApplicationState, opts ...ResourceOption) (*FusionAuthApplication, error)
    public static FusionAuthApplication Get(string name, Input<string> id, FusionAuthApplicationState? state, CustomResourceOptions? opts = null)
    public static FusionAuthApplication get(String name, Output<String> id, FusionAuthApplicationState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessControlConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationAccessControlConfiguration
    ApplicationId string

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    AuthenticationTokenConfigurationEnabled bool

    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.

    CleanSpeakConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationCleanSpeakConfiguration
    Data Dictionary<string, object>

    An object that can hold any information about the Application that should be persisted.

    EmailConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationEmailConfiguration
    FormConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationFormConfiguration
    JwtConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationJwtConfiguration
    LambdaConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationLambdaConfiguration
    LoginConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationLoginConfiguration
    MultiFactorConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationMultiFactorConfiguration
    Name string

    The name of the Application.

    OauthConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationOauthConfiguration
    PasswordlessConfigurationEnabled bool

    Determines if passwordless login is enabled for this application.

    RegistrationConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfiguration
    RegistrationDeletePolicy theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationDeletePolicy
    Samlv2Configuration theogravity.Fusionauth.Inputs.FusionAuthApplicationSamlv2Configuration
    TenantId string
    ThemeId string

    The unique Id of the theme to be used to style the login page and other end user templates.

    VerificationEmailTemplateId string

    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.

    VerificationStrategy string

    The process by which the user will verify their email address. Possible values are ClickableLink or FormField

    VerifyRegistration bool

    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.

    AccessControlConfiguration FusionAuthApplicationAccessControlConfigurationArgs
    ApplicationId string

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    AuthenticationTokenConfigurationEnabled bool

    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.

    CleanSpeakConfiguration FusionAuthApplicationCleanSpeakConfigurationArgs
    Data map[string]interface{}

    An object that can hold any information about the Application that should be persisted.

    EmailConfiguration FusionAuthApplicationEmailConfigurationArgs
    FormConfiguration FusionAuthApplicationFormConfigurationArgs
    JwtConfiguration FusionAuthApplicationJwtConfigurationArgs
    LambdaConfiguration FusionAuthApplicationLambdaConfigurationArgs
    LoginConfiguration FusionAuthApplicationLoginConfigurationArgs
    MultiFactorConfiguration FusionAuthApplicationMultiFactorConfigurationArgs
    Name string

    The name of the Application.

    OauthConfiguration FusionAuthApplicationOauthConfigurationArgs
    PasswordlessConfigurationEnabled bool

    Determines if passwordless login is enabled for this application.

    RegistrationConfiguration FusionAuthApplicationRegistrationConfigurationArgs
    RegistrationDeletePolicy FusionAuthApplicationRegistrationDeletePolicyArgs
    Samlv2Configuration FusionAuthApplicationSamlv2ConfigurationArgs
    TenantId string
    ThemeId string

    The unique Id of the theme to be used to style the login page and other end user templates.

    VerificationEmailTemplateId string

    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.

    VerificationStrategy string

    The process by which the user will verify their email address. Possible values are ClickableLink or FormField

    VerifyRegistration bool

    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.

    accessControlConfiguration FusionAuthApplicationAccessControlConfiguration
    applicationId String

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    authenticationTokenConfigurationEnabled Boolean

    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.

    cleanSpeakConfiguration FusionAuthApplicationCleanSpeakConfiguration
    data Map<String,Object>

    An object that can hold any information about the Application that should be persisted.

    emailConfiguration FusionAuthApplicationEmailConfiguration
    formConfiguration FusionAuthApplicationFormConfiguration
    jwtConfiguration FusionAuthApplicationJwtConfiguration
    lambdaConfiguration FusionAuthApplicationLambdaConfiguration
    loginConfiguration FusionAuthApplicationLoginConfiguration
    multiFactorConfiguration FusionAuthApplicationMultiFactorConfiguration
    name String

    The name of the Application.

    oauthConfiguration FusionAuthApplicationOauthConfiguration
    passwordlessConfigurationEnabled Boolean

    Determines if passwordless login is enabled for this application.

    registrationConfiguration FusionAuthApplicationRegistrationConfiguration
    registrationDeletePolicy FusionAuthApplicationRegistrationDeletePolicy
    samlv2Configuration FusionAuthApplicationSamlv2Configuration
    tenantId String
    themeId String

    The unique Id of the theme to be used to style the login page and other end user templates.

    verificationEmailTemplateId String

    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.

    verificationStrategy String

    The process by which the user will verify their email address. Possible values are ClickableLink or FormField

    verifyRegistration Boolean

    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.

    accessControlConfiguration FusionAuthApplicationAccessControlConfiguration
    applicationId string

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    authenticationTokenConfigurationEnabled boolean

    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.

    cleanSpeakConfiguration FusionAuthApplicationCleanSpeakConfiguration
    data {[key: string]: any}

    An object that can hold any information about the Application that should be persisted.

    emailConfiguration FusionAuthApplicationEmailConfiguration
    formConfiguration FusionAuthApplicationFormConfiguration
    jwtConfiguration FusionAuthApplicationJwtConfiguration
    lambdaConfiguration FusionAuthApplicationLambdaConfiguration
    loginConfiguration FusionAuthApplicationLoginConfiguration
    multiFactorConfiguration FusionAuthApplicationMultiFactorConfiguration
    name string

    The name of the Application.

    oauthConfiguration FusionAuthApplicationOauthConfiguration
    passwordlessConfigurationEnabled boolean

    Determines if passwordless login is enabled for this application.

    registrationConfiguration FusionAuthApplicationRegistrationConfiguration
    registrationDeletePolicy FusionAuthApplicationRegistrationDeletePolicy
    samlv2Configuration FusionAuthApplicationSamlv2Configuration
    tenantId string
    themeId string

    The unique Id of the theme to be used to style the login page and other end user templates.

    verificationEmailTemplateId string

    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.

    verificationStrategy string

    The process by which the user will verify their email address. Possible values are ClickableLink or FormField

    verifyRegistration boolean

    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.

    access_control_configuration FusionAuthApplicationAccessControlConfigurationArgs
    application_id str

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    authentication_token_configuration_enabled bool

    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.

    clean_speak_configuration FusionAuthApplicationCleanSpeakConfigurationArgs
    data Mapping[str, Any]

    An object that can hold any information about the Application that should be persisted.

    email_configuration FusionAuthApplicationEmailConfigurationArgs
    form_configuration FusionAuthApplicationFormConfigurationArgs
    jwt_configuration FusionAuthApplicationJwtConfigurationArgs
    lambda_configuration FusionAuthApplicationLambdaConfigurationArgs
    login_configuration FusionAuthApplicationLoginConfigurationArgs
    multi_factor_configuration FusionAuthApplicationMultiFactorConfigurationArgs
    name str

    The name of the Application.

    oauth_configuration FusionAuthApplicationOauthConfigurationArgs
    passwordless_configuration_enabled bool

    Determines if passwordless login is enabled for this application.

    registration_configuration FusionAuthApplicationRegistrationConfigurationArgs
    registration_delete_policy FusionAuthApplicationRegistrationDeletePolicyArgs
    samlv2_configuration FusionAuthApplicationSamlv2ConfigurationArgs
    tenant_id str
    theme_id str

    The unique Id of the theme to be used to style the login page and other end user templates.

    verification_email_template_id str

    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.

    verification_strategy str

    The process by which the user will verify their email address. Possible values are ClickableLink or FormField

    verify_registration bool

    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.

    accessControlConfiguration Property Map
    applicationId String

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    authenticationTokenConfigurationEnabled Boolean

    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.

    cleanSpeakConfiguration Property Map
    data Map<Any>

    An object that can hold any information about the Application that should be persisted.

    emailConfiguration Property Map
    formConfiguration Property Map
    jwtConfiguration Property Map
    lambdaConfiguration Property Map
    loginConfiguration Property Map
    multiFactorConfiguration Property Map
    name String

    The name of the Application.

    oauthConfiguration Property Map
    passwordlessConfigurationEnabled Boolean

    Determines if passwordless login is enabled for this application.

    registrationConfiguration Property Map
    registrationDeletePolicy Property Map
    samlv2Configuration Property Map
    tenantId String
    themeId String

    The unique Id of the theme to be used to style the login page and other end user templates.

    verificationEmailTemplateId String

    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.

    verificationStrategy String

    The process by which the user will verify their email address. Possible values are ClickableLink or FormField

    verifyRegistration Boolean

    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.

    Supporting Types

    FusionAuthApplicationAccessControlConfiguration, FusionAuthApplicationAccessControlConfigurationArgs

    UiIpAccessControlListId string

    The Id of the IP Access Control List limiting access to this application.

    UiIpAccessControlListId string

    The Id of the IP Access Control List limiting access to this application.

    uiIpAccessControlListId String

    The Id of the IP Access Control List limiting access to this application.

    uiIpAccessControlListId string

    The Id of the IP Access Control List limiting access to this application.

    ui_ip_access_control_list_id str

    The Id of the IP Access Control List limiting access to this application.

    uiIpAccessControlListId String

    The Id of the IP Access Control List limiting access to this application.

    FusionAuthApplicationCleanSpeakConfiguration, FusionAuthApplicationCleanSpeakConfigurationArgs

    ApplicationIds List<string>

    An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.

    UsernameModeration theogravity.Fusionauth.Inputs.FusionAuthApplicationCleanSpeakConfigurationUsernameModeration
    ApplicationIds []string

    An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.

    UsernameModeration FusionAuthApplicationCleanSpeakConfigurationUsernameModeration
    applicationIds List<String>

    An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.

    usernameModeration FusionAuthApplicationCleanSpeakConfigurationUsernameModeration
    applicationIds string[]

    An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.

    usernameModeration FusionAuthApplicationCleanSpeakConfigurationUsernameModeration
    application_ids Sequence[str]

    An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.

    username_moderation FusionAuthApplicationCleanSpeakConfigurationUsernameModeration
    applicationIds List<String>

    An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.

    usernameModeration Property Map

    FusionAuthApplicationCleanSpeakConfigurationUsernameModeration, FusionAuthApplicationCleanSpeakConfigurationUsernameModerationArgs

    ApplicationId string

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    ApplicationId string

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    applicationId String

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    applicationId string

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    enabled boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    application_id str

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    applicationId String

    The Id of the CleanSpeak application that usernames are sent to for moderation.

    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    FusionAuthApplicationEmailConfiguration, FusionAuthApplicationEmailConfigurationArgs

    EmailUpdateTemplateId string

    The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    EmailVerificationTemplateId string

    The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    EmailVerifiedTemplateId string

    The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    ForgotPasswordTemplateId string

    The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    LoginIdInUseOnCreateTemplateId string

    The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    LoginIdInUseOnUpdateTemplateId string

    The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    LoginNewDeviceTemplateId string

    The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    LoginSuspiciousTemplateId string

    The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    PasswordResetSuccessTemplateId string

    The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    PasswordUpdateTemplateId string

    The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    PasswordlessEmailTemplateId string

    The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    SetPasswordEmailTemplateId string

    The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    TwoFactorMethodAddTemplateId string

    The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    TwoFactorMethodRemoveTemplateId string

    The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    EmailUpdateTemplateId string

    The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    EmailVerificationTemplateId string

    The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    EmailVerifiedTemplateId string

    The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    ForgotPasswordTemplateId string

    The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    LoginIdInUseOnCreateTemplateId string

    The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    LoginIdInUseOnUpdateTemplateId string

    The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    LoginNewDeviceTemplateId string

    The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    LoginSuspiciousTemplateId string

    The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    PasswordResetSuccessTemplateId string

    The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    PasswordUpdateTemplateId string

    The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    PasswordlessEmailTemplateId string

    The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    SetPasswordEmailTemplateId string

    The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    TwoFactorMethodAddTemplateId string

    The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    TwoFactorMethodRemoveTemplateId string

    The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    emailUpdateTemplateId String

    The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    emailVerificationTemplateId String

    The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    emailVerifiedTemplateId String

    The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    forgotPasswordTemplateId String

    The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    loginIdInUseOnCreateTemplateId String

    The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    loginIdInUseOnUpdateTemplateId String

    The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    loginNewDeviceTemplateId String

    The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    loginSuspiciousTemplateId String

    The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    passwordResetSuccessTemplateId String

    The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    passwordUpdateTemplateId String

    The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    passwordlessEmailTemplateId String

    The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    setPasswordEmailTemplateId String

    The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    twoFactorMethodAddTemplateId String

    The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    twoFactorMethodRemoveTemplateId String

    The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    emailUpdateTemplateId string

    The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    emailVerificationTemplateId string

    The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    emailVerifiedTemplateId string

    The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    forgotPasswordTemplateId string

    The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    loginIdInUseOnCreateTemplateId string

    The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    loginIdInUseOnUpdateTemplateId string

    The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    loginNewDeviceTemplateId string

    The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    loginSuspiciousTemplateId string

    The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    passwordResetSuccessTemplateId string

    The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    passwordUpdateTemplateId string

    The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    passwordlessEmailTemplateId string

    The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    setPasswordEmailTemplateId string

    The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    twoFactorMethodAddTemplateId string

    The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    twoFactorMethodRemoveTemplateId string

    The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    email_update_template_id str

    The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    email_verification_template_id str

    The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    email_verified_template_id str

    The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    forgot_password_template_id str

    The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    login_id_in_use_on_create_template_id str

    The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    login_id_in_use_on_update_template_id str

    The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    login_new_device_template_id str

    The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    login_suspicious_template_id str

    The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    password_reset_success_template_id str

    The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    password_update_template_id str

    The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    passwordless_email_template_id str

    The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    set_password_email_template_id str

    The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    two_factor_method_add_template_id str

    The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    two_factor_method_remove_template_id str

    The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    emailUpdateTemplateId String

    The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    emailVerificationTemplateId String

    The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    emailVerifiedTemplateId String

    The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    forgotPasswordTemplateId String

    The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    loginIdInUseOnCreateTemplateId String

    The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    loginIdInUseOnUpdateTemplateId String

    The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    loginNewDeviceTemplateId String

    The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    loginSuspiciousTemplateId String

    The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    passwordResetSuccessTemplateId String

    The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    passwordUpdateTemplateId String

    The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    passwordlessEmailTemplateId String

    The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    setPasswordEmailTemplateId String

    The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    twoFactorMethodAddTemplateId String

    The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    twoFactorMethodRemoveTemplateId String

    The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    FusionAuthApplicationFormConfiguration, FusionAuthApplicationFormConfigurationArgs

    AdminRegistrationFormId string

    The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.

    SelfServiceFormId string

    The unique Id of the form to to enable authenticated users to manage their profile on the account page.

    AdminRegistrationFormId string

    The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.

    SelfServiceFormId string

    The unique Id of the form to to enable authenticated users to manage their profile on the account page.

    adminRegistrationFormId String

    The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.

    selfServiceFormId String

    The unique Id of the form to to enable authenticated users to manage their profile on the account page.

    adminRegistrationFormId string

    The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.

    selfServiceFormId string

    The unique Id of the form to to enable authenticated users to manage their profile on the account page.

    admin_registration_form_id str

    The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.

    self_service_form_id str

    The unique Id of the form to to enable authenticated users to manage their profile on the account page.

    adminRegistrationFormId String

    The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.

    selfServiceFormId String

    The unique Id of the form to to enable authenticated users to manage their profile on the account page.

    FusionAuthApplicationJwtConfiguration, FusionAuthApplicationJwtConfigurationArgs

    AccessTokenId string

    The Id of the signing key used to sign the access token.

    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    IdTokenKeyId string

    The Id of the signing key used to sign the Id token.

    RefreshTokenTtlMinutes int

    The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.

    TtlSeconds int

    The length of time in seconds the JWT will live before it is expired and no longer valid.

    AccessTokenId string

    The Id of the signing key used to sign the access token.

    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    IdTokenKeyId string

    The Id of the signing key used to sign the Id token.

    RefreshTokenTtlMinutes int

    The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.

    TtlSeconds int

    The length of time in seconds the JWT will live before it is expired and no longer valid.

    accessTokenId String

    The Id of the signing key used to sign the access token.

    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    idTokenKeyId String

    The Id of the signing key used to sign the Id token.

    refreshTokenTtlMinutes Integer

    The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.

    ttlSeconds Integer

    The length of time in seconds the JWT will live before it is expired and no longer valid.

    accessTokenId string

    The Id of the signing key used to sign the access token.

    enabled boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    idTokenKeyId string

    The Id of the signing key used to sign the Id token.

    refreshTokenTtlMinutes number

    The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.

    ttlSeconds number

    The length of time in seconds the JWT will live before it is expired and no longer valid.

    access_token_id str

    The Id of the signing key used to sign the access token.

    enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    id_token_key_id str

    The Id of the signing key used to sign the Id token.

    refresh_token_ttl_minutes int

    The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.

    ttl_seconds int

    The length of time in seconds the JWT will live before it is expired and no longer valid.

    accessTokenId String

    The Id of the signing key used to sign the access token.

    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    idTokenKeyId String

    The Id of the signing key used to sign the Id token.

    refreshTokenTtlMinutes Number

    The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.

    ttlSeconds Number

    The length of time in seconds the JWT will live before it is expired and no longer valid.

    FusionAuthApplicationLambdaConfiguration, FusionAuthApplicationLambdaConfigurationArgs

    AccessTokenPopulateId string

    The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.

    IdTokenPopulateId string

    The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.

    Samlv2PopulateId string

    The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.

    AccessTokenPopulateId string

    The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.

    IdTokenPopulateId string

    The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.

    Samlv2PopulateId string

    The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.

    accessTokenPopulateId String

    The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.

    idTokenPopulateId String

    The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.

    samlv2PopulateId String

    The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.

    accessTokenPopulateId string

    The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.

    idTokenPopulateId string

    The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.

    samlv2PopulateId string

    The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.

    access_token_populate_id str

    The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.

    id_token_populate_id str

    The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.

    samlv2_populate_id str

    The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.

    accessTokenPopulateId String

    The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.

    idTokenPopulateId String

    The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.

    samlv2PopulateId String

    The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.

    FusionAuthApplicationLoginConfiguration, FusionAuthApplicationLoginConfigurationArgs

    AllowTokenRefresh bool

    Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.

    GenerateRefreshTokens bool

    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.

    RequireAuthentication bool

    Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.

    AllowTokenRefresh bool

    Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.

    GenerateRefreshTokens bool

    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.

    RequireAuthentication bool

    Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.

    allowTokenRefresh Boolean

    Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.

    generateRefreshTokens Boolean

    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.

    requireAuthentication Boolean

    Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.

    allowTokenRefresh boolean

    Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.

    generateRefreshTokens boolean

    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.

    requireAuthentication boolean

    Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.

    allow_token_refresh bool

    Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.

    generate_refresh_tokens bool

    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.

    require_authentication bool

    Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.

    allowTokenRefresh Boolean

    Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.

    generateRefreshTokens Boolean

    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.

    requireAuthentication Boolean

    Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.

    FusionAuthApplicationMultiFactorConfiguration, FusionAuthApplicationMultiFactorConfigurationArgs

    EmailTemplateId string

    The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.

    LoginPolicy string

    When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are Enabled, Disabled or Required.

    SmsTemplateId string

    The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.

    TrustPolicy string

    When multi_factor_configuration.login_policy is set to Enabled, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values are Any, This or None.

    EmailTemplateId string

    The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.

    LoginPolicy string

    When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are Enabled, Disabled or Required.

    SmsTemplateId string

    The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.

    TrustPolicy string

    When multi_factor_configuration.login_policy is set to Enabled, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values are Any, This or None.

    emailTemplateId String

    The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.

    loginPolicy String

    When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are Enabled, Disabled or Required.

    smsTemplateId String

    The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.

    trustPolicy String

    When multi_factor_configuration.login_policy is set to Enabled, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values are Any, This or None.

    emailTemplateId string

    The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.

    loginPolicy string

    When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are Enabled, Disabled or Required.

    smsTemplateId string

    The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.

    trustPolicy string

    When multi_factor_configuration.login_policy is set to Enabled, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values are Any, This or None.

    email_template_id str

    The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.

    login_policy str

    When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are Enabled, Disabled or Required.

    sms_template_id str

    The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.

    trust_policy str

    When multi_factor_configuration.login_policy is set to Enabled, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values are Any, This or None.

    emailTemplateId String

    The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.

    loginPolicy String

    When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are Enabled, Disabled or Required.

    smsTemplateId String

    The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.

    trustPolicy String

    When multi_factor_configuration.login_policy is set to Enabled, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values are Any, This or None.

    FusionAuthApplicationOauthConfiguration, FusionAuthApplicationOauthConfigurationArgs

    AuthorizedOriginUrls List<string>

    An array of URLs that are the authorized origins for FusionAuth OAuth.

    AuthorizedRedirectUrls List<string>

    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.

    AuthorizedUrlValidationPolicy string

    Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.

    ClientAuthenticationPolicy string

    Determines the client authentication requirements for the OAuth 2.0 Token endpoint.

    ClientId string
    ClientSecret string

    The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.

    Debug bool

    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.

    DeviceVerificationUrl string

    The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.

    EnabledGrants List<string>

    The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.

    GenerateRefreshTokens bool

    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.

    LogoutBehavior string

    Behavior when /oauth2/logout is called.

    LogoutUrl string

    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.

    ProofKeyForCodeExchangePolicy string

    Determines the PKCE requirements when using the authorization code grant.

    RequireClientAuthentication bool

    Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.

    Deprecated:

    In version 1.28.0 and beyond, client authentication can be managed via oauth_configuration.client_authentication_policy.

    RequireRegistration bool

    When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.

    AuthorizedOriginUrls []string

    An array of URLs that are the authorized origins for FusionAuth OAuth.

    AuthorizedRedirectUrls []string

    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.

    AuthorizedUrlValidationPolicy string

    Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.

    ClientAuthenticationPolicy string

    Determines the client authentication requirements for the OAuth 2.0 Token endpoint.

    ClientId string
    ClientSecret string

    The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.

    Debug bool

    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.

    DeviceVerificationUrl string

    The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.

    EnabledGrants []string

    The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.

    GenerateRefreshTokens bool

    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.

    LogoutBehavior string

    Behavior when /oauth2/logout is called.

    LogoutUrl string

    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.

    ProofKeyForCodeExchangePolicy string

    Determines the PKCE requirements when using the authorization code grant.

    RequireClientAuthentication bool

    Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.

    Deprecated:

    In version 1.28.0 and beyond, client authentication can be managed via oauth_configuration.client_authentication_policy.

    RequireRegistration bool

    When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.

    authorizedOriginUrls List<String>

    An array of URLs that are the authorized origins for FusionAuth OAuth.

    authorizedRedirectUrls List<String>

    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.

    authorizedUrlValidationPolicy String

    Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.

    clientAuthenticationPolicy String

    Determines the client authentication requirements for the OAuth 2.0 Token endpoint.

    clientId String
    clientSecret String

    The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.

    debug Boolean

    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.

    deviceVerificationUrl String

    The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.

    enabledGrants List<String>

    The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.

    generateRefreshTokens Boolean

    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.

    logoutBehavior String

    Behavior when /oauth2/logout is called.

    logoutUrl String

    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.

    proofKeyForCodeExchangePolicy String

    Determines the PKCE requirements when using the authorization code grant.

    requireClientAuthentication Boolean

    Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.

    Deprecated:

    In version 1.28.0 and beyond, client authentication can be managed via oauth_configuration.client_authentication_policy.

    requireRegistration Boolean

    When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.

    authorizedOriginUrls string[]

    An array of URLs that are the authorized origins for FusionAuth OAuth.

    authorizedRedirectUrls string[]

    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.

    authorizedUrlValidationPolicy string

    Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.

    clientAuthenticationPolicy string

    Determines the client authentication requirements for the OAuth 2.0 Token endpoint.

    clientId string
    clientSecret string

    The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.

    debug boolean

    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.

    deviceVerificationUrl string

    The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.

    enabledGrants string[]

    The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.

    generateRefreshTokens boolean

    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.

    logoutBehavior string

    Behavior when /oauth2/logout is called.

    logoutUrl string

    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.

    proofKeyForCodeExchangePolicy string

    Determines the PKCE requirements when using the authorization code grant.

    requireClientAuthentication boolean

    Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.

    Deprecated:

    In version 1.28.0 and beyond, client authentication can be managed via oauth_configuration.client_authentication_policy.

    requireRegistration boolean

    When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.

    authorized_origin_urls Sequence[str]

    An array of URLs that are the authorized origins for FusionAuth OAuth.

    authorized_redirect_urls Sequence[str]

    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.

    authorized_url_validation_policy str

    Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.

    client_authentication_policy str

    Determines the client authentication requirements for the OAuth 2.0 Token endpoint.

    client_id str
    client_secret str

    The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.

    debug bool

    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.

    device_verification_url str

    The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.

    enabled_grants Sequence[str]

    The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.

    generate_refresh_tokens bool

    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.

    logout_behavior str

    Behavior when /oauth2/logout is called.

    logout_url str

    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.

    proof_key_for_code_exchange_policy str

    Determines the PKCE requirements when using the authorization code grant.

    require_client_authentication bool

    Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.

    Deprecated:

    In version 1.28.0 and beyond, client authentication can be managed via oauth_configuration.client_authentication_policy.

    require_registration bool

    When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.

    authorizedOriginUrls List<String>

    An array of URLs that are the authorized origins for FusionAuth OAuth.

    authorizedRedirectUrls List<String>

    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.

    authorizedUrlValidationPolicy String

    Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.

    clientAuthenticationPolicy String

    Determines the client authentication requirements for the OAuth 2.0 Token endpoint.

    clientId String
    clientSecret String

    The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.

    debug Boolean

    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.

    deviceVerificationUrl String

    The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.

    enabledGrants List<String>

    The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.

    generateRefreshTokens Boolean

    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.

    logoutBehavior String

    Behavior when /oauth2/logout is called.

    logoutUrl String

    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.

    proofKeyForCodeExchangePolicy String

    Determines the PKCE requirements when using the authorization code grant.

    requireClientAuthentication Boolean

    Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.

    Deprecated:

    In version 1.28.0 and beyond, client authentication can be managed via oauth_configuration.client_authentication_policy.

    requireRegistration Boolean

    When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.

    FusionAuthApplicationRegistrationConfiguration, FusionAuthApplicationRegistrationConfigurationArgs

    BirthDate theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationBirthDate
    ConfirmPassword bool
    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    FirstName theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFirstName
    FormId string

    The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.

    FullName theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFullName
    LastName theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationLastName
    LoginIdType string

    The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.

    MiddleName theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMiddleName
    MobilePhone theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMobilePhone
    Type string

    The type of registration flow.

    BirthDate FusionAuthApplicationRegistrationConfigurationBirthDate
    ConfirmPassword bool
    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    FirstName FusionAuthApplicationRegistrationConfigurationFirstName
    FormId string

    The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.

    FullName FusionAuthApplicationRegistrationConfigurationFullName
    LastName FusionAuthApplicationRegistrationConfigurationLastName
    LoginIdType string

    The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.

    MiddleName FusionAuthApplicationRegistrationConfigurationMiddleName
    MobilePhone FusionAuthApplicationRegistrationConfigurationMobilePhone
    Type string

    The type of registration flow.

    birthDate FusionAuthApplicationRegistrationConfigurationBirthDate
    confirmPassword Boolean
    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    firstName FusionAuthApplicationRegistrationConfigurationFirstName
    formId String

    The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.

    fullName FusionAuthApplicationRegistrationConfigurationFullName
    lastName FusionAuthApplicationRegistrationConfigurationLastName
    loginIdType String

    The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.

    middleName FusionAuthApplicationRegistrationConfigurationMiddleName
    mobilePhone FusionAuthApplicationRegistrationConfigurationMobilePhone
    type String

    The type of registration flow.

    birthDate FusionAuthApplicationRegistrationConfigurationBirthDate
    confirmPassword boolean
    enabled boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    firstName FusionAuthApplicationRegistrationConfigurationFirstName
    formId string

    The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.

    fullName FusionAuthApplicationRegistrationConfigurationFullName
    lastName FusionAuthApplicationRegistrationConfigurationLastName
    loginIdType string

    The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.

    middleName FusionAuthApplicationRegistrationConfigurationMiddleName
    mobilePhone FusionAuthApplicationRegistrationConfigurationMobilePhone
    type string

    The type of registration flow.

    birth_date FusionAuthApplicationRegistrationConfigurationBirthDate
    confirm_password bool
    enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    first_name FusionAuthApplicationRegistrationConfigurationFirstName
    form_id str

    The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.

    full_name FusionAuthApplicationRegistrationConfigurationFullName
    last_name FusionAuthApplicationRegistrationConfigurationLastName
    login_id_type str

    The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.

    middle_name FusionAuthApplicationRegistrationConfigurationMiddleName
    mobile_phone FusionAuthApplicationRegistrationConfigurationMobilePhone
    type str

    The type of registration flow.

    birthDate Property Map
    confirmPassword Boolean
    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    firstName Property Map
    formId String

    The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.

    fullName Property Map
    lastName Property Map
    loginIdType String

    The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.

    middleName Property Map
    mobilePhone Property Map
    type String

    The type of registration flow.

    FusionAuthApplicationRegistrationConfigurationBirthDate, FusionAuthApplicationRegistrationConfigurationBirthDateArgs

    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    Required bool
    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    Required bool
    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required Boolean
    enabled boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required boolean
    enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required bool
    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required Boolean

    FusionAuthApplicationRegistrationConfigurationFirstName, FusionAuthApplicationRegistrationConfigurationFirstNameArgs

    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    Required bool
    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    Required bool
    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required Boolean
    enabled boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required boolean
    enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required bool
    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required Boolean

    FusionAuthApplicationRegistrationConfigurationFullName, FusionAuthApplicationRegistrationConfigurationFullNameArgs

    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    Required bool
    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    Required bool
    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required Boolean
    enabled boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required boolean
    enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required bool
    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required Boolean

    FusionAuthApplicationRegistrationConfigurationLastName, FusionAuthApplicationRegistrationConfigurationLastNameArgs

    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    Required bool
    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    Required bool
    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required Boolean
    enabled boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required boolean
    enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required bool
    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required Boolean

    FusionAuthApplicationRegistrationConfigurationMiddleName, FusionAuthApplicationRegistrationConfigurationMiddleNameArgs

    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    Required bool
    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    Required bool
    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required Boolean
    enabled boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required boolean
    enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required bool
    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required Boolean

    FusionAuthApplicationRegistrationConfigurationMobilePhone, FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs

    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    Required bool
    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    Required bool
    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required Boolean
    enabled boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required boolean
    enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required bool
    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    required Boolean

    FusionAuthApplicationRegistrationDeletePolicy, FusionAuthApplicationRegistrationDeletePolicyArgs

    UnverifiedEnabled bool

    Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.

    UnverifiedNumberOfDaysToRetain int

    The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.

    UnverifiedEnabled bool

    Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.

    UnverifiedNumberOfDaysToRetain int

    The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.

    unverifiedEnabled Boolean

    Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.

    unverifiedNumberOfDaysToRetain Integer

    The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.

    unverifiedEnabled boolean

    Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.

    unverifiedNumberOfDaysToRetain number

    The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.

    unverified_enabled bool

    Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.

    unverified_number_of_days_to_retain int

    The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.

    unverifiedEnabled Boolean

    Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.

    unverifiedNumberOfDaysToRetain Number

    The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.

    FusionAuthApplicationSamlv2Configuration, FusionAuthApplicationSamlv2ConfigurationArgs

    AuthorizedRedirectUrls List<string>

    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.

    Issuer string

    The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.

    Audience string

    The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.

    CallbackUrl string

    The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.

    Deprecated:

    In version 1.20.0 and beyond, Callback URLs can be managed via authorized_redirect_urls.

    Debug bool

    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.

    DefaultVerificationKeyId string

    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.

    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    KeyId string

    The unique Id of the Key used to sign the SAML Single Logout response.

    Logout theogravity.Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationLogout
    LogoutUrl string

    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.

    RequiredSignedRequests bool

    If set to true, will force verification through the key store.

    XmlSignatureCanonicalizationMethod string

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    XmlSignatureLocation string

    The location to place the XML signature when signing a successful SAML response.

    AuthorizedRedirectUrls []string

    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.

    Issuer string

    The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.

    Audience string

    The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.

    CallbackUrl string

    The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.

    Deprecated:

    In version 1.20.0 and beyond, Callback URLs can be managed via authorized_redirect_urls.

    Debug bool

    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.

    DefaultVerificationKeyId string

    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.

    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    KeyId string

    The unique Id of the Key used to sign the SAML Single Logout response.

    Logout FusionAuthApplicationSamlv2ConfigurationLogout
    LogoutUrl string

    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.

    RequiredSignedRequests bool

    If set to true, will force verification through the key store.

    XmlSignatureCanonicalizationMethod string

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    XmlSignatureLocation string

    The location to place the XML signature when signing a successful SAML response.

    authorizedRedirectUrls List<String>

    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.

    issuer String

    The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.

    audience String

    The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.

    callbackUrl String

    The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.

    Deprecated:

    In version 1.20.0 and beyond, Callback URLs can be managed via authorized_redirect_urls.

    debug Boolean

    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.

    defaultVerificationKeyId String

    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.

    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    keyId String

    The unique Id of the Key used to sign the SAML Single Logout response.

    logout FusionAuthApplicationSamlv2ConfigurationLogout
    logoutUrl String

    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.

    requiredSignedRequests Boolean

    If set to true, will force verification through the key store.

    xmlSignatureCanonicalizationMethod String

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    xmlSignatureLocation String

    The location to place the XML signature when signing a successful SAML response.

    authorizedRedirectUrls string[]

    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.

    issuer string

    The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.

    audience string

    The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.

    callbackUrl string

    The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.

    Deprecated:

    In version 1.20.0 and beyond, Callback URLs can be managed via authorized_redirect_urls.

    debug boolean

    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.

    defaultVerificationKeyId string

    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.

    enabled boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    keyId string

    The unique Id of the Key used to sign the SAML Single Logout response.

    logout FusionAuthApplicationSamlv2ConfigurationLogout
    logoutUrl string

    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.

    requiredSignedRequests boolean

    If set to true, will force verification through the key store.

    xmlSignatureCanonicalizationMethod string

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    xmlSignatureLocation string

    The location to place the XML signature when signing a successful SAML response.

    authorized_redirect_urls Sequence[str]

    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.

    issuer str

    The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.

    audience str

    The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.

    callback_url str

    The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.

    Deprecated:

    In version 1.20.0 and beyond, Callback URLs can be managed via authorized_redirect_urls.

    debug bool

    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.

    default_verification_key_id str

    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.

    enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    key_id str

    The unique Id of the Key used to sign the SAML Single Logout response.

    logout FusionAuthApplicationSamlv2ConfigurationLogout
    logout_url str

    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.

    required_signed_requests bool

    If set to true, will force verification through the key store.

    xml_signature_canonicalization_method str

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    xml_signature_location str

    The location to place the XML signature when signing a successful SAML response.

    authorizedRedirectUrls List<String>

    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.

    issuer String

    The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.

    audience String

    The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.

    callbackUrl String

    The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.

    Deprecated:

    In version 1.20.0 and beyond, Callback URLs can be managed via authorized_redirect_urls.

    debug Boolean

    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.

    defaultVerificationKeyId String

    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.

    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    keyId String

    The unique Id of the Key used to sign the SAML Single Logout response.

    logout Property Map
    logoutUrl String

    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.

    requiredSignedRequests Boolean

    If set to true, will force verification through the key store.

    xmlSignatureCanonicalizationMethod String

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    xmlSignatureLocation String

    The location to place the XML signature when signing a successful SAML response.

    FusionAuthApplicationSamlv2ConfigurationLogout, FusionAuthApplicationSamlv2ConfigurationLogoutArgs

    Behavior string

    This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.

    DefaultVerificationKeyId string

    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.

    KeyId string

    The unique Id of the Key used to sign the SAML Single Logout response.

    RequireSignedRequests bool

    Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.

    SingleLogout theogravity.Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout
    XmlSignatureCanonicalizationMethod string

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    Behavior string

    This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.

    DefaultVerificationKeyId string

    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.

    KeyId string

    The unique Id of the Key used to sign the SAML Single Logout response.

    RequireSignedRequests bool

    Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.

    SingleLogout FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout
    XmlSignatureCanonicalizationMethod string

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    behavior String

    This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.

    defaultVerificationKeyId String

    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.

    keyId String

    The unique Id of the Key used to sign the SAML Single Logout response.

    requireSignedRequests Boolean

    Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.

    singleLogout FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout
    xmlSignatureCanonicalizationMethod String

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    behavior string

    This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.

    defaultVerificationKeyId string

    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.

    keyId string

    The unique Id of the Key used to sign the SAML Single Logout response.

    requireSignedRequests boolean

    Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.

    singleLogout FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout
    xmlSignatureCanonicalizationMethod string

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    behavior str

    This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.

    default_verification_key_id str

    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.

    key_id str

    The unique Id of the Key used to sign the SAML Single Logout response.

    require_signed_requests bool

    Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.

    single_logout FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout
    xml_signature_canonicalization_method str

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    behavior String

    This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.

    defaultVerificationKeyId String

    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.

    keyId String

    The unique Id of the Key used to sign the SAML Single Logout response.

    requireSignedRequests Boolean

    Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.

    singleLogout Property Map
    xmlSignatureCanonicalizationMethod String

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout, FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogoutArgs

    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    KeyId string

    The unique Id of the Key used to sign the SAML Single Logout response.

    Url string

    The URL at which you want to receive the LogoutRequest from FusionAuth.

    XmlSignatureCanonicalizationMethod string

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    Enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    KeyId string

    The unique Id of the Key used to sign the SAML Single Logout response.

    Url string

    The URL at which you want to receive the LogoutRequest from FusionAuth.

    XmlSignatureCanonicalizationMethod string

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    keyId String

    The unique Id of the Key used to sign the SAML Single Logout response.

    url String

    The URL at which you want to receive the LogoutRequest from FusionAuth.

    xmlSignatureCanonicalizationMethod String

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    enabled boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    keyId string

    The unique Id of the Key used to sign the SAML Single Logout response.

    url string

    The URL at which you want to receive the LogoutRequest from FusionAuth.

    xmlSignatureCanonicalizationMethod string

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    enabled bool

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    key_id str

    The unique Id of the Key used to sign the SAML Single Logout response.

    url str

    The URL at which you want to receive the LogoutRequest from FusionAuth.

    xml_signature_canonicalization_method str

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    enabled Boolean

    Whether or not SAML Single Logout for this SAML IdP is enabled.

    keyId String

    The unique Id of the Key used to sign the SAML Single Logout response.

    url String

    The URL at which you want to receive the LogoutRequest from FusionAuth.

    xmlSignatureCanonicalizationMethod String

    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    Package Details

    Repository
    fusionauth theogravity/pulumi-fusionauth
    License
    MIT
    Notes

    This Pulumi package is based on the fusionauth Terraform Provider.

    fusionauth logo
    FusionAuth v4.0.1 published on Saturday, Sep 30, 2023 by Theo Gravity