1. Packages
  2. FusionAuth
  3. API Docs
  4. FusionAuthApplication
FusionAuth v6.0.2 published on Sunday, Feb 9, 2025 by Theo Gravity

fusionauth.FusionAuthApplication

Explore with Pulumi AI

fusionauth logo
FusionAuth v6.0.2 published on Sunday, Feb 9, 2025 by Theo Gravity

    # Application Resource

    Applications API

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as fusionauth from "pulumi-fusionauth";
    
    const forum = new fusionauth.FusionAuthApplication("forum", {
        tenantId: fusionauth_tenant.portal.id,
        authenticationTokenConfigurationEnabled: false,
        formConfiguration: {
            adminRegistrationFormId: fusionauth_form.admin_registration.id,
            selfServiceFormId: fusionauth_form.self_service.id,
        },
        jwtConfiguration: {
            accessTokenId: fusionauth_key.access_token.id,
            enabled: true,
            idTokenKeyId: fusionauth_key.id_token.id,
            refreshTokenTtlMinutes: 43200,
            ttlSeconds: 3600,
        },
        lambdaConfiguration: {
            accessTokenPopulateId: fusionauth_lambda.token_populate.id,
            idTokenPopulateId: fusionauth_lambda.id_token_populate.id,
        },
        loginConfiguration: {
            allowTokenRefresh: false,
            generateRefreshTokens: false,
            requireAuthentication: true,
        },
        multiFactorConfiguration: {
            emailTemplateId: "859f394b-22a6-4fa6-ba55-de700df9e950",
            smsTemplateId: "17760f96-dca7-448b-9a8f-c49016aa7210",
            loginPolicy: "Required",
            trustPolicy: "Any",
        },
        oauthConfiguration: {
            authorizedOriginUrls: ["http://www.example.com/oauth-callback"],
            authorizedUrlValidationPolicy: "ExactMatch",
            enabledGrants: [
                "authorization_code",
                "implicit",
            ],
            generateRefreshTokens: false,
            logoutBehavior: "AllApplications",
            logoutUrl: "http://www.example.com/logout",
            requireClientAuthentication: false,
            providedScopePolicies: [{
                address: {
                    enabled: false,
                    required: false,
                },
                email: {
                    enabled: false,
                    required: false,
                },
                phone: {
                    enabled: false,
                    required: false,
                },
                profile: {
                    enabled: false,
                    required: false,
                },
            }],
        },
        registrationConfiguration: {
            birthDate: {
                enabled: false,
                required: false,
            },
            confirmPassword: false,
            enabled: false,
            firstName: {
                enabled: false,
                required: false,
            },
            fullName: {
                enabled: false,
                required: false,
            },
            lastName: {
                enabled: false,
                required: false,
            },
            loginIdType: "",
            middleName: {
                enabled: false,
                required: false,
            },
            mobilePhone: {
                enabled: false,
                required: false,
            },
            preferredLanguages: {
                enabled: false,
                required: false,
            },
            type: "",
        },
        passwordlessConfigurationEnabled: false,
        registrationDeletePolicy: {
            unverifiedEnabled: true,
            unverifiedNumberOfDaysToRetain: 30,
        },
    });
    
    import pulumi
    import theogravity_pulumi_fusionauth as fusionauth
    
    forum = fusionauth.FusionAuthApplication("forum",
        tenant_id=fusionauth_tenant["portal"]["id"],
        authentication_token_configuration_enabled=False,
        form_configuration={
            "admin_registration_form_id": fusionauth_form["admin_registration"]["id"],
            "self_service_form_id": fusionauth_form["self_service"]["id"],
        },
        jwt_configuration={
            "access_token_id": fusionauth_key["access_token"]["id"],
            "enabled": True,
            "id_token_key_id": fusionauth_key["id_token"]["id"],
            "refresh_token_ttl_minutes": 43200,
            "ttl_seconds": 3600,
        },
        lambda_configuration={
            "access_token_populate_id": fusionauth_lambda["token_populate"]["id"],
            "id_token_populate_id": fusionauth_lambda["id_token_populate"]["id"],
        },
        login_configuration={
            "allow_token_refresh": False,
            "generate_refresh_tokens": False,
            "require_authentication": True,
        },
        multi_factor_configuration={
            "email_template_id": "859f394b-22a6-4fa6-ba55-de700df9e950",
            "sms_template_id": "17760f96-dca7-448b-9a8f-c49016aa7210",
            "login_policy": "Required",
            "trust_policy": "Any",
        },
        oauth_configuration={
            "authorized_origin_urls": ["http://www.example.com/oauth-callback"],
            "authorized_url_validation_policy": "ExactMatch",
            "enabled_grants": [
                "authorization_code",
                "implicit",
            ],
            "generate_refresh_tokens": False,
            "logout_behavior": "AllApplications",
            "logout_url": "http://www.example.com/logout",
            "require_client_authentication": False,
            "provided_scope_policies": [{
                "address": {
                    "enabled": False,
                    "required": False,
                },
                "email": {
                    "enabled": False,
                    "required": False,
                },
                "phone": {
                    "enabled": False,
                    "required": False,
                },
                "profile": {
                    "enabled": False,
                    "required": False,
                },
            }],
        },
        registration_configuration={
            "birth_date": {
                "enabled": False,
                "required": False,
            },
            "confirm_password": False,
            "enabled": False,
            "first_name": {
                "enabled": False,
                "required": False,
            },
            "full_name": {
                "enabled": False,
                "required": False,
            },
            "last_name": {
                "enabled": False,
                "required": False,
            },
            "login_id_type": "",
            "middle_name": {
                "enabled": False,
                "required": False,
            },
            "mobile_phone": {
                "enabled": False,
                "required": False,
            },
            "preferred_languages": {
                "enabled": False,
                "required": False,
            },
            "type": "",
        },
        passwordless_configuration_enabled=False,
        registration_delete_policy={
            "unverified_enabled": True,
            "unverified_number_of_days_to_retain": 30,
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := fusionauth.NewFusionAuthApplication(ctx, "forum", &fusionauth.FusionAuthApplicationArgs{
    			TenantId:                                pulumi.Any(fusionauth_tenant.Portal.Id),
    			AuthenticationTokenConfigurationEnabled: pulumi.Bool(false),
    			FormConfiguration: &fusionauth.FusionAuthApplicationFormConfigurationArgs{
    				AdminRegistrationFormId: pulumi.Any(fusionauth_form.Admin_registration.Id),
    				SelfServiceFormId:       pulumi.Any(fusionauth_form.Self_service.Id),
    			},
    			JwtConfiguration: &fusionauth.FusionAuthApplicationJwtConfigurationArgs{
    				AccessTokenId:          pulumi.Any(fusionauth_key.Access_token.Id),
    				Enabled:                pulumi.Bool(true),
    				IdTokenKeyId:           pulumi.Any(fusionauth_key.Id_token.Id),
    				RefreshTokenTtlMinutes: pulumi.Int(43200),
    				TtlSeconds:             pulumi.Int(3600),
    			},
    			LambdaConfiguration: &fusionauth.FusionAuthApplicationLambdaConfigurationArgs{
    				AccessTokenPopulateId: pulumi.Any(fusionauth_lambda.Token_populate.Id),
    				IdTokenPopulateId:     pulumi.Any(fusionauth_lambda.Id_token_populate.Id),
    			},
    			LoginConfiguration: &fusionauth.FusionAuthApplicationLoginConfigurationArgs{
    				AllowTokenRefresh:     pulumi.Bool(false),
    				GenerateRefreshTokens: pulumi.Bool(false),
    				RequireAuthentication: pulumi.Bool(true),
    			},
    			MultiFactorConfiguration: &fusionauth.FusionAuthApplicationMultiFactorConfigurationArgs{
    				EmailTemplateId: pulumi.String("859f394b-22a6-4fa6-ba55-de700df9e950"),
    				SmsTemplateId:   pulumi.String("17760f96-dca7-448b-9a8f-c49016aa7210"),
    				LoginPolicy:     pulumi.String("Required"),
    				TrustPolicy:     pulumi.String("Any"),
    			},
    			OauthConfiguration: &fusionauth.FusionAuthApplicationOauthConfigurationArgs{
    				AuthorizedOriginUrls: pulumi.StringArray{
    					pulumi.String("http://www.example.com/oauth-callback"),
    				},
    				AuthorizedUrlValidationPolicy: pulumi.String("ExactMatch"),
    				EnabledGrants: pulumi.StringArray{
    					pulumi.String("authorization_code"),
    					pulumi.String("implicit"),
    				},
    				GenerateRefreshTokens:       pulumi.Bool(false),
    				LogoutBehavior:              pulumi.String("AllApplications"),
    				LogoutUrl:                   pulumi.String("http://www.example.com/logout"),
    				RequireClientAuthentication: pulumi.Bool(false),
    				ProvidedScopePolicies: fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArray{
    					&fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs{
    						Address: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs{
    							Enabled:  pulumi.Bool(false),
    							Required: pulumi.Bool(false),
    						},
    						Email: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs{
    							Enabled:  pulumi.Bool(false),
    							Required: pulumi.Bool(false),
    						},
    						Phone: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs{
    							Enabled:  pulumi.Bool(false),
    							Required: pulumi.Bool(false),
    						},
    						Profile: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs{
    							Enabled:  pulumi.Bool(false),
    							Required: pulumi.Bool(false),
    						},
    					},
    				},
    			},
    			RegistrationConfiguration: &fusionauth.FusionAuthApplicationRegistrationConfigurationArgs{
    				BirthDate: &fusionauth.FusionAuthApplicationRegistrationConfigurationBirthDateArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    				ConfirmPassword: pulumi.Bool(false),
    				Enabled:         pulumi.Bool(false),
    				FirstName: &fusionauth.FusionAuthApplicationRegistrationConfigurationFirstNameArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    				FullName: &fusionauth.FusionAuthApplicationRegistrationConfigurationFullNameArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    				LastName: &fusionauth.FusionAuthApplicationRegistrationConfigurationLastNameArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    				LoginIdType: pulumi.String(""),
    				MiddleName: &fusionauth.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    				MobilePhone: &fusionauth.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    				PreferredLanguages: &fusionauth.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    				Type: pulumi.String(""),
    			},
    			PasswordlessConfigurationEnabled: pulumi.Bool(false),
    			RegistrationDeletePolicy: &fusionauth.FusionAuthApplicationRegistrationDeletePolicyArgs{
    				UnverifiedEnabled:              pulumi.Bool(true),
    				UnverifiedNumberOfDaysToRetain: pulumi.Int(30),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fusionauth = theogravity.Fusionauth;
    
    return await Deployment.RunAsync(() => 
    {
        var forum = new Fusionauth.FusionAuthApplication("forum", new()
        {
            TenantId = fusionauth_tenant.Portal.Id,
            AuthenticationTokenConfigurationEnabled = false,
            FormConfiguration = new Fusionauth.Inputs.FusionAuthApplicationFormConfigurationArgs
            {
                AdminRegistrationFormId = fusionauth_form.Admin_registration.Id,
                SelfServiceFormId = fusionauth_form.Self_service.Id,
            },
            JwtConfiguration = new Fusionauth.Inputs.FusionAuthApplicationJwtConfigurationArgs
            {
                AccessTokenId = fusionauth_key.Access_token.Id,
                Enabled = true,
                IdTokenKeyId = fusionauth_key.Id_token.Id,
                RefreshTokenTtlMinutes = 43200,
                TtlSeconds = 3600,
            },
            LambdaConfiguration = new Fusionauth.Inputs.FusionAuthApplicationLambdaConfigurationArgs
            {
                AccessTokenPopulateId = fusionauth_lambda.Token_populate.Id,
                IdTokenPopulateId = fusionauth_lambda.Id_token_populate.Id,
            },
            LoginConfiguration = new Fusionauth.Inputs.FusionAuthApplicationLoginConfigurationArgs
            {
                AllowTokenRefresh = false,
                GenerateRefreshTokens = false,
                RequireAuthentication = true,
            },
            MultiFactorConfiguration = new Fusionauth.Inputs.FusionAuthApplicationMultiFactorConfigurationArgs
            {
                EmailTemplateId = "859f394b-22a6-4fa6-ba55-de700df9e950",
                SmsTemplateId = "17760f96-dca7-448b-9a8f-c49016aa7210",
                LoginPolicy = "Required",
                TrustPolicy = "Any",
            },
            OauthConfiguration = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationArgs
            {
                AuthorizedOriginUrls = new[]
                {
                    "http://www.example.com/oauth-callback",
                },
                AuthorizedUrlValidationPolicy = "ExactMatch",
                EnabledGrants = new[]
                {
                    "authorization_code",
                    "implicit",
                },
                GenerateRefreshTokens = false,
                LogoutBehavior = "AllApplications",
                LogoutUrl = "http://www.example.com/logout",
                RequireClientAuthentication = false,
                ProvidedScopePolicies = new[]
                {
                    new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs
                    {
                        Address = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs
                        {
                            Enabled = false,
                            Required = false,
                        },
                        Email = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs
                        {
                            Enabled = false,
                            Required = false,
                        },
                        Phone = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs
                        {
                            Enabled = false,
                            Required = false,
                        },
                        Profile = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs
                        {
                            Enabled = false,
                            Required = false,
                        },
                    },
                },
            },
            RegistrationConfiguration = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationArgs
            {
                BirthDate = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationBirthDateArgs
                {
                    Enabled = false,
                    Required = false,
                },
                ConfirmPassword = false,
                Enabled = false,
                FirstName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFirstNameArgs
                {
                    Enabled = false,
                    Required = false,
                },
                FullName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFullNameArgs
                {
                    Enabled = false,
                    Required = false,
                },
                LastName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationLastNameArgs
                {
                    Enabled = false,
                    Required = false,
                },
                LoginIdType = "",
                MiddleName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs
                {
                    Enabled = false,
                    Required = false,
                },
                MobilePhone = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs
                {
                    Enabled = false,
                    Required = false,
                },
                PreferredLanguages = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs
                {
                    Enabled = false,
                    Required = false,
                },
                Type = "",
            },
            PasswordlessConfigurationEnabled = false,
            RegistrationDeletePolicy = new Fusionauth.Inputs.FusionAuthApplicationRegistrationDeletePolicyArgs
            {
                UnverifiedEnabled = true,
                UnverifiedNumberOfDaysToRetain = 30,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fusionauth.FusionAuthApplication;
    import com.pulumi.fusionauth.FusionAuthApplicationArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationFormConfigurationArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationJwtConfigurationArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationLambdaConfigurationArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationLoginConfigurationArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationMultiFactorConfigurationArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationOauthConfigurationArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationBirthDateArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationFirstNameArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationFullNameArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationLastNameArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs;
    import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationDeletePolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var forum = new FusionAuthApplication("forum", FusionAuthApplicationArgs.builder()
                .tenantId(fusionauth_tenant.portal().id())
                .authenticationTokenConfigurationEnabled(false)
                .formConfiguration(FusionAuthApplicationFormConfigurationArgs.builder()
                    .adminRegistrationFormId(fusionauth_form.admin_registration().id())
                    .selfServiceFormId(fusionauth_form.self_service().id())
                    .build())
                .jwtConfiguration(FusionAuthApplicationJwtConfigurationArgs.builder()
                    .accessTokenId(fusionauth_key.access_token().id())
                    .enabled(true)
                    .idTokenKeyId(fusionauth_key.id_token().id())
                    .refreshTokenTtlMinutes(43200)
                    .ttlSeconds(3600)
                    .build())
                .lambdaConfiguration(FusionAuthApplicationLambdaConfigurationArgs.builder()
                    .accessTokenPopulateId(fusionauth_lambda.token_populate().id())
                    .idTokenPopulateId(fusionauth_lambda.id_token_populate().id())
                    .build())
                .loginConfiguration(FusionAuthApplicationLoginConfigurationArgs.builder()
                    .allowTokenRefresh(false)
                    .generateRefreshTokens(false)
                    .requireAuthentication(true)
                    .build())
                .multiFactorConfiguration(FusionAuthApplicationMultiFactorConfigurationArgs.builder()
                    .emailTemplateId("859f394b-22a6-4fa6-ba55-de700df9e950")
                    .smsTemplateId("17760f96-dca7-448b-9a8f-c49016aa7210")
                    .loginPolicy("Required")
                    .trustPolicy("Any")
                    .build())
                .oauthConfiguration(FusionAuthApplicationOauthConfigurationArgs.builder()
                    .authorizedOriginUrls("http://www.example.com/oauth-callback")
                    .authorizedUrlValidationPolicy("ExactMatch")
                    .enabledGrants(                
                        "authorization_code",
                        "implicit")
                    .generateRefreshTokens(false)
                    .logoutBehavior("AllApplications")
                    .logoutUrl("http://www.example.com/logout")
                    .requireClientAuthentication(false)
                    .providedScopePolicies(FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs.builder()
                        .address(FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs.builder()
                            .enabled(false)
                            .required(false)
                            .build())
                        .email(FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs.builder()
                            .enabled(false)
                            .required(false)
                            .build())
                        .phone(FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs.builder()
                            .enabled(false)
                            .required(false)
                            .build())
                        .profile(FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs.builder()
                            .enabled(false)
                            .required(false)
                            .build())
                        .build())
                    .build())
                .registrationConfiguration(FusionAuthApplicationRegistrationConfigurationArgs.builder()
                    .birthDate(FusionAuthApplicationRegistrationConfigurationBirthDateArgs.builder()
                        .enabled(false)
                        .required(false)
                        .build())
                    .confirmPassword(false)
                    .enabled(false)
                    .firstName(FusionAuthApplicationRegistrationConfigurationFirstNameArgs.builder()
                        .enabled(false)
                        .required(false)
                        .build())
                    .fullName(FusionAuthApplicationRegistrationConfigurationFullNameArgs.builder()
                        .enabled(false)
                        .required(false)
                        .build())
                    .lastName(FusionAuthApplicationRegistrationConfigurationLastNameArgs.builder()
                        .enabled(false)
                        .required(false)
                        .build())
                    .loginIdType("")
                    .middleName(FusionAuthApplicationRegistrationConfigurationMiddleNameArgs.builder()
                        .enabled(false)
                        .required(false)
                        .build())
                    .mobilePhone(FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs.builder()
                        .enabled(false)
                        .required(false)
                        .build())
                    .preferredLanguages(FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs.builder()
                        .enabled(false)
                        .required(false)
                        .build())
                    .type("")
                    .build())
                .passwordlessConfigurationEnabled(false)
                .registrationDeletePolicy(FusionAuthApplicationRegistrationDeletePolicyArgs.builder()
                    .unverifiedEnabled(true)
                    .unverifiedNumberOfDaysToRetain(30)
                    .build())
                .build());
    
        }
    }
    
    resources:
      forum:
        type: fusionauth:FusionAuthApplication
        properties:
          tenantId: ${fusionauth_tenant.portal.id}
          authenticationTokenConfigurationEnabled: false
          formConfiguration:
            adminRegistrationFormId: ${fusionauth_form.admin_registration.id}
            selfServiceFormId: ${fusionauth_form.self_service.id}
          jwtConfiguration:
            accessTokenId: ${fusionauth_key.access_token.id}
            enabled: true
            idTokenKeyId: ${fusionauth_key.id_token.id}
            refreshTokenTtlMinutes: 43200
            ttlSeconds: 3600
          lambdaConfiguration:
            accessTokenPopulateId: ${fusionauth_lambda.token_populate.id}
            idTokenPopulateId: ${fusionauth_lambda.id_token_populate.id}
          loginConfiguration:
            allowTokenRefresh: false
            generateRefreshTokens: false
            requireAuthentication: true
          multiFactorConfiguration:
            emailTemplateId: 859f394b-22a6-4fa6-ba55-de700df9e950
            smsTemplateId: 17760f96-dca7-448b-9a8f-c49016aa7210
            loginPolicy: Required
            trustPolicy: Any
          oauthConfiguration:
            authorizedOriginUrls:
              - http://www.example.com/oauth-callback
            authorizedUrlValidationPolicy: ExactMatch
            enabledGrants:
              - authorization_code
              - implicit
            generateRefreshTokens: false
            logoutBehavior: AllApplications
            logoutUrl: http://www.example.com/logout
            requireClientAuthentication: false
            providedScopePolicies:
              - address:
                  enabled: false
                  required: false
                email:
                  enabled: false
                  required: false
                phone:
                  enabled: false
                  required: false
                profile:
                  enabled: false
                  required: false
          registrationConfiguration:
            birthDate:
              enabled: false
              required: false
            confirmPassword: false
            enabled: false
            firstName:
              enabled: false
              required: false
            fullName:
              enabled: false
              required: false
            lastName:
              enabled: false
              required: false
            loginIdType: ""
            middleName:
              enabled: false
              required: false
            mobilePhone:
              enabled: false
              required: false
            preferredLanguages:
              enabled: false
              required: false
            type: ""
          passwordlessConfigurationEnabled: false
          registrationDeletePolicy:
            unverifiedEnabled: true
            unverifiedNumberOfDaysToRetain: 30
    

    Create FusionAuthApplication Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new FusionAuthApplication(name: string, args: FusionAuthApplicationArgs, opts?: CustomResourceOptions);
    @overload
    def FusionAuthApplication(resource_name: str,
                              args: FusionAuthApplicationArgs,
                              opts: Optional[ResourceOptions] = None)
    
    @overload
    def FusionAuthApplication(resource_name: str,
                              opts: Optional[ResourceOptions] = None,
                              tenant_id: Optional[str] = None,
                              multi_factor_configuration: Optional[FusionAuthApplicationMultiFactorConfigurationArgs] = None,
                              clean_speak_configuration: Optional[FusionAuthApplicationCleanSpeakConfigurationArgs] = None,
                              oauth_configuration: Optional[FusionAuthApplicationOauthConfigurationArgs] = None,
                              data: Optional[Mapping[str, str]] = None,
                              email_configuration: Optional[FusionAuthApplicationEmailConfigurationArgs] = None,
                              form_configuration: Optional[FusionAuthApplicationFormConfigurationArgs] = None,
                              jwt_configuration: Optional[FusionAuthApplicationJwtConfigurationArgs] = None,
                              lambda_configuration: Optional[FusionAuthApplicationLambdaConfigurationArgs] = None,
                              passwordless_configuration_enabled: Optional[bool] = None,
                              access_control_configuration: Optional[FusionAuthApplicationAccessControlConfigurationArgs] = None,
                              webauthn_configuration: Optional[FusionAuthApplicationWebauthnConfigurationArgs] = None,
                              authentication_token_configuration_enabled: Optional[bool] = None,
                              login_configuration: Optional[FusionAuthApplicationLoginConfigurationArgs] = None,
                              registration_configuration: Optional[FusionAuthApplicationRegistrationConfigurationArgs] = None,
                              registration_delete_policy: Optional[FusionAuthApplicationRegistrationDeletePolicyArgs] = None,
                              samlv2_configuration: Optional[FusionAuthApplicationSamlv2ConfigurationArgs] = None,
                              application_id: Optional[str] = None,
                              theme_id: Optional[str] = None,
                              verification_email_template_id: Optional[str] = None,
                              verification_strategy: Optional[str] = None,
                              verify_registration: Optional[bool] = None,
                              name: Optional[str] = None)
    func NewFusionAuthApplication(ctx *Context, name string, args FusionAuthApplicationArgs, opts ...ResourceOption) (*FusionAuthApplication, error)
    public FusionAuthApplication(string name, FusionAuthApplicationArgs args, CustomResourceOptions? opts = null)
    public FusionAuthApplication(String name, FusionAuthApplicationArgs args)
    public FusionAuthApplication(String name, FusionAuthApplicationArgs args, CustomResourceOptions options)
    
    type: fusionauth:FusionAuthApplication
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args FusionAuthApplicationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FusionAuthApplicationArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FusionAuthApplicationArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FusionAuthApplicationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FusionAuthApplicationArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var fusionAuthApplicationResource = new Fusionauth.FusionAuthApplication("fusionAuthApplicationResource", new()
    {
        TenantId = "string",
        MultiFactorConfiguration = new Fusionauth.Inputs.FusionAuthApplicationMultiFactorConfigurationArgs
        {
            EmailTemplateId = "string",
            LoginPolicy = "string",
            SmsTemplateId = "string",
            TrustPolicy = "string",
        },
        CleanSpeakConfiguration = new Fusionauth.Inputs.FusionAuthApplicationCleanSpeakConfigurationArgs
        {
            ApplicationIds = new[]
            {
                "string",
            },
            UsernameModeration = new Fusionauth.Inputs.FusionAuthApplicationCleanSpeakConfigurationUsernameModerationArgs
            {
                ApplicationId = "string",
                Enabled = false,
            },
        },
        OauthConfiguration = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationArgs
        {
            ScopeHandlingPolicy = "string",
            UnknownScopePolicy = "string",
            GenerateRefreshTokens = false,
            LogoutBehavior = "string",
            ClientId = "string",
            ClientSecret = "string",
            ConsentMode = "string",
            Debug = false,
            DeviceVerificationUrl = "string",
            EnabledGrants = new[]
            {
                "string",
            },
            AuthorizedOriginUrls = new[]
            {
                "string",
            },
            ClientAuthenticationPolicy = "string",
            LogoutUrl = "string",
            ProofKeyForCodeExchangePolicy = "string",
            ProvidedScopePolicies = new[]
            {
                new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs
                {
                    Address = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs
                    {
                        Enabled = false,
                        Required = false,
                    },
                    Email = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs
                    {
                        Enabled = false,
                        Required = false,
                    },
                    Phone = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs
                    {
                        Enabled = false,
                        Required = false,
                    },
                    Profile = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs
                    {
                        Enabled = false,
                        Required = false,
                    },
                },
            },
            Relationship = "string",
            RequireRegistration = false,
            AuthorizedUrlValidationPolicy = "string",
            AuthorizedRedirectUrls = new[]
            {
                "string",
            },
        },
        Data = 
        {
            { "string", "string" },
        },
        EmailConfiguration = new Fusionauth.Inputs.FusionAuthApplicationEmailConfigurationArgs
        {
            EmailUpdateTemplateId = "string",
            EmailVerificationTemplateId = "string",
            EmailVerifiedTemplateId = "string",
            ForgotPasswordTemplateId = "string",
            LoginIdInUseOnCreateTemplateId = "string",
            LoginIdInUseOnUpdateTemplateId = "string",
            LoginNewDeviceTemplateId = "string",
            LoginSuspiciousTemplateId = "string",
            PasswordResetSuccessTemplateId = "string",
            PasswordUpdateTemplateId = "string",
            PasswordlessEmailTemplateId = "string",
            SetPasswordEmailTemplateId = "string",
            TwoFactorMethodAddTemplateId = "string",
            TwoFactorMethodRemoveTemplateId = "string",
        },
        FormConfiguration = new Fusionauth.Inputs.FusionAuthApplicationFormConfigurationArgs
        {
            AdminRegistrationFormId = "string",
            SelfServiceFormConfiguration = new Fusionauth.Inputs.FusionAuthApplicationFormConfigurationSelfServiceFormConfigurationArgs
            {
                RequireCurrentPasswordOnPasswordChange = false,
            },
            SelfServiceFormId = "string",
        },
        JwtConfiguration = new Fusionauth.Inputs.FusionAuthApplicationJwtConfigurationArgs
        {
            AccessTokenId = "string",
            Enabled = false,
            IdTokenKeyId = "string",
            RefreshTokenExpirationPolicy = "string",
            RefreshTokenSlidingWindowMaximumTtlInMinutes = 0,
            RefreshTokenTtlMinutes = 0,
            RefreshTokenUsagePolicy = "string",
            TtlSeconds = 0,
        },
        LambdaConfiguration = new Fusionauth.Inputs.FusionAuthApplicationLambdaConfigurationArgs
        {
            AccessTokenPopulateId = "string",
            IdTokenPopulateId = "string",
            Samlv2PopulateId = "string",
            SelfServiceRegistrationValidationId = "string",
            UserinfoPopulateId = "string",
        },
        PasswordlessConfigurationEnabled = false,
        AccessControlConfiguration = new Fusionauth.Inputs.FusionAuthApplicationAccessControlConfigurationArgs
        {
            UiIpAccessControlListId = "string",
        },
        WebauthnConfiguration = new Fusionauth.Inputs.FusionAuthApplicationWebauthnConfigurationArgs
        {
            BootstrapWorkflowEnabled = false,
            Enabled = false,
            ReauthenticationWorkflowEnabled = false,
        },
        AuthenticationTokenConfigurationEnabled = false,
        LoginConfiguration = new Fusionauth.Inputs.FusionAuthApplicationLoginConfigurationArgs
        {
            AllowTokenRefresh = false,
            GenerateRefreshTokens = false,
            RequireAuthentication = false,
        },
        RegistrationConfiguration = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationArgs
        {
            BirthDate = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationBirthDateArgs
            {
                Enabled = false,
                Required = false,
            },
            ConfirmPassword = false,
            Enabled = false,
            FirstName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFirstNameArgs
            {
                Enabled = false,
                Required = false,
            },
            FormId = "string",
            FullName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFullNameArgs
            {
                Enabled = false,
                Required = false,
            },
            LastName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationLastNameArgs
            {
                Enabled = false,
                Required = false,
            },
            LoginIdType = "string",
            MiddleName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs
            {
                Enabled = false,
                Required = false,
            },
            MobilePhone = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs
            {
                Enabled = false,
                Required = false,
            },
            PreferredLanguages = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs
            {
                Enabled = false,
                Required = false,
            },
            Type = "string",
        },
        RegistrationDeletePolicy = new Fusionauth.Inputs.FusionAuthApplicationRegistrationDeletePolicyArgs
        {
            UnverifiedEnabled = false,
            UnverifiedNumberOfDaysToRetain = 0,
        },
        Samlv2Configuration = new Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationArgs
        {
            AuthorizedRedirectUrls = new[]
            {
                "string",
            },
            Issuer = "string",
            Debug = false,
            KeyId = "string",
            AssertionEncryptionConfiguration = new Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfigurationArgs
            {
                DigestAlgorithm = "string",
                Enabled = false,
                EncryptionAlgorithm = "string",
                KeyLocation = "string",
                KeyTransportAlgorithm = "string",
                KeyTransportEncryptionKeyId = "string",
                MaskGenerationFunction = "string",
            },
            DefaultVerificationKeyId = "string",
            Enabled = false,
            InitiatedLogin = new Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationInitiatedLoginArgs
            {
                Enabled = false,
                NameIdFormat = "string",
            },
            Audience = "string",
            LoginHintConfiguration = new Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationLoginHintConfigurationArgs
            {
                Enabled = false,
                ParameterName = "string",
            },
            Logout = new Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationLogoutArgs
            {
                Behavior = "string",
                DefaultVerificationKeyId = "string",
                KeyId = "string",
                RequireSignedRequests = false,
                SingleLogout = new Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogoutArgs
                {
                    Enabled = false,
                    KeyId = "string",
                    Url = "string",
                    XmlSignatureCanonicalizationMethod = "string",
                },
                XmlSignatureCanonicalizationMethod = "string",
            },
            LogoutUrl = "string",
            RequiredSignedRequests = false,
            XmlSignatureCanonicalizationMethod = "string",
            XmlSignatureLocation = "string",
        },
        ApplicationId = "string",
        ThemeId = "string",
        VerificationEmailTemplateId = "string",
        VerificationStrategy = "string",
        VerifyRegistration = false,
        Name = "string",
    });
    
    example, err := fusionauth.NewFusionAuthApplication(ctx, "fusionAuthApplicationResource", &fusionauth.FusionAuthApplicationArgs{
    	TenantId: pulumi.String("string"),
    	MultiFactorConfiguration: &fusionauth.FusionAuthApplicationMultiFactorConfigurationArgs{
    		EmailTemplateId: pulumi.String("string"),
    		LoginPolicy:     pulumi.String("string"),
    		SmsTemplateId:   pulumi.String("string"),
    		TrustPolicy:     pulumi.String("string"),
    	},
    	CleanSpeakConfiguration: &fusionauth.FusionAuthApplicationCleanSpeakConfigurationArgs{
    		ApplicationIds: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		UsernameModeration: &fusionauth.FusionAuthApplicationCleanSpeakConfigurationUsernameModerationArgs{
    			ApplicationId: pulumi.String("string"),
    			Enabled:       pulumi.Bool(false),
    		},
    	},
    	OauthConfiguration: &fusionauth.FusionAuthApplicationOauthConfigurationArgs{
    		ScopeHandlingPolicy:   pulumi.String("string"),
    		UnknownScopePolicy:    pulumi.String("string"),
    		GenerateRefreshTokens: pulumi.Bool(false),
    		LogoutBehavior:        pulumi.String("string"),
    		ClientId:              pulumi.String("string"),
    		ClientSecret:          pulumi.String("string"),
    		ConsentMode:           pulumi.String("string"),
    		Debug:                 pulumi.Bool(false),
    		DeviceVerificationUrl: pulumi.String("string"),
    		EnabledGrants: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		AuthorizedOriginUrls: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ClientAuthenticationPolicy:    pulumi.String("string"),
    		LogoutUrl:                     pulumi.String("string"),
    		ProofKeyForCodeExchangePolicy: pulumi.String("string"),
    		ProvidedScopePolicies: fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArray{
    			&fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs{
    				Address: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    				Email: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    				Phone: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    				Profile: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs{
    					Enabled:  pulumi.Bool(false),
    					Required: pulumi.Bool(false),
    				},
    			},
    		},
    		Relationship:                  pulumi.String("string"),
    		RequireRegistration:           pulumi.Bool(false),
    		AuthorizedUrlValidationPolicy: pulumi.String("string"),
    		AuthorizedRedirectUrls: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	Data: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	EmailConfiguration: &fusionauth.FusionAuthApplicationEmailConfigurationArgs{
    		EmailUpdateTemplateId:           pulumi.String("string"),
    		EmailVerificationTemplateId:     pulumi.String("string"),
    		EmailVerifiedTemplateId:         pulumi.String("string"),
    		ForgotPasswordTemplateId:        pulumi.String("string"),
    		LoginIdInUseOnCreateTemplateId:  pulumi.String("string"),
    		LoginIdInUseOnUpdateTemplateId:  pulumi.String("string"),
    		LoginNewDeviceTemplateId:        pulumi.String("string"),
    		LoginSuspiciousTemplateId:       pulumi.String("string"),
    		PasswordResetSuccessTemplateId:  pulumi.String("string"),
    		PasswordUpdateTemplateId:        pulumi.String("string"),
    		PasswordlessEmailTemplateId:     pulumi.String("string"),
    		SetPasswordEmailTemplateId:      pulumi.String("string"),
    		TwoFactorMethodAddTemplateId:    pulumi.String("string"),
    		TwoFactorMethodRemoveTemplateId: pulumi.String("string"),
    	},
    	FormConfiguration: &fusionauth.FusionAuthApplicationFormConfigurationArgs{
    		AdminRegistrationFormId: pulumi.String("string"),
    		SelfServiceFormConfiguration: &fusionauth.FusionAuthApplicationFormConfigurationSelfServiceFormConfigurationArgs{
    			RequireCurrentPasswordOnPasswordChange: pulumi.Bool(false),
    		},
    		SelfServiceFormId: pulumi.String("string"),
    	},
    	JwtConfiguration: &fusionauth.FusionAuthApplicationJwtConfigurationArgs{
    		AccessTokenId:                pulumi.String("string"),
    		Enabled:                      pulumi.Bool(false),
    		IdTokenKeyId:                 pulumi.String("string"),
    		RefreshTokenExpirationPolicy: pulumi.String("string"),
    		RefreshTokenSlidingWindowMaximumTtlInMinutes: pulumi.Int(0),
    		RefreshTokenTtlMinutes:                       pulumi.Int(0),
    		RefreshTokenUsagePolicy:                      pulumi.String("string"),
    		TtlSeconds:                                   pulumi.Int(0),
    	},
    	LambdaConfiguration: &fusionauth.FusionAuthApplicationLambdaConfigurationArgs{
    		AccessTokenPopulateId:               pulumi.String("string"),
    		IdTokenPopulateId:                   pulumi.String("string"),
    		Samlv2PopulateId:                    pulumi.String("string"),
    		SelfServiceRegistrationValidationId: pulumi.String("string"),
    		UserinfoPopulateId:                  pulumi.String("string"),
    	},
    	PasswordlessConfigurationEnabled: pulumi.Bool(false),
    	AccessControlConfiguration: &fusionauth.FusionAuthApplicationAccessControlConfigurationArgs{
    		UiIpAccessControlListId: pulumi.String("string"),
    	},
    	WebauthnConfiguration: &fusionauth.FusionAuthApplicationWebauthnConfigurationArgs{
    		BootstrapWorkflowEnabled:        pulumi.Bool(false),
    		Enabled:                         pulumi.Bool(false),
    		ReauthenticationWorkflowEnabled: pulumi.Bool(false),
    	},
    	AuthenticationTokenConfigurationEnabled: pulumi.Bool(false),
    	LoginConfiguration: &fusionauth.FusionAuthApplicationLoginConfigurationArgs{
    		AllowTokenRefresh:     pulumi.Bool(false),
    		GenerateRefreshTokens: pulumi.Bool(false),
    		RequireAuthentication: pulumi.Bool(false),
    	},
    	RegistrationConfiguration: &fusionauth.FusionAuthApplicationRegistrationConfigurationArgs{
    		BirthDate: &fusionauth.FusionAuthApplicationRegistrationConfigurationBirthDateArgs{
    			Enabled:  pulumi.Bool(false),
    			Required: pulumi.Bool(false),
    		},
    		ConfirmPassword: pulumi.Bool(false),
    		Enabled:         pulumi.Bool(false),
    		FirstName: &fusionauth.FusionAuthApplicationRegistrationConfigurationFirstNameArgs{
    			Enabled:  pulumi.Bool(false),
    			Required: pulumi.Bool(false),
    		},
    		FormId: pulumi.String("string"),
    		FullName: &fusionauth.FusionAuthApplicationRegistrationConfigurationFullNameArgs{
    			Enabled:  pulumi.Bool(false),
    			Required: pulumi.Bool(false),
    		},
    		LastName: &fusionauth.FusionAuthApplicationRegistrationConfigurationLastNameArgs{
    			Enabled:  pulumi.Bool(false),
    			Required: pulumi.Bool(false),
    		},
    		LoginIdType: pulumi.String("string"),
    		MiddleName: &fusionauth.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs{
    			Enabled:  pulumi.Bool(false),
    			Required: pulumi.Bool(false),
    		},
    		MobilePhone: &fusionauth.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs{
    			Enabled:  pulumi.Bool(false),
    			Required: pulumi.Bool(false),
    		},
    		PreferredLanguages: &fusionauth.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs{
    			Enabled:  pulumi.Bool(false),
    			Required: pulumi.Bool(false),
    		},
    		Type: pulumi.String("string"),
    	},
    	RegistrationDeletePolicy: &fusionauth.FusionAuthApplicationRegistrationDeletePolicyArgs{
    		UnverifiedEnabled:              pulumi.Bool(false),
    		UnverifiedNumberOfDaysToRetain: pulumi.Int(0),
    	},
    	Samlv2Configuration: &fusionauth.FusionAuthApplicationSamlv2ConfigurationArgs{
    		AuthorizedRedirectUrls: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Issuer: pulumi.String("string"),
    		Debug:  pulumi.Bool(false),
    		KeyId:  pulumi.String("string"),
    		AssertionEncryptionConfiguration: &fusionauth.FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfigurationArgs{
    			DigestAlgorithm:             pulumi.String("string"),
    			Enabled:                     pulumi.Bool(false),
    			EncryptionAlgorithm:         pulumi.String("string"),
    			KeyLocation:                 pulumi.String("string"),
    			KeyTransportAlgorithm:       pulumi.String("string"),
    			KeyTransportEncryptionKeyId: pulumi.String("string"),
    			MaskGenerationFunction:      pulumi.String("string"),
    		},
    		DefaultVerificationKeyId: pulumi.String("string"),
    		Enabled:                  pulumi.Bool(false),
    		InitiatedLogin: &fusionauth.FusionAuthApplicationSamlv2ConfigurationInitiatedLoginArgs{
    			Enabled:      pulumi.Bool(false),
    			NameIdFormat: pulumi.String("string"),
    		},
    		Audience: pulumi.String("string"),
    		LoginHintConfiguration: &fusionauth.FusionAuthApplicationSamlv2ConfigurationLoginHintConfigurationArgs{
    			Enabled:       pulumi.Bool(false),
    			ParameterName: pulumi.String("string"),
    		},
    		Logout: &fusionauth.FusionAuthApplicationSamlv2ConfigurationLogoutArgs{
    			Behavior:                 pulumi.String("string"),
    			DefaultVerificationKeyId: pulumi.String("string"),
    			KeyId:                    pulumi.String("string"),
    			RequireSignedRequests:    pulumi.Bool(false),
    			SingleLogout: &fusionauth.FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogoutArgs{
    				Enabled:                            pulumi.Bool(false),
    				KeyId:                              pulumi.String("string"),
    				Url:                                pulumi.String("string"),
    				XmlSignatureCanonicalizationMethod: pulumi.String("string"),
    			},
    			XmlSignatureCanonicalizationMethod: pulumi.String("string"),
    		},
    		LogoutUrl:                          pulumi.String("string"),
    		RequiredSignedRequests:             pulumi.Bool(false),
    		XmlSignatureCanonicalizationMethod: pulumi.String("string"),
    		XmlSignatureLocation:               pulumi.String("string"),
    	},
    	ApplicationId:               pulumi.String("string"),
    	ThemeId:                     pulumi.String("string"),
    	VerificationEmailTemplateId: pulumi.String("string"),
    	VerificationStrategy:        pulumi.String("string"),
    	VerifyRegistration:          pulumi.Bool(false),
    	Name:                        pulumi.String("string"),
    })
    
    var fusionAuthApplicationResource = new FusionAuthApplication("fusionAuthApplicationResource", FusionAuthApplicationArgs.builder()
        .tenantId("string")
        .multiFactorConfiguration(FusionAuthApplicationMultiFactorConfigurationArgs.builder()
            .emailTemplateId("string")
            .loginPolicy("string")
            .smsTemplateId("string")
            .trustPolicy("string")
            .build())
        .cleanSpeakConfiguration(FusionAuthApplicationCleanSpeakConfigurationArgs.builder()
            .applicationIds("string")
            .usernameModeration(FusionAuthApplicationCleanSpeakConfigurationUsernameModerationArgs.builder()
                .applicationId("string")
                .enabled(false)
                .build())
            .build())
        .oauthConfiguration(FusionAuthApplicationOauthConfigurationArgs.builder()
            .scopeHandlingPolicy("string")
            .unknownScopePolicy("string")
            .generateRefreshTokens(false)
            .logoutBehavior("string")
            .clientId("string")
            .clientSecret("string")
            .consentMode("string")
            .debug(false)
            .deviceVerificationUrl("string")
            .enabledGrants("string")
            .authorizedOriginUrls("string")
            .clientAuthenticationPolicy("string")
            .logoutUrl("string")
            .proofKeyForCodeExchangePolicy("string")
            .providedScopePolicies(FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs.builder()
                .address(FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs.builder()
                    .enabled(false)
                    .required(false)
                    .build())
                .email(FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs.builder()
                    .enabled(false)
                    .required(false)
                    .build())
                .phone(FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs.builder()
                    .enabled(false)
                    .required(false)
                    .build())
                .profile(FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs.builder()
                    .enabled(false)
                    .required(false)
                    .build())
                .build())
            .relationship("string")
            .requireRegistration(false)
            .authorizedUrlValidationPolicy("string")
            .authorizedRedirectUrls("string")
            .build())
        .data(Map.of("string", "string"))
        .emailConfiguration(FusionAuthApplicationEmailConfigurationArgs.builder()
            .emailUpdateTemplateId("string")
            .emailVerificationTemplateId("string")
            .emailVerifiedTemplateId("string")
            .forgotPasswordTemplateId("string")
            .loginIdInUseOnCreateTemplateId("string")
            .loginIdInUseOnUpdateTemplateId("string")
            .loginNewDeviceTemplateId("string")
            .loginSuspiciousTemplateId("string")
            .passwordResetSuccessTemplateId("string")
            .passwordUpdateTemplateId("string")
            .passwordlessEmailTemplateId("string")
            .setPasswordEmailTemplateId("string")
            .twoFactorMethodAddTemplateId("string")
            .twoFactorMethodRemoveTemplateId("string")
            .build())
        .formConfiguration(FusionAuthApplicationFormConfigurationArgs.builder()
            .adminRegistrationFormId("string")
            .selfServiceFormConfiguration(FusionAuthApplicationFormConfigurationSelfServiceFormConfigurationArgs.builder()
                .requireCurrentPasswordOnPasswordChange(false)
                .build())
            .selfServiceFormId("string")
            .build())
        .jwtConfiguration(FusionAuthApplicationJwtConfigurationArgs.builder()
            .accessTokenId("string")
            .enabled(false)
            .idTokenKeyId("string")
            .refreshTokenExpirationPolicy("string")
            .refreshTokenSlidingWindowMaximumTtlInMinutes(0)
            .refreshTokenTtlMinutes(0)
            .refreshTokenUsagePolicy("string")
            .ttlSeconds(0)
            .build())
        .lambdaConfiguration(FusionAuthApplicationLambdaConfigurationArgs.builder()
            .accessTokenPopulateId("string")
            .idTokenPopulateId("string")
            .samlv2PopulateId("string")
            .selfServiceRegistrationValidationId("string")
            .userinfoPopulateId("string")
            .build())
        .passwordlessConfigurationEnabled(false)
        .accessControlConfiguration(FusionAuthApplicationAccessControlConfigurationArgs.builder()
            .uiIpAccessControlListId("string")
            .build())
        .webauthnConfiguration(FusionAuthApplicationWebauthnConfigurationArgs.builder()
            .bootstrapWorkflowEnabled(false)
            .enabled(false)
            .reauthenticationWorkflowEnabled(false)
            .build())
        .authenticationTokenConfigurationEnabled(false)
        .loginConfiguration(FusionAuthApplicationLoginConfigurationArgs.builder()
            .allowTokenRefresh(false)
            .generateRefreshTokens(false)
            .requireAuthentication(false)
            .build())
        .registrationConfiguration(FusionAuthApplicationRegistrationConfigurationArgs.builder()
            .birthDate(FusionAuthApplicationRegistrationConfigurationBirthDateArgs.builder()
                .enabled(false)
                .required(false)
                .build())
            .confirmPassword(false)
            .enabled(false)
            .firstName(FusionAuthApplicationRegistrationConfigurationFirstNameArgs.builder()
                .enabled(false)
                .required(false)
                .build())
            .formId("string")
            .fullName(FusionAuthApplicationRegistrationConfigurationFullNameArgs.builder()
                .enabled(false)
                .required(false)
                .build())
            .lastName(FusionAuthApplicationRegistrationConfigurationLastNameArgs.builder()
                .enabled(false)
                .required(false)
                .build())
            .loginIdType("string")
            .middleName(FusionAuthApplicationRegistrationConfigurationMiddleNameArgs.builder()
                .enabled(false)
                .required(false)
                .build())
            .mobilePhone(FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs.builder()
                .enabled(false)
                .required(false)
                .build())
            .preferredLanguages(FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs.builder()
                .enabled(false)
                .required(false)
                .build())
            .type("string")
            .build())
        .registrationDeletePolicy(FusionAuthApplicationRegistrationDeletePolicyArgs.builder()
            .unverifiedEnabled(false)
            .unverifiedNumberOfDaysToRetain(0)
            .build())
        .samlv2Configuration(FusionAuthApplicationSamlv2ConfigurationArgs.builder()
            .authorizedRedirectUrls("string")
            .issuer("string")
            .debug(false)
            .keyId("string")
            .assertionEncryptionConfiguration(FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfigurationArgs.builder()
                .digestAlgorithm("string")
                .enabled(false)
                .encryptionAlgorithm("string")
                .keyLocation("string")
                .keyTransportAlgorithm("string")
                .keyTransportEncryptionKeyId("string")
                .maskGenerationFunction("string")
                .build())
            .defaultVerificationKeyId("string")
            .enabled(false)
            .initiatedLogin(FusionAuthApplicationSamlv2ConfigurationInitiatedLoginArgs.builder()
                .enabled(false)
                .nameIdFormat("string")
                .build())
            .audience("string")
            .loginHintConfiguration(FusionAuthApplicationSamlv2ConfigurationLoginHintConfigurationArgs.builder()
                .enabled(false)
                .parameterName("string")
                .build())
            .logout(FusionAuthApplicationSamlv2ConfigurationLogoutArgs.builder()
                .behavior("string")
                .defaultVerificationKeyId("string")
                .keyId("string")
                .requireSignedRequests(false)
                .singleLogout(FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogoutArgs.builder()
                    .enabled(false)
                    .keyId("string")
                    .url("string")
                    .xmlSignatureCanonicalizationMethod("string")
                    .build())
                .xmlSignatureCanonicalizationMethod("string")
                .build())
            .logoutUrl("string")
            .requiredSignedRequests(false)
            .xmlSignatureCanonicalizationMethod("string")
            .xmlSignatureLocation("string")
            .build())
        .applicationId("string")
        .themeId("string")
        .verificationEmailTemplateId("string")
        .verificationStrategy("string")
        .verifyRegistration(false)
        .name("string")
        .build());
    
    fusion_auth_application_resource = fusionauth.FusionAuthApplication("fusionAuthApplicationResource",
        tenant_id="string",
        multi_factor_configuration={
            "email_template_id": "string",
            "login_policy": "string",
            "sms_template_id": "string",
            "trust_policy": "string",
        },
        clean_speak_configuration={
            "application_ids": ["string"],
            "username_moderation": {
                "application_id": "string",
                "enabled": False,
            },
        },
        oauth_configuration={
            "scope_handling_policy": "string",
            "unknown_scope_policy": "string",
            "generate_refresh_tokens": False,
            "logout_behavior": "string",
            "client_id": "string",
            "client_secret": "string",
            "consent_mode": "string",
            "debug": False,
            "device_verification_url": "string",
            "enabled_grants": ["string"],
            "authorized_origin_urls": ["string"],
            "client_authentication_policy": "string",
            "logout_url": "string",
            "proof_key_for_code_exchange_policy": "string",
            "provided_scope_policies": [{
                "address": {
                    "enabled": False,
                    "required": False,
                },
                "email": {
                    "enabled": False,
                    "required": False,
                },
                "phone": {
                    "enabled": False,
                    "required": False,
                },
                "profile": {
                    "enabled": False,
                    "required": False,
                },
            }],
            "relationship": "string",
            "require_registration": False,
            "authorized_url_validation_policy": "string",
            "authorized_redirect_urls": ["string"],
        },
        data={
            "string": "string",
        },
        email_configuration={
            "email_update_template_id": "string",
            "email_verification_template_id": "string",
            "email_verified_template_id": "string",
            "forgot_password_template_id": "string",
            "login_id_in_use_on_create_template_id": "string",
            "login_id_in_use_on_update_template_id": "string",
            "login_new_device_template_id": "string",
            "login_suspicious_template_id": "string",
            "password_reset_success_template_id": "string",
            "password_update_template_id": "string",
            "passwordless_email_template_id": "string",
            "set_password_email_template_id": "string",
            "two_factor_method_add_template_id": "string",
            "two_factor_method_remove_template_id": "string",
        },
        form_configuration={
            "admin_registration_form_id": "string",
            "self_service_form_configuration": {
                "require_current_password_on_password_change": False,
            },
            "self_service_form_id": "string",
        },
        jwt_configuration={
            "access_token_id": "string",
            "enabled": False,
            "id_token_key_id": "string",
            "refresh_token_expiration_policy": "string",
            "refresh_token_sliding_window_maximum_ttl_in_minutes": 0,
            "refresh_token_ttl_minutes": 0,
            "refresh_token_usage_policy": "string",
            "ttl_seconds": 0,
        },
        lambda_configuration={
            "access_token_populate_id": "string",
            "id_token_populate_id": "string",
            "samlv2_populate_id": "string",
            "self_service_registration_validation_id": "string",
            "userinfo_populate_id": "string",
        },
        passwordless_configuration_enabled=False,
        access_control_configuration={
            "ui_ip_access_control_list_id": "string",
        },
        webauthn_configuration={
            "bootstrap_workflow_enabled": False,
            "enabled": False,
            "reauthentication_workflow_enabled": False,
        },
        authentication_token_configuration_enabled=False,
        login_configuration={
            "allow_token_refresh": False,
            "generate_refresh_tokens": False,
            "require_authentication": False,
        },
        registration_configuration={
            "birth_date": {
                "enabled": False,
                "required": False,
            },
            "confirm_password": False,
            "enabled": False,
            "first_name": {
                "enabled": False,
                "required": False,
            },
            "form_id": "string",
            "full_name": {
                "enabled": False,
                "required": False,
            },
            "last_name": {
                "enabled": False,
                "required": False,
            },
            "login_id_type": "string",
            "middle_name": {
                "enabled": False,
                "required": False,
            },
            "mobile_phone": {
                "enabled": False,
                "required": False,
            },
            "preferred_languages": {
                "enabled": False,
                "required": False,
            },
            "type": "string",
        },
        registration_delete_policy={
            "unverified_enabled": False,
            "unverified_number_of_days_to_retain": 0,
        },
        samlv2_configuration={
            "authorized_redirect_urls": ["string"],
            "issuer": "string",
            "debug": False,
            "key_id": "string",
            "assertion_encryption_configuration": {
                "digest_algorithm": "string",
                "enabled": False,
                "encryption_algorithm": "string",
                "key_location": "string",
                "key_transport_algorithm": "string",
                "key_transport_encryption_key_id": "string",
                "mask_generation_function": "string",
            },
            "default_verification_key_id": "string",
            "enabled": False,
            "initiated_login": {
                "enabled": False,
                "name_id_format": "string",
            },
            "audience": "string",
            "login_hint_configuration": {
                "enabled": False,
                "parameter_name": "string",
            },
            "logout": {
                "behavior": "string",
                "default_verification_key_id": "string",
                "key_id": "string",
                "require_signed_requests": False,
                "single_logout": {
                    "enabled": False,
                    "key_id": "string",
                    "url": "string",
                    "xml_signature_canonicalization_method": "string",
                },
                "xml_signature_canonicalization_method": "string",
            },
            "logout_url": "string",
            "required_signed_requests": False,
            "xml_signature_canonicalization_method": "string",
            "xml_signature_location": "string",
        },
        application_id="string",
        theme_id="string",
        verification_email_template_id="string",
        verification_strategy="string",
        verify_registration=False,
        name="string")
    
    const fusionAuthApplicationResource = new fusionauth.FusionAuthApplication("fusionAuthApplicationResource", {
        tenantId: "string",
        multiFactorConfiguration: {
            emailTemplateId: "string",
            loginPolicy: "string",
            smsTemplateId: "string",
            trustPolicy: "string",
        },
        cleanSpeakConfiguration: {
            applicationIds: ["string"],
            usernameModeration: {
                applicationId: "string",
                enabled: false,
            },
        },
        oauthConfiguration: {
            scopeHandlingPolicy: "string",
            unknownScopePolicy: "string",
            generateRefreshTokens: false,
            logoutBehavior: "string",
            clientId: "string",
            clientSecret: "string",
            consentMode: "string",
            debug: false,
            deviceVerificationUrl: "string",
            enabledGrants: ["string"],
            authorizedOriginUrls: ["string"],
            clientAuthenticationPolicy: "string",
            logoutUrl: "string",
            proofKeyForCodeExchangePolicy: "string",
            providedScopePolicies: [{
                address: {
                    enabled: false,
                    required: false,
                },
                email: {
                    enabled: false,
                    required: false,
                },
                phone: {
                    enabled: false,
                    required: false,
                },
                profile: {
                    enabled: false,
                    required: false,
                },
            }],
            relationship: "string",
            requireRegistration: false,
            authorizedUrlValidationPolicy: "string",
            authorizedRedirectUrls: ["string"],
        },
        data: {
            string: "string",
        },
        emailConfiguration: {
            emailUpdateTemplateId: "string",
            emailVerificationTemplateId: "string",
            emailVerifiedTemplateId: "string",
            forgotPasswordTemplateId: "string",
            loginIdInUseOnCreateTemplateId: "string",
            loginIdInUseOnUpdateTemplateId: "string",
            loginNewDeviceTemplateId: "string",
            loginSuspiciousTemplateId: "string",
            passwordResetSuccessTemplateId: "string",
            passwordUpdateTemplateId: "string",
            passwordlessEmailTemplateId: "string",
            setPasswordEmailTemplateId: "string",
            twoFactorMethodAddTemplateId: "string",
            twoFactorMethodRemoveTemplateId: "string",
        },
        formConfiguration: {
            adminRegistrationFormId: "string",
            selfServiceFormConfiguration: {
                requireCurrentPasswordOnPasswordChange: false,
            },
            selfServiceFormId: "string",
        },
        jwtConfiguration: {
            accessTokenId: "string",
            enabled: false,
            idTokenKeyId: "string",
            refreshTokenExpirationPolicy: "string",
            refreshTokenSlidingWindowMaximumTtlInMinutes: 0,
            refreshTokenTtlMinutes: 0,
            refreshTokenUsagePolicy: "string",
            ttlSeconds: 0,
        },
        lambdaConfiguration: {
            accessTokenPopulateId: "string",
            idTokenPopulateId: "string",
            samlv2PopulateId: "string",
            selfServiceRegistrationValidationId: "string",
            userinfoPopulateId: "string",
        },
        passwordlessConfigurationEnabled: false,
        accessControlConfiguration: {
            uiIpAccessControlListId: "string",
        },
        webauthnConfiguration: {
            bootstrapWorkflowEnabled: false,
            enabled: false,
            reauthenticationWorkflowEnabled: false,
        },
        authenticationTokenConfigurationEnabled: false,
        loginConfiguration: {
            allowTokenRefresh: false,
            generateRefreshTokens: false,
            requireAuthentication: false,
        },
        registrationConfiguration: {
            birthDate: {
                enabled: false,
                required: false,
            },
            confirmPassword: false,
            enabled: false,
            firstName: {
                enabled: false,
                required: false,
            },
            formId: "string",
            fullName: {
                enabled: false,
                required: false,
            },
            lastName: {
                enabled: false,
                required: false,
            },
            loginIdType: "string",
            middleName: {
                enabled: false,
                required: false,
            },
            mobilePhone: {
                enabled: false,
                required: false,
            },
            preferredLanguages: {
                enabled: false,
                required: false,
            },
            type: "string",
        },
        registrationDeletePolicy: {
            unverifiedEnabled: false,
            unverifiedNumberOfDaysToRetain: 0,
        },
        samlv2Configuration: {
            authorizedRedirectUrls: ["string"],
            issuer: "string",
            debug: false,
            keyId: "string",
            assertionEncryptionConfiguration: {
                digestAlgorithm: "string",
                enabled: false,
                encryptionAlgorithm: "string",
                keyLocation: "string",
                keyTransportAlgorithm: "string",
                keyTransportEncryptionKeyId: "string",
                maskGenerationFunction: "string",
            },
            defaultVerificationKeyId: "string",
            enabled: false,
            initiatedLogin: {
                enabled: false,
                nameIdFormat: "string",
            },
            audience: "string",
            loginHintConfiguration: {
                enabled: false,
                parameterName: "string",
            },
            logout: {
                behavior: "string",
                defaultVerificationKeyId: "string",
                keyId: "string",
                requireSignedRequests: false,
                singleLogout: {
                    enabled: false,
                    keyId: "string",
                    url: "string",
                    xmlSignatureCanonicalizationMethod: "string",
                },
                xmlSignatureCanonicalizationMethod: "string",
            },
            logoutUrl: "string",
            requiredSignedRequests: false,
            xmlSignatureCanonicalizationMethod: "string",
            xmlSignatureLocation: "string",
        },
        applicationId: "string",
        themeId: "string",
        verificationEmailTemplateId: "string",
        verificationStrategy: "string",
        verifyRegistration: false,
        name: "string",
    });
    
    type: fusionauth:FusionAuthApplication
    properties:
        accessControlConfiguration:
            uiIpAccessControlListId: string
        applicationId: string
        authenticationTokenConfigurationEnabled: false
        cleanSpeakConfiguration:
            applicationIds:
                - string
            usernameModeration:
                applicationId: string
                enabled: false
        data:
            string: string
        emailConfiguration:
            emailUpdateTemplateId: string
            emailVerificationTemplateId: string
            emailVerifiedTemplateId: string
            forgotPasswordTemplateId: string
            loginIdInUseOnCreateTemplateId: string
            loginIdInUseOnUpdateTemplateId: string
            loginNewDeviceTemplateId: string
            loginSuspiciousTemplateId: string
            passwordResetSuccessTemplateId: string
            passwordUpdateTemplateId: string
            passwordlessEmailTemplateId: string
            setPasswordEmailTemplateId: string
            twoFactorMethodAddTemplateId: string
            twoFactorMethodRemoveTemplateId: string
        formConfiguration:
            adminRegistrationFormId: string
            selfServiceFormConfiguration:
                requireCurrentPasswordOnPasswordChange: false
            selfServiceFormId: string
        jwtConfiguration:
            accessTokenId: string
            enabled: false
            idTokenKeyId: string
            refreshTokenExpirationPolicy: string
            refreshTokenSlidingWindowMaximumTtlInMinutes: 0
            refreshTokenTtlMinutes: 0
            refreshTokenUsagePolicy: string
            ttlSeconds: 0
        lambdaConfiguration:
            accessTokenPopulateId: string
            idTokenPopulateId: string
            samlv2PopulateId: string
            selfServiceRegistrationValidationId: string
            userinfoPopulateId: string
        loginConfiguration:
            allowTokenRefresh: false
            generateRefreshTokens: false
            requireAuthentication: false
        multiFactorConfiguration:
            emailTemplateId: string
            loginPolicy: string
            smsTemplateId: string
            trustPolicy: string
        name: string
        oauthConfiguration:
            authorizedOriginUrls:
                - string
            authorizedRedirectUrls:
                - string
            authorizedUrlValidationPolicy: string
            clientAuthenticationPolicy: string
            clientId: string
            clientSecret: string
            consentMode: string
            debug: false
            deviceVerificationUrl: string
            enabledGrants:
                - string
            generateRefreshTokens: false
            logoutBehavior: string
            logoutUrl: string
            proofKeyForCodeExchangePolicy: string
            providedScopePolicies:
                - address:
                    enabled: false
                    required: false
                  email:
                    enabled: false
                    required: false
                  phone:
                    enabled: false
                    required: false
                  profile:
                    enabled: false
                    required: false
            relationship: string
            requireRegistration: false
            scopeHandlingPolicy: string
            unknownScopePolicy: string
        passwordlessConfigurationEnabled: false
        registrationConfiguration:
            birthDate:
                enabled: false
                required: false
            confirmPassword: false
            enabled: false
            firstName:
                enabled: false
                required: false
            formId: string
            fullName:
                enabled: false
                required: false
            lastName:
                enabled: false
                required: false
            loginIdType: string
            middleName:
                enabled: false
                required: false
            mobilePhone:
                enabled: false
                required: false
            preferredLanguages:
                enabled: false
                required: false
            type: string
        registrationDeletePolicy:
            unverifiedEnabled: false
            unverifiedNumberOfDaysToRetain: 0
        samlv2Configuration:
            assertionEncryptionConfiguration:
                digestAlgorithm: string
                enabled: false
                encryptionAlgorithm: string
                keyLocation: string
                keyTransportAlgorithm: string
                keyTransportEncryptionKeyId: string
                maskGenerationFunction: string
            audience: string
            authorizedRedirectUrls:
                - string
            debug: false
            defaultVerificationKeyId: string
            enabled: false
            initiatedLogin:
                enabled: false
                nameIdFormat: string
            issuer: string
            keyId: string
            loginHintConfiguration:
                enabled: false
                parameterName: string
            logout:
                behavior: string
                defaultVerificationKeyId: string
                keyId: string
                requireSignedRequests: false
                singleLogout:
                    enabled: false
                    keyId: string
                    url: string
                    xmlSignatureCanonicalizationMethod: string
                xmlSignatureCanonicalizationMethod: string
            logoutUrl: string
            requiredSignedRequests: false
            xmlSignatureCanonicalizationMethod: string
            xmlSignatureLocation: string
        tenantId: string
        themeId: string
        verificationEmailTemplateId: string
        verificationStrategy: string
        verifyRegistration: false
        webauthnConfiguration:
            bootstrapWorkflowEnabled: false
            enabled: false
            reauthenticationWorkflowEnabled: false
    

    FusionAuthApplication Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The FusionAuthApplication resource accepts the following input properties:

    TenantId string
    The Id of the Tenant that this Application belongs to.
    AccessControlConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationAccessControlConfiguration
    ApplicationId string
    The Id to use for the new Application. If not specified a secure random UUID will be generated.
    AuthenticationTokenConfigurationEnabled bool
    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
    CleanSpeakConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationCleanSpeakConfiguration
    Data Dictionary<string, string>
    An object that can hold any information about the Application that should be persisted.
    EmailConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationEmailConfiguration
    FormConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationFormConfiguration
    JwtConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationJwtConfiguration
    LambdaConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationLambdaConfiguration
    LoginConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationLoginConfiguration
    MultiFactorConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationMultiFactorConfiguration
    Name string
    The name of the Application.
    OauthConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationOauthConfiguration
    PasswordlessConfigurationEnabled bool
    Determines if passwordless login is enabled for this application.
    RegistrationConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfiguration
    RegistrationDeletePolicy theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationDeletePolicy
    Samlv2Configuration theogravity.Fusionauth.Inputs.FusionAuthApplicationSamlv2Configuration
    ThemeId string
    The unique Id of the theme to be used to style the login page and other end user templates.
    VerificationEmailTemplateId string
    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
    VerificationStrategy string
    The process by which the user will verify their email address. Possible values are ClickableLink or FormField
    VerifyRegistration bool
    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
    WebauthnConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationWebauthnConfiguration
    TenantId string
    The Id of the Tenant that this Application belongs to.
    AccessControlConfiguration FusionAuthApplicationAccessControlConfigurationArgs
    ApplicationId string
    The Id to use for the new Application. If not specified a secure random UUID will be generated.
    AuthenticationTokenConfigurationEnabled bool
    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
    CleanSpeakConfiguration FusionAuthApplicationCleanSpeakConfigurationArgs
    Data map[string]string
    An object that can hold any information about the Application that should be persisted.
    EmailConfiguration FusionAuthApplicationEmailConfigurationArgs
    FormConfiguration FusionAuthApplicationFormConfigurationArgs
    JwtConfiguration FusionAuthApplicationJwtConfigurationArgs
    LambdaConfiguration FusionAuthApplicationLambdaConfigurationArgs
    LoginConfiguration FusionAuthApplicationLoginConfigurationArgs
    MultiFactorConfiguration FusionAuthApplicationMultiFactorConfigurationArgs
    Name string
    The name of the Application.
    OauthConfiguration FusionAuthApplicationOauthConfigurationArgs
    PasswordlessConfigurationEnabled bool
    Determines if passwordless login is enabled for this application.
    RegistrationConfiguration FusionAuthApplicationRegistrationConfigurationArgs
    RegistrationDeletePolicy FusionAuthApplicationRegistrationDeletePolicyArgs
    Samlv2Configuration FusionAuthApplicationSamlv2ConfigurationArgs
    ThemeId string
    The unique Id of the theme to be used to style the login page and other end user templates.
    VerificationEmailTemplateId string
    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
    VerificationStrategy string
    The process by which the user will verify their email address. Possible values are ClickableLink or FormField
    VerifyRegistration bool
    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
    WebauthnConfiguration FusionAuthApplicationWebauthnConfigurationArgs
    tenantId String
    The Id of the Tenant that this Application belongs to.
    accessControlConfiguration FusionAuthApplicationAccessControlConfiguration
    applicationId String
    The Id to use for the new Application. If not specified a secure random UUID will be generated.
    authenticationTokenConfigurationEnabled Boolean
    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
    cleanSpeakConfiguration FusionAuthApplicationCleanSpeakConfiguration
    data Map<String,String>
    An object that can hold any information about the Application that should be persisted.
    emailConfiguration FusionAuthApplicationEmailConfiguration
    formConfiguration FusionAuthApplicationFormConfiguration
    jwtConfiguration FusionAuthApplicationJwtConfiguration
    lambdaConfiguration FusionAuthApplicationLambdaConfiguration
    loginConfiguration FusionAuthApplicationLoginConfiguration
    multiFactorConfiguration FusionAuthApplicationMultiFactorConfiguration
    name String
    The name of the Application.
    oauthConfiguration FusionAuthApplicationOauthConfiguration
    passwordlessConfigurationEnabled Boolean
    Determines if passwordless login is enabled for this application.
    registrationConfiguration FusionAuthApplicationRegistrationConfiguration
    registrationDeletePolicy FusionAuthApplicationRegistrationDeletePolicy
    samlv2Configuration FusionAuthApplicationSamlv2Configuration
    themeId String
    The unique Id of the theme to be used to style the login page and other end user templates.
    verificationEmailTemplateId String
    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
    verificationStrategy String
    The process by which the user will verify their email address. Possible values are ClickableLink or FormField
    verifyRegistration Boolean
    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
    webauthnConfiguration FusionAuthApplicationWebauthnConfiguration
    tenantId string
    The Id of the Tenant that this Application belongs to.
    accessControlConfiguration FusionAuthApplicationAccessControlConfiguration
    applicationId string
    The Id to use for the new Application. If not specified a secure random UUID will be generated.
    authenticationTokenConfigurationEnabled boolean
    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
    cleanSpeakConfiguration FusionAuthApplicationCleanSpeakConfiguration
    data {[key: string]: string}
    An object that can hold any information about the Application that should be persisted.
    emailConfiguration FusionAuthApplicationEmailConfiguration
    formConfiguration FusionAuthApplicationFormConfiguration
    jwtConfiguration FusionAuthApplicationJwtConfiguration
    lambdaConfiguration FusionAuthApplicationLambdaConfiguration
    loginConfiguration FusionAuthApplicationLoginConfiguration
    multiFactorConfiguration FusionAuthApplicationMultiFactorConfiguration
    name string
    The name of the Application.
    oauthConfiguration FusionAuthApplicationOauthConfiguration
    passwordlessConfigurationEnabled boolean
    Determines if passwordless login is enabled for this application.
    registrationConfiguration FusionAuthApplicationRegistrationConfiguration
    registrationDeletePolicy FusionAuthApplicationRegistrationDeletePolicy
    samlv2Configuration FusionAuthApplicationSamlv2Configuration
    themeId string
    The unique Id of the theme to be used to style the login page and other end user templates.
    verificationEmailTemplateId string
    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
    verificationStrategy string
    The process by which the user will verify their email address. Possible values are ClickableLink or FormField
    verifyRegistration boolean
    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
    webauthnConfiguration FusionAuthApplicationWebauthnConfiguration
    tenant_id str
    The Id of the Tenant that this Application belongs to.
    access_control_configuration FusionAuthApplicationAccessControlConfigurationArgs
    application_id str
    The Id to use for the new Application. If not specified a secure random UUID will be generated.
    authentication_token_configuration_enabled bool
    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
    clean_speak_configuration FusionAuthApplicationCleanSpeakConfigurationArgs
    data Mapping[str, str]
    An object that can hold any information about the Application that should be persisted.
    email_configuration FusionAuthApplicationEmailConfigurationArgs
    form_configuration FusionAuthApplicationFormConfigurationArgs
    jwt_configuration FusionAuthApplicationJwtConfigurationArgs
    lambda_configuration FusionAuthApplicationLambdaConfigurationArgs
    login_configuration FusionAuthApplicationLoginConfigurationArgs
    multi_factor_configuration FusionAuthApplicationMultiFactorConfigurationArgs
    name str
    The name of the Application.
    oauth_configuration FusionAuthApplicationOauthConfigurationArgs
    passwordless_configuration_enabled bool
    Determines if passwordless login is enabled for this application.
    registration_configuration FusionAuthApplicationRegistrationConfigurationArgs
    registration_delete_policy FusionAuthApplicationRegistrationDeletePolicyArgs
    samlv2_configuration FusionAuthApplicationSamlv2ConfigurationArgs
    theme_id str
    The unique Id of the theme to be used to style the login page and other end user templates.
    verification_email_template_id str
    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
    verification_strategy str
    The process by which the user will verify their email address. Possible values are ClickableLink or FormField
    verify_registration bool
    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
    webauthn_configuration FusionAuthApplicationWebauthnConfigurationArgs
    tenantId String
    The Id of the Tenant that this Application belongs to.
    accessControlConfiguration Property Map
    applicationId String
    The Id to use for the new Application. If not specified a secure random UUID will be generated.
    authenticationTokenConfigurationEnabled Boolean
    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
    cleanSpeakConfiguration Property Map
    data Map<String>
    An object that can hold any information about the Application that should be persisted.
    emailConfiguration Property Map
    formConfiguration Property Map
    jwtConfiguration Property Map
    lambdaConfiguration Property Map
    loginConfiguration Property Map
    multiFactorConfiguration Property Map
    name String
    The name of the Application.
    oauthConfiguration Property Map
    passwordlessConfigurationEnabled Boolean
    Determines if passwordless login is enabled for this application.
    registrationConfiguration Property Map
    registrationDeletePolicy Property Map
    samlv2Configuration Property Map
    themeId String
    The unique Id of the theme to be used to style the login page and other end user templates.
    verificationEmailTemplateId String
    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
    verificationStrategy String
    The process by which the user will verify their email address. Possible values are ClickableLink or FormField
    verifyRegistration Boolean
    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
    webauthnConfiguration Property Map

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FusionAuthApplication resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    InsertInstant int
    The instant that the Application was added to the FusionAuth database.
    LastUpdateInstant int
    The instant that the Application was last updated in the FusionAuth database.
    Id string
    The provider-assigned unique ID for this managed resource.
    InsertInstant int
    The instant that the Application was added to the FusionAuth database.
    LastUpdateInstant int
    The instant that the Application was last updated in the FusionAuth database.
    id String
    The provider-assigned unique ID for this managed resource.
    insertInstant Integer
    The instant that the Application was added to the FusionAuth database.
    lastUpdateInstant Integer
    The instant that the Application was last updated in the FusionAuth database.
    id string
    The provider-assigned unique ID for this managed resource.
    insertInstant number
    The instant that the Application was added to the FusionAuth database.
    lastUpdateInstant number
    The instant that the Application was last updated in the FusionAuth database.
    id str
    The provider-assigned unique ID for this managed resource.
    insert_instant int
    The instant that the Application was added to the FusionAuth database.
    last_update_instant int
    The instant that the Application was last updated in the FusionAuth database.
    id String
    The provider-assigned unique ID for this managed resource.
    insertInstant Number
    The instant that the Application was added to the FusionAuth database.
    lastUpdateInstant Number
    The instant that the Application was last updated in the FusionAuth database.

    Look up Existing FusionAuthApplication Resource

    Get an existing FusionAuthApplication resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FusionAuthApplicationState, opts?: CustomResourceOptions): FusionAuthApplication
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            access_control_configuration: Optional[FusionAuthApplicationAccessControlConfigurationArgs] = None,
            application_id: Optional[str] = None,
            authentication_token_configuration_enabled: Optional[bool] = None,
            clean_speak_configuration: Optional[FusionAuthApplicationCleanSpeakConfigurationArgs] = None,
            data: Optional[Mapping[str, str]] = None,
            email_configuration: Optional[FusionAuthApplicationEmailConfigurationArgs] = None,
            form_configuration: Optional[FusionAuthApplicationFormConfigurationArgs] = None,
            insert_instant: Optional[int] = None,
            jwt_configuration: Optional[FusionAuthApplicationJwtConfigurationArgs] = None,
            lambda_configuration: Optional[FusionAuthApplicationLambdaConfigurationArgs] = None,
            last_update_instant: Optional[int] = None,
            login_configuration: Optional[FusionAuthApplicationLoginConfigurationArgs] = None,
            multi_factor_configuration: Optional[FusionAuthApplicationMultiFactorConfigurationArgs] = None,
            name: Optional[str] = None,
            oauth_configuration: Optional[FusionAuthApplicationOauthConfigurationArgs] = None,
            passwordless_configuration_enabled: Optional[bool] = None,
            registration_configuration: Optional[FusionAuthApplicationRegistrationConfigurationArgs] = None,
            registration_delete_policy: Optional[FusionAuthApplicationRegistrationDeletePolicyArgs] = None,
            samlv2_configuration: Optional[FusionAuthApplicationSamlv2ConfigurationArgs] = None,
            tenant_id: Optional[str] = None,
            theme_id: Optional[str] = None,
            verification_email_template_id: Optional[str] = None,
            verification_strategy: Optional[str] = None,
            verify_registration: Optional[bool] = None,
            webauthn_configuration: Optional[FusionAuthApplicationWebauthnConfigurationArgs] = None) -> FusionAuthApplication
    func GetFusionAuthApplication(ctx *Context, name string, id IDInput, state *FusionAuthApplicationState, opts ...ResourceOption) (*FusionAuthApplication, error)
    public static FusionAuthApplication Get(string name, Input<string> id, FusionAuthApplicationState? state, CustomResourceOptions? opts = null)
    public static FusionAuthApplication get(String name, Output<String> id, FusionAuthApplicationState state, CustomResourceOptions options)
    resources:  _:    type: fusionauth:FusionAuthApplication    get:      id: ${id}
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessControlConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationAccessControlConfiguration
    ApplicationId string
    The Id to use for the new Application. If not specified a secure random UUID will be generated.
    AuthenticationTokenConfigurationEnabled bool
    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
    CleanSpeakConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationCleanSpeakConfiguration
    Data Dictionary<string, string>
    An object that can hold any information about the Application that should be persisted.
    EmailConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationEmailConfiguration
    FormConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationFormConfiguration
    InsertInstant int
    The instant that the Application was added to the FusionAuth database.
    JwtConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationJwtConfiguration
    LambdaConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationLambdaConfiguration
    LastUpdateInstant int
    The instant that the Application was last updated in the FusionAuth database.
    LoginConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationLoginConfiguration
    MultiFactorConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationMultiFactorConfiguration
    Name string
    The name of the Application.
    OauthConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationOauthConfiguration
    PasswordlessConfigurationEnabled bool
    Determines if passwordless login is enabled for this application.
    RegistrationConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfiguration
    RegistrationDeletePolicy theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationDeletePolicy
    Samlv2Configuration theogravity.Fusionauth.Inputs.FusionAuthApplicationSamlv2Configuration
    TenantId string
    The Id of the Tenant that this Application belongs to.
    ThemeId string
    The unique Id of the theme to be used to style the login page and other end user templates.
    VerificationEmailTemplateId string
    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
    VerificationStrategy string
    The process by which the user will verify their email address. Possible values are ClickableLink or FormField
    VerifyRegistration bool
    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
    WebauthnConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationWebauthnConfiguration
    AccessControlConfiguration FusionAuthApplicationAccessControlConfigurationArgs
    ApplicationId string
    The Id to use for the new Application. If not specified a secure random UUID will be generated.
    AuthenticationTokenConfigurationEnabled bool
    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
    CleanSpeakConfiguration FusionAuthApplicationCleanSpeakConfigurationArgs
    Data map[string]string
    An object that can hold any information about the Application that should be persisted.
    EmailConfiguration FusionAuthApplicationEmailConfigurationArgs
    FormConfiguration FusionAuthApplicationFormConfigurationArgs
    InsertInstant int
    The instant that the Application was added to the FusionAuth database.
    JwtConfiguration FusionAuthApplicationJwtConfigurationArgs
    LambdaConfiguration FusionAuthApplicationLambdaConfigurationArgs
    LastUpdateInstant int
    The instant that the Application was last updated in the FusionAuth database.
    LoginConfiguration FusionAuthApplicationLoginConfigurationArgs
    MultiFactorConfiguration FusionAuthApplicationMultiFactorConfigurationArgs
    Name string
    The name of the Application.
    OauthConfiguration FusionAuthApplicationOauthConfigurationArgs
    PasswordlessConfigurationEnabled bool
    Determines if passwordless login is enabled for this application.
    RegistrationConfiguration FusionAuthApplicationRegistrationConfigurationArgs
    RegistrationDeletePolicy FusionAuthApplicationRegistrationDeletePolicyArgs
    Samlv2Configuration FusionAuthApplicationSamlv2ConfigurationArgs
    TenantId string
    The Id of the Tenant that this Application belongs to.
    ThemeId string
    The unique Id of the theme to be used to style the login page and other end user templates.
    VerificationEmailTemplateId string
    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
    VerificationStrategy string
    The process by which the user will verify their email address. Possible values are ClickableLink or FormField
    VerifyRegistration bool
    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
    WebauthnConfiguration FusionAuthApplicationWebauthnConfigurationArgs
    accessControlConfiguration FusionAuthApplicationAccessControlConfiguration
    applicationId String
    The Id to use for the new Application. If not specified a secure random UUID will be generated.
    authenticationTokenConfigurationEnabled Boolean
    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
    cleanSpeakConfiguration FusionAuthApplicationCleanSpeakConfiguration
    data Map<String,String>
    An object that can hold any information about the Application that should be persisted.
    emailConfiguration FusionAuthApplicationEmailConfiguration
    formConfiguration FusionAuthApplicationFormConfiguration
    insertInstant Integer
    The instant that the Application was added to the FusionAuth database.
    jwtConfiguration FusionAuthApplicationJwtConfiguration
    lambdaConfiguration FusionAuthApplicationLambdaConfiguration
    lastUpdateInstant Integer
    The instant that the Application was last updated in the FusionAuth database.
    loginConfiguration FusionAuthApplicationLoginConfiguration
    multiFactorConfiguration FusionAuthApplicationMultiFactorConfiguration
    name String
    The name of the Application.
    oauthConfiguration FusionAuthApplicationOauthConfiguration
    passwordlessConfigurationEnabled Boolean
    Determines if passwordless login is enabled for this application.
    registrationConfiguration FusionAuthApplicationRegistrationConfiguration
    registrationDeletePolicy FusionAuthApplicationRegistrationDeletePolicy
    samlv2Configuration FusionAuthApplicationSamlv2Configuration
    tenantId String
    The Id of the Tenant that this Application belongs to.
    themeId String
    The unique Id of the theme to be used to style the login page and other end user templates.
    verificationEmailTemplateId String
    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
    verificationStrategy String
    The process by which the user will verify their email address. Possible values are ClickableLink or FormField
    verifyRegistration Boolean
    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
    webauthnConfiguration FusionAuthApplicationWebauthnConfiguration
    accessControlConfiguration FusionAuthApplicationAccessControlConfiguration
    applicationId string
    The Id to use for the new Application. If not specified a secure random UUID will be generated.
    authenticationTokenConfigurationEnabled boolean
    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
    cleanSpeakConfiguration FusionAuthApplicationCleanSpeakConfiguration
    data {[key: string]: string}
    An object that can hold any information about the Application that should be persisted.
    emailConfiguration FusionAuthApplicationEmailConfiguration
    formConfiguration FusionAuthApplicationFormConfiguration
    insertInstant number
    The instant that the Application was added to the FusionAuth database.
    jwtConfiguration FusionAuthApplicationJwtConfiguration
    lambdaConfiguration FusionAuthApplicationLambdaConfiguration
    lastUpdateInstant number
    The instant that the Application was last updated in the FusionAuth database.
    loginConfiguration FusionAuthApplicationLoginConfiguration
    multiFactorConfiguration FusionAuthApplicationMultiFactorConfiguration
    name string
    The name of the Application.
    oauthConfiguration FusionAuthApplicationOauthConfiguration
    passwordlessConfigurationEnabled boolean
    Determines if passwordless login is enabled for this application.
    registrationConfiguration FusionAuthApplicationRegistrationConfiguration
    registrationDeletePolicy FusionAuthApplicationRegistrationDeletePolicy
    samlv2Configuration FusionAuthApplicationSamlv2Configuration
    tenantId string
    The Id of the Tenant that this Application belongs to.
    themeId string
    The unique Id of the theme to be used to style the login page and other end user templates.
    verificationEmailTemplateId string
    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
    verificationStrategy string
    The process by which the user will verify their email address. Possible values are ClickableLink or FormField
    verifyRegistration boolean
    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
    webauthnConfiguration FusionAuthApplicationWebauthnConfiguration
    access_control_configuration FusionAuthApplicationAccessControlConfigurationArgs
    application_id str
    The Id to use for the new Application. If not specified a secure random UUID will be generated.
    authentication_token_configuration_enabled bool
    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
    clean_speak_configuration FusionAuthApplicationCleanSpeakConfigurationArgs
    data Mapping[str, str]
    An object that can hold any information about the Application that should be persisted.
    email_configuration FusionAuthApplicationEmailConfigurationArgs
    form_configuration FusionAuthApplicationFormConfigurationArgs
    insert_instant int
    The instant that the Application was added to the FusionAuth database.
    jwt_configuration FusionAuthApplicationJwtConfigurationArgs
    lambda_configuration FusionAuthApplicationLambdaConfigurationArgs
    last_update_instant int
    The instant that the Application was last updated in the FusionAuth database.
    login_configuration FusionAuthApplicationLoginConfigurationArgs
    multi_factor_configuration FusionAuthApplicationMultiFactorConfigurationArgs
    name str
    The name of the Application.
    oauth_configuration FusionAuthApplicationOauthConfigurationArgs
    passwordless_configuration_enabled bool
    Determines if passwordless login is enabled for this application.
    registration_configuration FusionAuthApplicationRegistrationConfigurationArgs
    registration_delete_policy FusionAuthApplicationRegistrationDeletePolicyArgs
    samlv2_configuration FusionAuthApplicationSamlv2ConfigurationArgs
    tenant_id str
    The Id of the Tenant that this Application belongs to.
    theme_id str
    The unique Id of the theme to be used to style the login page and other end user templates.
    verification_email_template_id str
    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
    verification_strategy str
    The process by which the user will verify their email address. Possible values are ClickableLink or FormField
    verify_registration bool
    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
    webauthn_configuration FusionAuthApplicationWebauthnConfigurationArgs
    accessControlConfiguration Property Map
    applicationId String
    The Id to use for the new Application. If not specified a secure random UUID will be generated.
    authenticationTokenConfigurationEnabled Boolean
    Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
    cleanSpeakConfiguration Property Map
    data Map<String>
    An object that can hold any information about the Application that should be persisted.
    emailConfiguration Property Map
    formConfiguration Property Map
    insertInstant Number
    The instant that the Application was added to the FusionAuth database.
    jwtConfiguration Property Map
    lambdaConfiguration Property Map
    lastUpdateInstant Number
    The instant that the Application was last updated in the FusionAuth database.
    loginConfiguration Property Map
    multiFactorConfiguration Property Map
    name String
    The name of the Application.
    oauthConfiguration Property Map
    passwordlessConfigurationEnabled Boolean
    Determines if passwordless login is enabled for this application.
    registrationConfiguration Property Map
    registrationDeletePolicy Property Map
    samlv2Configuration Property Map
    tenantId String
    The Id of the Tenant that this Application belongs to.
    themeId String
    The unique Id of the theme to be used to style the login page and other end user templates.
    verificationEmailTemplateId String
    The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
    verificationStrategy String
    The process by which the user will verify their email address. Possible values are ClickableLink or FormField
    verifyRegistration Boolean
    Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
    webauthnConfiguration Property Map

    Supporting Types

    FusionAuthApplicationAccessControlConfiguration, FusionAuthApplicationAccessControlConfigurationArgs

    UiIpAccessControlListId string
    The Id of the IP Access Control List limiting access to this application.
    UiIpAccessControlListId string
    The Id of the IP Access Control List limiting access to this application.
    uiIpAccessControlListId String
    The Id of the IP Access Control List limiting access to this application.
    uiIpAccessControlListId string
    The Id of the IP Access Control List limiting access to this application.
    ui_ip_access_control_list_id str
    The Id of the IP Access Control List limiting access to this application.
    uiIpAccessControlListId String
    The Id of the IP Access Control List limiting access to this application.

    FusionAuthApplicationCleanSpeakConfiguration, FusionAuthApplicationCleanSpeakConfigurationArgs

    ApplicationIds List<string>
    An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
    UsernameModeration theogravity.Fusionauth.Inputs.FusionAuthApplicationCleanSpeakConfigurationUsernameModeration
    ApplicationIds []string
    An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
    UsernameModeration FusionAuthApplicationCleanSpeakConfigurationUsernameModeration
    applicationIds List<String>
    An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
    usernameModeration FusionAuthApplicationCleanSpeakConfigurationUsernameModeration
    applicationIds string[]
    An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
    usernameModeration FusionAuthApplicationCleanSpeakConfigurationUsernameModeration
    application_ids Sequence[str]
    An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
    username_moderation FusionAuthApplicationCleanSpeakConfigurationUsernameModeration
    applicationIds List<String>
    An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
    usernameModeration Property Map

    FusionAuthApplicationCleanSpeakConfigurationUsernameModeration, FusionAuthApplicationCleanSpeakConfigurationUsernameModerationArgs

    ApplicationId string
    The Id of the CleanSpeak application that usernames are sent to for moderation.
    Enabled bool
    True if CleanSpeak username moderation is enabled.
    ApplicationId string
    The Id of the CleanSpeak application that usernames are sent to for moderation.
    Enabled bool
    True if CleanSpeak username moderation is enabled.
    applicationId String
    The Id of the CleanSpeak application that usernames are sent to for moderation.
    enabled Boolean
    True if CleanSpeak username moderation is enabled.
    applicationId string
    The Id of the CleanSpeak application that usernames are sent to for moderation.
    enabled boolean
    True if CleanSpeak username moderation is enabled.
    application_id str
    The Id of the CleanSpeak application that usernames are sent to for moderation.
    enabled bool
    True if CleanSpeak username moderation is enabled.
    applicationId String
    The Id of the CleanSpeak application that usernames are sent to for moderation.
    enabled Boolean
    True if CleanSpeak username moderation is enabled.

    FusionAuthApplicationEmailConfiguration, FusionAuthApplicationEmailConfigurationArgs

    EmailUpdateTemplateId string
    The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    EmailVerificationTemplateId string
    The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    EmailVerifiedTemplateId string
    The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    ForgotPasswordTemplateId string
    The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    LoginIdInUseOnCreateTemplateId string
    The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    LoginIdInUseOnUpdateTemplateId string
    The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    LoginNewDeviceTemplateId string
    The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    LoginSuspiciousTemplateId string
    The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    PasswordResetSuccessTemplateId string
    The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    PasswordUpdateTemplateId string
    The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    PasswordlessEmailTemplateId string
    The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    SetPasswordEmailTemplateId string
    The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    TwoFactorMethodAddTemplateId string
    The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    TwoFactorMethodRemoveTemplateId string
    The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    EmailUpdateTemplateId string
    The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    EmailVerificationTemplateId string
    The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    EmailVerifiedTemplateId string
    The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    ForgotPasswordTemplateId string
    The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    LoginIdInUseOnCreateTemplateId string
    The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    LoginIdInUseOnUpdateTemplateId string
    The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    LoginNewDeviceTemplateId string
    The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    LoginSuspiciousTemplateId string
    The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    PasswordResetSuccessTemplateId string
    The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    PasswordUpdateTemplateId string
    The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    PasswordlessEmailTemplateId string
    The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    SetPasswordEmailTemplateId string
    The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    TwoFactorMethodAddTemplateId string
    The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    TwoFactorMethodRemoveTemplateId string
    The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    emailUpdateTemplateId String
    The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    emailVerificationTemplateId String
    The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    emailVerifiedTemplateId String
    The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    forgotPasswordTemplateId String
    The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    loginIdInUseOnCreateTemplateId String
    The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    loginIdInUseOnUpdateTemplateId String
    The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    loginNewDeviceTemplateId String
    The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    loginSuspiciousTemplateId String
    The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    passwordResetSuccessTemplateId String
    The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    passwordUpdateTemplateId String
    The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    passwordlessEmailTemplateId String
    The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    setPasswordEmailTemplateId String
    The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    twoFactorMethodAddTemplateId String
    The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    twoFactorMethodRemoveTemplateId String
    The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    emailUpdateTemplateId string
    The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    emailVerificationTemplateId string
    The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    emailVerifiedTemplateId string
    The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    forgotPasswordTemplateId string
    The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    loginIdInUseOnCreateTemplateId string
    The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    loginIdInUseOnUpdateTemplateId string
    The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    loginNewDeviceTemplateId string
    The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    loginSuspiciousTemplateId string
    The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    passwordResetSuccessTemplateId string
    The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    passwordUpdateTemplateId string
    The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    passwordlessEmailTemplateId string
    The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    setPasswordEmailTemplateId string
    The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    twoFactorMethodAddTemplateId string
    The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    twoFactorMethodRemoveTemplateId string
    The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    email_update_template_id str
    The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    email_verification_template_id str
    The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    email_verified_template_id str
    The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    forgot_password_template_id str
    The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    login_id_in_use_on_create_template_id str
    The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    login_id_in_use_on_update_template_id str
    The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    login_new_device_template_id str
    The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    login_suspicious_template_id str
    The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    password_reset_success_template_id str
    The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    password_update_template_id str
    The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    passwordless_email_template_id str
    The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    set_password_email_template_id str
    The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    two_factor_method_add_template_id str
    The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    two_factor_method_remove_template_id str
    The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    emailUpdateTemplateId String
    The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    emailVerificationTemplateId String
    The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    emailVerifiedTemplateId String
    The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    forgotPasswordTemplateId String
    The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    loginIdInUseOnCreateTemplateId String
    The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    loginIdInUseOnUpdateTemplateId String
    The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    loginNewDeviceTemplateId String
    The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    loginSuspiciousTemplateId String
    The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    passwordResetSuccessTemplateId String
    The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    passwordUpdateTemplateId String
    The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    passwordlessEmailTemplateId String
    The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    setPasswordEmailTemplateId String
    The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    twoFactorMethodAddTemplateId String
    The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
    twoFactorMethodRemoveTemplateId String
    The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.

    FusionAuthApplicationFormConfiguration, FusionAuthApplicationFormConfigurationArgs

    AdminRegistrationFormId string
    The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
    SelfServiceFormConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationFormConfigurationSelfServiceFormConfiguration
    SelfServiceFormId string
    The unique Id of the form to to enable authenticated users to manage their profile on the account page.
    AdminRegistrationFormId string
    The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
    SelfServiceFormConfiguration FusionAuthApplicationFormConfigurationSelfServiceFormConfiguration
    SelfServiceFormId string
    The unique Id of the form to to enable authenticated users to manage their profile on the account page.
    adminRegistrationFormId String
    The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
    selfServiceFormConfiguration FusionAuthApplicationFormConfigurationSelfServiceFormConfiguration
    selfServiceFormId String
    The unique Id of the form to to enable authenticated users to manage their profile on the account page.
    adminRegistrationFormId string
    The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
    selfServiceFormConfiguration FusionAuthApplicationFormConfigurationSelfServiceFormConfiguration
    selfServiceFormId string
    The unique Id of the form to to enable authenticated users to manage their profile on the account page.
    admin_registration_form_id str
    The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
    self_service_form_configuration FusionAuthApplicationFormConfigurationSelfServiceFormConfiguration
    self_service_form_id str
    The unique Id of the form to to enable authenticated users to manage their profile on the account page.
    adminRegistrationFormId String
    The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
    selfServiceFormConfiguration Property Map
    selfServiceFormId String
    The unique Id of the form to to enable authenticated users to manage their profile on the account page.

    FusionAuthApplicationFormConfigurationSelfServiceFormConfiguration, FusionAuthApplicationFormConfigurationSelfServiceFormConfigurationArgs

    RequireCurrentPasswordOnPasswordChange bool
    When enabled a user will be required to provide their current password when changing their password on a self-service account form.
    RequireCurrentPasswordOnPasswordChange bool
    When enabled a user will be required to provide their current password when changing their password on a self-service account form.
    requireCurrentPasswordOnPasswordChange Boolean
    When enabled a user will be required to provide their current password when changing their password on a self-service account form.
    requireCurrentPasswordOnPasswordChange boolean
    When enabled a user will be required to provide their current password when changing their password on a self-service account form.
    require_current_password_on_password_change bool
    When enabled a user will be required to provide their current password when changing their password on a self-service account form.
    requireCurrentPasswordOnPasswordChange Boolean
    When enabled a user will be required to provide their current password when changing their password on a self-service account form.

    FusionAuthApplicationJwtConfiguration, FusionAuthApplicationJwtConfigurationArgs

    AccessTokenId string
    The Id of the signing key used to sign the access token.
    Enabled bool
    Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
    IdTokenKeyId string
    The Id of the signing key used to sign the Id token.
    RefreshTokenExpirationPolicy string
    The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until refresh_token_sliding_window_maximum_ttl_in_minutes is reached.
    RefreshTokenSlidingWindowMaximumTtlInMinutes int
    The maximum lifetime of a refresh token when using a refresh token expiration policy of SlidingWindowWithMaximumLifetime. Value must be greater than 0.
    RefreshTokenTtlMinutes int
    The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
    RefreshTokenUsagePolicy string
    The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
    TtlSeconds int
    The length of time in seconds the JWT will live before it is expired and no longer valid.
    AccessTokenId string
    The Id of the signing key used to sign the access token.
    Enabled bool
    Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
    IdTokenKeyId string
    The Id of the signing key used to sign the Id token.
    RefreshTokenExpirationPolicy string
    The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until refresh_token_sliding_window_maximum_ttl_in_minutes is reached.
    RefreshTokenSlidingWindowMaximumTtlInMinutes int
    The maximum lifetime of a refresh token when using a refresh token expiration policy of SlidingWindowWithMaximumLifetime. Value must be greater than 0.
    RefreshTokenTtlMinutes int
    The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
    RefreshTokenUsagePolicy string
    The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
    TtlSeconds int
    The length of time in seconds the JWT will live before it is expired and no longer valid.
    accessTokenId String
    The Id of the signing key used to sign the access token.
    enabled Boolean
    Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
    idTokenKeyId String
    The Id of the signing key used to sign the Id token.
    refreshTokenExpirationPolicy String
    The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until refresh_token_sliding_window_maximum_ttl_in_minutes is reached.
    refreshTokenSlidingWindowMaximumTtlInMinutes Integer
    The maximum lifetime of a refresh token when using a refresh token expiration policy of SlidingWindowWithMaximumLifetime. Value must be greater than 0.
    refreshTokenTtlMinutes Integer
    The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
    refreshTokenUsagePolicy String
    The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
    ttlSeconds Integer
    The length of time in seconds the JWT will live before it is expired and no longer valid.
    accessTokenId string
    The Id of the signing key used to sign the access token.
    enabled boolean
    Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
    idTokenKeyId string
    The Id of the signing key used to sign the Id token.
    refreshTokenExpirationPolicy string
    The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until refresh_token_sliding_window_maximum_ttl_in_minutes is reached.
    refreshTokenSlidingWindowMaximumTtlInMinutes number
    The maximum lifetime of a refresh token when using a refresh token expiration policy of SlidingWindowWithMaximumLifetime. Value must be greater than 0.
    refreshTokenTtlMinutes number
    The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
    refreshTokenUsagePolicy string
    The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
    ttlSeconds number
    The length of time in seconds the JWT will live before it is expired and no longer valid.
    access_token_id str
    The Id of the signing key used to sign the access token.
    enabled bool
    Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
    id_token_key_id str
    The Id of the signing key used to sign the Id token.
    refresh_token_expiration_policy str
    The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until refresh_token_sliding_window_maximum_ttl_in_minutes is reached.
    refresh_token_sliding_window_maximum_ttl_in_minutes int
    The maximum lifetime of a refresh token when using a refresh token expiration policy of SlidingWindowWithMaximumLifetime. Value must be greater than 0.
    refresh_token_ttl_minutes int
    The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
    refresh_token_usage_policy str
    The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
    ttl_seconds int
    The length of time in seconds the JWT will live before it is expired and no longer valid.
    accessTokenId String
    The Id of the signing key used to sign the access token.
    enabled Boolean
    Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
    idTokenKeyId String
    The Id of the signing key used to sign the Id token.
    refreshTokenExpirationPolicy String
    The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until refresh_token_sliding_window_maximum_ttl_in_minutes is reached.
    refreshTokenSlidingWindowMaximumTtlInMinutes Number
    The maximum lifetime of a refresh token when using a refresh token expiration policy of SlidingWindowWithMaximumLifetime. Value must be greater than 0.
    refreshTokenTtlMinutes Number
    The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
    refreshTokenUsagePolicy String
    The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
    ttlSeconds Number
    The length of time in seconds the JWT will live before it is expired and no longer valid.

    FusionAuthApplicationLambdaConfiguration, FusionAuthApplicationLambdaConfigurationArgs

    AccessTokenPopulateId string
    The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
    IdTokenPopulateId string
    The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
    Samlv2PopulateId string
    The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
    SelfServiceRegistrationValidationId string
    The unique Id of the lambda that will be used to perform additional validation on registration form steps.
    UserinfoPopulateId string
    The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
    AccessTokenPopulateId string
    The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
    IdTokenPopulateId string
    The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
    Samlv2PopulateId string
    The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
    SelfServiceRegistrationValidationId string
    The unique Id of the lambda that will be used to perform additional validation on registration form steps.
    UserinfoPopulateId string
    The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
    accessTokenPopulateId String
    The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
    idTokenPopulateId String
    The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
    samlv2PopulateId String
    The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
    selfServiceRegistrationValidationId String
    The unique Id of the lambda that will be used to perform additional validation on registration form steps.
    userinfoPopulateId String
    The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
    accessTokenPopulateId string
    The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
    idTokenPopulateId string
    The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
    samlv2PopulateId string
    The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
    selfServiceRegistrationValidationId string
    The unique Id of the lambda that will be used to perform additional validation on registration form steps.
    userinfoPopulateId string
    The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
    access_token_populate_id str
    The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
    id_token_populate_id str
    The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
    samlv2_populate_id str
    The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
    self_service_registration_validation_id str
    The unique Id of the lambda that will be used to perform additional validation on registration form steps.
    userinfo_populate_id str
    The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
    accessTokenPopulateId String
    The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
    idTokenPopulateId String
    The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
    samlv2PopulateId String
    The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
    selfServiceRegistrationValidationId String
    The unique Id of the lambda that will be used to perform additional validation on registration form steps.
    userinfoPopulateId String
    The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.

    FusionAuthApplicationLoginConfiguration, FusionAuthApplicationLoginConfigurationArgs

    AllowTokenRefresh bool
    Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
    GenerateRefreshTokens bool
    Indicates if a Refresh Token should be issued from the Login API
    RequireAuthentication bool
    Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
    AllowTokenRefresh bool
    Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
    GenerateRefreshTokens bool
    Indicates if a Refresh Token should be issued from the Login API
    RequireAuthentication bool
    Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
    allowTokenRefresh Boolean
    Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
    generateRefreshTokens Boolean
    Indicates if a Refresh Token should be issued from the Login API
    requireAuthentication Boolean
    Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
    allowTokenRefresh boolean
    Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
    generateRefreshTokens boolean
    Indicates if a Refresh Token should be issued from the Login API
    requireAuthentication boolean
    Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
    allow_token_refresh bool
    Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
    generate_refresh_tokens bool
    Indicates if a Refresh Token should be issued from the Login API
    require_authentication bool
    Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
    allowTokenRefresh Boolean
    Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
    generateRefreshTokens Boolean
    Indicates if a Refresh Token should be issued from the Login API
    requireAuthentication Boolean
    Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.

    FusionAuthApplicationMultiFactorConfiguration, FusionAuthApplicationMultiFactorConfigurationArgs

    EmailTemplateId string
    The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
    LoginPolicy string
    When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are Enabled, Disabled or Required.
    SmsTemplateId string
    The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
    TrustPolicy string
    When multi_factor_configuration.login_policy is set to Enabled, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values are Any, This or None.
    EmailTemplateId string
    The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
    LoginPolicy string
    When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are Enabled, Disabled or Required.
    SmsTemplateId string
    The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
    TrustPolicy string
    When multi_factor_configuration.login_policy is set to Enabled, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values are Any, This or None.
    emailTemplateId String
    The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
    loginPolicy String
    When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are Enabled, Disabled or Required.
    smsTemplateId String
    The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
    trustPolicy String
    When multi_factor_configuration.login_policy is set to Enabled, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values are Any, This or None.
    emailTemplateId string
    The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
    loginPolicy string
    When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are Enabled, Disabled or Required.
    smsTemplateId string
    The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
    trustPolicy string
    When multi_factor_configuration.login_policy is set to Enabled, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values are Any, This or None.
    email_template_id str
    The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
    login_policy str
    When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are Enabled, Disabled or Required.
    sms_template_id str
    The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
    trust_policy str
    When multi_factor_configuration.login_policy is set to Enabled, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values are Any, This or None.
    emailTemplateId String
    The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
    loginPolicy String
    When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are Enabled, Disabled or Required.
    smsTemplateId String
    The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
    trustPolicy String
    When multi_factor_configuration.login_policy is set to Enabled, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values are Any, This or None.

    FusionAuthApplicationOauthConfiguration, FusionAuthApplicationOauthConfigurationArgs

    ScopeHandlingPolicy string
    Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:

    • Compatibility - OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.
    • Strict - OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
    UnknownScopePolicy string
    Controls the policy for handling unknown scopes on an OAuth request. The possible values are:

    • Allow - Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.
    • Remove - Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.
    • Reject - Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
    AuthorizedOriginUrls List<string>
    An array of URLs that are the authorized origins for FusionAuth OAuth.
    AuthorizedRedirectUrls List<string>
    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
    AuthorizedUrlValidationPolicy string
    Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
    ClientAuthenticationPolicy string
    Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
    ClientId string
    The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
    ClientSecret string
    The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
    ConsentMode string
    Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when application.oauthConfiguration.relationship is ThirdParty. The possible values are:

    • AlwaysPrompt - Always prompt the user for consent.
    • RememberDecision - Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’s externalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds value.
    • NeverPrompt - The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were a FirstParty application. This configuration is meant for testing purposes only and should not be used in production.
    Debug bool
    Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
    DeviceVerificationUrl string
    The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
    EnabledGrants List<string>
    The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
    GenerateRefreshTokens bool
    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
    LogoutBehavior string
    Behavior when /oauth2/logout is called.
    LogoutUrl string
    The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
    ProofKeyForCodeExchangePolicy string
    Determines the PKCE requirements when using the authorization code grant.
    ProvidedScopePolicies List<theogravity.Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicy>
    Configures which of the default scopes are enabled and required.
    Relationship string
    The application’s relationship to the OAuth server. The possible values are:

    • FirstParty - The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.
    • ThirdParty - The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’s oauthConfiguration.consentMode value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
    RequireClientAuthentication bool
    Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.

    Deprecated: In version 1.28.0 and beyond, client authentication can be managed via oauth_configuration.client_authentication_policy.

    RequireRegistration bool
    When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
    ScopeHandlingPolicy string
    Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:

    • Compatibility - OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.
    • Strict - OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
    UnknownScopePolicy string
    Controls the policy for handling unknown scopes on an OAuth request. The possible values are:

    • Allow - Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.
    • Remove - Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.
    • Reject - Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
    AuthorizedOriginUrls []string
    An array of URLs that are the authorized origins for FusionAuth OAuth.
    AuthorizedRedirectUrls []string
    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
    AuthorizedUrlValidationPolicy string
    Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
    ClientAuthenticationPolicy string
    Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
    ClientId string
    The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
    ClientSecret string
    The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
    ConsentMode string
    Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when application.oauthConfiguration.relationship is ThirdParty. The possible values are:

    • AlwaysPrompt - Always prompt the user for consent.
    • RememberDecision - Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’s externalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds value.
    • NeverPrompt - The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were a FirstParty application. This configuration is meant for testing purposes only and should not be used in production.
    Debug bool
    Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
    DeviceVerificationUrl string
    The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
    EnabledGrants []string
    The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
    GenerateRefreshTokens bool
    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
    LogoutBehavior string
    Behavior when /oauth2/logout is called.
    LogoutUrl string
    The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
    ProofKeyForCodeExchangePolicy string
    Determines the PKCE requirements when using the authorization code grant.
    ProvidedScopePolicies []FusionAuthApplicationOauthConfigurationProvidedScopePolicy
    Configures which of the default scopes are enabled and required.
    Relationship string
    The application’s relationship to the OAuth server. The possible values are:

    • FirstParty - The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.
    • ThirdParty - The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’s oauthConfiguration.consentMode value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
    RequireClientAuthentication bool
    Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.

    Deprecated: In version 1.28.0 and beyond, client authentication can be managed via oauth_configuration.client_authentication_policy.

    RequireRegistration bool
    When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
    scopeHandlingPolicy String
    Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:

    • Compatibility - OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.
    • Strict - OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
    unknownScopePolicy String
    Controls the policy for handling unknown scopes on an OAuth request. The possible values are:

    • Allow - Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.
    • Remove - Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.
    • Reject - Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
    authorizedOriginUrls List<String>
    An array of URLs that are the authorized origins for FusionAuth OAuth.
    authorizedRedirectUrls List<String>
    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
    authorizedUrlValidationPolicy String
    Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
    clientAuthenticationPolicy String
    Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
    clientId String
    The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
    clientSecret String
    The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
    consentMode String
    Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when application.oauthConfiguration.relationship is ThirdParty. The possible values are:

    • AlwaysPrompt - Always prompt the user for consent.
    • RememberDecision - Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’s externalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds value.
    • NeverPrompt - The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were a FirstParty application. This configuration is meant for testing purposes only and should not be used in production.
    debug Boolean
    Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
    deviceVerificationUrl String
    The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
    enabledGrants List<String>
    The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
    generateRefreshTokens Boolean
    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
    logoutBehavior String
    Behavior when /oauth2/logout is called.
    logoutUrl String
    The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
    proofKeyForCodeExchangePolicy String
    Determines the PKCE requirements when using the authorization code grant.
    providedScopePolicies List<FusionAuthApplicationOauthConfigurationProvidedScopePolicy>
    Configures which of the default scopes are enabled and required.
    relationship String
    The application’s relationship to the OAuth server. The possible values are:

    • FirstParty - The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.
    • ThirdParty - The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’s oauthConfiguration.consentMode value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
    requireClientAuthentication Boolean
    Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.

    Deprecated: In version 1.28.0 and beyond, client authentication can be managed via oauth_configuration.client_authentication_policy.

    requireRegistration Boolean
    When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
    scopeHandlingPolicy string
    Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:

    • Compatibility - OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.
    • Strict - OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
    unknownScopePolicy string
    Controls the policy for handling unknown scopes on an OAuth request. The possible values are:

    • Allow - Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.
    • Remove - Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.
    • Reject - Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
    authorizedOriginUrls string[]
    An array of URLs that are the authorized origins for FusionAuth OAuth.
    authorizedRedirectUrls string[]
    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
    authorizedUrlValidationPolicy string
    Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
    clientAuthenticationPolicy string
    Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
    clientId string
    The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
    clientSecret string
    The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
    consentMode string
    Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when application.oauthConfiguration.relationship is ThirdParty. The possible values are:

    • AlwaysPrompt - Always prompt the user for consent.
    • RememberDecision - Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’s externalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds value.
    • NeverPrompt - The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were a FirstParty application. This configuration is meant for testing purposes only and should not be used in production.
    debug boolean
    Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
    deviceVerificationUrl string
    The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
    enabledGrants string[]
    The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
    generateRefreshTokens boolean
    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
    logoutBehavior string
    Behavior when /oauth2/logout is called.
    logoutUrl string
    The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
    proofKeyForCodeExchangePolicy string
    Determines the PKCE requirements when using the authorization code grant.
    providedScopePolicies FusionAuthApplicationOauthConfigurationProvidedScopePolicy[]
    Configures which of the default scopes are enabled and required.
    relationship string
    The application’s relationship to the OAuth server. The possible values are:

    • FirstParty - The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.
    • ThirdParty - The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’s oauthConfiguration.consentMode value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
    requireClientAuthentication boolean
    Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.

    Deprecated: In version 1.28.0 and beyond, client authentication can be managed via oauth_configuration.client_authentication_policy.

    requireRegistration boolean
    When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
    scope_handling_policy str
    Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:

    • Compatibility - OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.
    • Strict - OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
    unknown_scope_policy str
    Controls the policy for handling unknown scopes on an OAuth request. The possible values are:

    • Allow - Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.
    • Remove - Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.
    • Reject - Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
    authorized_origin_urls Sequence[str]
    An array of URLs that are the authorized origins for FusionAuth OAuth.
    authorized_redirect_urls Sequence[str]
    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
    authorized_url_validation_policy str
    Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
    client_authentication_policy str
    Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
    client_id str
    The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
    client_secret str
    The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
    consent_mode str
    Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when application.oauthConfiguration.relationship is ThirdParty. The possible values are:

    • AlwaysPrompt - Always prompt the user for consent.
    • RememberDecision - Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’s externalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds value.
    • NeverPrompt - The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were a FirstParty application. This configuration is meant for testing purposes only and should not be used in production.
    debug bool
    Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
    device_verification_url str
    The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
    enabled_grants Sequence[str]
    The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
    generate_refresh_tokens bool
    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
    logout_behavior str
    Behavior when /oauth2/logout is called.
    logout_url str
    The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
    proof_key_for_code_exchange_policy str
    Determines the PKCE requirements when using the authorization code grant.
    provided_scope_policies Sequence[FusionAuthApplicationOauthConfigurationProvidedScopePolicy]
    Configures which of the default scopes are enabled and required.
    relationship str
    The application’s relationship to the OAuth server. The possible values are:

    • FirstParty - The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.
    • ThirdParty - The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’s oauthConfiguration.consentMode value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
    require_client_authentication bool
    Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.

    Deprecated: In version 1.28.0 and beyond, client authentication can be managed via oauth_configuration.client_authentication_policy.

    require_registration bool
    When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
    scopeHandlingPolicy String
    Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:

    • Compatibility - OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.
    • Strict - OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
    unknownScopePolicy String
    Controls the policy for handling unknown scopes on an OAuth request. The possible values are:

    • Allow - Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.
    • Remove - Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.
    • Reject - Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
    authorizedOriginUrls List<String>
    An array of URLs that are the authorized origins for FusionAuth OAuth.
    authorizedRedirectUrls List<String>
    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
    authorizedUrlValidationPolicy String
    Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
    clientAuthenticationPolicy String
    Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
    clientId String
    The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
    clientSecret String
    The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
    consentMode String
    Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when application.oauthConfiguration.relationship is ThirdParty. The possible values are:

    • AlwaysPrompt - Always prompt the user for consent.
    • RememberDecision - Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’s externalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds value.
    • NeverPrompt - The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were a FirstParty application. This configuration is meant for testing purposes only and should not be used in production.
    debug Boolean
    Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
    deviceVerificationUrl String
    The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
    enabledGrants List<String>
    The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
    generateRefreshTokens Boolean
    Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
    logoutBehavior String
    Behavior when /oauth2/logout is called.
    logoutUrl String
    The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
    proofKeyForCodeExchangePolicy String
    Determines the PKCE requirements when using the authorization code grant.
    providedScopePolicies List<Property Map>
    Configures which of the default scopes are enabled and required.
    relationship String
    The application’s relationship to the OAuth server. The possible values are:

    • FirstParty - The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.
    • ThirdParty - The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’s oauthConfiguration.consentMode value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
    requireClientAuthentication Boolean
    Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.

    Deprecated: In version 1.28.0 and beyond, client authentication can be managed via oauth_configuration.client_authentication_policy.

    requireRegistration Boolean
    When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.

    FusionAuthApplicationOauthConfigurationProvidedScopePolicy, FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs

    FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddress, FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs

    Enabled bool
    Required bool
    Enabled bool
    Required bool
    enabled Boolean
    required Boolean
    enabled boolean
    required boolean
    enabled bool
    required bool
    enabled Boolean
    required Boolean

    FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmail, FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs

    Enabled bool
    Required bool
    Enabled bool
    Required bool
    enabled Boolean
    required Boolean
    enabled boolean
    required boolean
    enabled bool
    required bool
    enabled Boolean
    required Boolean

    FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhone, FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs

    Enabled bool
    Required bool
    Enabled bool
    Required bool
    enabled Boolean
    required Boolean
    enabled boolean
    required boolean
    enabled bool
    required bool
    enabled Boolean
    required Boolean

    FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfile, FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs

    Enabled bool
    Required bool
    Enabled bool
    Required bool
    enabled Boolean
    required Boolean
    enabled boolean
    required boolean
    enabled bool
    required bool
    enabled Boolean
    required Boolean

    FusionAuthApplicationRegistrationConfiguration, FusionAuthApplicationRegistrationConfigurationArgs

    BirthDate theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationBirthDate
    ConfirmPassword bool
    Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
    Enabled bool
    Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
    FirstName theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFirstName
    FormId string
    The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
    FullName theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFullName
    LastName theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationLastName
    LoginIdType string
    The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
    MiddleName theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMiddleName
    MobilePhone theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMobilePhone
    PreferredLanguages theogravity.Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationPreferredLanguages
    Type string
    The type of registration flow.
    BirthDate FusionAuthApplicationRegistrationConfigurationBirthDate
    ConfirmPassword bool
    Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
    Enabled bool
    Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
    FirstName FusionAuthApplicationRegistrationConfigurationFirstName
    FormId string
    The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
    FullName FusionAuthApplicationRegistrationConfigurationFullName
    LastName FusionAuthApplicationRegistrationConfigurationLastName
    LoginIdType string
    The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
    MiddleName FusionAuthApplicationRegistrationConfigurationMiddleName
    MobilePhone FusionAuthApplicationRegistrationConfigurationMobilePhone
    PreferredLanguages FusionAuthApplicationRegistrationConfigurationPreferredLanguages
    Type string
    The type of registration flow.
    birthDate FusionAuthApplicationRegistrationConfigurationBirthDate
    confirmPassword Boolean
    Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
    enabled Boolean
    Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
    firstName FusionAuthApplicationRegistrationConfigurationFirstName
    formId String
    The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
    fullName FusionAuthApplicationRegistrationConfigurationFullName
    lastName FusionAuthApplicationRegistrationConfigurationLastName
    loginIdType String
    The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
    middleName FusionAuthApplicationRegistrationConfigurationMiddleName
    mobilePhone FusionAuthApplicationRegistrationConfigurationMobilePhone
    preferredLanguages FusionAuthApplicationRegistrationConfigurationPreferredLanguages
    type String
    The type of registration flow.
    birthDate FusionAuthApplicationRegistrationConfigurationBirthDate
    confirmPassword boolean
    Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
    enabled boolean
    Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
    firstName FusionAuthApplicationRegistrationConfigurationFirstName
    formId string
    The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
    fullName FusionAuthApplicationRegistrationConfigurationFullName
    lastName FusionAuthApplicationRegistrationConfigurationLastName
    loginIdType string
    The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
    middleName FusionAuthApplicationRegistrationConfigurationMiddleName
    mobilePhone FusionAuthApplicationRegistrationConfigurationMobilePhone
    preferredLanguages FusionAuthApplicationRegistrationConfigurationPreferredLanguages
    type string
    The type of registration flow.
    birth_date FusionAuthApplicationRegistrationConfigurationBirthDate
    confirm_password bool
    Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
    enabled bool
    Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
    first_name FusionAuthApplicationRegistrationConfigurationFirstName
    form_id str
    The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
    full_name FusionAuthApplicationRegistrationConfigurationFullName
    last_name FusionAuthApplicationRegistrationConfigurationLastName
    login_id_type str
    The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
    middle_name FusionAuthApplicationRegistrationConfigurationMiddleName
    mobile_phone FusionAuthApplicationRegistrationConfigurationMobilePhone
    preferred_languages FusionAuthApplicationRegistrationConfigurationPreferredLanguages
    type str
    The type of registration flow.
    birthDate Property Map
    confirmPassword Boolean
    Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
    enabled Boolean
    Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
    firstName Property Map
    formId String
    The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
    fullName Property Map
    lastName Property Map
    loginIdType String
    The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
    middleName Property Map
    mobilePhone Property Map
    preferredLanguages Property Map
    type String
    The type of registration flow.

    FusionAuthApplicationRegistrationConfigurationBirthDate, FusionAuthApplicationRegistrationConfigurationBirthDateArgs

    Enabled bool
    Required bool
    Enabled bool
    Required bool
    enabled Boolean
    required Boolean
    enabled boolean
    required boolean
    enabled bool
    required bool
    enabled Boolean
    required Boolean

    FusionAuthApplicationRegistrationConfigurationFirstName, FusionAuthApplicationRegistrationConfigurationFirstNameArgs

    Enabled bool
    Required bool
    Enabled bool
    Required bool
    enabled Boolean
    required Boolean
    enabled boolean
    required boolean
    enabled bool
    required bool
    enabled Boolean
    required Boolean

    FusionAuthApplicationRegistrationConfigurationFullName, FusionAuthApplicationRegistrationConfigurationFullNameArgs

    Enabled bool
    Required bool
    Enabled bool
    Required bool
    enabled Boolean
    required Boolean
    enabled boolean
    required boolean
    enabled bool
    required bool
    enabled Boolean
    required Boolean

    FusionAuthApplicationRegistrationConfigurationLastName, FusionAuthApplicationRegistrationConfigurationLastNameArgs

    Enabled bool
    Required bool
    Enabled bool
    Required bool
    enabled Boolean
    required Boolean
    enabled boolean
    required boolean
    enabled bool
    required bool
    enabled Boolean
    required Boolean

    FusionAuthApplicationRegistrationConfigurationMiddleName, FusionAuthApplicationRegistrationConfigurationMiddleNameArgs

    Enabled bool
    Required bool
    Enabled bool
    Required bool
    enabled Boolean
    required Boolean
    enabled boolean
    required boolean
    enabled bool
    required bool
    enabled Boolean
    required Boolean

    FusionAuthApplicationRegistrationConfigurationMobilePhone, FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs

    Enabled bool
    Required bool
    Enabled bool
    Required bool
    enabled Boolean
    required Boolean
    enabled boolean
    required boolean
    enabled bool
    required bool
    enabled Boolean
    required Boolean

    FusionAuthApplicationRegistrationConfigurationPreferredLanguages, FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs

    Enabled bool
    Required bool
    Enabled bool
    Required bool
    enabled Boolean
    required Boolean
    enabled boolean
    required boolean
    enabled bool
    required bool
    enabled Boolean
    required Boolean

    FusionAuthApplicationRegistrationDeletePolicy, FusionAuthApplicationRegistrationDeletePolicyArgs

    UnverifiedEnabled bool
    Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
    UnverifiedNumberOfDaysToRetain int
    The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
    UnverifiedEnabled bool
    Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
    UnverifiedNumberOfDaysToRetain int
    The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
    unverifiedEnabled Boolean
    Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
    unverifiedNumberOfDaysToRetain Integer
    The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
    unverifiedEnabled boolean
    Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
    unverifiedNumberOfDaysToRetain number
    The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
    unverified_enabled bool
    Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
    unverified_number_of_days_to_retain int
    The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
    unverifiedEnabled Boolean
    Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
    unverifiedNumberOfDaysToRetain Number
    The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.

    FusionAuthApplicationSamlv2Configuration, FusionAuthApplicationSamlv2ConfigurationArgs

    AuthorizedRedirectUrls List<string>
    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
    Issuer string
    The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
    AssertionEncryptionConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfiguration
    Audience string
    The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
    CallbackUrl string
    The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.

    Deprecated: In version 1.20.0 and beyond, Callback URLs can be managed via authorized_redirect_urls.

    Debug bool
    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
    DefaultVerificationKeyId string
    Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
    Enabled bool
    Whether or not the SAML IdP for this Application is enabled or not.
    InitiatedLogin theogravity.Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationInitiatedLogin
    KeyId string
    The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
    LoginHintConfiguration theogravity.Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationLoginHintConfiguration
    Logout theogravity.Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationLogout
    LogoutUrl string
    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
    RequiredSignedRequests bool
    If set to true, will force verification through the key store.
    XmlSignatureCanonicalizationMethod string
    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
    XmlSignatureLocation string
    The location to place the XML signature when signing a successful SAML response.
    AuthorizedRedirectUrls []string
    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
    Issuer string
    The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
    AssertionEncryptionConfiguration FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfiguration
    Audience string
    The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
    CallbackUrl string
    The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.

    Deprecated: In version 1.20.0 and beyond, Callback URLs can be managed via authorized_redirect_urls.

    Debug bool
    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
    DefaultVerificationKeyId string
    Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
    Enabled bool
    Whether or not the SAML IdP for this Application is enabled or not.
    InitiatedLogin FusionAuthApplicationSamlv2ConfigurationInitiatedLogin
    KeyId string
    The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
    LoginHintConfiguration FusionAuthApplicationSamlv2ConfigurationLoginHintConfiguration
    Logout FusionAuthApplicationSamlv2ConfigurationLogout
    LogoutUrl string
    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
    RequiredSignedRequests bool
    If set to true, will force verification through the key store.
    XmlSignatureCanonicalizationMethod string
    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
    XmlSignatureLocation string
    The location to place the XML signature when signing a successful SAML response.
    authorizedRedirectUrls List<String>
    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
    issuer String
    The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
    assertionEncryptionConfiguration FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfiguration
    audience String
    The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
    callbackUrl String
    The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.

    Deprecated: In version 1.20.0 and beyond, Callback URLs can be managed via authorized_redirect_urls.

    debug Boolean
    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
    defaultVerificationKeyId String
    Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
    enabled Boolean
    Whether or not the SAML IdP for this Application is enabled or not.
    initiatedLogin FusionAuthApplicationSamlv2ConfigurationInitiatedLogin
    keyId String
    The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
    loginHintConfiguration FusionAuthApplicationSamlv2ConfigurationLoginHintConfiguration
    logout FusionAuthApplicationSamlv2ConfigurationLogout
    logoutUrl String
    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
    requiredSignedRequests Boolean
    If set to true, will force verification through the key store.
    xmlSignatureCanonicalizationMethod String
    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
    xmlSignatureLocation String
    The location to place the XML signature when signing a successful SAML response.
    authorizedRedirectUrls string[]
    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
    issuer string
    The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
    assertionEncryptionConfiguration FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfiguration
    audience string
    The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
    callbackUrl string
    The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.

    Deprecated: In version 1.20.0 and beyond, Callback URLs can be managed via authorized_redirect_urls.

    debug boolean
    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
    defaultVerificationKeyId string
    Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
    enabled boolean
    Whether or not the SAML IdP for this Application is enabled or not.
    initiatedLogin FusionAuthApplicationSamlv2ConfigurationInitiatedLogin
    keyId string
    The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
    loginHintConfiguration FusionAuthApplicationSamlv2ConfigurationLoginHintConfiguration
    logout FusionAuthApplicationSamlv2ConfigurationLogout
    logoutUrl string
    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
    requiredSignedRequests boolean
    If set to true, will force verification through the key store.
    xmlSignatureCanonicalizationMethod string
    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
    xmlSignatureLocation string
    The location to place the XML signature when signing a successful SAML response.
    authorized_redirect_urls Sequence[str]
    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
    issuer str
    The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
    assertion_encryption_configuration FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfiguration
    audience str
    The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
    callback_url str
    The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.

    Deprecated: In version 1.20.0 and beyond, Callback URLs can be managed via authorized_redirect_urls.

    debug bool
    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
    default_verification_key_id str
    Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
    enabled bool
    Whether or not the SAML IdP for this Application is enabled or not.
    initiated_login FusionAuthApplicationSamlv2ConfigurationInitiatedLogin
    key_id str
    The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
    login_hint_configuration FusionAuthApplicationSamlv2ConfigurationLoginHintConfiguration
    logout FusionAuthApplicationSamlv2ConfigurationLogout
    logout_url str
    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
    required_signed_requests bool
    If set to true, will force verification through the key store.
    xml_signature_canonicalization_method str
    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
    xml_signature_location str
    The location to place the XML signature when signing a successful SAML response.
    authorizedRedirectUrls List<String>
    An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
    issuer String
    The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
    assertionEncryptionConfiguration Property Map
    audience String
    The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
    callbackUrl String
    The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.

    Deprecated: In version 1.20.0 and beyond, Callback URLs can be managed via authorized_redirect_urls.

    debug Boolean
    Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
    defaultVerificationKeyId String
    Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
    enabled Boolean
    Whether or not the SAML IdP for this Application is enabled or not.
    initiatedLogin Property Map
    keyId String
    The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
    loginHintConfiguration Property Map
    logout Property Map
    logoutUrl String
    The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
    requiredSignedRequests Boolean
    If set to true, will force verification through the key store.
    xmlSignatureCanonicalizationMethod String
    The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
    xmlSignatureLocation String
    The location to place the XML signature when signing a successful SAML response.

    FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfiguration, FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfigurationArgs

    DigestAlgorithm string
    The message digest algorithm to use when encrypting the symmetric key for transport. The possible values are: SHA1 - SHA-1 hashing algorithm, SHA256 - SHA-256 hashing algorithm, SHA384 - SHA-384 hashing algorithm or SHA512 - SHA-512 hashing algorithm. Using SHA256 or higher is recommended.
    Enabled bool
    Determines if SAML assertion encryption is enabled for this Application.
    EncryptionAlgorithm string
    The symmetric key encryption algorithm that will be used to encrypt SAML assertions. A new symmetric key will be generated every time an assertion is encrypted. AES ciphers can operate in Cipher Block Chaining (CBC) or Galois/Counter Mode (GCM). The possible values are: AES128, AES192, AES256, AES128GCM, AES192GCM, AES256GCM or TripleDES.
    KeyLocation string
    The location that the encrypted symmetric key information will be placed in the SAML response in relation to the EncryptedData element containing the encrypted assertion value. The possible values are: Child (The EncryptedKey element will be wrapped in a KeyInfo element and added inside the EncryptedData) or Sibling (The EncryptedKey element will be added to the document as a sibling of EncryptedData).
    KeyTransportAlgorithm string
    The encryption algorithm used to encrypt the symmetric key for transport in the SAML response. The possible values are: RSAv15, RSA_OAEP or RSA_OAEP_MGF1P.
    KeyTransportEncryptionKeyId string
    The unique Id of the Key used to encrypt the symmetric key for transport in the SAML response. The selected Key must contain an RSA certificate. This parameter is required when application.samlv2Configuration.assertionEncryptionConfiguration.enabled is set to true.
    MaskGenerationFunction string
    The mask generation function and hash function to use for the Optimal Asymmetric Encryption Padding when encrypting a symmetric key for transport. The possible values are: MGF1_SHA1, MGF1_SHA224, MGF1_SHA256, MGF1_SHA384 or MGF1_SHA512. This value is only used when the application.samlv2Configuration.assertionEncryptionConfiguration.keyTransportAlgorithm is set to RSA_OAEP. RSAv15 does not require a message digest function, and RSA_OAEP_MGF1P will always use MGF1_SHA1 regardless of this value.
    DigestAlgorithm string
    The message digest algorithm to use when encrypting the symmetric key for transport. The possible values are: SHA1 - SHA-1 hashing algorithm, SHA256 - SHA-256 hashing algorithm, SHA384 - SHA-384 hashing algorithm or SHA512 - SHA-512 hashing algorithm. Using SHA256 or higher is recommended.
    Enabled bool
    Determines if SAML assertion encryption is enabled for this Application.
    EncryptionAlgorithm string
    The symmetric key encryption algorithm that will be used to encrypt SAML assertions. A new symmetric key will be generated every time an assertion is encrypted. AES ciphers can operate in Cipher Block Chaining (CBC) or Galois/Counter Mode (GCM). The possible values are: AES128, AES192, AES256, AES128GCM, AES192GCM, AES256GCM or TripleDES.
    KeyLocation string
    The location that the encrypted symmetric key information will be placed in the SAML response in relation to the EncryptedData element containing the encrypted assertion value. The possible values are: Child (The EncryptedKey element will be wrapped in a KeyInfo element and added inside the EncryptedData) or Sibling (The EncryptedKey element will be added to the document as a sibling of EncryptedData).
    KeyTransportAlgorithm string
    The encryption algorithm used to encrypt the symmetric key for transport in the SAML response. The possible values are: RSAv15, RSA_OAEP or RSA_OAEP_MGF1P.
    KeyTransportEncryptionKeyId string
    The unique Id of the Key used to encrypt the symmetric key for transport in the SAML response. The selected Key must contain an RSA certificate. This parameter is required when application.samlv2Configuration.assertionEncryptionConfiguration.enabled is set to true.
    MaskGenerationFunction string
    The mask generation function and hash function to use for the Optimal Asymmetric Encryption Padding when encrypting a symmetric key for transport. The possible values are: MGF1_SHA1, MGF1_SHA224, MGF1_SHA256, MGF1_SHA384 or MGF1_SHA512. This value is only used when the application.samlv2Configuration.assertionEncryptionConfiguration.keyTransportAlgorithm is set to RSA_OAEP. RSAv15 does not require a message digest function, and RSA_OAEP_MGF1P will always use MGF1_SHA1 regardless of this value.
    digestAlgorithm String
    The message digest algorithm to use when encrypting the symmetric key for transport. The possible values are: SHA1 - SHA-1 hashing algorithm, SHA256 - SHA-256 hashing algorithm, SHA384 - SHA-384 hashing algorithm or SHA512 - SHA-512 hashing algorithm. Using SHA256 or higher is recommended.
    enabled Boolean
    Determines if SAML assertion encryption is enabled for this Application.
    encryptionAlgorithm String
    The symmetric key encryption algorithm that will be used to encrypt SAML assertions. A new symmetric key will be generated every time an assertion is encrypted. AES ciphers can operate in Cipher Block Chaining (CBC) or Galois/Counter Mode (GCM). The possible values are: AES128, AES192, AES256, AES128GCM, AES192GCM, AES256GCM or TripleDES.
    keyLocation String
    The location that the encrypted symmetric key information will be placed in the SAML response in relation to the EncryptedData element containing the encrypted assertion value. The possible values are: Child (The EncryptedKey element will be wrapped in a KeyInfo element and added inside the EncryptedData) or Sibling (The EncryptedKey element will be added to the document as a sibling of EncryptedData).
    keyTransportAlgorithm String
    The encryption algorithm used to encrypt the symmetric key for transport in the SAML response. The possible values are: RSAv15, RSA_OAEP or RSA_OAEP_MGF1P.
    keyTransportEncryptionKeyId String
    The unique Id of the Key used to encrypt the symmetric key for transport in the SAML response. The selected Key must contain an RSA certificate. This parameter is required when application.samlv2Configuration.assertionEncryptionConfiguration.enabled is set to true.
    maskGenerationFunction String
    The mask generation function and hash function to use for the Optimal Asymmetric Encryption Padding when encrypting a symmetric key for transport. The possible values are: MGF1_SHA1, MGF1_SHA224, MGF1_SHA256, MGF1_SHA384 or MGF1_SHA512. This value is only used when the application.samlv2Configuration.assertionEncryptionConfiguration.keyTransportAlgorithm is set to RSA_OAEP. RSAv15 does not require a message digest function, and RSA_OAEP_MGF1P will always use MGF1_SHA1 regardless of this value.
    digestAlgorithm string
    The message digest algorithm to use when encrypting the symmetric key for transport. The possible values are: SHA1 - SHA-1 hashing algorithm, SHA256 - SHA-256 hashing algorithm, SHA384 - SHA-384 hashing algorithm or SHA512 - SHA-512 hashing algorithm. Using SHA256 or higher is recommended.
    enabled boolean
    Determines if SAML assertion encryption is enabled for this Application.
    encryptionAlgorithm string
    The symmetric key encryption algorithm that will be used to encrypt SAML assertions. A new symmetric key will be generated every time an assertion is encrypted. AES ciphers can operate in Cipher Block Chaining (CBC) or Galois/Counter Mode (GCM). The possible values are: AES128, AES192, AES256, AES128GCM, AES192GCM, AES256GCM or TripleDES.
    keyLocation string
    The location that the encrypted symmetric key information will be placed in the SAML response in relation to the EncryptedData element containing the encrypted assertion value. The possible values are: Child (The EncryptedKey element will be wrapped in a KeyInfo element and added inside the EncryptedData) or Sibling (The EncryptedKey element will be added to the document as a sibling of EncryptedData).
    keyTransportAlgorithm string
    The encryption algorithm used to encrypt the symmetric key for transport in the SAML response. The possible values are: RSAv15, RSA_OAEP or RSA_OAEP_MGF1P.
    keyTransportEncryptionKeyId string
    The unique Id of the Key used to encrypt the symmetric key for transport in the SAML response. The selected Key must contain an RSA certificate. This parameter is required when application.samlv2Configuration.assertionEncryptionConfiguration.enabled is set to true.
    maskGenerationFunction string
    The mask generation function and hash function to use for the Optimal Asymmetric Encryption Padding when encrypting a symmetric key for transport. The possible values are: MGF1_SHA1, MGF1_SHA224, MGF1_SHA256, MGF1_SHA384 or MGF1_SHA512. This value is only used when the application.samlv2Configuration.assertionEncryptionConfiguration.keyTransportAlgorithm is set to RSA_OAEP. RSAv15 does not require a message digest function, and RSA_OAEP_MGF1P will always use MGF1_SHA1 regardless of this value.
    digest_algorithm str
    The message digest algorithm to use when encrypting the symmetric key for transport. The possible values are: SHA1 - SHA-1 hashing algorithm, SHA256 - SHA-256 hashing algorithm, SHA384 - SHA-384 hashing algorithm or SHA512 - SHA-512 hashing algorithm. Using SHA256 or higher is recommended.
    enabled bool
    Determines if SAML assertion encryption is enabled for this Application.
    encryption_algorithm str
    The symmetric key encryption algorithm that will be used to encrypt SAML assertions. A new symmetric key will be generated every time an assertion is encrypted. AES ciphers can operate in Cipher Block Chaining (CBC) or Galois/Counter Mode (GCM). The possible values are: AES128, AES192, AES256, AES128GCM, AES192GCM, AES256GCM or TripleDES.
    key_location str
    The location that the encrypted symmetric key information will be placed in the SAML response in relation to the EncryptedData element containing the encrypted assertion value. The possible values are: Child (The EncryptedKey element will be wrapped in a KeyInfo element and added inside the EncryptedData) or Sibling (The EncryptedKey element will be added to the document as a sibling of EncryptedData).
    key_transport_algorithm str
    The encryption algorithm used to encrypt the symmetric key for transport in the SAML response. The possible values are: RSAv15, RSA_OAEP or RSA_OAEP_MGF1P.
    key_transport_encryption_key_id str
    The unique Id of the Key used to encrypt the symmetric key for transport in the SAML response. The selected Key must contain an RSA certificate. This parameter is required when application.samlv2Configuration.assertionEncryptionConfiguration.enabled is set to true.
    mask_generation_function str
    The mask generation function and hash function to use for the Optimal Asymmetric Encryption Padding when encrypting a symmetric key for transport. The possible values are: MGF1_SHA1, MGF1_SHA224, MGF1_SHA256, MGF1_SHA384 or MGF1_SHA512. This value is only used when the application.samlv2Configuration.assertionEncryptionConfiguration.keyTransportAlgorithm is set to RSA_OAEP. RSAv15 does not require a message digest function, and RSA_OAEP_MGF1P will always use MGF1_SHA1 regardless of this value.
    digestAlgorithm String
    The message digest algorithm to use when encrypting the symmetric key for transport. The possible values are: SHA1 - SHA-1 hashing algorithm, SHA256 - SHA-256 hashing algorithm, SHA384 - SHA-384 hashing algorithm or SHA512 - SHA-512 hashing algorithm. Using SHA256 or higher is recommended.
    enabled Boolean
    Determines if SAML assertion encryption is enabled for this Application.
    encryptionAlgorithm String
    The symmetric key encryption algorithm that will be used to encrypt SAML assertions. A new symmetric key will be generated every time an assertion is encrypted. AES ciphers can operate in Cipher Block Chaining (CBC) or Galois/Counter Mode (GCM). The possible values are: AES128, AES192, AES256, AES128GCM, AES192GCM, AES256GCM or TripleDES.
    keyLocation String
    The location that the encrypted symmetric key information will be placed in the SAML response in relation to the EncryptedData element containing the encrypted assertion value. The possible values are: Child (The EncryptedKey element will be wrapped in a KeyInfo element and added inside the EncryptedData) or Sibling (The EncryptedKey element will be added to the document as a sibling of EncryptedData).
    keyTransportAlgorithm String
    The encryption algorithm used to encrypt the symmetric key for transport in the SAML response. The possible values are: RSAv15, RSA_OAEP or RSA_OAEP_MGF1P.
    keyTransportEncryptionKeyId String
    The unique Id of the Key used to encrypt the symmetric key for transport in the SAML response. The selected Key must contain an RSA certificate. This parameter is required when application.samlv2Configuration.assertionEncryptionConfiguration.enabled is set to true.
    maskGenerationFunction String
    The mask generation function and hash function to use for the Optimal Asymmetric Encryption Padding when encrypting a symmetric key for transport. The possible values are: MGF1_SHA1, MGF1_SHA224, MGF1_SHA256, MGF1_SHA384 or MGF1_SHA512. This value is only used when the application.samlv2Configuration.assertionEncryptionConfiguration.keyTransportAlgorithm is set to RSA_OAEP. RSAv15 does not require a message digest function, and RSA_OAEP_MGF1P will always use MGF1_SHA1 regardless of this value.

    FusionAuthApplicationSamlv2ConfigurationInitiatedLogin, FusionAuthApplicationSamlv2ConfigurationInitiatedLoginArgs

    Enabled bool
    Determines if SAML v2 IdP initiated login is enabled for this application. See application.samlv2Configuration.authorizedRedirectURLs for information on which destination URLs are allowed.
    NameIdFormat string
    The value sent in the AuthN response to the SAML v2 Service Provider in the NameID assertion.
    Enabled bool
    Determines if SAML v2 IdP initiated login is enabled for this application. See application.samlv2Configuration.authorizedRedirectURLs for information on which destination URLs are allowed.
    NameIdFormat string
    The value sent in the AuthN response to the SAML v2 Service Provider in the NameID assertion.
    enabled Boolean
    Determines if SAML v2 IdP initiated login is enabled for this application. See application.samlv2Configuration.authorizedRedirectURLs for information on which destination URLs are allowed.
    nameIdFormat String
    The value sent in the AuthN response to the SAML v2 Service Provider in the NameID assertion.
    enabled boolean
    Determines if SAML v2 IdP initiated login is enabled for this application. See application.samlv2Configuration.authorizedRedirectURLs for information on which destination URLs are allowed.
    nameIdFormat string
    The value sent in the AuthN response to the SAML v2 Service Provider in the NameID assertion.
    enabled bool
    Determines if SAML v2 IdP initiated login is enabled for this application. See application.samlv2Configuration.authorizedRedirectURLs for information on which destination URLs are allowed.
    name_id_format str
    The value sent in the AuthN response to the SAML v2 Service Provider in the NameID assertion.
    enabled Boolean
    Determines if SAML v2 IdP initiated login is enabled for this application. See application.samlv2Configuration.authorizedRedirectURLs for information on which destination URLs are allowed.
    nameIdFormat String
    The value sent in the AuthN response to the SAML v2 Service Provider in the NameID assertion.

    FusionAuthApplicationSamlv2ConfigurationLoginHintConfiguration, FusionAuthApplicationSamlv2ConfigurationLoginHintConfigurationArgs

    Enabled bool
    When enabled, FusionAuth will accept a username or email address as a login hint on a custom HTTP request parameter.
    ParameterName string
    The name of the parameter that will be used to pass the login hint to the SAML v2 IdP.
    Enabled bool
    When enabled, FusionAuth will accept a username or email address as a login hint on a custom HTTP request parameter.
    ParameterName string
    The name of the parameter that will be used to pass the login hint to the SAML v2 IdP.
    enabled Boolean
    When enabled, FusionAuth will accept a username or email address as a login hint on a custom HTTP request parameter.
    parameterName String
    The name of the parameter that will be used to pass the login hint to the SAML v2 IdP.
    enabled boolean
    When enabled, FusionAuth will accept a username or email address as a login hint on a custom HTTP request parameter.
    parameterName string
    The name of the parameter that will be used to pass the login hint to the SAML v2 IdP.
    enabled bool
    When enabled, FusionAuth will accept a username or email address as a login hint on a custom HTTP request parameter.
    parameter_name str
    The name of the parameter that will be used to pass the login hint to the SAML v2 IdP.
    enabled Boolean
    When enabled, FusionAuth will accept a username or email address as a login hint on a custom HTTP request parameter.
    parameterName String
    The name of the parameter that will be used to pass the login hint to the SAML v2 IdP.

    FusionAuthApplicationSamlv2ConfigurationLogout, FusionAuthApplicationSamlv2ConfigurationLogoutArgs

    Behavior string
    This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
    DefaultVerificationKeyId string
    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
    KeyId string
    The unique Id of the Key used to sign the SAML Logout response.
    RequireSignedRequests bool
    Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
    SingleLogout theogravity.Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout
    XmlSignatureCanonicalizationMethod string
    The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
    Behavior string
    This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
    DefaultVerificationKeyId string
    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
    KeyId string
    The unique Id of the Key used to sign the SAML Logout response.
    RequireSignedRequests bool
    Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
    SingleLogout FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout
    XmlSignatureCanonicalizationMethod string
    The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
    behavior String
    This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
    defaultVerificationKeyId String
    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
    keyId String
    The unique Id of the Key used to sign the SAML Logout response.
    requireSignedRequests Boolean
    Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
    singleLogout FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout
    xmlSignatureCanonicalizationMethod String
    The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
    behavior string
    This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
    defaultVerificationKeyId string
    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
    keyId string
    The unique Id of the Key used to sign the SAML Logout response.
    requireSignedRequests boolean
    Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
    singleLogout FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout
    xmlSignatureCanonicalizationMethod string
    The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
    behavior str
    This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
    default_verification_key_id str
    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
    key_id str
    The unique Id of the Key used to sign the SAML Logout response.
    require_signed_requests bool
    Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
    single_logout FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout
    xml_signature_canonicalization_method str
    The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
    behavior String
    This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
    defaultVerificationKeyId String
    The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
    keyId String
    The unique Id of the Key used to sign the SAML Logout response.
    requireSignedRequests Boolean
    Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
    singleLogout Property Map
    xmlSignatureCanonicalizationMethod String
    The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout, FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogoutArgs

    Enabled bool
    Whether or not SAML Single Logout for this SAML IdP is enabled.
    KeyId string
    The unique Id of the Key used to sign the SAML Single Logout response.
    Url string
    The URL at which you want to receive the LogoutRequest from FusionAuth.
    XmlSignatureCanonicalizationMethod string
    The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
    Enabled bool
    Whether or not SAML Single Logout for this SAML IdP is enabled.
    KeyId string
    The unique Id of the Key used to sign the SAML Single Logout response.
    Url string
    The URL at which you want to receive the LogoutRequest from FusionAuth.
    XmlSignatureCanonicalizationMethod string
    The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
    enabled Boolean
    Whether or not SAML Single Logout for this SAML IdP is enabled.
    keyId String
    The unique Id of the Key used to sign the SAML Single Logout response.
    url String
    The URL at which you want to receive the LogoutRequest from FusionAuth.
    xmlSignatureCanonicalizationMethod String
    The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
    enabled boolean
    Whether or not SAML Single Logout for this SAML IdP is enabled.
    keyId string
    The unique Id of the Key used to sign the SAML Single Logout response.
    url string
    The URL at which you want to receive the LogoutRequest from FusionAuth.
    xmlSignatureCanonicalizationMethod string
    The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
    enabled bool
    Whether or not SAML Single Logout for this SAML IdP is enabled.
    key_id str
    The unique Id of the Key used to sign the SAML Single Logout response.
    url str
    The URL at which you want to receive the LogoutRequest from FusionAuth.
    xml_signature_canonicalization_method str
    The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
    enabled Boolean
    Whether or not SAML Single Logout for this SAML IdP is enabled.
    keyId String
    The unique Id of the Key used to sign the SAML Single Logout response.
    url String
    The URL at which you want to receive the LogoutRequest from FusionAuth.
    xmlSignatureCanonicalizationMethod String
    The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.

    FusionAuthApplicationWebauthnConfiguration, FusionAuthApplicationWebauthnConfigurationArgs

    BootstrapWorkflowEnabled bool
    Indicates if this application enables WebAuthn workflows based on the configuration defined here or the Tenant WebAuthn configuration. If this is false, WebAuthn workflows will be enabled based on the Tenant configuration. If true, WebAuthn workflows will be enabled according to the configuration of this application.
    Enabled bool
    Whether the WebAuthn bootstrap workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
    ReauthenticationWorkflowEnabled bool
    Whether the WebAuthn reauthentication workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
    BootstrapWorkflowEnabled bool
    Indicates if this application enables WebAuthn workflows based on the configuration defined here or the Tenant WebAuthn configuration. If this is false, WebAuthn workflows will be enabled based on the Tenant configuration. If true, WebAuthn workflows will be enabled according to the configuration of this application.
    Enabled bool
    Whether the WebAuthn bootstrap workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
    ReauthenticationWorkflowEnabled bool
    Whether the WebAuthn reauthentication workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
    bootstrapWorkflowEnabled Boolean
    Indicates if this application enables WebAuthn workflows based on the configuration defined here or the Tenant WebAuthn configuration. If this is false, WebAuthn workflows will be enabled based on the Tenant configuration. If true, WebAuthn workflows will be enabled according to the configuration of this application.
    enabled Boolean
    Whether the WebAuthn bootstrap workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
    reauthenticationWorkflowEnabled Boolean
    Whether the WebAuthn reauthentication workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
    bootstrapWorkflowEnabled boolean
    Indicates if this application enables WebAuthn workflows based on the configuration defined here or the Tenant WebAuthn configuration. If this is false, WebAuthn workflows will be enabled based on the Tenant configuration. If true, WebAuthn workflows will be enabled according to the configuration of this application.
    enabled boolean
    Whether the WebAuthn bootstrap workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
    reauthenticationWorkflowEnabled boolean
    Whether the WebAuthn reauthentication workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
    bootstrap_workflow_enabled bool
    Indicates if this application enables WebAuthn workflows based on the configuration defined here or the Tenant WebAuthn configuration. If this is false, WebAuthn workflows will be enabled based on the Tenant configuration. If true, WebAuthn workflows will be enabled according to the configuration of this application.
    enabled bool
    Whether the WebAuthn bootstrap workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
    reauthentication_workflow_enabled bool
    Whether the WebAuthn reauthentication workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
    bootstrapWorkflowEnabled Boolean
    Indicates if this application enables WebAuthn workflows based on the configuration defined here or the Tenant WebAuthn configuration. If this is false, WebAuthn workflows will be enabled based on the Tenant configuration. If true, WebAuthn workflows will be enabled according to the configuration of this application.
    enabled Boolean
    Whether the WebAuthn bootstrap workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.
    reauthenticationWorkflowEnabled Boolean
    Whether the WebAuthn reauthentication workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.

    Package Details

    Repository
    fusionauth theogravity/pulumi-fusionauth
    License
    MIT
    Notes
    This Pulumi package is based on the fusionauth Terraform Provider.
    fusionauth logo
    FusionAuth v6.0.2 published on Sunday, Feb 9, 2025 by Theo Gravity