Viewing docs for Keycloak v6.10.0
published on Saturday, Feb 21, 2026 by Pulumi
published on Saturday, Feb 21, 2026 by Pulumi
Viewing docs for Keycloak v6.10.0
published on Saturday, Feb 21, 2026 by Pulumi
published on Saturday, Feb 21, 2026 by Pulumi
This data source can be used to fetch the details of an authentication subflow within Keycloak.
An authentication subflow is a nested flow within a parent authentication flow that groups related authentication steps together.
Example Usage
Lookup by Alias (Human-readable)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const myFlow = new keycloak.authentication.Flow("my_flow", {
realmId: realm.id,
alias: "my-custom-flow",
});
const mySubflow = new keycloak.authentication.Subflow("my_subflow", {
realmId: realm.id,
parentFlowAlias: myFlow.alias,
alias: "my-subflow",
providerId: "basic-flow",
});
const subflow = keycloak.authentication.getSubflowOutput({
realmId: realm.id,
parentFlowAlias: myFlow.alias,
alias: "my-subflow",
});
export const subflowId = subflow.apply(subflow => subflow.id);
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
my_flow = keycloak.authentication.Flow("my_flow",
realm_id=realm.id,
alias="my-custom-flow")
my_subflow = keycloak.authentication.Subflow("my_subflow",
realm_id=realm.id,
parent_flow_alias=my_flow.alias,
alias="my-subflow",
provider_id="basic-flow")
subflow = keycloak.authentication.get_subflow_output(realm_id=realm.id,
parent_flow_alias=my_flow.alias,
alias="my-subflow")
pulumi.export("subflowId", subflow.id)
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/authentication"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
myFlow, err := authentication.NewFlow(ctx, "my_flow", &authentication.FlowArgs{
RealmId: realm.ID(),
Alias: pulumi.String("my-custom-flow"),
})
if err != nil {
return err
}
_, err = authentication.NewSubflow(ctx, "my_subflow", &authentication.SubflowArgs{
RealmId: realm.ID(),
ParentFlowAlias: myFlow.Alias,
Alias: pulumi.String("my-subflow"),
ProviderId: pulumi.String("basic-flow"),
})
if err != nil {
return err
}
subflow := authentication.LookupSubflowOutput(ctx, authentication.GetSubflowOutputArgs{
RealmId: realm.ID(),
ParentFlowAlias: myFlow.Alias,
Alias: pulumi.String("my-subflow"),
}, nil)
ctx.Export("subflowId", subflow.ApplyT(func(subflow authentication.GetSubflowResult) (*string, error) {
return &subflow.Id, nil
}).(pulumi.StringPtrOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var myFlow = new Keycloak.Authentication.Flow("my_flow", new()
{
RealmId = realm.Id,
Alias = "my-custom-flow",
});
var mySubflow = new Keycloak.Authentication.Subflow("my_subflow", new()
{
RealmId = realm.Id,
ParentFlowAlias = myFlow.Alias,
Alias = "my-subflow",
ProviderId = "basic-flow",
});
var subflow = Keycloak.Authentication.GetSubflow.Invoke(new()
{
RealmId = realm.Id,
ParentFlowAlias = myFlow.Alias,
Alias = "my-subflow",
});
return new Dictionary<string, object?>
{
["subflowId"] = subflow.Apply(getSubflowResult => getSubflowResult.Id),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.authentication.Flow;
import com.pulumi.keycloak.authentication.FlowArgs;
import com.pulumi.keycloak.authentication.Subflow;
import com.pulumi.keycloak.authentication.SubflowArgs;
import com.pulumi.keycloak.authentication.AuthenticationFunctions;
import com.pulumi.keycloak.authentication.inputs.GetSubflowArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var myFlow = new Flow("myFlow", FlowArgs.builder()
.realmId(realm.id())
.alias("my-custom-flow")
.build());
var mySubflow = new Subflow("mySubflow", SubflowArgs.builder()
.realmId(realm.id())
.parentFlowAlias(myFlow.alias())
.alias("my-subflow")
.providerId("basic-flow")
.build());
final var subflow = AuthenticationFunctions.getSubflow(GetSubflowArgs.builder()
.realmId(realm.id())
.parentFlowAlias(myFlow.alias())
.alias("my-subflow")
.build());
ctx.export("subflowId", subflow.applyValue(_subflow -> _subflow.id()));
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
myFlow:
type: keycloak:authentication:Flow
name: my_flow
properties:
realmId: ${realm.id}
alias: my-custom-flow
mySubflow:
type: keycloak:authentication:Subflow
name: my_subflow
properties:
realmId: ${realm.id}
parentFlowAlias: ${myFlow.alias}
alias: my-subflow
providerId: basic-flow
variables:
subflow:
fn::invoke:
function: keycloak:authentication:getSubflow
arguments:
realmId: ${realm.id}
parentFlowAlias: ${myFlow.alias}
alias: my-subflow
outputs:
subflowId: ${subflow.id}
Lookup by ID (Direct)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const subflow = keycloak.authentication.getSubflow({
realmId: "my-realm-id",
parentFlowAlias: "browser",
id: "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
});
export const subflowAlias = subflow.then(subflow => subflow.alias);
import pulumi
import pulumi_keycloak as keycloak
subflow = keycloak.authentication.get_subflow(realm_id="my-realm-id",
parent_flow_alias="browser",
id="a1b2c3d4-e5f6-7890-abcd-ef1234567890")
pulumi.export("subflowAlias", subflow.alias)
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/authentication"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
subflow, err := authentication.LookupSubflow(ctx, &authentication.LookupSubflowArgs{
RealmId: "my-realm-id",
ParentFlowAlias: "browser",
Id: pulumi.StringRef("a1b2c3d4-e5f6-7890-abcd-ef1234567890"),
}, nil)
if err != nil {
return err
}
ctx.Export("subflowAlias", subflow.Alias)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var subflow = Keycloak.Authentication.GetSubflow.Invoke(new()
{
RealmId = "my-realm-id",
ParentFlowAlias = "browser",
Id = "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
});
return new Dictionary<string, object?>
{
["subflowAlias"] = subflow.Apply(getSubflowResult => getSubflowResult.Alias),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.authentication.AuthenticationFunctions;
import com.pulumi.keycloak.authentication.inputs.GetSubflowArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var subflow = AuthenticationFunctions.getSubflow(GetSubflowArgs.builder()
.realmId("my-realm-id")
.parentFlowAlias("browser")
.id("a1b2c3d4-e5f6-7890-abcd-ef1234567890")
.build());
ctx.export("subflowAlias", subflow.alias());
}
}
variables:
subflow:
fn::invoke:
function: keycloak:authentication:getSubflow
arguments:
realmId: my-realm-id
parentFlowAlias: browser
id: a1b2c3d4-e5f6-7890-abcd-ef1234567890
outputs:
subflowAlias: ${subflow.alias}
Using getSubflow
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSubflow(args: GetSubflowArgs, opts?: InvokeOptions): Promise<GetSubflowResult>
function getSubflowOutput(args: GetSubflowOutputArgs, opts?: InvokeOptions): Output<GetSubflowResult>def get_subflow(alias: Optional[str] = None,
id: Optional[str] = None,
parent_flow_alias: Optional[str] = None,
realm_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetSubflowResult
def get_subflow_output(alias: Optional[pulumi.Input[str]] = None,
id: Optional[pulumi.Input[str]] = None,
parent_flow_alias: Optional[pulumi.Input[str]] = None,
realm_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSubflowResult]func LookupSubflow(ctx *Context, args *LookupSubflowArgs, opts ...InvokeOption) (*LookupSubflowResult, error)
func LookupSubflowOutput(ctx *Context, args *LookupSubflowOutputArgs, opts ...InvokeOption) LookupSubflowResultOutput> Note: This function is named LookupSubflow in the Go SDK.
public static class GetSubflow
{
public static Task<GetSubflowResult> InvokeAsync(GetSubflowArgs args, InvokeOptions? opts = null)
public static Output<GetSubflowResult> Invoke(GetSubflowInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSubflowResult> getSubflow(GetSubflowArgs args, InvokeOptions options)
public static Output<GetSubflowResult> getSubflow(GetSubflowArgs args, InvokeOptions options)
fn::invoke:
function: keycloak:authentication/getSubflow:getSubflow
arguments:
# arguments dictionaryThe following arguments are supported:
- Parent
Flow stringAlias - The alias of the parent authentication flow.
- Realm
Id string - The realm the authentication subflow exists in.
- Alias string
The alias of the authentication subflow. Either
idoraliasmust be specified.Note: You must specify either
idoralias, but not both. Useidfor direct lookup by GUID, oraliasfor human-readable lookup by name.- Id string
- The unique ID of the authentication subflow. Either
idoraliasmust be specified.
- Parent
Flow stringAlias - The alias of the parent authentication flow.
- Realm
Id string - The realm the authentication subflow exists in.
- Alias string
The alias of the authentication subflow. Either
idoraliasmust be specified.Note: You must specify either
idoralias, but not both. Useidfor direct lookup by GUID, oraliasfor human-readable lookup by name.- Id string
- The unique ID of the authentication subflow. Either
idoraliasmust be specified.
- parent
Flow StringAlias - The alias of the parent authentication flow.
- realm
Id String - The realm the authentication subflow exists in.
- alias String
The alias of the authentication subflow. Either
idoraliasmust be specified.Note: You must specify either
idoralias, but not both. Useidfor direct lookup by GUID, oraliasfor human-readable lookup by name.- id String
- The unique ID of the authentication subflow. Either
idoraliasmust be specified.
- parent
Flow stringAlias - The alias of the parent authentication flow.
- realm
Id string - The realm the authentication subflow exists in.
- alias string
The alias of the authentication subflow. Either
idoraliasmust be specified.Note: You must specify either
idoralias, but not both. Useidfor direct lookup by GUID, oraliasfor human-readable lookup by name.- id string
- The unique ID of the authentication subflow. Either
idoraliasmust be specified.
- parent_
flow_ stralias - The alias of the parent authentication flow.
- realm_
id str - The realm the authentication subflow exists in.
- alias str
The alias of the authentication subflow. Either
idoraliasmust be specified.Note: You must specify either
idoralias, but not both. Useidfor direct lookup by GUID, oraliasfor human-readable lookup by name.- id str
- The unique ID of the authentication subflow. Either
idoraliasmust be specified.
- parent
Flow StringAlias - The alias of the parent authentication flow.
- realm
Id String - The realm the authentication subflow exists in.
- alias String
The alias of the authentication subflow. Either
idoraliasmust be specified.Note: You must specify either
idoralias, but not both. Useidfor direct lookup by GUID, oraliasfor human-readable lookup by name.- id String
- The unique ID of the authentication subflow. Either
idoraliasmust be specified.
getSubflow Result
The following output properties are available:
- Authenticator string
- Description string
- The description of the subflow.
- Id string
- The unique ID of the authentication subflow.
- Parent
Flow stringAlias - Priority int
- (Keycloak 25+) The priority of the subflow within its parent flow.
- Provider
Id string - The provider ID for the subflow (e.g.,
basic-flow,form-flow, orclient-flow). - Realm
Id string - Requirement string
- The requirement setting for the subflow. Can be one of
REQUIRED,ALTERNATIVE,OPTIONAL,CONDITIONAL, orDISABLED. - Alias string
- The alias of the subflow.
- Authenticator string
- Description string
- The description of the subflow.
- Id string
- The unique ID of the authentication subflow.
- Parent
Flow stringAlias - Priority int
- (Keycloak 25+) The priority of the subflow within its parent flow.
- Provider
Id string - The provider ID for the subflow (e.g.,
basic-flow,form-flow, orclient-flow). - Realm
Id string - Requirement string
- The requirement setting for the subflow. Can be one of
REQUIRED,ALTERNATIVE,OPTIONAL,CONDITIONAL, orDISABLED. - Alias string
- The alias of the subflow.
- authenticator String
- description String
- The description of the subflow.
- id String
- The unique ID of the authentication subflow.
- parent
Flow StringAlias - priority Integer
- (Keycloak 25+) The priority of the subflow within its parent flow.
- provider
Id String - The provider ID for the subflow (e.g.,
basic-flow,form-flow, orclient-flow). - realm
Id String - requirement String
- The requirement setting for the subflow. Can be one of
REQUIRED,ALTERNATIVE,OPTIONAL,CONDITIONAL, orDISABLED. - alias String
- The alias of the subflow.
- authenticator string
- description string
- The description of the subflow.
- id string
- The unique ID of the authentication subflow.
- parent
Flow stringAlias - priority number
- (Keycloak 25+) The priority of the subflow within its parent flow.
- provider
Id string - The provider ID for the subflow (e.g.,
basic-flow,form-flow, orclient-flow). - realm
Id string - requirement string
- The requirement setting for the subflow. Can be one of
REQUIRED,ALTERNATIVE,OPTIONAL,CONDITIONAL, orDISABLED. - alias string
- The alias of the subflow.
- authenticator str
- description str
- The description of the subflow.
- id str
- The unique ID of the authentication subflow.
- parent_
flow_ stralias - priority int
- (Keycloak 25+) The priority of the subflow within its parent flow.
- provider_
id str - The provider ID for the subflow (e.g.,
basic-flow,form-flow, orclient-flow). - realm_
id str - requirement str
- The requirement setting for the subflow. Can be one of
REQUIRED,ALTERNATIVE,OPTIONAL,CONDITIONAL, orDISABLED. - alias str
- The alias of the subflow.
- authenticator String
- description String
- The description of the subflow.
- id String
- The unique ID of the authentication subflow.
- parent
Flow StringAlias - priority Number
- (Keycloak 25+) The priority of the subflow within its parent flow.
- provider
Id String - The provider ID for the subflow (e.g.,
basic-flow,form-flow, orclient-flow). - realm
Id String - requirement String
- The requirement setting for the subflow. Can be one of
REQUIRED,ALTERNATIVE,OPTIONAL,CONDITIONAL, orDISABLED. - alias String
- The alias of the subflow.
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.
Viewing docs for Keycloak v6.10.0
published on Saturday, Feb 21, 2026 by Pulumi
published on Saturday, Feb 21, 2026 by Pulumi
