keycloak.IdentityProviderTokenExchangeScopePermission

Import

This resource can be imported using the format {{realm_id}}/{{provider_alias}}, where provider_alias is the alias that you assign to the identity provider upon creation. Examplebash

 $ pulumi import keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission oidc_idp_permission my-realm/myIdp

Example Usage

using System.Collections.Generic;
using Pulumi;
using Keycloak = Pulumi.Keycloak;

return await Deployment.RunAsync(() => 
{
    var tokenExchangeRealm = new Keycloak.Realm("tokenExchangeRealm", new()
    {
        RealmName = "token-exchange_destination_realm",
        Enabled = true,
    });

    var tokenExchangeMyOidcIdp = new Keycloak.Oidc.IdentityProvider("tokenExchangeMyOidcIdp", new()
    {
        Realm = tokenExchangeRealm.Id,
        Alias = "myIdp",
        AuthorizationUrl = "http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth",
        TokenUrl = "http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token",
        ClientId = "clientId",
        ClientSecret = "secret",
        DefaultScopes = "openid",
    });

    var token_exchangeWebappClient = new Keycloak.OpenId.Client("token-exchangeWebappClient", new()
    {
        RealmId = tokenExchangeRealm.Id,
        ClientId = "webapp_client",
        ClientSecret = "secret",
        Description = "a webapp client on the destination realm",
        AccessType = "CONFIDENTIAL",
        StandardFlowEnabled = true,
        ValidRedirectUris = new[]
        {
            "http://localhost:8080/*",
        },
    });

    //relevant part
    var oidcIdpPermission = new Keycloak.IdentityProviderTokenExchangeScopePermission("oidcIdpPermission", new()
    {
        RealmId = tokenExchangeRealm.Id,
        ProviderAlias = tokenExchangeMyOidcIdp.Alias,
        PolicyType = "client",
        Clients = new[]
        {
            token_exchangeWebappClient.Id,
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc"
	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		tokenExchangeRealm, err := keycloak.NewRealm(ctx, "tokenExchangeRealm", &keycloak.RealmArgs{
			Realm:   pulumi.String("token-exchange_destination_realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		tokenExchangeMyOidcIdp, err := oidc.NewIdentityProvider(ctx, "tokenExchangeMyOidcIdp", &oidc.IdentityProviderArgs{
			Realm:            tokenExchangeRealm.ID(),
			Alias:            pulumi.String("myIdp"),
			AuthorizationUrl: pulumi.String("http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth"),
			TokenUrl:         pulumi.String("http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token"),
			ClientId:         pulumi.String("clientId"),
			ClientSecret:     pulumi.String("secret"),
			DefaultScopes:    pulumi.String("openid"),
		})
		if err != nil {
			return err
		}
		_, err = openid.NewClient(ctx, "token-exchangeWebappClient", &openid.ClientArgs{
			RealmId:             tokenExchangeRealm.ID(),
			ClientId:            pulumi.String("webapp_client"),
			ClientSecret:        pulumi.String("secret"),
			Description:         pulumi.String("a webapp client on the destination realm"),
			AccessType:          pulumi.String("CONFIDENTIAL"),
			StandardFlowEnabled: pulumi.Bool(true),
			ValidRedirectUris: pulumi.StringArray{
				pulumi.String("http://localhost:8080/*"),
			},
		})
		if err != nil {
			return err
		}
		_, err = keycloak.NewIdentityProviderTokenExchangeScopePermission(ctx, "oidcIdpPermission", &keycloak.IdentityProviderTokenExchangeScopePermissionArgs{
			RealmId:       tokenExchangeRealm.ID(),
			ProviderAlias: tokenExchangeMyOidcIdp.Alias,
			PolicyType:    pulumi.String("client"),
			Clients: pulumi.StringArray{
				token_exchangeWebappClient.ID(),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.oidc.IdentityProvider;
import com.pulumi.keycloak.oidc.IdentityProviderArgs;
import com.pulumi.keycloak.openid.Client;
import com.pulumi.keycloak.openid.ClientArgs;
import com.pulumi.keycloak.IdentityProviderTokenExchangeScopePermission;
import com.pulumi.keycloak.IdentityProviderTokenExchangeScopePermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var tokenExchangeRealm = new Realm("tokenExchangeRealm", RealmArgs.builder()        
            .realm("token-exchange_destination_realm")
            .enabled(true)
            .build());

        var tokenExchangeMyOidcIdp = new IdentityProvider("tokenExchangeMyOidcIdp", IdentityProviderArgs.builder()        
            .realm(tokenExchangeRealm.id())
            .alias("myIdp")
            .authorizationUrl("http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth")
            .tokenUrl("http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token")
            .clientId("clientId")
            .clientSecret("secret")
            .defaultScopes("openid")
            .build());

        var token_exchangeWebappClient = new Client("token-exchangeWebappClient", ClientArgs.builder()        
            .realmId(tokenExchangeRealm.id())
            .clientId("webapp_client")
            .clientSecret("secret")
            .description("a webapp client on the destination realm")
            .accessType("CONFIDENTIAL")
            .standardFlowEnabled(true)
            .validRedirectUris("http://localhost:8080/*")
            .build());

        var oidcIdpPermission = new IdentityProviderTokenExchangeScopePermission("oidcIdpPermission", IdentityProviderTokenExchangeScopePermissionArgs.builder()        
            .realmId(tokenExchangeRealm.id())
            .providerAlias(tokenExchangeMyOidcIdp.alias())
            .policyType("client")
            .clients(token_exchangeWebappClient.id())
            .build());

    }
}
import pulumi
import pulumi_keycloak as keycloak

token_exchange_realm = keycloak.Realm("tokenExchangeRealm",
    realm="token-exchange_destination_realm",
    enabled=True)
token_exchange_my_oidc_idp = keycloak.oidc.IdentityProvider("tokenExchangeMyOidcIdp",
    realm=token_exchange_realm.id,
    alias="myIdp",
    authorization_url="http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth",
    token_url="http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token",
    client_id="clientId",
    client_secret="secret",
    default_scopes="openid")
token_exchange_webapp_client = keycloak.openid.Client("token-exchangeWebappClient",
    realm_id=token_exchange_realm.id,
    client_id="webapp_client",
    client_secret="secret",
    description="a webapp client on the destination realm",
    access_type="CONFIDENTIAL",
    standard_flow_enabled=True,
    valid_redirect_uris=["http://localhost:8080/*"])
#relevant part
oidc_idp_permission = keycloak.IdentityProviderTokenExchangeScopePermission("oidcIdpPermission",
    realm_id=token_exchange_realm.id,
    provider_alias=token_exchange_my_oidc_idp.alias,
    policy_type="client",
    clients=[token_exchange_webapp_client.id])
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const tokenExchangeRealm = new keycloak.Realm("tokenExchangeRealm", {
    realm: "token-exchange_destination_realm",
    enabled: true,
});
const tokenExchangeMyOidcIdp = new keycloak.oidc.IdentityProvider("tokenExchangeMyOidcIdp", {
    realm: tokenExchangeRealm.id,
    alias: "myIdp",
    authorizationUrl: "http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth",
    tokenUrl: "http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token",
    clientId: "clientId",
    clientSecret: "secret",
    defaultScopes: "openid",
});
const token_exchangeWebappClient = new keycloak.openid.Client("token-exchangeWebappClient", {
    realmId: tokenExchangeRealm.id,
    clientId: "webapp_client",
    clientSecret: "secret",
    description: "a webapp client on the destination realm",
    accessType: "CONFIDENTIAL",
    standardFlowEnabled: true,
    validRedirectUris: ["http://localhost:8080/*"],
});
//relevant part
const oidcIdpPermission = new keycloak.IdentityProviderTokenExchangeScopePermission("oidcIdpPermission", {
    realmId: tokenExchangeRealm.id,
    providerAlias: tokenExchangeMyOidcIdp.alias,
    policyType: "client",
    clients: [token_exchangeWebappClient.id],
});
resources:
  tokenExchangeRealm:
    type: keycloak:Realm
    properties:
      realm: token-exchange_destination_realm
      enabled: true
  tokenExchangeMyOidcIdp:
    type: keycloak:oidc:IdentityProvider
    properties:
      realm: ${tokenExchangeRealm.id}
      alias: myIdp
      authorizationUrl: http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth
      tokenUrl: http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token
      clientId: clientId
      clientSecret: secret
      defaultScopes: openid
  token-exchangeWebappClient:
    type: keycloak:openid:Client
    properties:
      realmId: ${tokenExchangeRealm.id}
      clientId: webapp_client
      clientSecret: secret
      description: a webapp client on the destination realm
      accessType: CONFIDENTIAL
      standardFlowEnabled: true
      validRedirectUris:
        - http://localhost:8080/*
  # relevant part
  oidcIdpPermission:
    type: keycloak:IdentityProviderTokenExchangeScopePermission
    properties:
      realmId: ${tokenExchangeRealm.id}
      providerAlias: ${tokenExchangeMyOidcIdp.alias}
      policyType: client
      clients:
        - ${["token-exchangeWebappClient"].id}

Create IdentityProviderTokenExchangeScopePermission Resource

new IdentityProviderTokenExchangeScopePermission(name: string, args: IdentityProviderTokenExchangeScopePermissionArgs, opts?: CustomResourceOptions);
@overload
def IdentityProviderTokenExchangeScopePermission(resource_name: str,
                                                 opts: Optional[ResourceOptions] = None,
                                                 clients: Optional[Sequence[str]] = None,
                                                 policy_type: Optional[str] = None,
                                                 provider_alias: Optional[str] = None,
                                                 realm_id: Optional[str] = None)
@overload
def IdentityProviderTokenExchangeScopePermission(resource_name: str,
                                                 args: IdentityProviderTokenExchangeScopePermissionArgs,
                                                 opts: Optional[ResourceOptions] = None)
func NewIdentityProviderTokenExchangeScopePermission(ctx *Context, name string, args IdentityProviderTokenExchangeScopePermissionArgs, opts ...ResourceOption) (*IdentityProviderTokenExchangeScopePermission, error)
public IdentityProviderTokenExchangeScopePermission(string name, IdentityProviderTokenExchangeScopePermissionArgs args, CustomResourceOptions? opts = null)
public IdentityProviderTokenExchangeScopePermission(String name, IdentityProviderTokenExchangeScopePermissionArgs args)
public IdentityProviderTokenExchangeScopePermission(String name, IdentityProviderTokenExchangeScopePermissionArgs args, CustomResourceOptions options)
type: keycloak:IdentityProviderTokenExchangeScopePermission
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args IdentityProviderTokenExchangeScopePermissionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args IdentityProviderTokenExchangeScopePermissionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args IdentityProviderTokenExchangeScopePermissionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args IdentityProviderTokenExchangeScopePermissionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args IdentityProviderTokenExchangeScopePermissionArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

IdentityProviderTokenExchangeScopePermission Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The IdentityProviderTokenExchangeScopePermission resource accepts the following input properties:

Clients List<string>

A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission.

ProviderAlias string

Alias of the identity provider.

RealmId string

The realm that the identity provider exists in.

PolicyType string

Defaults to "client" This is also the only value policy type supported by this provider.

Clients []string

A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission.

ProviderAlias string

Alias of the identity provider.

RealmId string

The realm that the identity provider exists in.

PolicyType string

Defaults to "client" This is also the only value policy type supported by this provider.

clients List<String>

A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission.

providerAlias String

Alias of the identity provider.

realmId String

The realm that the identity provider exists in.

policyType String

Defaults to "client" This is also the only value policy type supported by this provider.

clients string[]

A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission.

providerAlias string

Alias of the identity provider.

realmId string

The realm that the identity provider exists in.

policyType string

Defaults to "client" This is also the only value policy type supported by this provider.

clients Sequence[str]

A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission.

provider_alias str

Alias of the identity provider.

realm_id str

The realm that the identity provider exists in.

policy_type str

Defaults to "client" This is also the only value policy type supported by this provider.

clients List<String>

A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission.

providerAlias String

Alias of the identity provider.

realmId String

The realm that the identity provider exists in.

policyType String

Defaults to "client" This is also the only value policy type supported by this provider.

Outputs

All input properties are implicitly available as output properties. Additionally, the IdentityProviderTokenExchangeScopePermission resource produces the following output properties:

AuthorizationIdpResourceId string

(Computed) Resource ID representing the identity provider, this automatically created by keycloak.

AuthorizationResourceServerId string

(Computed) Resource server ID representing the realm management client on which this permission is managed.

AuthorizationTokenExchangeScopePermissionId string

(Computed) Permission ID representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy ID will be set on this permission.

Id string

The provider-assigned unique ID for this managed resource.

PolicyId string

(Computed) Policy ID that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider.

AuthorizationIdpResourceId string

(Computed) Resource ID representing the identity provider, this automatically created by keycloak.

AuthorizationResourceServerId string

(Computed) Resource server ID representing the realm management client on which this permission is managed.

AuthorizationTokenExchangeScopePermissionId string

(Computed) Permission ID representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy ID will be set on this permission.

Id string

The provider-assigned unique ID for this managed resource.

PolicyId string

(Computed) Policy ID that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider.

authorizationIdpResourceId String

(Computed) Resource ID representing the identity provider, this automatically created by keycloak.

authorizationResourceServerId String

(Computed) Resource server ID representing the realm management client on which this permission is managed.

authorizationTokenExchangeScopePermissionId String

(Computed) Permission ID representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy ID will be set on this permission.

id String

The provider-assigned unique ID for this managed resource.

policyId String

(Computed) Policy ID that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider.

authorizationIdpResourceId string

(Computed) Resource ID representing the identity provider, this automatically created by keycloak.

authorizationResourceServerId string

(Computed) Resource server ID representing the realm management client on which this permission is managed.

authorizationTokenExchangeScopePermissionId string

(Computed) Permission ID representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy ID will be set on this permission.

id string

The provider-assigned unique ID for this managed resource.

policyId string

(Computed) Policy ID that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider.

authorization_idp_resource_id str

(Computed) Resource ID representing the identity provider, this automatically created by keycloak.

authorization_resource_server_id str

(Computed) Resource server ID representing the realm management client on which this permission is managed.

authorization_token_exchange_scope_permission_id str

(Computed) Permission ID representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy ID will be set on this permission.

id str

The provider-assigned unique ID for this managed resource.

policy_id str

(Computed) Policy ID that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider.

authorizationIdpResourceId String

(Computed) Resource ID representing the identity provider, this automatically created by keycloak.

authorizationResourceServerId String

(Computed) Resource server ID representing the realm management client on which this permission is managed.

authorizationTokenExchangeScopePermissionId String

(Computed) Permission ID representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy ID will be set on this permission.

id String

The provider-assigned unique ID for this managed resource.

policyId String

(Computed) Policy ID that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider.

Look up Existing IdentityProviderTokenExchangeScopePermission Resource

Get an existing IdentityProviderTokenExchangeScopePermission resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: IdentityProviderTokenExchangeScopePermissionState, opts?: CustomResourceOptions): IdentityProviderTokenExchangeScopePermission
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        authorization_idp_resource_id: Optional[str] = None,
        authorization_resource_server_id: Optional[str] = None,
        authorization_token_exchange_scope_permission_id: Optional[str] = None,
        clients: Optional[Sequence[str]] = None,
        policy_id: Optional[str] = None,
        policy_type: Optional[str] = None,
        provider_alias: Optional[str] = None,
        realm_id: Optional[str] = None) -> IdentityProviderTokenExchangeScopePermission
func GetIdentityProviderTokenExchangeScopePermission(ctx *Context, name string, id IDInput, state *IdentityProviderTokenExchangeScopePermissionState, opts ...ResourceOption) (*IdentityProviderTokenExchangeScopePermission, error)
public static IdentityProviderTokenExchangeScopePermission Get(string name, Input<string> id, IdentityProviderTokenExchangeScopePermissionState? state, CustomResourceOptions? opts = null)
public static IdentityProviderTokenExchangeScopePermission get(String name, Output<String> id, IdentityProviderTokenExchangeScopePermissionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AuthorizationIdpResourceId string

(Computed) Resource ID representing the identity provider, this automatically created by keycloak.

AuthorizationResourceServerId string

(Computed) Resource server ID representing the realm management client on which this permission is managed.

AuthorizationTokenExchangeScopePermissionId string

(Computed) Permission ID representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy ID will be set on this permission.

Clients List<string>

A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission.

PolicyId string

(Computed) Policy ID that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider.

PolicyType string

Defaults to "client" This is also the only value policy type supported by this provider.

ProviderAlias string

Alias of the identity provider.

RealmId string

The realm that the identity provider exists in.

AuthorizationIdpResourceId string

(Computed) Resource ID representing the identity provider, this automatically created by keycloak.

AuthorizationResourceServerId string

(Computed) Resource server ID representing the realm management client on which this permission is managed.

AuthorizationTokenExchangeScopePermissionId string

(Computed) Permission ID representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy ID will be set on this permission.

Clients []string

A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission.

PolicyId string

(Computed) Policy ID that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider.

PolicyType string

Defaults to "client" This is also the only value policy type supported by this provider.

ProviderAlias string

Alias of the identity provider.

RealmId string

The realm that the identity provider exists in.

authorizationIdpResourceId String

(Computed) Resource ID representing the identity provider, this automatically created by keycloak.

authorizationResourceServerId String

(Computed) Resource server ID representing the realm management client on which this permission is managed.

authorizationTokenExchangeScopePermissionId String

(Computed) Permission ID representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy ID will be set on this permission.

clients List<String>

A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission.

policyId String

(Computed) Policy ID that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider.

policyType String

Defaults to "client" This is also the only value policy type supported by this provider.

providerAlias String

Alias of the identity provider.

realmId String

The realm that the identity provider exists in.

authorizationIdpResourceId string

(Computed) Resource ID representing the identity provider, this automatically created by keycloak.

authorizationResourceServerId string

(Computed) Resource server ID representing the realm management client on which this permission is managed.

authorizationTokenExchangeScopePermissionId string

(Computed) Permission ID representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy ID will be set on this permission.

clients string[]

A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission.

policyId string

(Computed) Policy ID that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider.

policyType string

Defaults to "client" This is also the only value policy type supported by this provider.

providerAlias string

Alias of the identity provider.

realmId string

The realm that the identity provider exists in.

authorization_idp_resource_id str

(Computed) Resource ID representing the identity provider, this automatically created by keycloak.

authorization_resource_server_id str

(Computed) Resource server ID representing the realm management client on which this permission is managed.

authorization_token_exchange_scope_permission_id str

(Computed) Permission ID representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy ID will be set on this permission.

clients Sequence[str]

A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission.

policy_id str

(Computed) Policy ID that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider.

policy_type str

Defaults to "client" This is also the only value policy type supported by this provider.

provider_alias str

Alias of the identity provider.

realm_id str

The realm that the identity provider exists in.

authorizationIdpResourceId String

(Computed) Resource ID representing the identity provider, this automatically created by keycloak.

authorizationResourceServerId String

(Computed) Resource server ID representing the realm management client on which this permission is managed.

authorizationTokenExchangeScopePermissionId String

(Computed) Permission ID representing the Permission with scope 'Token Exchange' and the resource 'authorization_idp_resource_id', this automatically created by keycloak, the policy ID will be set on this permission.

clients List<String>

A list of IDs of the clients for which a policy will be created and set on scope based token exchange permission.

policyId String

(Computed) Policy ID that will be set on the scope based token exchange permission automatically created by enabling permissions on the reference identity provider.

policyType String

Defaults to "client" This is also the only value policy type supported by this provider.

providerAlias String

Alias of the identity provider.

realmId String

The realm that the identity provider exists in.

Package Details

Repository
Keycloak pulumi/pulumi-keycloak
License
Apache-2.0
Notes

This Pulumi package is based on the keycloak Terraform Provider.