Keycloak v6.2.1 published on Monday, Feb 3, 2025 by Pulumi
keycloak.openid.getClient
Explore with Pulumi AI
This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realmManagement = keycloak.openid.getClient({
realmId: "my-realm",
clientId: "realm-management",
});
// use the data source
const admin = realmManagement.then(realmManagement => keycloak.getRole({
realmId: "my-realm",
clientId: realmManagement.id,
name: "realm-admin",
}));
import pulumi
import pulumi_keycloak as keycloak
realm_management = keycloak.openid.get_client(realm_id="my-realm",
client_id="realm-management")
# use the data source
admin = keycloak.get_role(realm_id="my-realm",
client_id=realm_management.id,
name="realm-admin")
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realmManagement, err := openid.LookupClient(ctx, &openid.LookupClientArgs{
RealmId: "my-realm",
ClientId: "realm-management",
}, nil)
if err != nil {
return err
}
// use the data source
_, err = keycloak.LookupRole(ctx, &keycloak.LookupRoleArgs{
RealmId: "my-realm",
ClientId: pulumi.StringRef(realmManagement.Id),
Name: "realm-admin",
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realmManagement = Keycloak.OpenId.GetClient.Invoke(new()
{
RealmId = "my-realm",
ClientId = "realm-management",
});
// use the data source
var admin = Keycloak.GetRole.Invoke(new()
{
RealmId = "my-realm",
ClientId = realmManagement.Apply(getClientResult => getClientResult.Id),
Name = "realm-admin",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.openid.OpenidFunctions;
import com.pulumi.keycloak.openid.inputs.GetClientArgs;
import com.pulumi.keycloak.KeycloakFunctions;
import com.pulumi.keycloak.inputs.GetRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()
.realmId("my-realm")
.clientId("realm-management")
.build());
// use the data source
final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder()
.realmId("my-realm")
.clientId(realmManagement.applyValue(getClientResult -> getClientResult.id()))
.name("realm-admin")
.build());
}
}
variables:
realmManagement:
fn::invoke:
function: keycloak:openid:getClient
arguments:
realmId: my-realm
clientId: realm-management
# use the data source
admin:
fn::invoke:
function: keycloak:getRole
arguments:
realmId: my-realm
clientId: ${realmManagement.id}
name: realm-admin
Using getClient
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getClient(args: GetClientArgs, opts?: InvokeOptions): Promise<GetClientResult>
function getClientOutput(args: GetClientOutputArgs, opts?: InvokeOptions): Output<GetClientResult>
def get_client(client_id: Optional[str] = None,
consent_screen_text: Optional[str] = None,
display_on_consent_screen: Optional[bool] = None,
extra_config: Optional[Mapping[str, str]] = None,
oauth2_device_authorization_grant_enabled: Optional[bool] = None,
oauth2_device_code_lifespan: Optional[str] = None,
oauth2_device_polling_interval: Optional[str] = None,
realm_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetClientResult
def get_client_output(client_id: Optional[pulumi.Input[str]] = None,
consent_screen_text: Optional[pulumi.Input[str]] = None,
display_on_consent_screen: Optional[pulumi.Input[bool]] = None,
extra_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
oauth2_device_authorization_grant_enabled: Optional[pulumi.Input[bool]] = None,
oauth2_device_code_lifespan: Optional[pulumi.Input[str]] = None,
oauth2_device_polling_interval: Optional[pulumi.Input[str]] = None,
realm_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetClientResult]
func LookupClient(ctx *Context, args *LookupClientArgs, opts ...InvokeOption) (*LookupClientResult, error)
func LookupClientOutput(ctx *Context, args *LookupClientOutputArgs, opts ...InvokeOption) LookupClientResultOutput
> Note: This function is named LookupClient
in the Go SDK.
public static class GetClient
{
public static Task<GetClientResult> InvokeAsync(GetClientArgs args, InvokeOptions? opts = null)
public static Output<GetClientResult> Invoke(GetClientInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetClientResult> getClient(GetClientArgs args, InvokeOptions options)
public static Output<GetClientResult> getClient(GetClientArgs args, InvokeOptions options)
fn::invoke:
function: keycloak:openid/getClient:getClient
arguments:
# arguments dictionary
The following arguments are supported:
- Client
Id string - The client id (not its unique ID).
- Realm
Id string - The realm id.
- Consent
Screen stringText - Display
On boolConsent Screen - Extra
Config Dictionary<string, string> - bool
- Oauth2Device
Code stringLifespan - Oauth2Device
Polling stringInterval
- Client
Id string - The client id (not its unique ID).
- Realm
Id string - The realm id.
- Consent
Screen stringText - Display
On boolConsent Screen - Extra
Config map[string]string - bool
- Oauth2Device
Code stringLifespan - Oauth2Device
Polling stringInterval
- client
Id String - The client id (not its unique ID).
- realm
Id String - The realm id.
- consent
Screen StringText - display
On BooleanConsent Screen - extra
Config Map<String,String> - Boolean
- oauth2Device
Code StringLifespan - oauth2Device
Polling StringInterval
- client
Id string - The client id (not its unique ID).
- realm
Id string - The realm id.
- consent
Screen stringText - display
On booleanConsent Screen - extra
Config {[key: string]: string} - boolean
- oauth2Device
Code stringLifespan - oauth2Device
Polling stringInterval
- client_
id str - The client id (not its unique ID).
- realm_
id str - The realm id.
- consent_
screen_ strtext - display_
on_ boolconsent_ screen - extra_
config Mapping[str, str] - bool
- oauth2_
device_ strcode_ lifespan - oauth2_
device_ strpolling_ interval
- client
Id String - The client id (not its unique ID).
- realm
Id String - The realm id.
- consent
Screen StringText - display
On BooleanConsent Screen - extra
Config Map<String> - Boolean
- oauth2Device
Code StringLifespan - oauth2Device
Polling StringInterval
getClient Result
The following output properties are available:
- Access
Token stringLifespan - Access
Type string - Admin
Url string - Authentication
Flow List<GetBinding Overrides Client Authentication Flow Binding Override> - List<Get
Client Authorization> - Backchannel
Logout boolRevoke Offline Sessions - Backchannel
Logout boolSession Required - Backchannel
Logout stringUrl - Base
Url string - Client
Authenticator stringType - Client
Id string - Client
Offline stringSession Idle Timeout - Client
Offline stringSession Max Lifespan - Client
Secret string - Client
Session stringIdle Timeout - Client
Session stringMax Lifespan - Consent
Required bool - Description string
- Direct
Access boolGrants Enabled - Enabled bool
- Exclude
Session boolState From Auth Response - Extra
Config Dictionary<string, string> - Frontchannel
Logout boolEnabled - Frontchannel
Logout stringUrl - Full
Scope boolAllowed - Id string
- The provider-assigned unique ID for this managed resource.
- Implicit
Flow boolEnabled - Login
Theme string - Name string
- Pkce
Code stringChallenge Method - Realm
Id string - Resource
Server stringId - Root
Url string - Service
Account stringUser Id - Service
Accounts boolEnabled - Standard
Flow boolEnabled - Use
Refresh boolTokens - Use
Refresh boolTokens Client Credentials - Valid
Post List<string>Logout Redirect Uris - Valid
Redirect List<string>Uris - Web
Origins List<string> - Consent
Screen stringText - Display
On boolConsent Screen - bool
- Oauth2Device
Code stringLifespan - Oauth2Device
Polling stringInterval
- Access
Token stringLifespan - Access
Type string - Admin
Url string - Authentication
Flow []GetBinding Overrides Client Authentication Flow Binding Override - []Get
Client Authorization - Backchannel
Logout boolRevoke Offline Sessions - Backchannel
Logout boolSession Required - Backchannel
Logout stringUrl - Base
Url string - Client
Authenticator stringType - Client
Id string - Client
Offline stringSession Idle Timeout - Client
Offline stringSession Max Lifespan - Client
Secret string - Client
Session stringIdle Timeout - Client
Session stringMax Lifespan - Consent
Required bool - Description string
- Direct
Access boolGrants Enabled - Enabled bool
- Exclude
Session boolState From Auth Response - Extra
Config map[string]string - Frontchannel
Logout boolEnabled - Frontchannel
Logout stringUrl - Full
Scope boolAllowed - Id string
- The provider-assigned unique ID for this managed resource.
- Implicit
Flow boolEnabled - Login
Theme string - Name string
- Pkce
Code stringChallenge Method - Realm
Id string - Resource
Server stringId - Root
Url string - Service
Account stringUser Id - Service
Accounts boolEnabled - Standard
Flow boolEnabled - Use
Refresh boolTokens - Use
Refresh boolTokens Client Credentials - Valid
Post []stringLogout Redirect Uris - Valid
Redirect []stringUris - Web
Origins []string - Consent
Screen stringText - Display
On boolConsent Screen - bool
- Oauth2Device
Code stringLifespan - Oauth2Device
Polling stringInterval
- access
Token StringLifespan - access
Type String - admin
Url String - authentication
Flow List<GetBinding Overrides Client Authentication Flow Binding Override> - List<Get
Client Authorization> - backchannel
Logout BooleanRevoke Offline Sessions - backchannel
Logout BooleanSession Required - backchannel
Logout StringUrl - base
Url String - client
Authenticator StringType - client
Id String - client
Offline StringSession Idle Timeout - client
Offline StringSession Max Lifespan - client
Secret String - client
Session StringIdle Timeout - client
Session StringMax Lifespan - consent
Required Boolean - description String
- direct
Access BooleanGrants Enabled - enabled Boolean
- exclude
Session BooleanState From Auth Response - extra
Config Map<String,String> - frontchannel
Logout BooleanEnabled - frontchannel
Logout StringUrl - full
Scope BooleanAllowed - id String
- The provider-assigned unique ID for this managed resource.
- implicit
Flow BooleanEnabled - login
Theme String - name String
- pkce
Code StringChallenge Method - realm
Id String - resource
Server StringId - root
Url String - service
Account StringUser Id - service
Accounts BooleanEnabled - standard
Flow BooleanEnabled - use
Refresh BooleanTokens - use
Refresh BooleanTokens Client Credentials - valid
Post List<String>Logout Redirect Uris - valid
Redirect List<String>Uris - web
Origins List<String> - consent
Screen StringText - display
On BooleanConsent Screen - Boolean
- oauth2Device
Code StringLifespan - oauth2Device
Polling StringInterval
- access
Token stringLifespan - access
Type string - admin
Url string - authentication
Flow GetBinding Overrides Client Authentication Flow Binding Override[] - Get
Client Authorization[] - backchannel
Logout booleanRevoke Offline Sessions - backchannel
Logout booleanSession Required - backchannel
Logout stringUrl - base
Url string - client
Authenticator stringType - client
Id string - client
Offline stringSession Idle Timeout - client
Offline stringSession Max Lifespan - client
Secret string - client
Session stringIdle Timeout - client
Session stringMax Lifespan - consent
Required boolean - description string
- direct
Access booleanGrants Enabled - enabled boolean
- exclude
Session booleanState From Auth Response - extra
Config {[key: string]: string} - frontchannel
Logout booleanEnabled - frontchannel
Logout stringUrl - full
Scope booleanAllowed - id string
- The provider-assigned unique ID for this managed resource.
- implicit
Flow booleanEnabled - login
Theme string - name string
- pkce
Code stringChallenge Method - realm
Id string - resource
Server stringId - root
Url string - service
Account stringUser Id - service
Accounts booleanEnabled - standard
Flow booleanEnabled - use
Refresh booleanTokens - use
Refresh booleanTokens Client Credentials - valid
Post string[]Logout Redirect Uris - valid
Redirect string[]Uris - web
Origins string[] - consent
Screen stringText - display
On booleanConsent Screen - boolean
- oauth2Device
Code stringLifespan - oauth2Device
Polling stringInterval
- access_
token_ strlifespan - access_
type str - admin_
url str - authentication_
flow_ Sequence[Getbinding_ overrides Client Authentication Flow Binding Override] - Sequence[Get
Client Authorization] - backchannel_
logout_ boolrevoke_ offline_ sessions - backchannel_
logout_ boolsession_ required - backchannel_
logout_ strurl - base_
url str - client_
authenticator_ strtype - client_
id str - client_
offline_ strsession_ idle_ timeout - client_
offline_ strsession_ max_ lifespan - client_
secret str - client_
session_ stridle_ timeout - client_
session_ strmax_ lifespan - consent_
required bool - description str
- direct_
access_ boolgrants_ enabled - enabled bool
- exclude_
session_ boolstate_ from_ auth_ response - extra_
config Mapping[str, str] - frontchannel_
logout_ boolenabled - frontchannel_
logout_ strurl - full_
scope_ boolallowed - id str
- The provider-assigned unique ID for this managed resource.
- implicit_
flow_ boolenabled - login_
theme str - name str
- pkce_
code_ strchallenge_ method - realm_
id str - resource_
server_ strid - root_
url str - service_
account_ struser_ id - service_
accounts_ boolenabled - standard_
flow_ boolenabled - use_
refresh_ booltokens - use_
refresh_ booltokens_ client_ credentials - valid_
post_ Sequence[str]logout_ redirect_ uris - valid_
redirect_ Sequence[str]uris - web_
origins Sequence[str] - consent_
screen_ strtext - display_
on_ boolconsent_ screen - bool
- oauth2_
device_ strcode_ lifespan - oauth2_
device_ strpolling_ interval
- access
Token StringLifespan - access
Type String - admin
Url String - authentication
Flow List<Property Map>Binding Overrides - List<Property Map>
- backchannel
Logout BooleanRevoke Offline Sessions - backchannel
Logout BooleanSession Required - backchannel
Logout StringUrl - base
Url String - client
Authenticator StringType - client
Id String - client
Offline StringSession Idle Timeout - client
Offline StringSession Max Lifespan - client
Secret String - client
Session StringIdle Timeout - client
Session StringMax Lifespan - consent
Required Boolean - description String
- direct
Access BooleanGrants Enabled - enabled Boolean
- exclude
Session BooleanState From Auth Response - extra
Config Map<String> - frontchannel
Logout BooleanEnabled - frontchannel
Logout StringUrl - full
Scope BooleanAllowed - id String
- The provider-assigned unique ID for this managed resource.
- implicit
Flow BooleanEnabled - login
Theme String - name String
- pkce
Code StringChallenge Method - realm
Id String - resource
Server StringId - root
Url String - service
Account StringUser Id - service
Accounts BooleanEnabled - standard
Flow BooleanEnabled - use
Refresh BooleanTokens - use
Refresh BooleanTokens Client Credentials - valid
Post List<String>Logout Redirect Uris - valid
Redirect List<String>Uris - web
Origins List<String> - consent
Screen StringText - display
On BooleanConsent Screen - Boolean
- oauth2Device
Code StringLifespan - oauth2Device
Polling StringInterval
Supporting Types
GetClientAuthenticationFlowBindingOverride
- Browser
Id string - Direct
Grant stringId
- Browser
Id string - Direct
Grant stringId
- browser
Id String - direct
Grant StringId
- browser
Id string - direct
Grant stringId
- browser_
id str - direct_
grant_ strid
- browser
Id String - direct
Grant StringId
GetClientAuthorization
- Allow
Remote boolResource Management - Decision
Strategy string - Keep
Defaults bool - Policy
Enforcement stringMode
- Allow
Remote boolResource Management - Decision
Strategy string - Keep
Defaults bool - Policy
Enforcement stringMode
- allow
Remote BooleanResource Management - decision
Strategy String - keep
Defaults Boolean - policy
Enforcement StringMode
- allow
Remote booleanResource Management - decision
Strategy string - keep
Defaults boolean - policy
Enforcement stringMode
- allow
Remote BooleanResource Management - decision
Strategy String - keep
Defaults Boolean - policy
Enforcement StringMode
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloak
Terraform Provider.