konnect 3.4.1 published on Wednesday, Oct 29, 2025 by kong
konnect.GatewayPluginAiMcpOauth2
GatewayPluginAiMcpOauth2 Resource
Example Usage
Example coming soon!
Example coming soon!
Example coming soon!
Example coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.konnect.GatewayPluginAiMcpOauth2;
import com.pulumi.konnect.GatewayPluginAiMcpOauth2Args;
import com.pulumi.konnect.inputs.GatewayPluginAiMcpOauth2ConfigArgs;
import com.pulumi.konnect.inputs.GatewayPluginAiMcpOauth2OrderingArgs;
import com.pulumi.konnect.inputs.GatewayPluginAiMcpOauth2OrderingAfterArgs;
import com.pulumi.konnect.inputs.GatewayPluginAiMcpOauth2OrderingBeforeArgs;
import com.pulumi.konnect.inputs.GatewayPluginAiMcpOauth2PartialArgs;
import com.pulumi.konnect.inputs.GatewayPluginAiMcpOauth2RouteArgs;
import com.pulumi.konnect.inputs.GatewayPluginAiMcpOauth2ServiceArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myGatewaypluginaimcpoauth2 = new GatewayPluginAiMcpOauth2("myGatewaypluginaimcpoauth2", GatewayPluginAiMcpOauth2Args.builder()
.config(GatewayPluginAiMcpOauth2ConfigArgs.builder()
.args(Map.of("key", serializeJson(
"value")))
.authorization_servers("...")
.cache_introspection(false)
.claim_to_header(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.client_alg("HS384")
.client_auth("none")
.client_id("...my_client_id...")
.client_jwk("...my_client_jwk...")
.client_secret("...my_client_secret...")
.headers(Map.of("key", serializeJson(
"value")))
.http_proxy("...my_http_proxy...")
.http_proxy_authorization("...my_http_proxy_authorization...")
.http_version(9.95)
.https_proxy("...my_https_proxy...")
.https_proxy_authorization("...my_https_proxy_authorization...")
.insecure_relaxed_audience_validation(false)
.introspection_endpoint("...my_introspection_endpoint...")
.introspection_format("base64")
.keepalive(false)
.max_request_body_size(6)
.metadata_endpoint("...my_metadata_endpoint...")
.mtls_introspection_endpoint("...my_mtls_introspection_endpoint...")
.no_proxy("...my_no_proxy...")
.resource("...my_resource...")
.scopes_supported("...")
.ssl_verify(true)
.timeout(4.02)
.tls_client_auth_cert("...my_tls_client_auth_cert...")
.tls_client_auth_key("...my_tls_client_auth_key...")
.tls_client_auth_ssl_verify(false)
.build())
.controlPlaneId("9524ec7d-36d9-465d-a8c5-83a3c9390458")
.createdAt(6)
.enabled(true)
.gatewayPluginAiMcpOauth2Id("...my_id...")
.instanceName("...my_instance_name...")
.ordering(GatewayPluginAiMcpOauth2OrderingArgs.builder()
.after(GatewayPluginAiMcpOauth2OrderingAfterArgs.builder()
.access("...")
.build())
.before(GatewayPluginAiMcpOauth2OrderingBeforeArgs.builder()
.access("...")
.build())
.build())
.partials(GatewayPluginAiMcpOauth2PartialArgs.builder()
.id("...my_id...")
.name("...my_name...")
.path("...my_path...")
.build())
.protocols("grpc")
.route(GatewayPluginAiMcpOauth2RouteArgs.builder()
.id("...my_id...")
.build())
.service(GatewayPluginAiMcpOauth2ServiceArgs.builder()
.id("...my_id...")
.build())
.tags("...")
.updatedAt(4)
.build());
}
}
resources:
myGatewaypluginaimcpoauth2:
type: konnect:GatewayPluginAiMcpOauth2
properties:
config:
args:
key:
fn::toJSON: value
authorization_servers:
- '...'
cache_introspection: false
claim_to_header:
- claim: '...my_claim...'
header: '...my_header...'
client_alg: HS384
client_auth: none
client_id: '...my_client_id...'
client_jwk: '...my_client_jwk...'
client_secret: '...my_client_secret...'
headers:
key:
fn::toJSON: value
http_proxy: '...my_http_proxy...'
http_proxy_authorization: '...my_http_proxy_authorization...'
http_version: 9.95
https_proxy: '...my_https_proxy...'
https_proxy_authorization: '...my_https_proxy_authorization...'
insecure_relaxed_audience_validation: false
introspection_endpoint: '...my_introspection_endpoint...'
introspection_format: base64
keepalive: false
max_request_body_size: 6
metadata_endpoint: '...my_metadata_endpoint...'
mtls_introspection_endpoint: '...my_mtls_introspection_endpoint...'
no_proxy: '...my_no_proxy...'
resource: '...my_resource...'
scopes_supported:
- '...'
ssl_verify: true
timeout: 4.02
tls_client_auth_cert: '...my_tls_client_auth_cert...'
tls_client_auth_key: '...my_tls_client_auth_key...'
tls_client_auth_ssl_verify: false
controlPlaneId: 9524ec7d-36d9-465d-a8c5-83a3c9390458
createdAt: 6
enabled: true
gatewayPluginAiMcpOauth2Id: '...my_id...'
instanceName: '...my_instance_name...'
ordering:
after:
access:
- '...'
before:
access:
- '...'
partials:
- id: '...my_id...'
name: '...my_name...'
path: '...my_path...'
protocols:
- grpc
route:
id: '...my_id...'
service:
id: '...my_id...'
tags:
- '...'
updatedAt: 4
Create GatewayPluginAiMcpOauth2 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GatewayPluginAiMcpOauth2(name: string, args: GatewayPluginAiMcpOauth2Args, opts?: CustomResourceOptions);@overload
def GatewayPluginAiMcpOauth2(resource_name: str,
args: GatewayPluginAiMcpOauth2Args,
opts: Optional[ResourceOptions] = None)
@overload
def GatewayPluginAiMcpOauth2(resource_name: str,
opts: Optional[ResourceOptions] = None,
control_plane_id: Optional[str] = None,
ordering: Optional[GatewayPluginAiMcpOauth2OrderingArgs] = None,
created_at: Optional[float] = None,
enabled: Optional[bool] = None,
gateway_plugin_ai_mcp_oauth2_id: Optional[str] = None,
instance_name: Optional[str] = None,
config: Optional[GatewayPluginAiMcpOauth2ConfigArgs] = None,
partials: Optional[Sequence[GatewayPluginAiMcpOauth2PartialArgs]] = None,
protocols: Optional[Sequence[str]] = None,
route: Optional[GatewayPluginAiMcpOauth2RouteArgs] = None,
service: Optional[GatewayPluginAiMcpOauth2ServiceArgs] = None,
tags: Optional[Sequence[str]] = None,
updated_at: Optional[float] = None)func NewGatewayPluginAiMcpOauth2(ctx *Context, name string, args GatewayPluginAiMcpOauth2Args, opts ...ResourceOption) (*GatewayPluginAiMcpOauth2, error)public GatewayPluginAiMcpOauth2(string name, GatewayPluginAiMcpOauth2Args args, CustomResourceOptions? opts = null)
public GatewayPluginAiMcpOauth2(String name, GatewayPluginAiMcpOauth2Args args)
public GatewayPluginAiMcpOauth2(String name, GatewayPluginAiMcpOauth2Args args, CustomResourceOptions options)
type: konnect:GatewayPluginAiMcpOauth2
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GatewayPluginAiMcpOauth2Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GatewayPluginAiMcpOauth2Args
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GatewayPluginAiMcpOauth2Args
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GatewayPluginAiMcpOauth2Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GatewayPluginAiMcpOauth2Args
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var gatewayPluginAiMcpOauth2Resource = new Konnect.GatewayPluginAiMcpOauth2("gatewayPluginAiMcpOauth2Resource", new()
{
ControlPlaneId = "string",
Ordering = new Konnect.Inputs.GatewayPluginAiMcpOauth2OrderingArgs
{
After = new Konnect.Inputs.GatewayPluginAiMcpOauth2OrderingAfterArgs
{
Accesses = new[]
{
"string",
},
},
Before = new Konnect.Inputs.GatewayPluginAiMcpOauth2OrderingBeforeArgs
{
Accesses = new[]
{
"string",
},
},
},
CreatedAt = 0,
Enabled = false,
GatewayPluginAiMcpOauth2Id = "string",
InstanceName = "string",
Config = new Konnect.Inputs.GatewayPluginAiMcpOauth2ConfigArgs
{
ClientId = "string",
AuthorizationServers = new[]
{
"string",
},
Resource = "string",
IntrospectionEndpoint = "string",
HttpsProxyAuthorization = "string",
IntrospectionFormat = "string",
ClientAlg = "string",
ClientJwk = "string",
ClientSecret = "string",
Headers =
{
{ "string", "string" },
},
HttpProxy = "string",
HttpProxyAuthorization = "string",
HttpVersion = 0,
HttpsProxy = "string",
Args =
{
{ "string", "string" },
},
InsecureRelaxedAudienceValidation = false,
ClaimToHeaders = new[]
{
new Konnect.Inputs.GatewayPluginAiMcpOauth2ConfigClaimToHeaderArgs
{
Claim = "string",
Header = "string",
},
},
ClientAuth = "string",
Keepalive = false,
MaxRequestBodySize = 0,
MetadataEndpoint = "string",
MtlsIntrospectionEndpoint = "string",
NoProxy = "string",
CacheIntrospection = false,
ScopesSupporteds = new[]
{
"string",
},
SslVerify = false,
Timeout = 0,
TlsClientAuthCert = "string",
TlsClientAuthKey = "string",
TlsClientAuthSslVerify = false,
},
Partials = new[]
{
new Konnect.Inputs.GatewayPluginAiMcpOauth2PartialArgs
{
Id = "string",
Name = "string",
Path = "string",
},
},
Protocols = new[]
{
"string",
},
Route = new Konnect.Inputs.GatewayPluginAiMcpOauth2RouteArgs
{
Id = "string",
},
Service = new Konnect.Inputs.GatewayPluginAiMcpOauth2ServiceArgs
{
Id = "string",
},
Tags = new[]
{
"string",
},
UpdatedAt = 0,
});
example, err := konnect.NewGatewayPluginAiMcpOauth2(ctx, "gatewayPluginAiMcpOauth2Resource", &konnect.GatewayPluginAiMcpOauth2Args{
ControlPlaneId: pulumi.String("string"),
Ordering: &konnect.GatewayPluginAiMcpOauth2OrderingArgs{
After: &konnect.GatewayPluginAiMcpOauth2OrderingAfterArgs{
Accesses: pulumi.StringArray{
pulumi.String("string"),
},
},
Before: &konnect.GatewayPluginAiMcpOauth2OrderingBeforeArgs{
Accesses: pulumi.StringArray{
pulumi.String("string"),
},
},
},
CreatedAt: pulumi.Float64(0),
Enabled: pulumi.Bool(false),
GatewayPluginAiMcpOauth2Id: pulumi.String("string"),
InstanceName: pulumi.String("string"),
Config: &konnect.GatewayPluginAiMcpOauth2ConfigArgs{
ClientId: pulumi.String("string"),
AuthorizationServers: pulumi.StringArray{
pulumi.String("string"),
},
Resource: pulumi.String("string"),
IntrospectionEndpoint: pulumi.String("string"),
HttpsProxyAuthorization: pulumi.String("string"),
IntrospectionFormat: pulumi.String("string"),
ClientAlg: pulumi.String("string"),
ClientJwk: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
Headers: pulumi.StringMap{
"string": pulumi.String("string"),
},
HttpProxy: pulumi.String("string"),
HttpProxyAuthorization: pulumi.String("string"),
HttpVersion: pulumi.Float64(0),
HttpsProxy: pulumi.String("string"),
Args: pulumi.StringMap{
"string": pulumi.String("string"),
},
InsecureRelaxedAudienceValidation: pulumi.Bool(false),
ClaimToHeaders: konnect.GatewayPluginAiMcpOauth2ConfigClaimToHeaderArray{
&konnect.GatewayPluginAiMcpOauth2ConfigClaimToHeaderArgs{
Claim: pulumi.String("string"),
Header: pulumi.String("string"),
},
},
ClientAuth: pulumi.String("string"),
Keepalive: pulumi.Bool(false),
MaxRequestBodySize: pulumi.Float64(0),
MetadataEndpoint: pulumi.String("string"),
MtlsIntrospectionEndpoint: pulumi.String("string"),
NoProxy: pulumi.String("string"),
CacheIntrospection: pulumi.Bool(false),
ScopesSupporteds: pulumi.StringArray{
pulumi.String("string"),
},
SslVerify: pulumi.Bool(false),
Timeout: pulumi.Float64(0),
TlsClientAuthCert: pulumi.String("string"),
TlsClientAuthKey: pulumi.String("string"),
TlsClientAuthSslVerify: pulumi.Bool(false),
},
Partials: konnect.GatewayPluginAiMcpOauth2PartialArray{
&konnect.GatewayPluginAiMcpOauth2PartialArgs{
Id: pulumi.String("string"),
Name: pulumi.String("string"),
Path: pulumi.String("string"),
},
},
Protocols: pulumi.StringArray{
pulumi.String("string"),
},
Route: &konnect.GatewayPluginAiMcpOauth2RouteArgs{
Id: pulumi.String("string"),
},
Service: &konnect.GatewayPluginAiMcpOauth2ServiceArgs{
Id: pulumi.String("string"),
},
Tags: pulumi.StringArray{
pulumi.String("string"),
},
UpdatedAt: pulumi.Float64(0),
})
var gatewayPluginAiMcpOauth2Resource = new GatewayPluginAiMcpOauth2("gatewayPluginAiMcpOauth2Resource", GatewayPluginAiMcpOauth2Args.builder()
.controlPlaneId("string")
.ordering(GatewayPluginAiMcpOauth2OrderingArgs.builder()
.after(GatewayPluginAiMcpOauth2OrderingAfterArgs.builder()
.accesses("string")
.build())
.before(GatewayPluginAiMcpOauth2OrderingBeforeArgs.builder()
.accesses("string")
.build())
.build())
.createdAt(0.0)
.enabled(false)
.gatewayPluginAiMcpOauth2Id("string")
.instanceName("string")
.config(GatewayPluginAiMcpOauth2ConfigArgs.builder()
.clientId("string")
.authorizationServers("string")
.resource("string")
.introspectionEndpoint("string")
.httpsProxyAuthorization("string")
.introspectionFormat("string")
.clientAlg("string")
.clientJwk("string")
.clientSecret("string")
.headers(Map.of("string", "string"))
.httpProxy("string")
.httpProxyAuthorization("string")
.httpVersion(0.0)
.httpsProxy("string")
.args(Map.of("string", "string"))
.insecureRelaxedAudienceValidation(false)
.claimToHeaders(GatewayPluginAiMcpOauth2ConfigClaimToHeaderArgs.builder()
.claim("string")
.header("string")
.build())
.clientAuth("string")
.keepalive(false)
.maxRequestBodySize(0.0)
.metadataEndpoint("string")
.mtlsIntrospectionEndpoint("string")
.noProxy("string")
.cacheIntrospection(false)
.scopesSupporteds("string")
.sslVerify(false)
.timeout(0.0)
.tlsClientAuthCert("string")
.tlsClientAuthKey("string")
.tlsClientAuthSslVerify(false)
.build())
.partials(GatewayPluginAiMcpOauth2PartialArgs.builder()
.id("string")
.name("string")
.path("string")
.build())
.protocols("string")
.route(GatewayPluginAiMcpOauth2RouteArgs.builder()
.id("string")
.build())
.service(GatewayPluginAiMcpOauth2ServiceArgs.builder()
.id("string")
.build())
.tags("string")
.updatedAt(0.0)
.build());
gateway_plugin_ai_mcp_oauth2_resource = konnect.GatewayPluginAiMcpOauth2("gatewayPluginAiMcpOauth2Resource",
control_plane_id="string",
ordering={
"after": {
"accesses": ["string"],
},
"before": {
"accesses": ["string"],
},
},
created_at=0,
enabled=False,
gateway_plugin_ai_mcp_oauth2_id="string",
instance_name="string",
config={
"client_id": "string",
"authorization_servers": ["string"],
"resource": "string",
"introspection_endpoint": "string",
"https_proxy_authorization": "string",
"introspection_format": "string",
"client_alg": "string",
"client_jwk": "string",
"client_secret": "string",
"headers": {
"string": "string",
},
"http_proxy": "string",
"http_proxy_authorization": "string",
"http_version": 0,
"https_proxy": "string",
"args": {
"string": "string",
},
"insecure_relaxed_audience_validation": False,
"claim_to_headers": [{
"claim": "string",
"header": "string",
}],
"client_auth": "string",
"keepalive": False,
"max_request_body_size": 0,
"metadata_endpoint": "string",
"mtls_introspection_endpoint": "string",
"no_proxy": "string",
"cache_introspection": False,
"scopes_supporteds": ["string"],
"ssl_verify": False,
"timeout": 0,
"tls_client_auth_cert": "string",
"tls_client_auth_key": "string",
"tls_client_auth_ssl_verify": False,
},
partials=[{
"id": "string",
"name": "string",
"path": "string",
}],
protocols=["string"],
route={
"id": "string",
},
service={
"id": "string",
},
tags=["string"],
updated_at=0)
const gatewayPluginAiMcpOauth2Resource = new konnect.GatewayPluginAiMcpOauth2("gatewayPluginAiMcpOauth2Resource", {
controlPlaneId: "string",
ordering: {
after: {
accesses: ["string"],
},
before: {
accesses: ["string"],
},
},
createdAt: 0,
enabled: false,
gatewayPluginAiMcpOauth2Id: "string",
instanceName: "string",
config: {
clientId: "string",
authorizationServers: ["string"],
resource: "string",
introspectionEndpoint: "string",
httpsProxyAuthorization: "string",
introspectionFormat: "string",
clientAlg: "string",
clientJwk: "string",
clientSecret: "string",
headers: {
string: "string",
},
httpProxy: "string",
httpProxyAuthorization: "string",
httpVersion: 0,
httpsProxy: "string",
args: {
string: "string",
},
insecureRelaxedAudienceValidation: false,
claimToHeaders: [{
claim: "string",
header: "string",
}],
clientAuth: "string",
keepalive: false,
maxRequestBodySize: 0,
metadataEndpoint: "string",
mtlsIntrospectionEndpoint: "string",
noProxy: "string",
cacheIntrospection: false,
scopesSupporteds: ["string"],
sslVerify: false,
timeout: 0,
tlsClientAuthCert: "string",
tlsClientAuthKey: "string",
tlsClientAuthSslVerify: false,
},
partials: [{
id: "string",
name: "string",
path: "string",
}],
protocols: ["string"],
route: {
id: "string",
},
service: {
id: "string",
},
tags: ["string"],
updatedAt: 0,
});
type: konnect:GatewayPluginAiMcpOauth2
properties:
config:
args:
string: string
authorizationServers:
- string
cacheIntrospection: false
claimToHeaders:
- claim: string
header: string
clientAlg: string
clientAuth: string
clientId: string
clientJwk: string
clientSecret: string
headers:
string: string
httpProxy: string
httpProxyAuthorization: string
httpVersion: 0
httpsProxy: string
httpsProxyAuthorization: string
insecureRelaxedAudienceValidation: false
introspectionEndpoint: string
introspectionFormat: string
keepalive: false
maxRequestBodySize: 0
metadataEndpoint: string
mtlsIntrospectionEndpoint: string
noProxy: string
resource: string
scopesSupporteds:
- string
sslVerify: false
timeout: 0
tlsClientAuthCert: string
tlsClientAuthKey: string
tlsClientAuthSslVerify: false
controlPlaneId: string
createdAt: 0
enabled: false
gatewayPluginAiMcpOauth2Id: string
instanceName: string
ordering:
after:
accesses:
- string
before:
accesses:
- string
partials:
- id: string
name: string
path: string
protocols:
- string
route:
id: string
service:
id: string
tags:
- string
updatedAt: 0
GatewayPluginAiMcpOauth2 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The GatewayPluginAiMcpOauth2 resource accepts the following input properties:
- Control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- Config
Gateway
Plugin Ai Mcp Oauth2Config - The configuration for MCP authorization in OAuth2. If this is enabled, make sure the configured metadata_endpoint is also covered by the same route so the authorization can be applied correctly.
- Created
At double - Unix epoch when the resource was created.
- Enabled bool
- Whether the plugin is applied. Default: true
- Gateway
Plugin stringAi Mcp Oauth2Id - A string representing a UUID (universally unique identifier).
- Instance
Name string - A unique string representing a UTF-8 encoded name.
- Ordering
Gateway
Plugin Ai Mcp Oauth2Ordering - Partials
List<Gateway
Plugin Ai Mcp Oauth2Partial> - A list of partials to be used by the plugin.
- Protocols List<string>
- A set of strings representing HTTP protocols. Default: ["grpc","grpcs","http","https"]
- Route
Gateway
Plugin Ai Mcp Oauth2Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- Service
Gateway
Plugin Ai Mcp Oauth2Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<string>
- An optional set of strings associated with the Plugin for grouping and filtering.
- Updated
At double - Unix epoch when the resource was last updated.
- Control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- Config
Gateway
Plugin Ai Mcp Oauth2Config Args - The configuration for MCP authorization in OAuth2. If this is enabled, make sure the configured metadata_endpoint is also covered by the same route so the authorization can be applied correctly.
- Created
At float64 - Unix epoch when the resource was created.
- Enabled bool
- Whether the plugin is applied. Default: true
- Gateway
Plugin stringAi Mcp Oauth2Id - A string representing a UUID (universally unique identifier).
- Instance
Name string - A unique string representing a UTF-8 encoded name.
- Ordering
Gateway
Plugin Ai Mcp Oauth2Ordering Args - Partials
[]Gateway
Plugin Ai Mcp Oauth2Partial Args - A list of partials to be used by the plugin.
- Protocols []string
- A set of strings representing HTTP protocols. Default: ["grpc","grpcs","http","https"]
- Route
Gateway
Plugin Ai Mcp Oauth2Route Args - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- Service
Gateway
Plugin Ai Mcp Oauth2Service Args - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- []string
- An optional set of strings associated with the Plugin for grouping and filtering.
- Updated
At float64 - Unix epoch when the resource was last updated.
- control
Plane StringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- config
Gateway
Plugin Ai Mcp Oauth2Config - The configuration for MCP authorization in OAuth2. If this is enabled, make sure the configured metadata_endpoint is also covered by the same route so the authorization can be applied correctly.
- created
At Double - Unix epoch when the resource was created.
- enabled Boolean
- Whether the plugin is applied. Default: true
- gateway
Plugin StringAi Mcp Oauth2Id - A string representing a UUID (universally unique identifier).
- instance
Name String - A unique string representing a UTF-8 encoded name.
- ordering
Gateway
Plugin Ai Mcp Oauth2Ordering - partials
List<Gateway
Plugin Ai Mcp Oauth2Partial> - A list of partials to be used by the plugin.
- protocols List<String>
- A set of strings representing HTTP protocols. Default: ["grpc","grpcs","http","https"]
- route
Gateway
Plugin Ai Mcp Oauth2Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Ai Mcp Oauth2Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<String>
- An optional set of strings associated with the Plugin for grouping and filtering.
- updated
At Double - Unix epoch when the resource was last updated.
- control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- config
Gateway
Plugin Ai Mcp Oauth2Config - The configuration for MCP authorization in OAuth2. If this is enabled, make sure the configured metadata_endpoint is also covered by the same route so the authorization can be applied correctly.
- created
At number - Unix epoch when the resource was created.
- enabled boolean
- Whether the plugin is applied. Default: true
- gateway
Plugin stringAi Mcp Oauth2Id - A string representing a UUID (universally unique identifier).
- instance
Name string - A unique string representing a UTF-8 encoded name.
- ordering
Gateway
Plugin Ai Mcp Oauth2Ordering - partials
Gateway
Plugin Ai Mcp Oauth2Partial[] - A list of partials to be used by the plugin.
- protocols string[]
- A set of strings representing HTTP protocols. Default: ["grpc","grpcs","http","https"]
- route
Gateway
Plugin Ai Mcp Oauth2Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Ai Mcp Oauth2Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- string[]
- An optional set of strings associated with the Plugin for grouping and filtering.
- updated
At number - Unix epoch when the resource was last updated.
- control_
plane_ strid - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- config
Gateway
Plugin Ai Mcp Oauth2Config Args - The configuration for MCP authorization in OAuth2. If this is enabled, make sure the configured metadata_endpoint is also covered by the same route so the authorization can be applied correctly.
- created_
at float - Unix epoch when the resource was created.
- enabled bool
- Whether the plugin is applied. Default: true
- gateway_
plugin_ strai_ mcp_ oauth2_ id - A string representing a UUID (universally unique identifier).
- instance_
name str - A unique string representing a UTF-8 encoded name.
- ordering
Gateway
Plugin Ai Mcp Oauth2Ordering Args - partials
Sequence[Gateway
Plugin Ai Mcp Oauth2Partial Args] - A list of partials to be used by the plugin.
- protocols Sequence[str]
- A set of strings representing HTTP protocols. Default: ["grpc","grpcs","http","https"]
- route
Gateway
Plugin Ai Mcp Oauth2Route Args - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Ai Mcp Oauth2Service Args - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- Sequence[str]
- An optional set of strings associated with the Plugin for grouping and filtering.
- updated_
at float - Unix epoch when the resource was last updated.
- control
Plane StringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- config Property Map
- The configuration for MCP authorization in OAuth2. If this is enabled, make sure the configured metadata_endpoint is also covered by the same route so the authorization can be applied correctly.
- created
At Number - Unix epoch when the resource was created.
- enabled Boolean
- Whether the plugin is applied. Default: true
- gateway
Plugin StringAi Mcp Oauth2Id - A string representing a UUID (universally unique identifier).
- instance
Name String - A unique string representing a UTF-8 encoded name.
- ordering Property Map
- partials List<Property Map>
- A list of partials to be used by the plugin.
- protocols List<String>
- A set of strings representing HTTP protocols. Default: ["grpc","grpcs","http","https"]
- route Property Map
- If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service Property Map
- If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<String>
- An optional set of strings associated with the Plugin for grouping and filtering.
- updated
At Number - Unix epoch when the resource was last updated.
Outputs
All input properties are implicitly available as output properties. Additionally, the GatewayPluginAiMcpOauth2 resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing GatewayPluginAiMcpOauth2 Resource
Get an existing GatewayPluginAiMcpOauth2 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GatewayPluginAiMcpOauth2State, opts?: CustomResourceOptions): GatewayPluginAiMcpOauth2@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
config: Optional[GatewayPluginAiMcpOauth2ConfigArgs] = None,
control_plane_id: Optional[str] = None,
created_at: Optional[float] = None,
enabled: Optional[bool] = None,
gateway_plugin_ai_mcp_oauth2_id: Optional[str] = None,
instance_name: Optional[str] = None,
ordering: Optional[GatewayPluginAiMcpOauth2OrderingArgs] = None,
partials: Optional[Sequence[GatewayPluginAiMcpOauth2PartialArgs]] = None,
protocols: Optional[Sequence[str]] = None,
route: Optional[GatewayPluginAiMcpOauth2RouteArgs] = None,
service: Optional[GatewayPluginAiMcpOauth2ServiceArgs] = None,
tags: Optional[Sequence[str]] = None,
updated_at: Optional[float] = None) -> GatewayPluginAiMcpOauth2func GetGatewayPluginAiMcpOauth2(ctx *Context, name string, id IDInput, state *GatewayPluginAiMcpOauth2State, opts ...ResourceOption) (*GatewayPluginAiMcpOauth2, error)public static GatewayPluginAiMcpOauth2 Get(string name, Input<string> id, GatewayPluginAiMcpOauth2State? state, CustomResourceOptions? opts = null)public static GatewayPluginAiMcpOauth2 get(String name, Output<String> id, GatewayPluginAiMcpOauth2State state, CustomResourceOptions options)resources: _: type: konnect:GatewayPluginAiMcpOauth2 get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Config
Gateway
Plugin Ai Mcp Oauth2Config - The configuration for MCP authorization in OAuth2. If this is enabled, make sure the configured metadata_endpoint is also covered by the same route so the authorization can be applied correctly.
- Control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- Created
At double - Unix epoch when the resource was created.
- Enabled bool
- Whether the plugin is applied. Default: true
- Gateway
Plugin stringAi Mcp Oauth2Id - A string representing a UUID (universally unique identifier).
- Instance
Name string - A unique string representing a UTF-8 encoded name.
- Ordering
Gateway
Plugin Ai Mcp Oauth2Ordering - Partials
List<Gateway
Plugin Ai Mcp Oauth2Partial> - A list of partials to be used by the plugin.
- Protocols List<string>
- A set of strings representing HTTP protocols. Default: ["grpc","grpcs","http","https"]
- Route
Gateway
Plugin Ai Mcp Oauth2Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- Service
Gateway
Plugin Ai Mcp Oauth2Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<string>
- An optional set of strings associated with the Plugin for grouping and filtering.
- Updated
At double - Unix epoch when the resource was last updated.
- Config
Gateway
Plugin Ai Mcp Oauth2Config Args - The configuration for MCP authorization in OAuth2. If this is enabled, make sure the configured metadata_endpoint is also covered by the same route so the authorization can be applied correctly.
- Control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- Created
At float64 - Unix epoch when the resource was created.
- Enabled bool
- Whether the plugin is applied. Default: true
- Gateway
Plugin stringAi Mcp Oauth2Id - A string representing a UUID (universally unique identifier).
- Instance
Name string - A unique string representing a UTF-8 encoded name.
- Ordering
Gateway
Plugin Ai Mcp Oauth2Ordering Args - Partials
[]Gateway
Plugin Ai Mcp Oauth2Partial Args - A list of partials to be used by the plugin.
- Protocols []string
- A set of strings representing HTTP protocols. Default: ["grpc","grpcs","http","https"]
- Route
Gateway
Plugin Ai Mcp Oauth2Route Args - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- Service
Gateway
Plugin Ai Mcp Oauth2Service Args - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- []string
- An optional set of strings associated with the Plugin for grouping and filtering.
- Updated
At float64 - Unix epoch when the resource was last updated.
- config
Gateway
Plugin Ai Mcp Oauth2Config - The configuration for MCP authorization in OAuth2. If this is enabled, make sure the configured metadata_endpoint is also covered by the same route so the authorization can be applied correctly.
- control
Plane StringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- created
At Double - Unix epoch when the resource was created.
- enabled Boolean
- Whether the plugin is applied. Default: true
- gateway
Plugin StringAi Mcp Oauth2Id - A string representing a UUID (universally unique identifier).
- instance
Name String - A unique string representing a UTF-8 encoded name.
- ordering
Gateway
Plugin Ai Mcp Oauth2Ordering - partials
List<Gateway
Plugin Ai Mcp Oauth2Partial> - A list of partials to be used by the plugin.
- protocols List<String>
- A set of strings representing HTTP protocols. Default: ["grpc","grpcs","http","https"]
- route
Gateway
Plugin Ai Mcp Oauth2Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Ai Mcp Oauth2Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<String>
- An optional set of strings associated with the Plugin for grouping and filtering.
- updated
At Double - Unix epoch when the resource was last updated.
- config
Gateway
Plugin Ai Mcp Oauth2Config - The configuration for MCP authorization in OAuth2. If this is enabled, make sure the configured metadata_endpoint is also covered by the same route so the authorization can be applied correctly.
- control
Plane stringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- created
At number - Unix epoch when the resource was created.
- enabled boolean
- Whether the plugin is applied. Default: true
- gateway
Plugin stringAi Mcp Oauth2Id - A string representing a UUID (universally unique identifier).
- instance
Name string - A unique string representing a UTF-8 encoded name.
- ordering
Gateway
Plugin Ai Mcp Oauth2Ordering - partials
Gateway
Plugin Ai Mcp Oauth2Partial[] - A list of partials to be used by the plugin.
- protocols string[]
- A set of strings representing HTTP protocols. Default: ["grpc","grpcs","http","https"]
- route
Gateway
Plugin Ai Mcp Oauth2Route - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Ai Mcp Oauth2Service - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- string[]
- An optional set of strings associated with the Plugin for grouping and filtering.
- updated
At number - Unix epoch when the resource was last updated.
- config
Gateway
Plugin Ai Mcp Oauth2Config Args - The configuration for MCP authorization in OAuth2. If this is enabled, make sure the configured metadata_endpoint is also covered by the same route so the authorization can be applied correctly.
- control_
plane_ strid - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- created_
at float - Unix epoch when the resource was created.
- enabled bool
- Whether the plugin is applied. Default: true
- gateway_
plugin_ strai_ mcp_ oauth2_ id - A string representing a UUID (universally unique identifier).
- instance_
name str - A unique string representing a UTF-8 encoded name.
- ordering
Gateway
Plugin Ai Mcp Oauth2Ordering Args - partials
Sequence[Gateway
Plugin Ai Mcp Oauth2Partial Args] - A list of partials to be used by the plugin.
- protocols Sequence[str]
- A set of strings representing HTTP protocols. Default: ["grpc","grpcs","http","https"]
- route
Gateway
Plugin Ai Mcp Oauth2Route Args - If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service
Gateway
Plugin Ai Mcp Oauth2Service Args - If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- Sequence[str]
- An optional set of strings associated with the Plugin for grouping and filtering.
- updated_
at float - Unix epoch when the resource was last updated.
- config Property Map
- The configuration for MCP authorization in OAuth2. If this is enabled, make sure the configured metadata_endpoint is also covered by the same route so the authorization can be applied correctly.
- control
Plane StringId - The UUID of your control plane. This variable is available in the Konnect manager. Requires replacement if changed.
- created
At Number - Unix epoch when the resource was created.
- enabled Boolean
- Whether the plugin is applied. Default: true
- gateway
Plugin StringAi Mcp Oauth2Id - A string representing a UUID (universally unique identifier).
- instance
Name String - A unique string representing a UTF-8 encoded name.
- ordering Property Map
- partials List<Property Map>
- A list of partials to be used by the plugin.
- protocols List<String>
- A set of strings representing HTTP protocols. Default: ["grpc","grpcs","http","https"]
- route Property Map
- If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.
- service Property Map
- If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.
- List<String>
- An optional set of strings associated with the Plugin for grouping and filtering.
- updated
At Number - Unix epoch when the resource was last updated.
Supporting Types
GatewayPluginAiMcpOauth2Config, GatewayPluginAiMcpOauth2ConfigArgs
- List<string>
- Client
Id string - The client ID for authentication.
- Introspection
Endpoint string - The introspection endpoint URL.
- Resource string
- The resource identifier.
- Args Dictionary<string, string>
- Additional arguments to send in the POST body.
- Cache
Introspection bool - If enabled, the plugin will cache the introspection response for the access token. This can improve performance by reducing the number of introspection requests to the authorization server. Default: true
- Claim
To List<GatewayHeaders Plugin Ai Mcp Oauth2Config Claim To Header> - Client
Alg string - The client JWT signing algorithm. must be one of ["ES256", "ES384", "ES512", "EdDSA", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512", "RS256", "RS384", "RS512"]
- Client
Auth string - The client authentication method. must be one of ["clientsecretbasic", "clientsecretjwt", "clientsecretpost", "none", "privatekeyjwt", "selfsignedtlsclientauth", "tlsclientauth"]
- Client
Jwk string - The client JWK for privatekeyjwt authentication.
- Client
Secret string - The client secret for authentication.
- Headers Dictionary<string, string>
- Additional headers for the introspection request.
- Http
Proxy string - HTTP proxy to use.
- string
- HTTP proxy authorization header.
- Http
Version double - The HTTP version used for requests.
- Https
Proxy string - HTTPS proxy to use.
- string
- HTTPS proxy authorization header.
- Insecure
Relaxed boolAudience Validation - If enabled, the plugin will not validate the audience of the access token. Disable it if the authorization server does not correctly set the audience claim according to RFC 8707 and MCP specification. Default: false
- Introspection
Format string - Controls introspection response format. must be one of ["base64", "base64url", "string"]
- Keepalive bool
- Enable HTTP keepalive for requests. Default: true
- Max
Request doubleBody Size - max allowed body size allowed to be handled as MCP request. Default: 8192
- Metadata
Endpoint string - The path for OAuth 2.0 Protected Resource Metadata. Default to $resource/.well-known/oauth-protected-resource. For example, if the configured resource is https://api.example.com/mcp, the metadata endpoint is /mcp/.well-known/oauth-protected-resource.
- Mtls
Introspection stringEndpoint - The mTLS alias for the introspection endpoint.
- No
Proxy string - Comma-separated list of hosts to exclude from proxy.
- Scopes
Supporteds List<string> - Ssl
Verify bool - Verify the SSL certificate. Default: true
- Timeout double
- Network I/O timeout in milliseconds. Default: 10000
- Tls
Client stringAuth Cert - PEM-encoded client certificate for mTLS.
- Tls
Client stringAuth Key - PEM-encoded private key for mTLS.
- Tls
Client boolAuth Ssl Verify - Verify server certificate in mTLS. Default: true
- []string
- Client
Id string - The client ID for authentication.
- Introspection
Endpoint string - The introspection endpoint URL.
- Resource string
- The resource identifier.
- Args map[string]string
- Additional arguments to send in the POST body.
- Cache
Introspection bool - If enabled, the plugin will cache the introspection response for the access token. This can improve performance by reducing the number of introspection requests to the authorization server. Default: true
- Claim
To []GatewayHeaders Plugin Ai Mcp Oauth2Config Claim To Header - Client
Alg string - The client JWT signing algorithm. must be one of ["ES256", "ES384", "ES512", "EdDSA", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512", "RS256", "RS384", "RS512"]
- Client
Auth string - The client authentication method. must be one of ["clientsecretbasic", "clientsecretjwt", "clientsecretpost", "none", "privatekeyjwt", "selfsignedtlsclientauth", "tlsclientauth"]
- Client
Jwk string - The client JWK for privatekeyjwt authentication.
- Client
Secret string - The client secret for authentication.
- Headers map[string]string
- Additional headers for the introspection request.
- Http
Proxy string - HTTP proxy to use.
- string
- HTTP proxy authorization header.
- Http
Version float64 - The HTTP version used for requests.
- Https
Proxy string - HTTPS proxy to use.
- string
- HTTPS proxy authorization header.
- Insecure
Relaxed boolAudience Validation - If enabled, the plugin will not validate the audience of the access token. Disable it if the authorization server does not correctly set the audience claim according to RFC 8707 and MCP specification. Default: false
- Introspection
Format string - Controls introspection response format. must be one of ["base64", "base64url", "string"]
- Keepalive bool
- Enable HTTP keepalive for requests. Default: true
- Max
Request float64Body Size - max allowed body size allowed to be handled as MCP request. Default: 8192
- Metadata
Endpoint string - The path for OAuth 2.0 Protected Resource Metadata. Default to $resource/.well-known/oauth-protected-resource. For example, if the configured resource is https://api.example.com/mcp, the metadata endpoint is /mcp/.well-known/oauth-protected-resource.
- Mtls
Introspection stringEndpoint - The mTLS alias for the introspection endpoint.
- No
Proxy string - Comma-separated list of hosts to exclude from proxy.
- Scopes
Supporteds []string - Ssl
Verify bool - Verify the SSL certificate. Default: true
- Timeout float64
- Network I/O timeout in milliseconds. Default: 10000
- Tls
Client stringAuth Cert - PEM-encoded client certificate for mTLS.
- Tls
Client stringAuth Key - PEM-encoded private key for mTLS.
- Tls
Client boolAuth Ssl Verify - Verify server certificate in mTLS. Default: true
- List<String>
- client
Id String - The client ID for authentication.
- introspection
Endpoint String - The introspection endpoint URL.
- resource String
- The resource identifier.
- args Map<String,String>
- Additional arguments to send in the POST body.
- cache
Introspection Boolean - If enabled, the plugin will cache the introspection response for the access token. This can improve performance by reducing the number of introspection requests to the authorization server. Default: true
- claim
To List<GatewayHeaders Plugin Ai Mcp Oauth2Config Claim To Header> - client
Alg String - The client JWT signing algorithm. must be one of ["ES256", "ES384", "ES512", "EdDSA", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512", "RS256", "RS384", "RS512"]
- client
Auth String - The client authentication method. must be one of ["clientsecretbasic", "clientsecretjwt", "clientsecretpost", "none", "privatekeyjwt", "selfsignedtlsclientauth", "tlsclientauth"]
- client
Jwk String - The client JWK for privatekeyjwt authentication.
- client
Secret String - The client secret for authentication.
- headers Map<String,String>
- Additional headers for the introspection request.
- http
Proxy String - HTTP proxy to use.
- String
- HTTP proxy authorization header.
- http
Version Double - The HTTP version used for requests.
- https
Proxy String - HTTPS proxy to use.
- String
- HTTPS proxy authorization header.
- insecure
Relaxed BooleanAudience Validation - If enabled, the plugin will not validate the audience of the access token. Disable it if the authorization server does not correctly set the audience claim according to RFC 8707 and MCP specification. Default: false
- introspection
Format String - Controls introspection response format. must be one of ["base64", "base64url", "string"]
- keepalive Boolean
- Enable HTTP keepalive for requests. Default: true
- max
Request DoubleBody Size - max allowed body size allowed to be handled as MCP request. Default: 8192
- metadata
Endpoint String - The path for OAuth 2.0 Protected Resource Metadata. Default to $resource/.well-known/oauth-protected-resource. For example, if the configured resource is https://api.example.com/mcp, the metadata endpoint is /mcp/.well-known/oauth-protected-resource.
- mtls
Introspection StringEndpoint - The mTLS alias for the introspection endpoint.
- no
Proxy String - Comma-separated list of hosts to exclude from proxy.
- scopes
Supporteds List<String> - ssl
Verify Boolean - Verify the SSL certificate. Default: true
- timeout Double
- Network I/O timeout in milliseconds. Default: 10000
- tls
Client StringAuth Cert - PEM-encoded client certificate for mTLS.
- tls
Client StringAuth Key - PEM-encoded private key for mTLS.
- tls
Client BooleanAuth Ssl Verify - Verify server certificate in mTLS. Default: true
- string[]
- client
Id string - The client ID for authentication.
- introspection
Endpoint string - The introspection endpoint URL.
- resource string
- The resource identifier.
- args {[key: string]: string}
- Additional arguments to send in the POST body.
- cache
Introspection boolean - If enabled, the plugin will cache the introspection response for the access token. This can improve performance by reducing the number of introspection requests to the authorization server. Default: true
- claim
To GatewayHeaders Plugin Ai Mcp Oauth2Config Claim To Header[] - client
Alg string - The client JWT signing algorithm. must be one of ["ES256", "ES384", "ES512", "EdDSA", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512", "RS256", "RS384", "RS512"]
- client
Auth string - The client authentication method. must be one of ["clientsecretbasic", "clientsecretjwt", "clientsecretpost", "none", "privatekeyjwt", "selfsignedtlsclientauth", "tlsclientauth"]
- client
Jwk string - The client JWK for privatekeyjwt authentication.
- client
Secret string - The client secret for authentication.
- headers {[key: string]: string}
- Additional headers for the introspection request.
- http
Proxy string - HTTP proxy to use.
- string
- HTTP proxy authorization header.
- http
Version number - The HTTP version used for requests.
- https
Proxy string - HTTPS proxy to use.
- string
- HTTPS proxy authorization header.
- insecure
Relaxed booleanAudience Validation - If enabled, the plugin will not validate the audience of the access token. Disable it if the authorization server does not correctly set the audience claim according to RFC 8707 and MCP specification. Default: false
- introspection
Format string - Controls introspection response format. must be one of ["base64", "base64url", "string"]
- keepalive boolean
- Enable HTTP keepalive for requests. Default: true
- max
Request numberBody Size - max allowed body size allowed to be handled as MCP request. Default: 8192
- metadata
Endpoint string - The path for OAuth 2.0 Protected Resource Metadata. Default to $resource/.well-known/oauth-protected-resource. For example, if the configured resource is https://api.example.com/mcp, the metadata endpoint is /mcp/.well-known/oauth-protected-resource.
- mtls
Introspection stringEndpoint - The mTLS alias for the introspection endpoint.
- no
Proxy string - Comma-separated list of hosts to exclude from proxy.
- scopes
Supporteds string[] - ssl
Verify boolean - Verify the SSL certificate. Default: true
- timeout number
- Network I/O timeout in milliseconds. Default: 10000
- tls
Client stringAuth Cert - PEM-encoded client certificate for mTLS.
- tls
Client stringAuth Key - PEM-encoded private key for mTLS.
- tls
Client booleanAuth Ssl Verify - Verify server certificate in mTLS. Default: true
- Sequence[str]
- client_
id str - The client ID for authentication.
- introspection_
endpoint str - The introspection endpoint URL.
- resource str
- The resource identifier.
- args Mapping[str, str]
- Additional arguments to send in the POST body.
- cache_
introspection bool - If enabled, the plugin will cache the introspection response for the access token. This can improve performance by reducing the number of introspection requests to the authorization server. Default: true
- claim_
to_ Sequence[Gatewayheaders Plugin Ai Mcp Oauth2Config Claim To Header] - client_
alg str - The client JWT signing algorithm. must be one of ["ES256", "ES384", "ES512", "EdDSA", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512", "RS256", "RS384", "RS512"]
- client_
auth str - The client authentication method. must be one of ["clientsecretbasic", "clientsecretjwt", "clientsecretpost", "none", "privatekeyjwt", "selfsignedtlsclientauth", "tlsclientauth"]
- client_
jwk str - The client JWK for privatekeyjwt authentication.
- client_
secret str - The client secret for authentication.
- headers Mapping[str, str]
- Additional headers for the introspection request.
- http_
proxy str - HTTP proxy to use.
- str
- HTTP proxy authorization header.
- http_
version float - The HTTP version used for requests.
- https_
proxy str - HTTPS proxy to use.
- str
- HTTPS proxy authorization header.
- insecure_
relaxed_ boolaudience_ validation - If enabled, the plugin will not validate the audience of the access token. Disable it if the authorization server does not correctly set the audience claim according to RFC 8707 and MCP specification. Default: false
- introspection_
format str - Controls introspection response format. must be one of ["base64", "base64url", "string"]
- keepalive bool
- Enable HTTP keepalive for requests. Default: true
- max_
request_ floatbody_ size - max allowed body size allowed to be handled as MCP request. Default: 8192
- metadata_
endpoint str - The path for OAuth 2.0 Protected Resource Metadata. Default to $resource/.well-known/oauth-protected-resource. For example, if the configured resource is https://api.example.com/mcp, the metadata endpoint is /mcp/.well-known/oauth-protected-resource.
- mtls_
introspection_ strendpoint - The mTLS alias for the introspection endpoint.
- no_
proxy str - Comma-separated list of hosts to exclude from proxy.
- scopes_
supporteds Sequence[str] - ssl_
verify bool - Verify the SSL certificate. Default: true
- timeout float
- Network I/O timeout in milliseconds. Default: 10000
- tls_
client_ strauth_ cert - PEM-encoded client certificate for mTLS.
- tls_
client_ strauth_ key - PEM-encoded private key for mTLS.
- tls_
client_ boolauth_ ssl_ verify - Verify server certificate in mTLS. Default: true
- List<String>
- client
Id String - The client ID for authentication.
- introspection
Endpoint String - The introspection endpoint URL.
- resource String
- The resource identifier.
- args Map<String>
- Additional arguments to send in the POST body.
- cache
Introspection Boolean - If enabled, the plugin will cache the introspection response for the access token. This can improve performance by reducing the number of introspection requests to the authorization server. Default: true
- claim
To List<Property Map>Headers - client
Alg String - The client JWT signing algorithm. must be one of ["ES256", "ES384", "ES512", "EdDSA", "HS256", "HS384", "HS512", "PS256", "PS384", "PS512", "RS256", "RS384", "RS512"]
- client
Auth String - The client authentication method. must be one of ["clientsecretbasic", "clientsecretjwt", "clientsecretpost", "none", "privatekeyjwt", "selfsignedtlsclientauth", "tlsclientauth"]
- client
Jwk String - The client JWK for privatekeyjwt authentication.
- client
Secret String - The client secret for authentication.
- headers Map<String>
- Additional headers for the introspection request.
- http
Proxy String - HTTP proxy to use.
- String
- HTTP proxy authorization header.
- http
Version Number - The HTTP version used for requests.
- https
Proxy String - HTTPS proxy to use.
- String
- HTTPS proxy authorization header.
- insecure
Relaxed BooleanAudience Validation - If enabled, the plugin will not validate the audience of the access token. Disable it if the authorization server does not correctly set the audience claim according to RFC 8707 and MCP specification. Default: false
- introspection
Format String - Controls introspection response format. must be one of ["base64", "base64url", "string"]
- keepalive Boolean
- Enable HTTP keepalive for requests. Default: true
- max
Request NumberBody Size - max allowed body size allowed to be handled as MCP request. Default: 8192
- metadata
Endpoint String - The path for OAuth 2.0 Protected Resource Metadata. Default to $resource/.well-known/oauth-protected-resource. For example, if the configured resource is https://api.example.com/mcp, the metadata endpoint is /mcp/.well-known/oauth-protected-resource.
- mtls
Introspection StringEndpoint - The mTLS alias for the introspection endpoint.
- no
Proxy String - Comma-separated list of hosts to exclude from proxy.
- scopes
Supporteds List<String> - ssl
Verify Boolean - Verify the SSL certificate. Default: true
- timeout Number
- Network I/O timeout in milliseconds. Default: 10000
- tls
Client StringAuth Cert - PEM-encoded client certificate for mTLS.
- tls
Client StringAuth Key - PEM-encoded private key for mTLS.
- tls
Client BooleanAuth Ssl Verify - Verify server certificate in mTLS. Default: true
GatewayPluginAiMcpOauth2ConfigClaimToHeader, GatewayPluginAiMcpOauth2ConfigClaimToHeaderArgs
GatewayPluginAiMcpOauth2Ordering, GatewayPluginAiMcpOauth2OrderingArgs
GatewayPluginAiMcpOauth2OrderingAfter, GatewayPluginAiMcpOauth2OrderingAfterArgs
- Accesses List<string>
- Accesses []string
- accesses List<String>
- accesses string[]
- accesses Sequence[str]
- accesses List<String>
GatewayPluginAiMcpOauth2OrderingBefore, GatewayPluginAiMcpOauth2OrderingBeforeArgs
- Accesses List<string>
- Accesses []string
- accesses List<String>
- accesses string[]
- accesses Sequence[str]
- accesses List<String>
GatewayPluginAiMcpOauth2Partial, GatewayPluginAiMcpOauth2PartialArgs
GatewayPluginAiMcpOauth2Route, GatewayPluginAiMcpOauth2RouteArgs
- Id string
- Id string
- id String
- id string
- id str
- id String
GatewayPluginAiMcpOauth2Service, GatewayPluginAiMcpOauth2ServiceArgs
- Id string
- Id string
- id String
- id string
- id str
- id String
Import
In Terraform v1.5.0 and later, the import block can be used with the id attribute, for example:
terraform
import {
to = konnect_gateway_plugin_ai_mcp_oauth2.my_konnect_gateway_plugin_ai_mcp_oauth2
id = jsonencode({
control_plane_id = "9524ec7d-36d9-465d-a8c5-83a3c9390458"
id = "3473c251-5b6c-4f45-b1ff-7ede735a366d"
})
}
The pulumi import command can be used, for example:
$ pulumi import konnect:index/gatewayPluginAiMcpOauth2:GatewayPluginAiMcpOauth2 my_konnect_gateway_plugin_ai_mcp_oauth2 '{"control_plane_id": "9524ec7d-36d9-465d-a8c5-83a3c9390458", "id": "3473c251-5b6c-4f45-b1ff-7ede735a366d"}'
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- konnect kong/terraform-provider-konnect
- License
- Notes
- This Pulumi package is based on the
konnectTerraform Provider.
