vault.identity.getOidcOpenidConfig

HashiCorp Vault v7.7.0, Feb 6 26

Viewing docs for HashiCorp Vault v7.7.0
published on Friday, Feb 6, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-vault

Viewing docs for HashiCorp Vault v7.7.0
published on Friday, Feb 6, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-vault

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as vault from "@pulumi/vault";

const key = new vault.identity.OidcKey("key", {
    name: "key",
    allowedClientIds: ["*"],
    rotationPeriod: 3600,
    verificationTtl: 3600,
});
const app = new vault.identity.OidcClient("app", {
    name: "application",
    key: key.name,
    redirectUris: [
        "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
        "http://127.0.0.1:8251/callback",
        "http://127.0.0.1:8080/callback",
    ],
    idTokenTtl: 2400,
    accessTokenTtl: 7200,
});
const provider = new vault.identity.OidcProvider("provider", {
    name: "provider",
    allowedClientIds: [test.clientId],
});
const config = vault.identity.getOidcOpenidConfigOutput({
    name: provider.name,
});

import pulumi
import pulumi_vault as vault

key = vault.identity.OidcKey("key",
    name="key",
    allowed_client_ids=["*"],
    rotation_period=3600,
    verification_ttl=3600)
app = vault.identity.OidcClient("app",
    name="application",
    key=key.name,
    redirect_uris=[
        "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
        "http://127.0.0.1:8251/callback",
        "http://127.0.0.1:8080/callback",
    ],
    id_token_ttl=2400,
    access_token_ttl=7200)
provider = vault.identity.OidcProvider("provider",
    name="provider",
    allowed_client_ids=[test["clientId"]])
config = vault.identity.get_oidc_openid_config_output(name=provider.name)

package main

import (
	"github.com/pulumi/pulumi-vault/sdk/v7/go/vault/identity"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		key, err := identity.NewOidcKey(ctx, "key", &identity.OidcKeyArgs{
			Name: pulumi.String("key"),
			AllowedClientIds: pulumi.StringArray{
				pulumi.String("*"),
			},
			RotationPeriod:  pulumi.Int(3600),
			VerificationTtl: pulumi.Int(3600),
		})
		if err != nil {
			return err
		}
		_, err = identity.NewOidcClient(ctx, "app", &identity.OidcClientArgs{
			Name: pulumi.String("application"),
			Key:  key.Name,
			RedirectUris: pulumi.StringArray{
				pulumi.String("http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback"),
				pulumi.String("http://127.0.0.1:8251/callback"),
				pulumi.String("http://127.0.0.1:8080/callback"),
			},
			IdTokenTtl:     pulumi.Int(2400),
			AccessTokenTtl: pulumi.Int(7200),
		})
		if err != nil {
			return err
		}
		provider, err := identity.NewOidcProvider(ctx, "provider", &identity.OidcProviderArgs{
			Name: pulumi.String("provider"),
			AllowedClientIds: pulumi.StringArray{
				test.ClientId,
			},
		})
		if err != nil {
			return err
		}
		_ = identity.GetOidcOpenidConfigOutput(ctx, identity.GetOidcOpenidConfigOutputArgs{
			Name: provider.Name,
		}, nil)
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Vault = Pulumi.Vault;

return await Deployment.RunAsync(() => 
{
    var key = new Vault.Identity.OidcKey("key", new()
    {
        Name = "key",
        AllowedClientIds = new[]
        {
            "*",
        },
        RotationPeriod = 3600,
        VerificationTtl = 3600,
    });

    var app = new Vault.Identity.OidcClient("app", new()
    {
        Name = "application",
        Key = key.Name,
        RedirectUris = new[]
        {
            "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
            "http://127.0.0.1:8251/callback",
            "http://127.0.0.1:8080/callback",
        },
        IdTokenTtl = 2400,
        AccessTokenTtl = 7200,
    });

    var provider = new Vault.Identity.OidcProvider("provider", new()
    {
        Name = "provider",
        AllowedClientIds = new[]
        {
            test.ClientId,
        },
    });

    var config = Vault.Identity.GetOidcOpenidConfig.Invoke(new()
    {
        Name = provider.Name,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.vault.identity.OidcKey;
import com.pulumi.vault.identity.OidcKeyArgs;
import com.pulumi.vault.identity.OidcClient;
import com.pulumi.vault.identity.OidcClientArgs;
import com.pulumi.vault.identity.OidcProvider;
import com.pulumi.vault.identity.OidcProviderArgs;
import com.pulumi.vault.identity.IdentityFunctions;
import com.pulumi.vault.identity.inputs.GetOidcOpenidConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var key = new OidcKey("key", OidcKeyArgs.builder()
            .name("key")
            .allowedClientIds("*")
            .rotationPeriod(3600)
            .verificationTtl(3600)
            .build());

        var app = new OidcClient("app", OidcClientArgs.builder()
            .name("application")
            .key(key.name())
            .redirectUris(            
                "http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
                "http://127.0.0.1:8251/callback",
                "http://127.0.0.1:8080/callback")
            .idTokenTtl(2400)
            .accessTokenTtl(7200)
            .build());

        var provider = new OidcProvider("provider", OidcProviderArgs.builder()
            .name("provider")
            .allowedClientIds(test.clientId())
            .build());

        final var config = IdentityFunctions.getOidcOpenidConfig(GetOidcOpenidConfigArgs.builder()
            .name(provider.name())
            .build());

    }
}

resources:
  key:
    type: vault:identity:OidcKey
    properties:
      name: key
      allowedClientIds:
        - '*'
      rotationPeriod: 3600
      verificationTtl: 3600
  app:
    type: vault:identity:OidcClient
    properties:
      name: application
      key: ${key.name}
      redirectUris:
        - http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback
        - http://127.0.0.1:8251/callback
        - http://127.0.0.1:8080/callback
      idTokenTtl: 2400
      accessTokenTtl: 7200
  provider:
    type: vault:identity:OidcProvider
    properties:
      name: provider
      allowedClientIds:
        - ${test.clientId}
variables:
  config:
    fn::invoke:
      function: vault:identity:getOidcOpenidConfig
      arguments:
        name: ${provider.name}

Using getOidcOpenidConfig

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getOidcOpenidConfig(args: GetOidcOpenidConfigArgs, opts?: InvokeOptions): Promise<GetOidcOpenidConfigResult>
function getOidcOpenidConfigOutput(args: GetOidcOpenidConfigOutputArgs, opts?: InvokeOptions): Output<GetOidcOpenidConfigResult>

def get_oidc_openid_config(name: Optional[str] = None,
                           namespace: Optional[str] = None,
                           opts: Optional[InvokeOptions] = None) -> GetOidcOpenidConfigResult
def get_oidc_openid_config_output(name: Optional[pulumi.Input[str]] = None,
                           namespace: Optional[pulumi.Input[str]] = None,
                           opts: Optional[InvokeOptions] = None) -> Output[GetOidcOpenidConfigResult]

func GetOidcOpenidConfig(ctx *Context, args *GetOidcOpenidConfigArgs, opts ...InvokeOption) (*GetOidcOpenidConfigResult, error)
func GetOidcOpenidConfigOutput(ctx *Context, args *GetOidcOpenidConfigOutputArgs, opts ...InvokeOption) GetOidcOpenidConfigResultOutput

> Note: This function is named GetOidcOpenidConfig in the Go SDK.

public static class GetOidcOpenidConfig 
{
    public static Task<GetOidcOpenidConfigResult> InvokeAsync(GetOidcOpenidConfigArgs args, InvokeOptions? opts = null)
    public static Output<GetOidcOpenidConfigResult> Invoke(GetOidcOpenidConfigInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetOidcOpenidConfigResult> getOidcOpenidConfig(GetOidcOpenidConfigArgs args, InvokeOptions options)
public static Output<GetOidcOpenidConfigResult> getOidcOpenidConfig(GetOidcOpenidConfigArgs args, InvokeOptions options)

fn::invoke:
  function: vault:identity/getOidcOpenidConfig:getOidcOpenidConfig
  arguments:
    # arguments dictionary

The following arguments are supported:

Name string: The name of the OIDC Provider in Vault.
Namespace string: The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

Name string: The name of the OIDC Provider in Vault.
Namespace string: The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

name String: The name of the OIDC Provider in Vault.
namespace String: The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

name string: The name of the OIDC Provider in Vault.
namespace string: The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

name str: The name of the OIDC Provider in Vault.
namespace str: The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

name String: The name of the OIDC Provider in Vault.
namespace String: The namespace of the target resource. The value should not contain leading or trailing forward slashes. The namespace is always relative to the provider's configured namespace. Available only for Vault Enterprise.

getOidcOpenidConfig Result

The following output properties are available:

AuthorizationEndpoint string: The Authorization Endpoint for the provider.
GrantTypesSupporteds List<string>: The grant types supported by the provider.
Id string: The provider-assigned unique ID for this managed resource.
IdTokenSigningAlgValuesSupporteds List<string>: The signing algorithms supported by the provider.
Issuer string: The URL of the issuer for the provider.
JwksUri string: The well known keys URI for the provider.
Name string
RequestUriParameterSupported bool: Specifies whether Request URI Parameter is supported by the provider.
ResponseTypesSupporteds List<string>: The response types supported by the provider.
ScopesSupporteds List<string>: The scopes supported by the provider.
SubjectTypesSupporteds List<string>: The subject types supported by the provider.
TokenEndpoint string: The Token Endpoint for the provider.
TokenEndpointAuthMethodsSupporteds List<string>: The token endpoint auth methods supported by the provider.
UserinfoEndpoint string: The User Info Endpoint for the provider
Namespace string

AuthorizationEndpoint string: The Authorization Endpoint for the provider.
GrantTypesSupporteds []string: The grant types supported by the provider.
Id string: The provider-assigned unique ID for this managed resource.
IdTokenSigningAlgValuesSupporteds []string: The signing algorithms supported by the provider.
Issuer string: The URL of the issuer for the provider.
JwksUri string: The well known keys URI for the provider.
Name string
RequestUriParameterSupported bool: Specifies whether Request URI Parameter is supported by the provider.
ResponseTypesSupporteds []string: The response types supported by the provider.
ScopesSupporteds []string: The scopes supported by the provider.
SubjectTypesSupporteds []string: The subject types supported by the provider.
TokenEndpoint string: The Token Endpoint for the provider.
TokenEndpointAuthMethodsSupporteds []string: The token endpoint auth methods supported by the provider.
UserinfoEndpoint string: The User Info Endpoint for the provider
Namespace string

authorizationEndpoint String: The Authorization Endpoint for the provider.
grantTypesSupporteds List<String>: The grant types supported by the provider.
id String: The provider-assigned unique ID for this managed resource.
idTokenSigningAlgValuesSupporteds List<String>: The signing algorithms supported by the provider.
issuer String: The URL of the issuer for the provider.
jwksUri String: The well known keys URI for the provider.
name String
requestUriParameterSupported Boolean: Specifies whether Request URI Parameter is supported by the provider.
responseTypesSupporteds List<String>: The response types supported by the provider.
scopesSupporteds List<String>: The scopes supported by the provider.
subjectTypesSupporteds List<String>: The subject types supported by the provider.
tokenEndpoint String: The Token Endpoint for the provider.
tokenEndpointAuthMethodsSupporteds List<String>: The token endpoint auth methods supported by the provider.
userinfoEndpoint String: The User Info Endpoint for the provider
namespace String

authorizationEndpoint string: The Authorization Endpoint for the provider.
grantTypesSupporteds string[]: The grant types supported by the provider.
id string: The provider-assigned unique ID for this managed resource.
idTokenSigningAlgValuesSupporteds string[]: The signing algorithms supported by the provider.
issuer string: The URL of the issuer for the provider.
jwksUri string: The well known keys URI for the provider.
name string
requestUriParameterSupported boolean: Specifies whether Request URI Parameter is supported by the provider.
responseTypesSupporteds string[]: The response types supported by the provider.
scopesSupporteds string[]: The scopes supported by the provider.
subjectTypesSupporteds string[]: The subject types supported by the provider.
tokenEndpoint string: The Token Endpoint for the provider.
tokenEndpointAuthMethodsSupporteds string[]: The token endpoint auth methods supported by the provider.
userinfoEndpoint string: The User Info Endpoint for the provider
namespace string

authorization_endpoint str: The Authorization Endpoint for the provider.
grant_types_supporteds Sequence[str]: The grant types supported by the provider.
id str: The provider-assigned unique ID for this managed resource.
id_token_signing_alg_values_supporteds Sequence[str]: The signing algorithms supported by the provider.
issuer str: The URL of the issuer for the provider.
jwks_uri str: The well known keys URI for the provider.
name str
request_uri_parameter_supported bool: Specifies whether Request URI Parameter is supported by the provider.
response_types_supporteds Sequence[str]: The response types supported by the provider.
scopes_supporteds Sequence[str]: The scopes supported by the provider.
subject_types_supporteds Sequence[str]: The subject types supported by the provider.
token_endpoint str: The Token Endpoint for the provider.
token_endpoint_auth_methods_supporteds Sequence[str]: The token endpoint auth methods supported by the provider.
userinfo_endpoint str: The User Info Endpoint for the provider
namespace str

authorizationEndpoint String: The Authorization Endpoint for the provider.
grantTypesSupporteds List<String>: The grant types supported by the provider.
id String: The provider-assigned unique ID for this managed resource.
idTokenSigningAlgValuesSupporteds List<String>: The signing algorithms supported by the provider.
issuer String: The URL of the issuer for the provider.
jwksUri String: The well known keys URI for the provider.
name String
requestUriParameterSupported Boolean: Specifies whether Request URI Parameter is supported by the provider.
responseTypesSupporteds List<String>: The response types supported by the provider.
scopesSupporteds List<String>: The scopes supported by the provider.
subjectTypesSupporteds List<String>: The subject types supported by the provider.
tokenEndpoint String: The Token Endpoint for the provider.
tokenEndpointAuthMethodsSupporteds List<String>: The token endpoint auth methods supported by the provider.
userinfoEndpoint String: The User Info Endpoint for the provider
namespace String

Package Details

Repository: Vault pulumi/pulumi-vault
License: Apache-2.0
Notes: This Pulumi package is based on the vault Terraform Provider.

Viewing docs for HashiCorp Vault v7.7.0
published on Friday, Feb 6, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-vault

vault.identity.getOidcOpenidConfig

On this page

On this page

Example Usage

Using getOidcOpenidConfig

getOidcOpenidConfig Result

Package Details

On this page

On this page