fusionauth.FusionAuthIdpExternalJwt
Explore with Pulumi AI
# External JWT Identity Provider Resource
This is a special type of identity provider that is only used via the JWT Reconcile API. This identity provider defines the claims inside the incoming JWT and how they map to fields in the FusionAuth User object.
In order for this identity provider to use the JWT, it also needs the public key or HMAC secret that the JWT was signed with. FusionAuth will verify that the JWT is valid and has not expired. Once the JWT has been validated, FusionAuth will reconcile it to ensure that the User exists and is up-to-date.
External JWT Identity Providers API
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fusionauth from "pulumi-fusionauth";
const jwt = new fusionauth.FusionAuthIdpExternalJwt("jwt", {
claimMap: {
dept: "RegistrationData",
first_name: "firstName",
last_name: "lastName",
},
debug: false,
enabled: true,
headerKeyParameter: "kid",
oauth2AuthorizationEndpoint: "https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect",
oauth2TokenEndpoint: "https://acme.com/adfs/oauth2/token",
uniqueIdentityClaim: "email",
});
import pulumi
import theogravity_pulumi_fusionauth as fusionauth
jwt = fusionauth.FusionAuthIdpExternalJwt("jwt",
claim_map={
"dept": "RegistrationData",
"first_name": "firstName",
"last_name": "lastName",
},
debug=False,
enabled=True,
header_key_parameter="kid",
oauth2_authorization_endpoint="https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect",
oauth2_token_endpoint="https://acme.com/adfs/oauth2/token",
unique_identity_claim="email")
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := fusionauth.NewFusionAuthIdpExternalJwt(ctx, "jwt", &fusionauth.FusionAuthIdpExternalJwtArgs{
ClaimMap: pulumi.Map{
"dept": pulumi.Any("RegistrationData"),
"first_name": pulumi.Any("firstName"),
"last_name": pulumi.Any("lastName"),
},
Debug: pulumi.Bool(false),
Enabled: pulumi.Bool(true),
HeaderKeyParameter: pulumi.String("kid"),
Oauth2AuthorizationEndpoint: pulumi.String("https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect"),
Oauth2TokenEndpoint: pulumi.String("https://acme.com/adfs/oauth2/token"),
UniqueIdentityClaim: pulumi.String("email"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fusionauth = theogravity.Fusionauth;
return await Deployment.RunAsync(() =>
{
var jwt = new Fusionauth.FusionAuthIdpExternalJwt("jwt", new()
{
ClaimMap =
{
{ "dept", "RegistrationData" },
{ "first_name", "firstName" },
{ "last_name", "lastName" },
},
Debug = false,
Enabled = true,
HeaderKeyParameter = "kid",
Oauth2AuthorizationEndpoint = "https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect",
Oauth2TokenEndpoint = "https://acme.com/adfs/oauth2/token",
UniqueIdentityClaim = "email",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fusionauth.FusionAuthIdpExternalJwt;
import com.pulumi.fusionauth.FusionAuthIdpExternalJwtArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var jwt = new FusionAuthIdpExternalJwt("jwt", FusionAuthIdpExternalJwtArgs.builder()
.claimMap(Map.ofEntries(
Map.entry("dept", "RegistrationData"),
Map.entry("first_name", "firstName"),
Map.entry("last_name", "lastName")
))
.debug(false)
.enabled(true)
.headerKeyParameter("kid")
.oauth2AuthorizationEndpoint("https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect")
.oauth2TokenEndpoint("https://acme.com/adfs/oauth2/token")
.uniqueIdentityClaim("email")
.build());
}
}
resources:
jwt:
type: fusionauth:FusionAuthIdpExternalJwt
properties:
claimMap:
dept: RegistrationData
first_name: firstName
last_name: lastName
debug: false
enabled: true
headerKeyParameter: kid
oauth2AuthorizationEndpoint: https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect
oauth2TokenEndpoint: https://acme.com/adfs/oauth2/token
uniqueIdentityClaim: email
Create FusionAuthIdpExternalJwt Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FusionAuthIdpExternalJwt(name: string, args: FusionAuthIdpExternalJwtArgs, opts?: CustomResourceOptions);
@overload
def FusionAuthIdpExternalJwt(resource_name: str,
args: FusionAuthIdpExternalJwtArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FusionAuthIdpExternalJwt(resource_name: str,
opts: Optional[ResourceOptions] = None,
header_key_parameter: Optional[str] = None,
unique_identity_claim: Optional[str] = None,
idp_id: Optional[str] = None,
domains: Optional[Sequence[str]] = None,
enabled: Optional[bool] = None,
debug: Optional[bool] = None,
application_configurations: Optional[Sequence[FusionAuthIdpExternalJwtApplicationConfigurationArgs]] = None,
lambda_reconcile_id: Optional[str] = None,
linking_strategy: Optional[str] = None,
name: Optional[str] = None,
oauth2_authorization_endpoint: Optional[str] = None,
oauth2_token_endpoint: Optional[str] = None,
tenant_configurations: Optional[Sequence[FusionAuthIdpExternalJwtTenantConfigurationArgs]] = None,
claim_map: Optional[Mapping[str, Any]] = None)
func NewFusionAuthIdpExternalJwt(ctx *Context, name string, args FusionAuthIdpExternalJwtArgs, opts ...ResourceOption) (*FusionAuthIdpExternalJwt, error)
public FusionAuthIdpExternalJwt(string name, FusionAuthIdpExternalJwtArgs args, CustomResourceOptions? opts = null)
public FusionAuthIdpExternalJwt(String name, FusionAuthIdpExternalJwtArgs args)
public FusionAuthIdpExternalJwt(String name, FusionAuthIdpExternalJwtArgs args, CustomResourceOptions options)
type: fusionauth:FusionAuthIdpExternalJwt
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FusionAuthIdpExternalJwtArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FusionAuthIdpExternalJwtArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FusionAuthIdpExternalJwtArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FusionAuthIdpExternalJwtArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FusionAuthIdpExternalJwtArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var fusionAuthIdpExternalJwtResource = new Fusionauth.FusionAuthIdpExternalJwt("fusionAuthIdpExternalJwtResource", new()
{
HeaderKeyParameter = "string",
UniqueIdentityClaim = "string",
IdpId = "string",
Domains = new[]
{
"string",
},
Enabled = false,
Debug = false,
ApplicationConfigurations = new[]
{
new Fusionauth.Inputs.FusionAuthIdpExternalJwtApplicationConfigurationArgs
{
ApplicationId = "string",
CreateRegistration = false,
Enabled = false,
},
},
LambdaReconcileId = "string",
LinkingStrategy = "string",
Name = "string",
Oauth2AuthorizationEndpoint = "string",
Oauth2TokenEndpoint = "string",
TenantConfigurations = new[]
{
new Fusionauth.Inputs.FusionAuthIdpExternalJwtTenantConfigurationArgs
{
LimitUserLinkCountEnabled = false,
LimitUserLinkCountMaximumLinks = 0,
TenantId = "string",
},
},
ClaimMap =
{
{ "string", "any" },
},
});
example, err := fusionauth.NewFusionAuthIdpExternalJwt(ctx, "fusionAuthIdpExternalJwtResource", &fusionauth.FusionAuthIdpExternalJwtArgs{
HeaderKeyParameter: pulumi.String("string"),
UniqueIdentityClaim: pulumi.String("string"),
IdpId: pulumi.String("string"),
Domains: pulumi.StringArray{
pulumi.String("string"),
},
Enabled: pulumi.Bool(false),
Debug: pulumi.Bool(false),
ApplicationConfigurations: fusionauth.FusionAuthIdpExternalJwtApplicationConfigurationArray{
&fusionauth.FusionAuthIdpExternalJwtApplicationConfigurationArgs{
ApplicationId: pulumi.String("string"),
CreateRegistration: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
},
},
LambdaReconcileId: pulumi.String("string"),
LinkingStrategy: pulumi.String("string"),
Name: pulumi.String("string"),
Oauth2AuthorizationEndpoint: pulumi.String("string"),
Oauth2TokenEndpoint: pulumi.String("string"),
TenantConfigurations: fusionauth.FusionAuthIdpExternalJwtTenantConfigurationArray{
&fusionauth.FusionAuthIdpExternalJwtTenantConfigurationArgs{
LimitUserLinkCountEnabled: pulumi.Bool(false),
LimitUserLinkCountMaximumLinks: pulumi.Int(0),
TenantId: pulumi.String("string"),
},
},
ClaimMap: pulumi.Map{
"string": pulumi.Any("any"),
},
})
var fusionAuthIdpExternalJwtResource = new FusionAuthIdpExternalJwt("fusionAuthIdpExternalJwtResource", FusionAuthIdpExternalJwtArgs.builder()
.headerKeyParameter("string")
.uniqueIdentityClaim("string")
.idpId("string")
.domains("string")
.enabled(false)
.debug(false)
.applicationConfigurations(FusionAuthIdpExternalJwtApplicationConfigurationArgs.builder()
.applicationId("string")
.createRegistration(false)
.enabled(false)
.build())
.lambdaReconcileId("string")
.linkingStrategy("string")
.name("string")
.oauth2AuthorizationEndpoint("string")
.oauth2TokenEndpoint("string")
.tenantConfigurations(FusionAuthIdpExternalJwtTenantConfigurationArgs.builder()
.limitUserLinkCountEnabled(false)
.limitUserLinkCountMaximumLinks(0)
.tenantId("string")
.build())
.claimMap(Map.of("string", "any"))
.build());
fusion_auth_idp_external_jwt_resource = fusionauth.FusionAuthIdpExternalJwt("fusionAuthIdpExternalJwtResource",
header_key_parameter="string",
unique_identity_claim="string",
idp_id="string",
domains=["string"],
enabled=False,
debug=False,
application_configurations=[{
"application_id": "string",
"create_registration": False,
"enabled": False,
}],
lambda_reconcile_id="string",
linking_strategy="string",
name="string",
oauth2_authorization_endpoint="string",
oauth2_token_endpoint="string",
tenant_configurations=[{
"limit_user_link_count_enabled": False,
"limit_user_link_count_maximum_links": 0,
"tenant_id": "string",
}],
claim_map={
"string": "any",
})
const fusionAuthIdpExternalJwtResource = new fusionauth.FusionAuthIdpExternalJwt("fusionAuthIdpExternalJwtResource", {
headerKeyParameter: "string",
uniqueIdentityClaim: "string",
idpId: "string",
domains: ["string"],
enabled: false,
debug: false,
applicationConfigurations: [{
applicationId: "string",
createRegistration: false,
enabled: false,
}],
lambdaReconcileId: "string",
linkingStrategy: "string",
name: "string",
oauth2AuthorizationEndpoint: "string",
oauth2TokenEndpoint: "string",
tenantConfigurations: [{
limitUserLinkCountEnabled: false,
limitUserLinkCountMaximumLinks: 0,
tenantId: "string",
}],
claimMap: {
string: "any",
},
});
type: fusionauth:FusionAuthIdpExternalJwt
properties:
applicationConfigurations:
- applicationId: string
createRegistration: false
enabled: false
claimMap:
string: any
debug: false
domains:
- string
enabled: false
headerKeyParameter: string
idpId: string
lambdaReconcileId: string
linkingStrategy: string
name: string
oauth2AuthorizationEndpoint: string
oauth2TokenEndpoint: string
tenantConfigurations:
- limitUserLinkCountEnabled: false
limitUserLinkCountMaximumLinks: 0
tenantId: string
uniqueIdentityClaim: string
FusionAuthIdpExternalJwt Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FusionAuthIdpExternalJwt resource accepts the following input properties:
- Header
Key stringParameter - The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
- Unique
Identity stringClaim - The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
- Application
Configurations List<theogravity.Fusionauth. Inputs. Fusion Auth Idp External Jwt Application Configuration> - The configuration for each Application that the identity provider is enabled for.
- Claim
Map Dictionary<string, object> - A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
- Debug bool
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- Domains List<string>
- An array of domains that are managed by this Identity Provider.
- Enabled bool
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- Idp
Id string - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- Lambda
Reconcile stringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- Linking
Strategy string - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- Name string
- The name of the Identity Provider.
- string
- The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
- Oauth2Token
Endpoint string - TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
- Tenant
Configurations List<theogravity.Fusionauth. Inputs. Fusion Auth Idp External Jwt Tenant Configuration> - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- Header
Key stringParameter - The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
- Unique
Identity stringClaim - The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
- Application
Configurations []FusionAuth Idp External Jwt Application Configuration Args - The configuration for each Application that the identity provider is enabled for.
- Claim
Map map[string]interface{} - A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
- Debug bool
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- Domains []string
- An array of domains that are managed by this Identity Provider.
- Enabled bool
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- Idp
Id string - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- Lambda
Reconcile stringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- Linking
Strategy string - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- Name string
- The name of the Identity Provider.
- string
- The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
- Oauth2Token
Endpoint string - TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
- Tenant
Configurations []FusionAuth Idp External Jwt Tenant Configuration Args - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- header
Key StringParameter - The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
- unique
Identity StringClaim - The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
- application
Configurations List<FusionAuth Idp External Jwt Application Configuration> - The configuration for each Application that the identity provider is enabled for.
- claim
Map Map<String,Object> - A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
- debug Boolean
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- domains List<String>
- An array of domains that are managed by this Identity Provider.
- enabled Boolean
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- idp
Id String - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- lambda
Reconcile StringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- linking
Strategy String - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- name String
- The name of the Identity Provider.
- String
- The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
- oauth2Token
Endpoint String - TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
- tenant
Configurations List<FusionAuth Idp External Jwt Tenant Configuration> - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- header
Key stringParameter - The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
- unique
Identity stringClaim - The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
- application
Configurations FusionAuth Idp External Jwt Application Configuration[] - The configuration for each Application that the identity provider is enabled for.
- claim
Map {[key: string]: any} - A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
- debug boolean
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- domains string[]
- An array of domains that are managed by this Identity Provider.
- enabled boolean
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- idp
Id string - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- lambda
Reconcile stringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- linking
Strategy string - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- name string
- The name of the Identity Provider.
- string
- The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
- oauth2Token
Endpoint string - TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
- tenant
Configurations FusionAuth Idp External Jwt Tenant Configuration[] - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- header_
key_ strparameter - The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
- unique_
identity_ strclaim - The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
- application_
configurations Sequence[FusionAuth Idp External Jwt Application Configuration Args] - The configuration for each Application that the identity provider is enabled for.
- claim_
map Mapping[str, Any] - A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
- debug bool
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- domains Sequence[str]
- An array of domains that are managed by this Identity Provider.
- enabled bool
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- idp_
id str - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- lambda_
reconcile_ strid - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- linking_
strategy str - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- name str
- The name of the Identity Provider.
- str
- The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
- oauth2_
token_ strendpoint - TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
- tenant_
configurations Sequence[FusionAuth Idp External Jwt Tenant Configuration Args] - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- header
Key StringParameter - The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
- unique
Identity StringClaim - The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
- application
Configurations List<Property Map> - The configuration for each Application that the identity provider is enabled for.
- claim
Map Map<Any> - A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
- debug Boolean
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- domains List<String>
- An array of domains that are managed by this Identity Provider.
- enabled Boolean
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- idp
Id String - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- lambda
Reconcile StringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- linking
Strategy String - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- name String
- The name of the Identity Provider.
- String
- The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
- oauth2Token
Endpoint String - TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
- tenant
Configurations List<Property Map> - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
Outputs
All input properties are implicitly available as output properties. Additionally, the FusionAuthIdpExternalJwt resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing FusionAuthIdpExternalJwt Resource
Get an existing FusionAuthIdpExternalJwt resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FusionAuthIdpExternalJwtState, opts?: CustomResourceOptions): FusionAuthIdpExternalJwt
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
application_configurations: Optional[Sequence[FusionAuthIdpExternalJwtApplicationConfigurationArgs]] = None,
claim_map: Optional[Mapping[str, Any]] = None,
debug: Optional[bool] = None,
domains: Optional[Sequence[str]] = None,
enabled: Optional[bool] = None,
header_key_parameter: Optional[str] = None,
idp_id: Optional[str] = None,
lambda_reconcile_id: Optional[str] = None,
linking_strategy: Optional[str] = None,
name: Optional[str] = None,
oauth2_authorization_endpoint: Optional[str] = None,
oauth2_token_endpoint: Optional[str] = None,
tenant_configurations: Optional[Sequence[FusionAuthIdpExternalJwtTenantConfigurationArgs]] = None,
unique_identity_claim: Optional[str] = None) -> FusionAuthIdpExternalJwt
func GetFusionAuthIdpExternalJwt(ctx *Context, name string, id IDInput, state *FusionAuthIdpExternalJwtState, opts ...ResourceOption) (*FusionAuthIdpExternalJwt, error)
public static FusionAuthIdpExternalJwt Get(string name, Input<string> id, FusionAuthIdpExternalJwtState? state, CustomResourceOptions? opts = null)
public static FusionAuthIdpExternalJwt get(String name, Output<String> id, FusionAuthIdpExternalJwtState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Application
Configurations List<theogravity.Fusionauth. Inputs. Fusion Auth Idp External Jwt Application Configuration> - The configuration for each Application that the identity provider is enabled for.
- Claim
Map Dictionary<string, object> - A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
- Debug bool
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- Domains List<string>
- An array of domains that are managed by this Identity Provider.
- Enabled bool
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- Header
Key stringParameter - The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
- Idp
Id string - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- Lambda
Reconcile stringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- Linking
Strategy string - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- Name string
- The name of the Identity Provider.
- string
- The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
- Oauth2Token
Endpoint string - TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
- Tenant
Configurations List<theogravity.Fusionauth. Inputs. Fusion Auth Idp External Jwt Tenant Configuration> - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- Unique
Identity stringClaim - The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
- Application
Configurations []FusionAuth Idp External Jwt Application Configuration Args - The configuration for each Application that the identity provider is enabled for.
- Claim
Map map[string]interface{} - A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
- Debug bool
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- Domains []string
- An array of domains that are managed by this Identity Provider.
- Enabled bool
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- Header
Key stringParameter - The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
- Idp
Id string - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- Lambda
Reconcile stringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- Linking
Strategy string - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- Name string
- The name of the Identity Provider.
- string
- The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
- Oauth2Token
Endpoint string - TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
- Tenant
Configurations []FusionAuth Idp External Jwt Tenant Configuration Args - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- Unique
Identity stringClaim - The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
- application
Configurations List<FusionAuth Idp External Jwt Application Configuration> - The configuration for each Application that the identity provider is enabled for.
- claim
Map Map<String,Object> - A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
- debug Boolean
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- domains List<String>
- An array of domains that are managed by this Identity Provider.
- enabled Boolean
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- header
Key StringParameter - The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
- idp
Id String - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- lambda
Reconcile StringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- linking
Strategy String - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- name String
- The name of the Identity Provider.
- String
- The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
- oauth2Token
Endpoint String - TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
- tenant
Configurations List<FusionAuth Idp External Jwt Tenant Configuration> - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- unique
Identity StringClaim - The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
- application
Configurations FusionAuth Idp External Jwt Application Configuration[] - The configuration for each Application that the identity provider is enabled for.
- claim
Map {[key: string]: any} - A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
- debug boolean
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- domains string[]
- An array of domains that are managed by this Identity Provider.
- enabled boolean
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- header
Key stringParameter - The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
- idp
Id string - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- lambda
Reconcile stringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- linking
Strategy string - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- name string
- The name of the Identity Provider.
- string
- The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
- oauth2Token
Endpoint string - TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
- tenant
Configurations FusionAuth Idp External Jwt Tenant Configuration[] - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- unique
Identity stringClaim - The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
- application_
configurations Sequence[FusionAuth Idp External Jwt Application Configuration Args] - The configuration for each Application that the identity provider is enabled for.
- claim_
map Mapping[str, Any] - A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
- debug bool
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- domains Sequence[str]
- An array of domains that are managed by this Identity Provider.
- enabled bool
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- header_
key_ strparameter - The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
- idp_
id str - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- lambda_
reconcile_ strid - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- linking_
strategy str - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- name str
- The name of the Identity Provider.
- str
- The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
- oauth2_
token_ strendpoint - TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
- tenant_
configurations Sequence[FusionAuth Idp External Jwt Tenant Configuration Args] - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- unique_
identity_ strclaim - The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
- application
Configurations List<Property Map> - The configuration for each Application that the identity provider is enabled for.
- claim
Map Map<Any> - A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
- debug Boolean
- Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
- domains List<String>
- An array of domains that are managed by this Identity Provider.
- enabled Boolean
- Determines if this provider is enabled. If it is false then it will be disabled globally.
- header
Key StringParameter - The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
- idp
Id String - The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
- lambda
Reconcile StringId - The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
- linking
Strategy String - The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
- name String
- The name of the Identity Provider.
- String
- The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
- oauth2Token
Endpoint String - TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
- tenant
Configurations List<Property Map> - The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
- unique
Identity StringClaim - The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
Supporting Types
FusionAuthIdpExternalJwtApplicationConfiguration, FusionAuthIdpExternalJwtApplicationConfigurationArgs
- Application
Id string - ID of the Application to apply this configuration to.
- Create
Registration bool - Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
- Enabled bool
- Determines if this identity provider is enabled for the Application specified by the applicationId key.
- Application
Id string - ID of the Application to apply this configuration to.
- Create
Registration bool - Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
- Enabled bool
- Determines if this identity provider is enabled for the Application specified by the applicationId key.
- application
Id String - ID of the Application to apply this configuration to.
- create
Registration Boolean - Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
- enabled Boolean
- Determines if this identity provider is enabled for the Application specified by the applicationId key.
- application
Id string - ID of the Application to apply this configuration to.
- create
Registration boolean - Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
- enabled boolean
- Determines if this identity provider is enabled for the Application specified by the applicationId key.
- application_
id str - ID of the Application to apply this configuration to.
- create_
registration bool - Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
- enabled bool
- Determines if this identity provider is enabled for the Application specified by the applicationId key.
- application
Id String - ID of the Application to apply this configuration to.
- create
Registration Boolean - Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
- enabled Boolean
- Determines if this identity provider is enabled for the Application specified by the applicationId key.
FusionAuthIdpExternalJwtTenantConfiguration, FusionAuthIdpExternalJwtTenantConfigurationArgs
- Limit
User boolLink Count Enabled - When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
- Limit
User intLink Count Maximum Links - Determines if this provider is enabled. If it is false then it will be disabled globally.
- Tenant
Id string - The unique Id of the tenant that this configuration applies to.
- Limit
User boolLink Count Enabled - When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
- Limit
User intLink Count Maximum Links - Determines if this provider is enabled. If it is false then it will be disabled globally.
- Tenant
Id string - The unique Id of the tenant that this configuration applies to.
- limit
User BooleanLink Count Enabled - When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
- limit
User IntegerLink Count Maximum Links - Determines if this provider is enabled. If it is false then it will be disabled globally.
- tenant
Id String - The unique Id of the tenant that this configuration applies to.
- limit
User booleanLink Count Enabled - When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
- limit
User numberLink Count Maximum Links - Determines if this provider is enabled. If it is false then it will be disabled globally.
- tenant
Id string - The unique Id of the tenant that this configuration applies to.
- limit_
user_ boollink_ count_ enabled - When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
- limit_
user_ intlink_ count_ maximum_ links - Determines if this provider is enabled. If it is false then it will be disabled globally.
- tenant_
id str - The unique Id of the tenant that this configuration applies to.
- limit
User BooleanLink Count Enabled - When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
- limit
User NumberLink Count Maximum Links - Determines if this provider is enabled. If it is false then it will be disabled globally.
- tenant
Id String - The unique Id of the tenant that this configuration applies to.
Package Details
- Repository
- fusionauth theogravity/pulumi-fusionauth
- License
- MIT
- Notes
- This Pulumi package is based on the
fusionauth
Terraform Provider.