1. Packages
  2. FusionAuth
  3. API Docs
  4. FusionAuthIdpExternalJwt
FusionAuth v5.1.0 published on Tuesday, Oct 22, 2024 by Theo Gravity

fusionauth.FusionAuthIdpExternalJwt

Explore with Pulumi AI

fusionauth logo
FusionAuth v5.1.0 published on Tuesday, Oct 22, 2024 by Theo Gravity

    # External JWT Identity Provider Resource

    This is a special type of identity provider that is only used via the JWT Reconcile API. This identity provider defines the claims inside the incoming JWT and how they map to fields in the FusionAuth User object.

    In order for this identity provider to use the JWT, it also needs the public key or HMAC secret that the JWT was signed with. FusionAuth will verify that the JWT is valid and has not expired. Once the JWT has been validated, FusionAuth will reconcile it to ensure that the User exists and is up-to-date.

    External JWT Identity Providers API

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as fusionauth from "pulumi-fusionauth";
    
    const jwt = new fusionauth.FusionAuthIdpExternalJwt("jwt", {
        claimMap: {
            dept: "RegistrationData",
            first_name: "firstName",
            last_name: "lastName",
        },
        debug: false,
        enabled: true,
        headerKeyParameter: "kid",
        oauth2AuthorizationEndpoint: "https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect",
        oauth2TokenEndpoint: "https://acme.com/adfs/oauth2/token",
        uniqueIdentityClaim: "email",
    });
    
    import pulumi
    import theogravity_pulumi_fusionauth as fusionauth
    
    jwt = fusionauth.FusionAuthIdpExternalJwt("jwt",
        claim_map={
            "dept": "RegistrationData",
            "first_name": "firstName",
            "last_name": "lastName",
        },
        debug=False,
        enabled=True,
        header_key_parameter="kid",
        oauth2_authorization_endpoint="https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect",
        oauth2_token_endpoint="https://acme.com/adfs/oauth2/token",
        unique_identity_claim="email")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    	"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := fusionauth.NewFusionAuthIdpExternalJwt(ctx, "jwt", &fusionauth.FusionAuthIdpExternalJwtArgs{
    			ClaimMap: pulumi.Map{
    				"dept":       pulumi.Any("RegistrationData"),
    				"first_name": pulumi.Any("firstName"),
    				"last_name":  pulumi.Any("lastName"),
    			},
    			Debug:                       pulumi.Bool(false),
    			Enabled:                     pulumi.Bool(true),
    			HeaderKeyParameter:          pulumi.String("kid"),
    			Oauth2AuthorizationEndpoint: pulumi.String("https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect"),
    			Oauth2TokenEndpoint:         pulumi.String("https://acme.com/adfs/oauth2/token"),
    			UniqueIdentityClaim:         pulumi.String("email"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Fusionauth = theogravity.Fusionauth;
    
    return await Deployment.RunAsync(() => 
    {
        var jwt = new Fusionauth.FusionAuthIdpExternalJwt("jwt", new()
        {
            ClaimMap = 
            {
                { "dept", "RegistrationData" },
                { "first_name", "firstName" },
                { "last_name", "lastName" },
            },
            Debug = false,
            Enabled = true,
            HeaderKeyParameter = "kid",
            Oauth2AuthorizationEndpoint = "https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect",
            Oauth2TokenEndpoint = "https://acme.com/adfs/oauth2/token",
            UniqueIdentityClaim = "email",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.fusionauth.FusionAuthIdpExternalJwt;
    import com.pulumi.fusionauth.FusionAuthIdpExternalJwtArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var jwt = new FusionAuthIdpExternalJwt("jwt", FusionAuthIdpExternalJwtArgs.builder()
                .claimMap(Map.ofEntries(
                    Map.entry("dept", "RegistrationData"),
                    Map.entry("first_name", "firstName"),
                    Map.entry("last_name", "lastName")
                ))
                .debug(false)
                .enabled(true)
                .headerKeyParameter("kid")
                .oauth2AuthorizationEndpoint("https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect")
                .oauth2TokenEndpoint("https://acme.com/adfs/oauth2/token")
                .uniqueIdentityClaim("email")
                .build());
    
        }
    }
    
    resources:
      jwt:
        type: fusionauth:FusionAuthIdpExternalJwt
        properties:
          claimMap:
            dept: RegistrationData
            first_name: firstName
            last_name: lastName
          debug: false
          enabled: true
          headerKeyParameter: kid
          oauth2AuthorizationEndpoint: https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect
          oauth2TokenEndpoint: https://acme.com/adfs/oauth2/token
          uniqueIdentityClaim: email
    

    Create FusionAuthIdpExternalJwt Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new FusionAuthIdpExternalJwt(name: string, args: FusionAuthIdpExternalJwtArgs, opts?: CustomResourceOptions);
    @overload
    def FusionAuthIdpExternalJwt(resource_name: str,
                                 args: FusionAuthIdpExternalJwtArgs,
                                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def FusionAuthIdpExternalJwt(resource_name: str,
                                 opts: Optional[ResourceOptions] = None,
                                 header_key_parameter: Optional[str] = None,
                                 unique_identity_claim: Optional[str] = None,
                                 idp_id: Optional[str] = None,
                                 domains: Optional[Sequence[str]] = None,
                                 enabled: Optional[bool] = None,
                                 debug: Optional[bool] = None,
                                 application_configurations: Optional[Sequence[FusionAuthIdpExternalJwtApplicationConfigurationArgs]] = None,
                                 lambda_reconcile_id: Optional[str] = None,
                                 linking_strategy: Optional[str] = None,
                                 name: Optional[str] = None,
                                 oauth2_authorization_endpoint: Optional[str] = None,
                                 oauth2_token_endpoint: Optional[str] = None,
                                 tenant_configurations: Optional[Sequence[FusionAuthIdpExternalJwtTenantConfigurationArgs]] = None,
                                 claim_map: Optional[Mapping[str, Any]] = None)
    func NewFusionAuthIdpExternalJwt(ctx *Context, name string, args FusionAuthIdpExternalJwtArgs, opts ...ResourceOption) (*FusionAuthIdpExternalJwt, error)
    public FusionAuthIdpExternalJwt(string name, FusionAuthIdpExternalJwtArgs args, CustomResourceOptions? opts = null)
    public FusionAuthIdpExternalJwt(String name, FusionAuthIdpExternalJwtArgs args)
    public FusionAuthIdpExternalJwt(String name, FusionAuthIdpExternalJwtArgs args, CustomResourceOptions options)
    
    type: fusionauth:FusionAuthIdpExternalJwt
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args FusionAuthIdpExternalJwtArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FusionAuthIdpExternalJwtArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FusionAuthIdpExternalJwtArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FusionAuthIdpExternalJwtArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FusionAuthIdpExternalJwtArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var fusionAuthIdpExternalJwtResource = new Fusionauth.FusionAuthIdpExternalJwt("fusionAuthIdpExternalJwtResource", new()
    {
        HeaderKeyParameter = "string",
        UniqueIdentityClaim = "string",
        IdpId = "string",
        Domains = new[]
        {
            "string",
        },
        Enabled = false,
        Debug = false,
        ApplicationConfigurations = new[]
        {
            new Fusionauth.Inputs.FusionAuthIdpExternalJwtApplicationConfigurationArgs
            {
                ApplicationId = "string",
                CreateRegistration = false,
                Enabled = false,
            },
        },
        LambdaReconcileId = "string",
        LinkingStrategy = "string",
        Name = "string",
        Oauth2AuthorizationEndpoint = "string",
        Oauth2TokenEndpoint = "string",
        TenantConfigurations = new[]
        {
            new Fusionauth.Inputs.FusionAuthIdpExternalJwtTenantConfigurationArgs
            {
                LimitUserLinkCountEnabled = false,
                LimitUserLinkCountMaximumLinks = 0,
                TenantId = "string",
            },
        },
        ClaimMap = 
        {
            { "string", "any" },
        },
    });
    
    example, err := fusionauth.NewFusionAuthIdpExternalJwt(ctx, "fusionAuthIdpExternalJwtResource", &fusionauth.FusionAuthIdpExternalJwtArgs{
    	HeaderKeyParameter:  pulumi.String("string"),
    	UniqueIdentityClaim: pulumi.String("string"),
    	IdpId:               pulumi.String("string"),
    	Domains: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Enabled: pulumi.Bool(false),
    	Debug:   pulumi.Bool(false),
    	ApplicationConfigurations: fusionauth.FusionAuthIdpExternalJwtApplicationConfigurationArray{
    		&fusionauth.FusionAuthIdpExternalJwtApplicationConfigurationArgs{
    			ApplicationId:      pulumi.String("string"),
    			CreateRegistration: pulumi.Bool(false),
    			Enabled:            pulumi.Bool(false),
    		},
    	},
    	LambdaReconcileId:           pulumi.String("string"),
    	LinkingStrategy:             pulumi.String("string"),
    	Name:                        pulumi.String("string"),
    	Oauth2AuthorizationEndpoint: pulumi.String("string"),
    	Oauth2TokenEndpoint:         pulumi.String("string"),
    	TenantConfigurations: fusionauth.FusionAuthIdpExternalJwtTenantConfigurationArray{
    		&fusionauth.FusionAuthIdpExternalJwtTenantConfigurationArgs{
    			LimitUserLinkCountEnabled:      pulumi.Bool(false),
    			LimitUserLinkCountMaximumLinks: pulumi.Int(0),
    			TenantId:                       pulumi.String("string"),
    		},
    	},
    	ClaimMap: pulumi.Map{
    		"string": pulumi.Any("any"),
    	},
    })
    
    var fusionAuthIdpExternalJwtResource = new FusionAuthIdpExternalJwt("fusionAuthIdpExternalJwtResource", FusionAuthIdpExternalJwtArgs.builder()
        .headerKeyParameter("string")
        .uniqueIdentityClaim("string")
        .idpId("string")
        .domains("string")
        .enabled(false)
        .debug(false)
        .applicationConfigurations(FusionAuthIdpExternalJwtApplicationConfigurationArgs.builder()
            .applicationId("string")
            .createRegistration(false)
            .enabled(false)
            .build())
        .lambdaReconcileId("string")
        .linkingStrategy("string")
        .name("string")
        .oauth2AuthorizationEndpoint("string")
        .oauth2TokenEndpoint("string")
        .tenantConfigurations(FusionAuthIdpExternalJwtTenantConfigurationArgs.builder()
            .limitUserLinkCountEnabled(false)
            .limitUserLinkCountMaximumLinks(0)
            .tenantId("string")
            .build())
        .claimMap(Map.of("string", "any"))
        .build());
    
    fusion_auth_idp_external_jwt_resource = fusionauth.FusionAuthIdpExternalJwt("fusionAuthIdpExternalJwtResource",
        header_key_parameter="string",
        unique_identity_claim="string",
        idp_id="string",
        domains=["string"],
        enabled=False,
        debug=False,
        application_configurations=[{
            "application_id": "string",
            "create_registration": False,
            "enabled": False,
        }],
        lambda_reconcile_id="string",
        linking_strategy="string",
        name="string",
        oauth2_authorization_endpoint="string",
        oauth2_token_endpoint="string",
        tenant_configurations=[{
            "limit_user_link_count_enabled": False,
            "limit_user_link_count_maximum_links": 0,
            "tenant_id": "string",
        }],
        claim_map={
            "string": "any",
        })
    
    const fusionAuthIdpExternalJwtResource = new fusionauth.FusionAuthIdpExternalJwt("fusionAuthIdpExternalJwtResource", {
        headerKeyParameter: "string",
        uniqueIdentityClaim: "string",
        idpId: "string",
        domains: ["string"],
        enabled: false,
        debug: false,
        applicationConfigurations: [{
            applicationId: "string",
            createRegistration: false,
            enabled: false,
        }],
        lambdaReconcileId: "string",
        linkingStrategy: "string",
        name: "string",
        oauth2AuthorizationEndpoint: "string",
        oauth2TokenEndpoint: "string",
        tenantConfigurations: [{
            limitUserLinkCountEnabled: false,
            limitUserLinkCountMaximumLinks: 0,
            tenantId: "string",
        }],
        claimMap: {
            string: "any",
        },
    });
    
    type: fusionauth:FusionAuthIdpExternalJwt
    properties:
        applicationConfigurations:
            - applicationId: string
              createRegistration: false
              enabled: false
        claimMap:
            string: any
        debug: false
        domains:
            - string
        enabled: false
        headerKeyParameter: string
        idpId: string
        lambdaReconcileId: string
        linkingStrategy: string
        name: string
        oauth2AuthorizationEndpoint: string
        oauth2TokenEndpoint: string
        tenantConfigurations:
            - limitUserLinkCountEnabled: false
              limitUserLinkCountMaximumLinks: 0
              tenantId: string
        uniqueIdentityClaim: string
    

    FusionAuthIdpExternalJwt Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The FusionAuthIdpExternalJwt resource accepts the following input properties:

    HeaderKeyParameter string
    The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
    UniqueIdentityClaim string
    The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
    ApplicationConfigurations List<theogravity.Fusionauth.Inputs.FusionAuthIdpExternalJwtApplicationConfiguration>
    The configuration for each Application that the identity provider is enabled for.
    ClaimMap Dictionary<string, object>
    A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
    Debug bool
    Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
    Domains List<string>
    An array of domains that are managed by this Identity Provider.
    Enabled bool
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    IdpId string
    The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
    LambdaReconcileId string
    The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
    LinkingStrategy string
    The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
    Name string
    The name of the Identity Provider.
    Oauth2AuthorizationEndpoint string
    The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
    Oauth2TokenEndpoint string
    TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
    TenantConfigurations List<theogravity.Fusionauth.Inputs.FusionAuthIdpExternalJwtTenantConfiguration>
    The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
    HeaderKeyParameter string
    The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
    UniqueIdentityClaim string
    The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
    ApplicationConfigurations []FusionAuthIdpExternalJwtApplicationConfigurationArgs
    The configuration for each Application that the identity provider is enabled for.
    ClaimMap map[string]interface{}
    A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
    Debug bool
    Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
    Domains []string
    An array of domains that are managed by this Identity Provider.
    Enabled bool
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    IdpId string
    The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
    LambdaReconcileId string
    The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
    LinkingStrategy string
    The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
    Name string
    The name of the Identity Provider.
    Oauth2AuthorizationEndpoint string
    The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
    Oauth2TokenEndpoint string
    TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
    TenantConfigurations []FusionAuthIdpExternalJwtTenantConfigurationArgs
    The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
    headerKeyParameter String
    The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
    uniqueIdentityClaim String
    The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
    applicationConfigurations List<FusionAuthIdpExternalJwtApplicationConfiguration>
    The configuration for each Application that the identity provider is enabled for.
    claimMap Map<String,Object>
    A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
    debug Boolean
    Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
    domains List<String>
    An array of domains that are managed by this Identity Provider.
    enabled Boolean
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    idpId String
    The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
    lambdaReconcileId String
    The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
    linkingStrategy String
    The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
    name String
    The name of the Identity Provider.
    oauth2AuthorizationEndpoint String
    The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
    oauth2TokenEndpoint String
    TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
    tenantConfigurations List<FusionAuthIdpExternalJwtTenantConfiguration>
    The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
    headerKeyParameter string
    The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
    uniqueIdentityClaim string
    The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
    applicationConfigurations FusionAuthIdpExternalJwtApplicationConfiguration[]
    The configuration for each Application that the identity provider is enabled for.
    claimMap {[key: string]: any}
    A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
    debug boolean
    Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
    domains string[]
    An array of domains that are managed by this Identity Provider.
    enabled boolean
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    idpId string
    The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
    lambdaReconcileId string
    The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
    linkingStrategy string
    The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
    name string
    The name of the Identity Provider.
    oauth2AuthorizationEndpoint string
    The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
    oauth2TokenEndpoint string
    TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
    tenantConfigurations FusionAuthIdpExternalJwtTenantConfiguration[]
    The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
    header_key_parameter str
    The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
    unique_identity_claim str
    The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
    application_configurations Sequence[FusionAuthIdpExternalJwtApplicationConfigurationArgs]
    The configuration for each Application that the identity provider is enabled for.
    claim_map Mapping[str, Any]
    A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
    debug bool
    Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
    domains Sequence[str]
    An array of domains that are managed by this Identity Provider.
    enabled bool
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    idp_id str
    The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
    lambda_reconcile_id str
    The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
    linking_strategy str
    The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
    name str
    The name of the Identity Provider.
    oauth2_authorization_endpoint str
    The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
    oauth2_token_endpoint str
    TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
    tenant_configurations Sequence[FusionAuthIdpExternalJwtTenantConfigurationArgs]
    The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
    headerKeyParameter String
    The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
    uniqueIdentityClaim String
    The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
    applicationConfigurations List<Property Map>
    The configuration for each Application that the identity provider is enabled for.
    claimMap Map<Any>
    A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
    debug Boolean
    Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
    domains List<String>
    An array of domains that are managed by this Identity Provider.
    enabled Boolean
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    idpId String
    The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
    lambdaReconcileId String
    The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
    linkingStrategy String
    The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
    name String
    The name of the Identity Provider.
    oauth2AuthorizationEndpoint String
    The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
    oauth2TokenEndpoint String
    TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
    tenantConfigurations List<Property Map>
    The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FusionAuthIdpExternalJwt resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing FusionAuthIdpExternalJwt Resource

    Get an existing FusionAuthIdpExternalJwt resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FusionAuthIdpExternalJwtState, opts?: CustomResourceOptions): FusionAuthIdpExternalJwt
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            application_configurations: Optional[Sequence[FusionAuthIdpExternalJwtApplicationConfigurationArgs]] = None,
            claim_map: Optional[Mapping[str, Any]] = None,
            debug: Optional[bool] = None,
            domains: Optional[Sequence[str]] = None,
            enabled: Optional[bool] = None,
            header_key_parameter: Optional[str] = None,
            idp_id: Optional[str] = None,
            lambda_reconcile_id: Optional[str] = None,
            linking_strategy: Optional[str] = None,
            name: Optional[str] = None,
            oauth2_authorization_endpoint: Optional[str] = None,
            oauth2_token_endpoint: Optional[str] = None,
            tenant_configurations: Optional[Sequence[FusionAuthIdpExternalJwtTenantConfigurationArgs]] = None,
            unique_identity_claim: Optional[str] = None) -> FusionAuthIdpExternalJwt
    func GetFusionAuthIdpExternalJwt(ctx *Context, name string, id IDInput, state *FusionAuthIdpExternalJwtState, opts ...ResourceOption) (*FusionAuthIdpExternalJwt, error)
    public static FusionAuthIdpExternalJwt Get(string name, Input<string> id, FusionAuthIdpExternalJwtState? state, CustomResourceOptions? opts = null)
    public static FusionAuthIdpExternalJwt get(String name, Output<String> id, FusionAuthIdpExternalJwtState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    ApplicationConfigurations List<theogravity.Fusionauth.Inputs.FusionAuthIdpExternalJwtApplicationConfiguration>
    The configuration for each Application that the identity provider is enabled for.
    ClaimMap Dictionary<string, object>
    A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
    Debug bool
    Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
    Domains List<string>
    An array of domains that are managed by this Identity Provider.
    Enabled bool
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    HeaderKeyParameter string
    The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
    IdpId string
    The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
    LambdaReconcileId string
    The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
    LinkingStrategy string
    The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
    Name string
    The name of the Identity Provider.
    Oauth2AuthorizationEndpoint string
    The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
    Oauth2TokenEndpoint string
    TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
    TenantConfigurations List<theogravity.Fusionauth.Inputs.FusionAuthIdpExternalJwtTenantConfiguration>
    The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
    UniqueIdentityClaim string
    The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
    ApplicationConfigurations []FusionAuthIdpExternalJwtApplicationConfigurationArgs
    The configuration for each Application that the identity provider is enabled for.
    ClaimMap map[string]interface{}
    A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
    Debug bool
    Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
    Domains []string
    An array of domains that are managed by this Identity Provider.
    Enabled bool
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    HeaderKeyParameter string
    The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
    IdpId string
    The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
    LambdaReconcileId string
    The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
    LinkingStrategy string
    The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
    Name string
    The name of the Identity Provider.
    Oauth2AuthorizationEndpoint string
    The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
    Oauth2TokenEndpoint string
    TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
    TenantConfigurations []FusionAuthIdpExternalJwtTenantConfigurationArgs
    The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
    UniqueIdentityClaim string
    The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
    applicationConfigurations List<FusionAuthIdpExternalJwtApplicationConfiguration>
    The configuration for each Application that the identity provider is enabled for.
    claimMap Map<String,Object>
    A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
    debug Boolean
    Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
    domains List<String>
    An array of domains that are managed by this Identity Provider.
    enabled Boolean
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    headerKeyParameter String
    The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
    idpId String
    The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
    lambdaReconcileId String
    The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
    linkingStrategy String
    The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
    name String
    The name of the Identity Provider.
    oauth2AuthorizationEndpoint String
    The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
    oauth2TokenEndpoint String
    TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
    tenantConfigurations List<FusionAuthIdpExternalJwtTenantConfiguration>
    The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
    uniqueIdentityClaim String
    The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
    applicationConfigurations FusionAuthIdpExternalJwtApplicationConfiguration[]
    The configuration for each Application that the identity provider is enabled for.
    claimMap {[key: string]: any}
    A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
    debug boolean
    Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
    domains string[]
    An array of domains that are managed by this Identity Provider.
    enabled boolean
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    headerKeyParameter string
    The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
    idpId string
    The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
    lambdaReconcileId string
    The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
    linkingStrategy string
    The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
    name string
    The name of the Identity Provider.
    oauth2AuthorizationEndpoint string
    The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
    oauth2TokenEndpoint string
    TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
    tenantConfigurations FusionAuthIdpExternalJwtTenantConfiguration[]
    The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
    uniqueIdentityClaim string
    The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
    application_configurations Sequence[FusionAuthIdpExternalJwtApplicationConfigurationArgs]
    The configuration for each Application that the identity provider is enabled for.
    claim_map Mapping[str, Any]
    A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
    debug bool
    Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
    domains Sequence[str]
    An array of domains that are managed by this Identity Provider.
    enabled bool
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    header_key_parameter str
    The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
    idp_id str
    The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
    lambda_reconcile_id str
    The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
    linking_strategy str
    The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
    name str
    The name of the Identity Provider.
    oauth2_authorization_endpoint str
    The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
    oauth2_token_endpoint str
    TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
    tenant_configurations Sequence[FusionAuthIdpExternalJwtTenantConfigurationArgs]
    The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
    unique_identity_claim str
    The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.
    applicationConfigurations List<Property Map>
    The configuration for each Application that the identity provider is enabled for.
    claimMap Map<Any>
    A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider.
    debug Boolean
    Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
    domains List<String>
    An array of domains that are managed by this Identity Provider.
    enabled Boolean
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    headerKeyParameter String
    The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.
    idpId String
    The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
    lambdaReconcileId String
    The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
    linkingStrategy String
    The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
    name String
    The name of the Identity Provider.
    oauth2AuthorizationEndpoint String
    The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.
    oauth2TokenEndpoint String
    TThe token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.
    tenantConfigurations List<Property Map>
    The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
    uniqueIdentityClaim String
    The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.

    Supporting Types

    FusionAuthIdpExternalJwtApplicationConfiguration, FusionAuthIdpExternalJwtApplicationConfigurationArgs

    ApplicationId string
    ID of the Application to apply this configuration to.
    CreateRegistration bool
    Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
    Enabled bool
    Determines if this identity provider is enabled for the Application specified by the applicationId key.
    ApplicationId string
    ID of the Application to apply this configuration to.
    CreateRegistration bool
    Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
    Enabled bool
    Determines if this identity provider is enabled for the Application specified by the applicationId key.
    applicationId String
    ID of the Application to apply this configuration to.
    createRegistration Boolean
    Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
    enabled Boolean
    Determines if this identity provider is enabled for the Application specified by the applicationId key.
    applicationId string
    ID of the Application to apply this configuration to.
    createRegistration boolean
    Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
    enabled boolean
    Determines if this identity provider is enabled for the Application specified by the applicationId key.
    application_id str
    ID of the Application to apply this configuration to.
    create_registration bool
    Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
    enabled bool
    Determines if this identity provider is enabled for the Application specified by the applicationId key.
    applicationId String
    ID of the Application to apply this configuration to.
    createRegistration Boolean
    Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
    enabled Boolean
    Determines if this identity provider is enabled for the Application specified by the applicationId key.

    FusionAuthIdpExternalJwtTenantConfiguration, FusionAuthIdpExternalJwtTenantConfigurationArgs

    LimitUserLinkCountEnabled bool
    When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
    LimitUserLinkCountMaximumLinks int
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    TenantId string
    The unique Id of the tenant that this configuration applies to.
    LimitUserLinkCountEnabled bool
    When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
    LimitUserLinkCountMaximumLinks int
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    TenantId string
    The unique Id of the tenant that this configuration applies to.
    limitUserLinkCountEnabled Boolean
    When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
    limitUserLinkCountMaximumLinks Integer
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    tenantId String
    The unique Id of the tenant that this configuration applies to.
    limitUserLinkCountEnabled boolean
    When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
    limitUserLinkCountMaximumLinks number
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    tenantId string
    The unique Id of the tenant that this configuration applies to.
    limit_user_link_count_enabled bool
    When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
    limit_user_link_count_maximum_links int
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    tenant_id str
    The unique Id of the tenant that this configuration applies to.
    limitUserLinkCountEnabled Boolean
    When enabled, the number of identity provider links a user may create is enforced by maximumLinks.
    limitUserLinkCountMaximumLinks Number
    Determines if this provider is enabled. If it is false then it will be disabled globally.
    tenantId String
    The unique Id of the tenant that this configuration applies to.

    Package Details

    Repository
    fusionauth theogravity/pulumi-fusionauth
    License
    MIT
    Notes
    This Pulumi package is based on the fusionauth Terraform Provider.
    fusionauth logo
    FusionAuth v5.1.0 published on Tuesday, Oct 22, 2024 by Theo Gravity