keycloak.openid.Client
Explore with Pulumi AI
# keycloak.openid.Client
Allows for creating and managing Keycloak clients that use the OpenID Connect protocol.
Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users to Keycloak for authentication in order to take advantage of Keycloak’s user sessions for SSO.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const openidClient = new keycloak.openid.Client("openid_client", {
realmId: realm.id,
clientId: "test-client",
name: "test client",
enabled: true,
accessType: "CONFIDENTIAL",
validRedirectUris: ["http://localhost:8080/openid-callback"],
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
openid_client = keycloak.openid.Client("openid_client",
realm_id=realm.id,
client_id="test-client",
name="test client",
enabled=True,
access_type="CONFIDENTIAL",
valid_redirect_uris=["http://localhost:8080/openid-callback"])
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = openid.NewClient(ctx, "openid_client", &openid.ClientArgs{
RealmId: realm.ID(),
ClientId: pulumi.String("test-client"),
Name: pulumi.String("test client"),
Enabled: pulumi.Bool(true),
AccessType: pulumi.String("CONFIDENTIAL"),
ValidRedirectUris: pulumi.StringArray{
pulumi.String("http://localhost:8080/openid-callback"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var openidClient = new Keycloak.OpenId.Client("openid_client", new()
{
RealmId = realm.Id,
ClientId = "test-client",
Name = "test client",
Enabled = true,
AccessType = "CONFIDENTIAL",
ValidRedirectUris = new[]
{
"http://localhost:8080/openid-callback",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.openid.Client;
import com.pulumi.keycloak.openid.ClientArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var openidClient = new Client("openidClient", ClientArgs.builder()
.realmId(realm.id())
.clientId("test-client")
.name("test client")
.enabled(true)
.accessType("CONFIDENTIAL")
.validRedirectUris("http://localhost:8080/openid-callback")
.build());
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
openidClient:
type: keycloak:openid:Client
name: openid_client
properties:
realmId: ${realm.id}
clientId: test-client
name: test client
enabled: true
accessType: CONFIDENTIAL
validRedirectUris:
- http://localhost:8080/openid-callback
Argument Reference
The following arguments are supported:
realm_id
- (Required) The realm this client is attached to.client_id
- (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens.name
- (Optional) The display name of this client in the GUI.enabled
- (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults totrue
.description
- (Optional) The description of this client in the GUI.access_type
- (Required) Specifies the type of client, which can be one of the following:CONFIDENTIAL
- Used for server-side clients that require both client ID and secret when authenticating. This client should be used for applications using the Authorization Code or Client Credentials grant flows.PUBLIC
- Used for browser-only applications that do not require a client secret, and instead rely only on authorized redirect URIs for security. This client should be used for applications using the Implicit grant flow.BEARER-ONLY
- Used for services that never initiate a login. This client will only allow bearer token requests.
client_secret
- (Optional) The secret for clients with anaccess_type
ofCONFIDENTIAL
orBEARER-ONLY
. This value is sensitive and should be treated with the same care as a password. If omitted, Keycloak will generate a GUID for this attribute.standard_flow_enabled
- (Optional) Whentrue
, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults tofalse
.implicit_flow_enabled
- (Optional) Whentrue
, the OAuth2 Implicit Grant will be enabled for this client. Defaults tofalse
.direct_access_grants_enabled
- (Optional) Whentrue
, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults tofalse
.service_accounts_enabled
- (Optional) Whentrue
, the OAuth2 Client Credentials grant will be enabled for this client. Defaults tofalse
.valid_redirect_uris
- (Optional) A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple wildcards in the form of an asterisk can be used here. This attribute must be set if eitherstandard_flow_enabled
orimplicit_flow_enabled
is set totrue
.web_origins
- (Optional) A list of allowed CORS origins.+
can be used to permit all valid redirect URIs, and*
can be used to permit all origins.admin_url
- (Optional) URL to the admin interface of the client.base_url
- (Optional) Default URL to use when the auth server needs to redirect or link back to the client.pkce_code_challenge_method
- (Optional) The challenge method to use for Proof Key for Code Exchange. Can be eitherplain
orS256
or set to empty value ``.full_scope_allowed
- (Optional) - Allow to include all roles mappings in the access token.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
service_account_user_id
- When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account.
Import
Clients can be imported using the format {{realm_id}}/{{client_keycloak_id}}
, where client_keycloak_id
is the unique ID that Keycloak
assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID.
Example:
$ terraform import keycloak_openid_client.openid_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352
Create Client Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Client(name: string, args: ClientArgs, opts?: CustomResourceOptions);
@overload
def Client(resource_name: str,
args: ClientArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Client(resource_name: str,
opts: Optional[ResourceOptions] = None,
client_id: Optional[str] = None,
access_type: Optional[str] = None,
realm_id: Optional[str] = None,
exclude_session_state_from_auth_response: Optional[bool] = None,
authentication_flow_binding_overrides: Optional[ClientAuthenticationFlowBindingOverridesArgs] = None,
backchannel_logout_revoke_offline_sessions: Optional[bool] = None,
extra_config: Optional[Mapping[str, str]] = None,
backchannel_logout_url: Optional[str] = None,
frontchannel_logout_url: Optional[str] = None,
client_authenticator_type: Optional[str] = None,
frontchannel_logout_enabled: Optional[bool] = None,
client_offline_session_idle_timeout: Optional[str] = None,
client_offline_session_max_lifespan: Optional[str] = None,
client_secret: Optional[str] = None,
client_session_idle_timeout: Optional[str] = None,
client_session_max_lifespan: Optional[str] = None,
consent_required: Optional[bool] = None,
consent_screen_text: Optional[str] = None,
description: Optional[str] = None,
direct_access_grants_enabled: Optional[bool] = None,
display_on_consent_screen: Optional[bool] = None,
enabled: Optional[bool] = None,
access_token_lifespan: Optional[str] = None,
backchannel_logout_session_required: Optional[bool] = None,
authorization: Optional[ClientAuthorizationArgs] = None,
base_url: Optional[str] = None,
full_scope_allowed: Optional[bool] = None,
implicit_flow_enabled: Optional[bool] = None,
import_: Optional[bool] = None,
login_theme: Optional[str] = None,
name: Optional[str] = None,
oauth2_device_authorization_grant_enabled: Optional[bool] = None,
oauth2_device_code_lifespan: Optional[str] = None,
oauth2_device_polling_interval: Optional[str] = None,
pkce_code_challenge_method: Optional[str] = None,
admin_url: Optional[str] = None,
root_url: Optional[str] = None,
service_accounts_enabled: Optional[bool] = None,
standard_flow_enabled: Optional[bool] = None,
use_refresh_tokens: Optional[bool] = None,
use_refresh_tokens_client_credentials: Optional[bool] = None,
valid_post_logout_redirect_uris: Optional[Sequence[str]] = None,
valid_redirect_uris: Optional[Sequence[str]] = None,
web_origins: Optional[Sequence[str]] = None)
func NewClient(ctx *Context, name string, args ClientArgs, opts ...ResourceOption) (*Client, error)
public Client(string name, ClientArgs args, CustomResourceOptions? opts = null)
public Client(String name, ClientArgs args)
public Client(String name, ClientArgs args, CustomResourceOptions options)
type: keycloak:openid:Client
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ClientArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ClientArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ClientArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ClientArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ClientArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var clientResource = new Keycloak.OpenId.Client("clientResource", new()
{
ClientId = "string",
AccessType = "string",
RealmId = "string",
ExcludeSessionStateFromAuthResponse = false,
AuthenticationFlowBindingOverrides = new Keycloak.OpenId.Inputs.ClientAuthenticationFlowBindingOverridesArgs
{
BrowserId = "string",
DirectGrantId = "string",
},
BackchannelLogoutRevokeOfflineSessions = false,
ExtraConfig =
{
{ "string", "string" },
},
BackchannelLogoutUrl = "string",
FrontchannelLogoutUrl = "string",
ClientAuthenticatorType = "string",
FrontchannelLogoutEnabled = false,
ClientOfflineSessionIdleTimeout = "string",
ClientOfflineSessionMaxLifespan = "string",
ClientSecret = "string",
ClientSessionIdleTimeout = "string",
ClientSessionMaxLifespan = "string",
ConsentRequired = false,
ConsentScreenText = "string",
Description = "string",
DirectAccessGrantsEnabled = false,
DisplayOnConsentScreen = false,
Enabled = false,
AccessTokenLifespan = "string",
BackchannelLogoutSessionRequired = false,
Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs
{
PolicyEnforcementMode = "string",
AllowRemoteResourceManagement = false,
DecisionStrategy = "string",
KeepDefaults = false,
},
BaseUrl = "string",
FullScopeAllowed = false,
ImplicitFlowEnabled = false,
Import = false,
LoginTheme = "string",
Name = "string",
Oauth2DeviceAuthorizationGrantEnabled = false,
Oauth2DeviceCodeLifespan = "string",
Oauth2DevicePollingInterval = "string",
PkceCodeChallengeMethod = "string",
AdminUrl = "string",
RootUrl = "string",
ServiceAccountsEnabled = false,
StandardFlowEnabled = false,
UseRefreshTokens = false,
UseRefreshTokensClientCredentials = false,
ValidPostLogoutRedirectUris = new[]
{
"string",
},
ValidRedirectUris = new[]
{
"string",
},
WebOrigins = new[]
{
"string",
},
});
example, err := openid.NewClient(ctx, "clientResource", &openid.ClientArgs{
ClientId: pulumi.String("string"),
AccessType: pulumi.String("string"),
RealmId: pulumi.String("string"),
ExcludeSessionStateFromAuthResponse: pulumi.Bool(false),
AuthenticationFlowBindingOverrides: &openid.ClientAuthenticationFlowBindingOverridesArgs{
BrowserId: pulumi.String("string"),
DirectGrantId: pulumi.String("string"),
},
BackchannelLogoutRevokeOfflineSessions: pulumi.Bool(false),
ExtraConfig: pulumi.StringMap{
"string": pulumi.String("string"),
},
BackchannelLogoutUrl: pulumi.String("string"),
FrontchannelLogoutUrl: pulumi.String("string"),
ClientAuthenticatorType: pulumi.String("string"),
FrontchannelLogoutEnabled: pulumi.Bool(false),
ClientOfflineSessionIdleTimeout: pulumi.String("string"),
ClientOfflineSessionMaxLifespan: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
ClientSessionIdleTimeout: pulumi.String("string"),
ClientSessionMaxLifespan: pulumi.String("string"),
ConsentRequired: pulumi.Bool(false),
ConsentScreenText: pulumi.String("string"),
Description: pulumi.String("string"),
DirectAccessGrantsEnabled: pulumi.Bool(false),
DisplayOnConsentScreen: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
AccessTokenLifespan: pulumi.String("string"),
BackchannelLogoutSessionRequired: pulumi.Bool(false),
Authorization: &openid.ClientAuthorizationArgs{
PolicyEnforcementMode: pulumi.String("string"),
AllowRemoteResourceManagement: pulumi.Bool(false),
DecisionStrategy: pulumi.String("string"),
KeepDefaults: pulumi.Bool(false),
},
BaseUrl: pulumi.String("string"),
FullScopeAllowed: pulumi.Bool(false),
ImplicitFlowEnabled: pulumi.Bool(false),
Import: pulumi.Bool(false),
LoginTheme: pulumi.String("string"),
Name: pulumi.String("string"),
Oauth2DeviceAuthorizationGrantEnabled: pulumi.Bool(false),
Oauth2DeviceCodeLifespan: pulumi.String("string"),
Oauth2DevicePollingInterval: pulumi.String("string"),
PkceCodeChallengeMethod: pulumi.String("string"),
AdminUrl: pulumi.String("string"),
RootUrl: pulumi.String("string"),
ServiceAccountsEnabled: pulumi.Bool(false),
StandardFlowEnabled: pulumi.Bool(false),
UseRefreshTokens: pulumi.Bool(false),
UseRefreshTokensClientCredentials: pulumi.Bool(false),
ValidPostLogoutRedirectUris: pulumi.StringArray{
pulumi.String("string"),
},
ValidRedirectUris: pulumi.StringArray{
pulumi.String("string"),
},
WebOrigins: pulumi.StringArray{
pulumi.String("string"),
},
})
var clientResource = new Client("clientResource", ClientArgs.builder()
.clientId("string")
.accessType("string")
.realmId("string")
.excludeSessionStateFromAuthResponse(false)
.authenticationFlowBindingOverrides(ClientAuthenticationFlowBindingOverridesArgs.builder()
.browserId("string")
.directGrantId("string")
.build())
.backchannelLogoutRevokeOfflineSessions(false)
.extraConfig(Map.of("string", "string"))
.backchannelLogoutUrl("string")
.frontchannelLogoutUrl("string")
.clientAuthenticatorType("string")
.frontchannelLogoutEnabled(false)
.clientOfflineSessionIdleTimeout("string")
.clientOfflineSessionMaxLifespan("string")
.clientSecret("string")
.clientSessionIdleTimeout("string")
.clientSessionMaxLifespan("string")
.consentRequired(false)
.consentScreenText("string")
.description("string")
.directAccessGrantsEnabled(false)
.displayOnConsentScreen(false)
.enabled(false)
.accessTokenLifespan("string")
.backchannelLogoutSessionRequired(false)
.authorization(ClientAuthorizationArgs.builder()
.policyEnforcementMode("string")
.allowRemoteResourceManagement(false)
.decisionStrategy("string")
.keepDefaults(false)
.build())
.baseUrl("string")
.fullScopeAllowed(false)
.implicitFlowEnabled(false)
.import_(false)
.loginTheme("string")
.name("string")
.oauth2DeviceAuthorizationGrantEnabled(false)
.oauth2DeviceCodeLifespan("string")
.oauth2DevicePollingInterval("string")
.pkceCodeChallengeMethod("string")
.adminUrl("string")
.rootUrl("string")
.serviceAccountsEnabled(false)
.standardFlowEnabled(false)
.useRefreshTokens(false)
.useRefreshTokensClientCredentials(false)
.validPostLogoutRedirectUris("string")
.validRedirectUris("string")
.webOrigins("string")
.build());
client_resource = keycloak.openid.Client("clientResource",
client_id="string",
access_type="string",
realm_id="string",
exclude_session_state_from_auth_response=False,
authentication_flow_binding_overrides={
"browser_id": "string",
"direct_grant_id": "string",
},
backchannel_logout_revoke_offline_sessions=False,
extra_config={
"string": "string",
},
backchannel_logout_url="string",
frontchannel_logout_url="string",
client_authenticator_type="string",
frontchannel_logout_enabled=False,
client_offline_session_idle_timeout="string",
client_offline_session_max_lifespan="string",
client_secret="string",
client_session_idle_timeout="string",
client_session_max_lifespan="string",
consent_required=False,
consent_screen_text="string",
description="string",
direct_access_grants_enabled=False,
display_on_consent_screen=False,
enabled=False,
access_token_lifespan="string",
backchannel_logout_session_required=False,
authorization={
"policy_enforcement_mode": "string",
"allow_remote_resource_management": False,
"decision_strategy": "string",
"keep_defaults": False,
},
base_url="string",
full_scope_allowed=False,
implicit_flow_enabled=False,
import_=False,
login_theme="string",
name="string",
oauth2_device_authorization_grant_enabled=False,
oauth2_device_code_lifespan="string",
oauth2_device_polling_interval="string",
pkce_code_challenge_method="string",
admin_url="string",
root_url="string",
service_accounts_enabled=False,
standard_flow_enabled=False,
use_refresh_tokens=False,
use_refresh_tokens_client_credentials=False,
valid_post_logout_redirect_uris=["string"],
valid_redirect_uris=["string"],
web_origins=["string"])
const clientResource = new keycloak.openid.Client("clientResource", {
clientId: "string",
accessType: "string",
realmId: "string",
excludeSessionStateFromAuthResponse: false,
authenticationFlowBindingOverrides: {
browserId: "string",
directGrantId: "string",
},
backchannelLogoutRevokeOfflineSessions: false,
extraConfig: {
string: "string",
},
backchannelLogoutUrl: "string",
frontchannelLogoutUrl: "string",
clientAuthenticatorType: "string",
frontchannelLogoutEnabled: false,
clientOfflineSessionIdleTimeout: "string",
clientOfflineSessionMaxLifespan: "string",
clientSecret: "string",
clientSessionIdleTimeout: "string",
clientSessionMaxLifespan: "string",
consentRequired: false,
consentScreenText: "string",
description: "string",
directAccessGrantsEnabled: false,
displayOnConsentScreen: false,
enabled: false,
accessTokenLifespan: "string",
backchannelLogoutSessionRequired: false,
authorization: {
policyEnforcementMode: "string",
allowRemoteResourceManagement: false,
decisionStrategy: "string",
keepDefaults: false,
},
baseUrl: "string",
fullScopeAllowed: false,
implicitFlowEnabled: false,
"import": false,
loginTheme: "string",
name: "string",
oauth2DeviceAuthorizationGrantEnabled: false,
oauth2DeviceCodeLifespan: "string",
oauth2DevicePollingInterval: "string",
pkceCodeChallengeMethod: "string",
adminUrl: "string",
rootUrl: "string",
serviceAccountsEnabled: false,
standardFlowEnabled: false,
useRefreshTokens: false,
useRefreshTokensClientCredentials: false,
validPostLogoutRedirectUris: ["string"],
validRedirectUris: ["string"],
webOrigins: ["string"],
});
type: keycloak:openid:Client
properties:
accessTokenLifespan: string
accessType: string
adminUrl: string
authenticationFlowBindingOverrides:
browserId: string
directGrantId: string
authorization:
allowRemoteResourceManagement: false
decisionStrategy: string
keepDefaults: false
policyEnforcementMode: string
backchannelLogoutRevokeOfflineSessions: false
backchannelLogoutSessionRequired: false
backchannelLogoutUrl: string
baseUrl: string
clientAuthenticatorType: string
clientId: string
clientOfflineSessionIdleTimeout: string
clientOfflineSessionMaxLifespan: string
clientSecret: string
clientSessionIdleTimeout: string
clientSessionMaxLifespan: string
consentRequired: false
consentScreenText: string
description: string
directAccessGrantsEnabled: false
displayOnConsentScreen: false
enabled: false
excludeSessionStateFromAuthResponse: false
extraConfig:
string: string
frontchannelLogoutEnabled: false
frontchannelLogoutUrl: string
fullScopeAllowed: false
implicitFlowEnabled: false
import: false
loginTheme: string
name: string
oauth2DeviceAuthorizationGrantEnabled: false
oauth2DeviceCodeLifespan: string
oauth2DevicePollingInterval: string
pkceCodeChallengeMethod: string
realmId: string
rootUrl: string
serviceAccountsEnabled: false
standardFlowEnabled: false
useRefreshTokens: false
useRefreshTokensClientCredentials: false
validPostLogoutRedirectUris:
- string
validRedirectUris:
- string
webOrigins:
- string
Client Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Client resource accepts the following input properties:
- Access
Type string - Client
Id string - Realm
Id string - Access
Token stringLifespan - Admin
Url string - Authentication
Flow ClientBinding Overrides Authentication Flow Binding Overrides - Client
Authorization - Backchannel
Logout boolRevoke Offline Sessions - Backchannel
Logout boolSession Required - Backchannel
Logout stringUrl - Base
Url string - Client
Authenticator stringType - Client
Offline stringSession Idle Timeout - Client
Offline stringSession Max Lifespan - Client
Secret string - Client
Session stringIdle Timeout - Client
Session stringMax Lifespan - Consent
Required bool - Consent
Screen stringText - Description string
- Direct
Access boolGrants Enabled - Display
On boolConsent Screen - Enabled bool
- Exclude
Session boolState From Auth Response - Extra
Config Dictionary<string, string> - Frontchannel
Logout boolEnabled - Frontchannel
Logout stringUrl - Full
Scope boolAllowed - Implicit
Flow boolEnabled - Import bool
- Login
Theme string - Name string
- bool
- Oauth2Device
Code stringLifespan - Oauth2Device
Polling stringInterval - Pkce
Code stringChallenge Method - Root
Url string - Service
Accounts boolEnabled - Standard
Flow boolEnabled - Use
Refresh boolTokens - Use
Refresh boolTokens Client Credentials - Valid
Post List<string>Logout Redirect Uris - Valid
Redirect List<string>Uris - Web
Origins List<string>
- Access
Type string - Client
Id string - Realm
Id string - Access
Token stringLifespan - Admin
Url string - Authentication
Flow ClientBinding Overrides Authentication Flow Binding Overrides Args - Client
Authorization Args - Backchannel
Logout boolRevoke Offline Sessions - Backchannel
Logout boolSession Required - Backchannel
Logout stringUrl - Base
Url string - Client
Authenticator stringType - Client
Offline stringSession Idle Timeout - Client
Offline stringSession Max Lifespan - Client
Secret string - Client
Session stringIdle Timeout - Client
Session stringMax Lifespan - Consent
Required bool - Consent
Screen stringText - Description string
- Direct
Access boolGrants Enabled - Display
On boolConsent Screen - Enabled bool
- Exclude
Session boolState From Auth Response - Extra
Config map[string]string - Frontchannel
Logout boolEnabled - Frontchannel
Logout stringUrl - Full
Scope boolAllowed - Implicit
Flow boolEnabled - Import bool
- Login
Theme string - Name string
- bool
- Oauth2Device
Code stringLifespan - Oauth2Device
Polling stringInterval - Pkce
Code stringChallenge Method - Root
Url string - Service
Accounts boolEnabled - Standard
Flow boolEnabled - Use
Refresh boolTokens - Use
Refresh boolTokens Client Credentials - Valid
Post []stringLogout Redirect Uris - Valid
Redirect []stringUris - Web
Origins []string
- access
Type String - client
Id String - realm
Id String - access
Token StringLifespan - admin
Url String - authentication
Flow ClientBinding Overrides Authentication Flow Binding Overrides - Client
Authorization - backchannel
Logout BooleanRevoke Offline Sessions - backchannel
Logout BooleanSession Required - backchannel
Logout StringUrl - base
Url String - client
Authenticator StringType - client
Offline StringSession Idle Timeout - client
Offline StringSession Max Lifespan - client
Secret String - client
Session StringIdle Timeout - client
Session StringMax Lifespan - consent
Required Boolean - consent
Screen StringText - description String
- direct
Access BooleanGrants Enabled - display
On BooleanConsent Screen - enabled Boolean
- exclude
Session BooleanState From Auth Response - extra
Config Map<String,String> - frontchannel
Logout BooleanEnabled - frontchannel
Logout StringUrl - full
Scope BooleanAllowed - implicit
Flow BooleanEnabled - import_ Boolean
- login
Theme String - name String
- Boolean
- oauth2Device
Code StringLifespan - oauth2Device
Polling StringInterval - pkce
Code StringChallenge Method - root
Url String - service
Accounts BooleanEnabled - standard
Flow BooleanEnabled - use
Refresh BooleanTokens - use
Refresh BooleanTokens Client Credentials - valid
Post List<String>Logout Redirect Uris - valid
Redirect List<String>Uris - web
Origins List<String>
- access
Type string - client
Id string - realm
Id string - access
Token stringLifespan - admin
Url string - authentication
Flow ClientBinding Overrides Authentication Flow Binding Overrides - Client
Authorization - backchannel
Logout booleanRevoke Offline Sessions - backchannel
Logout booleanSession Required - backchannel
Logout stringUrl - base
Url string - client
Authenticator stringType - client
Offline stringSession Idle Timeout - client
Offline stringSession Max Lifespan - client
Secret string - client
Session stringIdle Timeout - client
Session stringMax Lifespan - consent
Required boolean - consent
Screen stringText - description string
- direct
Access booleanGrants Enabled - display
On booleanConsent Screen - enabled boolean
- exclude
Session booleanState From Auth Response - extra
Config {[key: string]: string} - frontchannel
Logout booleanEnabled - frontchannel
Logout stringUrl - full
Scope booleanAllowed - implicit
Flow booleanEnabled - import boolean
- login
Theme string - name string
- boolean
- oauth2Device
Code stringLifespan - oauth2Device
Polling stringInterval - pkce
Code stringChallenge Method - root
Url string - service
Accounts booleanEnabled - standard
Flow booleanEnabled - use
Refresh booleanTokens - use
Refresh booleanTokens Client Credentials - valid
Post string[]Logout Redirect Uris - valid
Redirect string[]Uris - web
Origins string[]
- access_
type str - client_
id str - realm_
id str - access_
token_ strlifespan - admin_
url str - authentication_
flow_ Clientbinding_ overrides Authentication Flow Binding Overrides Args - Client
Authorization Args - backchannel_
logout_ boolrevoke_ offline_ sessions - backchannel_
logout_ boolsession_ required - backchannel_
logout_ strurl - base_
url str - client_
authenticator_ strtype - client_
offline_ strsession_ idle_ timeout - client_
offline_ strsession_ max_ lifespan - client_
secret str - client_
session_ stridle_ timeout - client_
session_ strmax_ lifespan - consent_
required bool - consent_
screen_ strtext - description str
- direct_
access_ boolgrants_ enabled - display_
on_ boolconsent_ screen - enabled bool
- exclude_
session_ boolstate_ from_ auth_ response - extra_
config Mapping[str, str] - frontchannel_
logout_ boolenabled - frontchannel_
logout_ strurl - full_
scope_ boolallowed - implicit_
flow_ boolenabled - import_ bool
- login_
theme str - name str
- bool
- oauth2_
device_ strcode_ lifespan - oauth2_
device_ strpolling_ interval - pkce_
code_ strchallenge_ method - root_
url str - service_
accounts_ boolenabled - standard_
flow_ boolenabled - use_
refresh_ booltokens - use_
refresh_ booltokens_ client_ credentials - valid_
post_ Sequence[str]logout_ redirect_ uris - valid_
redirect_ Sequence[str]uris - web_
origins Sequence[str]
- access
Type String - client
Id String - realm
Id String - access
Token StringLifespan - admin
Url String - authentication
Flow Property MapBinding Overrides - Property Map
- backchannel
Logout BooleanRevoke Offline Sessions - backchannel
Logout BooleanSession Required - backchannel
Logout StringUrl - base
Url String - client
Authenticator StringType - client
Offline StringSession Idle Timeout - client
Offline StringSession Max Lifespan - client
Secret String - client
Session StringIdle Timeout - client
Session StringMax Lifespan - consent
Required Boolean - consent
Screen StringText - description String
- direct
Access BooleanGrants Enabled - display
On BooleanConsent Screen - enabled Boolean
- exclude
Session BooleanState From Auth Response - extra
Config Map<String> - frontchannel
Logout BooleanEnabled - frontchannel
Logout StringUrl - full
Scope BooleanAllowed - implicit
Flow BooleanEnabled - import Boolean
- login
Theme String - name String
- Boolean
- oauth2Device
Code StringLifespan - oauth2Device
Polling StringInterval - pkce
Code StringChallenge Method - root
Url String - service
Accounts BooleanEnabled - standard
Flow BooleanEnabled - use
Refresh BooleanTokens - use
Refresh BooleanTokens Client Credentials - valid
Post List<String>Logout Redirect Uris - valid
Redirect List<String>Uris - web
Origins List<String>
Outputs
All input properties are implicitly available as output properties. Additionally, the Client resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Resource
Server stringId - Service
Account stringUser Id
- Id string
- The provider-assigned unique ID for this managed resource.
- Resource
Server stringId - Service
Account stringUser Id
- id String
- The provider-assigned unique ID for this managed resource.
- resource
Server StringId - service
Account StringUser Id
- id string
- The provider-assigned unique ID for this managed resource.
- resource
Server stringId - service
Account stringUser Id
- id str
- The provider-assigned unique ID for this managed resource.
- resource_
server_ strid - service_
account_ struser_ id
- id String
- The provider-assigned unique ID for this managed resource.
- resource
Server StringId - service
Account StringUser Id
Look up Existing Client Resource
Get an existing Client resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ClientState, opts?: CustomResourceOptions): Client
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_token_lifespan: Optional[str] = None,
access_type: Optional[str] = None,
admin_url: Optional[str] = None,
authentication_flow_binding_overrides: Optional[ClientAuthenticationFlowBindingOverridesArgs] = None,
authorization: Optional[ClientAuthorizationArgs] = None,
backchannel_logout_revoke_offline_sessions: Optional[bool] = None,
backchannel_logout_session_required: Optional[bool] = None,
backchannel_logout_url: Optional[str] = None,
base_url: Optional[str] = None,
client_authenticator_type: Optional[str] = None,
client_id: Optional[str] = None,
client_offline_session_idle_timeout: Optional[str] = None,
client_offline_session_max_lifespan: Optional[str] = None,
client_secret: Optional[str] = None,
client_session_idle_timeout: Optional[str] = None,
client_session_max_lifespan: Optional[str] = None,
consent_required: Optional[bool] = None,
consent_screen_text: Optional[str] = None,
description: Optional[str] = None,
direct_access_grants_enabled: Optional[bool] = None,
display_on_consent_screen: Optional[bool] = None,
enabled: Optional[bool] = None,
exclude_session_state_from_auth_response: Optional[bool] = None,
extra_config: Optional[Mapping[str, str]] = None,
frontchannel_logout_enabled: Optional[bool] = None,
frontchannel_logout_url: Optional[str] = None,
full_scope_allowed: Optional[bool] = None,
implicit_flow_enabled: Optional[bool] = None,
import_: Optional[bool] = None,
login_theme: Optional[str] = None,
name: Optional[str] = None,
oauth2_device_authorization_grant_enabled: Optional[bool] = None,
oauth2_device_code_lifespan: Optional[str] = None,
oauth2_device_polling_interval: Optional[str] = None,
pkce_code_challenge_method: Optional[str] = None,
realm_id: Optional[str] = None,
resource_server_id: Optional[str] = None,
root_url: Optional[str] = None,
service_account_user_id: Optional[str] = None,
service_accounts_enabled: Optional[bool] = None,
standard_flow_enabled: Optional[bool] = None,
use_refresh_tokens: Optional[bool] = None,
use_refresh_tokens_client_credentials: Optional[bool] = None,
valid_post_logout_redirect_uris: Optional[Sequence[str]] = None,
valid_redirect_uris: Optional[Sequence[str]] = None,
web_origins: Optional[Sequence[str]] = None) -> Client
func GetClient(ctx *Context, name string, id IDInput, state *ClientState, opts ...ResourceOption) (*Client, error)
public static Client Get(string name, Input<string> id, ClientState? state, CustomResourceOptions? opts = null)
public static Client get(String name, Output<String> id, ClientState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Token stringLifespan - Access
Type string - Admin
Url string - Authentication
Flow ClientBinding Overrides Authentication Flow Binding Overrides - Client
Authorization - Backchannel
Logout boolRevoke Offline Sessions - Backchannel
Logout boolSession Required - Backchannel
Logout stringUrl - Base
Url string - Client
Authenticator stringType - Client
Id string - Client
Offline stringSession Idle Timeout - Client
Offline stringSession Max Lifespan - Client
Secret string - Client
Session stringIdle Timeout - Client
Session stringMax Lifespan - Consent
Required bool - Consent
Screen stringText - Description string
- Direct
Access boolGrants Enabled - Display
On boolConsent Screen - Enabled bool
- Exclude
Session boolState From Auth Response - Extra
Config Dictionary<string, string> - Frontchannel
Logout boolEnabled - Frontchannel
Logout stringUrl - Full
Scope boolAllowed - Implicit
Flow boolEnabled - Import bool
- Login
Theme string - Name string
- bool
- Oauth2Device
Code stringLifespan - Oauth2Device
Polling stringInterval - Pkce
Code stringChallenge Method - Realm
Id string - Resource
Server stringId - Root
Url string - Service
Account stringUser Id - Service
Accounts boolEnabled - Standard
Flow boolEnabled - Use
Refresh boolTokens - Use
Refresh boolTokens Client Credentials - Valid
Post List<string>Logout Redirect Uris - Valid
Redirect List<string>Uris - Web
Origins List<string>
- Access
Token stringLifespan - Access
Type string - Admin
Url string - Authentication
Flow ClientBinding Overrides Authentication Flow Binding Overrides Args - Client
Authorization Args - Backchannel
Logout boolRevoke Offline Sessions - Backchannel
Logout boolSession Required - Backchannel
Logout stringUrl - Base
Url string - Client
Authenticator stringType - Client
Id string - Client
Offline stringSession Idle Timeout - Client
Offline stringSession Max Lifespan - Client
Secret string - Client
Session stringIdle Timeout - Client
Session stringMax Lifespan - Consent
Required bool - Consent
Screen stringText - Description string
- Direct
Access boolGrants Enabled - Display
On boolConsent Screen - Enabled bool
- Exclude
Session boolState From Auth Response - Extra
Config map[string]string - Frontchannel
Logout boolEnabled - Frontchannel
Logout stringUrl - Full
Scope boolAllowed - Implicit
Flow boolEnabled - Import bool
- Login
Theme string - Name string
- bool
- Oauth2Device
Code stringLifespan - Oauth2Device
Polling stringInterval - Pkce
Code stringChallenge Method - Realm
Id string - Resource
Server stringId - Root
Url string - Service
Account stringUser Id - Service
Accounts boolEnabled - Standard
Flow boolEnabled - Use
Refresh boolTokens - Use
Refresh boolTokens Client Credentials - Valid
Post []stringLogout Redirect Uris - Valid
Redirect []stringUris - Web
Origins []string
- access
Token StringLifespan - access
Type String - admin
Url String - authentication
Flow ClientBinding Overrides Authentication Flow Binding Overrides - Client
Authorization - backchannel
Logout BooleanRevoke Offline Sessions - backchannel
Logout BooleanSession Required - backchannel
Logout StringUrl - base
Url String - client
Authenticator StringType - client
Id String - client
Offline StringSession Idle Timeout - client
Offline StringSession Max Lifespan - client
Secret String - client
Session StringIdle Timeout - client
Session StringMax Lifespan - consent
Required Boolean - consent
Screen StringText - description String
- direct
Access BooleanGrants Enabled - display
On BooleanConsent Screen - enabled Boolean
- exclude
Session BooleanState From Auth Response - extra
Config Map<String,String> - frontchannel
Logout BooleanEnabled - frontchannel
Logout StringUrl - full
Scope BooleanAllowed - implicit
Flow BooleanEnabled - import_ Boolean
- login
Theme String - name String
- Boolean
- oauth2Device
Code StringLifespan - oauth2Device
Polling StringInterval - pkce
Code StringChallenge Method - realm
Id String - resource
Server StringId - root
Url String - service
Account StringUser Id - service
Accounts BooleanEnabled - standard
Flow BooleanEnabled - use
Refresh BooleanTokens - use
Refresh BooleanTokens Client Credentials - valid
Post List<String>Logout Redirect Uris - valid
Redirect List<String>Uris - web
Origins List<String>
- access
Token stringLifespan - access
Type string - admin
Url string - authentication
Flow ClientBinding Overrides Authentication Flow Binding Overrides - Client
Authorization - backchannel
Logout booleanRevoke Offline Sessions - backchannel
Logout booleanSession Required - backchannel
Logout stringUrl - base
Url string - client
Authenticator stringType - client
Id string - client
Offline stringSession Idle Timeout - client
Offline stringSession Max Lifespan - client
Secret string - client
Session stringIdle Timeout - client
Session stringMax Lifespan - consent
Required boolean - consent
Screen stringText - description string
- direct
Access booleanGrants Enabled - display
On booleanConsent Screen - enabled boolean
- exclude
Session booleanState From Auth Response - extra
Config {[key: string]: string} - frontchannel
Logout booleanEnabled - frontchannel
Logout stringUrl - full
Scope booleanAllowed - implicit
Flow booleanEnabled - import boolean
- login
Theme string - name string
- boolean
- oauth2Device
Code stringLifespan - oauth2Device
Polling stringInterval - pkce
Code stringChallenge Method - realm
Id string - resource
Server stringId - root
Url string - service
Account stringUser Id - service
Accounts booleanEnabled - standard
Flow booleanEnabled - use
Refresh booleanTokens - use
Refresh booleanTokens Client Credentials - valid
Post string[]Logout Redirect Uris - valid
Redirect string[]Uris - web
Origins string[]
- access_
token_ strlifespan - access_
type str - admin_
url str - authentication_
flow_ Clientbinding_ overrides Authentication Flow Binding Overrides Args - Client
Authorization Args - backchannel_
logout_ boolrevoke_ offline_ sessions - backchannel_
logout_ boolsession_ required - backchannel_
logout_ strurl - base_
url str - client_
authenticator_ strtype - client_
id str - client_
offline_ strsession_ idle_ timeout - client_
offline_ strsession_ max_ lifespan - client_
secret str - client_
session_ stridle_ timeout - client_
session_ strmax_ lifespan - consent_
required bool - consent_
screen_ strtext - description str
- direct_
access_ boolgrants_ enabled - display_
on_ boolconsent_ screen - enabled bool
- exclude_
session_ boolstate_ from_ auth_ response - extra_
config Mapping[str, str] - frontchannel_
logout_ boolenabled - frontchannel_
logout_ strurl - full_
scope_ boolallowed - implicit_
flow_ boolenabled - import_ bool
- login_
theme str - name str
- bool
- oauth2_
device_ strcode_ lifespan - oauth2_
device_ strpolling_ interval - pkce_
code_ strchallenge_ method - realm_
id str - resource_
server_ strid - root_
url str - service_
account_ struser_ id - service_
accounts_ boolenabled - standard_
flow_ boolenabled - use_
refresh_ booltokens - use_
refresh_ booltokens_ client_ credentials - valid_
post_ Sequence[str]logout_ redirect_ uris - valid_
redirect_ Sequence[str]uris - web_
origins Sequence[str]
- access
Token StringLifespan - access
Type String - admin
Url String - authentication
Flow Property MapBinding Overrides - Property Map
- backchannel
Logout BooleanRevoke Offline Sessions - backchannel
Logout BooleanSession Required - backchannel
Logout StringUrl - base
Url String - client
Authenticator StringType - client
Id String - client
Offline StringSession Idle Timeout - client
Offline StringSession Max Lifespan - client
Secret String - client
Session StringIdle Timeout - client
Session StringMax Lifespan - consent
Required Boolean - consent
Screen StringText - description String
- direct
Access BooleanGrants Enabled - display
On BooleanConsent Screen - enabled Boolean
- exclude
Session BooleanState From Auth Response - extra
Config Map<String> - frontchannel
Logout BooleanEnabled - frontchannel
Logout StringUrl - full
Scope BooleanAllowed - implicit
Flow BooleanEnabled - import Boolean
- login
Theme String - name String
- Boolean
- oauth2Device
Code StringLifespan - oauth2Device
Polling StringInterval - pkce
Code StringChallenge Method - realm
Id String - resource
Server StringId - root
Url String - service
Account StringUser Id - service
Accounts BooleanEnabled - standard
Flow BooleanEnabled - use
Refresh BooleanTokens - use
Refresh BooleanTokens Client Credentials - valid
Post List<String>Logout Redirect Uris - valid
Redirect List<String>Uris - web
Origins List<String>
Supporting Types
ClientAuthenticationFlowBindingOverrides, ClientAuthenticationFlowBindingOverridesArgs
- Browser
Id string - Direct
Grant stringId
- Browser
Id string - Direct
Grant stringId
- browser
Id String - direct
Grant StringId
- browser
Id string - direct
Grant stringId
- browser_
id str - direct_
grant_ strid
- browser
Id String - direct
Grant StringId
ClientAuthorization, ClientAuthorizationArgs
- Policy
Enforcement stringMode - Allow
Remote boolResource Management - Decision
Strategy string - Keep
Defaults bool
- Policy
Enforcement stringMode - Allow
Remote boolResource Management - Decision
Strategy string - Keep
Defaults bool
- policy
Enforcement StringMode - allow
Remote BooleanResource Management - decision
Strategy String - keep
Defaults Boolean
- policy
Enforcement stringMode - allow
Remote booleanResource Management - decision
Strategy string - keep
Defaults boolean
- policy
Enforcement StringMode - allow
Remote BooleanResource Management - decision
Strategy String - keep
Defaults Boolean
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloak
Terraform Provider.