1. Packages
  2. Okta Provider
  3. API Docs
  4. app
  5. OAuth
Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi

okta.app.OAuth

Explore with Pulumi AI

okta logo
Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi

    This resource allows you to create and configure an OIDC Application.

    During an apply if there is change in status the app will first be activated or deactivated in accordance with the status change. Then, all other arguments that changed will be applied.

    okta.app.OAuthRedirectUri has been marked deprecated and will be removed in the v5 release of the provider. Operators should manage the redirect URIs for an oauth app directly on that resource.

    Private Keys

    The private key format that an Okta OAuth app expects is PKCS#8 (unencrypted). The operator either uploads their own private key or Okta can generate one in the Admin UI Panel under the apps Client Credentials. PKCS#8 format can be identified by a header that starts with -----BEGIN PRIVATE KEY-----. If the operator has a PKCS#1 (unencrypted) format private key (the header starts with -----BEGIN RSA PRIVATE KEY-----) they can generate a PKCS#8 format key with openssl:

     openssl rsa -in pkcs1.pem -out pkcs8-example.pem
    

    Create OAuth Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new OAuth(name: string, args: OAuthArgs, opts?: CustomResourceOptions);
    @overload
    def OAuth(resource_name: str,
              args: OAuthArgs,
              opts: Optional[ResourceOptions] = None)
    
    @overload
    def OAuth(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              label: Optional[str] = None,
              type: Optional[str] = None,
              client_uri: Optional[str] = None,
              app_settings_json: Optional[str] = None,
              app_links_json: Optional[str] = None,
              login_mode: Optional[str] = None,
              authentication_policy: Optional[str] = None,
              auto_key_rotation: Optional[bool] = None,
              auto_submit_toolbar: Optional[bool] = None,
              client_basic_secret: Optional[str] = None,
              client_id: Optional[str] = None,
              accessibility_error_redirect_url: Optional[str] = None,
              accessibility_self_service: Optional[bool] = None,
              enduser_note: Optional[str] = None,
              login_scopes: Optional[Sequence[str]] = None,
              groups_claim: Optional[OAuthGroupsClaimArgs] = None,
              hide_ios: Optional[bool] = None,
              hide_web: Optional[bool] = None,
              implicit_assignment: Optional[bool] = None,
              issuer_mode: Optional[str] = None,
              jwks: Optional[Sequence[OAuthJwkArgs]] = None,
              jwks_uri: Optional[str] = None,
              consent_method: Optional[str] = None,
              admin_note: Optional[str] = None,
              grant_types: Optional[Sequence[str]] = None,
              login_uri: Optional[str] = None,
              logo: Optional[str] = None,
              logo_uri: Optional[str] = None,
              omit_secret: Optional[bool] = None,
              pkce_required: Optional[bool] = None,
              policy_uri: Optional[str] = None,
              post_logout_redirect_uris: Optional[Sequence[str]] = None,
              profile: Optional[str] = None,
              redirect_uris: Optional[Sequence[str]] = None,
              refresh_token_leeway: Optional[int] = None,
              refresh_token_rotation: Optional[str] = None,
              response_types: Optional[Sequence[str]] = None,
              status: Optional[str] = None,
              token_endpoint_auth_method: Optional[str] = None,
              tos_uri: Optional[str] = None,
              accessibility_login_redirect_url: Optional[str] = None,
              user_name_template: Optional[str] = None,
              user_name_template_push_status: Optional[str] = None,
              user_name_template_suffix: Optional[str] = None,
              user_name_template_type: Optional[str] = None,
              wildcard_redirect: Optional[str] = None)
    func NewOAuth(ctx *Context, name string, args OAuthArgs, opts ...ResourceOption) (*OAuth, error)
    public OAuth(string name, OAuthArgs args, CustomResourceOptions? opts = null)
    public OAuth(String name, OAuthArgs args)
    public OAuth(String name, OAuthArgs args, CustomResourceOptions options)
    
    type: okta:app:OAuth
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args OAuthArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args OAuthArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args OAuthArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args OAuthArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args OAuthArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var oauthResource = new Okta.App.OAuth("oauthResource", new()
    {
        Label = "string",
        Type = "string",
        ClientUri = "string",
        AppSettingsJson = "string",
        AppLinksJson = "string",
        LoginMode = "string",
        AuthenticationPolicy = "string",
        AutoKeyRotation = false,
        AutoSubmitToolbar = false,
        ClientBasicSecret = "string",
        ClientId = "string",
        AccessibilityErrorRedirectUrl = "string",
        AccessibilitySelfService = false,
        EnduserNote = "string",
        LoginScopes = new[]
        {
            "string",
        },
        GroupsClaim = new Okta.App.Inputs.OAuthGroupsClaimArgs
        {
            Name = "string",
            Type = "string",
            Value = "string",
            FilterType = "string",
            IssuerMode = "string",
        },
        HideIos = false,
        HideWeb = false,
        ImplicitAssignment = false,
        IssuerMode = "string",
        Jwks = new[]
        {
            new Okta.App.Inputs.OAuthJwkArgs
            {
                Kid = "string",
                Kty = "string",
                E = "string",
                N = "string",
                X = "string",
                Y = "string",
            },
        },
        JwksUri = "string",
        ConsentMethod = "string",
        AdminNote = "string",
        GrantTypes = new[]
        {
            "string",
        },
        LoginUri = "string",
        Logo = "string",
        LogoUri = "string",
        OmitSecret = false,
        PkceRequired = false,
        PolicyUri = "string",
        PostLogoutRedirectUris = new[]
        {
            "string",
        },
        Profile = "string",
        RedirectUris = new[]
        {
            "string",
        },
        RefreshTokenLeeway = 0,
        RefreshTokenRotation = "string",
        ResponseTypes = new[]
        {
            "string",
        },
        Status = "string",
        TokenEndpointAuthMethod = "string",
        TosUri = "string",
        AccessibilityLoginRedirectUrl = "string",
        UserNameTemplate = "string",
        UserNameTemplatePushStatus = "string",
        UserNameTemplateSuffix = "string",
        UserNameTemplateType = "string",
        WildcardRedirect = "string",
    });
    
    example, err := app.NewOAuth(ctx, "oauthResource", &app.OAuthArgs{
    	Label:                         pulumi.String("string"),
    	Type:                          pulumi.String("string"),
    	ClientUri:                     pulumi.String("string"),
    	AppSettingsJson:               pulumi.String("string"),
    	AppLinksJson:                  pulumi.String("string"),
    	LoginMode:                     pulumi.String("string"),
    	AuthenticationPolicy:          pulumi.String("string"),
    	AutoKeyRotation:               pulumi.Bool(false),
    	AutoSubmitToolbar:             pulumi.Bool(false),
    	ClientBasicSecret:             pulumi.String("string"),
    	ClientId:                      pulumi.String("string"),
    	AccessibilityErrorRedirectUrl: pulumi.String("string"),
    	AccessibilitySelfService:      pulumi.Bool(false),
    	EnduserNote:                   pulumi.String("string"),
    	LoginScopes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	GroupsClaim: &app.OAuthGroupsClaimArgs{
    		Name:       pulumi.String("string"),
    		Type:       pulumi.String("string"),
    		Value:      pulumi.String("string"),
    		FilterType: pulumi.String("string"),
    		IssuerMode: pulumi.String("string"),
    	},
    	HideIos:            pulumi.Bool(false),
    	HideWeb:            pulumi.Bool(false),
    	ImplicitAssignment: pulumi.Bool(false),
    	IssuerMode:         pulumi.String("string"),
    	Jwks: app.OAuthJwkArray{
    		&app.OAuthJwkArgs{
    			Kid: pulumi.String("string"),
    			Kty: pulumi.String("string"),
    			E:   pulumi.String("string"),
    			N:   pulumi.String("string"),
    			X:   pulumi.String("string"),
    			Y:   pulumi.String("string"),
    		},
    	},
    	JwksUri:       pulumi.String("string"),
    	ConsentMethod: pulumi.String("string"),
    	AdminNote:     pulumi.String("string"),
    	GrantTypes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	LoginUri:     pulumi.String("string"),
    	Logo:         pulumi.String("string"),
    	LogoUri:      pulumi.String("string"),
    	OmitSecret:   pulumi.Bool(false),
    	PkceRequired: pulumi.Bool(false),
    	PolicyUri:    pulumi.String("string"),
    	PostLogoutRedirectUris: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Profile: pulumi.String("string"),
    	RedirectUris: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	RefreshTokenLeeway:   pulumi.Int(0),
    	RefreshTokenRotation: pulumi.String("string"),
    	ResponseTypes: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Status:                        pulumi.String("string"),
    	TokenEndpointAuthMethod:       pulumi.String("string"),
    	TosUri:                        pulumi.String("string"),
    	AccessibilityLoginRedirectUrl: pulumi.String("string"),
    	UserNameTemplate:              pulumi.String("string"),
    	UserNameTemplatePushStatus:    pulumi.String("string"),
    	UserNameTemplateSuffix:        pulumi.String("string"),
    	UserNameTemplateType:          pulumi.String("string"),
    	WildcardRedirect:              pulumi.String("string"),
    })
    
    var oauthResource = new OAuth("oauthResource", OAuthArgs.builder()
        .label("string")
        .type("string")
        .clientUri("string")
        .appSettingsJson("string")
        .appLinksJson("string")
        .loginMode("string")
        .authenticationPolicy("string")
        .autoKeyRotation(false)
        .autoSubmitToolbar(false)
        .clientBasicSecret("string")
        .clientId("string")
        .accessibilityErrorRedirectUrl("string")
        .accessibilitySelfService(false)
        .enduserNote("string")
        .loginScopes("string")
        .groupsClaim(OAuthGroupsClaimArgs.builder()
            .name("string")
            .type("string")
            .value("string")
            .filterType("string")
            .issuerMode("string")
            .build())
        .hideIos(false)
        .hideWeb(false)
        .implicitAssignment(false)
        .issuerMode("string")
        .jwks(OAuthJwkArgs.builder()
            .kid("string")
            .kty("string")
            .e("string")
            .n("string")
            .x("string")
            .y("string")
            .build())
        .jwksUri("string")
        .consentMethod("string")
        .adminNote("string")
        .grantTypes("string")
        .loginUri("string")
        .logo("string")
        .logoUri("string")
        .omitSecret(false)
        .pkceRequired(false)
        .policyUri("string")
        .postLogoutRedirectUris("string")
        .profile("string")
        .redirectUris("string")
        .refreshTokenLeeway(0)
        .refreshTokenRotation("string")
        .responseTypes("string")
        .status("string")
        .tokenEndpointAuthMethod("string")
        .tosUri("string")
        .accessibilityLoginRedirectUrl("string")
        .userNameTemplate("string")
        .userNameTemplatePushStatus("string")
        .userNameTemplateSuffix("string")
        .userNameTemplateType("string")
        .wildcardRedirect("string")
        .build());
    
    oauth_resource = okta.app.OAuth("oauthResource",
        label="string",
        type="string",
        client_uri="string",
        app_settings_json="string",
        app_links_json="string",
        login_mode="string",
        authentication_policy="string",
        auto_key_rotation=False,
        auto_submit_toolbar=False,
        client_basic_secret="string",
        client_id="string",
        accessibility_error_redirect_url="string",
        accessibility_self_service=False,
        enduser_note="string",
        login_scopes=["string"],
        groups_claim={
            "name": "string",
            "type": "string",
            "value": "string",
            "filter_type": "string",
            "issuer_mode": "string",
        },
        hide_ios=False,
        hide_web=False,
        implicit_assignment=False,
        issuer_mode="string",
        jwks=[{
            "kid": "string",
            "kty": "string",
            "e": "string",
            "n": "string",
            "x": "string",
            "y": "string",
        }],
        jwks_uri="string",
        consent_method="string",
        admin_note="string",
        grant_types=["string"],
        login_uri="string",
        logo="string",
        logo_uri="string",
        omit_secret=False,
        pkce_required=False,
        policy_uri="string",
        post_logout_redirect_uris=["string"],
        profile="string",
        redirect_uris=["string"],
        refresh_token_leeway=0,
        refresh_token_rotation="string",
        response_types=["string"],
        status="string",
        token_endpoint_auth_method="string",
        tos_uri="string",
        accessibility_login_redirect_url="string",
        user_name_template="string",
        user_name_template_push_status="string",
        user_name_template_suffix="string",
        user_name_template_type="string",
        wildcard_redirect="string")
    
    const oauthResource = new okta.app.OAuth("oauthResource", {
        label: "string",
        type: "string",
        clientUri: "string",
        appSettingsJson: "string",
        appLinksJson: "string",
        loginMode: "string",
        authenticationPolicy: "string",
        autoKeyRotation: false,
        autoSubmitToolbar: false,
        clientBasicSecret: "string",
        clientId: "string",
        accessibilityErrorRedirectUrl: "string",
        accessibilitySelfService: false,
        enduserNote: "string",
        loginScopes: ["string"],
        groupsClaim: {
            name: "string",
            type: "string",
            value: "string",
            filterType: "string",
            issuerMode: "string",
        },
        hideIos: false,
        hideWeb: false,
        implicitAssignment: false,
        issuerMode: "string",
        jwks: [{
            kid: "string",
            kty: "string",
            e: "string",
            n: "string",
            x: "string",
            y: "string",
        }],
        jwksUri: "string",
        consentMethod: "string",
        adminNote: "string",
        grantTypes: ["string"],
        loginUri: "string",
        logo: "string",
        logoUri: "string",
        omitSecret: false,
        pkceRequired: false,
        policyUri: "string",
        postLogoutRedirectUris: ["string"],
        profile: "string",
        redirectUris: ["string"],
        refreshTokenLeeway: 0,
        refreshTokenRotation: "string",
        responseTypes: ["string"],
        status: "string",
        tokenEndpointAuthMethod: "string",
        tosUri: "string",
        accessibilityLoginRedirectUrl: "string",
        userNameTemplate: "string",
        userNameTemplatePushStatus: "string",
        userNameTemplateSuffix: "string",
        userNameTemplateType: "string",
        wildcardRedirect: "string",
    });
    
    type: okta:app:OAuth
    properties:
        accessibilityErrorRedirectUrl: string
        accessibilityLoginRedirectUrl: string
        accessibilitySelfService: false
        adminNote: string
        appLinksJson: string
        appSettingsJson: string
        authenticationPolicy: string
        autoKeyRotation: false
        autoSubmitToolbar: false
        clientBasicSecret: string
        clientId: string
        clientUri: string
        consentMethod: string
        enduserNote: string
        grantTypes:
            - string
        groupsClaim:
            filterType: string
            issuerMode: string
            name: string
            type: string
            value: string
        hideIos: false
        hideWeb: false
        implicitAssignment: false
        issuerMode: string
        jwks:
            - e: string
              kid: string
              kty: string
              "n": string
              x: string
              "y": string
        jwksUri: string
        label: string
        loginMode: string
        loginScopes:
            - string
        loginUri: string
        logo: string
        logoUri: string
        omitSecret: false
        pkceRequired: false
        policyUri: string
        postLogoutRedirectUris:
            - string
        profile: string
        redirectUris:
            - string
        refreshTokenLeeway: 0
        refreshTokenRotation: string
        responseTypes:
            - string
        status: string
        tokenEndpointAuthMethod: string
        tosUri: string
        type: string
        userNameTemplate: string
        userNameTemplatePushStatus: string
        userNameTemplateSuffix: string
        userNameTemplateType: string
        wildcardRedirect: string
    

    OAuth Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The OAuth resource accepts the following input properties:

    Label string
    The Application's display name.
    Type string
    The type of client application.
    AccessibilityErrorRedirectUrl string
    Custom error page URL
    AccessibilityLoginRedirectUrl string
    Custom login page URL
    AccessibilitySelfService bool
    Enable self service. Default is false
    AdminNote string
    Application notes for admins.
    AppLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    AppSettingsJson string
    Application settings in JSON format
    AuthenticationPolicy string
    The ID of the associated appsignonpolicy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    AutoKeyRotation bool
    Requested key rotation mode. If autokeyrotation isn't specified, the client automatically opts in for Okta's key rotation. You can update this property via the API or via the administrator UI. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object"
    AutoSubmitToolbar bool
    Display auto submit toolbar
    ClientBasicSecret string
    The user provided OAuth client secret key value, this can be set when tokenendpointauthmethod is clientsecretbasic. This does nothing when `omitsecret is set to true.
    ClientId string
    OAuth client ID. If set during creation, app is created with this id.
    ClientUri string
    URI to a web page providing information about the client.
    ConsentMethod string
    Early Access Property. Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED
    EnduserNote string
    Application notes for end users.
    GrantTypes List<string>
    List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
    GroupsClaim OAuthGroupsClaim
    Groups claim for an OpenID Connect client application (argument is ignored when API auth is done with OAuth 2.0 credentials)
    HideIos bool
    Do not display application icon on mobile app
    HideWeb bool
    Do not display application icon to users
    ImplicitAssignment bool
    Early Access Property. Enable Federation Broker Mode.
    IssuerMode string
    Early Access Property. Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
    Jwks List<OAuthJwk>
    JwksUri string
    URL reference to JWKS
    LoginMode string
    The type of Idp-Initiated login that the client supports, if any
    LoginScopes List<string>
    List of scopes to use for the request
    LoginUri string
    URI that initiates login.
    Logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    LogoUri string
    URI that references a logo for the client.
    OmitSecret bool
    This tells the provider not manage the clientsecret value in state. When this is false (the default), it will cause the auto-generated clientsecret to be persisted in the client_secret attribute in state. This also means that every time an update to this app is run, this value is also set on the API. If this changes from false => true, the client_secret is dropped from state and the secret at the time of the apply is what remains. If this is ever changes from true => false your app will be recreated, due to the need to regenerate a secret we can store in state.
    PkceRequired bool
    Require Proof Key for Code Exchange (PKCE) for additional verification key rotation mode. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object
    PolicyUri string
    URI to web page providing client policy document.
    PostLogoutRedirectUris List<string>
    List of URIs for redirection after logout. Note: see oktaappoauthpostlogoutredirecturi for appending to this list in a decentralized way.
    Profile string
    Custom JSON that represents an OAuth application's profile
    RedirectUris List<string>
    List of URIs for use in the redirect-based flow. This is required for all application types except service. Note: see oktaappoauthredirecturi for appending to this list in a decentralized way.
    RefreshTokenLeeway int
    Early Access Property Grace period for token rotation, required with grant types refresh_token
    RefreshTokenRotation string
    Early Access Property Refresh token rotation behavior, required with grant types refresh_token
    ResponseTypes List<string>
    List of OAuth 2.0 response type strings.
    Status string
    Status of application. By default, it is ACTIVE
    TokenEndpointAuthMethod string
    Requested authentication method for the token endpoint.
    TosUri string
    URI to web page providing client tos (terms of service).
    UserNameTemplate string
    Username template. Default: ${source.login}
    UserNameTemplatePushStatus string
    Push username on update. Valid values: PUSH and DONT_PUSH
    UserNameTemplateSuffix string
    Username template suffix
    UserNameTemplateType string
    Username template type. Default: BUILT_IN
    WildcardRedirect string
    Early Access Property. Indicates if the client is allowed to use wildcard matching of redirect_uris
    Label string
    The Application's display name.
    Type string
    The type of client application.
    AccessibilityErrorRedirectUrl string
    Custom error page URL
    AccessibilityLoginRedirectUrl string
    Custom login page URL
    AccessibilitySelfService bool
    Enable self service. Default is false
    AdminNote string
    Application notes for admins.
    AppLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    AppSettingsJson string
    Application settings in JSON format
    AuthenticationPolicy string
    The ID of the associated appsignonpolicy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    AutoKeyRotation bool
    Requested key rotation mode. If autokeyrotation isn't specified, the client automatically opts in for Okta's key rotation. You can update this property via the API or via the administrator UI. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object"
    AutoSubmitToolbar bool
    Display auto submit toolbar
    ClientBasicSecret string
    The user provided OAuth client secret key value, this can be set when tokenendpointauthmethod is clientsecretbasic. This does nothing when `omitsecret is set to true.
    ClientId string
    OAuth client ID. If set during creation, app is created with this id.
    ClientUri string
    URI to a web page providing information about the client.
    ConsentMethod string
    Early Access Property. Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED
    EnduserNote string
    Application notes for end users.
    GrantTypes []string
    List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
    GroupsClaim OAuthGroupsClaimArgs
    Groups claim for an OpenID Connect client application (argument is ignored when API auth is done with OAuth 2.0 credentials)
    HideIos bool
    Do not display application icon on mobile app
    HideWeb bool
    Do not display application icon to users
    ImplicitAssignment bool
    Early Access Property. Enable Federation Broker Mode.
    IssuerMode string
    Early Access Property. Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
    Jwks []OAuthJwkArgs
    JwksUri string
    URL reference to JWKS
    LoginMode string
    The type of Idp-Initiated login that the client supports, if any
    LoginScopes []string
    List of scopes to use for the request
    LoginUri string
    URI that initiates login.
    Logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    LogoUri string
    URI that references a logo for the client.
    OmitSecret bool
    This tells the provider not manage the clientsecret value in state. When this is false (the default), it will cause the auto-generated clientsecret to be persisted in the client_secret attribute in state. This also means that every time an update to this app is run, this value is also set on the API. If this changes from false => true, the client_secret is dropped from state and the secret at the time of the apply is what remains. If this is ever changes from true => false your app will be recreated, due to the need to regenerate a secret we can store in state.
    PkceRequired bool
    Require Proof Key for Code Exchange (PKCE) for additional verification key rotation mode. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object
    PolicyUri string
    URI to web page providing client policy document.
    PostLogoutRedirectUris []string
    List of URIs for redirection after logout. Note: see oktaappoauthpostlogoutredirecturi for appending to this list in a decentralized way.
    Profile string
    Custom JSON that represents an OAuth application's profile
    RedirectUris []string
    List of URIs for use in the redirect-based flow. This is required for all application types except service. Note: see oktaappoauthredirecturi for appending to this list in a decentralized way.
    RefreshTokenLeeway int
    Early Access Property Grace period for token rotation, required with grant types refresh_token
    RefreshTokenRotation string
    Early Access Property Refresh token rotation behavior, required with grant types refresh_token
    ResponseTypes []string
    List of OAuth 2.0 response type strings.
    Status string
    Status of application. By default, it is ACTIVE
    TokenEndpointAuthMethod string
    Requested authentication method for the token endpoint.
    TosUri string
    URI to web page providing client tos (terms of service).
    UserNameTemplate string
    Username template. Default: ${source.login}
    UserNameTemplatePushStatus string
    Push username on update. Valid values: PUSH and DONT_PUSH
    UserNameTemplateSuffix string
    Username template suffix
    UserNameTemplateType string
    Username template type. Default: BUILT_IN
    WildcardRedirect string
    Early Access Property. Indicates if the client is allowed to use wildcard matching of redirect_uris
    label String
    The Application's display name.
    type String
    The type of client application.
    accessibilityErrorRedirectUrl String
    Custom error page URL
    accessibilityLoginRedirectUrl String
    Custom login page URL
    accessibilitySelfService Boolean
    Enable self service. Default is false
    adminNote String
    Application notes for admins.
    appLinksJson String
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson String
    Application settings in JSON format
    authenticationPolicy String
    The ID of the associated appsignonpolicy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    autoKeyRotation Boolean
    Requested key rotation mode. If autokeyrotation isn't specified, the client automatically opts in for Okta's key rotation. You can update this property via the API or via the administrator UI. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object"
    autoSubmitToolbar Boolean
    Display auto submit toolbar
    clientBasicSecret String
    The user provided OAuth client secret key value, this can be set when tokenendpointauthmethod is clientsecretbasic. This does nothing when `omitsecret is set to true.
    clientId String
    OAuth client ID. If set during creation, app is created with this id.
    clientUri String
    URI to a web page providing information about the client.
    consentMethod String
    Early Access Property. Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED
    enduserNote String
    Application notes for end users.
    grantTypes List<String>
    List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
    groupsClaim OAuthGroupsClaim
    Groups claim for an OpenID Connect client application (argument is ignored when API auth is done with OAuth 2.0 credentials)
    hideIos Boolean
    Do not display application icon on mobile app
    hideWeb Boolean
    Do not display application icon to users
    implicitAssignment Boolean
    Early Access Property. Enable Federation Broker Mode.
    issuerMode String
    Early Access Property. Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
    jwks List<OAuthJwk>
    jwksUri String
    URL reference to JWKS
    loginMode String
    The type of Idp-Initiated login that the client supports, if any
    loginScopes List<String>
    List of scopes to use for the request
    loginUri String
    URI that initiates login.
    logo String
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    logoUri String
    URI that references a logo for the client.
    omitSecret Boolean
    This tells the provider not manage the clientsecret value in state. When this is false (the default), it will cause the auto-generated clientsecret to be persisted in the client_secret attribute in state. This also means that every time an update to this app is run, this value is also set on the API. If this changes from false => true, the client_secret is dropped from state and the secret at the time of the apply is what remains. If this is ever changes from true => false your app will be recreated, due to the need to regenerate a secret we can store in state.
    pkceRequired Boolean
    Require Proof Key for Code Exchange (PKCE) for additional verification key rotation mode. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object
    policyUri String
    URI to web page providing client policy document.
    postLogoutRedirectUris List<String>
    List of URIs for redirection after logout. Note: see oktaappoauthpostlogoutredirecturi for appending to this list in a decentralized way.
    profile String
    Custom JSON that represents an OAuth application's profile
    redirectUris List<String>
    List of URIs for use in the redirect-based flow. This is required for all application types except service. Note: see oktaappoauthredirecturi for appending to this list in a decentralized way.
    refreshTokenLeeway Integer
    Early Access Property Grace period for token rotation, required with grant types refresh_token
    refreshTokenRotation String
    Early Access Property Refresh token rotation behavior, required with grant types refresh_token
    responseTypes List<String>
    List of OAuth 2.0 response type strings.
    status String
    Status of application. By default, it is ACTIVE
    tokenEndpointAuthMethod String
    Requested authentication method for the token endpoint.
    tosUri String
    URI to web page providing client tos (terms of service).
    userNameTemplate String
    Username template. Default: ${source.login}
    userNameTemplatePushStatus String
    Push username on update. Valid values: PUSH and DONT_PUSH
    userNameTemplateSuffix String
    Username template suffix
    userNameTemplateType String
    Username template type. Default: BUILT_IN
    wildcardRedirect String
    Early Access Property. Indicates if the client is allowed to use wildcard matching of redirect_uris
    label string
    The Application's display name.
    type string
    The type of client application.
    accessibilityErrorRedirectUrl string
    Custom error page URL
    accessibilityLoginRedirectUrl string
    Custom login page URL
    accessibilitySelfService boolean
    Enable self service. Default is false
    adminNote string
    Application notes for admins.
    appLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson string
    Application settings in JSON format
    authenticationPolicy string
    The ID of the associated appsignonpolicy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    autoKeyRotation boolean
    Requested key rotation mode. If autokeyrotation isn't specified, the client automatically opts in for Okta's key rotation. You can update this property via the API or via the administrator UI. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object"
    autoSubmitToolbar boolean
    Display auto submit toolbar
    clientBasicSecret string
    The user provided OAuth client secret key value, this can be set when tokenendpointauthmethod is clientsecretbasic. This does nothing when `omitsecret is set to true.
    clientId string
    OAuth client ID. If set during creation, app is created with this id.
    clientUri string
    URI to a web page providing information about the client.
    consentMethod string
    Early Access Property. Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED
    enduserNote string
    Application notes for end users.
    grantTypes string[]
    List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
    groupsClaim OAuthGroupsClaim
    Groups claim for an OpenID Connect client application (argument is ignored when API auth is done with OAuth 2.0 credentials)
    hideIos boolean
    Do not display application icon on mobile app
    hideWeb boolean
    Do not display application icon to users
    implicitAssignment boolean
    Early Access Property. Enable Federation Broker Mode.
    issuerMode string
    Early Access Property. Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
    jwks OAuthJwk[]
    jwksUri string
    URL reference to JWKS
    loginMode string
    The type of Idp-Initiated login that the client supports, if any
    loginScopes string[]
    List of scopes to use for the request
    loginUri string
    URI that initiates login.
    logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    logoUri string
    URI that references a logo for the client.
    omitSecret boolean
    This tells the provider not manage the clientsecret value in state. When this is false (the default), it will cause the auto-generated clientsecret to be persisted in the client_secret attribute in state. This also means that every time an update to this app is run, this value is also set on the API. If this changes from false => true, the client_secret is dropped from state and the secret at the time of the apply is what remains. If this is ever changes from true => false your app will be recreated, due to the need to regenerate a secret we can store in state.
    pkceRequired boolean
    Require Proof Key for Code Exchange (PKCE) for additional verification key rotation mode. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object
    policyUri string
    URI to web page providing client policy document.
    postLogoutRedirectUris string[]
    List of URIs for redirection after logout. Note: see oktaappoauthpostlogoutredirecturi for appending to this list in a decentralized way.
    profile string
    Custom JSON that represents an OAuth application's profile
    redirectUris string[]
    List of URIs for use in the redirect-based flow. This is required for all application types except service. Note: see oktaappoauthredirecturi for appending to this list in a decentralized way.
    refreshTokenLeeway number
    Early Access Property Grace period for token rotation, required with grant types refresh_token
    refreshTokenRotation string
    Early Access Property Refresh token rotation behavior, required with grant types refresh_token
    responseTypes string[]
    List of OAuth 2.0 response type strings.
    status string
    Status of application. By default, it is ACTIVE
    tokenEndpointAuthMethod string
    Requested authentication method for the token endpoint.
    tosUri string
    URI to web page providing client tos (terms of service).
    userNameTemplate string
    Username template. Default: ${source.login}
    userNameTemplatePushStatus string
    Push username on update. Valid values: PUSH and DONT_PUSH
    userNameTemplateSuffix string
    Username template suffix
    userNameTemplateType string
    Username template type. Default: BUILT_IN
    wildcardRedirect string
    Early Access Property. Indicates if the client is allowed to use wildcard matching of redirect_uris
    label str
    The Application's display name.
    type str
    The type of client application.
    accessibility_error_redirect_url str
    Custom error page URL
    accessibility_login_redirect_url str
    Custom login page URL
    accessibility_self_service bool
    Enable self service. Default is false
    admin_note str
    Application notes for admins.
    app_links_json str
    Displays specific appLinks for the app. The value for each application link should be boolean.
    app_settings_json str
    Application settings in JSON format
    authentication_policy str
    The ID of the associated appsignonpolicy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    auto_key_rotation bool
    Requested key rotation mode. If autokeyrotation isn't specified, the client automatically opts in for Okta's key rotation. You can update this property via the API or via the administrator UI. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object"
    auto_submit_toolbar bool
    Display auto submit toolbar
    client_basic_secret str
    The user provided OAuth client secret key value, this can be set when tokenendpointauthmethod is clientsecretbasic. This does nothing when `omitsecret is set to true.
    client_id str
    OAuth client ID. If set during creation, app is created with this id.
    client_uri str
    URI to a web page providing information about the client.
    consent_method str
    Early Access Property. Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED
    enduser_note str
    Application notes for end users.
    grant_types Sequence[str]
    List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
    groups_claim OAuthGroupsClaimArgs
    Groups claim for an OpenID Connect client application (argument is ignored when API auth is done with OAuth 2.0 credentials)
    hide_ios bool
    Do not display application icon on mobile app
    hide_web bool
    Do not display application icon to users
    implicit_assignment bool
    Early Access Property. Enable Federation Broker Mode.
    issuer_mode str
    Early Access Property. Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
    jwks Sequence[OAuthJwkArgs]
    jwks_uri str
    URL reference to JWKS
    login_mode str
    The type of Idp-Initiated login that the client supports, if any
    login_scopes Sequence[str]
    List of scopes to use for the request
    login_uri str
    URI that initiates login.
    logo str
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    logo_uri str
    URI that references a logo for the client.
    omit_secret bool
    This tells the provider not manage the clientsecret value in state. When this is false (the default), it will cause the auto-generated clientsecret to be persisted in the client_secret attribute in state. This also means that every time an update to this app is run, this value is also set on the API. If this changes from false => true, the client_secret is dropped from state and the secret at the time of the apply is what remains. If this is ever changes from true => false your app will be recreated, due to the need to regenerate a secret we can store in state.
    pkce_required bool
    Require Proof Key for Code Exchange (PKCE) for additional verification key rotation mode. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object
    policy_uri str
    URI to web page providing client policy document.
    post_logout_redirect_uris Sequence[str]
    List of URIs for redirection after logout. Note: see oktaappoauthpostlogoutredirecturi for appending to this list in a decentralized way.
    profile str
    Custom JSON that represents an OAuth application's profile
    redirect_uris Sequence[str]
    List of URIs for use in the redirect-based flow. This is required for all application types except service. Note: see oktaappoauthredirecturi for appending to this list in a decentralized way.
    refresh_token_leeway int
    Early Access Property Grace period for token rotation, required with grant types refresh_token
    refresh_token_rotation str
    Early Access Property Refresh token rotation behavior, required with grant types refresh_token
    response_types Sequence[str]
    List of OAuth 2.0 response type strings.
    status str
    Status of application. By default, it is ACTIVE
    token_endpoint_auth_method str
    Requested authentication method for the token endpoint.
    tos_uri str
    URI to web page providing client tos (terms of service).
    user_name_template str
    Username template. Default: ${source.login}
    user_name_template_push_status str
    Push username on update. Valid values: PUSH and DONT_PUSH
    user_name_template_suffix str
    Username template suffix
    user_name_template_type str
    Username template type. Default: BUILT_IN
    wildcard_redirect str
    Early Access Property. Indicates if the client is allowed to use wildcard matching of redirect_uris
    label String
    The Application's display name.
    type String
    The type of client application.
    accessibilityErrorRedirectUrl String
    Custom error page URL
    accessibilityLoginRedirectUrl String
    Custom login page URL
    accessibilitySelfService Boolean
    Enable self service. Default is false
    adminNote String
    Application notes for admins.
    appLinksJson String
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson String
    Application settings in JSON format
    authenticationPolicy String
    The ID of the associated appsignonpolicy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    autoKeyRotation Boolean
    Requested key rotation mode. If autokeyrotation isn't specified, the client automatically opts in for Okta's key rotation. You can update this property via the API or via the administrator UI. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object"
    autoSubmitToolbar Boolean
    Display auto submit toolbar
    clientBasicSecret String
    The user provided OAuth client secret key value, this can be set when tokenendpointauthmethod is clientsecretbasic. This does nothing when `omitsecret is set to true.
    clientId String
    OAuth client ID. If set during creation, app is created with this id.
    clientUri String
    URI to a web page providing information about the client.
    consentMethod String
    Early Access Property. Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED
    enduserNote String
    Application notes for end users.
    grantTypes List<String>
    List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
    groupsClaim Property Map
    Groups claim for an OpenID Connect client application (argument is ignored when API auth is done with OAuth 2.0 credentials)
    hideIos Boolean
    Do not display application icon on mobile app
    hideWeb Boolean
    Do not display application icon to users
    implicitAssignment Boolean
    Early Access Property. Enable Federation Broker Mode.
    issuerMode String
    Early Access Property. Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
    jwks List<Property Map>
    jwksUri String
    URL reference to JWKS
    loginMode String
    The type of Idp-Initiated login that the client supports, if any
    loginScopes List<String>
    List of scopes to use for the request
    loginUri String
    URI that initiates login.
    logo String
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    logoUri String
    URI that references a logo for the client.
    omitSecret Boolean
    This tells the provider not manage the clientsecret value in state. When this is false (the default), it will cause the auto-generated clientsecret to be persisted in the client_secret attribute in state. This also means that every time an update to this app is run, this value is also set on the API. If this changes from false => true, the client_secret is dropped from state and the secret at the time of the apply is what remains. If this is ever changes from true => false your app will be recreated, due to the need to regenerate a secret we can store in state.
    pkceRequired Boolean
    Require Proof Key for Code Exchange (PKCE) for additional verification key rotation mode. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object
    policyUri String
    URI to web page providing client policy document.
    postLogoutRedirectUris List<String>
    List of URIs for redirection after logout. Note: see oktaappoauthpostlogoutredirecturi for appending to this list in a decentralized way.
    profile String
    Custom JSON that represents an OAuth application's profile
    redirectUris List<String>
    List of URIs for use in the redirect-based flow. This is required for all application types except service. Note: see oktaappoauthredirecturi for appending to this list in a decentralized way.
    refreshTokenLeeway Number
    Early Access Property Grace period for token rotation, required with grant types refresh_token
    refreshTokenRotation String
    Early Access Property Refresh token rotation behavior, required with grant types refresh_token
    responseTypes List<String>
    List of OAuth 2.0 response type strings.
    status String
    Status of application. By default, it is ACTIVE
    tokenEndpointAuthMethod String
    Requested authentication method for the token endpoint.
    tosUri String
    URI to web page providing client tos (terms of service).
    userNameTemplate String
    Username template. Default: ${source.login}
    userNameTemplatePushStatus String
    Push username on update. Valid values: PUSH and DONT_PUSH
    userNameTemplateSuffix String
    Username template suffix
    userNameTemplateType String
    Username template type. Default: BUILT_IN
    wildcardRedirect String
    Early Access Property. Indicates if the client is allowed to use wildcard matching of redirect_uris

    Outputs

    All input properties are implicitly available as output properties. Additionally, the OAuth resource produces the following output properties:

    ClientSecret string
    OAuth client secret value, this is output only. This will be in plain text in your statefile unless you set omit_secret above.
    Id string
    The provider-assigned unique ID for this managed resource.
    LogoUrl string
    URL of the application's logo
    Name string
    Name of the app.
    SignOnMode string
    Sign on mode of application.
    ClientSecret string
    OAuth client secret value, this is output only. This will be in plain text in your statefile unless you set omit_secret above.
    Id string
    The provider-assigned unique ID for this managed resource.
    LogoUrl string
    URL of the application's logo
    Name string
    Name of the app.
    SignOnMode string
    Sign on mode of application.
    clientSecret String
    OAuth client secret value, this is output only. This will be in plain text in your statefile unless you set omit_secret above.
    id String
    The provider-assigned unique ID for this managed resource.
    logoUrl String
    URL of the application's logo
    name String
    Name of the app.
    signOnMode String
    Sign on mode of application.
    clientSecret string
    OAuth client secret value, this is output only. This will be in plain text in your statefile unless you set omit_secret above.
    id string
    The provider-assigned unique ID for this managed resource.
    logoUrl string
    URL of the application's logo
    name string
    Name of the app.
    signOnMode string
    Sign on mode of application.
    client_secret str
    OAuth client secret value, this is output only. This will be in plain text in your statefile unless you set omit_secret above.
    id str
    The provider-assigned unique ID for this managed resource.
    logo_url str
    URL of the application's logo
    name str
    Name of the app.
    sign_on_mode str
    Sign on mode of application.
    clientSecret String
    OAuth client secret value, this is output only. This will be in plain text in your statefile unless you set omit_secret above.
    id String
    The provider-assigned unique ID for this managed resource.
    logoUrl String
    URL of the application's logo
    name String
    Name of the app.
    signOnMode String
    Sign on mode of application.

    Look up Existing OAuth Resource

    Get an existing OAuth resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: OAuthState, opts?: CustomResourceOptions): OAuth
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            accessibility_error_redirect_url: Optional[str] = None,
            accessibility_login_redirect_url: Optional[str] = None,
            accessibility_self_service: Optional[bool] = None,
            admin_note: Optional[str] = None,
            app_links_json: Optional[str] = None,
            app_settings_json: Optional[str] = None,
            authentication_policy: Optional[str] = None,
            auto_key_rotation: Optional[bool] = None,
            auto_submit_toolbar: Optional[bool] = None,
            client_basic_secret: Optional[str] = None,
            client_id: Optional[str] = None,
            client_secret: Optional[str] = None,
            client_uri: Optional[str] = None,
            consent_method: Optional[str] = None,
            enduser_note: Optional[str] = None,
            grant_types: Optional[Sequence[str]] = None,
            groups_claim: Optional[OAuthGroupsClaimArgs] = None,
            hide_ios: Optional[bool] = None,
            hide_web: Optional[bool] = None,
            implicit_assignment: Optional[bool] = None,
            issuer_mode: Optional[str] = None,
            jwks: Optional[Sequence[OAuthJwkArgs]] = None,
            jwks_uri: Optional[str] = None,
            label: Optional[str] = None,
            login_mode: Optional[str] = None,
            login_scopes: Optional[Sequence[str]] = None,
            login_uri: Optional[str] = None,
            logo: Optional[str] = None,
            logo_uri: Optional[str] = None,
            logo_url: Optional[str] = None,
            name: Optional[str] = None,
            omit_secret: Optional[bool] = None,
            pkce_required: Optional[bool] = None,
            policy_uri: Optional[str] = None,
            post_logout_redirect_uris: Optional[Sequence[str]] = None,
            profile: Optional[str] = None,
            redirect_uris: Optional[Sequence[str]] = None,
            refresh_token_leeway: Optional[int] = None,
            refresh_token_rotation: Optional[str] = None,
            response_types: Optional[Sequence[str]] = None,
            sign_on_mode: Optional[str] = None,
            status: Optional[str] = None,
            token_endpoint_auth_method: Optional[str] = None,
            tos_uri: Optional[str] = None,
            type: Optional[str] = None,
            user_name_template: Optional[str] = None,
            user_name_template_push_status: Optional[str] = None,
            user_name_template_suffix: Optional[str] = None,
            user_name_template_type: Optional[str] = None,
            wildcard_redirect: Optional[str] = None) -> OAuth
    func GetOAuth(ctx *Context, name string, id IDInput, state *OAuthState, opts ...ResourceOption) (*OAuth, error)
    public static OAuth Get(string name, Input<string> id, OAuthState? state, CustomResourceOptions? opts = null)
    public static OAuth get(String name, Output<String> id, OAuthState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessibilityErrorRedirectUrl string
    Custom error page URL
    AccessibilityLoginRedirectUrl string
    Custom login page URL
    AccessibilitySelfService bool
    Enable self service. Default is false
    AdminNote string
    Application notes for admins.
    AppLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    AppSettingsJson string
    Application settings in JSON format
    AuthenticationPolicy string
    The ID of the associated appsignonpolicy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    AutoKeyRotation bool
    Requested key rotation mode. If autokeyrotation isn't specified, the client automatically opts in for Okta's key rotation. You can update this property via the API or via the administrator UI. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object"
    AutoSubmitToolbar bool
    Display auto submit toolbar
    ClientBasicSecret string
    The user provided OAuth client secret key value, this can be set when tokenendpointauthmethod is clientsecretbasic. This does nothing when `omitsecret is set to true.
    ClientId string
    OAuth client ID. If set during creation, app is created with this id.
    ClientSecret string
    OAuth client secret value, this is output only. This will be in plain text in your statefile unless you set omit_secret above.
    ClientUri string
    URI to a web page providing information about the client.
    ConsentMethod string
    Early Access Property. Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED
    EnduserNote string
    Application notes for end users.
    GrantTypes List<string>
    List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
    GroupsClaim OAuthGroupsClaim
    Groups claim for an OpenID Connect client application (argument is ignored when API auth is done with OAuth 2.0 credentials)
    HideIos bool
    Do not display application icon on mobile app
    HideWeb bool
    Do not display application icon to users
    ImplicitAssignment bool
    Early Access Property. Enable Federation Broker Mode.
    IssuerMode string
    Early Access Property. Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
    Jwks List<OAuthJwk>
    JwksUri string
    URL reference to JWKS
    Label string
    The Application's display name.
    LoginMode string
    The type of Idp-Initiated login that the client supports, if any
    LoginScopes List<string>
    List of scopes to use for the request
    LoginUri string
    URI that initiates login.
    Logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    LogoUri string
    URI that references a logo for the client.
    LogoUrl string
    URL of the application's logo
    Name string
    Name of the app.
    OmitSecret bool
    This tells the provider not manage the clientsecret value in state. When this is false (the default), it will cause the auto-generated clientsecret to be persisted in the client_secret attribute in state. This also means that every time an update to this app is run, this value is also set on the API. If this changes from false => true, the client_secret is dropped from state and the secret at the time of the apply is what remains. If this is ever changes from true => false your app will be recreated, due to the need to regenerate a secret we can store in state.
    PkceRequired bool
    Require Proof Key for Code Exchange (PKCE) for additional verification key rotation mode. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object
    PolicyUri string
    URI to web page providing client policy document.
    PostLogoutRedirectUris List<string>
    List of URIs for redirection after logout. Note: see oktaappoauthpostlogoutredirecturi for appending to this list in a decentralized way.
    Profile string
    Custom JSON that represents an OAuth application's profile
    RedirectUris List<string>
    List of URIs for use in the redirect-based flow. This is required for all application types except service. Note: see oktaappoauthredirecturi for appending to this list in a decentralized way.
    RefreshTokenLeeway int
    Early Access Property Grace period for token rotation, required with grant types refresh_token
    RefreshTokenRotation string
    Early Access Property Refresh token rotation behavior, required with grant types refresh_token
    ResponseTypes List<string>
    List of OAuth 2.0 response type strings.
    SignOnMode string
    Sign on mode of application.
    Status string
    Status of application. By default, it is ACTIVE
    TokenEndpointAuthMethod string
    Requested authentication method for the token endpoint.
    TosUri string
    URI to web page providing client tos (terms of service).
    Type string
    The type of client application.
    UserNameTemplate string
    Username template. Default: ${source.login}
    UserNameTemplatePushStatus string
    Push username on update. Valid values: PUSH and DONT_PUSH
    UserNameTemplateSuffix string
    Username template suffix
    UserNameTemplateType string
    Username template type. Default: BUILT_IN
    WildcardRedirect string
    Early Access Property. Indicates if the client is allowed to use wildcard matching of redirect_uris
    AccessibilityErrorRedirectUrl string
    Custom error page URL
    AccessibilityLoginRedirectUrl string
    Custom login page URL
    AccessibilitySelfService bool
    Enable self service. Default is false
    AdminNote string
    Application notes for admins.
    AppLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    AppSettingsJson string
    Application settings in JSON format
    AuthenticationPolicy string
    The ID of the associated appsignonpolicy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    AutoKeyRotation bool
    Requested key rotation mode. If autokeyrotation isn't specified, the client automatically opts in for Okta's key rotation. You can update this property via the API or via the administrator UI. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object"
    AutoSubmitToolbar bool
    Display auto submit toolbar
    ClientBasicSecret string
    The user provided OAuth client secret key value, this can be set when tokenendpointauthmethod is clientsecretbasic. This does nothing when `omitsecret is set to true.
    ClientId string
    OAuth client ID. If set during creation, app is created with this id.
    ClientSecret string
    OAuth client secret value, this is output only. This will be in plain text in your statefile unless you set omit_secret above.
    ClientUri string
    URI to a web page providing information about the client.
    ConsentMethod string
    Early Access Property. Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED
    EnduserNote string
    Application notes for end users.
    GrantTypes []string
    List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
    GroupsClaim OAuthGroupsClaimArgs
    Groups claim for an OpenID Connect client application (argument is ignored when API auth is done with OAuth 2.0 credentials)
    HideIos bool
    Do not display application icon on mobile app
    HideWeb bool
    Do not display application icon to users
    ImplicitAssignment bool
    Early Access Property. Enable Federation Broker Mode.
    IssuerMode string
    Early Access Property. Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
    Jwks []OAuthJwkArgs
    JwksUri string
    URL reference to JWKS
    Label string
    The Application's display name.
    LoginMode string
    The type of Idp-Initiated login that the client supports, if any
    LoginScopes []string
    List of scopes to use for the request
    LoginUri string
    URI that initiates login.
    Logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    LogoUri string
    URI that references a logo for the client.
    LogoUrl string
    URL of the application's logo
    Name string
    Name of the app.
    OmitSecret bool
    This tells the provider not manage the clientsecret value in state. When this is false (the default), it will cause the auto-generated clientsecret to be persisted in the client_secret attribute in state. This also means that every time an update to this app is run, this value is also set on the API. If this changes from false => true, the client_secret is dropped from state and the secret at the time of the apply is what remains. If this is ever changes from true => false your app will be recreated, due to the need to regenerate a secret we can store in state.
    PkceRequired bool
    Require Proof Key for Code Exchange (PKCE) for additional verification key rotation mode. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object
    PolicyUri string
    URI to web page providing client policy document.
    PostLogoutRedirectUris []string
    List of URIs for redirection after logout. Note: see oktaappoauthpostlogoutredirecturi for appending to this list in a decentralized way.
    Profile string
    Custom JSON that represents an OAuth application's profile
    RedirectUris []string
    List of URIs for use in the redirect-based flow. This is required for all application types except service. Note: see oktaappoauthredirecturi for appending to this list in a decentralized way.
    RefreshTokenLeeway int
    Early Access Property Grace period for token rotation, required with grant types refresh_token
    RefreshTokenRotation string
    Early Access Property Refresh token rotation behavior, required with grant types refresh_token
    ResponseTypes []string
    List of OAuth 2.0 response type strings.
    SignOnMode string
    Sign on mode of application.
    Status string
    Status of application. By default, it is ACTIVE
    TokenEndpointAuthMethod string
    Requested authentication method for the token endpoint.
    TosUri string
    URI to web page providing client tos (terms of service).
    Type string
    The type of client application.
    UserNameTemplate string
    Username template. Default: ${source.login}
    UserNameTemplatePushStatus string
    Push username on update. Valid values: PUSH and DONT_PUSH
    UserNameTemplateSuffix string
    Username template suffix
    UserNameTemplateType string
    Username template type. Default: BUILT_IN
    WildcardRedirect string
    Early Access Property. Indicates if the client is allowed to use wildcard matching of redirect_uris
    accessibilityErrorRedirectUrl String
    Custom error page URL
    accessibilityLoginRedirectUrl String
    Custom login page URL
    accessibilitySelfService Boolean
    Enable self service. Default is false
    adminNote String
    Application notes for admins.
    appLinksJson String
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson String
    Application settings in JSON format
    authenticationPolicy String
    The ID of the associated appsignonpolicy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    autoKeyRotation Boolean
    Requested key rotation mode. If autokeyrotation isn't specified, the client automatically opts in for Okta's key rotation. You can update this property via the API or via the administrator UI. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object"
    autoSubmitToolbar Boolean
    Display auto submit toolbar
    clientBasicSecret String
    The user provided OAuth client secret key value, this can be set when tokenendpointauthmethod is clientsecretbasic. This does nothing when `omitsecret is set to true.
    clientId String
    OAuth client ID. If set during creation, app is created with this id.
    clientSecret String
    OAuth client secret value, this is output only. This will be in plain text in your statefile unless you set omit_secret above.
    clientUri String
    URI to a web page providing information about the client.
    consentMethod String
    Early Access Property. Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED
    enduserNote String
    Application notes for end users.
    grantTypes List<String>
    List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
    groupsClaim OAuthGroupsClaim
    Groups claim for an OpenID Connect client application (argument is ignored when API auth is done with OAuth 2.0 credentials)
    hideIos Boolean
    Do not display application icon on mobile app
    hideWeb Boolean
    Do not display application icon to users
    implicitAssignment Boolean
    Early Access Property. Enable Federation Broker Mode.
    issuerMode String
    Early Access Property. Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
    jwks List<OAuthJwk>
    jwksUri String
    URL reference to JWKS
    label String
    The Application's display name.
    loginMode String
    The type of Idp-Initiated login that the client supports, if any
    loginScopes List<String>
    List of scopes to use for the request
    loginUri String
    URI that initiates login.
    logo String
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    logoUri String
    URI that references a logo for the client.
    logoUrl String
    URL of the application's logo
    name String
    Name of the app.
    omitSecret Boolean
    This tells the provider not manage the clientsecret value in state. When this is false (the default), it will cause the auto-generated clientsecret to be persisted in the client_secret attribute in state. This also means that every time an update to this app is run, this value is also set on the API. If this changes from false => true, the client_secret is dropped from state and the secret at the time of the apply is what remains. If this is ever changes from true => false your app will be recreated, due to the need to regenerate a secret we can store in state.
    pkceRequired Boolean
    Require Proof Key for Code Exchange (PKCE) for additional verification key rotation mode. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object
    policyUri String
    URI to web page providing client policy document.
    postLogoutRedirectUris List<String>
    List of URIs for redirection after logout. Note: see oktaappoauthpostlogoutredirecturi for appending to this list in a decentralized way.
    profile String
    Custom JSON that represents an OAuth application's profile
    redirectUris List<String>
    List of URIs for use in the redirect-based flow. This is required for all application types except service. Note: see oktaappoauthredirecturi for appending to this list in a decentralized way.
    refreshTokenLeeway Integer
    Early Access Property Grace period for token rotation, required with grant types refresh_token
    refreshTokenRotation String
    Early Access Property Refresh token rotation behavior, required with grant types refresh_token
    responseTypes List<String>
    List of OAuth 2.0 response type strings.
    signOnMode String
    Sign on mode of application.
    status String
    Status of application. By default, it is ACTIVE
    tokenEndpointAuthMethod String
    Requested authentication method for the token endpoint.
    tosUri String
    URI to web page providing client tos (terms of service).
    type String
    The type of client application.
    userNameTemplate String
    Username template. Default: ${source.login}
    userNameTemplatePushStatus String
    Push username on update. Valid values: PUSH and DONT_PUSH
    userNameTemplateSuffix String
    Username template suffix
    userNameTemplateType String
    Username template type. Default: BUILT_IN
    wildcardRedirect String
    Early Access Property. Indicates if the client is allowed to use wildcard matching of redirect_uris
    accessibilityErrorRedirectUrl string
    Custom error page URL
    accessibilityLoginRedirectUrl string
    Custom login page URL
    accessibilitySelfService boolean
    Enable self service. Default is false
    adminNote string
    Application notes for admins.
    appLinksJson string
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson string
    Application settings in JSON format
    authenticationPolicy string
    The ID of the associated appsignonpolicy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    autoKeyRotation boolean
    Requested key rotation mode. If autokeyrotation isn't specified, the client automatically opts in for Okta's key rotation. You can update this property via the API or via the administrator UI. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object"
    autoSubmitToolbar boolean
    Display auto submit toolbar
    clientBasicSecret string
    The user provided OAuth client secret key value, this can be set when tokenendpointauthmethod is clientsecretbasic. This does nothing when `omitsecret is set to true.
    clientId string
    OAuth client ID. If set during creation, app is created with this id.
    clientSecret string
    OAuth client secret value, this is output only. This will be in plain text in your statefile unless you set omit_secret above.
    clientUri string
    URI to a web page providing information about the client.
    consentMethod string
    Early Access Property. Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED
    enduserNote string
    Application notes for end users.
    grantTypes string[]
    List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
    groupsClaim OAuthGroupsClaim
    Groups claim for an OpenID Connect client application (argument is ignored when API auth is done with OAuth 2.0 credentials)
    hideIos boolean
    Do not display application icon on mobile app
    hideWeb boolean
    Do not display application icon to users
    implicitAssignment boolean
    Early Access Property. Enable Federation Broker Mode.
    issuerMode string
    Early Access Property. Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
    jwks OAuthJwk[]
    jwksUri string
    URL reference to JWKS
    label string
    The Application's display name.
    loginMode string
    The type of Idp-Initiated login that the client supports, if any
    loginScopes string[]
    List of scopes to use for the request
    loginUri string
    URI that initiates login.
    logo string
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    logoUri string
    URI that references a logo for the client.
    logoUrl string
    URL of the application's logo
    name string
    Name of the app.
    omitSecret boolean
    This tells the provider not manage the clientsecret value in state. When this is false (the default), it will cause the auto-generated clientsecret to be persisted in the client_secret attribute in state. This also means that every time an update to this app is run, this value is also set on the API. If this changes from false => true, the client_secret is dropped from state and the secret at the time of the apply is what remains. If this is ever changes from true => false your app will be recreated, due to the need to regenerate a secret we can store in state.
    pkceRequired boolean
    Require Proof Key for Code Exchange (PKCE) for additional verification key rotation mode. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object
    policyUri string
    URI to web page providing client policy document.
    postLogoutRedirectUris string[]
    List of URIs for redirection after logout. Note: see oktaappoauthpostlogoutredirecturi for appending to this list in a decentralized way.
    profile string
    Custom JSON that represents an OAuth application's profile
    redirectUris string[]
    List of URIs for use in the redirect-based flow. This is required for all application types except service. Note: see oktaappoauthredirecturi for appending to this list in a decentralized way.
    refreshTokenLeeway number
    Early Access Property Grace period for token rotation, required with grant types refresh_token
    refreshTokenRotation string
    Early Access Property Refresh token rotation behavior, required with grant types refresh_token
    responseTypes string[]
    List of OAuth 2.0 response type strings.
    signOnMode string
    Sign on mode of application.
    status string
    Status of application. By default, it is ACTIVE
    tokenEndpointAuthMethod string
    Requested authentication method for the token endpoint.
    tosUri string
    URI to web page providing client tos (terms of service).
    type string
    The type of client application.
    userNameTemplate string
    Username template. Default: ${source.login}
    userNameTemplatePushStatus string
    Push username on update. Valid values: PUSH and DONT_PUSH
    userNameTemplateSuffix string
    Username template suffix
    userNameTemplateType string
    Username template type. Default: BUILT_IN
    wildcardRedirect string
    Early Access Property. Indicates if the client is allowed to use wildcard matching of redirect_uris
    accessibility_error_redirect_url str
    Custom error page URL
    accessibility_login_redirect_url str
    Custom login page URL
    accessibility_self_service bool
    Enable self service. Default is false
    admin_note str
    Application notes for admins.
    app_links_json str
    Displays specific appLinks for the app. The value for each application link should be boolean.
    app_settings_json str
    Application settings in JSON format
    authentication_policy str
    The ID of the associated appsignonpolicy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    auto_key_rotation bool
    Requested key rotation mode. If autokeyrotation isn't specified, the client automatically opts in for Okta's key rotation. You can update this property via the API or via the administrator UI. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object"
    auto_submit_toolbar bool
    Display auto submit toolbar
    client_basic_secret str
    The user provided OAuth client secret key value, this can be set when tokenendpointauthmethod is clientsecretbasic. This does nothing when `omitsecret is set to true.
    client_id str
    OAuth client ID. If set during creation, app is created with this id.
    client_secret str
    OAuth client secret value, this is output only. This will be in plain text in your statefile unless you set omit_secret above.
    client_uri str
    URI to a web page providing information about the client.
    consent_method str
    Early Access Property. Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED
    enduser_note str
    Application notes for end users.
    grant_types Sequence[str]
    List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
    groups_claim OAuthGroupsClaimArgs
    Groups claim for an OpenID Connect client application (argument is ignored when API auth is done with OAuth 2.0 credentials)
    hide_ios bool
    Do not display application icon on mobile app
    hide_web bool
    Do not display application icon to users
    implicit_assignment bool
    Early Access Property. Enable Federation Broker Mode.
    issuer_mode str
    Early Access Property. Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
    jwks Sequence[OAuthJwkArgs]
    jwks_uri str
    URL reference to JWKS
    label str
    The Application's display name.
    login_mode str
    The type of Idp-Initiated login that the client supports, if any
    login_scopes Sequence[str]
    List of scopes to use for the request
    login_uri str
    URI that initiates login.
    logo str
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    logo_uri str
    URI that references a logo for the client.
    logo_url str
    URL of the application's logo
    name str
    Name of the app.
    omit_secret bool
    This tells the provider not manage the clientsecret value in state. When this is false (the default), it will cause the auto-generated clientsecret to be persisted in the client_secret attribute in state. This also means that every time an update to this app is run, this value is also set on the API. If this changes from false => true, the client_secret is dropped from state and the secret at the time of the apply is what remains. If this is ever changes from true => false your app will be recreated, due to the need to regenerate a secret we can store in state.
    pkce_required bool
    Require Proof Key for Code Exchange (PKCE) for additional verification key rotation mode. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object
    policy_uri str
    URI to web page providing client policy document.
    post_logout_redirect_uris Sequence[str]
    List of URIs for redirection after logout. Note: see oktaappoauthpostlogoutredirecturi for appending to this list in a decentralized way.
    profile str
    Custom JSON that represents an OAuth application's profile
    redirect_uris Sequence[str]
    List of URIs for use in the redirect-based flow. This is required for all application types except service. Note: see oktaappoauthredirecturi for appending to this list in a decentralized way.
    refresh_token_leeway int
    Early Access Property Grace period for token rotation, required with grant types refresh_token
    refresh_token_rotation str
    Early Access Property Refresh token rotation behavior, required with grant types refresh_token
    response_types Sequence[str]
    List of OAuth 2.0 response type strings.
    sign_on_mode str
    Sign on mode of application.
    status str
    Status of application. By default, it is ACTIVE
    token_endpoint_auth_method str
    Requested authentication method for the token endpoint.
    tos_uri str
    URI to web page providing client tos (terms of service).
    type str
    The type of client application.
    user_name_template str
    Username template. Default: ${source.login}
    user_name_template_push_status str
    Push username on update. Valid values: PUSH and DONT_PUSH
    user_name_template_suffix str
    Username template suffix
    user_name_template_type str
    Username template type. Default: BUILT_IN
    wildcard_redirect str
    Early Access Property. Indicates if the client is allowed to use wildcard matching of redirect_uris
    accessibilityErrorRedirectUrl String
    Custom error page URL
    accessibilityLoginRedirectUrl String
    Custom login page URL
    accessibilitySelfService Boolean
    Enable self service. Default is false
    adminNote String
    Application notes for admins.
    appLinksJson String
    Displays specific appLinks for the app. The value for each application link should be boolean.
    appSettingsJson String
    Application settings in JSON format
    authenticationPolicy String
    The ID of the associated appsignonpolicy. If this property is removed from the application the default sign-on-policy will be associated with this application.
    autoKeyRotation Boolean
    Requested key rotation mode. If autokeyrotation isn't specified, the client automatically opts in for Okta's key rotation. You can update this property via the API or via the administrator UI. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object"
    autoSubmitToolbar Boolean
    Display auto submit toolbar
    clientBasicSecret String
    The user provided OAuth client secret key value, this can be set when tokenendpointauthmethod is clientsecretbasic. This does nothing when `omitsecret is set to true.
    clientId String
    OAuth client ID. If set during creation, app is created with this id.
    clientSecret String
    OAuth client secret value, this is output only. This will be in plain text in your statefile unless you set omit_secret above.
    clientUri String
    URI to a web page providing information about the client.
    consentMethod String
    Early Access Property. Indicates whether user consent is required or implicit. Valid values: REQUIRED, TRUSTED. Default value is TRUSTED
    enduserNote String
    Application notes for end users.
    grantTypes List<String>
    List of OAuth 2.0 grant types. Conditional validation params found here https://developer.okta.com/docs/api/resources/apps#credentials-settings-details. Defaults to minimum requirements per app type.
    groupsClaim Property Map
    Groups claim for an OpenID Connect client application (argument is ignored when API auth is done with OAuth 2.0 credentials)
    hideIos Boolean
    Do not display application icon on mobile app
    hideWeb Boolean
    Do not display application icon to users
    implicitAssignment Boolean
    Early Access Property. Enable Federation Broker Mode.
    issuerMode String
    Early Access Property. Indicates whether the Okta Authorization Server uses the original Okta org domain URL or a custom domain URL as the issuer of ID token for this client.
    jwks List<Property Map>
    jwksUri String
    URL reference to JWKS
    label String
    The Application's display name.
    loginMode String
    The type of Idp-Initiated login that the client supports, if any
    loginScopes List<String>
    List of scopes to use for the request
    loginUri String
    URI that initiates login.
    logo String
    Local file path to the logo. The file must be in PNG, JPG, or GIF format, and less than 1 MB in size.
    logoUri String
    URI that references a logo for the client.
    logoUrl String
    URL of the application's logo
    name String
    Name of the app.
    omitSecret Boolean
    This tells the provider not manage the clientsecret value in state. When this is false (the default), it will cause the auto-generated clientsecret to be persisted in the client_secret attribute in state. This also means that every time an update to this app is run, this value is also set on the API. If this changes from false => true, the client_secret is dropped from state and the secret at the time of the apply is what remains. If this is ever changes from true => false your app will be recreated, due to the need to regenerate a secret we can store in state.
    pkceRequired Boolean
    Require Proof Key for Code Exchange (PKCE) for additional verification key rotation mode. See: https://developer.okta.com/docs/reference/api/apps/#oauth-credential-object
    policyUri String
    URI to web page providing client policy document.
    postLogoutRedirectUris List<String>
    List of URIs for redirection after logout. Note: see oktaappoauthpostlogoutredirecturi for appending to this list in a decentralized way.
    profile String
    Custom JSON that represents an OAuth application's profile
    redirectUris List<String>
    List of URIs for use in the redirect-based flow. This is required for all application types except service. Note: see oktaappoauthredirecturi for appending to this list in a decentralized way.
    refreshTokenLeeway Number
    Early Access Property Grace period for token rotation, required with grant types refresh_token
    refreshTokenRotation String
    Early Access Property Refresh token rotation behavior, required with grant types refresh_token
    responseTypes List<String>
    List of OAuth 2.0 response type strings.
    signOnMode String
    Sign on mode of application.
    status String
    Status of application. By default, it is ACTIVE
    tokenEndpointAuthMethod String
    Requested authentication method for the token endpoint.
    tosUri String
    URI to web page providing client tos (terms of service).
    type String
    The type of client application.
    userNameTemplate String
    Username template. Default: ${source.login}
    userNameTemplatePushStatus String
    Push username on update. Valid values: PUSH and DONT_PUSH
    userNameTemplateSuffix String
    Username template suffix
    userNameTemplateType String
    Username template type. Default: BUILT_IN
    wildcardRedirect String
    Early Access Property. Indicates if the client is allowed to use wildcard matching of redirect_uris

    Supporting Types

    OAuthGroupsClaim, OAuthGroupsClaimArgs

    Name string
    Name of the claim that will be used in the token.
    Type string
    Groups claim type.
    Value string
    Value of the claim. Can be an Okta Expression Language statement that evaluates at the time the token is minted.
    FilterType string
    Groups claim filter. Can only be set if type is FILTER.
    IssuerMode string
    Issuer mode inherited from OAuth App
    Name string
    Name of the claim that will be used in the token.
    Type string
    Groups claim type.
    Value string
    Value of the claim. Can be an Okta Expression Language statement that evaluates at the time the token is minted.
    FilterType string
    Groups claim filter. Can only be set if type is FILTER.
    IssuerMode string
    Issuer mode inherited from OAuth App
    name String
    Name of the claim that will be used in the token.
    type String
    Groups claim type.
    value String
    Value of the claim. Can be an Okta Expression Language statement that evaluates at the time the token is minted.
    filterType String
    Groups claim filter. Can only be set if type is FILTER.
    issuerMode String
    Issuer mode inherited from OAuth App
    name string
    Name of the claim that will be used in the token.
    type string
    Groups claim type.
    value string
    Value of the claim. Can be an Okta Expression Language statement that evaluates at the time the token is minted.
    filterType string
    Groups claim filter. Can only be set if type is FILTER.
    issuerMode string
    Issuer mode inherited from OAuth App
    name str
    Name of the claim that will be used in the token.
    type str
    Groups claim type.
    value str
    Value of the claim. Can be an Okta Expression Language statement that evaluates at the time the token is minted.
    filter_type str
    Groups claim filter. Can only be set if type is FILTER.
    issuer_mode str
    Issuer mode inherited from OAuth App
    name String
    Name of the claim that will be used in the token.
    type String
    Groups claim type.
    value String
    Value of the claim. Can be an Okta Expression Language statement that evaluates at the time the token is minted.
    filterType String
    Groups claim filter. Can only be set if type is FILTER.
    issuerMode String
    Issuer mode inherited from OAuth App

    OAuthJwk, OAuthJwkArgs

    Kid string
    Key ID
    Kty string
    Key type
    E string
    RSA Exponent
    N string
    RSA Modulus
    X string
    X coordinate of the elliptic curve point
    Y string
    Y coordinate of the elliptic curve point
    Kid string
    Key ID
    Kty string
    Key type
    E string
    RSA Exponent
    N string
    RSA Modulus
    X string
    X coordinate of the elliptic curve point
    Y string
    Y coordinate of the elliptic curve point
    kid String
    Key ID
    kty String
    Key type
    e String
    RSA Exponent
    n String
    RSA Modulus
    x String
    X coordinate of the elliptic curve point
    y String
    Y coordinate of the elliptic curve point
    kid string
    Key ID
    kty string
    Key type
    e string
    RSA Exponent
    n string
    RSA Modulus
    x string
    X coordinate of the elliptic curve point
    y string
    Y coordinate of the elliptic curve point
    kid str
    Key ID
    kty str
    Key type
    e str
    RSA Exponent
    n str
    RSA Modulus
    x str
    X coordinate of the elliptic curve point
    y str
    Y coordinate of the elliptic curve point
    kid String
    Key ID
    kty String
    Key type
    e String
    RSA Exponent
    n String
    RSA Modulus
    x String
    X coordinate of the elliptic curve point
    y String
    Y coordinate of the elliptic curve point

    Import

    $ pulumi import okta:app/oAuth:OAuth example <app_id>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Okta pulumi/pulumi-okta
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the okta Terraform Provider.
    okta logo
    Okta v4.11.3 published on Monday, Oct 21, 2024 by Pulumi