Documentation
¶
Index ¶
- type GoogleIdentityProvider
- func (*GoogleIdentityProvider) ElementType() reflect.Type
- func (i *GoogleIdentityProvider) ToGoogleIdentityProviderOutput() GoogleIdentityProviderOutput
- func (i *GoogleIdentityProvider) ToGoogleIdentityProviderOutputWithContext(ctx context.Context) GoogleIdentityProviderOutput
- func (i *GoogleIdentityProvider) ToGoogleIdentityProviderPtrOutput() GoogleIdentityProviderPtrOutput
- func (i *GoogleIdentityProvider) ToGoogleIdentityProviderPtrOutputWithContext(ctx context.Context) GoogleIdentityProviderPtrOutput
- type GoogleIdentityProviderArgs
- type GoogleIdentityProviderArray
- func (GoogleIdentityProviderArray) ElementType() reflect.Type
- func (i GoogleIdentityProviderArray) ToGoogleIdentityProviderArrayOutput() GoogleIdentityProviderArrayOutput
- func (i GoogleIdentityProviderArray) ToGoogleIdentityProviderArrayOutputWithContext(ctx context.Context) GoogleIdentityProviderArrayOutput
- type GoogleIdentityProviderArrayInput
- type GoogleIdentityProviderArrayOutput
- func (GoogleIdentityProviderArrayOutput) ElementType() reflect.Type
- func (o GoogleIdentityProviderArrayOutput) Index(i pulumi.IntInput) GoogleIdentityProviderOutput
- func (o GoogleIdentityProviderArrayOutput) ToGoogleIdentityProviderArrayOutput() GoogleIdentityProviderArrayOutput
- func (o GoogleIdentityProviderArrayOutput) ToGoogleIdentityProviderArrayOutputWithContext(ctx context.Context) GoogleIdentityProviderArrayOutput
- type GoogleIdentityProviderInput
- type GoogleIdentityProviderMap
- type GoogleIdentityProviderMapInput
- type GoogleIdentityProviderMapOutput
- func (GoogleIdentityProviderMapOutput) ElementType() reflect.Type
- func (o GoogleIdentityProviderMapOutput) MapIndex(k pulumi.StringInput) GoogleIdentityProviderOutput
- func (o GoogleIdentityProviderMapOutput) ToGoogleIdentityProviderMapOutput() GoogleIdentityProviderMapOutput
- func (o GoogleIdentityProviderMapOutput) ToGoogleIdentityProviderMapOutputWithContext(ctx context.Context) GoogleIdentityProviderMapOutput
- type GoogleIdentityProviderOutput
- func (GoogleIdentityProviderOutput) ElementType() reflect.Type
- func (o GoogleIdentityProviderOutput) ToGoogleIdentityProviderOutput() GoogleIdentityProviderOutput
- func (o GoogleIdentityProviderOutput) ToGoogleIdentityProviderOutputWithContext(ctx context.Context) GoogleIdentityProviderOutput
- func (o GoogleIdentityProviderOutput) ToGoogleIdentityProviderPtrOutput() GoogleIdentityProviderPtrOutput
- func (o GoogleIdentityProviderOutput) ToGoogleIdentityProviderPtrOutputWithContext(ctx context.Context) GoogleIdentityProviderPtrOutput
- type GoogleIdentityProviderPtrInput
- type GoogleIdentityProviderPtrOutput
- func (GoogleIdentityProviderPtrOutput) ElementType() reflect.Type
- func (o GoogleIdentityProviderPtrOutput) ToGoogleIdentityProviderPtrOutput() GoogleIdentityProviderPtrOutput
- func (o GoogleIdentityProviderPtrOutput) ToGoogleIdentityProviderPtrOutputWithContext(ctx context.Context) GoogleIdentityProviderPtrOutput
- type GoogleIdentityProviderState
- type IdentityProvider
- func (*IdentityProvider) ElementType() reflect.Type
- func (i *IdentityProvider) ToIdentityProviderOutput() IdentityProviderOutput
- func (i *IdentityProvider) ToIdentityProviderOutputWithContext(ctx context.Context) IdentityProviderOutput
- func (i *IdentityProvider) ToIdentityProviderPtrOutput() IdentityProviderPtrOutput
- func (i *IdentityProvider) ToIdentityProviderPtrOutputWithContext(ctx context.Context) IdentityProviderPtrOutput
- type IdentityProviderArgs
- type IdentityProviderArray
- type IdentityProviderArrayInput
- type IdentityProviderArrayOutput
- func (IdentityProviderArrayOutput) ElementType() reflect.Type
- func (o IdentityProviderArrayOutput) Index(i pulumi.IntInput) IdentityProviderOutput
- func (o IdentityProviderArrayOutput) ToIdentityProviderArrayOutput() IdentityProviderArrayOutput
- func (o IdentityProviderArrayOutput) ToIdentityProviderArrayOutputWithContext(ctx context.Context) IdentityProviderArrayOutput
- type IdentityProviderInput
- type IdentityProviderMap
- type IdentityProviderMapInput
- type IdentityProviderMapOutput
- func (IdentityProviderMapOutput) ElementType() reflect.Type
- func (o IdentityProviderMapOutput) MapIndex(k pulumi.StringInput) IdentityProviderOutput
- func (o IdentityProviderMapOutput) ToIdentityProviderMapOutput() IdentityProviderMapOutput
- func (o IdentityProviderMapOutput) ToIdentityProviderMapOutputWithContext(ctx context.Context) IdentityProviderMapOutput
- type IdentityProviderOutput
- func (IdentityProviderOutput) ElementType() reflect.Type
- func (o IdentityProviderOutput) ToIdentityProviderOutput() IdentityProviderOutput
- func (o IdentityProviderOutput) ToIdentityProviderOutputWithContext(ctx context.Context) IdentityProviderOutput
- func (o IdentityProviderOutput) ToIdentityProviderPtrOutput() IdentityProviderPtrOutput
- func (o IdentityProviderOutput) ToIdentityProviderPtrOutputWithContext(ctx context.Context) IdentityProviderPtrOutput
- type IdentityProviderPtrInput
- type IdentityProviderPtrOutput
- type IdentityProviderState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type GoogleIdentityProvider ¶
type GoogleIdentityProvider struct { pulumi.CustomResourceState // When `true`, unauthenticated requests with `prompt=none` will be forwarded to Google instead of returning an error. Defaults to `false`. AcceptsPromptNoneForwardFromClient pulumi.BoolPtrOutput `pulumi:"acceptsPromptNoneForwardFromClient"` // When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. AddReadTokenRoleOnCreate pulumi.BoolPtrOutput `pulumi:"addReadTokenRoleOnCreate"` // (Computed) The alias for the Google identity provider. Alias pulumi.StringOutput `pulumi:"alias"` // Enable/disable authenticate users by default. AuthenticateByDefault pulumi.BoolPtrOutput `pulumi:"authenticateByDefault"` // The client or client identifier registered within the identity provider. ClientId pulumi.StringOutput `pulumi:"clientId"` // The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format. ClientSecret pulumi.StringOutput `pulumi:"clientSecret"` // The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid profile email`. DefaultScopes pulumi.StringPtrOutput `pulumi:"defaultScopes"` // When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`. DisableUserInfo pulumi.BoolPtrOutput `pulumi:"disableUserInfo"` // (Computed) Display name for the Google identity provider in the GUI. DisplayName pulumi.StringOutput `pulumi:"displayName"` // When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`. Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` ExtraConfig pulumi.MapOutput `pulumi:"extraConfig"` // The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`. FirstBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"firstBrokerLoginFlowAlias"` // When `true`, this identity provider will be hidden on the login page. Defaults to `false`. HideOnLoginPage pulumi.BoolPtrOutput `pulumi:"hideOnLoginPage"` // Sets the "hd" query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak will validate that the returned identity token has a claim for this domain. When `*` is entered, an account from any domain can be used. HostedDomain pulumi.StringPtrOutput `pulumi:"hostedDomain"` // (Computed) The unique ID that Keycloak assigns to the identity provider upon creation. InternalId pulumi.StringOutput `pulumi:"internalId"` // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly pulumi.BoolPtrOutput `pulumi:"linkOnly"` // The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. PostBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"postBrokerLoginFlowAlias"` // The ID of the identity provider to use. Defaults to `google`, which should be used unless you have extended Keycloak and provided your own implementation. ProviderId pulumi.StringPtrOutput `pulumi:"providerId"` // The name of the realm. This is unique across Keycloak. Realm pulumi.StringOutput `pulumi:"realm"` // Sets the "accessType" query parameter to "offline" when redirecting to google authorization endpoint,to get a refresh token back. This is useful for using Token Exchange to retrieve a Google token to access Google APIs when the user is offline. RequestRefreshToken pulumi.BoolPtrOutput `pulumi:"requestRefreshToken"` // When `true`, tokens will be stored after authenticating users. Defaults to `true`. StoreToken pulumi.BoolPtrOutput `pulumi:"storeToken"` // When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. TrustEmail pulumi.BoolPtrOutput `pulumi:"trustEmail"` // Sets the "userIp" query parameter when querying Google's User Info service. This will use the user's IP address. This is useful if Google is throttling Keycloak's access to the User Info service. UseUserIpParam pulumi.BoolPtrOutput `pulumi:"useUserIpParam"` }
Allows for creating and managing OIDC Identity Providers within Keycloak.
OIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v3/go/keycloak" "github.com/pulumi/pulumi-keycloak/sdk/v3/go/keycloak/oidc" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ Realm: pulumi.String("my-realm"), Enabled: pulumi.Bool(true), }) if err != nil { return err } _, err = oidc.NewGoogleIdentityProvider(ctx, "google", &oidc.GoogleIdentityProviderArgs{ Realm: realm.ID(), ClientId: pulumi.Any(_var.Google_identity_provider_client_id), ClientSecret: pulumi.Any(_var.Google_identity_provider_client_secret), TrustEmail: pulumi.Bool(true), HostedDomain: pulumi.String("example.com"), ExtraConfig: pulumi.StringMap{ "syncMode": pulumi.String("IMPORT"), }, }) if err != nil { return err } return nil }) }
```
## Import
This resource does not yet support importing.
func GetGoogleIdentityProvider ¶
func GetGoogleIdentityProvider(ctx *pulumi.Context, name string, id pulumi.IDInput, state *GoogleIdentityProviderState, opts ...pulumi.ResourceOption) (*GoogleIdentityProvider, error)
GetGoogleIdentityProvider gets an existing GoogleIdentityProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewGoogleIdentityProvider ¶
func NewGoogleIdentityProvider(ctx *pulumi.Context, name string, args *GoogleIdentityProviderArgs, opts ...pulumi.ResourceOption) (*GoogleIdentityProvider, error)
NewGoogleIdentityProvider registers a new resource with the given unique name, arguments, and options.
func (*GoogleIdentityProvider) ElementType ¶ added in v3.1.1
func (*GoogleIdentityProvider) ElementType() reflect.Type
func (*GoogleIdentityProvider) ToGoogleIdentityProviderOutput ¶ added in v3.1.1
func (i *GoogleIdentityProvider) ToGoogleIdentityProviderOutput() GoogleIdentityProviderOutput
func (*GoogleIdentityProvider) ToGoogleIdentityProviderOutputWithContext ¶ added in v3.1.1
func (i *GoogleIdentityProvider) ToGoogleIdentityProviderOutputWithContext(ctx context.Context) GoogleIdentityProviderOutput
func (*GoogleIdentityProvider) ToGoogleIdentityProviderPtrOutput ¶ added in v3.4.1
func (i *GoogleIdentityProvider) ToGoogleIdentityProviderPtrOutput() GoogleIdentityProviderPtrOutput
func (*GoogleIdentityProvider) ToGoogleIdentityProviderPtrOutputWithContext ¶ added in v3.4.1
func (i *GoogleIdentityProvider) ToGoogleIdentityProviderPtrOutputWithContext(ctx context.Context) GoogleIdentityProviderPtrOutput
type GoogleIdentityProviderArgs ¶
type GoogleIdentityProviderArgs struct { // When `true`, unauthenticated requests with `prompt=none` will be forwarded to Google instead of returning an error. Defaults to `false`. AcceptsPromptNoneForwardFromClient pulumi.BoolPtrInput // When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. AddReadTokenRoleOnCreate pulumi.BoolPtrInput // Enable/disable authenticate users by default. AuthenticateByDefault pulumi.BoolPtrInput // The client or client identifier registered within the identity provider. ClientId pulumi.StringInput // The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format. ClientSecret pulumi.StringInput // The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid profile email`. DefaultScopes pulumi.StringPtrInput // When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`. DisableUserInfo pulumi.BoolPtrInput // When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`. Enabled pulumi.BoolPtrInput ExtraConfig pulumi.MapInput // The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`. FirstBrokerLoginFlowAlias pulumi.StringPtrInput // When `true`, this identity provider will be hidden on the login page. Defaults to `false`. HideOnLoginPage pulumi.BoolPtrInput // Sets the "hd" query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak will validate that the returned identity token has a claim for this domain. When `*` is entered, an account from any domain can be used. HostedDomain pulumi.StringPtrInput // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly pulumi.BoolPtrInput // The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. PostBrokerLoginFlowAlias pulumi.StringPtrInput // The ID of the identity provider to use. Defaults to `google`, which should be used unless you have extended Keycloak and provided your own implementation. ProviderId pulumi.StringPtrInput // The name of the realm. This is unique across Keycloak. Realm pulumi.StringInput // Sets the "accessType" query parameter to "offline" when redirecting to google authorization endpoint,to get a refresh token back. This is useful for using Token Exchange to retrieve a Google token to access Google APIs when the user is offline. RequestRefreshToken pulumi.BoolPtrInput // When `true`, tokens will be stored after authenticating users. Defaults to `true`. StoreToken pulumi.BoolPtrInput // When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. TrustEmail pulumi.BoolPtrInput // Sets the "userIp" query parameter when querying Google's User Info service. This will use the user's IP address. This is useful if Google is throttling Keycloak's access to the User Info service. UseUserIpParam pulumi.BoolPtrInput }
The set of arguments for constructing a GoogleIdentityProvider resource.
func (GoogleIdentityProviderArgs) ElementType ¶
func (GoogleIdentityProviderArgs) ElementType() reflect.Type
type GoogleIdentityProviderArray ¶ added in v3.4.1
type GoogleIdentityProviderArray []GoogleIdentityProviderInput
func (GoogleIdentityProviderArray) ElementType ¶ added in v3.4.1
func (GoogleIdentityProviderArray) ElementType() reflect.Type
func (GoogleIdentityProviderArray) ToGoogleIdentityProviderArrayOutput ¶ added in v3.4.1
func (i GoogleIdentityProviderArray) ToGoogleIdentityProviderArrayOutput() GoogleIdentityProviderArrayOutput
func (GoogleIdentityProviderArray) ToGoogleIdentityProviderArrayOutputWithContext ¶ added in v3.4.1
func (i GoogleIdentityProviderArray) ToGoogleIdentityProviderArrayOutputWithContext(ctx context.Context) GoogleIdentityProviderArrayOutput
type GoogleIdentityProviderArrayInput ¶ added in v3.4.1
type GoogleIdentityProviderArrayInput interface { pulumi.Input ToGoogleIdentityProviderArrayOutput() GoogleIdentityProviderArrayOutput ToGoogleIdentityProviderArrayOutputWithContext(context.Context) GoogleIdentityProviderArrayOutput }
GoogleIdentityProviderArrayInput is an input type that accepts GoogleIdentityProviderArray and GoogleIdentityProviderArrayOutput values. You can construct a concrete instance of `GoogleIdentityProviderArrayInput` via:
GoogleIdentityProviderArray{ GoogleIdentityProviderArgs{...} }
type GoogleIdentityProviderArrayOutput ¶ added in v3.4.1
type GoogleIdentityProviderArrayOutput struct{ *pulumi.OutputState }
func (GoogleIdentityProviderArrayOutput) ElementType ¶ added in v3.4.1
func (GoogleIdentityProviderArrayOutput) ElementType() reflect.Type
func (GoogleIdentityProviderArrayOutput) Index ¶ added in v3.4.1
func (o GoogleIdentityProviderArrayOutput) Index(i pulumi.IntInput) GoogleIdentityProviderOutput
func (GoogleIdentityProviderArrayOutput) ToGoogleIdentityProviderArrayOutput ¶ added in v3.4.1
func (o GoogleIdentityProviderArrayOutput) ToGoogleIdentityProviderArrayOutput() GoogleIdentityProviderArrayOutput
func (GoogleIdentityProviderArrayOutput) ToGoogleIdentityProviderArrayOutputWithContext ¶ added in v3.4.1
func (o GoogleIdentityProviderArrayOutput) ToGoogleIdentityProviderArrayOutputWithContext(ctx context.Context) GoogleIdentityProviderArrayOutput
type GoogleIdentityProviderInput ¶ added in v3.1.1
type GoogleIdentityProviderInput interface { pulumi.Input ToGoogleIdentityProviderOutput() GoogleIdentityProviderOutput ToGoogleIdentityProviderOutputWithContext(ctx context.Context) GoogleIdentityProviderOutput }
type GoogleIdentityProviderMap ¶ added in v3.4.1
type GoogleIdentityProviderMap map[string]GoogleIdentityProviderInput
func (GoogleIdentityProviderMap) ElementType ¶ added in v3.4.1
func (GoogleIdentityProviderMap) ElementType() reflect.Type
func (GoogleIdentityProviderMap) ToGoogleIdentityProviderMapOutput ¶ added in v3.4.1
func (i GoogleIdentityProviderMap) ToGoogleIdentityProviderMapOutput() GoogleIdentityProviderMapOutput
func (GoogleIdentityProviderMap) ToGoogleIdentityProviderMapOutputWithContext ¶ added in v3.4.1
func (i GoogleIdentityProviderMap) ToGoogleIdentityProviderMapOutputWithContext(ctx context.Context) GoogleIdentityProviderMapOutput
type GoogleIdentityProviderMapInput ¶ added in v3.4.1
type GoogleIdentityProviderMapInput interface { pulumi.Input ToGoogleIdentityProviderMapOutput() GoogleIdentityProviderMapOutput ToGoogleIdentityProviderMapOutputWithContext(context.Context) GoogleIdentityProviderMapOutput }
GoogleIdentityProviderMapInput is an input type that accepts GoogleIdentityProviderMap and GoogleIdentityProviderMapOutput values. You can construct a concrete instance of `GoogleIdentityProviderMapInput` via:
GoogleIdentityProviderMap{ "key": GoogleIdentityProviderArgs{...} }
type GoogleIdentityProviderMapOutput ¶ added in v3.4.1
type GoogleIdentityProviderMapOutput struct{ *pulumi.OutputState }
func (GoogleIdentityProviderMapOutput) ElementType ¶ added in v3.4.1
func (GoogleIdentityProviderMapOutput) ElementType() reflect.Type
func (GoogleIdentityProviderMapOutput) MapIndex ¶ added in v3.4.1
func (o GoogleIdentityProviderMapOutput) MapIndex(k pulumi.StringInput) GoogleIdentityProviderOutput
func (GoogleIdentityProviderMapOutput) ToGoogleIdentityProviderMapOutput ¶ added in v3.4.1
func (o GoogleIdentityProviderMapOutput) ToGoogleIdentityProviderMapOutput() GoogleIdentityProviderMapOutput
func (GoogleIdentityProviderMapOutput) ToGoogleIdentityProviderMapOutputWithContext ¶ added in v3.4.1
func (o GoogleIdentityProviderMapOutput) ToGoogleIdentityProviderMapOutputWithContext(ctx context.Context) GoogleIdentityProviderMapOutput
type GoogleIdentityProviderOutput ¶ added in v3.1.1
type GoogleIdentityProviderOutput struct {
*pulumi.OutputState
}
func (GoogleIdentityProviderOutput) ElementType ¶ added in v3.1.1
func (GoogleIdentityProviderOutput) ElementType() reflect.Type
func (GoogleIdentityProviderOutput) ToGoogleIdentityProviderOutput ¶ added in v3.1.1
func (o GoogleIdentityProviderOutput) ToGoogleIdentityProviderOutput() GoogleIdentityProviderOutput
func (GoogleIdentityProviderOutput) ToGoogleIdentityProviderOutputWithContext ¶ added in v3.1.1
func (o GoogleIdentityProviderOutput) ToGoogleIdentityProviderOutputWithContext(ctx context.Context) GoogleIdentityProviderOutput
func (GoogleIdentityProviderOutput) ToGoogleIdentityProviderPtrOutput ¶ added in v3.4.1
func (o GoogleIdentityProviderOutput) ToGoogleIdentityProviderPtrOutput() GoogleIdentityProviderPtrOutput
func (GoogleIdentityProviderOutput) ToGoogleIdentityProviderPtrOutputWithContext ¶ added in v3.4.1
func (o GoogleIdentityProviderOutput) ToGoogleIdentityProviderPtrOutputWithContext(ctx context.Context) GoogleIdentityProviderPtrOutput
type GoogleIdentityProviderPtrInput ¶ added in v3.4.1
type GoogleIdentityProviderPtrInput interface { pulumi.Input ToGoogleIdentityProviderPtrOutput() GoogleIdentityProviderPtrOutput ToGoogleIdentityProviderPtrOutputWithContext(ctx context.Context) GoogleIdentityProviderPtrOutput }
type GoogleIdentityProviderPtrOutput ¶ added in v3.4.1
type GoogleIdentityProviderPtrOutput struct {
*pulumi.OutputState
}
func (GoogleIdentityProviderPtrOutput) ElementType ¶ added in v3.4.1
func (GoogleIdentityProviderPtrOutput) ElementType() reflect.Type
func (GoogleIdentityProviderPtrOutput) ToGoogleIdentityProviderPtrOutput ¶ added in v3.4.1
func (o GoogleIdentityProviderPtrOutput) ToGoogleIdentityProviderPtrOutput() GoogleIdentityProviderPtrOutput
func (GoogleIdentityProviderPtrOutput) ToGoogleIdentityProviderPtrOutputWithContext ¶ added in v3.4.1
func (o GoogleIdentityProviderPtrOutput) ToGoogleIdentityProviderPtrOutputWithContext(ctx context.Context) GoogleIdentityProviderPtrOutput
type GoogleIdentityProviderState ¶
type GoogleIdentityProviderState struct { // When `true`, unauthenticated requests with `prompt=none` will be forwarded to Google instead of returning an error. Defaults to `false`. AcceptsPromptNoneForwardFromClient pulumi.BoolPtrInput // When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. AddReadTokenRoleOnCreate pulumi.BoolPtrInput // (Computed) The alias for the Google identity provider. Alias pulumi.StringPtrInput // Enable/disable authenticate users by default. AuthenticateByDefault pulumi.BoolPtrInput // The client or client identifier registered within the identity provider. ClientId pulumi.StringPtrInput // The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format. ClientSecret pulumi.StringPtrInput // The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid profile email`. DefaultScopes pulumi.StringPtrInput // When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`. DisableUserInfo pulumi.BoolPtrInput // (Computed) Display name for the Google identity provider in the GUI. DisplayName pulumi.StringPtrInput // When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`. Enabled pulumi.BoolPtrInput ExtraConfig pulumi.MapInput // The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`. FirstBrokerLoginFlowAlias pulumi.StringPtrInput // When `true`, this identity provider will be hidden on the login page. Defaults to `false`. HideOnLoginPage pulumi.BoolPtrInput // Sets the "hd" query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak will validate that the returned identity token has a claim for this domain. When `*` is entered, an account from any domain can be used. HostedDomain pulumi.StringPtrInput // (Computed) The unique ID that Keycloak assigns to the identity provider upon creation. InternalId pulumi.StringPtrInput // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly pulumi.BoolPtrInput // The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. PostBrokerLoginFlowAlias pulumi.StringPtrInput // The ID of the identity provider to use. Defaults to `google`, which should be used unless you have extended Keycloak and provided your own implementation. ProviderId pulumi.StringPtrInput // The name of the realm. This is unique across Keycloak. Realm pulumi.StringPtrInput // Sets the "accessType" query parameter to "offline" when redirecting to google authorization endpoint,to get a refresh token back. This is useful for using Token Exchange to retrieve a Google token to access Google APIs when the user is offline. RequestRefreshToken pulumi.BoolPtrInput // When `true`, tokens will be stored after authenticating users. Defaults to `true`. StoreToken pulumi.BoolPtrInput // When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. TrustEmail pulumi.BoolPtrInput // Sets the "userIp" query parameter when querying Google's User Info service. This will use the user's IP address. This is useful if Google is throttling Keycloak's access to the User Info service. UseUserIpParam pulumi.BoolPtrInput }
func (GoogleIdentityProviderState) ElementType ¶
func (GoogleIdentityProviderState) ElementType() reflect.Type
type IdentityProvider ¶
type IdentityProvider struct { pulumi.CustomResourceState // When `true`, the IDP will accept forwarded authentication requests that contain the `prompt=none` query parameter. Defaults to `false`. AcceptsPromptNoneForwardFromClient pulumi.BoolPtrOutput `pulumi:"acceptsPromptNoneForwardFromClient"` // When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. AddReadTokenRoleOnCreate pulumi.BoolPtrOutput `pulumi:"addReadTokenRoleOnCreate"` // The alias uniquely identifies an identity provider and it is also used to build the redirect uri. Alias pulumi.StringOutput `pulumi:"alias"` // Enable/disable authenticate users by default. AuthenticateByDefault pulumi.BoolPtrOutput `pulumi:"authenticateByDefault"` // The Authorization Url. AuthorizationUrl pulumi.StringOutput `pulumi:"authorizationUrl"` // Does the external IDP support backchannel logout? Defaults to `true`. BackchannelSupported pulumi.BoolPtrOutput `pulumi:"backchannelSupported"` // The client or client identifier registered within the identity provider. ClientId pulumi.StringOutput `pulumi:"clientId"` // The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format. ClientSecret pulumi.StringOutput `pulumi:"clientSecret"` // The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid`. DefaultScopes pulumi.StringPtrOutput `pulumi:"defaultScopes"` // When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`. DisableUserInfo pulumi.BoolPtrOutput `pulumi:"disableUserInfo"` // Display name for the identity provider in the GUI. DisplayName pulumi.StringPtrOutput `pulumi:"displayName"` // When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`. Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` ExtraConfig pulumi.MapOutput `pulumi:"extraConfig"` // The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`. FirstBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"firstBrokerLoginFlowAlias"` // When `true`, this provider will be hidden on the login page, and is only accessible when requested explicitly. Defaults to `false`. HideOnLoginPage pulumi.BoolPtrOutput `pulumi:"hideOnLoginPage"` // (Computed) The unique ID that Keycloak assigns to the identity provider upon creation. InternalId pulumi.StringOutput `pulumi:"internalId"` // JSON Web Key Set URL. JwksUrl pulumi.StringPtrOutput `pulumi:"jwksUrl"` // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly pulumi.BoolPtrOutput `pulumi:"linkOnly"` // Pass login hint to identity provider. LoginHint pulumi.StringPtrOutput `pulumi:"loginHint"` // The Logout URL is the end session endpoint to use to logout user from external identity provider. LogoutUrl pulumi.StringPtrOutput `pulumi:"logoutUrl"` // The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. PostBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"postBrokerLoginFlowAlias"` // The ID of the identity provider to use. Defaults to `oidc`, which should be used unless you have extended Keycloak and provided your own implementation. ProviderId pulumi.StringPtrOutput `pulumi:"providerId"` // The name of the realm. This is unique across Keycloak. Realm pulumi.StringOutput `pulumi:"realm"` // When `true`, tokens will be stored after authenticating users. Defaults to `true`. StoreToken pulumi.BoolPtrOutput `pulumi:"storeToken"` // The Token URL. TokenUrl pulumi.StringOutput `pulumi:"tokenUrl"` // When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. TrustEmail pulumi.BoolPtrOutput `pulumi:"trustEmail"` // Pass current locale to identity provider. Defaults to `false`. UiLocales pulumi.BoolPtrOutput `pulumi:"uiLocales"` // User Info URL. UserInfoUrl pulumi.StringPtrOutput `pulumi:"userInfoUrl"` // Enable/disable signature validation of external IDP signatures. Defaults to `false`. ValidateSignature pulumi.BoolPtrOutput `pulumi:"validateSignature"` }
Allows for creating and managing OIDC Identity Providers within Keycloak.
OIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v3/go/keycloak" "github.com/pulumi/pulumi-keycloak/sdk/v3/go/keycloak/oidc" "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ Realm: pulumi.String("my-realm"), Enabled: pulumi.Bool(true), }) if err != nil { return err } _, err = oidc.NewIdentityProvider(ctx, "realmIdentityProvider", &oidc.IdentityProviderArgs{ Realm: realm.ID(), Alias: pulumi.String("my-idp"), AuthorizationUrl: pulumi.String("https://authorizationurl.com"), ClientId: pulumi.String("clientID"), ClientSecret: pulumi.String("clientSecret"), TokenUrl: pulumi.String("https://tokenurl.com"), ExtraConfig: pulumi.StringMap{ "clientAuthMethod": pulumi.String("client_secret_post"), }, }) if err != nil { return err } return nil }) }
```
## Import
Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias. Examplebash
```sh
$ pulumi import keycloak:oidc/identityProvider:IdentityProvider realm_identity_provider my-realm/my-idp
```
func GetIdentityProvider ¶
func GetIdentityProvider(ctx *pulumi.Context, name string, id pulumi.IDInput, state *IdentityProviderState, opts ...pulumi.ResourceOption) (*IdentityProvider, error)
GetIdentityProvider gets an existing IdentityProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewIdentityProvider ¶
func NewIdentityProvider(ctx *pulumi.Context, name string, args *IdentityProviderArgs, opts ...pulumi.ResourceOption) (*IdentityProvider, error)
NewIdentityProvider registers a new resource with the given unique name, arguments, and options.
func (*IdentityProvider) ElementType ¶ added in v3.1.1
func (*IdentityProvider) ElementType() reflect.Type
func (*IdentityProvider) ToIdentityProviderOutput ¶ added in v3.1.1
func (i *IdentityProvider) ToIdentityProviderOutput() IdentityProviderOutput
func (*IdentityProvider) ToIdentityProviderOutputWithContext ¶ added in v3.1.1
func (i *IdentityProvider) ToIdentityProviderOutputWithContext(ctx context.Context) IdentityProviderOutput
func (*IdentityProvider) ToIdentityProviderPtrOutput ¶ added in v3.4.1
func (i *IdentityProvider) ToIdentityProviderPtrOutput() IdentityProviderPtrOutput
func (*IdentityProvider) ToIdentityProviderPtrOutputWithContext ¶ added in v3.4.1
func (i *IdentityProvider) ToIdentityProviderPtrOutputWithContext(ctx context.Context) IdentityProviderPtrOutput
type IdentityProviderArgs ¶
type IdentityProviderArgs struct { // When `true`, the IDP will accept forwarded authentication requests that contain the `prompt=none` query parameter. Defaults to `false`. AcceptsPromptNoneForwardFromClient pulumi.BoolPtrInput // When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. AddReadTokenRoleOnCreate pulumi.BoolPtrInput // The alias uniquely identifies an identity provider and it is also used to build the redirect uri. Alias pulumi.StringInput // Enable/disable authenticate users by default. AuthenticateByDefault pulumi.BoolPtrInput // The Authorization Url. AuthorizationUrl pulumi.StringInput // Does the external IDP support backchannel logout? Defaults to `true`. BackchannelSupported pulumi.BoolPtrInput // The client or client identifier registered within the identity provider. ClientId pulumi.StringInput // The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format. ClientSecret pulumi.StringInput // The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid`. DefaultScopes pulumi.StringPtrInput // When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`. DisableUserInfo pulumi.BoolPtrInput // Display name for the identity provider in the GUI. DisplayName pulumi.StringPtrInput // When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`. Enabled pulumi.BoolPtrInput ExtraConfig pulumi.MapInput // The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`. FirstBrokerLoginFlowAlias pulumi.StringPtrInput // When `true`, this provider will be hidden on the login page, and is only accessible when requested explicitly. Defaults to `false`. HideOnLoginPage pulumi.BoolPtrInput // JSON Web Key Set URL. JwksUrl pulumi.StringPtrInput // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly pulumi.BoolPtrInput // Pass login hint to identity provider. LoginHint pulumi.StringPtrInput // The Logout URL is the end session endpoint to use to logout user from external identity provider. LogoutUrl pulumi.StringPtrInput // The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. PostBrokerLoginFlowAlias pulumi.StringPtrInput // The ID of the identity provider to use. Defaults to `oidc`, which should be used unless you have extended Keycloak and provided your own implementation. ProviderId pulumi.StringPtrInput // The name of the realm. This is unique across Keycloak. Realm pulumi.StringInput // When `true`, tokens will be stored after authenticating users. Defaults to `true`. StoreToken pulumi.BoolPtrInput // The Token URL. TokenUrl pulumi.StringInput // When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. TrustEmail pulumi.BoolPtrInput // Pass current locale to identity provider. Defaults to `false`. UiLocales pulumi.BoolPtrInput // User Info URL. UserInfoUrl pulumi.StringPtrInput // Enable/disable signature validation of external IDP signatures. Defaults to `false`. ValidateSignature pulumi.BoolPtrInput }
The set of arguments for constructing a IdentityProvider resource.
func (IdentityProviderArgs) ElementType ¶
func (IdentityProviderArgs) ElementType() reflect.Type
type IdentityProviderArray ¶ added in v3.4.1
type IdentityProviderArray []IdentityProviderInput
func (IdentityProviderArray) ElementType ¶ added in v3.4.1
func (IdentityProviderArray) ElementType() reflect.Type
func (IdentityProviderArray) ToIdentityProviderArrayOutput ¶ added in v3.4.1
func (i IdentityProviderArray) ToIdentityProviderArrayOutput() IdentityProviderArrayOutput
func (IdentityProviderArray) ToIdentityProviderArrayOutputWithContext ¶ added in v3.4.1
func (i IdentityProviderArray) ToIdentityProviderArrayOutputWithContext(ctx context.Context) IdentityProviderArrayOutput
type IdentityProviderArrayInput ¶ added in v3.4.1
type IdentityProviderArrayInput interface { pulumi.Input ToIdentityProviderArrayOutput() IdentityProviderArrayOutput ToIdentityProviderArrayOutputWithContext(context.Context) IdentityProviderArrayOutput }
IdentityProviderArrayInput is an input type that accepts IdentityProviderArray and IdentityProviderArrayOutput values. You can construct a concrete instance of `IdentityProviderArrayInput` via:
IdentityProviderArray{ IdentityProviderArgs{...} }
type IdentityProviderArrayOutput ¶ added in v3.4.1
type IdentityProviderArrayOutput struct{ *pulumi.OutputState }
func (IdentityProviderArrayOutput) ElementType ¶ added in v3.4.1
func (IdentityProviderArrayOutput) ElementType() reflect.Type
func (IdentityProviderArrayOutput) Index ¶ added in v3.4.1
func (o IdentityProviderArrayOutput) Index(i pulumi.IntInput) IdentityProviderOutput
func (IdentityProviderArrayOutput) ToIdentityProviderArrayOutput ¶ added in v3.4.1
func (o IdentityProviderArrayOutput) ToIdentityProviderArrayOutput() IdentityProviderArrayOutput
func (IdentityProviderArrayOutput) ToIdentityProviderArrayOutputWithContext ¶ added in v3.4.1
func (o IdentityProviderArrayOutput) ToIdentityProviderArrayOutputWithContext(ctx context.Context) IdentityProviderArrayOutput
type IdentityProviderInput ¶ added in v3.1.1
type IdentityProviderInput interface { pulumi.Input ToIdentityProviderOutput() IdentityProviderOutput ToIdentityProviderOutputWithContext(ctx context.Context) IdentityProviderOutput }
type IdentityProviderMap ¶ added in v3.4.1
type IdentityProviderMap map[string]IdentityProviderInput
func (IdentityProviderMap) ElementType ¶ added in v3.4.1
func (IdentityProviderMap) ElementType() reflect.Type
func (IdentityProviderMap) ToIdentityProviderMapOutput ¶ added in v3.4.1
func (i IdentityProviderMap) ToIdentityProviderMapOutput() IdentityProviderMapOutput
func (IdentityProviderMap) ToIdentityProviderMapOutputWithContext ¶ added in v3.4.1
func (i IdentityProviderMap) ToIdentityProviderMapOutputWithContext(ctx context.Context) IdentityProviderMapOutput
type IdentityProviderMapInput ¶ added in v3.4.1
type IdentityProviderMapInput interface { pulumi.Input ToIdentityProviderMapOutput() IdentityProviderMapOutput ToIdentityProviderMapOutputWithContext(context.Context) IdentityProviderMapOutput }
IdentityProviderMapInput is an input type that accepts IdentityProviderMap and IdentityProviderMapOutput values. You can construct a concrete instance of `IdentityProviderMapInput` via:
IdentityProviderMap{ "key": IdentityProviderArgs{...} }
type IdentityProviderMapOutput ¶ added in v3.4.1
type IdentityProviderMapOutput struct{ *pulumi.OutputState }
func (IdentityProviderMapOutput) ElementType ¶ added in v3.4.1
func (IdentityProviderMapOutput) ElementType() reflect.Type
func (IdentityProviderMapOutput) MapIndex ¶ added in v3.4.1
func (o IdentityProviderMapOutput) MapIndex(k pulumi.StringInput) IdentityProviderOutput
func (IdentityProviderMapOutput) ToIdentityProviderMapOutput ¶ added in v3.4.1
func (o IdentityProviderMapOutput) ToIdentityProviderMapOutput() IdentityProviderMapOutput
func (IdentityProviderMapOutput) ToIdentityProviderMapOutputWithContext ¶ added in v3.4.1
func (o IdentityProviderMapOutput) ToIdentityProviderMapOutputWithContext(ctx context.Context) IdentityProviderMapOutput
type IdentityProviderOutput ¶ added in v3.1.1
type IdentityProviderOutput struct {
*pulumi.OutputState
}
func (IdentityProviderOutput) ElementType ¶ added in v3.1.1
func (IdentityProviderOutput) ElementType() reflect.Type
func (IdentityProviderOutput) ToIdentityProviderOutput ¶ added in v3.1.1
func (o IdentityProviderOutput) ToIdentityProviderOutput() IdentityProviderOutput
func (IdentityProviderOutput) ToIdentityProviderOutputWithContext ¶ added in v3.1.1
func (o IdentityProviderOutput) ToIdentityProviderOutputWithContext(ctx context.Context) IdentityProviderOutput
func (IdentityProviderOutput) ToIdentityProviderPtrOutput ¶ added in v3.4.1
func (o IdentityProviderOutput) ToIdentityProviderPtrOutput() IdentityProviderPtrOutput
func (IdentityProviderOutput) ToIdentityProviderPtrOutputWithContext ¶ added in v3.4.1
func (o IdentityProviderOutput) ToIdentityProviderPtrOutputWithContext(ctx context.Context) IdentityProviderPtrOutput
type IdentityProviderPtrInput ¶ added in v3.4.1
type IdentityProviderPtrInput interface { pulumi.Input ToIdentityProviderPtrOutput() IdentityProviderPtrOutput ToIdentityProviderPtrOutputWithContext(ctx context.Context) IdentityProviderPtrOutput }
type IdentityProviderPtrOutput ¶ added in v3.4.1
type IdentityProviderPtrOutput struct {
*pulumi.OutputState
}
func (IdentityProviderPtrOutput) ElementType ¶ added in v3.4.1
func (IdentityProviderPtrOutput) ElementType() reflect.Type
func (IdentityProviderPtrOutput) ToIdentityProviderPtrOutput ¶ added in v3.4.1
func (o IdentityProviderPtrOutput) ToIdentityProviderPtrOutput() IdentityProviderPtrOutput
func (IdentityProviderPtrOutput) ToIdentityProviderPtrOutputWithContext ¶ added in v3.4.1
func (o IdentityProviderPtrOutput) ToIdentityProviderPtrOutputWithContext(ctx context.Context) IdentityProviderPtrOutput
type IdentityProviderState ¶
type IdentityProviderState struct { // When `true`, the IDP will accept forwarded authentication requests that contain the `prompt=none` query parameter. Defaults to `false`. AcceptsPromptNoneForwardFromClient pulumi.BoolPtrInput // When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`. AddReadTokenRoleOnCreate pulumi.BoolPtrInput // The alias uniquely identifies an identity provider and it is also used to build the redirect uri. Alias pulumi.StringPtrInput // Enable/disable authenticate users by default. AuthenticateByDefault pulumi.BoolPtrInput // The Authorization Url. AuthorizationUrl pulumi.StringPtrInput // Does the external IDP support backchannel logout? Defaults to `true`. BackchannelSupported pulumi.BoolPtrInput // The client or client identifier registered within the identity provider. ClientId pulumi.StringPtrInput // The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format. ClientSecret pulumi.StringPtrInput // The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid`. DefaultScopes pulumi.StringPtrInput // When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`. DisableUserInfo pulumi.BoolPtrInput // Display name for the identity provider in the GUI. DisplayName pulumi.StringPtrInput // When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`. Enabled pulumi.BoolPtrInput ExtraConfig pulumi.MapInput // The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`. FirstBrokerLoginFlowAlias pulumi.StringPtrInput // When `true`, this provider will be hidden on the login page, and is only accessible when requested explicitly. Defaults to `false`. HideOnLoginPage pulumi.BoolPtrInput // (Computed) The unique ID that Keycloak assigns to the identity provider upon creation. InternalId pulumi.StringPtrInput // JSON Web Key Set URL. JwksUrl pulumi.StringPtrInput // When `true`, users cannot login using this provider, but their existing accounts will be linked when possible. Defaults to `false`. LinkOnly pulumi.BoolPtrInput // Pass login hint to identity provider. LoginHint pulumi.StringPtrInput // The Logout URL is the end session endpoint to use to logout user from external identity provider. LogoutUrl pulumi.StringPtrInput // The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used. PostBrokerLoginFlowAlias pulumi.StringPtrInput // The ID of the identity provider to use. Defaults to `oidc`, which should be used unless you have extended Keycloak and provided your own implementation. ProviderId pulumi.StringPtrInput // The name of the realm. This is unique across Keycloak. Realm pulumi.StringPtrInput // When `true`, tokens will be stored after authenticating users. Defaults to `true`. StoreToken pulumi.BoolPtrInput // The Token URL. TokenUrl pulumi.StringPtrInput // When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`. TrustEmail pulumi.BoolPtrInput // Pass current locale to identity provider. Defaults to `false`. UiLocales pulumi.BoolPtrInput // User Info URL. UserInfoUrl pulumi.StringPtrInput // Enable/disable signature validation of external IDP signatures. Defaults to `false`. ValidateSignature pulumi.BoolPtrInput }
func (IdentityProviderState) ElementType ¶
func (IdentityProviderState) ElementType() reflect.Type