oidc

package
v6.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2025 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type GoogleIdentityProvider 

type GoogleIdentityProvider struct {
	pulumi.CustomResourceState

	// When `true`, unauthenticated requests with `prompt=none` will be forwarded to Google instead of returning an error. Defaults to `false`.
	AcceptsPromptNoneForwardFromClient pulumi.BoolPtrOutput `pulumi:"acceptsPromptNoneForwardFromClient"`
	// When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
	AddReadTokenRoleOnCreate pulumi.BoolPtrOutput `pulumi:"addReadTokenRoleOnCreate"`
	// (Computed) The alias for the Google identity provider.
	Alias pulumi.StringOutput `pulumi:"alias"`
	// Enable/disable authenticate users by default.
	AuthenticateByDefault pulumi.BoolPtrOutput `pulumi:"authenticateByDefault"`
	// The client or client identifier registered within the identity provider.
	ClientId pulumi.StringOutput `pulumi:"clientId"`
	// The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
	ClientSecret pulumi.StringOutput `pulumi:"clientSecret"`
	// The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid profile email`.
	DefaultScopes pulumi.StringPtrOutput `pulumi:"defaultScopes"`
	// When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`.
	DisableUserInfo pulumi.BoolPtrOutput `pulumi:"disableUserInfo"`
	// (Computed) Display name for the Google identity provider in the GUI.
	DisplayName pulumi.StringOutput `pulumi:"displayName"`
	// When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`.
	Enabled     pulumi.BoolPtrOutput   `pulumi:"enabled"`
	ExtraConfig pulumi.StringMapOutput `pulumi:"extraConfig"`
	// The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.
	FirstBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"firstBrokerLoginFlowAlias"`
	// A number defining the order of this identity provider in the GUI.
	GuiOrder pulumi.StringPtrOutput `pulumi:"guiOrder"`
	// When `true`, this identity provider will be hidden on the login page. Defaults to `false`.
	HideOnLoginPage pulumi.BoolPtrOutput `pulumi:"hideOnLoginPage"`
	// Sets the "hd" query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak will validate that the returned identity token has a claim for this domain. When `*` is entered, an account from any domain can be used.
	HostedDomain pulumi.StringPtrOutput `pulumi:"hostedDomain"`
	// (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.
	InternalId pulumi.StringOutput `pulumi:"internalId"`
	// When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
	LinkOnly pulumi.BoolPtrOutput `pulumi:"linkOnly"`
	// The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
	PostBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"postBrokerLoginFlowAlias"`
	// The ID of the identity provider to use. Defaults to `google`, which should be used unless you have extended Keycloak and provided your own implementation.
	ProviderId pulumi.StringPtrOutput `pulumi:"providerId"`
	// The name of the realm. This is unique across Keycloak.
	Realm pulumi.StringOutput `pulumi:"realm"`
	// Sets the "accessType" query parameter to "offline" when redirecting to google authorization endpoint,to get a refresh token back. This is useful for using Token Exchange to retrieve a Google token to access Google APIs when the user is offline.
	RequestRefreshToken pulumi.BoolPtrOutput `pulumi:"requestRefreshToken"`
	// When `true`, tokens will be stored after authenticating users. Defaults to `true`.
	StoreToken pulumi.BoolPtrOutput `pulumi:"storeToken"`
	// The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.
	SyncMode pulumi.StringPtrOutput `pulumi:"syncMode"`
	// When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
	TrustEmail pulumi.BoolPtrOutput `pulumi:"trustEmail"`
	// Sets the "userIp" query parameter when querying Google's User Info service. This will use the user's IP address. This is useful if Google is throttling Keycloak's access to the User Info service.
	UseUserIpParam pulumi.BoolPtrOutput `pulumi:"useUserIpParam"`
}

Allows for creating and managing OIDC Identity Providers within Keycloak.

OIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = oidc.NewGoogleIdentityProvider(ctx, "google", &oidc.GoogleIdentityProviderArgs{
			Realm:        realm.ID(),
			ClientId:     pulumi.Any(googleIdentityProviderClientId),
			ClientSecret: pulumi.Any(googleIdentityProviderClientSecret),
			TrustEmail:   pulumi.Bool(true),
			HostedDomain: pulumi.String("example.com"),
			SyncMode:     pulumi.String("IMPORT"),
			ExtraConfig: pulumi.StringMap{
				"myCustomConfigKey": pulumi.String("myValue"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Google Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where idp_alias is the identity provider alias.

Example:

bash

```sh $ pulumi import keycloak:oidc/googleIdentityProvider:GoogleIdentityProvider google_identity_provider my-realm/my-google-idp ```

func GetGoogleIdentityProvider 

func GetGoogleIdentityProvider(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *GoogleIdentityProviderState, opts ...pulumi.ResourceOption) (*GoogleIdentityProvider, error)

GetGoogleIdentityProvider gets an existing GoogleIdentityProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewGoogleIdentityProvider 

func NewGoogleIdentityProvider(ctx *pulumi.Context,
	name string, args *GoogleIdentityProviderArgs, opts ...pulumi.ResourceOption) (*GoogleIdentityProvider, error)

NewGoogleIdentityProvider registers a new resource with the given unique name, arguments, and options.

func (*GoogleIdentityProvider) ElementType 

func (*GoogleIdentityProvider) ElementType() reflect.Type

func (*GoogleIdentityProvider) ToGoogleIdentityProviderOutput 

func (i *GoogleIdentityProvider) ToGoogleIdentityProviderOutput() GoogleIdentityProviderOutput

func (*GoogleIdentityProvider) ToGoogleIdentityProviderOutputWithContext 

func (i *GoogleIdentityProvider) ToGoogleIdentityProviderOutputWithContext(ctx context.Context) GoogleIdentityProviderOutput

type GoogleIdentityProviderArgs 

type GoogleIdentityProviderArgs struct {
	// When `true`, unauthenticated requests with `prompt=none` will be forwarded to Google instead of returning an error. Defaults to `false`.
	AcceptsPromptNoneForwardFromClient pulumi.BoolPtrInput
	// When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
	AddReadTokenRoleOnCreate pulumi.BoolPtrInput
	// Enable/disable authenticate users by default.
	AuthenticateByDefault pulumi.BoolPtrInput
	// The client or client identifier registered within the identity provider.
	ClientId pulumi.StringInput
	// The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
	ClientSecret pulumi.StringInput
	// The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid profile email`.
	DefaultScopes pulumi.StringPtrInput
	// When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`.
	DisableUserInfo pulumi.BoolPtrInput
	// When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`.
	Enabled     pulumi.BoolPtrInput
	ExtraConfig pulumi.StringMapInput
	// The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.
	FirstBrokerLoginFlowAlias pulumi.StringPtrInput
	// A number defining the order of this identity provider in the GUI.
	GuiOrder pulumi.StringPtrInput
	// When `true`, this identity provider will be hidden on the login page. Defaults to `false`.
	HideOnLoginPage pulumi.BoolPtrInput
	// Sets the "hd" query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak will validate that the returned identity token has a claim for this domain. When `*` is entered, an account from any domain can be used.
	HostedDomain pulumi.StringPtrInput
	// When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
	LinkOnly pulumi.BoolPtrInput
	// The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
	PostBrokerLoginFlowAlias pulumi.StringPtrInput
	// The ID of the identity provider to use. Defaults to `google`, which should be used unless you have extended Keycloak and provided your own implementation.
	ProviderId pulumi.StringPtrInput
	// The name of the realm. This is unique across Keycloak.
	Realm pulumi.StringInput
	// Sets the "accessType" query parameter to "offline" when redirecting to google authorization endpoint,to get a refresh token back. This is useful for using Token Exchange to retrieve a Google token to access Google APIs when the user is offline.
	RequestRefreshToken pulumi.BoolPtrInput
	// When `true`, tokens will be stored after authenticating users. Defaults to `true`.
	StoreToken pulumi.BoolPtrInput
	// The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.
	SyncMode pulumi.StringPtrInput
	// When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
	TrustEmail pulumi.BoolPtrInput
	// Sets the "userIp" query parameter when querying Google's User Info service. This will use the user's IP address. This is useful if Google is throttling Keycloak's access to the User Info service.
	UseUserIpParam pulumi.BoolPtrInput
}

The set of arguments for constructing a GoogleIdentityProvider resource.

func (GoogleIdentityProviderArgs) ElementType 

func (GoogleIdentityProviderArgs) ElementType() reflect.Type

type GoogleIdentityProviderArray 

type GoogleIdentityProviderArray []GoogleIdentityProviderInput

func (GoogleIdentityProviderArray) ElementType 

func (GoogleIdentityProviderArray) ElementType() reflect.Type

func (GoogleIdentityProviderArray) ToGoogleIdentityProviderArrayOutput 

func (i GoogleIdentityProviderArray) ToGoogleIdentityProviderArrayOutput() GoogleIdentityProviderArrayOutput

func (GoogleIdentityProviderArray) ToGoogleIdentityProviderArrayOutputWithContext 

func (i GoogleIdentityProviderArray) ToGoogleIdentityProviderArrayOutputWithContext(ctx context.Context) GoogleIdentityProviderArrayOutput

type GoogleIdentityProviderArrayInput 

type GoogleIdentityProviderArrayInput interface {
	pulumi.Input

	ToGoogleIdentityProviderArrayOutput() GoogleIdentityProviderArrayOutput
	ToGoogleIdentityProviderArrayOutputWithContext(context.Context) GoogleIdentityProviderArrayOutput
}

GoogleIdentityProviderArrayInput is an input type that accepts GoogleIdentityProviderArray and GoogleIdentityProviderArrayOutput values. You can construct a concrete instance of `GoogleIdentityProviderArrayInput` via: 

GoogleIdentityProviderArray{ GoogleIdentityProviderArgs{...} }

type GoogleIdentityProviderArrayOutput 

type GoogleIdentityProviderArrayOutput struct{ *pulumi.OutputState }

func (GoogleIdentityProviderArrayOutput) ElementType 

func (GoogleIdentityProviderArrayOutput) ElementType() reflect.Type

func (GoogleIdentityProviderArrayOutput) Index 

func (o GoogleIdentityProviderArrayOutput) Index(i pulumi.IntInput) GoogleIdentityProviderOutput

func (GoogleIdentityProviderArrayOutput) ToGoogleIdentityProviderArrayOutput 

func (o GoogleIdentityProviderArrayOutput) ToGoogleIdentityProviderArrayOutput() GoogleIdentityProviderArrayOutput

func (GoogleIdentityProviderArrayOutput) ToGoogleIdentityProviderArrayOutputWithContext 

func (o GoogleIdentityProviderArrayOutput) ToGoogleIdentityProviderArrayOutputWithContext(ctx context.Context) GoogleIdentityProviderArrayOutput

type GoogleIdentityProviderInput 

type GoogleIdentityProviderInput interface {
	pulumi.Input

	ToGoogleIdentityProviderOutput() GoogleIdentityProviderOutput
	ToGoogleIdentityProviderOutputWithContext(ctx context.Context) GoogleIdentityProviderOutput
}

type GoogleIdentityProviderMap 

type GoogleIdentityProviderMap map[string]GoogleIdentityProviderInput

func (GoogleIdentityProviderMap) ElementType 

func (GoogleIdentityProviderMap) ElementType() reflect.Type

func (GoogleIdentityProviderMap) ToGoogleIdentityProviderMapOutput 

func (i GoogleIdentityProviderMap) ToGoogleIdentityProviderMapOutput() GoogleIdentityProviderMapOutput

func (GoogleIdentityProviderMap) ToGoogleIdentityProviderMapOutputWithContext 

func (i GoogleIdentityProviderMap) ToGoogleIdentityProviderMapOutputWithContext(ctx context.Context) GoogleIdentityProviderMapOutput

type GoogleIdentityProviderMapInput 

type GoogleIdentityProviderMapInput interface {
	pulumi.Input

	ToGoogleIdentityProviderMapOutput() GoogleIdentityProviderMapOutput
	ToGoogleIdentityProviderMapOutputWithContext(context.Context) GoogleIdentityProviderMapOutput
}

GoogleIdentityProviderMapInput is an input type that accepts GoogleIdentityProviderMap and GoogleIdentityProviderMapOutput values. You can construct a concrete instance of `GoogleIdentityProviderMapInput` via: 

GoogleIdentityProviderMap{ "key": GoogleIdentityProviderArgs{...} }

type GoogleIdentityProviderMapOutput 

type GoogleIdentityProviderMapOutput struct{ *pulumi.OutputState }

func (GoogleIdentityProviderMapOutput) ElementType 

func (GoogleIdentityProviderMapOutput) ElementType() reflect.Type

func (GoogleIdentityProviderMapOutput) MapIndex 

func (o GoogleIdentityProviderMapOutput) MapIndex(k pulumi.StringInput) GoogleIdentityProviderOutput

func (GoogleIdentityProviderMapOutput) ToGoogleIdentityProviderMapOutput 

func (o GoogleIdentityProviderMapOutput) ToGoogleIdentityProviderMapOutput() GoogleIdentityProviderMapOutput

func (GoogleIdentityProviderMapOutput) ToGoogleIdentityProviderMapOutputWithContext 

func (o GoogleIdentityProviderMapOutput) ToGoogleIdentityProviderMapOutputWithContext(ctx context.Context) GoogleIdentityProviderMapOutput

type GoogleIdentityProviderOutput 

type GoogleIdentityProviderOutput struct{ *pulumi.OutputState }

func (GoogleIdentityProviderOutput) AcceptsPromptNoneForwardFromClient 

func (o GoogleIdentityProviderOutput) AcceptsPromptNoneForwardFromClient() pulumi.BoolPtrOutput

When `true`, unauthenticated requests with `prompt=none` will be forwarded to Google instead of returning an error. Defaults to `false`.

func (GoogleIdentityProviderOutput) AddReadTokenRoleOnCreate 

func (o GoogleIdentityProviderOutput) AddReadTokenRoleOnCreate() pulumi.BoolPtrOutput

When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.

func (GoogleIdentityProviderOutput) Alias 

func (o GoogleIdentityProviderOutput) Alias() pulumi.StringOutput

(Computed) The alias for the Google identity provider.

func (GoogleIdentityProviderOutput) AuthenticateByDefault 

func (o GoogleIdentityProviderOutput) AuthenticateByDefault() pulumi.BoolPtrOutput

Enable/disable authenticate users by default.

func (GoogleIdentityProviderOutput) ClientId 

func (o GoogleIdentityProviderOutput) ClientId() pulumi.StringOutput

The client or client identifier registered within the identity provider.

func (GoogleIdentityProviderOutput) ClientSecret 

func (o GoogleIdentityProviderOutput) ClientSecret() pulumi.StringOutput

The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.

func (GoogleIdentityProviderOutput) DefaultScopes 

func (o GoogleIdentityProviderOutput) DefaultScopes() pulumi.StringPtrOutput

The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid profile email`.

func (GoogleIdentityProviderOutput) DisableUserInfo 

func (o GoogleIdentityProviderOutput) DisableUserInfo() pulumi.BoolPtrOutput

When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`.

func (GoogleIdentityProviderOutput) DisplayName 

func (o GoogleIdentityProviderOutput) DisplayName() pulumi.StringOutput

(Computed) Display name for the Google identity provider in the GUI.

func (GoogleIdentityProviderOutput) ElementType 

func (GoogleIdentityProviderOutput) ElementType() reflect.Type

func (GoogleIdentityProviderOutput) Enabled 

func (o GoogleIdentityProviderOutput) Enabled() pulumi.BoolPtrOutput

When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`.

func (GoogleIdentityProviderOutput) ExtraConfig 

func (o GoogleIdentityProviderOutput) ExtraConfig() pulumi.StringMapOutput

func (GoogleIdentityProviderOutput) FirstBrokerLoginFlowAlias 

func (o GoogleIdentityProviderOutput) FirstBrokerLoginFlowAlias() pulumi.StringPtrOutput

The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.

func (GoogleIdentityProviderOutput) GuiOrder 

func (o GoogleIdentityProviderOutput) GuiOrder() pulumi.StringPtrOutput

A number defining the order of this identity provider in the GUI.

func (GoogleIdentityProviderOutput) HideOnLoginPage 

func (o GoogleIdentityProviderOutput) HideOnLoginPage() pulumi.BoolPtrOutput

When `true`, this identity provider will be hidden on the login page. Defaults to `false`.

func (GoogleIdentityProviderOutput) HostedDomain 

func (o GoogleIdentityProviderOutput) HostedDomain() pulumi.StringPtrOutput

Sets the "hd" query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak will validate that the returned identity token has a claim for this domain. When `*` is entered, an account from any domain can be used.

func (GoogleIdentityProviderOutput) InternalId 

func (o GoogleIdentityProviderOutput) InternalId() pulumi.StringOutput

(Computed) The unique ID that Keycloak assigns to the identity provider upon creation.

func (GoogleIdentityProviderOutput) LinkOnly 

func (o GoogleIdentityProviderOutput) LinkOnly() pulumi.BoolPtrOutput

When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.

func (GoogleIdentityProviderOutput) PostBrokerLoginFlowAlias 

func (o GoogleIdentityProviderOutput) PostBrokerLoginFlowAlias() pulumi.StringPtrOutput

The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.

func (GoogleIdentityProviderOutput) ProviderId 

func (o GoogleIdentityProviderOutput) ProviderId() pulumi.StringPtrOutput

The ID of the identity provider to use. Defaults to `google`, which should be used unless you have extended Keycloak and provided your own implementation.

func (GoogleIdentityProviderOutput) Realm 

func (o GoogleIdentityProviderOutput) Realm() pulumi.StringOutput

The name of the realm. This is unique across Keycloak.

func (GoogleIdentityProviderOutput) RequestRefreshToken 

func (o GoogleIdentityProviderOutput) RequestRefreshToken() pulumi.BoolPtrOutput

Sets the "accessType" query parameter to "offline" when redirecting to google authorization endpoint,to get a refresh token back. This is useful for using Token Exchange to retrieve a Google token to access Google APIs when the user is offline.

func (GoogleIdentityProviderOutput) StoreToken 

func (o GoogleIdentityProviderOutput) StoreToken() pulumi.BoolPtrOutput

When `true`, tokens will be stored after authenticating users. Defaults to `true`.

func (GoogleIdentityProviderOutput) SyncMode 

func (o GoogleIdentityProviderOutput) SyncMode() pulumi.StringPtrOutput

The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.

func (GoogleIdentityProviderOutput) ToGoogleIdentityProviderOutput 

func (o GoogleIdentityProviderOutput) ToGoogleIdentityProviderOutput() GoogleIdentityProviderOutput

func (GoogleIdentityProviderOutput) ToGoogleIdentityProviderOutputWithContext 

func (o GoogleIdentityProviderOutput) ToGoogleIdentityProviderOutputWithContext(ctx context.Context) GoogleIdentityProviderOutput

func (GoogleIdentityProviderOutput) TrustEmail 

func (o GoogleIdentityProviderOutput) TrustEmail() pulumi.BoolPtrOutput

When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.

func (GoogleIdentityProviderOutput) UseUserIpParam 

func (o GoogleIdentityProviderOutput) UseUserIpParam() pulumi.BoolPtrOutput

Sets the "userIp" query parameter when querying Google's User Info service. This will use the user's IP address. This is useful if Google is throttling Keycloak's access to the User Info service.

type GoogleIdentityProviderState 

type GoogleIdentityProviderState struct {
	// When `true`, unauthenticated requests with `prompt=none` will be forwarded to Google instead of returning an error. Defaults to `false`.
	AcceptsPromptNoneForwardFromClient pulumi.BoolPtrInput
	// When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
	AddReadTokenRoleOnCreate pulumi.BoolPtrInput
	// (Computed) The alias for the Google identity provider.
	Alias pulumi.StringPtrInput
	// Enable/disable authenticate users by default.
	AuthenticateByDefault pulumi.BoolPtrInput
	// The client or client identifier registered within the identity provider.
	ClientId pulumi.StringPtrInput
	// The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
	ClientSecret pulumi.StringPtrInput
	// The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid profile email`.
	DefaultScopes pulumi.StringPtrInput
	// When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`.
	DisableUserInfo pulumi.BoolPtrInput
	// (Computed) Display name for the Google identity provider in the GUI.
	DisplayName pulumi.StringPtrInput
	// When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`.
	Enabled     pulumi.BoolPtrInput
	ExtraConfig pulumi.StringMapInput
	// The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.
	FirstBrokerLoginFlowAlias pulumi.StringPtrInput
	// A number defining the order of this identity provider in the GUI.
	GuiOrder pulumi.StringPtrInput
	// When `true`, this identity provider will be hidden on the login page. Defaults to `false`.
	HideOnLoginPage pulumi.BoolPtrInput
	// Sets the "hd" query parameter when logging in with Google. Google will only list accounts for this domain. Keycloak will validate that the returned identity token has a claim for this domain. When `*` is entered, an account from any domain can be used.
	HostedDomain pulumi.StringPtrInput
	// (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.
	InternalId pulumi.StringPtrInput
	// When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
	LinkOnly pulumi.BoolPtrInput
	// The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
	PostBrokerLoginFlowAlias pulumi.StringPtrInput
	// The ID of the identity provider to use. Defaults to `google`, which should be used unless you have extended Keycloak and provided your own implementation.
	ProviderId pulumi.StringPtrInput
	// The name of the realm. This is unique across Keycloak.
	Realm pulumi.StringPtrInput
	// Sets the "accessType" query parameter to "offline" when redirecting to google authorization endpoint,to get a refresh token back. This is useful for using Token Exchange to retrieve a Google token to access Google APIs when the user is offline.
	RequestRefreshToken pulumi.BoolPtrInput
	// When `true`, tokens will be stored after authenticating users. Defaults to `true`.
	StoreToken pulumi.BoolPtrInput
	// The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.
	SyncMode pulumi.StringPtrInput
	// When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
	TrustEmail pulumi.BoolPtrInput
	// Sets the "userIp" query parameter when querying Google's User Info service. This will use the user's IP address. This is useful if Google is throttling Keycloak's access to the User Info service.
	UseUserIpParam pulumi.BoolPtrInput
}

func (GoogleIdentityProviderState) ElementType 

func (GoogleIdentityProviderState) ElementType() reflect.Type

type IdentityProvider 

type IdentityProvider struct {
	pulumi.CustomResourceState

	// When `true`, the IDP will accept forwarded authentication requests that contain the `prompt=none` query parameter. Defaults to `false`.
	AcceptsPromptNoneForwardFromClient pulumi.BoolPtrOutput `pulumi:"acceptsPromptNoneForwardFromClient"`
	// When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
	AddReadTokenRoleOnCreate pulumi.BoolPtrOutput `pulumi:"addReadTokenRoleOnCreate"`
	// The alias uniquely identifies an identity provider, and it is also used to build the redirect uri.
	Alias pulumi.StringOutput `pulumi:"alias"`
	// Enable/disable authenticate users by default.
	AuthenticateByDefault pulumi.BoolPtrOutput `pulumi:"authenticateByDefault"`
	// The Authorization Url.
	AuthorizationUrl pulumi.StringOutput `pulumi:"authorizationUrl"`
	// Does the external IDP support backchannel logout? Defaults to `true`.
	BackchannelSupported pulumi.BoolPtrOutput `pulumi:"backchannelSupported"`
	// The client or client identifier registered within the identity provider.
	ClientId pulumi.StringOutput `pulumi:"clientId"`
	// The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
	ClientSecret pulumi.StringOutput `pulumi:"clientSecret"`
	// The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid`.
	DefaultScopes pulumi.StringPtrOutput `pulumi:"defaultScopes"`
	// When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`.
	DisableUserInfo pulumi.BoolPtrOutput `pulumi:"disableUserInfo"`
	// Display name for the identity provider in the GUI.
	DisplayName pulumi.StringPtrOutput `pulumi:"displayName"`
	// When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`.
	Enabled     pulumi.BoolPtrOutput   `pulumi:"enabled"`
	ExtraConfig pulumi.StringMapOutput `pulumi:"extraConfig"`
	// The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.
	FirstBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"firstBrokerLoginFlowAlias"`
	// A number defining the order of this identity provider in the GUI.
	GuiOrder pulumi.StringPtrOutput `pulumi:"guiOrder"`
	// When `true`, this provider will be hidden on the login page, and is only accessible when requested explicitly. Defaults to `false`.
	HideOnLoginPage pulumi.BoolPtrOutput `pulumi:"hideOnLoginPage"`
	// (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.
	InternalId pulumi.StringOutput `pulumi:"internalId"`
	// The issuer identifier for the issuer of the response. If not provided, no validation will be performed.
	Issuer pulumi.StringPtrOutput `pulumi:"issuer"`
	// JSON Web Key Set URL.
	JwksUrl pulumi.StringPtrOutput `pulumi:"jwksUrl"`
	// When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
	LinkOnly pulumi.BoolPtrOutput `pulumi:"linkOnly"`
	// Pass login hint to identity provider.
	LoginHint pulumi.StringPtrOutput `pulumi:"loginHint"`
	// The Logout URL is the end session endpoint to use to sign-out the user from external identity provider.
	LogoutUrl pulumi.StringPtrOutput `pulumi:"logoutUrl"`
	// The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
	PostBrokerLoginFlowAlias pulumi.StringPtrOutput `pulumi:"postBrokerLoginFlowAlias"`
	// The ID of the identity provider to use. Defaults to `oidc`, which should be used unless you have extended Keycloak and provided your own implementation.
	ProviderId pulumi.StringPtrOutput `pulumi:"providerId"`
	// The name of the realm. This is unique across Keycloak.
	Realm pulumi.StringOutput `pulumi:"realm"`
	// When `true`, tokens will be stored after authenticating users. Defaults to `true`.
	StoreToken pulumi.BoolPtrOutput `pulumi:"storeToken"`
	// The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.
	SyncMode pulumi.StringPtrOutput `pulumi:"syncMode"`
	// The Token URL.
	TokenUrl pulumi.StringOutput `pulumi:"tokenUrl"`
	// When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
	TrustEmail pulumi.BoolPtrOutput `pulumi:"trustEmail"`
	// Pass current locale to identity provider. Defaults to `false`.
	UiLocales pulumi.BoolPtrOutput `pulumi:"uiLocales"`
	// User Info URL.
	UserInfoUrl pulumi.StringPtrOutput `pulumi:"userInfoUrl"`
	// Enable/disable signature validation of external IDP signatures. Defaults to `false`.
	ValidateSignature pulumi.BoolPtrOutput `pulumi:"validateSignature"`
}

Allows for creating and managing OIDC Identity Providers within Keycloak.

OIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/oidc"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = oidc.NewIdentityProvider(ctx, "realm_identity_provider", &oidc.IdentityProviderArgs{
			Realm:            realm.ID(),
			Alias:            pulumi.String("my-idp"),
			AuthorizationUrl: pulumi.String("https://authorizationurl.com"),
			ClientId:         pulumi.String("clientID"),
			ClientSecret:     pulumi.String("clientSecret"),
			TokenUrl:         pulumi.String("https://tokenurl.com"),
			ExtraConfig: pulumi.StringMap{
				"clientAuthMethod": pulumi.String("client_secret_post"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Identity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias.

Example:

bash

```sh $ pulumi import keycloak:oidc/identityProvider:IdentityProvider realm_identity_provider my-realm/my-idp ```

func GetIdentityProvider 

func GetIdentityProvider(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *IdentityProviderState, opts ...pulumi.ResourceOption) (*IdentityProvider, error)

GetIdentityProvider gets an existing IdentityProvider resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewIdentityProvider 

func NewIdentityProvider(ctx *pulumi.Context,
	name string, args *IdentityProviderArgs, opts ...pulumi.ResourceOption) (*IdentityProvider, error)

NewIdentityProvider registers a new resource with the given unique name, arguments, and options.

func (*IdentityProvider) ElementType 

func (*IdentityProvider) ElementType() reflect.Type

func (*IdentityProvider) ToIdentityProviderOutput 

func (i *IdentityProvider) ToIdentityProviderOutput() IdentityProviderOutput

func (*IdentityProvider) ToIdentityProviderOutputWithContext 

func (i *IdentityProvider) ToIdentityProviderOutputWithContext(ctx context.Context) IdentityProviderOutput

type IdentityProviderArgs 

type IdentityProviderArgs struct {
	// When `true`, the IDP will accept forwarded authentication requests that contain the `prompt=none` query parameter. Defaults to `false`.
	AcceptsPromptNoneForwardFromClient pulumi.BoolPtrInput
	// When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
	AddReadTokenRoleOnCreate pulumi.BoolPtrInput
	// The alias uniquely identifies an identity provider, and it is also used to build the redirect uri.
	Alias pulumi.StringInput
	// Enable/disable authenticate users by default.
	AuthenticateByDefault pulumi.BoolPtrInput
	// The Authorization Url.
	AuthorizationUrl pulumi.StringInput
	// Does the external IDP support backchannel logout? Defaults to `true`.
	BackchannelSupported pulumi.BoolPtrInput
	// The client or client identifier registered within the identity provider.
	ClientId pulumi.StringInput
	// The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
	ClientSecret pulumi.StringInput
	// The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid`.
	DefaultScopes pulumi.StringPtrInput
	// When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`.
	DisableUserInfo pulumi.BoolPtrInput
	// Display name for the identity provider in the GUI.
	DisplayName pulumi.StringPtrInput
	// When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`.
	Enabled     pulumi.BoolPtrInput
	ExtraConfig pulumi.StringMapInput
	// The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.
	FirstBrokerLoginFlowAlias pulumi.StringPtrInput
	// A number defining the order of this identity provider in the GUI.
	GuiOrder pulumi.StringPtrInput
	// When `true`, this provider will be hidden on the login page, and is only accessible when requested explicitly. Defaults to `false`.
	HideOnLoginPage pulumi.BoolPtrInput
	// The issuer identifier for the issuer of the response. If not provided, no validation will be performed.
	Issuer pulumi.StringPtrInput
	// JSON Web Key Set URL.
	JwksUrl pulumi.StringPtrInput
	// When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
	LinkOnly pulumi.BoolPtrInput
	// Pass login hint to identity provider.
	LoginHint pulumi.StringPtrInput
	// The Logout URL is the end session endpoint to use to sign-out the user from external identity provider.
	LogoutUrl pulumi.StringPtrInput
	// The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
	PostBrokerLoginFlowAlias pulumi.StringPtrInput
	// The ID of the identity provider to use. Defaults to `oidc`, which should be used unless you have extended Keycloak and provided your own implementation.
	ProviderId pulumi.StringPtrInput
	// The name of the realm. This is unique across Keycloak.
	Realm pulumi.StringInput
	// When `true`, tokens will be stored after authenticating users. Defaults to `true`.
	StoreToken pulumi.BoolPtrInput
	// The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.
	SyncMode pulumi.StringPtrInput
	// The Token URL.
	TokenUrl pulumi.StringInput
	// When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
	TrustEmail pulumi.BoolPtrInput
	// Pass current locale to identity provider. Defaults to `false`.
	UiLocales pulumi.BoolPtrInput
	// User Info URL.
	UserInfoUrl pulumi.StringPtrInput
	// Enable/disable signature validation of external IDP signatures. Defaults to `false`.
	ValidateSignature pulumi.BoolPtrInput
}

The set of arguments for constructing a IdentityProvider resource.

func (IdentityProviderArgs) ElementType 

func (IdentityProviderArgs) ElementType() reflect.Type

type IdentityProviderArray 

type IdentityProviderArray []IdentityProviderInput

func (IdentityProviderArray) ElementType 

func (IdentityProviderArray) ElementType() reflect.Type

func (IdentityProviderArray) ToIdentityProviderArrayOutput 

func (i IdentityProviderArray) ToIdentityProviderArrayOutput() IdentityProviderArrayOutput

func (IdentityProviderArray) ToIdentityProviderArrayOutputWithContext 

func (i IdentityProviderArray) ToIdentityProviderArrayOutputWithContext(ctx context.Context) IdentityProviderArrayOutput

type IdentityProviderArrayInput 

type IdentityProviderArrayInput interface {
	pulumi.Input

	ToIdentityProviderArrayOutput() IdentityProviderArrayOutput
	ToIdentityProviderArrayOutputWithContext(context.Context) IdentityProviderArrayOutput
}

IdentityProviderArrayInput is an input type that accepts IdentityProviderArray and IdentityProviderArrayOutput values. You can construct a concrete instance of `IdentityProviderArrayInput` via: 

IdentityProviderArray{ IdentityProviderArgs{...} }

type IdentityProviderArrayOutput 

type IdentityProviderArrayOutput struct{ *pulumi.OutputState }

func (IdentityProviderArrayOutput) ElementType 

func (IdentityProviderArrayOutput) ElementType() reflect.Type

func (IdentityProviderArrayOutput) Index 

func (o IdentityProviderArrayOutput) Index(i pulumi.IntInput) IdentityProviderOutput

func (IdentityProviderArrayOutput) ToIdentityProviderArrayOutput 

func (o IdentityProviderArrayOutput) ToIdentityProviderArrayOutput() IdentityProviderArrayOutput

func (IdentityProviderArrayOutput) ToIdentityProviderArrayOutputWithContext 

func (o IdentityProviderArrayOutput) ToIdentityProviderArrayOutputWithContext(ctx context.Context) IdentityProviderArrayOutput

type IdentityProviderInput 

type IdentityProviderInput interface {
	pulumi.Input

	ToIdentityProviderOutput() IdentityProviderOutput
	ToIdentityProviderOutputWithContext(ctx context.Context) IdentityProviderOutput
}

type IdentityProviderMap 

type IdentityProviderMap map[string]IdentityProviderInput

func (IdentityProviderMap) ElementType 

func (IdentityProviderMap) ElementType() reflect.Type

func (IdentityProviderMap) ToIdentityProviderMapOutput 

func (i IdentityProviderMap) ToIdentityProviderMapOutput() IdentityProviderMapOutput

func (IdentityProviderMap) ToIdentityProviderMapOutputWithContext 

func (i IdentityProviderMap) ToIdentityProviderMapOutputWithContext(ctx context.Context) IdentityProviderMapOutput

type IdentityProviderMapInput 

type IdentityProviderMapInput interface {
	pulumi.Input

	ToIdentityProviderMapOutput() IdentityProviderMapOutput
	ToIdentityProviderMapOutputWithContext(context.Context) IdentityProviderMapOutput
}

IdentityProviderMapInput is an input type that accepts IdentityProviderMap and IdentityProviderMapOutput values. You can construct a concrete instance of `IdentityProviderMapInput` via: 

IdentityProviderMap{ "key": IdentityProviderArgs{...} }

type IdentityProviderMapOutput 

type IdentityProviderMapOutput struct{ *pulumi.OutputState }

func (IdentityProviderMapOutput) ElementType 

func (IdentityProviderMapOutput) ElementType() reflect.Type

func (IdentityProviderMapOutput) MapIndex 

func (o IdentityProviderMapOutput) MapIndex(k pulumi.StringInput) IdentityProviderOutput

func (IdentityProviderMapOutput) ToIdentityProviderMapOutput 

func (o IdentityProviderMapOutput) ToIdentityProviderMapOutput() IdentityProviderMapOutput

func (IdentityProviderMapOutput) ToIdentityProviderMapOutputWithContext 

func (o IdentityProviderMapOutput) ToIdentityProviderMapOutputWithContext(ctx context.Context) IdentityProviderMapOutput

type IdentityProviderOutput 

type IdentityProviderOutput struct{ *pulumi.OutputState }

func (IdentityProviderOutput) AcceptsPromptNoneForwardFromClient 

func (o IdentityProviderOutput) AcceptsPromptNoneForwardFromClient() pulumi.BoolPtrOutput

When `true`, the IDP will accept forwarded authentication requests that contain the `prompt=none` query parameter. Defaults to `false`.

func (IdentityProviderOutput) AddReadTokenRoleOnCreate 

func (o IdentityProviderOutput) AddReadTokenRoleOnCreate() pulumi.BoolPtrOutput

When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.

func (IdentityProviderOutput) Alias 

func (o IdentityProviderOutput) Alias() pulumi.StringOutput

The alias uniquely identifies an identity provider, and it is also used to build the redirect uri.

func (IdentityProviderOutput) AuthenticateByDefault 

func (o IdentityProviderOutput) AuthenticateByDefault() pulumi.BoolPtrOutput

Enable/disable authenticate users by default.

func (IdentityProviderOutput) AuthorizationUrl 

func (o IdentityProviderOutput) AuthorizationUrl() pulumi.StringOutput

The Authorization Url.

func (IdentityProviderOutput) BackchannelSupported 

func (o IdentityProviderOutput) BackchannelSupported() pulumi.BoolPtrOutput

Does the external IDP support backchannel logout? Defaults to `true`.

func (IdentityProviderOutput) ClientId 

func (o IdentityProviderOutput) ClientId() pulumi.StringOutput

The client or client identifier registered within the identity provider.

func (IdentityProviderOutput) ClientSecret 

func (o IdentityProviderOutput) ClientSecret() pulumi.StringOutput

The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.

func (IdentityProviderOutput) DefaultScopes 

func (o IdentityProviderOutput) DefaultScopes() pulumi.StringPtrOutput

The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid`.

func (IdentityProviderOutput) DisableUserInfo 

func (o IdentityProviderOutput) DisableUserInfo() pulumi.BoolPtrOutput

When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`.

func (IdentityProviderOutput) DisplayName 

func (o IdentityProviderOutput) DisplayName() pulumi.StringPtrOutput

Display name for the identity provider in the GUI.

func (IdentityProviderOutput) ElementType 

func (IdentityProviderOutput) ElementType() reflect.Type

func (IdentityProviderOutput) Enabled 

func (o IdentityProviderOutput) Enabled() pulumi.BoolPtrOutput

When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`.

func (IdentityProviderOutput) ExtraConfig 

func (o IdentityProviderOutput) ExtraConfig() pulumi.StringMapOutput

func (IdentityProviderOutput) FirstBrokerLoginFlowAlias 

func (o IdentityProviderOutput) FirstBrokerLoginFlowAlias() pulumi.StringPtrOutput

The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.

func (IdentityProviderOutput) GuiOrder 

func (o IdentityProviderOutput) GuiOrder() pulumi.StringPtrOutput

A number defining the order of this identity provider in the GUI.

func (IdentityProviderOutput) HideOnLoginPage 

func (o IdentityProviderOutput) HideOnLoginPage() pulumi.BoolPtrOutput

When `true`, this provider will be hidden on the login page, and is only accessible when requested explicitly. Defaults to `false`.

func (IdentityProviderOutput) InternalId 

func (o IdentityProviderOutput) InternalId() pulumi.StringOutput

(Computed) The unique ID that Keycloak assigns to the identity provider upon creation.

func (IdentityProviderOutput) Issuer 

func (o IdentityProviderOutput) Issuer() pulumi.StringPtrOutput

The issuer identifier for the issuer of the response. If not provided, no validation will be performed.

func (IdentityProviderOutput) JwksUrl 

func (o IdentityProviderOutput) JwksUrl() pulumi.StringPtrOutput

JSON Web Key Set URL.

func (IdentityProviderOutput) LinkOnly 

func (o IdentityProviderOutput) LinkOnly() pulumi.BoolPtrOutput

When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.

func (IdentityProviderOutput) LoginHint 

func (o IdentityProviderOutput) LoginHint() pulumi.StringPtrOutput

Pass login hint to identity provider.

func (IdentityProviderOutput) LogoutUrl 

func (o IdentityProviderOutput) LogoutUrl() pulumi.StringPtrOutput

The Logout URL is the end session endpoint to use to sign-out the user from external identity provider.

func (IdentityProviderOutput) PostBrokerLoginFlowAlias 

func (o IdentityProviderOutput) PostBrokerLoginFlowAlias() pulumi.StringPtrOutput

The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.

func (IdentityProviderOutput) ProviderId 

func (o IdentityProviderOutput) ProviderId() pulumi.StringPtrOutput

The ID of the identity provider to use. Defaults to `oidc`, which should be used unless you have extended Keycloak and provided your own implementation.

func (IdentityProviderOutput) Realm 

func (o IdentityProviderOutput) Realm() pulumi.StringOutput

The name of the realm. This is unique across Keycloak.

func (IdentityProviderOutput) StoreToken 

func (o IdentityProviderOutput) StoreToken() pulumi.BoolPtrOutput

When `true`, tokens will be stored after authenticating users. Defaults to `true`.

func (IdentityProviderOutput) SyncMode 

func (o IdentityProviderOutput) SyncMode() pulumi.StringPtrOutput

The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.

func (IdentityProviderOutput) ToIdentityProviderOutput 

func (o IdentityProviderOutput) ToIdentityProviderOutput() IdentityProviderOutput

func (IdentityProviderOutput) ToIdentityProviderOutputWithContext 

func (o IdentityProviderOutput) ToIdentityProviderOutputWithContext(ctx context.Context) IdentityProviderOutput

func (IdentityProviderOutput) TokenUrl 

func (o IdentityProviderOutput) TokenUrl() pulumi.StringOutput

The Token URL.

func (IdentityProviderOutput) TrustEmail 

func (o IdentityProviderOutput) TrustEmail() pulumi.BoolPtrOutput

When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.

func (IdentityProviderOutput) UiLocales 

func (o IdentityProviderOutput) UiLocales() pulumi.BoolPtrOutput

Pass current locale to identity provider. Defaults to `false`.

func (IdentityProviderOutput) UserInfoUrl 

func (o IdentityProviderOutput) UserInfoUrl() pulumi.StringPtrOutput

User Info URL.

func (IdentityProviderOutput) ValidateSignature 

func (o IdentityProviderOutput) ValidateSignature() pulumi.BoolPtrOutput

Enable/disable signature validation of external IDP signatures. Defaults to `false`.

type IdentityProviderState 

type IdentityProviderState struct {
	// When `true`, the IDP will accept forwarded authentication requests that contain the `prompt=none` query parameter. Defaults to `false`.
	AcceptsPromptNoneForwardFromClient pulumi.BoolPtrInput
	// When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
	AddReadTokenRoleOnCreate pulumi.BoolPtrInput
	// The alias uniquely identifies an identity provider, and it is also used to build the redirect uri.
	Alias pulumi.StringPtrInput
	// Enable/disable authenticate users by default.
	AuthenticateByDefault pulumi.BoolPtrInput
	// The Authorization Url.
	AuthorizationUrl pulumi.StringPtrInput
	// Does the external IDP support backchannel logout? Defaults to `true`.
	BackchannelSupported pulumi.BoolPtrInput
	// The client or client identifier registered within the identity provider.
	ClientId pulumi.StringPtrInput
	// The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
	ClientSecret pulumi.StringPtrInput
	// The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid`.
	DefaultScopes pulumi.StringPtrInput
	// When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`.
	DisableUserInfo pulumi.BoolPtrInput
	// Display name for the identity provider in the GUI.
	DisplayName pulumi.StringPtrInput
	// When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`.
	Enabled     pulumi.BoolPtrInput
	ExtraConfig pulumi.StringMapInput
	// The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.
	FirstBrokerLoginFlowAlias pulumi.StringPtrInput
	// A number defining the order of this identity provider in the GUI.
	GuiOrder pulumi.StringPtrInput
	// When `true`, this provider will be hidden on the login page, and is only accessible when requested explicitly. Defaults to `false`.
	HideOnLoginPage pulumi.BoolPtrInput
	// (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.
	InternalId pulumi.StringPtrInput
	// The issuer identifier for the issuer of the response. If not provided, no validation will be performed.
	Issuer pulumi.StringPtrInput
	// JSON Web Key Set URL.
	JwksUrl pulumi.StringPtrInput
	// When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
	LinkOnly pulumi.BoolPtrInput
	// Pass login hint to identity provider.
	LoginHint pulumi.StringPtrInput
	// The Logout URL is the end session endpoint to use to sign-out the user from external identity provider.
	LogoutUrl pulumi.StringPtrInput
	// The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
	PostBrokerLoginFlowAlias pulumi.StringPtrInput
	// The ID of the identity provider to use. Defaults to `oidc`, which should be used unless you have extended Keycloak and provided your own implementation.
	ProviderId pulumi.StringPtrInput
	// The name of the realm. This is unique across Keycloak.
	Realm pulumi.StringPtrInput
	// When `true`, tokens will be stored after authenticating users. Defaults to `true`.
	StoreToken pulumi.BoolPtrInput
	// The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.
	SyncMode pulumi.StringPtrInput
	// The Token URL.
	TokenUrl pulumi.StringPtrInput
	// When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
	TrustEmail pulumi.BoolPtrInput
	// Pass current locale to identity provider. Defaults to `false`.
	UiLocales pulumi.BoolPtrInput
	// User Info URL.
	UserInfoUrl pulumi.StringPtrInput
	// Enable/disable signature validation of external IDP signatures. Defaults to `false`.
	ValidateSignature pulumi.BoolPtrInput
}

func (IdentityProviderState) ElementType 

func (IdentityProviderState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.