import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * With this resource, you can set up applications that use Auth0 for authentication and configure allowed callback URLs and secrets for these applications. * * ## Import * * This resource can be imported by specifying the client ID. * * Example: * * ```sh * $ pulumi import auth0:index/client:Client my_client "AaiyAPdpYdesoKnqjj8HJqRn4T5titww" * ``` */ export declare class Client extends pulumi.CustomResource { /** * Get an existing Client resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ClientState, opts?: pulumi.CustomResourceOptions): Client; /** * Returns true if the given object is an instance of Client. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Client; /** * Addons enabled for this client and their associated configurations. */ readonly addons: pulumi.Output; /** * List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed. */ readonly allowedClients: pulumi.Output; /** * URLs that Auth0 may redirect to after logout. */ readonly allowedLogoutUrls: pulumi.Output; /** * URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed. */ readonly allowedOrigins: pulumi.Output; /** * Type of application the client represents. Possible values are: `native`, `spa`, `regularWeb`, `nonInteractive`, `resourceServer`,`ssoIntegration`. Specific SSO integrations types accepted as well are: `rms`, `box`, `cloudbees`, `concur`, `dropbox`, `mscrm`, `echosign`, `egnyte`, `newrelic`, `office365`, `salesforce`, `sentry`, `sharepoint`, `slack`, `springcm`, `zendesk`, `zoom`. */ readonly appType: pulumi.Output; /** * List of notification channels enabled for CIBA (Client-Initiated Backchannel Authentication) requests initiated by this client. Valid values are `guardian-push` and `email`. The order is significant as this is the order in which notification channels will be evaluated. Defaults to `["guardian-push"]` if not specified. */ readonly asyncApprovalNotificationChannels: pulumi.Output; /** * URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://. */ readonly callbacks: pulumi.Output; /** * List of audiences/realms for SAML protocol. Used by the wsfed addon. */ readonly clientAliases: pulumi.Output; /** * The ID of the client. */ readonly clientId: pulumi.Output; /** * Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: `:,-+=_*?"/\()<>@ [Tab] [Space]`. */ readonly clientMetadata: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Defines the compliance level for this client, which may restrict it's capabilities. Can be one of `none`, `fapi1AdvPkjPar`, `fapi1AdvMtlsPar`. */ readonly complianceLevel: pulumi.Output; /** * Whether this client can be used to make cross-origin authentication requests (`true`) or it is not allowed to make such requests (`false`). */ readonly crossOriginAuth: pulumi.Output; /** * URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page. */ readonly crossOriginLoc: pulumi.Output; /** * The content (HTML, CSS, JS) of the custom login page. */ readonly customLoginPage: pulumi.Output; /** * Indicates whether a custom login page is to be used. */ readonly customLoginPageOn: pulumi.Output; /** * Configure and associate an organization with the Client */ readonly defaultOrganization: pulumi.Output; /** * Description of the purpose of the client. */ readonly description: pulumi.Output; /** * Encryption used for WS-Fed responses with this client. */ readonly encryptionKey: pulumi.Output<{ [key: string]: string; } | undefined>; /** * HTML form template to be used for WS-Federation. */ readonly formTemplate: pulumi.Output; /** * Types of grants that this client is authorized to use. */ readonly grantTypes: pulumi.Output; /** * Initiate login URI. Must be HTTPS or an empty string. */ readonly initiateLoginUri: pulumi.Output; /** * Indicates whether this client is a first-party client.Defaults to true from the API */ readonly isFirstParty: pulumi.Output; /** * Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to `clientSecretPost` or `clientSecretBasic`. Setting this property when creating the resource, will default the authentication method to `clientSecretPost`. To change the authentication method to `clientSecretBasic` use the `auth0.ClientCredentials` resource. */ readonly isTokenEndpointIpHeaderTrusted: pulumi.Output; /** * Configuration settings for the JWTs issued for this client. */ readonly jwtConfiguration: pulumi.Output; /** * URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown. */ readonly logoUri: pulumi.Output; /** * Additional configuration for native mobile apps. */ readonly mobile: pulumi.Output; /** * Name of the client. */ readonly name: pulumi.Output; /** * Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to `false` in order to change the `appType`. */ readonly nativeSocialLogin: pulumi.Output; /** * Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed. * * @deprecated This resource is deprecated and will be removed in the next major version. Please use `oidcLogout` for managing OIDC backchannel logout URLs. */ readonly oidcBackchannelLogoutUrls: pulumi.Output; /** * Indicates whether this client will conform to strict OIDC specifications. */ readonly oidcConformant: pulumi.Output; /** * Configure OIDC logout for the Client */ readonly oidcLogout: pulumi.Output; /** * Methods for discovering organizations during the pre*login*prompt. Can include `email` (allows users to find their organization by entering their email address) and/or `organizationName` (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that `organizationRequireBehavior` is set to `preLoginPrompt`. */ readonly organizationDiscoveryMethods: pulumi.Output; /** * Defines how to proceed during an authentication transaction when `organizationUsage = "require"`. Can be `noPrompt` (default), `preLoginPrompt` or `postLoginPrompt`. */ readonly organizationRequireBehavior: pulumi.Output; /** * Defines how to proceed during an authentication transaction with regards to an organization. Can be `deny` (default), `allow` or `require`. */ readonly organizationUsage: pulumi.Output; /** * Configuration settings for the refresh tokens issued for this client. */ readonly refreshToken: pulumi.Output; /** * Makes the use of Proof-of-Possession mandatory for this client. */ readonly requireProofOfPossession: pulumi.Output; /** * Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it. */ readonly requirePushedAuthorizationRequests: pulumi.Output; /** * The identifier of a resource server that client is associated withThis property can be sent only when app*type=resource*server.This property can not be changed, once the client is created. */ readonly resourceServerIdentifier: pulumi.Output; readonly sessionTransfer: pulumi.Output; /** * List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7. */ readonly signingKeys: pulumi.Output<{ [key: string]: string; }[]>; /** * Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it, or null to unset. Accepts (true/false/null) or ("true"/"false"/"null") */ readonly skipNonVerifiableCallbackUriConfirmationPrompt: pulumi.Output; /** * Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false). */ readonly sso: pulumi.Output; /** * Indicates whether or not SSO is disabled. */ readonly ssoDisabled: pulumi.Output; /** * Allows configuration for token exchange */ readonly tokenExchange: pulumi.Output; /** * The token quota configuration. */ readonly tokenQuota: pulumi.Output; /** * URLs that represent valid web origins for use with web message response mode. */ readonly webOrigins: pulumi.Output; /** * Create a Client resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: ClientArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Client resources. */ export interface ClientState { /** * Addons enabled for this client and their associated configurations. */ addons?: pulumi.Input; /** * List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed. */ allowedClients?: pulumi.Input[]>; /** * URLs that Auth0 may redirect to after logout. */ allowedLogoutUrls?: pulumi.Input[]>; /** * URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed. */ allowedOrigins?: pulumi.Input[]>; /** * Type of application the client represents. Possible values are: `native`, `spa`, `regularWeb`, `nonInteractive`, `resourceServer`,`ssoIntegration`. Specific SSO integrations types accepted as well are: `rms`, `box`, `cloudbees`, `concur`, `dropbox`, `mscrm`, `echosign`, `egnyte`, `newrelic`, `office365`, `salesforce`, `sentry`, `sharepoint`, `slack`, `springcm`, `zendesk`, `zoom`. */ appType?: pulumi.Input; /** * List of notification channels enabled for CIBA (Client-Initiated Backchannel Authentication) requests initiated by this client. Valid values are `guardian-push` and `email`. The order is significant as this is the order in which notification channels will be evaluated. Defaults to `["guardian-push"]` if not specified. */ asyncApprovalNotificationChannels?: pulumi.Input[]>; /** * URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://. */ callbacks?: pulumi.Input[]>; /** * List of audiences/realms for SAML protocol. Used by the wsfed addon. */ clientAliases?: pulumi.Input[]>; /** * The ID of the client. */ clientId?: pulumi.Input; /** * Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: `:,-+=_*?"/\()<>@ [Tab] [Space]`. */ clientMetadata?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Defines the compliance level for this client, which may restrict it's capabilities. Can be one of `none`, `fapi1AdvPkjPar`, `fapi1AdvMtlsPar`. */ complianceLevel?: pulumi.Input; /** * Whether this client can be used to make cross-origin authentication requests (`true`) or it is not allowed to make such requests (`false`). */ crossOriginAuth?: pulumi.Input; /** * URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page. */ crossOriginLoc?: pulumi.Input; /** * The content (HTML, CSS, JS) of the custom login page. */ customLoginPage?: pulumi.Input; /** * Indicates whether a custom login page is to be used. */ customLoginPageOn?: pulumi.Input; /** * Configure and associate an organization with the Client */ defaultOrganization?: pulumi.Input; /** * Description of the purpose of the client. */ description?: pulumi.Input; /** * Encryption used for WS-Fed responses with this client. */ encryptionKey?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * HTML form template to be used for WS-Federation. */ formTemplate?: pulumi.Input; /** * Types of grants that this client is authorized to use. */ grantTypes?: pulumi.Input[]>; /** * Initiate login URI. Must be HTTPS or an empty string. */ initiateLoginUri?: pulumi.Input; /** * Indicates whether this client is a first-party client.Defaults to true from the API */ isFirstParty?: pulumi.Input; /** * Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to `clientSecretPost` or `clientSecretBasic`. Setting this property when creating the resource, will default the authentication method to `clientSecretPost`. To change the authentication method to `clientSecretBasic` use the `auth0.ClientCredentials` resource. */ isTokenEndpointIpHeaderTrusted?: pulumi.Input; /** * Configuration settings for the JWTs issued for this client. */ jwtConfiguration?: pulumi.Input; /** * URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown. */ logoUri?: pulumi.Input; /** * Additional configuration for native mobile apps. */ mobile?: pulumi.Input; /** * Name of the client. */ name?: pulumi.Input; /** * Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to `false` in order to change the `appType`. */ nativeSocialLogin?: pulumi.Input; /** * Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed. * * @deprecated This resource is deprecated and will be removed in the next major version. Please use `oidcLogout` for managing OIDC backchannel logout URLs. */ oidcBackchannelLogoutUrls?: pulumi.Input[]>; /** * Indicates whether this client will conform to strict OIDC specifications. */ oidcConformant?: pulumi.Input; /** * Configure OIDC logout for the Client */ oidcLogout?: pulumi.Input; /** * Methods for discovering organizations during the pre*login*prompt. Can include `email` (allows users to find their organization by entering their email address) and/or `organizationName` (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that `organizationRequireBehavior` is set to `preLoginPrompt`. */ organizationDiscoveryMethods?: pulumi.Input[]>; /** * Defines how to proceed during an authentication transaction when `organizationUsage = "require"`. Can be `noPrompt` (default), `preLoginPrompt` or `postLoginPrompt`. */ organizationRequireBehavior?: pulumi.Input; /** * Defines how to proceed during an authentication transaction with regards to an organization. Can be `deny` (default), `allow` or `require`. */ organizationUsage?: pulumi.Input; /** * Configuration settings for the refresh tokens issued for this client. */ refreshToken?: pulumi.Input; /** * Makes the use of Proof-of-Possession mandatory for this client. */ requireProofOfPossession?: pulumi.Input; /** * Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it. */ requirePushedAuthorizationRequests?: pulumi.Input; /** * The identifier of a resource server that client is associated withThis property can be sent only when app*type=resource*server.This property can not be changed, once the client is created. */ resourceServerIdentifier?: pulumi.Input; sessionTransfer?: pulumi.Input; /** * List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7. */ signingKeys?: pulumi.Input; }>[]>; /** * Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it, or null to unset. Accepts (true/false/null) or ("true"/"false"/"null") */ skipNonVerifiableCallbackUriConfirmationPrompt?: pulumi.Input; /** * Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false). */ sso?: pulumi.Input; /** * Indicates whether or not SSO is disabled. */ ssoDisabled?: pulumi.Input; /** * Allows configuration for token exchange */ tokenExchange?: pulumi.Input; /** * The token quota configuration. */ tokenQuota?: pulumi.Input; /** * URLs that represent valid web origins for use with web message response mode. */ webOrigins?: pulumi.Input[]>; } /** * The set of arguments for constructing a Client resource. */ export interface ClientArgs { /** * Addons enabled for this client and their associated configurations. */ addons?: pulumi.Input; /** * List of applications ID's that will be allowed to make delegation request. By default, all applications will be allowed. */ allowedClients?: pulumi.Input[]>; /** * URLs that Auth0 may redirect to after logout. */ allowedLogoutUrls?: pulumi.Input[]>; /** * URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed. */ allowedOrigins?: pulumi.Input[]>; /** * Type of application the client represents. Possible values are: `native`, `spa`, `regularWeb`, `nonInteractive`, `resourceServer`,`ssoIntegration`. Specific SSO integrations types accepted as well are: `rms`, `box`, `cloudbees`, `concur`, `dropbox`, `mscrm`, `echosign`, `egnyte`, `newrelic`, `office365`, `salesforce`, `sentry`, `sharepoint`, `slack`, `springcm`, `zendesk`, `zoom`. */ appType?: pulumi.Input; /** * List of notification channels enabled for CIBA (Client-Initiated Backchannel Authentication) requests initiated by this client. Valid values are `guardian-push` and `email`. The order is significant as this is the order in which notification channels will be evaluated. Defaults to `["guardian-push"]` if not specified. */ asyncApprovalNotificationChannels?: pulumi.Input[]>; /** * URLs that Auth0 may call back to after a user authenticates for the client. Make sure to specify the protocol (https://) otherwise the callback may fail in some cases. With the exception of custom URI schemes for native clients, all callbacks should use protocol https://. */ callbacks?: pulumi.Input[]>; /** * List of audiences/realms for SAML protocol. Used by the wsfed addon. */ clientAliases?: pulumi.Input[]>; /** * Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: `:,-+=_*?"/\()<>@ [Tab] [Space]`. */ clientMetadata?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Defines the compliance level for this client, which may restrict it's capabilities. Can be one of `none`, `fapi1AdvPkjPar`, `fapi1AdvMtlsPar`. */ complianceLevel?: pulumi.Input; /** * Whether this client can be used to make cross-origin authentication requests (`true`) or it is not allowed to make such requests (`false`). */ crossOriginAuth?: pulumi.Input; /** * URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page. */ crossOriginLoc?: pulumi.Input; /** * The content (HTML, CSS, JS) of the custom login page. */ customLoginPage?: pulumi.Input; /** * Indicates whether a custom login page is to be used. */ customLoginPageOn?: pulumi.Input; /** * Configure and associate an organization with the Client */ defaultOrganization?: pulumi.Input; /** * Description of the purpose of the client. */ description?: pulumi.Input; /** * Encryption used for WS-Fed responses with this client. */ encryptionKey?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * HTML form template to be used for WS-Federation. */ formTemplate?: pulumi.Input; /** * Types of grants that this client is authorized to use. */ grantTypes?: pulumi.Input[]>; /** * Initiate login URI. Must be HTTPS or an empty string. */ initiateLoginUri?: pulumi.Input; /** * Indicates whether this client is a first-party client.Defaults to true from the API */ isFirstParty?: pulumi.Input; /** * Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to `clientSecretPost` or `clientSecretBasic`. Setting this property when creating the resource, will default the authentication method to `clientSecretPost`. To change the authentication method to `clientSecretBasic` use the `auth0.ClientCredentials` resource. */ isTokenEndpointIpHeaderTrusted?: pulumi.Input; /** * Configuration settings for the JWTs issued for this client. */ jwtConfiguration?: pulumi.Input; /** * URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown. */ logoUri?: pulumi.Input; /** * Additional configuration for native mobile apps. */ mobile?: pulumi.Input; /** * Name of the client. */ name?: pulumi.Input; /** * Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to `false` in order to change the `appType`. */ nativeSocialLogin?: pulumi.Input; /** * Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed. * * @deprecated This resource is deprecated and will be removed in the next major version. Please use `oidcLogout` for managing OIDC backchannel logout URLs. */ oidcBackchannelLogoutUrls?: pulumi.Input[]>; /** * Indicates whether this client will conform to strict OIDC specifications. */ oidcConformant?: pulumi.Input; /** * Configure OIDC logout for the Client */ oidcLogout?: pulumi.Input; /** * Methods for discovering organizations during the pre*login*prompt. Can include `email` (allows users to find their organization by entering their email address) and/or `organizationName` (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that `organizationRequireBehavior` is set to `preLoginPrompt`. */ organizationDiscoveryMethods?: pulumi.Input[]>; /** * Defines how to proceed during an authentication transaction when `organizationUsage = "require"`. Can be `noPrompt` (default), `preLoginPrompt` or `postLoginPrompt`. */ organizationRequireBehavior?: pulumi.Input; /** * Defines how to proceed during an authentication transaction with regards to an organization. Can be `deny` (default), `allow` or `require`. */ organizationUsage?: pulumi.Input; /** * Configuration settings for the refresh tokens issued for this client. */ refreshToken?: pulumi.Input; /** * Makes the use of Proof-of-Possession mandatory for this client. */ requireProofOfPossession?: pulumi.Input; /** * Makes the use of Pushed Authorization Requests mandatory for this client. This feature currently needs to be enabled on the tenant in order to make use of it. */ requirePushedAuthorizationRequests?: pulumi.Input; /** * The identifier of a resource server that client is associated withThis property can be sent only when app*type=resource*server.This property can not be changed, once the client is created. */ resourceServerIdentifier?: pulumi.Input; sessionTransfer?: pulumi.Input; /** * Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it, or null to unset. Accepts (true/false/null) or ("true"/"false"/"null") */ skipNonVerifiableCallbackUriConfirmationPrompt?: pulumi.Input; /** * Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false). */ sso?: pulumi.Input; /** * Indicates whether or not SSO is disabled. */ ssoDisabled?: pulumi.Input; /** * Allows configuration for token exchange */ tokenExchange?: pulumi.Input; /** * The token quota configuration. */ tokenQuota?: pulumi.Input; /** * URLs that represent valid web origins for use with web message response mode. */ webOrigins?: pulumi.Input[]>; }