import * as pulumi from "@pulumi/pulumi"; /** * Auth0 uses various grant types, or methods by which you grant limited access to your resources to another entity without exposing credentials. The OAuth 2.0 protocol supports several types of grants, which allow different types of access. This resource allows you to create and manage client grants used with configured Auth0 clients. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as auth0 from "@pulumi/auth0"; * * // The following example grants a client the "create:foo" and "create:bar" permissions (scopes). * const myClient = new auth0.Client("my_client", {name: "Example Application - Client Grant (Managed by Terraform)"}); * const myResourceServer = new auth0.ResourceServer("my_resource_server", { * name: "Example Resource Server - Client Grant (Managed by Terraform)", * identifier: "https://api.example.com/client-grant", * authorizationDetails: [ * { * type: "payment", * }, * { * type: "shipping", * }, * ], * subjectTypeAuthorization: { * user: { * policy: "allow_all", * }, * client: { * policy: "require_client_grant", * }, * }, * }); * const myScopes = new auth0.ResourceServerScopes("my_scopes", { * resourceServerIdentifier: myResourceServer.identifier, * scopes: [ * { * name: "read:foo", * description: "Can read Foo", * }, * { * name: "create:foo", * description: "Can create Foo", * }, * ], * }, { * dependsOn: [myResourceServer], * }); * const myClientGrant = new auth0.ClientGrant("my_client_grant", { * clientId: myClient.id, * audience: myResourceServer.identifier, * scopes: [ * "create:foo", * "read:foo", * ], * subjectType: "user", * authorizationDetailsTypes: [ * "payment", * "shipping", * ], * }); * ``` * * ## Import * * This resource can be imported by specifying the client grant ID. * * You can find this within the Management Dashboard in Application -> APIs -> Expand the required API. * * Example: * * ```sh * $ pulumi import auth0:index/clientGrant:ClientGrant my_client_grant "cgr_XXXXXXXXXXXXXXXX" * ``` */ export declare class ClientGrant extends pulumi.CustomResource { /** * Get an existing ClientGrant resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ClientGrantState, opts?: pulumi.CustomResourceOptions): ClientGrant; /** * Returns true if the given object is an instance of ClientGrant. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ClientGrant; /** * If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations. */ readonly allowAnyOrganization: pulumi.Output; /** * Audience or API Identifier for this grant. */ readonly audience: pulumi.Output; /** * Defines the types of authorization details allowed for this client grant. */ readonly authorizationDetailsTypes: pulumi.Output; /** * ID of the client for this grant. */ readonly clientId: pulumi.Output; /** * Defines whether organizations can be used with client credentials exchanges for this grant. (defaults to deny when not defined) */ readonly organizationUsage: pulumi.Output; /** * Permissions (scopes) included in this grant. */ readonly scopes: pulumi.Output; /** * Defines the type of subject for this grant. Can be one of `client` or `user`. Defaults to `client` when not defined. */ readonly subjectType: pulumi.Output; /** * Create a ClientGrant resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ClientGrantArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ClientGrant resources. */ export interface ClientGrantState { /** * If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations. */ allowAnyOrganization?: pulumi.Input; /** * Audience or API Identifier for this grant. */ audience?: pulumi.Input; /** * Defines the types of authorization details allowed for this client grant. */ authorizationDetailsTypes?: pulumi.Input[]>; /** * ID of the client for this grant. */ clientId?: pulumi.Input; /** * Defines whether organizations can be used with client credentials exchanges for this grant. (defaults to deny when not defined) */ organizationUsage?: pulumi.Input; /** * Permissions (scopes) included in this grant. */ scopes?: pulumi.Input[]>; /** * Defines the type of subject for this grant. Can be one of `client` or `user`. Defaults to `client` when not defined. */ subjectType?: pulumi.Input; } /** * The set of arguments for constructing a ClientGrant resource. */ export interface ClientGrantArgs { /** * If enabled, any organization can be used with this grant. If disabled (default), the grant must be explicitly assigned to the desired organizations. */ allowAnyOrganization?: pulumi.Input; /** * Audience or API Identifier for this grant. */ audience: pulumi.Input; /** * Defines the types of authorization details allowed for this client grant. */ authorizationDetailsTypes?: pulumi.Input[]>; /** * ID of the client for this grant. */ clientId: pulumi.Input; /** * Defines whether organizations can be used with client credentials exchanges for this grant. (defaults to deny when not defined) */ organizationUsage?: pulumi.Input; /** * Permissions (scopes) included in this grant. */ scopes: pulumi.Input[]>; /** * Defines the type of subject for this grant. Can be one of `client` or `user`. Defaults to `client` when not defined. */ subjectType?: pulumi.Input; }