import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * With this resource, you can set up APIs that can be consumed from your authorized applications. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as auth0 from "@pulumi/auth0"; * * const myResourceServer = new auth0.ResourceServer("my_resource_server", { * name: "Example Resource Server (Managed by Terraform)", * identifier: "https://api.example.com", * signingAlg: "RS256", * allowOfflineAccess: true, * tokenLifetime: 8600, * skipConsentForVerifiableFirstPartyClients: true, * consentPolicy: "transactional-authorization-with-mfa", * tokenEncryption: { * format: "compact-nested-jwe", * encryptionKey: { * name: "keyname", * algorithm: "RSA-OAEP-256", * pem: `-----BEGIN CERTIFICATE----- * MIIFWDCCA0ACCQDXqpBo3R...G9w0BAQsFADBuMQswCQYDVQQGEwJl * -----END CERTIFICATE----- * `, * }, * }, * authorizationDetails: [ * { * type: "payment", * }, * { * type: "non-payment", * }, * ], * proofOfPossession: { * mechanism: "mtls", * required: true, * }, * subjectTypeAuthorization: { * user: { * policy: "allow_all", * }, * client: { * policy: "require_client_grant", * }, * }, * }); * ``` * * ## Import * * Existing resource servers can be imported using their ID. * * Example: * * ```sh * $ pulumi import auth0:index/resourceServer:ResourceServer my_resource_server "XXXXXXXXXXXXXXXXXXXXXXX" * ``` */ export declare class ResourceServer extends pulumi.CustomResource { /** * Get an existing ResourceServer resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ResourceServerState, opts?: pulumi.CustomResourceOptions): ResourceServer; /** * Returns true if the given object is an instance of ResourceServer. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ResourceServer; /** * Indicates whether refresh tokens can be issued for this resource server. */ readonly allowOfflineAccess: pulumi.Output; /** * Authorization details for this resource server. */ readonly authorizationDetails: pulumi.Output; /** * The ID of the client associated with this resource server. If a client has been created and linked to this resource server, this field will be populated with that client's ID. */ readonly clientId: pulumi.Output; /** * Consent policy for this resource server. Options include `transactional-authorization-with-mfa`, or `null` to disable. */ readonly consentPolicy: pulumi.Output; /** * If this setting is enabled, RBAC authorization policies will be enforced for this API. Role and permission assignments will be evaluated during the login transaction. */ readonly enforcePolicies: pulumi.Output; /** * Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set. */ readonly identifier: pulumi.Output; /** * Friendly name for the resource server. Cannot include `<` or `>` characters. */ readonly name: pulumi.Output; /** * Configuration settings for proof-of-possession for this resource server. */ readonly proofOfPossession: pulumi.Output; /** * Algorithm used to sign JWTs. Options include `HS256`, `RS256`, and `PS256`. */ readonly signingAlg: pulumi.Output; /** * Secret used to sign tokens when using symmetric algorithms (HS256). */ readonly signingSecret: pulumi.Output; /** * Indicates whether to skip user consent for applications flagged as first party. */ readonly skipConsentForVerifiableFirstPartyClients: pulumi.Output; /** * Authorization policies for user and client flows. */ readonly subjectTypeAuthorization: pulumi.Output; /** * Dialect of access tokens that should be issued for this resource server. Options include `accessToken`, `rfc9068Profile`, `accessTokenAuthz`, and `rfc9068ProfileAuthz`. `accessToken` is a JWT containing standard Auth0 claims. `rfc9068Profile` is a JWT conforming to the IETF JWT Access Token Profile. `accessTokenAuthz` is a JWT containing standard Auth0 claims, including RBAC permissions claims. `rfc9068ProfileAuthz` is a JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims. RBAC permissions claims are available if RBAC (`enforcePolicies`) is enabled for this API. For more details, refer to [Access Token Profiles](https://auth0.com/docs/secure/tokens/access-tokens/access-token-profiles). */ readonly tokenDialect: pulumi.Output; /** * Configuration for JSON Web Encryption(JWE) of tokens for this resource server. */ readonly tokenEncryption: pulumi.Output; /** * Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid. */ readonly tokenLifetime: pulumi.Output; /** * Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the `tokenLifetime` value. */ readonly tokenLifetimeForWeb: pulumi.Output; /** * URL from which to retrieve JWKs for this resource server. Used for verifying the JWT sent to Auth0 for token introspection. */ readonly verificationLocation: pulumi.Output; /** * Create a ResourceServer resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ResourceServerArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ResourceServer resources. */ export interface ResourceServerState { /** * Indicates whether refresh tokens can be issued for this resource server. */ allowOfflineAccess?: pulumi.Input; /** * Authorization details for this resource server. */ authorizationDetails?: pulumi.Input[]>; /** * The ID of the client associated with this resource server. If a client has been created and linked to this resource server, this field will be populated with that client's ID. */ clientId?: pulumi.Input; /** * Consent policy for this resource server. Options include `transactional-authorization-with-mfa`, or `null` to disable. */ consentPolicy?: pulumi.Input; /** * If this setting is enabled, RBAC authorization policies will be enforced for this API. Role and permission assignments will be evaluated during the login transaction. */ enforcePolicies?: pulumi.Input; /** * Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set. */ identifier?: pulumi.Input; /** * Friendly name for the resource server. Cannot include `<` or `>` characters. */ name?: pulumi.Input; /** * Configuration settings for proof-of-possession for this resource server. */ proofOfPossession?: pulumi.Input; /** * Algorithm used to sign JWTs. Options include `HS256`, `RS256`, and `PS256`. */ signingAlg?: pulumi.Input; /** * Secret used to sign tokens when using symmetric algorithms (HS256). */ signingSecret?: pulumi.Input; /** * Indicates whether to skip user consent for applications flagged as first party. */ skipConsentForVerifiableFirstPartyClients?: pulumi.Input; /** * Authorization policies for user and client flows. */ subjectTypeAuthorization?: pulumi.Input; /** * Dialect of access tokens that should be issued for this resource server. Options include `accessToken`, `rfc9068Profile`, `accessTokenAuthz`, and `rfc9068ProfileAuthz`. `accessToken` is a JWT containing standard Auth0 claims. `rfc9068Profile` is a JWT conforming to the IETF JWT Access Token Profile. `accessTokenAuthz` is a JWT containing standard Auth0 claims, including RBAC permissions claims. `rfc9068ProfileAuthz` is a JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims. RBAC permissions claims are available if RBAC (`enforcePolicies`) is enabled for this API. For more details, refer to [Access Token Profiles](https://auth0.com/docs/secure/tokens/access-tokens/access-token-profiles). */ tokenDialect?: pulumi.Input; /** * Configuration for JSON Web Encryption(JWE) of tokens for this resource server. */ tokenEncryption?: pulumi.Input; /** * Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid. */ tokenLifetime?: pulumi.Input; /** * Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the `tokenLifetime` value. */ tokenLifetimeForWeb?: pulumi.Input; /** * URL from which to retrieve JWKs for this resource server. Used for verifying the JWT sent to Auth0 for token introspection. */ verificationLocation?: pulumi.Input; } /** * The set of arguments for constructing a ResourceServer resource. */ export interface ResourceServerArgs { /** * Indicates whether refresh tokens can be issued for this resource server. */ allowOfflineAccess?: pulumi.Input; /** * Authorization details for this resource server. */ authorizationDetails?: pulumi.Input[]>; /** * Consent policy for this resource server. Options include `transactional-authorization-with-mfa`, or `null` to disable. */ consentPolicy?: pulumi.Input; /** * If this setting is enabled, RBAC authorization policies will be enforced for this API. Role and permission assignments will be evaluated during the login transaction. */ enforcePolicies?: pulumi.Input; /** * Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set. */ identifier: pulumi.Input; /** * Friendly name for the resource server. Cannot include `<` or `>` characters. */ name?: pulumi.Input; /** * Configuration settings for proof-of-possession for this resource server. */ proofOfPossession?: pulumi.Input; /** * Algorithm used to sign JWTs. Options include `HS256`, `RS256`, and `PS256`. */ signingAlg?: pulumi.Input; /** * Secret used to sign tokens when using symmetric algorithms (HS256). */ signingSecret?: pulumi.Input; /** * Indicates whether to skip user consent for applications flagged as first party. */ skipConsentForVerifiableFirstPartyClients?: pulumi.Input; /** * Authorization policies for user and client flows. */ subjectTypeAuthorization?: pulumi.Input; /** * Dialect of access tokens that should be issued for this resource server. Options include `accessToken`, `rfc9068Profile`, `accessTokenAuthz`, and `rfc9068ProfileAuthz`. `accessToken` is a JWT containing standard Auth0 claims. `rfc9068Profile` is a JWT conforming to the IETF JWT Access Token Profile. `accessTokenAuthz` is a JWT containing standard Auth0 claims, including RBAC permissions claims. `rfc9068ProfileAuthz` is a JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims. RBAC permissions claims are available if RBAC (`enforcePolicies`) is enabled for this API. For more details, refer to [Access Token Profiles](https://auth0.com/docs/secure/tokens/access-tokens/access-token-profiles). */ tokenDialect?: pulumi.Input; /** * Configuration for JSON Web Encryption(JWE) of tokens for this resource server. */ tokenEncryption?: pulumi.Input; /** * Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid. */ tokenLifetime?: pulumi.Input; /** * Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the `tokenLifetime` value. */ tokenLifetimeForWeb?: pulumi.Input; /** * URL from which to retrieve JWKs for this resource server. Used for verifying the JWT sent to Auth0 for token introspection. */ verificationLocation?: pulumi.Input; }