1. Packages
  2. Keycloak
  3. API Docs
  4. openid
  5. Client
Keycloak v5.3.2 published on Friday, May 10, 2024 by Pulumi

keycloak.openid.Client

Explore with Pulumi AI

keycloak logo
Keycloak v5.3.2 published on Friday, May 10, 2024 by Pulumi

    # keycloak.openid.Client

    Allows for creating and managing Keycloak clients that use the OpenID Connect protocol.

    Clients are entities that can use Keycloak for user authentication. Typically, clients are applications that redirect users to Keycloak for authentication in order to take advantage of Keycloak’s user sessions for SSO.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as keycloak from "@pulumi/keycloak";
    
    const realm = new keycloak.Realm("realm", {
        realm: "my-realm",
        enabled: true,
    });
    const openidClient = new keycloak.openid.Client("openid_client", {
        realmId: realm.id,
        clientId: "test-client",
        name: "test client",
        enabled: true,
        accessType: "CONFIDENTIAL",
        validRedirectUris: ["http://localhost:8080/openid-callback"],
    });
    
    import pulumi
    import pulumi_keycloak as keycloak
    
    realm = keycloak.Realm("realm",
        realm="my-realm",
        enabled=True)
    openid_client = keycloak.openid.Client("openid_client",
        realm_id=realm.id,
        client_id="test-client",
        name="test client",
        enabled=True,
        access_type="CONFIDENTIAL",
        valid_redirect_uris=["http://localhost:8080/openid-callback"])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
    	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
    			Realm:   pulumi.String("my-realm"),
    			Enabled: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = openid.NewClient(ctx, "openid_client", &openid.ClientArgs{
    			RealmId:    realm.ID(),
    			ClientId:   pulumi.String("test-client"),
    			Name:       pulumi.String("test client"),
    			Enabled:    pulumi.Bool(true),
    			AccessType: pulumi.String("CONFIDENTIAL"),
    			ValidRedirectUris: pulumi.StringArray{
    				pulumi.String("http://localhost:8080/openid-callback"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Keycloak = Pulumi.Keycloak;
    
    return await Deployment.RunAsync(() => 
    {
        var realm = new Keycloak.Realm("realm", new()
        {
            RealmName = "my-realm",
            Enabled = true,
        });
    
        var openidClient = new Keycloak.OpenId.Client("openid_client", new()
        {
            RealmId = realm.Id,
            ClientId = "test-client",
            Name = "test client",
            Enabled = true,
            AccessType = "CONFIDENTIAL",
            ValidRedirectUris = new[]
            {
                "http://localhost:8080/openid-callback",
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.keycloak.Realm;
    import com.pulumi.keycloak.RealmArgs;
    import com.pulumi.keycloak.openid.Client;
    import com.pulumi.keycloak.openid.ClientArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var realm = new Realm("realm", RealmArgs.builder()        
                .realm("my-realm")
                .enabled(true)
                .build());
    
            var openidClient = new Client("openidClient", ClientArgs.builder()        
                .realmId(realm.id())
                .clientId("test-client")
                .name("test client")
                .enabled(true)
                .accessType("CONFIDENTIAL")
                .validRedirectUris("http://localhost:8080/openid-callback")
                .build());
    
        }
    }
    
    resources:
      realm:
        type: keycloak:Realm
        properties:
          realm: my-realm
          enabled: true
      openidClient:
        type: keycloak:openid:Client
        name: openid_client
        properties:
          realmId: ${realm.id}
          clientId: test-client
          name: test client
          enabled: true
          accessType: CONFIDENTIAL
          validRedirectUris:
            - http://localhost:8080/openid-callback
    

    Argument Reference

    The following arguments are supported:

    • realm_id - (Required) The realm this client is attached to.
    • client_id - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens.
    • name - (Optional) The display name of this client in the GUI.
    • enabled - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to true.
    • description - (Optional) The description of this client in the GUI.
    • access_type - (Required) Specifies the type of client, which can be one of the following:
      • CONFIDENTIAL - Used for server-side clients that require both client ID and secret when authenticating. This client should be used for applications using the Authorization Code or Client Credentials grant flows.
      • PUBLIC - Used for browser-only applications that do not require a client secret, and instead rely only on authorized redirect URIs for security. This client should be used for applications using the Implicit grant flow.
      • BEARER-ONLY - Used for services that never initiate a login. This client will only allow bearer token requests.
    • client_secret - (Optional) The secret for clients with an access_type of CONFIDENTIAL or BEARER-ONLY. This value is sensitive and should be treated with the same care as a password. If omitted, Keycloak will generate a GUID for this attribute.
    • standard_flow_enabled - (Optional) When true, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to false.
    • implicit_flow_enabled - (Optional) When true, the OAuth2 Implicit Grant will be enabled for this client. Defaults to false.
    • direct_access_grants_enabled - (Optional) When true, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to false.
    • service_accounts_enabled - (Optional) When true, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to false.
    • valid_redirect_uris - (Optional) A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple wildcards in the form of an asterisk can be used here. This attribute must be set if either standard_flow_enabled or implicit_flow_enabled is set to true.
    • web_origins - (Optional) A list of allowed CORS origins. + can be used to permit all valid redirect URIs, and * can be used to permit all origins.
    • admin_url - (Optional) URL to the admin interface of the client.
    • base_url - (Optional) Default URL to use when the auth server needs to redirect or link back to the client.
    • pkce_code_challenge_method - (Optional) The challenge method to use for Proof Key for Code Exchange. Can be either plain or S256 or set to empty value ``.
    • full_scope_allowed - (Optional) - Allow to include all roles mappings in the access token.

    Attributes Reference

    In addition to the arguments listed above, the following computed attributes are exported:

    • service_account_user_id - When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account.

    Import

    Clients can be imported using the format {{realm_id}}/{{client_keycloak_id}}, where client_keycloak_id is the unique ID that Keycloak assigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID.

    Example:

    $ terraform import keycloak_openid_client.openid_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352
    

    Create Client Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Client(name: string, args: ClientArgs, opts?: CustomResourceOptions);
    @overload
    def Client(resource_name: str,
               args: ClientArgs,
               opts: Optional[ResourceOptions] = None)
    
    @overload
    def Client(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               client_id: Optional[str] = None,
               access_type: Optional[str] = None,
               realm_id: Optional[str] = None,
               exclude_session_state_from_auth_response: Optional[bool] = None,
               authentication_flow_binding_overrides: Optional[ClientAuthenticationFlowBindingOverridesArgs] = None,
               backchannel_logout_revoke_offline_sessions: Optional[bool] = None,
               extra_config: Optional[Mapping[str, Any]] = None,
               backchannel_logout_url: Optional[str] = None,
               frontchannel_logout_url: Optional[str] = None,
               client_authenticator_type: Optional[str] = None,
               frontchannel_logout_enabled: Optional[bool] = None,
               client_offline_session_idle_timeout: Optional[str] = None,
               client_offline_session_max_lifespan: Optional[str] = None,
               client_secret: Optional[str] = None,
               client_session_idle_timeout: Optional[str] = None,
               client_session_max_lifespan: Optional[str] = None,
               consent_required: Optional[bool] = None,
               consent_screen_text: Optional[str] = None,
               description: Optional[str] = None,
               direct_access_grants_enabled: Optional[bool] = None,
               display_on_consent_screen: Optional[bool] = None,
               enabled: Optional[bool] = None,
               access_token_lifespan: Optional[str] = None,
               backchannel_logout_session_required: Optional[bool] = None,
               authorization: Optional[ClientAuthorizationArgs] = None,
               base_url: Optional[str] = None,
               full_scope_allowed: Optional[bool] = None,
               implicit_flow_enabled: Optional[bool] = None,
               import_: Optional[bool] = None,
               login_theme: Optional[str] = None,
               name: Optional[str] = None,
               oauth2_device_authorization_grant_enabled: Optional[bool] = None,
               oauth2_device_code_lifespan: Optional[str] = None,
               oauth2_device_polling_interval: Optional[str] = None,
               pkce_code_challenge_method: Optional[str] = None,
               admin_url: Optional[str] = None,
               root_url: Optional[str] = None,
               service_accounts_enabled: Optional[bool] = None,
               standard_flow_enabled: Optional[bool] = None,
               use_refresh_tokens: Optional[bool] = None,
               use_refresh_tokens_client_credentials: Optional[bool] = None,
               valid_post_logout_redirect_uris: Optional[Sequence[str]] = None,
               valid_redirect_uris: Optional[Sequence[str]] = None,
               web_origins: Optional[Sequence[str]] = None)
    func NewClient(ctx *Context, name string, args ClientArgs, opts ...ResourceOption) (*Client, error)
    public Client(string name, ClientArgs args, CustomResourceOptions? opts = null)
    public Client(String name, ClientArgs args)
    public Client(String name, ClientArgs args, CustomResourceOptions options)
    
    type: keycloak:openid:Client
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ClientArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ClientArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ClientArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ClientArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ClientArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var clientResource = new Keycloak.OpenId.Client("clientResource", new()
    {
        ClientId = "string",
        AccessType = "string",
        RealmId = "string",
        ExcludeSessionStateFromAuthResponse = false,
        AuthenticationFlowBindingOverrides = new Keycloak.OpenId.Inputs.ClientAuthenticationFlowBindingOverridesArgs
        {
            BrowserId = "string",
            DirectGrantId = "string",
        },
        BackchannelLogoutRevokeOfflineSessions = false,
        ExtraConfig = 
        {
            { "string", "any" },
        },
        BackchannelLogoutUrl = "string",
        FrontchannelLogoutUrl = "string",
        ClientAuthenticatorType = "string",
        FrontchannelLogoutEnabled = false,
        ClientOfflineSessionIdleTimeout = "string",
        ClientOfflineSessionMaxLifespan = "string",
        ClientSecret = "string",
        ClientSessionIdleTimeout = "string",
        ClientSessionMaxLifespan = "string",
        ConsentRequired = false,
        ConsentScreenText = "string",
        Description = "string",
        DirectAccessGrantsEnabled = false,
        DisplayOnConsentScreen = false,
        Enabled = false,
        AccessTokenLifespan = "string",
        BackchannelLogoutSessionRequired = false,
        Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs
        {
            PolicyEnforcementMode = "string",
            AllowRemoteResourceManagement = false,
            DecisionStrategy = "string",
            KeepDefaults = false,
        },
        BaseUrl = "string",
        FullScopeAllowed = false,
        ImplicitFlowEnabled = false,
        Import = false,
        LoginTheme = "string",
        Name = "string",
        Oauth2DeviceAuthorizationGrantEnabled = false,
        Oauth2DeviceCodeLifespan = "string",
        Oauth2DevicePollingInterval = "string",
        PkceCodeChallengeMethod = "string",
        AdminUrl = "string",
        RootUrl = "string",
        ServiceAccountsEnabled = false,
        StandardFlowEnabled = false,
        UseRefreshTokens = false,
        UseRefreshTokensClientCredentials = false,
        ValidPostLogoutRedirectUris = new[]
        {
            "string",
        },
        ValidRedirectUris = new[]
        {
            "string",
        },
        WebOrigins = new[]
        {
            "string",
        },
    });
    
    example, err := openid.NewClient(ctx, "clientResource", &openid.ClientArgs{
    	ClientId:                            pulumi.String("string"),
    	AccessType:                          pulumi.String("string"),
    	RealmId:                             pulumi.String("string"),
    	ExcludeSessionStateFromAuthResponse: pulumi.Bool(false),
    	AuthenticationFlowBindingOverrides: &openid.ClientAuthenticationFlowBindingOverridesArgs{
    		BrowserId:     pulumi.String("string"),
    		DirectGrantId: pulumi.String("string"),
    	},
    	BackchannelLogoutRevokeOfflineSessions: pulumi.Bool(false),
    	ExtraConfig: pulumi.Map{
    		"string": pulumi.Any("any"),
    	},
    	BackchannelLogoutUrl:             pulumi.String("string"),
    	FrontchannelLogoutUrl:            pulumi.String("string"),
    	ClientAuthenticatorType:          pulumi.String("string"),
    	FrontchannelLogoutEnabled:        pulumi.Bool(false),
    	ClientOfflineSessionIdleTimeout:  pulumi.String("string"),
    	ClientOfflineSessionMaxLifespan:  pulumi.String("string"),
    	ClientSecret:                     pulumi.String("string"),
    	ClientSessionIdleTimeout:         pulumi.String("string"),
    	ClientSessionMaxLifespan:         pulumi.String("string"),
    	ConsentRequired:                  pulumi.Bool(false),
    	ConsentScreenText:                pulumi.String("string"),
    	Description:                      pulumi.String("string"),
    	DirectAccessGrantsEnabled:        pulumi.Bool(false),
    	DisplayOnConsentScreen:           pulumi.Bool(false),
    	Enabled:                          pulumi.Bool(false),
    	AccessTokenLifespan:              pulumi.String("string"),
    	BackchannelLogoutSessionRequired: pulumi.Bool(false),
    	Authorization: &openid.ClientAuthorizationArgs{
    		PolicyEnforcementMode:         pulumi.String("string"),
    		AllowRemoteResourceManagement: pulumi.Bool(false),
    		DecisionStrategy:              pulumi.String("string"),
    		KeepDefaults:                  pulumi.Bool(false),
    	},
    	BaseUrl:                               pulumi.String("string"),
    	FullScopeAllowed:                      pulumi.Bool(false),
    	ImplicitFlowEnabled:                   pulumi.Bool(false),
    	Import:                                pulumi.Bool(false),
    	LoginTheme:                            pulumi.String("string"),
    	Name:                                  pulumi.String("string"),
    	Oauth2DeviceAuthorizationGrantEnabled: pulumi.Bool(false),
    	Oauth2DeviceCodeLifespan:              pulumi.String("string"),
    	Oauth2DevicePollingInterval:           pulumi.String("string"),
    	PkceCodeChallengeMethod:               pulumi.String("string"),
    	AdminUrl:                              pulumi.String("string"),
    	RootUrl:                               pulumi.String("string"),
    	ServiceAccountsEnabled:                pulumi.Bool(false),
    	StandardFlowEnabled:                   pulumi.Bool(false),
    	UseRefreshTokens:                      pulumi.Bool(false),
    	UseRefreshTokensClientCredentials:     pulumi.Bool(false),
    	ValidPostLogoutRedirectUris: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ValidRedirectUris: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	WebOrigins: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    })
    
    var clientResource = new Client("clientResource", ClientArgs.builder()
        .clientId("string")
        .accessType("string")
        .realmId("string")
        .excludeSessionStateFromAuthResponse(false)
        .authenticationFlowBindingOverrides(ClientAuthenticationFlowBindingOverridesArgs.builder()
            .browserId("string")
            .directGrantId("string")
            .build())
        .backchannelLogoutRevokeOfflineSessions(false)
        .extraConfig(Map.of("string", "any"))
        .backchannelLogoutUrl("string")
        .frontchannelLogoutUrl("string")
        .clientAuthenticatorType("string")
        .frontchannelLogoutEnabled(false)
        .clientOfflineSessionIdleTimeout("string")
        .clientOfflineSessionMaxLifespan("string")
        .clientSecret("string")
        .clientSessionIdleTimeout("string")
        .clientSessionMaxLifespan("string")
        .consentRequired(false)
        .consentScreenText("string")
        .description("string")
        .directAccessGrantsEnabled(false)
        .displayOnConsentScreen(false)
        .enabled(false)
        .accessTokenLifespan("string")
        .backchannelLogoutSessionRequired(false)
        .authorization(ClientAuthorizationArgs.builder()
            .policyEnforcementMode("string")
            .allowRemoteResourceManagement(false)
            .decisionStrategy("string")
            .keepDefaults(false)
            .build())
        .baseUrl("string")
        .fullScopeAllowed(false)
        .implicitFlowEnabled(false)
        .import_(false)
        .loginTheme("string")
        .name("string")
        .oauth2DeviceAuthorizationGrantEnabled(false)
        .oauth2DeviceCodeLifespan("string")
        .oauth2DevicePollingInterval("string")
        .pkceCodeChallengeMethod("string")
        .adminUrl("string")
        .rootUrl("string")
        .serviceAccountsEnabled(false)
        .standardFlowEnabled(false)
        .useRefreshTokens(false)
        .useRefreshTokensClientCredentials(false)
        .validPostLogoutRedirectUris("string")
        .validRedirectUris("string")
        .webOrigins("string")
        .build());
    
    client_resource = keycloak.openid.Client("clientResource",
        client_id="string",
        access_type="string",
        realm_id="string",
        exclude_session_state_from_auth_response=False,
        authentication_flow_binding_overrides=keycloak.openid.ClientAuthenticationFlowBindingOverridesArgs(
            browser_id="string",
            direct_grant_id="string",
        ),
        backchannel_logout_revoke_offline_sessions=False,
        extra_config={
            "string": "any",
        },
        backchannel_logout_url="string",
        frontchannel_logout_url="string",
        client_authenticator_type="string",
        frontchannel_logout_enabled=False,
        client_offline_session_idle_timeout="string",
        client_offline_session_max_lifespan="string",
        client_secret="string",
        client_session_idle_timeout="string",
        client_session_max_lifespan="string",
        consent_required=False,
        consent_screen_text="string",
        description="string",
        direct_access_grants_enabled=False,
        display_on_consent_screen=False,
        enabled=False,
        access_token_lifespan="string",
        backchannel_logout_session_required=False,
        authorization=keycloak.openid.ClientAuthorizationArgs(
            policy_enforcement_mode="string",
            allow_remote_resource_management=False,
            decision_strategy="string",
            keep_defaults=False,
        ),
        base_url="string",
        full_scope_allowed=False,
        implicit_flow_enabled=False,
        import_=False,
        login_theme="string",
        name="string",
        oauth2_device_authorization_grant_enabled=False,
        oauth2_device_code_lifespan="string",
        oauth2_device_polling_interval="string",
        pkce_code_challenge_method="string",
        admin_url="string",
        root_url="string",
        service_accounts_enabled=False,
        standard_flow_enabled=False,
        use_refresh_tokens=False,
        use_refresh_tokens_client_credentials=False,
        valid_post_logout_redirect_uris=["string"],
        valid_redirect_uris=["string"],
        web_origins=["string"])
    
    const clientResource = new keycloak.openid.Client("clientResource", {
        clientId: "string",
        accessType: "string",
        realmId: "string",
        excludeSessionStateFromAuthResponse: false,
        authenticationFlowBindingOverrides: {
            browserId: "string",
            directGrantId: "string",
        },
        backchannelLogoutRevokeOfflineSessions: false,
        extraConfig: {
            string: "any",
        },
        backchannelLogoutUrl: "string",
        frontchannelLogoutUrl: "string",
        clientAuthenticatorType: "string",
        frontchannelLogoutEnabled: false,
        clientOfflineSessionIdleTimeout: "string",
        clientOfflineSessionMaxLifespan: "string",
        clientSecret: "string",
        clientSessionIdleTimeout: "string",
        clientSessionMaxLifespan: "string",
        consentRequired: false,
        consentScreenText: "string",
        description: "string",
        directAccessGrantsEnabled: false,
        displayOnConsentScreen: false,
        enabled: false,
        accessTokenLifespan: "string",
        backchannelLogoutSessionRequired: false,
        authorization: {
            policyEnforcementMode: "string",
            allowRemoteResourceManagement: false,
            decisionStrategy: "string",
            keepDefaults: false,
        },
        baseUrl: "string",
        fullScopeAllowed: false,
        implicitFlowEnabled: false,
        "import": false,
        loginTheme: "string",
        name: "string",
        oauth2DeviceAuthorizationGrantEnabled: false,
        oauth2DeviceCodeLifespan: "string",
        oauth2DevicePollingInterval: "string",
        pkceCodeChallengeMethod: "string",
        adminUrl: "string",
        rootUrl: "string",
        serviceAccountsEnabled: false,
        standardFlowEnabled: false,
        useRefreshTokens: false,
        useRefreshTokensClientCredentials: false,
        validPostLogoutRedirectUris: ["string"],
        validRedirectUris: ["string"],
        webOrigins: ["string"],
    });
    
    type: keycloak:openid:Client
    properties:
        accessTokenLifespan: string
        accessType: string
        adminUrl: string
        authenticationFlowBindingOverrides:
            browserId: string
            directGrantId: string
        authorization:
            allowRemoteResourceManagement: false
            decisionStrategy: string
            keepDefaults: false
            policyEnforcementMode: string
        backchannelLogoutRevokeOfflineSessions: false
        backchannelLogoutSessionRequired: false
        backchannelLogoutUrl: string
        baseUrl: string
        clientAuthenticatorType: string
        clientId: string
        clientOfflineSessionIdleTimeout: string
        clientOfflineSessionMaxLifespan: string
        clientSecret: string
        clientSessionIdleTimeout: string
        clientSessionMaxLifespan: string
        consentRequired: false
        consentScreenText: string
        description: string
        directAccessGrantsEnabled: false
        displayOnConsentScreen: false
        enabled: false
        excludeSessionStateFromAuthResponse: false
        extraConfig:
            string: any
        frontchannelLogoutEnabled: false
        frontchannelLogoutUrl: string
        fullScopeAllowed: false
        implicitFlowEnabled: false
        import: false
        loginTheme: string
        name: string
        oauth2DeviceAuthorizationGrantEnabled: false
        oauth2DeviceCodeLifespan: string
        oauth2DevicePollingInterval: string
        pkceCodeChallengeMethod: string
        realmId: string
        rootUrl: string
        serviceAccountsEnabled: false
        standardFlowEnabled: false
        useRefreshTokens: false
        useRefreshTokensClientCredentials: false
        validPostLogoutRedirectUris:
            - string
        validRedirectUris:
            - string
        webOrigins:
            - string
    

    Client Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Client resource accepts the following input properties:

    AccessType string
    ClientId string
    RealmId string
    AccessTokenLifespan string
    AdminUrl string
    AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverrides
    Authorization ClientAuthorization
    BackchannelLogoutRevokeOfflineSessions bool
    BackchannelLogoutSessionRequired bool
    BackchannelLogoutUrl string
    BaseUrl string
    ClientAuthenticatorType string
    ClientOfflineSessionIdleTimeout string
    ClientOfflineSessionMaxLifespan string
    ClientSecret string
    ClientSessionIdleTimeout string
    ClientSessionMaxLifespan string
    ConsentRequired bool
    ConsentScreenText string
    Description string
    DirectAccessGrantsEnabled bool
    DisplayOnConsentScreen bool
    Enabled bool
    ExcludeSessionStateFromAuthResponse bool
    ExtraConfig Dictionary<string, object>
    FrontchannelLogoutEnabled bool
    FrontchannelLogoutUrl string
    FullScopeAllowed bool
    ImplicitFlowEnabled bool
    Import bool
    LoginTheme string
    Name string
    Oauth2DeviceAuthorizationGrantEnabled bool
    Oauth2DeviceCodeLifespan string
    Oauth2DevicePollingInterval string
    PkceCodeChallengeMethod string
    RootUrl string
    ServiceAccountsEnabled bool
    StandardFlowEnabled bool
    UseRefreshTokens bool
    UseRefreshTokensClientCredentials bool
    ValidPostLogoutRedirectUris List<string>
    ValidRedirectUris List<string>
    WebOrigins List<string>
    AccessType string
    ClientId string
    RealmId string
    AccessTokenLifespan string
    AdminUrl string
    AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesArgs
    Authorization ClientAuthorizationArgs
    BackchannelLogoutRevokeOfflineSessions bool
    BackchannelLogoutSessionRequired bool
    BackchannelLogoutUrl string
    BaseUrl string
    ClientAuthenticatorType string
    ClientOfflineSessionIdleTimeout string
    ClientOfflineSessionMaxLifespan string
    ClientSecret string
    ClientSessionIdleTimeout string
    ClientSessionMaxLifespan string
    ConsentRequired bool
    ConsentScreenText string
    Description string
    DirectAccessGrantsEnabled bool
    DisplayOnConsentScreen bool
    Enabled bool
    ExcludeSessionStateFromAuthResponse bool
    ExtraConfig map[string]interface{}
    FrontchannelLogoutEnabled bool
    FrontchannelLogoutUrl string
    FullScopeAllowed bool
    ImplicitFlowEnabled bool
    Import bool
    LoginTheme string
    Name string
    Oauth2DeviceAuthorizationGrantEnabled bool
    Oauth2DeviceCodeLifespan string
    Oauth2DevicePollingInterval string
    PkceCodeChallengeMethod string
    RootUrl string
    ServiceAccountsEnabled bool
    StandardFlowEnabled bool
    UseRefreshTokens bool
    UseRefreshTokensClientCredentials bool
    ValidPostLogoutRedirectUris []string
    ValidRedirectUris []string
    WebOrigins []string
    accessType String
    clientId String
    realmId String
    accessTokenLifespan String
    adminUrl String
    authenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverrides
    authorization ClientAuthorization
    backchannelLogoutRevokeOfflineSessions Boolean
    backchannelLogoutSessionRequired Boolean
    backchannelLogoutUrl String
    baseUrl String
    clientAuthenticatorType String
    clientOfflineSessionIdleTimeout String
    clientOfflineSessionMaxLifespan String
    clientSecret String
    clientSessionIdleTimeout String
    clientSessionMaxLifespan String
    consentRequired Boolean
    consentScreenText String
    description String
    directAccessGrantsEnabled Boolean
    displayOnConsentScreen Boolean
    enabled Boolean
    excludeSessionStateFromAuthResponse Boolean
    extraConfig Map<String,Object>
    frontchannelLogoutEnabled Boolean
    frontchannelLogoutUrl String
    fullScopeAllowed Boolean
    implicitFlowEnabled Boolean
    import_ Boolean
    loginTheme String
    name String
    oauth2DeviceAuthorizationGrantEnabled Boolean
    oauth2DeviceCodeLifespan String
    oauth2DevicePollingInterval String
    pkceCodeChallengeMethod String
    rootUrl String
    serviceAccountsEnabled Boolean
    standardFlowEnabled Boolean
    useRefreshTokens Boolean
    useRefreshTokensClientCredentials Boolean
    validPostLogoutRedirectUris List<String>
    validRedirectUris List<String>
    webOrigins List<String>
    accessType string
    clientId string
    realmId string
    accessTokenLifespan string
    adminUrl string
    authenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverrides
    authorization ClientAuthorization
    backchannelLogoutRevokeOfflineSessions boolean
    backchannelLogoutSessionRequired boolean
    backchannelLogoutUrl string
    baseUrl string
    clientAuthenticatorType string
    clientOfflineSessionIdleTimeout string
    clientOfflineSessionMaxLifespan string
    clientSecret string
    clientSessionIdleTimeout string
    clientSessionMaxLifespan string
    consentRequired boolean
    consentScreenText string
    description string
    directAccessGrantsEnabled boolean
    displayOnConsentScreen boolean
    enabled boolean
    excludeSessionStateFromAuthResponse boolean
    extraConfig {[key: string]: any}
    frontchannelLogoutEnabled boolean
    frontchannelLogoutUrl string
    fullScopeAllowed boolean
    implicitFlowEnabled boolean
    import boolean
    loginTheme string
    name string
    oauth2DeviceAuthorizationGrantEnabled boolean
    oauth2DeviceCodeLifespan string
    oauth2DevicePollingInterval string
    pkceCodeChallengeMethod string
    rootUrl string
    serviceAccountsEnabled boolean
    standardFlowEnabled boolean
    useRefreshTokens boolean
    useRefreshTokensClientCredentials boolean
    validPostLogoutRedirectUris string[]
    validRedirectUris string[]
    webOrigins string[]
    access_type str
    client_id str
    realm_id str
    access_token_lifespan str
    admin_url str
    authentication_flow_binding_overrides ClientAuthenticationFlowBindingOverridesArgs
    authorization ClientAuthorizationArgs
    backchannel_logout_revoke_offline_sessions bool
    backchannel_logout_session_required bool
    backchannel_logout_url str
    base_url str
    client_authenticator_type str
    client_offline_session_idle_timeout str
    client_offline_session_max_lifespan str
    client_secret str
    client_session_idle_timeout str
    client_session_max_lifespan str
    consent_required bool
    consent_screen_text str
    description str
    direct_access_grants_enabled bool
    display_on_consent_screen bool
    enabled bool
    exclude_session_state_from_auth_response bool
    extra_config Mapping[str, Any]
    frontchannel_logout_enabled bool
    frontchannel_logout_url str
    full_scope_allowed bool
    implicit_flow_enabled bool
    import_ bool
    login_theme str
    name str
    oauth2_device_authorization_grant_enabled bool
    oauth2_device_code_lifespan str
    oauth2_device_polling_interval str
    pkce_code_challenge_method str
    root_url str
    service_accounts_enabled bool
    standard_flow_enabled bool
    use_refresh_tokens bool
    use_refresh_tokens_client_credentials bool
    valid_post_logout_redirect_uris Sequence[str]
    valid_redirect_uris Sequence[str]
    web_origins Sequence[str]
    accessType String
    clientId String
    realmId String
    accessTokenLifespan String
    adminUrl String
    authenticationFlowBindingOverrides Property Map
    authorization Property Map
    backchannelLogoutRevokeOfflineSessions Boolean
    backchannelLogoutSessionRequired Boolean
    backchannelLogoutUrl String
    baseUrl String
    clientAuthenticatorType String
    clientOfflineSessionIdleTimeout String
    clientOfflineSessionMaxLifespan String
    clientSecret String
    clientSessionIdleTimeout String
    clientSessionMaxLifespan String
    consentRequired Boolean
    consentScreenText String
    description String
    directAccessGrantsEnabled Boolean
    displayOnConsentScreen Boolean
    enabled Boolean
    excludeSessionStateFromAuthResponse Boolean
    extraConfig Map<Any>
    frontchannelLogoutEnabled Boolean
    frontchannelLogoutUrl String
    fullScopeAllowed Boolean
    implicitFlowEnabled Boolean
    import Boolean
    loginTheme String
    name String
    oauth2DeviceAuthorizationGrantEnabled Boolean
    oauth2DeviceCodeLifespan String
    oauth2DevicePollingInterval String
    pkceCodeChallengeMethod String
    rootUrl String
    serviceAccountsEnabled Boolean
    standardFlowEnabled Boolean
    useRefreshTokens Boolean
    useRefreshTokensClientCredentials Boolean
    validPostLogoutRedirectUris List<String>
    validRedirectUris List<String>
    webOrigins List<String>

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Client resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    ResourceServerId string
    ServiceAccountUserId string
    Id string
    The provider-assigned unique ID for this managed resource.
    ResourceServerId string
    ServiceAccountUserId string
    id String
    The provider-assigned unique ID for this managed resource.
    resourceServerId String
    serviceAccountUserId String
    id string
    The provider-assigned unique ID for this managed resource.
    resourceServerId string
    serviceAccountUserId string
    id str
    The provider-assigned unique ID for this managed resource.
    resource_server_id str
    service_account_user_id str
    id String
    The provider-assigned unique ID for this managed resource.
    resourceServerId String
    serviceAccountUserId String

    Look up Existing Client Resource

    Get an existing Client resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ClientState, opts?: CustomResourceOptions): Client
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            access_token_lifespan: Optional[str] = None,
            access_type: Optional[str] = None,
            admin_url: Optional[str] = None,
            authentication_flow_binding_overrides: Optional[ClientAuthenticationFlowBindingOverridesArgs] = None,
            authorization: Optional[ClientAuthorizationArgs] = None,
            backchannel_logout_revoke_offline_sessions: Optional[bool] = None,
            backchannel_logout_session_required: Optional[bool] = None,
            backchannel_logout_url: Optional[str] = None,
            base_url: Optional[str] = None,
            client_authenticator_type: Optional[str] = None,
            client_id: Optional[str] = None,
            client_offline_session_idle_timeout: Optional[str] = None,
            client_offline_session_max_lifespan: Optional[str] = None,
            client_secret: Optional[str] = None,
            client_session_idle_timeout: Optional[str] = None,
            client_session_max_lifespan: Optional[str] = None,
            consent_required: Optional[bool] = None,
            consent_screen_text: Optional[str] = None,
            description: Optional[str] = None,
            direct_access_grants_enabled: Optional[bool] = None,
            display_on_consent_screen: Optional[bool] = None,
            enabled: Optional[bool] = None,
            exclude_session_state_from_auth_response: Optional[bool] = None,
            extra_config: Optional[Mapping[str, Any]] = None,
            frontchannel_logout_enabled: Optional[bool] = None,
            frontchannel_logout_url: Optional[str] = None,
            full_scope_allowed: Optional[bool] = None,
            implicit_flow_enabled: Optional[bool] = None,
            import_: Optional[bool] = None,
            login_theme: Optional[str] = None,
            name: Optional[str] = None,
            oauth2_device_authorization_grant_enabled: Optional[bool] = None,
            oauth2_device_code_lifespan: Optional[str] = None,
            oauth2_device_polling_interval: Optional[str] = None,
            pkce_code_challenge_method: Optional[str] = None,
            realm_id: Optional[str] = None,
            resource_server_id: Optional[str] = None,
            root_url: Optional[str] = None,
            service_account_user_id: Optional[str] = None,
            service_accounts_enabled: Optional[bool] = None,
            standard_flow_enabled: Optional[bool] = None,
            use_refresh_tokens: Optional[bool] = None,
            use_refresh_tokens_client_credentials: Optional[bool] = None,
            valid_post_logout_redirect_uris: Optional[Sequence[str]] = None,
            valid_redirect_uris: Optional[Sequence[str]] = None,
            web_origins: Optional[Sequence[str]] = None) -> Client
    func GetClient(ctx *Context, name string, id IDInput, state *ClientState, opts ...ResourceOption) (*Client, error)
    public static Client Get(string name, Input<string> id, ClientState? state, CustomResourceOptions? opts = null)
    public static Client get(String name, Output<String> id, ClientState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AccessTokenLifespan string
    AccessType string
    AdminUrl string
    AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverrides
    Authorization ClientAuthorization
    BackchannelLogoutRevokeOfflineSessions bool
    BackchannelLogoutSessionRequired bool
    BackchannelLogoutUrl string
    BaseUrl string
    ClientAuthenticatorType string
    ClientId string
    ClientOfflineSessionIdleTimeout string
    ClientOfflineSessionMaxLifespan string
    ClientSecret string
    ClientSessionIdleTimeout string
    ClientSessionMaxLifespan string
    ConsentRequired bool
    ConsentScreenText string
    Description string
    DirectAccessGrantsEnabled bool
    DisplayOnConsentScreen bool
    Enabled bool
    ExcludeSessionStateFromAuthResponse bool
    ExtraConfig Dictionary<string, object>
    FrontchannelLogoutEnabled bool
    FrontchannelLogoutUrl string
    FullScopeAllowed bool
    ImplicitFlowEnabled bool
    Import bool
    LoginTheme string
    Name string
    Oauth2DeviceAuthorizationGrantEnabled bool
    Oauth2DeviceCodeLifespan string
    Oauth2DevicePollingInterval string
    PkceCodeChallengeMethod string
    RealmId string
    ResourceServerId string
    RootUrl string
    ServiceAccountUserId string
    ServiceAccountsEnabled bool
    StandardFlowEnabled bool
    UseRefreshTokens bool
    UseRefreshTokensClientCredentials bool
    ValidPostLogoutRedirectUris List<string>
    ValidRedirectUris List<string>
    WebOrigins List<string>
    AccessTokenLifespan string
    AccessType string
    AdminUrl string
    AuthenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverridesArgs
    Authorization ClientAuthorizationArgs
    BackchannelLogoutRevokeOfflineSessions bool
    BackchannelLogoutSessionRequired bool
    BackchannelLogoutUrl string
    BaseUrl string
    ClientAuthenticatorType string
    ClientId string
    ClientOfflineSessionIdleTimeout string
    ClientOfflineSessionMaxLifespan string
    ClientSecret string
    ClientSessionIdleTimeout string
    ClientSessionMaxLifespan string
    ConsentRequired bool
    ConsentScreenText string
    Description string
    DirectAccessGrantsEnabled bool
    DisplayOnConsentScreen bool
    Enabled bool
    ExcludeSessionStateFromAuthResponse bool
    ExtraConfig map[string]interface{}
    FrontchannelLogoutEnabled bool
    FrontchannelLogoutUrl string
    FullScopeAllowed bool
    ImplicitFlowEnabled bool
    Import bool
    LoginTheme string
    Name string
    Oauth2DeviceAuthorizationGrantEnabled bool
    Oauth2DeviceCodeLifespan string
    Oauth2DevicePollingInterval string
    PkceCodeChallengeMethod string
    RealmId string
    ResourceServerId string
    RootUrl string
    ServiceAccountUserId string
    ServiceAccountsEnabled bool
    StandardFlowEnabled bool
    UseRefreshTokens bool
    UseRefreshTokensClientCredentials bool
    ValidPostLogoutRedirectUris []string
    ValidRedirectUris []string
    WebOrigins []string
    accessTokenLifespan String
    accessType String
    adminUrl String
    authenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverrides
    authorization ClientAuthorization
    backchannelLogoutRevokeOfflineSessions Boolean
    backchannelLogoutSessionRequired Boolean
    backchannelLogoutUrl String
    baseUrl String
    clientAuthenticatorType String
    clientId String
    clientOfflineSessionIdleTimeout String
    clientOfflineSessionMaxLifespan String
    clientSecret String
    clientSessionIdleTimeout String
    clientSessionMaxLifespan String
    consentRequired Boolean
    consentScreenText String
    description String
    directAccessGrantsEnabled Boolean
    displayOnConsentScreen Boolean
    enabled Boolean
    excludeSessionStateFromAuthResponse Boolean
    extraConfig Map<String,Object>
    frontchannelLogoutEnabled Boolean
    frontchannelLogoutUrl String
    fullScopeAllowed Boolean
    implicitFlowEnabled Boolean
    import_ Boolean
    loginTheme String
    name String
    oauth2DeviceAuthorizationGrantEnabled Boolean
    oauth2DeviceCodeLifespan String
    oauth2DevicePollingInterval String
    pkceCodeChallengeMethod String
    realmId String
    resourceServerId String
    rootUrl String
    serviceAccountUserId String
    serviceAccountsEnabled Boolean
    standardFlowEnabled Boolean
    useRefreshTokens Boolean
    useRefreshTokensClientCredentials Boolean
    validPostLogoutRedirectUris List<String>
    validRedirectUris List<String>
    webOrigins List<String>
    accessTokenLifespan string
    accessType string
    adminUrl string
    authenticationFlowBindingOverrides ClientAuthenticationFlowBindingOverrides
    authorization ClientAuthorization
    backchannelLogoutRevokeOfflineSessions boolean
    backchannelLogoutSessionRequired boolean
    backchannelLogoutUrl string
    baseUrl string
    clientAuthenticatorType string
    clientId string
    clientOfflineSessionIdleTimeout string
    clientOfflineSessionMaxLifespan string
    clientSecret string
    clientSessionIdleTimeout string
    clientSessionMaxLifespan string
    consentRequired boolean
    consentScreenText string
    description string
    directAccessGrantsEnabled boolean
    displayOnConsentScreen boolean
    enabled boolean
    excludeSessionStateFromAuthResponse boolean
    extraConfig {[key: string]: any}
    frontchannelLogoutEnabled boolean
    frontchannelLogoutUrl string
    fullScopeAllowed boolean
    implicitFlowEnabled boolean
    import boolean
    loginTheme string
    name string
    oauth2DeviceAuthorizationGrantEnabled boolean
    oauth2DeviceCodeLifespan string
    oauth2DevicePollingInterval string
    pkceCodeChallengeMethod string
    realmId string
    resourceServerId string
    rootUrl string
    serviceAccountUserId string
    serviceAccountsEnabled boolean
    standardFlowEnabled boolean
    useRefreshTokens boolean
    useRefreshTokensClientCredentials boolean
    validPostLogoutRedirectUris string[]
    validRedirectUris string[]
    webOrigins string[]
    access_token_lifespan str
    access_type str
    admin_url str
    authentication_flow_binding_overrides ClientAuthenticationFlowBindingOverridesArgs
    authorization ClientAuthorizationArgs
    backchannel_logout_revoke_offline_sessions bool
    backchannel_logout_session_required bool
    backchannel_logout_url str
    base_url str
    client_authenticator_type str
    client_id str
    client_offline_session_idle_timeout str
    client_offline_session_max_lifespan str
    client_secret str
    client_session_idle_timeout str
    client_session_max_lifespan str
    consent_required bool
    consent_screen_text str
    description str
    direct_access_grants_enabled bool
    display_on_consent_screen bool
    enabled bool
    exclude_session_state_from_auth_response bool
    extra_config Mapping[str, Any]
    frontchannel_logout_enabled bool
    frontchannel_logout_url str
    full_scope_allowed bool
    implicit_flow_enabled bool
    import_ bool
    login_theme str
    name str
    oauth2_device_authorization_grant_enabled bool
    oauth2_device_code_lifespan str
    oauth2_device_polling_interval str
    pkce_code_challenge_method str
    realm_id str
    resource_server_id str
    root_url str
    service_account_user_id str
    service_accounts_enabled bool
    standard_flow_enabled bool
    use_refresh_tokens bool
    use_refresh_tokens_client_credentials bool
    valid_post_logout_redirect_uris Sequence[str]
    valid_redirect_uris Sequence[str]
    web_origins Sequence[str]
    accessTokenLifespan String
    accessType String
    adminUrl String
    authenticationFlowBindingOverrides Property Map
    authorization Property Map
    backchannelLogoutRevokeOfflineSessions Boolean
    backchannelLogoutSessionRequired Boolean
    backchannelLogoutUrl String
    baseUrl String
    clientAuthenticatorType String
    clientId String
    clientOfflineSessionIdleTimeout String
    clientOfflineSessionMaxLifespan String
    clientSecret String
    clientSessionIdleTimeout String
    clientSessionMaxLifespan String
    consentRequired Boolean
    consentScreenText String
    description String
    directAccessGrantsEnabled Boolean
    displayOnConsentScreen Boolean
    enabled Boolean
    excludeSessionStateFromAuthResponse Boolean
    extraConfig Map<Any>
    frontchannelLogoutEnabled Boolean
    frontchannelLogoutUrl String
    fullScopeAllowed Boolean
    implicitFlowEnabled Boolean
    import Boolean
    loginTheme String
    name String
    oauth2DeviceAuthorizationGrantEnabled Boolean
    oauth2DeviceCodeLifespan String
    oauth2DevicePollingInterval String
    pkceCodeChallengeMethod String
    realmId String
    resourceServerId String
    rootUrl String
    serviceAccountUserId String
    serviceAccountsEnabled Boolean
    standardFlowEnabled Boolean
    useRefreshTokens Boolean
    useRefreshTokensClientCredentials Boolean
    validPostLogoutRedirectUris List<String>
    validRedirectUris List<String>
    webOrigins List<String>

    Supporting Types

    ClientAuthenticationFlowBindingOverrides, ClientAuthenticationFlowBindingOverridesArgs

    ClientAuthorization, ClientAuthorizationArgs

    Package Details

    Repository
    Keycloak pulumi/pulumi-keycloak
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the keycloak Terraform Provider.
    keycloak logo
    Keycloak v5.3.2 published on Friday, May 10, 2024 by Pulumi