Docs
PackagesAuth0 v3.4.0 published on Wednesday, Jun 19, 2024 by Pulumi
auth0.ClientCredentials
Explore with Pulumi AI
With this resource, you can configure the method to use when making requests to any endpoint that requires this client to authenticate.
Refer to the client secret rotation guide for instructions on how to rotate client secrets with zero downtime.
Create ClientCredentials Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ClientCredentials(name: string, args: ClientCredentialsArgs, opts?: CustomResourceOptions);@overload
def ClientCredentials(resource_name: str,
args: ClientCredentialsArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ClientCredentials(resource_name: str,
opts: Optional[ResourceOptions] = None,
authentication_method: Optional[str] = None,
client_id: Optional[str] = None,
client_secret: Optional[str] = None,
private_key_jwt: Optional[ClientCredentialsPrivateKeyJwtArgs] = None)func NewClientCredentials(ctx *Context, name string, args ClientCredentialsArgs, opts ...ResourceOption) (*ClientCredentials, error)public ClientCredentials(string name, ClientCredentialsArgs args, CustomResourceOptions? opts = null)
public ClientCredentials(String name, ClientCredentialsArgs args)
public ClientCredentials(String name, ClientCredentialsArgs args, CustomResourceOptions options)
type: auth0:ClientCredentials
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ClientCredentialsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ClientCredentialsArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ClientCredentialsArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ClientCredentialsArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ClientCredentialsArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var clientCredentialsResource = new Auth0.ClientCredentials("clientCredentialsResource", new()
{
AuthenticationMethod = "string",
ClientId = "string",
ClientSecret = "string",
PrivateKeyJwt = new Auth0.Inputs.ClientCredentialsPrivateKeyJwtArgs
{
Credentials = new[]
{
new Auth0.Inputs.ClientCredentialsPrivateKeyJwtCredentialArgs
{
CredentialType = "string",
Pem = "string",
Algorithm = "string",
CreatedAt = "string",
ExpiresAt = "string",
Id = "string",
KeyId = "string",
Name = "string",
ParseExpiryFromCert = false,
UpdatedAt = "string",
},
},
},
});
example, err := auth0.NewClientCredentials(ctx, "clientCredentialsResource", &auth0.ClientCredentialsArgs{
AuthenticationMethod: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
PrivateKeyJwt: &auth0.ClientCredentialsPrivateKeyJwtArgs{
Credentials: auth0.ClientCredentialsPrivateKeyJwtCredentialArray{
&auth0.ClientCredentialsPrivateKeyJwtCredentialArgs{
CredentialType: pulumi.String("string"),
Pem: pulumi.String("string"),
Algorithm: pulumi.String("string"),
CreatedAt: pulumi.String("string"),
ExpiresAt: pulumi.String("string"),
Id: pulumi.String("string"),
KeyId: pulumi.String("string"),
Name: pulumi.String("string"),
ParseExpiryFromCert: pulumi.Bool(false),
UpdatedAt: pulumi.String("string"),
},
},
},
})
var clientCredentialsResource = new ClientCredentials("clientCredentialsResource", ClientCredentialsArgs.builder()
.authenticationMethod("string")
.clientId("string")
.clientSecret("string")
.privateKeyJwt(ClientCredentialsPrivateKeyJwtArgs.builder()
.credentials(ClientCredentialsPrivateKeyJwtCredentialArgs.builder()
.credentialType("string")
.pem("string")
.algorithm("string")
.createdAt("string")
.expiresAt("string")
.id("string")
.keyId("string")
.name("string")
.parseExpiryFromCert(false)
.updatedAt("string")
.build())
.build())
.build());
client_credentials_resource = auth0.ClientCredentials("clientCredentialsResource",
authentication_method="string",
client_id="string",
client_secret="string",
private_key_jwt=auth0.ClientCredentialsPrivateKeyJwtArgs(
credentials=[auth0.ClientCredentialsPrivateKeyJwtCredentialArgs(
credential_type="string",
pem="string",
algorithm="string",
created_at="string",
expires_at="string",
id="string",
key_id="string",
name="string",
parse_expiry_from_cert=False,
updated_at="string",
)],
))
const clientCredentialsResource = new auth0.ClientCredentials("clientCredentialsResource", {
authenticationMethod: "string",
clientId: "string",
clientSecret: "string",
privateKeyJwt: {
credentials: [{
credentialType: "string",
pem: "string",
algorithm: "string",
createdAt: "string",
expiresAt: "string",
id: "string",
keyId: "string",
name: "string",
parseExpiryFromCert: false,
updatedAt: "string",
}],
},
});
type: auth0:ClientCredentials
properties:
authenticationMethod: string
clientId: string
clientSecret: string
privateKeyJwt:
credentials:
- algorithm: string
createdAt: string
credentialType: string
expiresAt: string
id: string
keyId: string
name: string
parseExpiryFromCert: false
pem: string
updatedAt: string
ClientCredentials Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ClientCredentials resource accepts the following input properties:
- Authentication
Method string - Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include
none(public client without a client secret),client_secret_post(confidential client using HTTP POST parameters),client_secret_basic(confidential client using HTTP Basic),private_key_jwt(confidential client using a Private Key JWT). - Client
Id string - The ID of the client for which to configure the authentication method.
- Client
Secret string - Private
Key ClientJwt Credentials Private Key Jwt - Defines
private_key_jwtclient authentication method.
- Authentication
Method string - Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include
none(public client without a client secret),client_secret_post(confidential client using HTTP POST parameters),client_secret_basic(confidential client using HTTP Basic),private_key_jwt(confidential client using a Private Key JWT). - Client
Id string - The ID of the client for which to configure the authentication method.
- Client
Secret string - Private
Key ClientJwt Credentials Private Key Jwt Args - Defines
private_key_jwtclient authentication method.
- authentication
Method String - Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include
none(public client without a client secret),client_secret_post(confidential client using HTTP POST parameters),client_secret_basic(confidential client using HTTP Basic),private_key_jwt(confidential client using a Private Key JWT). - client
Id String - The ID of the client for which to configure the authentication method.
- client
Secret String - private
Key ClientJwt Credentials Private Key Jwt - Defines
private_key_jwtclient authentication method.
- authentication
Method string - Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include
none(public client without a client secret),client_secret_post(confidential client using HTTP POST parameters),client_secret_basic(confidential client using HTTP Basic),private_key_jwt(confidential client using a Private Key JWT). - client
Id string - The ID of the client for which to configure the authentication method.
- client
Secret string - private
Key ClientJwt Credentials Private Key Jwt - Defines
private_key_jwtclient authentication method.
- authentication_
method str - Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include
none(public client without a client secret),client_secret_post(confidential client using HTTP POST parameters),client_secret_basic(confidential client using HTTP Basic),private_key_jwt(confidential client using a Private Key JWT). - client_
id str - The ID of the client for which to configure the authentication method.
- client_
secret str - private_
key_ Clientjwt Credentials Private Key Jwt Args - Defines
private_key_jwtclient authentication method.
- authentication
Method String - Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include
none(public client without a client secret),client_secret_post(confidential client using HTTP POST parameters),client_secret_basic(confidential client using HTTP Basic),private_key_jwt(confidential client using a Private Key JWT). - client
Id String - The ID of the client for which to configure the authentication method.
- client
Secret String - private
Key Property MapJwt - Defines
private_key_jwtclient authentication method.
Outputs
All input properties are implicitly available as output properties. Additionally, the ClientCredentials resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ClientCredentials Resource
Get an existing ClientCredentials resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ClientCredentialsState, opts?: CustomResourceOptions): ClientCredentials@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
authentication_method: Optional[str] = None,
client_id: Optional[str] = None,
client_secret: Optional[str] = None,
private_key_jwt: Optional[ClientCredentialsPrivateKeyJwtArgs] = None) -> ClientCredentialsfunc GetClientCredentials(ctx *Context, name string, id IDInput, state *ClientCredentialsState, opts ...ResourceOption) (*ClientCredentials, error)public static ClientCredentials Get(string name, Input<string> id, ClientCredentialsState? state, CustomResourceOptions? opts = null)public static ClientCredentials get(String name, Output<String> id, ClientCredentialsState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Authentication
Method string - Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include
none(public client without a client secret),client_secret_post(confidential client using HTTP POST parameters),client_secret_basic(confidential client using HTTP Basic),private_key_jwt(confidential client using a Private Key JWT). - Client
Id string - The ID of the client for which to configure the authentication method.
- Client
Secret string - Private
Key ClientJwt Credentials Private Key Jwt - Defines
private_key_jwtclient authentication method.
- Authentication
Method string - Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include
none(public client without a client secret),client_secret_post(confidential client using HTTP POST parameters),client_secret_basic(confidential client using HTTP Basic),private_key_jwt(confidential client using a Private Key JWT). - Client
Id string - The ID of the client for which to configure the authentication method.
- Client
Secret string - Private
Key ClientJwt Credentials Private Key Jwt Args - Defines
private_key_jwtclient authentication method.
- authentication
Method String - Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include
none(public client without a client secret),client_secret_post(confidential client using HTTP POST parameters),client_secret_basic(confidential client using HTTP Basic),private_key_jwt(confidential client using a Private Key JWT). - client
Id String - The ID of the client for which to configure the authentication method.
- client
Secret String - private
Key ClientJwt Credentials Private Key Jwt - Defines
private_key_jwtclient authentication method.
- authentication
Method string - Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include
none(public client without a client secret),client_secret_post(confidential client using HTTP POST parameters),client_secret_basic(confidential client using HTTP Basic),private_key_jwt(confidential client using a Private Key JWT). - client
Id string - The ID of the client for which to configure the authentication method.
- client
Secret string - private
Key ClientJwt Credentials Private Key Jwt - Defines
private_key_jwtclient authentication method.
- authentication_
method str - Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include
none(public client without a client secret),client_secret_post(confidential client using HTTP POST parameters),client_secret_basic(confidential client using HTTP Basic),private_key_jwt(confidential client using a Private Key JWT). - client_
id str - The ID of the client for which to configure the authentication method.
- client_
secret str - private_
key_ Clientjwt Credentials Private Key Jwt Args - Defines
private_key_jwtclient authentication method.
- authentication
Method String - Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include
none(public client without a client secret),client_secret_post(confidential client using HTTP POST parameters),client_secret_basic(confidential client using HTTP Basic),private_key_jwt(confidential client using a Private Key JWT). - client
Id String - The ID of the client for which to configure the authentication method.
- client
Secret String - private
Key Property MapJwt - Defines
private_key_jwtclient authentication method.
Supporting Types
ClientCredentialsPrivateKeyJwt, ClientCredentialsPrivateKeyJwtArgs
- Credentials
List<Client
Credentials Private Key Jwt Credential> - Client credentials available for use when Private Key JWT is in use as the client authentication method. A maximum of 2 client credentials can be set.
- Credentials
[]Client
Credentials Private Key Jwt Credential - Client credentials available for use when Private Key JWT is in use as the client authentication method. A maximum of 2 client credentials can be set.
- credentials
List<Client
Credentials Private Key Jwt Credential> - Client credentials available for use when Private Key JWT is in use as the client authentication method. A maximum of 2 client credentials can be set.
- credentials
Client
Credentials Private Key Jwt Credential[] - Client credentials available for use when Private Key JWT is in use as the client authentication method. A maximum of 2 client credentials can be set.
- credentials
Sequence[Client
Credentials Private Key Jwt Credential] - Client credentials available for use when Private Key JWT is in use as the client authentication method. A maximum of 2 client credentials can be set.
- credentials List<Property Map>
- Client credentials available for use when Private Key JWT is in use as the client authentication method. A maximum of 2 client credentials can be set.
ClientCredentialsPrivateKeyJwtCredential, ClientCredentialsPrivateKeyJwtCredentialArgs
- Credential
Type string - Credential type. Supported types:
public_key. - Pem string
- PEM-formatted public key (SPKI and PKCS1) or X509 certificate. Must be JSON escaped.
- Algorithm string
- Algorithm which will be used with the credential. Can be one of
RS256,RS384,PS256. If not specified,RS256will be used. - Created
At string - The ISO 8601 formatted date the credential was created.
- Expires
At string - The ISO 8601 formatted date representing the expiration of the credential. It is not possible to set this to never expire after it has been set. Recreate the certificate if needed.
- Id string
- The ID of the client credential.
- Key
Id string - The key identifier of the credential, generated on creation.
- Name string
- Friendly name for a credential.
- Parse
Expiry boolFrom Cert - Parse expiry from x509 certificate. If true, attempts to parse the expiry date from the provided PEM. If also the
expires_atis set the credential expiry will be set to the explicitexpires_atvalue. - Updated
At string - The ISO 8601 formatted date the credential was updated.
- Credential
Type string - Credential type. Supported types:
public_key. - Pem string
- PEM-formatted public key (SPKI and PKCS1) or X509 certificate. Must be JSON escaped.
- Algorithm string
- Algorithm which will be used with the credential. Can be one of
RS256,RS384,PS256. If not specified,RS256will be used. - Created
At string - The ISO 8601 formatted date the credential was created.
- Expires
At string - The ISO 8601 formatted date representing the expiration of the credential. It is not possible to set this to never expire after it has been set. Recreate the certificate if needed.
- Id string
- The ID of the client credential.
- Key
Id string - The key identifier of the credential, generated on creation.
- Name string
- Friendly name for a credential.
- Parse
Expiry boolFrom Cert - Parse expiry from x509 certificate. If true, attempts to parse the expiry date from the provided PEM. If also the
expires_atis set the credential expiry will be set to the explicitexpires_atvalue. - Updated
At string - The ISO 8601 formatted date the credential was updated.
- credential
Type String - Credential type. Supported types:
public_key. - pem String
- PEM-formatted public key (SPKI and PKCS1) or X509 certificate. Must be JSON escaped.
- algorithm String
- Algorithm which will be used with the credential. Can be one of
RS256,RS384,PS256. If not specified,RS256will be used. - created
At String - The ISO 8601 formatted date the credential was created.
- expires
At String - The ISO 8601 formatted date representing the expiration of the credential. It is not possible to set this to never expire after it has been set. Recreate the certificate if needed.
- id String
- The ID of the client credential.
- key
Id String - The key identifier of the credential, generated on creation.
- name String
- Friendly name for a credential.
- parse
Expiry BooleanFrom Cert - Parse expiry from x509 certificate. If true, attempts to parse the expiry date from the provided PEM. If also the
expires_atis set the credential expiry will be set to the explicitexpires_atvalue. - updated
At String - The ISO 8601 formatted date the credential was updated.
- credential
Type string - Credential type. Supported types:
public_key. - pem string
- PEM-formatted public key (SPKI and PKCS1) or X509 certificate. Must be JSON escaped.
- algorithm string
- Algorithm which will be used with the credential. Can be one of
RS256,RS384,PS256. If not specified,RS256will be used. - created
At string - The ISO 8601 formatted date the credential was created.
- expires
At string - The ISO 8601 formatted date representing the expiration of the credential. It is not possible to set this to never expire after it has been set. Recreate the certificate if needed.
- id string
- The ID of the client credential.
- key
Id string - The key identifier of the credential, generated on creation.
- name string
- Friendly name for a credential.
- parse
Expiry booleanFrom Cert - Parse expiry from x509 certificate. If true, attempts to parse the expiry date from the provided PEM. If also the
expires_atis set the credential expiry will be set to the explicitexpires_atvalue. - updated
At string - The ISO 8601 formatted date the credential was updated.
- credential_
type str - Credential type. Supported types:
public_key. - pem str
- PEM-formatted public key (SPKI and PKCS1) or X509 certificate. Must be JSON escaped.
- algorithm str
- Algorithm which will be used with the credential. Can be one of
RS256,RS384,PS256. If not specified,RS256will be used. - created_
at str - The ISO 8601 formatted date the credential was created.
- expires_
at str - The ISO 8601 formatted date representing the expiration of the credential. It is not possible to set this to never expire after it has been set. Recreate the certificate if needed.
- id str
- The ID of the client credential.
- key_
id str - The key identifier of the credential, generated on creation.
- name str
- Friendly name for a credential.
- parse_
expiry_ boolfrom_ cert - Parse expiry from x509 certificate. If true, attempts to parse the expiry date from the provided PEM. If also the
expires_atis set the credential expiry will be set to the explicitexpires_atvalue. - updated_
at str - The ISO 8601 formatted date the credential was updated.
- credential
Type String - Credential type. Supported types:
public_key. - pem String
- PEM-formatted public key (SPKI and PKCS1) or X509 certificate. Must be JSON escaped.
- algorithm String
- Algorithm which will be used with the credential. Can be one of
RS256,RS384,PS256. If not specified,RS256will be used. - created
At String - The ISO 8601 formatted date the credential was created.
- expires
At String - The ISO 8601 formatted date representing the expiration of the credential. It is not possible to set this to never expire after it has been set. Recreate the certificate if needed.
- id String
- The ID of the client credential.
- key
Id String - The key identifier of the credential, generated on creation.
- name String
- Friendly name for a credential.
- parse
Expiry BooleanFrom Cert - Parse expiry from x509 certificate. If true, attempts to parse the expiry date from the provided PEM. If also the
expires_atis set the credential expiry will be set to the explicitexpires_atvalue. - updated
At String - The ISO 8601 formatted date the credential was updated.
Import
This resource can be imported by specifying the client ID.
Example:
$ pulumi import auth0:index/clientCredentials:ClientCredentials my_creds "AaiyAPdpYdesoKnqjj8HJqRn4T5titww"
~> Importing this resource when the authentication_method is set to private_key_jwt will force the resource to be recreated.
This is to be expected, because the pem file can’t be checked for differences.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Auth0 pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
auth0Terraform Provider.