Keycloak v5.3.2 published on Friday, May 10, 2024 by Pulumi
keycloak.openid.getClient
Explore with Pulumi AI
# keycloak.openid.Client data source
This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realmManagement = keycloak.openid.getClient({
realmId: "my-realm",
clientId: "realm-management",
});
// use the data source
const admin = realmManagement.then(realmManagement => keycloak.getRole({
realmId: "my-realm",
clientId: realmManagement.id,
name: "realm-admin",
}));
import pulumi
import pulumi_keycloak as keycloak
realm_management = keycloak.openid.get_client(realm_id="my-realm",
client_id="realm-management")
# use the data source
admin = keycloak.get_role(realm_id="my-realm",
client_id=realm_management.id,
name="realm-admin")
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realmManagement, err := openid.LookupClient(ctx, &openid.LookupClientArgs{
RealmId: "my-realm",
ClientId: "realm-management",
}, nil)
if err != nil {
return err
}
// use the data source
_, err = keycloak.LookupRole(ctx, &keycloak.LookupRoleArgs{
RealmId: "my-realm",
ClientId: pulumi.StringRef(realmManagement.Id),
Name: "realm-admin",
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realmManagement = Keycloak.OpenId.GetClient.Invoke(new()
{
RealmId = "my-realm",
ClientId = "realm-management",
});
// use the data source
var admin = Keycloak.GetRole.Invoke(new()
{
RealmId = "my-realm",
ClientId = realmManagement.Apply(getClientResult => getClientResult.Id),
Name = "realm-admin",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.openid.OpenidFunctions;
import com.pulumi.keycloak.openid.inputs.GetClientArgs;
import com.pulumi.keycloak.KeycloakFunctions;
import com.pulumi.keycloak.inputs.GetRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()
.realmId("my-realm")
.clientId("realm-management")
.build());
// use the data source
final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder()
.realmId("my-realm")
.clientId(realmManagement.applyValue(getClientResult -> getClientResult.id()))
.name("realm-admin")
.build());
}
}
variables:
realmManagement:
fn::invoke:
Function: keycloak:openid:getClient
Arguments:
realmId: my-realm
clientId: realm-management
# use the data source
admin:
fn::invoke:
Function: keycloak:getRole
Arguments:
realmId: my-realm
clientId: ${realmManagement.id}
name: realm-admin
Argument Reference
The following arguments are supported:
realm_id
- (Required) The realm id.client_id
- (Required) The client id.
Attributes Reference
See the docs for the keycloak.openid.Client
resource for details on the exported attributes.
Using getClient
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getClient(args: GetClientArgs, opts?: InvokeOptions): Promise<GetClientResult>
function getClientOutput(args: GetClientOutputArgs, opts?: InvokeOptions): Output<GetClientResult>
def get_client(client_id: Optional[str] = None,
consent_screen_text: Optional[str] = None,
display_on_consent_screen: Optional[bool] = None,
extra_config: Optional[Mapping[str, Any]] = None,
oauth2_device_authorization_grant_enabled: Optional[bool] = None,
oauth2_device_code_lifespan: Optional[str] = None,
oauth2_device_polling_interval: Optional[str] = None,
realm_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetClientResult
def get_client_output(client_id: Optional[pulumi.Input[str]] = None,
consent_screen_text: Optional[pulumi.Input[str]] = None,
display_on_consent_screen: Optional[pulumi.Input[bool]] = None,
extra_config: Optional[pulumi.Input[Mapping[str, Any]]] = None,
oauth2_device_authorization_grant_enabled: Optional[pulumi.Input[bool]] = None,
oauth2_device_code_lifespan: Optional[pulumi.Input[str]] = None,
oauth2_device_polling_interval: Optional[pulumi.Input[str]] = None,
realm_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetClientResult]
func LookupClient(ctx *Context, args *LookupClientArgs, opts ...InvokeOption) (*LookupClientResult, error)
func LookupClientOutput(ctx *Context, args *LookupClientOutputArgs, opts ...InvokeOption) LookupClientResultOutput
> Note: This function is named LookupClient
in the Go SDK.
public static class GetClient
{
public static Task<GetClientResult> InvokeAsync(GetClientArgs args, InvokeOptions? opts = null)
public static Output<GetClientResult> Invoke(GetClientInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetClientResult> getClient(GetClientArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: keycloak:openid/getClient:getClient
arguments:
# arguments dictionary
The following arguments are supported:
- Client
Id string - Realm
Id string - Consent
Screen stringText - Display
On boolConsent Screen - Extra
Config Dictionary<string, object> - bool
- Oauth2Device
Code stringLifespan - Oauth2Device
Polling stringInterval
- Client
Id string - Realm
Id string - Consent
Screen stringText - Display
On boolConsent Screen - Extra
Config map[string]interface{} - bool
- Oauth2Device
Code stringLifespan - Oauth2Device
Polling stringInterval
- client
Id String - realm
Id String - consent
Screen StringText - display
On BooleanConsent Screen - extra
Config Map<String,Object> - Boolean
- oauth2Device
Code StringLifespan - oauth2Device
Polling StringInterval
- client
Id string - realm
Id string - consent
Screen stringText - display
On booleanConsent Screen - extra
Config {[key: string]: any} - boolean
- oauth2Device
Code stringLifespan - oauth2Device
Polling stringInterval
- client_
id str - realm_
id str - consent_
screen_ strtext - display_
on_ boolconsent_ screen - extra_
config Mapping[str, Any] - bool
- oauth2_
device_ strcode_ lifespan - oauth2_
device_ strpolling_ interval
- client
Id String - realm
Id String - consent
Screen StringText - display
On BooleanConsent Screen - extra
Config Map<Any> - Boolean
- oauth2Device
Code StringLifespan - oauth2Device
Polling StringInterval
getClient Result
The following output properties are available:
- Access
Token stringLifespan - Access
Type string - Admin
Url string - Authentication
Flow List<GetBinding Overrides Client Authentication Flow Binding Override> - List<Get
Client Authorization> - Backchannel
Logout boolRevoke Offline Sessions - Backchannel
Logout boolSession Required - Backchannel
Logout stringUrl - Base
Url string - Client
Authenticator stringType - Client
Id string - Client
Offline stringSession Idle Timeout - Client
Offline stringSession Max Lifespan - Client
Secret string - Client
Session stringIdle Timeout - Client
Session stringMax Lifespan - Consent
Required bool - Description string
- Direct
Access boolGrants Enabled - Enabled bool
- Exclude
Session boolState From Auth Response - Extra
Config Dictionary<string, object> - Frontchannel
Logout boolEnabled - Frontchannel
Logout stringUrl - Full
Scope boolAllowed - Id string
- The provider-assigned unique ID for this managed resource.
- Implicit
Flow boolEnabled - Login
Theme string - Name string
- Pkce
Code stringChallenge Method - Realm
Id string - Resource
Server stringId - Root
Url string - Service
Account stringUser Id - Service
Accounts boolEnabled - Standard
Flow boolEnabled - Use
Refresh boolTokens - Use
Refresh boolTokens Client Credentials - Valid
Post List<string>Logout Redirect Uris - Valid
Redirect List<string>Uris - Web
Origins List<string> - Consent
Screen stringText - Display
On boolConsent Screen - bool
- Oauth2Device
Code stringLifespan - Oauth2Device
Polling stringInterval
- Access
Token stringLifespan - Access
Type string - Admin
Url string - Authentication
Flow []GetBinding Overrides Client Authentication Flow Binding Override - []Get
Client Authorization - Backchannel
Logout boolRevoke Offline Sessions - Backchannel
Logout boolSession Required - Backchannel
Logout stringUrl - Base
Url string - Client
Authenticator stringType - Client
Id string - Client
Offline stringSession Idle Timeout - Client
Offline stringSession Max Lifespan - Client
Secret string - Client
Session stringIdle Timeout - Client
Session stringMax Lifespan - Consent
Required bool - Description string
- Direct
Access boolGrants Enabled - Enabled bool
- Exclude
Session boolState From Auth Response - Extra
Config map[string]interface{} - Frontchannel
Logout boolEnabled - Frontchannel
Logout stringUrl - Full
Scope boolAllowed - Id string
- The provider-assigned unique ID for this managed resource.
- Implicit
Flow boolEnabled - Login
Theme string - Name string
- Pkce
Code stringChallenge Method - Realm
Id string - Resource
Server stringId - Root
Url string - Service
Account stringUser Id - Service
Accounts boolEnabled - Standard
Flow boolEnabled - Use
Refresh boolTokens - Use
Refresh boolTokens Client Credentials - Valid
Post []stringLogout Redirect Uris - Valid
Redirect []stringUris - Web
Origins []string - Consent
Screen stringText - Display
On boolConsent Screen - bool
- Oauth2Device
Code stringLifespan - Oauth2Device
Polling stringInterval
- access
Token StringLifespan - access
Type String - admin
Url String - authentication
Flow List<GetBinding Overrides Client Authentication Flow Binding Override> - List<Get
Client Authorization> - backchannel
Logout BooleanRevoke Offline Sessions - backchannel
Logout BooleanSession Required - backchannel
Logout StringUrl - base
Url String - client
Authenticator StringType - client
Id String - client
Offline StringSession Idle Timeout - client
Offline StringSession Max Lifespan - client
Secret String - client
Session StringIdle Timeout - client
Session StringMax Lifespan - consent
Required Boolean - description String
- direct
Access BooleanGrants Enabled - enabled Boolean
- exclude
Session BooleanState From Auth Response - extra
Config Map<String,Object> - frontchannel
Logout BooleanEnabled - frontchannel
Logout StringUrl - full
Scope BooleanAllowed - id String
- The provider-assigned unique ID for this managed resource.
- implicit
Flow BooleanEnabled - login
Theme String - name String
- pkce
Code StringChallenge Method - realm
Id String - resource
Server StringId - root
Url String - service
Account StringUser Id - service
Accounts BooleanEnabled - standard
Flow BooleanEnabled - use
Refresh BooleanTokens - use
Refresh BooleanTokens Client Credentials - valid
Post List<String>Logout Redirect Uris - valid
Redirect List<String>Uris - web
Origins List<String> - consent
Screen StringText - display
On BooleanConsent Screen - Boolean
- oauth2Device
Code StringLifespan - oauth2Device
Polling StringInterval
- access
Token stringLifespan - access
Type string - admin
Url string - authentication
Flow GetBinding Overrides Client Authentication Flow Binding Override[] - Get
Client Authorization[] - backchannel
Logout booleanRevoke Offline Sessions - backchannel
Logout booleanSession Required - backchannel
Logout stringUrl - base
Url string - client
Authenticator stringType - client
Id string - client
Offline stringSession Idle Timeout - client
Offline stringSession Max Lifespan - client
Secret string - client
Session stringIdle Timeout - client
Session stringMax Lifespan - consent
Required boolean - description string
- direct
Access booleanGrants Enabled - enabled boolean
- exclude
Session booleanState From Auth Response - extra
Config {[key: string]: any} - frontchannel
Logout booleanEnabled - frontchannel
Logout stringUrl - full
Scope booleanAllowed - id string
- The provider-assigned unique ID for this managed resource.
- implicit
Flow booleanEnabled - login
Theme string - name string
- pkce
Code stringChallenge Method - realm
Id string - resource
Server stringId - root
Url string - service
Account stringUser Id - service
Accounts booleanEnabled - standard
Flow booleanEnabled - use
Refresh booleanTokens - use
Refresh booleanTokens Client Credentials - valid
Post string[]Logout Redirect Uris - valid
Redirect string[]Uris - web
Origins string[] - consent
Screen stringText - display
On booleanConsent Screen - boolean
- oauth2Device
Code stringLifespan - oauth2Device
Polling stringInterval
- access_
token_ strlifespan - access_
type str - admin_
url str - authentication_
flow_ Sequence[Getbinding_ overrides Client Authentication Flow Binding Override] - Sequence[Get
Client Authorization] - backchannel_
logout_ boolrevoke_ offline_ sessions - backchannel_
logout_ boolsession_ required - backchannel_
logout_ strurl - base_
url str - client_
authenticator_ strtype - client_
id str - client_
offline_ strsession_ idle_ timeout - client_
offline_ strsession_ max_ lifespan - client_
secret str - client_
session_ stridle_ timeout - client_
session_ strmax_ lifespan - consent_
required bool - description str
- direct_
access_ boolgrants_ enabled - enabled bool
- exclude_
session_ boolstate_ from_ auth_ response - extra_
config Mapping[str, Any] - frontchannel_
logout_ boolenabled - frontchannel_
logout_ strurl - full_
scope_ boolallowed - id str
- The provider-assigned unique ID for this managed resource.
- implicit_
flow_ boolenabled - login_
theme str - name str
- pkce_
code_ strchallenge_ method - realm_
id str - resource_
server_ strid - root_
url str - service_
account_ struser_ id - service_
accounts_ boolenabled - standard_
flow_ boolenabled - use_
refresh_ booltokens - use_
refresh_ booltokens_ client_ credentials - valid_
post_ Sequence[str]logout_ redirect_ uris - valid_
redirect_ Sequence[str]uris - web_
origins Sequence[str] - consent_
screen_ strtext - display_
on_ boolconsent_ screen - bool
- oauth2_
device_ strcode_ lifespan - oauth2_
device_ strpolling_ interval
- access
Token StringLifespan - access
Type String - admin
Url String - authentication
Flow List<Property Map>Binding Overrides - List<Property Map>
- backchannel
Logout BooleanRevoke Offline Sessions - backchannel
Logout BooleanSession Required - backchannel
Logout StringUrl - base
Url String - client
Authenticator StringType - client
Id String - client
Offline StringSession Idle Timeout - client
Offline StringSession Max Lifespan - client
Secret String - client
Session StringIdle Timeout - client
Session StringMax Lifespan - consent
Required Boolean - description String
- direct
Access BooleanGrants Enabled - enabled Boolean
- exclude
Session BooleanState From Auth Response - extra
Config Map<Any> - frontchannel
Logout BooleanEnabled - frontchannel
Logout StringUrl - full
Scope BooleanAllowed - id String
- The provider-assigned unique ID for this managed resource.
- implicit
Flow BooleanEnabled - login
Theme String - name String
- pkce
Code StringChallenge Method - realm
Id String - resource
Server StringId - root
Url String - service
Account StringUser Id - service
Accounts BooleanEnabled - standard
Flow BooleanEnabled - use
Refresh BooleanTokens - use
Refresh BooleanTokens Client Credentials - valid
Post List<String>Logout Redirect Uris - valid
Redirect List<String>Uris - web
Origins List<String> - consent
Screen StringText - display
On BooleanConsent Screen - Boolean
- oauth2Device
Code StringLifespan - oauth2Device
Polling StringInterval
Supporting Types
GetClientAuthenticationFlowBindingOverride
- Browser
Id string - Direct
Grant stringId
- Browser
Id string - Direct
Grant stringId
- browser
Id String - direct
Grant StringId
- browser
Id string - direct
Grant stringId
- browser_
id str - direct_
grant_ strid
- browser
Id String - direct
Grant StringId
GetClientAuthorization
- Allow
Remote boolResource Management - Decision
Strategy string - Keep
Defaults bool - Policy
Enforcement stringMode
- Allow
Remote boolResource Management - Decision
Strategy string - Keep
Defaults bool - Policy
Enforcement stringMode
- allow
Remote BooleanResource Management - decision
Strategy String - keep
Defaults Boolean - policy
Enforcement StringMode
- allow
Remote booleanResource Management - decision
Strategy string - keep
Defaults boolean - policy
Enforcement stringMode
- allow
Remote BooleanResource Management - decision
Strategy String - keep
Defaults Boolean - policy
Enforcement StringMode
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloak
Terraform Provider.