Docs Home
authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik
authentik.ProviderOauth2
Explore with Pulumi AI
authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as authentik from "@pulumi/authentik";
// Create an OAuth2 Provider
const nameProviderOauth2 = new authentik.ProviderOauth2("nameProviderOauth2", {
clientId: "grafana",
allowedRedirectUris: [{
matching_mode: "strict",
url: "http://localhost",
}],
});
const nameApplication = new authentik.Application("nameApplication", {
slug: "test-app",
protocolProvider: nameProviderOauth2.providerOauth2Id,
});
import pulumi
import pulumi_authentik as authentik
# Create an OAuth2 Provider
name_provider_oauth2 = authentik.ProviderOauth2("nameProviderOauth2",
client_id="grafana",
allowed_redirect_uris=[{
"matching_mode": "strict",
"url": "http://localhost",
}])
name_application = authentik.Application("nameApplication",
slug="test-app",
protocol_provider=name_provider_oauth2.provider_oauth2_id)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/authentik/v2025/authentik"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Create an OAuth2 Provider
nameProviderOauth2, err := authentik.NewProviderOauth2(ctx, "nameProviderOauth2", &authentik.ProviderOauth2Args{
ClientId: pulumi.String("grafana"),
AllowedRedirectUris: pulumi.StringMapArray{
pulumi.StringMap{
"matching_mode": pulumi.String("strict"),
"url": pulumi.String("http://localhost"),
},
},
})
if err != nil {
return err
}
_, err = authentik.NewApplication(ctx, "nameApplication", &authentik.ApplicationArgs{
Slug: pulumi.String("test-app"),
ProtocolProvider: nameProviderOauth2.ProviderOauth2Id,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Authentik = Pulumi.Authentik;
return await Deployment.RunAsync(() =>
{
// Create an OAuth2 Provider
var nameProviderOauth2 = new Authentik.ProviderOauth2("nameProviderOauth2", new()
{
ClientId = "grafana",
AllowedRedirectUris = new[]
{
{
{ "matching_mode", "strict" },
{ "url", "http://localhost" },
},
},
});
var nameApplication = new Authentik.Application("nameApplication", new()
{
Slug = "test-app",
ProtocolProvider = nameProviderOauth2.ProviderOauth2Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.authentik.ProviderOauth2;
import com.pulumi.authentik.ProviderOauth2Args;
import com.pulumi.authentik.Application;
import com.pulumi.authentik.ApplicationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Create an OAuth2 Provider
var nameProviderOauth2 = new ProviderOauth2("nameProviderOauth2", ProviderOauth2Args.builder()
.clientId("grafana")
.allowedRedirectUris(Map.ofEntries(
Map.entry("matching_mode", "strict"),
Map.entry("url", "http://localhost")
))
.build());
var nameApplication = new Application("nameApplication", ApplicationArgs.builder()
.slug("test-app")
.protocolProvider(nameProviderOauth2.providerOauth2Id())
.build());
}
}
resources:
# Create an OAuth2 Provider
nameProviderOauth2:
type: authentik:ProviderOauth2
properties:
clientId: grafana
allowedRedirectUris:
- matching_mode: strict
url: http://localhost
nameApplication:
type: authentik:Application
properties:
slug: test-app
protocolProvider: ${nameProviderOauth2.providerOauth2Id}
Create ProviderOauth2 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ProviderOauth2(name: string, args: ProviderOauth2Args, opts?: CustomResourceOptions);@overload
def ProviderOauth2(resource_name: str,
args: ProviderOauth2Args,
opts: Optional[ResourceOptions] = None)
@overload
def ProviderOauth2(resource_name: str,
opts: Optional[ResourceOptions] = None,
invalidation_flow: Optional[str] = None,
client_id: Optional[str] = None,
authorization_flow: Optional[str] = None,
client_secret: Optional[str] = None,
authentication_flow: Optional[str] = None,
jwks_sources: Optional[Sequence[str]] = None,
access_token_validity: Optional[str] = None,
client_type: Optional[str] = None,
encryption_key: Optional[str] = None,
include_claims_in_id_token: Optional[bool] = None,
allowed_redirect_uris: Optional[Sequence[Mapping[str, str]]] = None,
access_code_validity: Optional[str] = None,
issuer_mode: Optional[str] = None,
jwt_federation_providers: Optional[Sequence[float]] = None,
jwt_federation_sources: Optional[Sequence[str]] = None,
name: Optional[str] = None,
property_mappings: Optional[Sequence[str]] = None,
provider_oauth2_id: Optional[str] = None,
refresh_token_validity: Optional[str] = None,
signing_key: Optional[str] = None,
sub_mode: Optional[str] = None)func NewProviderOauth2(ctx *Context, name string, args ProviderOauth2Args, opts ...ResourceOption) (*ProviderOauth2, error)public ProviderOauth2(string name, ProviderOauth2Args args, CustomResourceOptions? opts = null)
public ProviderOauth2(String name, ProviderOauth2Args args)
public ProviderOauth2(String name, ProviderOauth2Args args, CustomResourceOptions options)
type: authentik:ProviderOauth2
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ProviderOauth2Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ProviderOauth2Args
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ProviderOauth2Args
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ProviderOauth2Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ProviderOauth2Args
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var providerOauth2Resource = new Authentik.ProviderOauth2("providerOauth2Resource", new()
{
InvalidationFlow = "string",
ClientId = "string",
AuthorizationFlow = "string",
ClientSecret = "string",
AuthenticationFlow = "string",
JwksSources = new[]
{
"string",
},
AccessTokenValidity = "string",
ClientType = "string",
EncryptionKey = "string",
IncludeClaimsInIdToken = false,
AllowedRedirectUris = new[]
{
{
{ "string", "string" },
},
},
AccessCodeValidity = "string",
IssuerMode = "string",
JwtFederationProviders = new[]
{
0,
},
JwtFederationSources = new[]
{
"string",
},
Name = "string",
PropertyMappings = new[]
{
"string",
},
ProviderOauth2Id = "string",
RefreshTokenValidity = "string",
SigningKey = "string",
SubMode = "string",
});
example, err := authentik.NewProviderOauth2(ctx, "providerOauth2Resource", &authentik.ProviderOauth2Args{
InvalidationFlow: pulumi.String("string"),
ClientId: pulumi.String("string"),
AuthorizationFlow: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
AuthenticationFlow: pulumi.String("string"),
JwksSources: pulumi.StringArray{
pulumi.String("string"),
},
AccessTokenValidity: pulumi.String("string"),
ClientType: pulumi.String("string"),
EncryptionKey: pulumi.String("string"),
IncludeClaimsInIdToken: pulumi.Bool(false),
AllowedRedirectUris: pulumi.StringMapArray{
pulumi.StringMap{
"string": pulumi.String("string"),
},
},
AccessCodeValidity: pulumi.String("string"),
IssuerMode: pulumi.String("string"),
JwtFederationProviders: pulumi.Float64Array{
pulumi.Float64(0),
},
JwtFederationSources: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
PropertyMappings: pulumi.StringArray{
pulumi.String("string"),
},
ProviderOauth2Id: pulumi.String("string"),
RefreshTokenValidity: pulumi.String("string"),
SigningKey: pulumi.String("string"),
SubMode: pulumi.String("string"),
})
var providerOauth2Resource = new ProviderOauth2("providerOauth2Resource", ProviderOauth2Args.builder()
.invalidationFlow("string")
.clientId("string")
.authorizationFlow("string")
.clientSecret("string")
.authenticationFlow("string")
.jwksSources("string")
.accessTokenValidity("string")
.clientType("string")
.encryptionKey("string")
.includeClaimsInIdToken(false)
.allowedRedirectUris(Map.of("string", "string"))
.accessCodeValidity("string")
.issuerMode("string")
.jwtFederationProviders(0)
.jwtFederationSources("string")
.name("string")
.propertyMappings("string")
.providerOauth2Id("string")
.refreshTokenValidity("string")
.signingKey("string")
.subMode("string")
.build());
provider_oauth2_resource = authentik.ProviderOauth2("providerOauth2Resource",
invalidation_flow="string",
client_id="string",
authorization_flow="string",
client_secret="string",
authentication_flow="string",
jwks_sources=["string"],
access_token_validity="string",
client_type="string",
encryption_key="string",
include_claims_in_id_token=False,
allowed_redirect_uris=[{
"string": "string",
}],
access_code_validity="string",
issuer_mode="string",
jwt_federation_providers=[0],
jwt_federation_sources=["string"],
name="string",
property_mappings=["string"],
provider_oauth2_id="string",
refresh_token_validity="string",
signing_key="string",
sub_mode="string")
const providerOauth2Resource = new authentik.ProviderOauth2("providerOauth2Resource", {
invalidationFlow: "string",
clientId: "string",
authorizationFlow: "string",
clientSecret: "string",
authenticationFlow: "string",
jwksSources: ["string"],
accessTokenValidity: "string",
clientType: "string",
encryptionKey: "string",
includeClaimsInIdToken: false,
allowedRedirectUris: [{
string: "string",
}],
accessCodeValidity: "string",
issuerMode: "string",
jwtFederationProviders: [0],
jwtFederationSources: ["string"],
name: "string",
propertyMappings: ["string"],
providerOauth2Id: "string",
refreshTokenValidity: "string",
signingKey: "string",
subMode: "string",
});
type: authentik:ProviderOauth2
properties:
accessCodeValidity: string
accessTokenValidity: string
allowedRedirectUris:
- string: string
authenticationFlow: string
authorizationFlow: string
clientId: string
clientSecret: string
clientType: string
encryptionKey: string
includeClaimsInIdToken: false
invalidationFlow: string
issuerMode: string
jwksSources:
- string
jwtFederationProviders:
- 0
jwtFederationSources:
- string
name: string
propertyMappings:
- string
providerOauth2Id: string
refreshTokenValidity: string
signingKey: string
subMode: string
ProviderOauth2 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ProviderOauth2 resource accepts the following input properties:
- string
- Client
Id string - Invalidation
Flow string - Access
Code stringValidity - Defaults to
minutes=1. - Access
Token stringValidity - Defaults to
minutes=10. - Allowed
Redirect List<ImmutableUris Dictionary<string, string>> - Authentication
Flow string - Client
Secret string - Generated.
- Client
Type string - Allowed values: -
confidential-publicDefaults toconfidential. - Encryption
Key string - Include
Claims boolIn Id Token - Defaults to
true. - Issuer
Mode string - Allowed values: -
global-per_providerDefaults toper_provider. - Jwks
Sources List<string> - Deprecated. Use
jwt_federation_sourcesinstead. - Jwt
Federation List<double>Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- Jwt
Federation List<string>Sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- Name string
- Property
Mappings List<string> - Provider
Oauth2Id string - Refresh
Token stringValidity - Defaults to
days=30. - Signing
Key string - Sub
Mode string - Allowed values: -
hashed_user_id-user_id-user_uuid-user_username-user_email-user_upnDefaults tohashed_user_id.
- string
- Client
Id string - Invalidation
Flow string - Access
Code stringValidity - Defaults to
minutes=1. - Access
Token stringValidity - Defaults to
minutes=10. - Allowed
Redirect []map[string]stringUris - Authentication
Flow string - Client
Secret string - Generated.
- Client
Type string - Allowed values: -
confidential-publicDefaults toconfidential. - Encryption
Key string - Include
Claims boolIn Id Token - Defaults to
true. - Issuer
Mode string - Allowed values: -
global-per_providerDefaults toper_provider. - Jwks
Sources []string - Deprecated. Use
jwt_federation_sourcesinstead. - Jwt
Federation []float64Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- Jwt
Federation []stringSources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- Name string
- Property
Mappings []string - Provider
Oauth2Id string - Refresh
Token stringValidity - Defaults to
days=30. - Signing
Key string - Sub
Mode string - Allowed values: -
hashed_user_id-user_id-user_uuid-user_username-user_email-user_upnDefaults tohashed_user_id.
- String
- client
Id String - invalidation
Flow String - access
Code StringValidity - Defaults to
minutes=1. - access
Token StringValidity - Defaults to
minutes=10. - allowed
Redirect List<Map<String,String>>Uris - authentication
Flow String - client
Secret String - Generated.
- client
Type String - Allowed values: -
confidential-publicDefaults toconfidential. - encryption
Key String - include
Claims BooleanIn Id Token - Defaults to
true. - issuer
Mode String - Allowed values: -
global-per_providerDefaults toper_provider. - jwks
Sources List<String> - Deprecated. Use
jwt_federation_sourcesinstead. - jwt
Federation List<Double>Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- jwt
Federation List<String>Sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- name String
- property
Mappings List<String> - provider
Oauth2Id String - refresh
Token StringValidity - Defaults to
days=30. - signing
Key String - sub
Mode String - Allowed values: -
hashed_user_id-user_id-user_uuid-user_username-user_email-user_upnDefaults tohashed_user_id.
- string
- client
Id string - invalidation
Flow string - access
Code stringValidity - Defaults to
minutes=1. - access
Token stringValidity - Defaults to
minutes=10. - allowed
Redirect {[key: string]: string}[]Uris - authentication
Flow string - client
Secret string - Generated.
- client
Type string - Allowed values: -
confidential-publicDefaults toconfidential. - encryption
Key string - include
Claims booleanIn Id Token - Defaults to
true. - issuer
Mode string - Allowed values: -
global-per_providerDefaults toper_provider. - jwks
Sources string[] - Deprecated. Use
jwt_federation_sourcesinstead. - jwt
Federation number[]Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- jwt
Federation string[]Sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- name string
- property
Mappings string[] - provider
Oauth2Id string - refresh
Token stringValidity - Defaults to
days=30. - signing
Key string - sub
Mode string - Allowed values: -
hashed_user_id-user_id-user_uuid-user_username-user_email-user_upnDefaults tohashed_user_id.
- str
- client_
id str - invalidation_
flow str - access_
code_ strvalidity - Defaults to
minutes=1. - access_
token_ strvalidity - Defaults to
minutes=10. - allowed_
redirect_ Sequence[Mapping[str, str]]uris - authentication_
flow str - client_
secret str - Generated.
- client_
type str - Allowed values: -
confidential-publicDefaults toconfidential. - encryption_
key str - include_
claims_ boolin_ id_ token - Defaults to
true. - issuer_
mode str - Allowed values: -
global-per_providerDefaults toper_provider. - jwks_
sources Sequence[str] - Deprecated. Use
jwt_federation_sourcesinstead. - jwt_
federation_ Sequence[float]providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- jwt_
federation_ Sequence[str]sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- name str
- property_
mappings Sequence[str] - provider_
oauth2_ strid - refresh_
token_ strvalidity - Defaults to
days=30. - signing_
key str - sub_
mode str - Allowed values: -
hashed_user_id-user_id-user_uuid-user_username-user_email-user_upnDefaults tohashed_user_id.
- String
- client
Id String - invalidation
Flow String - access
Code StringValidity - Defaults to
minutes=1. - access
Token StringValidity - Defaults to
minutes=10. - allowed
Redirect List<Map<String>>Uris - authentication
Flow String - client
Secret String - Generated.
- client
Type String - Allowed values: -
confidential-publicDefaults toconfidential. - encryption
Key String - include
Claims BooleanIn Id Token - Defaults to
true. - issuer
Mode String - Allowed values: -
global-per_providerDefaults toper_provider. - jwks
Sources List<String> - Deprecated. Use
jwt_federation_sourcesinstead. - jwt
Federation List<Number>Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- jwt
Federation List<String>Sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- name String
- property
Mappings List<String> - provider
Oauth2Id String - refresh
Token StringValidity - Defaults to
days=30. - signing
Key String - sub
Mode String - Allowed values: -
hashed_user_id-user_id-user_uuid-user_username-user_email-user_upnDefaults tohashed_user_id.
Outputs
All input properties are implicitly available as output properties. Additionally, the ProviderOauth2 resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ProviderOauth2 Resource
Get an existing ProviderOauth2 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ProviderOauth2State, opts?: CustomResourceOptions): ProviderOauth2@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_code_validity: Optional[str] = None,
access_token_validity: Optional[str] = None,
allowed_redirect_uris: Optional[Sequence[Mapping[str, str]]] = None,
authentication_flow: Optional[str] = None,
authorization_flow: Optional[str] = None,
client_id: Optional[str] = None,
client_secret: Optional[str] = None,
client_type: Optional[str] = None,
encryption_key: Optional[str] = None,
include_claims_in_id_token: Optional[bool] = None,
invalidation_flow: Optional[str] = None,
issuer_mode: Optional[str] = None,
jwks_sources: Optional[Sequence[str]] = None,
jwt_federation_providers: Optional[Sequence[float]] = None,
jwt_federation_sources: Optional[Sequence[str]] = None,
name: Optional[str] = None,
property_mappings: Optional[Sequence[str]] = None,
provider_oauth2_id: Optional[str] = None,
refresh_token_validity: Optional[str] = None,
signing_key: Optional[str] = None,
sub_mode: Optional[str] = None) -> ProviderOauth2func GetProviderOauth2(ctx *Context, name string, id IDInput, state *ProviderOauth2State, opts ...ResourceOption) (*ProviderOauth2, error)public static ProviderOauth2 Get(string name, Input<string> id, ProviderOauth2State? state, CustomResourceOptions? opts = null)public static ProviderOauth2 get(String name, Output<String> id, ProviderOauth2State state, CustomResourceOptions options)resources: _: type: authentik:ProviderOauth2 get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Code stringValidity - Defaults to
minutes=1. - Access
Token stringValidity - Defaults to
minutes=10. - Allowed
Redirect List<ImmutableUris Dictionary<string, string>> - Authentication
Flow string - string
- Client
Id string - Client
Secret string - Generated.
- Client
Type string - Allowed values: -
confidential-publicDefaults toconfidential. - Encryption
Key string - Include
Claims boolIn Id Token - Defaults to
true. - Invalidation
Flow string - Issuer
Mode string - Allowed values: -
global-per_providerDefaults toper_provider. - Jwks
Sources List<string> - Deprecated. Use
jwt_federation_sourcesinstead. - Jwt
Federation List<double>Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- Jwt
Federation List<string>Sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- Name string
- Property
Mappings List<string> - Provider
Oauth2Id string - Refresh
Token stringValidity - Defaults to
days=30. - Signing
Key string - Sub
Mode string - Allowed values: -
hashed_user_id-user_id-user_uuid-user_username-user_email-user_upnDefaults tohashed_user_id.
- Access
Code stringValidity - Defaults to
minutes=1. - Access
Token stringValidity - Defaults to
minutes=10. - Allowed
Redirect []map[string]stringUris - Authentication
Flow string - string
- Client
Id string - Client
Secret string - Generated.
- Client
Type string - Allowed values: -
confidential-publicDefaults toconfidential. - Encryption
Key string - Include
Claims boolIn Id Token - Defaults to
true. - Invalidation
Flow string - Issuer
Mode string - Allowed values: -
global-per_providerDefaults toper_provider. - Jwks
Sources []string - Deprecated. Use
jwt_federation_sourcesinstead. - Jwt
Federation []float64Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- Jwt
Federation []stringSources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- Name string
- Property
Mappings []string - Provider
Oauth2Id string - Refresh
Token stringValidity - Defaults to
days=30. - Signing
Key string - Sub
Mode string - Allowed values: -
hashed_user_id-user_id-user_uuid-user_username-user_email-user_upnDefaults tohashed_user_id.
- access
Code StringValidity - Defaults to
minutes=1. - access
Token StringValidity - Defaults to
minutes=10. - allowed
Redirect List<Map<String,String>>Uris - authentication
Flow String - String
- client
Id String - client
Secret String - Generated.
- client
Type String - Allowed values: -
confidential-publicDefaults toconfidential. - encryption
Key String - include
Claims BooleanIn Id Token - Defaults to
true. - invalidation
Flow String - issuer
Mode String - Allowed values: -
global-per_providerDefaults toper_provider. - jwks
Sources List<String> - Deprecated. Use
jwt_federation_sourcesinstead. - jwt
Federation List<Double>Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- jwt
Federation List<String>Sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- name String
- property
Mappings List<String> - provider
Oauth2Id String - refresh
Token StringValidity - Defaults to
days=30. - signing
Key String - sub
Mode String - Allowed values: -
hashed_user_id-user_id-user_uuid-user_username-user_email-user_upnDefaults tohashed_user_id.
- access
Code stringValidity - Defaults to
minutes=1. - access
Token stringValidity - Defaults to
minutes=10. - allowed
Redirect {[key: string]: string}[]Uris - authentication
Flow string - string
- client
Id string - client
Secret string - Generated.
- client
Type string - Allowed values: -
confidential-publicDefaults toconfidential. - encryption
Key string - include
Claims booleanIn Id Token - Defaults to
true. - invalidation
Flow string - issuer
Mode string - Allowed values: -
global-per_providerDefaults toper_provider. - jwks
Sources string[] - Deprecated. Use
jwt_federation_sourcesinstead. - jwt
Federation number[]Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- jwt
Federation string[]Sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- name string
- property
Mappings string[] - provider
Oauth2Id string - refresh
Token stringValidity - Defaults to
days=30. - signing
Key string - sub
Mode string - Allowed values: -
hashed_user_id-user_id-user_uuid-user_username-user_email-user_upnDefaults tohashed_user_id.
- access_
code_ strvalidity - Defaults to
minutes=1. - access_
token_ strvalidity - Defaults to
minutes=10. - allowed_
redirect_ Sequence[Mapping[str, str]]uris - authentication_
flow str - str
- client_
id str - client_
secret str - Generated.
- client_
type str - Allowed values: -
confidential-publicDefaults toconfidential. - encryption_
key str - include_
claims_ boolin_ id_ token - Defaults to
true. - invalidation_
flow str - issuer_
mode str - Allowed values: -
global-per_providerDefaults toper_provider. - jwks_
sources Sequence[str] - Deprecated. Use
jwt_federation_sourcesinstead. - jwt_
federation_ Sequence[float]providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- jwt_
federation_ Sequence[str]sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- name str
- property_
mappings Sequence[str] - provider_
oauth2_ strid - refresh_
token_ strvalidity - Defaults to
days=30. - signing_
key str - sub_
mode str - Allowed values: -
hashed_user_id-user_id-user_uuid-user_username-user_email-user_upnDefaults tohashed_user_id.
- access
Code StringValidity - Defaults to
minutes=1. - access
Token StringValidity - Defaults to
minutes=10. - allowed
Redirect List<Map<String>>Uris - authentication
Flow String - String
- client
Id String - client
Secret String - Generated.
- client
Type String - Allowed values: -
confidential-publicDefaults toconfidential. - encryption
Key String - include
Claims BooleanIn Id Token - Defaults to
true. - invalidation
Flow String - issuer
Mode String - Allowed values: -
global-per_providerDefaults toper_provider. - jwks
Sources List<String> - Deprecated. Use
jwt_federation_sourcesinstead. - jwt
Federation List<Number>Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- jwt
Federation List<String>Sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- name String
- property
Mappings List<String> - provider
Oauth2Id String - refresh
Token StringValidity - Defaults to
days=30. - signing
Key String - sub
Mode String - Allowed values: -
hashed_user_id-user_id-user_uuid-user_username-user_email-user_upnDefaults tohashed_user_id.
Package Details
- Repository
- authentik goauthentik/terraform-provider-authentik
- License
- Notes
- This Pulumi package is based on the
authentikTerraform Provider.
authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik