Docs Home Pulumi IaC Pulumi ESC Pulumi Cloud Packages Tutorials
  1. Packages
  2. FusionAuth
  3. API Docs
  4. FusionAuthIdpOpenIdConnect
FusionAuth v6.0.2 published on Sunday, Feb 9, 2025 by Theo Gravity
theogravity/pulumi-fusionauth

fusionauth.FusionAuthIdpOpenIdConnect

Explore with Pulumi AI

FusionAuth v6.0.2 published on Sunday, Feb 9, 2025 by Theo Gravity
theogravity/pulumi-fusionauth

# OpenID Connect Identity Provider Resource

OpenID Connect identity providers connect to external OpenID Connect login systems. This type of login will optionally provide a Login with …​ button on FusionAuth’s login page. This button is customizable by using different properties of the identity provider.

Optionally, this identity provider can define one or more domains it is associated with. This is useful for allowing employees to log in with their corporate credentials. As long as the company has an identity solution that provides OpenID Connect, you can leverage this feature. This is referred to as a Domain Based Identity Provider. If you enable domains for an identity provider, the Login with …​ button will not be displayed. Instead, only the email form field will be displayed initially on the FusionAuth login page. Once the user types in their email address, FusionAuth will determine if the user is logging in locally or if they should be redirected to this identity provider. This is determined by extracting the domain from their email address and comparing it to the domains associated with the identity provider.

FusionAuth will also leverage the /userinfo API that is part of the OpenID Connect specification. The email address returned from the Userinfo response will be used to create or lookup the existing user. Additional claims from the Userinfo response can be used to reconcile the User in FusionAuth by using an OpenID Connect Reconcile Lambda. Unless you assign a reconcile lambda to this provider, on the email address will be used from the available claims returned by the OpenID Connect identity provider.

If the external OpenID Connect identity provider returns a refresh token, it will be stored in the UserRegistration object inside the tokens Map. This Map stores the tokens from the various identity providers so that you can use them in your application to call their APIs.

OpenID Connect Identity Providers API

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as fusionauth from "pulumi-fusionauth";

const openID = new fusionauth.FusionAuthIdpOpenIdConnect("openID", {
    applicationConfigurations: [{
        applicationId: fusionauth_application.myapp.id,
        createRegistration: true,
        enabled: true,
    }],
    oauth2AuthorizationEndpoint: "https://acme.com/oauth2/authorization",
    oauth2ClientId: "191c23dc-b772-4558-bd21-dc1cbf74ae21",
    oauth2ClientSecret: "SUsnoP0pWUYfXvWbSe5pvj8Di5nAxOvO",
    oauth2ClientAuthenticationMethod: "client_secret_basic",
    oauth2Scope: "openid offline_access",
    oauth2TokenEndpoint: "https://acme.com/oauth2/token",
    oauth2UserInfoEndpoint: "https://acme.com/oauth2/userinfo",
    buttonText: "Login with OpenID Connect",
    debug: false,
    enabled: true,
    tenantConfigurations: [{
        tenantId: fusionauth_tenant.example.id,
        limitUserLinkCountEnabled: false,
        limitUserLinkCountMaximumLinks: 42,
    }],
});
Copy
import pulumi
import theogravity_pulumi_fusionauth as fusionauth

open_id = fusionauth.FusionAuthIdpOpenIdConnect("openID",
    application_configurations=[{
        "application_id": fusionauth_application["myapp"]["id"],
        "create_registration": True,
        "enabled": True,
    }],
    oauth2_authorization_endpoint="https://acme.com/oauth2/authorization",
    oauth2_client_id="191c23dc-b772-4558-bd21-dc1cbf74ae21",
    oauth2_client_secret="SUsnoP0pWUYfXvWbSe5pvj8Di5nAxOvO",
    oauth2_client_authentication_method="client_secret_basic",
    oauth2_scope="openid offline_access",
    oauth2_token_endpoint="https://acme.com/oauth2/token",
    oauth2_user_info_endpoint="https://acme.com/oauth2/userinfo",
    button_text="Login with OpenID Connect",
    debug=False,
    enabled=True,
    tenant_configurations=[{
        "tenant_id": fusionauth_tenant["example"]["id"],
        "limit_user_link_count_enabled": False,
        "limit_user_link_count_maximum_links": 42,
    }])
Copy
package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := fusionauth.NewFusionAuthIdpOpenIdConnect(ctx, "openID", &fusionauth.FusionAuthIdpOpenIdConnectArgs{
			ApplicationConfigurations: fusionauth.FusionAuthIdpOpenIdConnectApplicationConfigurationArray{
				&fusionauth.FusionAuthIdpOpenIdConnectApplicationConfigurationArgs{
					ApplicationId:      pulumi.Any(fusionauth_application.Myapp.Id),
					CreateRegistration: pulumi.Bool(true),
					Enabled:            pulumi.Bool(true),
				},
			},
			Oauth2AuthorizationEndpoint:      pulumi.String("https://acme.com/oauth2/authorization"),
			Oauth2ClientId:                   pulumi.String("191c23dc-b772-4558-bd21-dc1cbf74ae21"),
			Oauth2ClientSecret:               pulumi.String("SUsnoP0pWUYfXvWbSe5pvj8Di5nAxOvO"),
			Oauth2ClientAuthenticationMethod: pulumi.String("client_secret_basic"),
			Oauth2Scope:                      pulumi.String("openid offline_access"),
			Oauth2TokenEndpoint:              pulumi.String("https://acme.com/oauth2/token"),
			Oauth2UserInfoEndpoint:           pulumi.String("https://acme.com/oauth2/userinfo"),
			ButtonText:                       pulumi.String("Login with OpenID Connect"),
			Debug:                            pulumi.Bool(false),
			Enabled:                          pulumi.Bool(true),
			TenantConfigurations: fusionauth.FusionAuthIdpOpenIdConnectTenantConfigurationArray{
				&fusionauth.FusionAuthIdpOpenIdConnectTenantConfigurationArgs{
					TenantId:                       pulumi.Any(fusionauth_tenant.Example.Id),
					LimitUserLinkCountEnabled:      pulumi.Bool(false),
					LimitUserLinkCountMaximumLinks: pulumi.Int(42),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fusionauth = theogravity.Fusionauth;

return await Deployment.RunAsync(() => 
{
    var openID = new Fusionauth.FusionAuthIdpOpenIdConnect("openID", new()
    {
        ApplicationConfigurations = new[]
        {
            new Fusionauth.Inputs.FusionAuthIdpOpenIdConnectApplicationConfigurationArgs
            {
                ApplicationId = fusionauth_application.Myapp.Id,
                CreateRegistration = true,
                Enabled = true,
            },
        },
        Oauth2AuthorizationEndpoint = "https://acme.com/oauth2/authorization",
        Oauth2ClientId = "191c23dc-b772-4558-bd21-dc1cbf74ae21",
        Oauth2ClientSecret = "SUsnoP0pWUYfXvWbSe5pvj8Di5nAxOvO",
        Oauth2ClientAuthenticationMethod = "client_secret_basic",
        Oauth2Scope = "openid offline_access",
        Oauth2TokenEndpoint = "https://acme.com/oauth2/token",
        Oauth2UserInfoEndpoint = "https://acme.com/oauth2/userinfo",
        ButtonText = "Login with OpenID Connect",
        Debug = false,
        Enabled = true,
        TenantConfigurations = new[]
        {
            new Fusionauth.Inputs.FusionAuthIdpOpenIdConnectTenantConfigurationArgs
            {
                TenantId = fusionauth_tenant.Example.Id,
                LimitUserLinkCountEnabled = false,
                LimitUserLinkCountMaximumLinks = 42,
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fusionauth.FusionAuthIdpOpenIdConnect;
import com.pulumi.fusionauth.FusionAuthIdpOpenIdConnectArgs;
import com.pulumi.fusionauth.inputs.FusionAuthIdpOpenIdConnectApplicationConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthIdpOpenIdConnectTenantConfigurationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var openID = new FusionAuthIdpOpenIdConnect("openID", FusionAuthIdpOpenIdConnectArgs.builder()
            .applicationConfigurations(FusionAuthIdpOpenIdConnectApplicationConfigurationArgs.builder()
                .applicationId(fusionauth_application.myapp().id())
                .createRegistration(true)
                .enabled(true)
                .build())
            .oauth2AuthorizationEndpoint("https://acme.com/oauth2/authorization")
            .oauth2ClientId("191c23dc-b772-4558-bd21-dc1cbf74ae21")
            .oauth2ClientSecret("SUsnoP0pWUYfXvWbSe5pvj8Di5nAxOvO")
            .oauth2ClientAuthenticationMethod("client_secret_basic")
            .oauth2Scope("openid offline_access")
            .oauth2TokenEndpoint("https://acme.com/oauth2/token")
            .oauth2UserInfoEndpoint("https://acme.com/oauth2/userinfo")
            .buttonText("Login with OpenID Connect")
            .debug(false)
            .enabled(true)
            .tenantConfigurations(FusionAuthIdpOpenIdConnectTenantConfigurationArgs.builder()
                .tenantId(fusionauth_tenant.example().id())
                .limitUserLinkCountEnabled(false)
                .limitUserLinkCountMaximumLinks(42)
                .build())
            .build());

    }
}
Copy
resources:
  openID:
    type: fusionauth:FusionAuthIdpOpenIdConnect
    properties:
      applicationConfigurations:
        - applicationId: ${fusionauth_application.myapp.id}
          createRegistration: true
          enabled: true
      oauth2AuthorizationEndpoint: https://acme.com/oauth2/authorization
      oauth2ClientId: 191c23dc-b772-4558-bd21-dc1cbf74ae21
      oauth2ClientSecret: SUsnoP0pWUYfXvWbSe5pvj8Di5nAxOvO
      oauth2ClientAuthenticationMethod: client_secret_basic
      oauth2Scope: openid offline_access
      oauth2TokenEndpoint: https://acme.com/oauth2/token
      oauth2UserInfoEndpoint: https://acme.com/oauth2/userinfo
      buttonText: Login with OpenID Connect
      debug: false
      enabled: true
      tenantConfigurations:
        - tenantId: ${fusionauth_tenant.example.id}
          limitUserLinkCountEnabled: false
          limitUserLinkCountMaximumLinks: 42
Copy

Create FusionAuthIdpOpenIdConnect Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FusionAuthIdpOpenIdConnect(name: string, args: FusionAuthIdpOpenIdConnectArgs, opts?: CustomResourceOptions);
@overload
def FusionAuthIdpOpenIdConnect(resource_name: str,
                               args: FusionAuthIdpOpenIdConnectArgs,
                               opts: Optional[ResourceOptions] = None)

@overload
def FusionAuthIdpOpenIdConnect(resource_name: str,
                               opts: Optional[ResourceOptions] = None,
                               button_text: Optional[str] = None,
                               oauth2_client_id: Optional[str] = None,
                               idp_id: Optional[str] = None,
                               domains: Optional[Sequence[str]] = None,
                               oauth2_client_secret: Optional[str] = None,
                               enabled: Optional[bool] = None,
                               application_configurations: Optional[Sequence[FusionAuthIdpOpenIdConnectApplicationConfigurationArgs]] = None,
                               lambda_reconcile_id: Optional[str] = None,
                               linking_strategy: Optional[str] = None,
                               name: Optional[str] = None,
                               oauth2_email_claim: Optional[str] = None,
                               oauth2_client_authentication_method: Optional[str] = None,
                               tenant_configurations: Optional[Sequence[FusionAuthIdpOpenIdConnectTenantConfigurationArgs]] = None,
                               debug: Optional[bool] = None,
                               oauth2_authorization_endpoint: Optional[str] = None,
                               oauth2_email_verified_claim: Optional[str] = None,
                               oauth2_issuer: Optional[str] = None,
                               oauth2_scope: Optional[str] = None,
                               oauth2_token_endpoint: Optional[str] = None,
                               oauth2_unique_id_claim: Optional[str] = None,
                               oauth2_user_info_endpoint: Optional[str] = None,
                               oauth2_username_claim: Optional[str] = None,
                               post_request: Optional[bool] = None,
                               button_image_url: Optional[str] = None)
func NewFusionAuthIdpOpenIdConnect(ctx *Context, name string, args FusionAuthIdpOpenIdConnectArgs, opts ...ResourceOption) (*FusionAuthIdpOpenIdConnect, error)
public FusionAuthIdpOpenIdConnect(string name, FusionAuthIdpOpenIdConnectArgs args, CustomResourceOptions? opts = null)
public FusionAuthIdpOpenIdConnect(String name, FusionAuthIdpOpenIdConnectArgs args)
public FusionAuthIdpOpenIdConnect(String name, FusionAuthIdpOpenIdConnectArgs args, CustomResourceOptions options)

type: fusionauth:FusionAuthIdpOpenIdConnect
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. FusionAuthIdpOpenIdConnectArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. FusionAuthIdpOpenIdConnectArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. FusionAuthIdpOpenIdConnectArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. FusionAuthIdpOpenIdConnectArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. FusionAuthIdpOpenIdConnectArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var fusionAuthIdpOpenIdConnectResource = new Fusionauth.FusionAuthIdpOpenIdConnect("fusionAuthIdpOpenIdConnectResource", new()
{
    ButtonText = "string",
    Oauth2ClientId = "string",
    IdpId = "string",
    Domains = new[]
    {
        "string",
    },
    Oauth2ClientSecret = "string",
    Enabled = false,
    ApplicationConfigurations = new[]
    {
        new Fusionauth.Inputs.FusionAuthIdpOpenIdConnectApplicationConfigurationArgs
        {
            ApplicationId = "string",
            ButtonImageUrl = "string",
            ButtonText = "string",
            CreateRegistration = false,
            Enabled = false,
            Oauth2ClientId = "string",
            Oauth2ClientSecret = "string",
            Oauth2Scope = "string",
        },
    },
    LambdaReconcileId = "string",
    LinkingStrategy = "string",
    Name = "string",
    Oauth2EmailClaim = "string",
    Oauth2ClientAuthenticationMethod = "string",
    TenantConfigurations = new[]
    {
        new Fusionauth.Inputs.FusionAuthIdpOpenIdConnectTenantConfigurationArgs
        {
            LimitUserLinkCountEnabled = false,
            LimitUserLinkCountMaximumLinks = 0,
            TenantId = "string",
        },
    },
    Debug = false,
    Oauth2AuthorizationEndpoint = "string",
    Oauth2EmailVerifiedClaim = "string",
    Oauth2Issuer = "string",
    Oauth2Scope = "string",
    Oauth2TokenEndpoint = "string",
    Oauth2UniqueIdClaim = "string",
    Oauth2UserInfoEndpoint = "string",
    Oauth2UsernameClaim = "string",
    PostRequest = false,
    ButtonImageUrl = "string",
});
Copy
example, err := fusionauth.NewFusionAuthIdpOpenIdConnect(ctx, "fusionAuthIdpOpenIdConnectResource", &fusionauth.FusionAuthIdpOpenIdConnectArgs{
	ButtonText:     pulumi.String("string"),
	Oauth2ClientId: pulumi.String("string"),
	IdpId:          pulumi.String("string"),
	Domains: pulumi.StringArray{
		pulumi.String("string"),
	},
	Oauth2ClientSecret: pulumi.String("string"),
	Enabled:            pulumi.Bool(false),
	ApplicationConfigurations: fusionauth.FusionAuthIdpOpenIdConnectApplicationConfigurationArray{
		&fusionauth.FusionAuthIdpOpenIdConnectApplicationConfigurationArgs{
			ApplicationId:      pulumi.String("string"),
			ButtonImageUrl:     pulumi.String("string"),
			ButtonText:         pulumi.String("string"),
			CreateRegistration: pulumi.Bool(false),
			Enabled:            pulumi.Bool(false),
			Oauth2ClientId:     pulumi.String("string"),
			Oauth2ClientSecret: pulumi.String("string"),
			Oauth2Scope:        pulumi.String("string"),
		},
	},
	LambdaReconcileId:                pulumi.String("string"),
	LinkingStrategy:                  pulumi.String("string"),
	Name:                             pulumi.String("string"),
	Oauth2EmailClaim:                 pulumi.String("string"),
	Oauth2ClientAuthenticationMethod: pulumi.String("string"),
	TenantConfigurations: fusionauth.FusionAuthIdpOpenIdConnectTenantConfigurationArray{
		&fusionauth.FusionAuthIdpOpenIdConnectTenantConfigurationArgs{
			LimitUserLinkCountEnabled:      pulumi.Bool(false),
			LimitUserLinkCountMaximumLinks: pulumi.Int(0),
			TenantId:                       pulumi.String("string"),
		},
	},
	Debug:                       pulumi.Bool(false),
	Oauth2AuthorizationEndpoint: pulumi.String("string"),
	Oauth2EmailVerifiedClaim:    pulumi.String("string"),
	Oauth2Issuer:                pulumi.String("string"),
	Oauth2Scope:                 pulumi.String("string"),
	Oauth2TokenEndpoint:         pulumi.String("string"),
	Oauth2UniqueIdClaim:         pulumi.String("string"),
	Oauth2UserInfoEndpoint:      pulumi.String("string"),
	Oauth2UsernameClaim:         pulumi.String("string"),
	PostRequest:                 pulumi.Bool(false),
	ButtonImageUrl:              pulumi.String("string"),
})
Copy
var fusionAuthIdpOpenIdConnectResource = new FusionAuthIdpOpenIdConnect("fusionAuthIdpOpenIdConnectResource", FusionAuthIdpOpenIdConnectArgs.builder()
    .buttonText("string")
    .oauth2ClientId("string")
    .idpId("string")
    .domains("string")
    .oauth2ClientSecret("string")
    .enabled(false)
    .applicationConfigurations(FusionAuthIdpOpenIdConnectApplicationConfigurationArgs.builder()
        .applicationId("string")
        .buttonImageUrl("string")
        .buttonText("string")
        .createRegistration(false)
        .enabled(false)
        .oauth2ClientId("string")
        .oauth2ClientSecret("string")
        .oauth2Scope("string")
        .build())
    .lambdaReconcileId("string")
    .linkingStrategy("string")
    .name("string")
    .oauth2EmailClaim("string")
    .oauth2ClientAuthenticationMethod("string")
    .tenantConfigurations(FusionAuthIdpOpenIdConnectTenantConfigurationArgs.builder()
        .limitUserLinkCountEnabled(false)
        .limitUserLinkCountMaximumLinks(0)
        .tenantId("string")
        .build())
    .debug(false)
    .oauth2AuthorizationEndpoint("string")
    .oauth2EmailVerifiedClaim("string")
    .oauth2Issuer("string")
    .oauth2Scope("string")
    .oauth2TokenEndpoint("string")
    .oauth2UniqueIdClaim("string")
    .oauth2UserInfoEndpoint("string")
    .oauth2UsernameClaim("string")
    .postRequest(false)
    .buttonImageUrl("string")
    .build());
Copy
fusion_auth_idp_open_id_connect_resource = fusionauth.FusionAuthIdpOpenIdConnect("fusionAuthIdpOpenIdConnectResource",
    button_text="string",
    oauth2_client_id="string",
    idp_id="string",
    domains=["string"],
    oauth2_client_secret="string",
    enabled=False,
    application_configurations=[{
        "application_id": "string",
        "button_image_url": "string",
        "button_text": "string",
        "create_registration": False,
        "enabled": False,
        "oauth2_client_id": "string",
        "oauth2_client_secret": "string",
        "oauth2_scope": "string",
    }],
    lambda_reconcile_id="string",
    linking_strategy="string",
    name="string",
    oauth2_email_claim="string",
    oauth2_client_authentication_method="string",
    tenant_configurations=[{
        "limit_user_link_count_enabled": False,
        "limit_user_link_count_maximum_links": 0,
        "tenant_id": "string",
    }],
    debug=False,
    oauth2_authorization_endpoint="string",
    oauth2_email_verified_claim="string",
    oauth2_issuer="string",
    oauth2_scope="string",
    oauth2_token_endpoint="string",
    oauth2_unique_id_claim="string",
    oauth2_user_info_endpoint="string",
    oauth2_username_claim="string",
    post_request=False,
    button_image_url="string")
Copy
const fusionAuthIdpOpenIdConnectResource = new fusionauth.FusionAuthIdpOpenIdConnect("fusionAuthIdpOpenIdConnectResource", {
    buttonText: "string",
    oauth2ClientId: "string",
    idpId: "string",
    domains: ["string"],
    oauth2ClientSecret: "string",
    enabled: false,
    applicationConfigurations: [{
        applicationId: "string",
        buttonImageUrl: "string",
        buttonText: "string",
        createRegistration: false,
        enabled: false,
        oauth2ClientId: "string",
        oauth2ClientSecret: "string",
        oauth2Scope: "string",
    }],
    lambdaReconcileId: "string",
    linkingStrategy: "string",
    name: "string",
    oauth2EmailClaim: "string",
    oauth2ClientAuthenticationMethod: "string",
    tenantConfigurations: [{
        limitUserLinkCountEnabled: false,
        limitUserLinkCountMaximumLinks: 0,
        tenantId: "string",
    }],
    debug: false,
    oauth2AuthorizationEndpoint: "string",
    oauth2EmailVerifiedClaim: "string",
    oauth2Issuer: "string",
    oauth2Scope: "string",
    oauth2TokenEndpoint: "string",
    oauth2UniqueIdClaim: "string",
    oauth2UserInfoEndpoint: "string",
    oauth2UsernameClaim: "string",
    postRequest: false,
    buttonImageUrl: "string",
});
Copy
type: fusionauth:FusionAuthIdpOpenIdConnect
properties:
    applicationConfigurations:
        - applicationId: string
          buttonImageUrl: string
          buttonText: string
          createRegistration: false
          enabled: false
          oauth2ClientId: string
          oauth2ClientSecret: string
          oauth2Scope: string
    buttonImageUrl: string
    buttonText: string
    debug: false
    domains:
        - string
    enabled: false
    idpId: string
    lambdaReconcileId: string
    linkingStrategy: string
    name: string
    oauth2AuthorizationEndpoint: string
    oauth2ClientAuthenticationMethod: string
    oauth2ClientId: string
    oauth2ClientSecret: string
    oauth2EmailClaim: string
    oauth2EmailVerifiedClaim: string
    oauth2Issuer: string
    oauth2Scope: string
    oauth2TokenEndpoint: string
    oauth2UniqueIdClaim: string
    oauth2UserInfoEndpoint: string
    oauth2UsernameClaim: string
    postRequest: false
    tenantConfigurations:
        - limitUserLinkCountEnabled: false
          limitUserLinkCountMaximumLinks: 0
          tenantId: string
Copy

FusionAuthIdpOpenIdConnect Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The FusionAuthIdpOpenIdConnect resource accepts the following input properties:

ButtonText This property is required. string
The top-level button text to use on the FusionAuth login page for this Identity Provider.
Oauth2ClientId This property is required. string
The top-level client id for your Application.
ApplicationConfigurations List<theogravity.Fusionauth.Inputs.FusionAuthIdpOpenIdConnectApplicationConfiguration>
The configuration for each Application that the identity provider is enabled for.
ButtonImageUrl string
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
Debug bool
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
Domains List<string>
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
Enabled bool
Determines if this provider is enabled. If it is false then it will be disabled globally.
IdpId Changes to this property will trigger replacement. string
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
LambdaReconcileId string
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
LinkingStrategy string
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
Name string
The name of this OpenID Connect identity provider. This is only used for display purposes.
Oauth2AuthorizationEndpoint string
The top-level authorization endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the authorization endpoint. If you provide an issuer then this field will be ignored.
Oauth2ClientAuthenticationMethod string
The client authentication method to use with the OpenID Connect identity provider.
Oauth2ClientSecret string
The top-level client secret to use with the OpenID Connect identity provider.
Oauth2EmailClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email address.
Oauth2EmailVerifiedClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email verified status.
Oauth2Issuer string
The top-level issuer URI for the OpenID Connect identity provider. If this is provided, the authorization endpoint, token endpoint and userinfo endpoint will all be resolved using the issuer URI plus /.well-known/openid-configuration.
Oauth2Scope string
The top-level scope that you are requesting from the OpenID Connect identity provider.
Oauth2TokenEndpoint string
The top-level token endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the token endpoint. If you provide an issuer then this field will be ignored.
Oauth2UniqueIdClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the user Id.
Oauth2UserInfoEndpoint string
The top-level userinfo endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the userinfo endpoint. If you provide an issuer then this field will be ignored.
Oauth2UsernameClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the username.
PostRequest bool
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
TenantConfigurations List<theogravity.Fusionauth.Inputs.FusionAuthIdpOpenIdConnectTenantConfiguration>
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
ButtonText This property is required. string
The top-level button text to use on the FusionAuth login page for this Identity Provider.
Oauth2ClientId This property is required. string
The top-level client id for your Application.
ApplicationConfigurations []FusionAuthIdpOpenIdConnectApplicationConfigurationArgs
The configuration for each Application that the identity provider is enabled for.
ButtonImageUrl string
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
Debug bool
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
Domains []string
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
Enabled bool
Determines if this provider is enabled. If it is false then it will be disabled globally.
IdpId Changes to this property will trigger replacement. string
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
LambdaReconcileId string
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
LinkingStrategy string
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
Name string
The name of this OpenID Connect identity provider. This is only used for display purposes.
Oauth2AuthorizationEndpoint string
The top-level authorization endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the authorization endpoint. If you provide an issuer then this field will be ignored.
Oauth2ClientAuthenticationMethod string
The client authentication method to use with the OpenID Connect identity provider.
Oauth2ClientSecret string
The top-level client secret to use with the OpenID Connect identity provider.
Oauth2EmailClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email address.
Oauth2EmailVerifiedClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email verified status.
Oauth2Issuer string
The top-level issuer URI for the OpenID Connect identity provider. If this is provided, the authorization endpoint, token endpoint and userinfo endpoint will all be resolved using the issuer URI plus /.well-known/openid-configuration.
Oauth2Scope string
The top-level scope that you are requesting from the OpenID Connect identity provider.
Oauth2TokenEndpoint string
The top-level token endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the token endpoint. If you provide an issuer then this field will be ignored.
Oauth2UniqueIdClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the user Id.
Oauth2UserInfoEndpoint string
The top-level userinfo endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the userinfo endpoint. If you provide an issuer then this field will be ignored.
Oauth2UsernameClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the username.
PostRequest bool
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
TenantConfigurations []FusionAuthIdpOpenIdConnectTenantConfigurationArgs
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
buttonText This property is required. String
The top-level button text to use on the FusionAuth login page for this Identity Provider.
oauth2ClientId This property is required. String
The top-level client id for your Application.
applicationConfigurations List<FusionAuthIdpOpenIdConnectApplicationConfiguration>
The configuration for each Application that the identity provider is enabled for.
buttonImageUrl String
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
debug Boolean
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
domains List<String>
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
enabled Boolean
Determines if this provider is enabled. If it is false then it will be disabled globally.
idpId Changes to this property will trigger replacement. String
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
lambdaReconcileId String
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
linkingStrategy String
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
name String
The name of this OpenID Connect identity provider. This is only used for display purposes.
oauth2AuthorizationEndpoint String
The top-level authorization endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the authorization endpoint. If you provide an issuer then this field will be ignored.
oauth2ClientAuthenticationMethod String
The client authentication method to use with the OpenID Connect identity provider.
oauth2ClientSecret String
The top-level client secret to use with the OpenID Connect identity provider.
oauth2EmailClaim String
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email address.
oauth2EmailVerifiedClaim String
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email verified status.
oauth2Issuer String
The top-level issuer URI for the OpenID Connect identity provider. If this is provided, the authorization endpoint, token endpoint and userinfo endpoint will all be resolved using the issuer URI plus /.well-known/openid-configuration.
oauth2Scope String
The top-level scope that you are requesting from the OpenID Connect identity provider.
oauth2TokenEndpoint String
The top-level token endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the token endpoint. If you provide an issuer then this field will be ignored.
oauth2UniqueIdClaim String
An optional configuration to modify the expected name of the claim returned by the IdP that contains the user Id.
oauth2UserInfoEndpoint String
The top-level userinfo endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the userinfo endpoint. If you provide an issuer then this field will be ignored.
oauth2UsernameClaim String
An optional configuration to modify the expected name of the claim returned by the IdP that contains the username.
postRequest Boolean
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
tenantConfigurations List<FusionAuthIdpOpenIdConnectTenantConfiguration>
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
buttonText This property is required. string
The top-level button text to use on the FusionAuth login page for this Identity Provider.
oauth2ClientId This property is required. string
The top-level client id for your Application.
applicationConfigurations FusionAuthIdpOpenIdConnectApplicationConfiguration[]
The configuration for each Application that the identity provider is enabled for.
buttonImageUrl string
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
debug boolean
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
domains string[]
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
enabled boolean
Determines if this provider is enabled. If it is false then it will be disabled globally.
idpId Changes to this property will trigger replacement. string
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
lambdaReconcileId string
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
linkingStrategy string
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
name string
The name of this OpenID Connect identity provider. This is only used for display purposes.
oauth2AuthorizationEndpoint string
The top-level authorization endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the authorization endpoint. If you provide an issuer then this field will be ignored.
oauth2ClientAuthenticationMethod string
The client authentication method to use with the OpenID Connect identity provider.
oauth2ClientSecret string
The top-level client secret to use with the OpenID Connect identity provider.
oauth2EmailClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email address.
oauth2EmailVerifiedClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email verified status.
oauth2Issuer string
The top-level issuer URI for the OpenID Connect identity provider. If this is provided, the authorization endpoint, token endpoint and userinfo endpoint will all be resolved using the issuer URI plus /.well-known/openid-configuration.
oauth2Scope string
The top-level scope that you are requesting from the OpenID Connect identity provider.
oauth2TokenEndpoint string
The top-level token endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the token endpoint. If you provide an issuer then this field will be ignored.
oauth2UniqueIdClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the user Id.
oauth2UserInfoEndpoint string
The top-level userinfo endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the userinfo endpoint. If you provide an issuer then this field will be ignored.
oauth2UsernameClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the username.
postRequest boolean
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
tenantConfigurations FusionAuthIdpOpenIdConnectTenantConfiguration[]
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
button_text This property is required. str
The top-level button text to use on the FusionAuth login page for this Identity Provider.
oauth2_client_id This property is required. str
The top-level client id for your Application.
application_configurations Sequence[FusionAuthIdpOpenIdConnectApplicationConfigurationArgs]
The configuration for each Application that the identity provider is enabled for.
button_image_url str
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
debug bool
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
domains Sequence[str]
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
enabled bool
Determines if this provider is enabled. If it is false then it will be disabled globally.
idp_id Changes to this property will trigger replacement. str
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
lambda_reconcile_id str
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
linking_strategy str
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
name str
The name of this OpenID Connect identity provider. This is only used for display purposes.
oauth2_authorization_endpoint str
The top-level authorization endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the authorization endpoint. If you provide an issuer then this field will be ignored.
oauth2_client_authentication_method str
The client authentication method to use with the OpenID Connect identity provider.
oauth2_client_secret str
The top-level client secret to use with the OpenID Connect identity provider.
oauth2_email_claim str
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email address.
oauth2_email_verified_claim str
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email verified status.
oauth2_issuer str
The top-level issuer URI for the OpenID Connect identity provider. If this is provided, the authorization endpoint, token endpoint and userinfo endpoint will all be resolved using the issuer URI plus /.well-known/openid-configuration.
oauth2_scope str
The top-level scope that you are requesting from the OpenID Connect identity provider.
oauth2_token_endpoint str
The top-level token endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the token endpoint. If you provide an issuer then this field will be ignored.
oauth2_unique_id_claim str
An optional configuration to modify the expected name of the claim returned by the IdP that contains the user Id.
oauth2_user_info_endpoint str
The top-level userinfo endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the userinfo endpoint. If you provide an issuer then this field will be ignored.
oauth2_username_claim str
An optional configuration to modify the expected name of the claim returned by the IdP that contains the username.
post_request bool
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
tenant_configurations Sequence[FusionAuthIdpOpenIdConnectTenantConfigurationArgs]
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
buttonText This property is required. String
The top-level button text to use on the FusionAuth login page for this Identity Provider.
oauth2ClientId This property is required. String
The top-level client id for your Application.
applicationConfigurations List<Property Map>
The configuration for each Application that the identity provider is enabled for.
buttonImageUrl String
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
debug Boolean
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
domains List<String>
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
enabled Boolean
Determines if this provider is enabled. If it is false then it will be disabled globally.
idpId Changes to this property will trigger replacement. String
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
lambdaReconcileId String
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
linkingStrategy String
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
name String
The name of this OpenID Connect identity provider. This is only used for display purposes.
oauth2AuthorizationEndpoint String
The top-level authorization endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the authorization endpoint. If you provide an issuer then this field will be ignored.
oauth2ClientAuthenticationMethod String
The client authentication method to use with the OpenID Connect identity provider.
oauth2ClientSecret String
The top-level client secret to use with the OpenID Connect identity provider.
oauth2EmailClaim String
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email address.
oauth2EmailVerifiedClaim String
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email verified status.
oauth2Issuer String
The top-level issuer URI for the OpenID Connect identity provider. If this is provided, the authorization endpoint, token endpoint and userinfo endpoint will all be resolved using the issuer URI plus /.well-known/openid-configuration.
oauth2Scope String
The top-level scope that you are requesting from the OpenID Connect identity provider.
oauth2TokenEndpoint String
The top-level token endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the token endpoint. If you provide an issuer then this field will be ignored.
oauth2UniqueIdClaim String
An optional configuration to modify the expected name of the claim returned by the IdP that contains the user Id.
oauth2UserInfoEndpoint String
The top-level userinfo endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the userinfo endpoint. If you provide an issuer then this field will be ignored.
oauth2UsernameClaim String
An optional configuration to modify the expected name of the claim returned by the IdP that contains the username.
postRequest Boolean
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
tenantConfigurations List<Property Map>
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.

Outputs

All input properties are implicitly available as output properties. Additionally, the FusionAuthIdpOpenIdConnect resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing FusionAuthIdpOpenIdConnect Resource

Get an existing FusionAuthIdpOpenIdConnect resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FusionAuthIdpOpenIdConnectState, opts?: CustomResourceOptions): FusionAuthIdpOpenIdConnect
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        application_configurations: Optional[Sequence[FusionAuthIdpOpenIdConnectApplicationConfigurationArgs]] = None,
        button_image_url: Optional[str] = None,
        button_text: Optional[str] = None,
        debug: Optional[bool] = None,
        domains: Optional[Sequence[str]] = None,
        enabled: Optional[bool] = None,
        idp_id: Optional[str] = None,
        lambda_reconcile_id: Optional[str] = None,
        linking_strategy: Optional[str] = None,
        name: Optional[str] = None,
        oauth2_authorization_endpoint: Optional[str] = None,
        oauth2_client_authentication_method: Optional[str] = None,
        oauth2_client_id: Optional[str] = None,
        oauth2_client_secret: Optional[str] = None,
        oauth2_email_claim: Optional[str] = None,
        oauth2_email_verified_claim: Optional[str] = None,
        oauth2_issuer: Optional[str] = None,
        oauth2_scope: Optional[str] = None,
        oauth2_token_endpoint: Optional[str] = None,
        oauth2_unique_id_claim: Optional[str] = None,
        oauth2_user_info_endpoint: Optional[str] = None,
        oauth2_username_claim: Optional[str] = None,
        post_request: Optional[bool] = None,
        tenant_configurations: Optional[Sequence[FusionAuthIdpOpenIdConnectTenantConfigurationArgs]] = None) -> FusionAuthIdpOpenIdConnect
func GetFusionAuthIdpOpenIdConnect(ctx *Context, name string, id IDInput, state *FusionAuthIdpOpenIdConnectState, opts ...ResourceOption) (*FusionAuthIdpOpenIdConnect, error)
public static FusionAuthIdpOpenIdConnect Get(string name, Input<string> id, FusionAuthIdpOpenIdConnectState? state, CustomResourceOptions? opts = null)
public static FusionAuthIdpOpenIdConnect get(String name, Output<String> id, FusionAuthIdpOpenIdConnectState state, CustomResourceOptions options)
resources:  _:    type: fusionauth:FusionAuthIdpOpenIdConnect    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
ApplicationConfigurations List<theogravity.Fusionauth.Inputs.FusionAuthIdpOpenIdConnectApplicationConfiguration>
The configuration for each Application that the identity provider is enabled for.
ButtonImageUrl string
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
ButtonText string
The top-level button text to use on the FusionAuth login page for this Identity Provider.
Debug bool
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
Domains List<string>
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
Enabled bool
Determines if this provider is enabled. If it is false then it will be disabled globally.
IdpId Changes to this property will trigger replacement. string
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
LambdaReconcileId string
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
LinkingStrategy string
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
Name string
The name of this OpenID Connect identity provider. This is only used for display purposes.
Oauth2AuthorizationEndpoint string
The top-level authorization endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the authorization endpoint. If you provide an issuer then this field will be ignored.
Oauth2ClientAuthenticationMethod string
The client authentication method to use with the OpenID Connect identity provider.
Oauth2ClientId string
The top-level client id for your Application.
Oauth2ClientSecret string
The top-level client secret to use with the OpenID Connect identity provider.
Oauth2EmailClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email address.
Oauth2EmailVerifiedClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email verified status.
Oauth2Issuer string
The top-level issuer URI for the OpenID Connect identity provider. If this is provided, the authorization endpoint, token endpoint and userinfo endpoint will all be resolved using the issuer URI plus /.well-known/openid-configuration.
Oauth2Scope string
The top-level scope that you are requesting from the OpenID Connect identity provider.
Oauth2TokenEndpoint string
The top-level token endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the token endpoint. If you provide an issuer then this field will be ignored.
Oauth2UniqueIdClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the user Id.
Oauth2UserInfoEndpoint string
The top-level userinfo endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the userinfo endpoint. If you provide an issuer then this field will be ignored.
Oauth2UsernameClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the username.
PostRequest bool
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
TenantConfigurations List<theogravity.Fusionauth.Inputs.FusionAuthIdpOpenIdConnectTenantConfiguration>
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
ApplicationConfigurations []FusionAuthIdpOpenIdConnectApplicationConfigurationArgs
The configuration for each Application that the identity provider is enabled for.
ButtonImageUrl string
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
ButtonText string
The top-level button text to use on the FusionAuth login page for this Identity Provider.
Debug bool
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
Domains []string
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
Enabled bool
Determines if this provider is enabled. If it is false then it will be disabled globally.
IdpId Changes to this property will trigger replacement. string
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
LambdaReconcileId string
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
LinkingStrategy string
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
Name string
The name of this OpenID Connect identity provider. This is only used for display purposes.
Oauth2AuthorizationEndpoint string
The top-level authorization endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the authorization endpoint. If you provide an issuer then this field will be ignored.
Oauth2ClientAuthenticationMethod string
The client authentication method to use with the OpenID Connect identity provider.
Oauth2ClientId string
The top-level client id for your Application.
Oauth2ClientSecret string
The top-level client secret to use with the OpenID Connect identity provider.
Oauth2EmailClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email address.
Oauth2EmailVerifiedClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email verified status.
Oauth2Issuer string
The top-level issuer URI for the OpenID Connect identity provider. If this is provided, the authorization endpoint, token endpoint and userinfo endpoint will all be resolved using the issuer URI plus /.well-known/openid-configuration.
Oauth2Scope string
The top-level scope that you are requesting from the OpenID Connect identity provider.
Oauth2TokenEndpoint string
The top-level token endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the token endpoint. If you provide an issuer then this field will be ignored.
Oauth2UniqueIdClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the user Id.
Oauth2UserInfoEndpoint string
The top-level userinfo endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the userinfo endpoint. If you provide an issuer then this field will be ignored.
Oauth2UsernameClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the username.
PostRequest bool
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
TenantConfigurations []FusionAuthIdpOpenIdConnectTenantConfigurationArgs
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
applicationConfigurations List<FusionAuthIdpOpenIdConnectApplicationConfiguration>
The configuration for each Application that the identity provider is enabled for.
buttonImageUrl String
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
buttonText String
The top-level button text to use on the FusionAuth login page for this Identity Provider.
debug Boolean
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
domains List<String>
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
enabled Boolean
Determines if this provider is enabled. If it is false then it will be disabled globally.
idpId Changes to this property will trigger replacement. String
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
lambdaReconcileId String
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
linkingStrategy String
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
name String
The name of this OpenID Connect identity provider. This is only used for display purposes.
oauth2AuthorizationEndpoint String
The top-level authorization endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the authorization endpoint. If you provide an issuer then this field will be ignored.
oauth2ClientAuthenticationMethod String
The client authentication method to use with the OpenID Connect identity provider.
oauth2ClientId String
The top-level client id for your Application.
oauth2ClientSecret String
The top-level client secret to use with the OpenID Connect identity provider.
oauth2EmailClaim String
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email address.
oauth2EmailVerifiedClaim String
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email verified status.
oauth2Issuer String
The top-level issuer URI for the OpenID Connect identity provider. If this is provided, the authorization endpoint, token endpoint and userinfo endpoint will all be resolved using the issuer URI plus /.well-known/openid-configuration.
oauth2Scope String
The top-level scope that you are requesting from the OpenID Connect identity provider.
oauth2TokenEndpoint String
The top-level token endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the token endpoint. If you provide an issuer then this field will be ignored.
oauth2UniqueIdClaim String
An optional configuration to modify the expected name of the claim returned by the IdP that contains the user Id.
oauth2UserInfoEndpoint String
The top-level userinfo endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the userinfo endpoint. If you provide an issuer then this field will be ignored.
oauth2UsernameClaim String
An optional configuration to modify the expected name of the claim returned by the IdP that contains the username.
postRequest Boolean
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
tenantConfigurations List<FusionAuthIdpOpenIdConnectTenantConfiguration>
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
applicationConfigurations FusionAuthIdpOpenIdConnectApplicationConfiguration[]
The configuration for each Application that the identity provider is enabled for.
buttonImageUrl string
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
buttonText string
The top-level button text to use on the FusionAuth login page for this Identity Provider.
debug boolean
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
domains string[]
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
enabled boolean
Determines if this provider is enabled. If it is false then it will be disabled globally.
idpId Changes to this property will trigger replacement. string
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
lambdaReconcileId string
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
linkingStrategy string
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
name string
The name of this OpenID Connect identity provider. This is only used for display purposes.
oauth2AuthorizationEndpoint string
The top-level authorization endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the authorization endpoint. If you provide an issuer then this field will be ignored.
oauth2ClientAuthenticationMethod string
The client authentication method to use with the OpenID Connect identity provider.
oauth2ClientId string
The top-level client id for your Application.
oauth2ClientSecret string
The top-level client secret to use with the OpenID Connect identity provider.
oauth2EmailClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email address.
oauth2EmailVerifiedClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email verified status.
oauth2Issuer string
The top-level issuer URI for the OpenID Connect identity provider. If this is provided, the authorization endpoint, token endpoint and userinfo endpoint will all be resolved using the issuer URI plus /.well-known/openid-configuration.
oauth2Scope string
The top-level scope that you are requesting from the OpenID Connect identity provider.
oauth2TokenEndpoint string
The top-level token endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the token endpoint. If you provide an issuer then this field will be ignored.
oauth2UniqueIdClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the user Id.
oauth2UserInfoEndpoint string
The top-level userinfo endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the userinfo endpoint. If you provide an issuer then this field will be ignored.
oauth2UsernameClaim string
An optional configuration to modify the expected name of the claim returned by the IdP that contains the username.
postRequest boolean
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
tenantConfigurations FusionAuthIdpOpenIdConnectTenantConfiguration[]
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
application_configurations Sequence[FusionAuthIdpOpenIdConnectApplicationConfigurationArgs]
The configuration for each Application that the identity provider is enabled for.
button_image_url str
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
button_text str
The top-level button text to use on the FusionAuth login page for this Identity Provider.
debug bool
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
domains Sequence[str]
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
enabled bool
Determines if this provider is enabled. If it is false then it will be disabled globally.
idp_id Changes to this property will trigger replacement. str
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
lambda_reconcile_id str
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
linking_strategy str
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
name str
The name of this OpenID Connect identity provider. This is only used for display purposes.
oauth2_authorization_endpoint str
The top-level authorization endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the authorization endpoint. If you provide an issuer then this field will be ignored.
oauth2_client_authentication_method str
The client authentication method to use with the OpenID Connect identity provider.
oauth2_client_id str
The top-level client id for your Application.
oauth2_client_secret str
The top-level client secret to use with the OpenID Connect identity provider.
oauth2_email_claim str
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email address.
oauth2_email_verified_claim str
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email verified status.
oauth2_issuer str
The top-level issuer URI for the OpenID Connect identity provider. If this is provided, the authorization endpoint, token endpoint and userinfo endpoint will all be resolved using the issuer URI plus /.well-known/openid-configuration.
oauth2_scope str
The top-level scope that you are requesting from the OpenID Connect identity provider.
oauth2_token_endpoint str
The top-level token endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the token endpoint. If you provide an issuer then this field will be ignored.
oauth2_unique_id_claim str
An optional configuration to modify the expected name of the claim returned by the IdP that contains the user Id.
oauth2_user_info_endpoint str
The top-level userinfo endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the userinfo endpoint. If you provide an issuer then this field will be ignored.
oauth2_username_claim str
An optional configuration to modify the expected name of the claim returned by the IdP that contains the username.
post_request bool
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
tenant_configurations Sequence[FusionAuthIdpOpenIdConnectTenantConfigurationArgs]
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.
applicationConfigurations List<Property Map>
The configuration for each Application that the identity provider is enabled for.
buttonImageUrl String
The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.
buttonText String
The top-level button text to use on the FusionAuth login page for this Identity Provider.
debug Boolean
Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.
domains List<String>
This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.
enabled Boolean
Determines if this provider is enabled. If it is false then it will be disabled globally.
idpId Changes to this property will trigger replacement. String
The ID to use for the new identity provider. If not specified a secure random UUID will be generated.
lambdaReconcileId String
The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.
linkingStrategy String
The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.
name String
The name of this OpenID Connect identity provider. This is only used for display purposes.
oauth2AuthorizationEndpoint String
The top-level authorization endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the authorization endpoint. If you provide an issuer then this field will be ignored.
oauth2ClientAuthenticationMethod String
The client authentication method to use with the OpenID Connect identity provider.
oauth2ClientId String
The top-level client id for your Application.
oauth2ClientSecret String
The top-level client secret to use with the OpenID Connect identity provider.
oauth2EmailClaim String
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email address.
oauth2EmailVerifiedClaim String
An optional configuration to modify the expected name of the claim returned by the IdP that contains the email verified status.
oauth2Issuer String
The top-level issuer URI for the OpenID Connect identity provider. If this is provided, the authorization endpoint, token endpoint and userinfo endpoint will all be resolved using the issuer URI plus /.well-known/openid-configuration.
oauth2Scope String
The top-level scope that you are requesting from the OpenID Connect identity provider.
oauth2TokenEndpoint String
The top-level token endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the token endpoint. If you provide an issuer then this field will be ignored.
oauth2UniqueIdClaim String
An optional configuration to modify the expected name of the claim returned by the IdP that contains the user Id.
oauth2UserInfoEndpoint String
The top-level userinfo endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the userinfo endpoint. If you provide an issuer then this field will be ignored.
oauth2UsernameClaim String
An optional configuration to modify the expected name of the claim returned by the IdP that contains the username.
postRequest Boolean
Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.
tenantConfigurations List<Property Map>
The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.

Supporting Types

FusionAuthIdpOpenIdConnectApplicationConfiguration
, FusionAuthIdpOpenIdConnectApplicationConfigurationArgs

ApplicationId string
ID of the Application to apply this configuration to.
ButtonImageUrl string
This is an optional Application specific override for the top level button image URL.
ButtonText string
This is an optional Application specific override for the top level button text.
CreateRegistration bool
Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
Enabled bool
Determines if this identity provider is enabled for the Application specified by the applicationId key.
Oauth2ClientId string
This is an optional Application specific override for the top level client id.
Oauth2ClientSecret string
This is an optional Application specific override for the top level client secret.
Oauth2Scope string
This is an optional Application specific override for the top level scope.
ApplicationId string
ID of the Application to apply this configuration to.
ButtonImageUrl string
This is an optional Application specific override for the top level button image URL.
ButtonText string
This is an optional Application specific override for the top level button text.
CreateRegistration bool
Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
Enabled bool
Determines if this identity provider is enabled for the Application specified by the applicationId key.
Oauth2ClientId string
This is an optional Application specific override for the top level client id.
Oauth2ClientSecret string
This is an optional Application specific override for the top level client secret.
Oauth2Scope string
This is an optional Application specific override for the top level scope.
applicationId String
ID of the Application to apply this configuration to.
buttonImageUrl String
This is an optional Application specific override for the top level button image URL.
buttonText String
This is an optional Application specific override for the top level button text.
createRegistration Boolean
Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
enabled Boolean
Determines if this identity provider is enabled for the Application specified by the applicationId key.
oauth2ClientId String
This is an optional Application specific override for the top level client id.
oauth2ClientSecret String
This is an optional Application specific override for the top level client secret.
oauth2Scope String
This is an optional Application specific override for the top level scope.
applicationId string
ID of the Application to apply this configuration to.
buttonImageUrl string
This is an optional Application specific override for the top level button image URL.
buttonText string
This is an optional Application specific override for the top level button text.
createRegistration boolean
Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
enabled boolean
Determines if this identity provider is enabled for the Application specified by the applicationId key.
oauth2ClientId string
This is an optional Application specific override for the top level client id.
oauth2ClientSecret string
This is an optional Application specific override for the top level client secret.
oauth2Scope string
This is an optional Application specific override for the top level scope.
application_id str
ID of the Application to apply this configuration to.
button_image_url str
This is an optional Application specific override for the top level button image URL.
button_text str
This is an optional Application specific override for the top level button text.
create_registration bool
Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
enabled bool
Determines if this identity provider is enabled for the Application specified by the applicationId key.
oauth2_client_id str
This is an optional Application specific override for the top level client id.
oauth2_client_secret str
This is an optional Application specific override for the top level client secret.
oauth2_scope str
This is an optional Application specific override for the top level scope.
applicationId String
ID of the Application to apply this configuration to.
buttonImageUrl String
This is an optional Application specific override for the top level button image URL.
buttonText String
This is an optional Application specific override for the top level button text.
createRegistration Boolean
Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.
enabled Boolean
Determines if this identity provider is enabled for the Application specified by the applicationId key.
oauth2ClientId String
This is an optional Application specific override for the top level client id.
oauth2ClientSecret String
This is an optional Application specific override for the top level client secret.
oauth2Scope String
This is an optional Application specific override for the top level scope.

FusionAuthIdpOpenIdConnectTenantConfiguration
, FusionAuthIdpOpenIdConnectTenantConfigurationArgs

LimitUserLinkCountEnabled bool
When enabled, the number of identity provider links a user may create is enforced by maximumLinks
LimitUserLinkCountMaximumLinks int
Determines if this provider is enabled. If it is false then it will be disabled globally.
TenantId string
The unique Id of the tenant that this configuration applies to.
LimitUserLinkCountEnabled bool
When enabled, the number of identity provider links a user may create is enforced by maximumLinks
LimitUserLinkCountMaximumLinks int
Determines if this provider is enabled. If it is false then it will be disabled globally.
TenantId string
The unique Id of the tenant that this configuration applies to.
limitUserLinkCountEnabled Boolean
When enabled, the number of identity provider links a user may create is enforced by maximumLinks
limitUserLinkCountMaximumLinks Integer
Determines if this provider is enabled. If it is false then it will be disabled globally.
tenantId String
The unique Id of the tenant that this configuration applies to.
limitUserLinkCountEnabled boolean
When enabled, the number of identity provider links a user may create is enforced by maximumLinks
limitUserLinkCountMaximumLinks number
Determines if this provider is enabled. If it is false then it will be disabled globally.
tenantId string
The unique Id of the tenant that this configuration applies to.
limit_user_link_count_enabled bool
When enabled, the number of identity provider links a user may create is enforced by maximumLinks
limit_user_link_count_maximum_links int
Determines if this provider is enabled. If it is false then it will be disabled globally.
tenant_id str
The unique Id of the tenant that this configuration applies to.
limitUserLinkCountEnabled Boolean
When enabled, the number of identity provider links a user may create is enforced by maximumLinks
limitUserLinkCountMaximumLinks Number
Determines if this provider is enabled. If it is false then it will be disabled globally.
tenantId String
The unique Id of the tenant that this configuration applies to.

Package Details

Repository
fusionauth theogravity/pulumi-fusionauth
License
MIT
Notes
This Pulumi package is based on the fusionauth Terraform Provider.
FusionAuth v6.0.2 published on Sunday, Feb 9, 2025 by Theo Gravity
theogravity/pulumi-fusionauth