FusionAuth v5.0.4 published on Tuesday, Jul 9, 2024 by Theo Gravity
fusionauth.FusionAuthApplication
Explore with Pulumi AI
# Application Resource
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as fusionauth from "pulumi-fusionauth";
const forum = new fusionauth.FusionAuthApplication("forum", {
tenantId: fusionauth_tenant.portal.id,
authenticationTokenConfigurationEnabled: false,
formConfiguration: {
adminRegistrationFormId: fusionauth_form.admin_registration.id,
selfServiceFormId: fusionauth_form.self_service.id,
},
jwtConfiguration: {
accessTokenId: fusionauth_key.access_token.id,
enabled: true,
idTokenKeyId: fusionauth_key.id_token.id,
refreshTokenTtlMinutes: 43200,
ttlSeconds: 3600,
},
lambdaConfiguration: {
accessTokenPopulateId: fusionauth_lambda.token_populate.id,
idTokenPopulateId: fusionauth_lambda.id_token_populate.id,
},
loginConfiguration: {
allowTokenRefresh: false,
generateRefreshTokens: false,
requireAuthentication: true,
},
multiFactorConfiguration: {
emailTemplateId: "859f394b-22a6-4fa6-ba55-de700df9e950",
smsTemplateId: "17760f96-dca7-448b-9a8f-c49016aa7210",
loginPolicy: "Required",
trustPolicy: "Any",
},
oauthConfiguration: {
authorizedOriginUrls: ["http://www.example.com/oauth-callback"],
authorizedUrlValidationPolicy: "ExactMatch",
enabledGrants: [
"authorization_code",
"implicit",
],
generateRefreshTokens: false,
logoutBehavior: "AllApplications",
logoutUrl: "http://www.example.com/logout",
requireClientAuthentication: false,
providedScopePolicies: [{
address: {
enabled: false,
required: false,
},
email: {
enabled: false,
required: false,
},
phone: {
enabled: false,
required: false,
},
profile: {
enabled: false,
required: false,
},
}],
},
registrationConfiguration: {
birthDate: {
enabled: false,
required: false,
},
confirmPassword: false,
enabled: false,
firstName: {
enabled: false,
required: false,
},
fullName: {
enabled: false,
required: false,
},
lastName: {
enabled: false,
required: false,
},
loginIdType: "",
middleName: {
enabled: false,
required: false,
},
mobilePhone: {
enabled: false,
required: false,
},
preferredLanguages: {
enabled: false,
required: false,
},
type: "",
},
passwordlessConfigurationEnabled: false,
registrationDeletePolicy: {
unverifiedEnabled: true,
unverifiedNumberOfDaysToRetain: 30,
},
});
import pulumi
import theogravity_pulumi-fusionauth as fusionauth
forum = fusionauth.FusionAuthApplication("forum",
tenant_id=fusionauth_tenant["portal"]["id"],
authentication_token_configuration_enabled=False,
form_configuration=fusionauth.FusionAuthApplicationFormConfigurationArgs(
admin_registration_form_id=fusionauth_form["admin_registration"]["id"],
self_service_form_id=fusionauth_form["self_service"]["id"],
),
jwt_configuration=fusionauth.FusionAuthApplicationJwtConfigurationArgs(
access_token_id=fusionauth_key["access_token"]["id"],
enabled=True,
id_token_key_id=fusionauth_key["id_token"]["id"],
refresh_token_ttl_minutes=43200,
ttl_seconds=3600,
),
lambda_configuration=fusionauth.FusionAuthApplicationLambdaConfigurationArgs(
access_token_populate_id=fusionauth_lambda["token_populate"]["id"],
id_token_populate_id=fusionauth_lambda["id_token_populate"]["id"],
),
login_configuration=fusionauth.FusionAuthApplicationLoginConfigurationArgs(
allow_token_refresh=False,
generate_refresh_tokens=False,
require_authentication=True,
),
multi_factor_configuration=fusionauth.FusionAuthApplicationMultiFactorConfigurationArgs(
email_template_id="859f394b-22a6-4fa6-ba55-de700df9e950",
sms_template_id="17760f96-dca7-448b-9a8f-c49016aa7210",
login_policy="Required",
trust_policy="Any",
),
oauth_configuration=fusionauth.FusionAuthApplicationOauthConfigurationArgs(
authorized_origin_urls=["http://www.example.com/oauth-callback"],
authorized_url_validation_policy="ExactMatch",
enabled_grants=[
"authorization_code",
"implicit",
],
generate_refresh_tokens=False,
logout_behavior="AllApplications",
logout_url="http://www.example.com/logout",
require_client_authentication=False,
provided_scope_policies=[fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs(
address=fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs(
enabled=False,
required=False,
),
email=fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs(
enabled=False,
required=False,
),
phone=fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs(
enabled=False,
required=False,
),
profile=fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs(
enabled=False,
required=False,
),
)],
),
registration_configuration=fusionauth.FusionAuthApplicationRegistrationConfigurationArgs(
birth_date=fusionauth.FusionAuthApplicationRegistrationConfigurationBirthDateArgs(
enabled=False,
required=False,
),
confirm_password=False,
enabled=False,
first_name=fusionauth.FusionAuthApplicationRegistrationConfigurationFirstNameArgs(
enabled=False,
required=False,
),
full_name=fusionauth.FusionAuthApplicationRegistrationConfigurationFullNameArgs(
enabled=False,
required=False,
),
last_name=fusionauth.FusionAuthApplicationRegistrationConfigurationLastNameArgs(
enabled=False,
required=False,
),
login_id_type="",
middle_name=fusionauth.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs(
enabled=False,
required=False,
),
mobile_phone=fusionauth.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs(
enabled=False,
required=False,
),
preferred_languages=fusionauth.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs(
enabled=False,
required=False,
),
type="",
),
passwordless_configuration_enabled=False,
registration_delete_policy=fusionauth.FusionAuthApplicationRegistrationDeletePolicyArgs(
unverified_enabled=True,
unverified_number_of_days_to_retain=30,
))
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := fusionauth.NewFusionAuthApplication(ctx, "forum", &fusionauth.FusionAuthApplicationArgs{
TenantId: pulumi.Any(fusionauth_tenant.Portal.Id),
AuthenticationTokenConfigurationEnabled: pulumi.Bool(false),
FormConfiguration: &fusionauth.FusionAuthApplicationFormConfigurationArgs{
AdminRegistrationFormId: pulumi.Any(fusionauth_form.Admin_registration.Id),
SelfServiceFormId: pulumi.Any(fusionauth_form.Self_service.Id),
},
JwtConfiguration: &fusionauth.FusionAuthApplicationJwtConfigurationArgs{
AccessTokenId: pulumi.Any(fusionauth_key.Access_token.Id),
Enabled: pulumi.Bool(true),
IdTokenKeyId: pulumi.Any(fusionauth_key.Id_token.Id),
RefreshTokenTtlMinutes: pulumi.Int(43200),
TtlSeconds: pulumi.Int(3600),
},
LambdaConfiguration: &fusionauth.FusionAuthApplicationLambdaConfigurationArgs{
AccessTokenPopulateId: pulumi.Any(fusionauth_lambda.Token_populate.Id),
IdTokenPopulateId: pulumi.Any(fusionauth_lambda.Id_token_populate.Id),
},
LoginConfiguration: &fusionauth.FusionAuthApplicationLoginConfigurationArgs{
AllowTokenRefresh: pulumi.Bool(false),
GenerateRefreshTokens: pulumi.Bool(false),
RequireAuthentication: pulumi.Bool(true),
},
MultiFactorConfiguration: &fusionauth.FusionAuthApplicationMultiFactorConfigurationArgs{
EmailTemplateId: pulumi.String("859f394b-22a6-4fa6-ba55-de700df9e950"),
SmsTemplateId: pulumi.String("17760f96-dca7-448b-9a8f-c49016aa7210"),
LoginPolicy: pulumi.String("Required"),
TrustPolicy: pulumi.String("Any"),
},
OauthConfiguration: &fusionauth.FusionAuthApplicationOauthConfigurationArgs{
AuthorizedOriginUrls: pulumi.StringArray{
pulumi.String("http://www.example.com/oauth-callback"),
},
AuthorizedUrlValidationPolicy: pulumi.String("ExactMatch"),
EnabledGrants: pulumi.StringArray{
pulumi.String("authorization_code"),
pulumi.String("implicit"),
},
GenerateRefreshTokens: pulumi.Bool(false),
LogoutBehavior: pulumi.String("AllApplications"),
LogoutUrl: pulumi.String("http://www.example.com/logout"),
RequireClientAuthentication: pulumi.Bool(false),
ProvidedScopePolicies: fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArray{
&fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs{
Address: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
Email: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
Phone: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
Profile: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
},
},
},
RegistrationConfiguration: &fusionauth.FusionAuthApplicationRegistrationConfigurationArgs{
BirthDate: &fusionauth.FusionAuthApplicationRegistrationConfigurationBirthDateArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
ConfirmPassword: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
FirstName: &fusionauth.FusionAuthApplicationRegistrationConfigurationFirstNameArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
FullName: &fusionauth.FusionAuthApplicationRegistrationConfigurationFullNameArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
LastName: &fusionauth.FusionAuthApplicationRegistrationConfigurationLastNameArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
LoginIdType: pulumi.String(""),
MiddleName: &fusionauth.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
MobilePhone: &fusionauth.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
PreferredLanguages: &fusionauth.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
Type: pulumi.String(""),
},
PasswordlessConfigurationEnabled: pulumi.Bool(false),
RegistrationDeletePolicy: &fusionauth.FusionAuthApplicationRegistrationDeletePolicyArgs{
UnverifiedEnabled: pulumi.Bool(true),
UnverifiedNumberOfDaysToRetain: pulumi.Int(30),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Fusionauth = theogravity.Fusionauth;
return await Deployment.RunAsync(() =>
{
var forum = new Fusionauth.FusionAuthApplication("forum", new()
{
TenantId = fusionauth_tenant.Portal.Id,
AuthenticationTokenConfigurationEnabled = false,
FormConfiguration = new Fusionauth.Inputs.FusionAuthApplicationFormConfigurationArgs
{
AdminRegistrationFormId = fusionauth_form.Admin_registration.Id,
SelfServiceFormId = fusionauth_form.Self_service.Id,
},
JwtConfiguration = new Fusionauth.Inputs.FusionAuthApplicationJwtConfigurationArgs
{
AccessTokenId = fusionauth_key.Access_token.Id,
Enabled = true,
IdTokenKeyId = fusionauth_key.Id_token.Id,
RefreshTokenTtlMinutes = 43200,
TtlSeconds = 3600,
},
LambdaConfiguration = new Fusionauth.Inputs.FusionAuthApplicationLambdaConfigurationArgs
{
AccessTokenPopulateId = fusionauth_lambda.Token_populate.Id,
IdTokenPopulateId = fusionauth_lambda.Id_token_populate.Id,
},
LoginConfiguration = new Fusionauth.Inputs.FusionAuthApplicationLoginConfigurationArgs
{
AllowTokenRefresh = false,
GenerateRefreshTokens = false,
RequireAuthentication = true,
},
MultiFactorConfiguration = new Fusionauth.Inputs.FusionAuthApplicationMultiFactorConfigurationArgs
{
EmailTemplateId = "859f394b-22a6-4fa6-ba55-de700df9e950",
SmsTemplateId = "17760f96-dca7-448b-9a8f-c49016aa7210",
LoginPolicy = "Required",
TrustPolicy = "Any",
},
OauthConfiguration = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationArgs
{
AuthorizedOriginUrls = new[]
{
"http://www.example.com/oauth-callback",
},
AuthorizedUrlValidationPolicy = "ExactMatch",
EnabledGrants = new[]
{
"authorization_code",
"implicit",
},
GenerateRefreshTokens = false,
LogoutBehavior = "AllApplications",
LogoutUrl = "http://www.example.com/logout",
RequireClientAuthentication = false,
ProvidedScopePolicies = new[]
{
new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs
{
Address = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs
{
Enabled = false,
Required = false,
},
Email = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs
{
Enabled = false,
Required = false,
},
Phone = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs
{
Enabled = false,
Required = false,
},
Profile = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs
{
Enabled = false,
Required = false,
},
},
},
},
RegistrationConfiguration = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationArgs
{
BirthDate = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationBirthDateArgs
{
Enabled = false,
Required = false,
},
ConfirmPassword = false,
Enabled = false,
FirstName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFirstNameArgs
{
Enabled = false,
Required = false,
},
FullName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFullNameArgs
{
Enabled = false,
Required = false,
},
LastName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationLastNameArgs
{
Enabled = false,
Required = false,
},
LoginIdType = "",
MiddleName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs
{
Enabled = false,
Required = false,
},
MobilePhone = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs
{
Enabled = false,
Required = false,
},
PreferredLanguages = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs
{
Enabled = false,
Required = false,
},
Type = "",
},
PasswordlessConfigurationEnabled = false,
RegistrationDeletePolicy = new Fusionauth.Inputs.FusionAuthApplicationRegistrationDeletePolicyArgs
{
UnverifiedEnabled = true,
UnverifiedNumberOfDaysToRetain = 30,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.fusionauth.FusionAuthApplication;
import com.pulumi.fusionauth.FusionAuthApplicationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationFormConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationJwtConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationLambdaConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationLoginConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationMultiFactorConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationOauthConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationBirthDateArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationFirstNameArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationFullNameArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationLastNameArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs;
import com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationDeletePolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var forum = new FusionAuthApplication("forum", FusionAuthApplicationArgs.builder()
.tenantId(fusionauth_tenant.portal().id())
.authenticationTokenConfigurationEnabled(false)
.formConfiguration(FusionAuthApplicationFormConfigurationArgs.builder()
.adminRegistrationFormId(fusionauth_form.admin_registration().id())
.selfServiceFormId(fusionauth_form.self_service().id())
.build())
.jwtConfiguration(FusionAuthApplicationJwtConfigurationArgs.builder()
.accessTokenId(fusionauth_key.access_token().id())
.enabled(true)
.idTokenKeyId(fusionauth_key.id_token().id())
.refreshTokenTtlMinutes(43200)
.ttlSeconds(3600)
.build())
.lambdaConfiguration(FusionAuthApplicationLambdaConfigurationArgs.builder()
.accessTokenPopulateId(fusionauth_lambda.token_populate().id())
.idTokenPopulateId(fusionauth_lambda.id_token_populate().id())
.build())
.loginConfiguration(FusionAuthApplicationLoginConfigurationArgs.builder()
.allowTokenRefresh(false)
.generateRefreshTokens(false)
.requireAuthentication(true)
.build())
.multiFactorConfiguration(FusionAuthApplicationMultiFactorConfigurationArgs.builder()
.emailTemplateId("859f394b-22a6-4fa6-ba55-de700df9e950")
.smsTemplateId("17760f96-dca7-448b-9a8f-c49016aa7210")
.loginPolicy("Required")
.trustPolicy("Any")
.build())
.oauthConfiguration(FusionAuthApplicationOauthConfigurationArgs.builder()
.authorizedOriginUrls("http://www.example.com/oauth-callback")
.authorizedUrlValidationPolicy("ExactMatch")
.enabledGrants(
"authorization_code",
"implicit")
.generateRefreshTokens(false)
.logoutBehavior("AllApplications")
.logoutUrl("http://www.example.com/logout")
.requireClientAuthentication(false)
.providedScopePolicies(FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs.builder()
.address(FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs.builder()
.enabled(false)
.required(false)
.build())
.email(FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs.builder()
.enabled(false)
.required(false)
.build())
.phone(FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs.builder()
.enabled(false)
.required(false)
.build())
.profile(FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs.builder()
.enabled(false)
.required(false)
.build())
.build())
.build())
.registrationConfiguration(FusionAuthApplicationRegistrationConfigurationArgs.builder()
.birthDate(FusionAuthApplicationRegistrationConfigurationBirthDateArgs.builder()
.enabled(false)
.required(false)
.build())
.confirmPassword(false)
.enabled(false)
.firstName(FusionAuthApplicationRegistrationConfigurationFirstNameArgs.builder()
.enabled(false)
.required(false)
.build())
.fullName(FusionAuthApplicationRegistrationConfigurationFullNameArgs.builder()
.enabled(false)
.required(false)
.build())
.lastName(FusionAuthApplicationRegistrationConfigurationLastNameArgs.builder()
.enabled(false)
.required(false)
.build())
.loginIdType("")
.middleName(FusionAuthApplicationRegistrationConfigurationMiddleNameArgs.builder()
.enabled(false)
.required(false)
.build())
.mobilePhone(FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs.builder()
.enabled(false)
.required(false)
.build())
.preferredLanguages(FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs.builder()
.enabled(false)
.required(false)
.build())
.type("")
.build())
.passwordlessConfigurationEnabled(false)
.registrationDeletePolicy(FusionAuthApplicationRegistrationDeletePolicyArgs.builder()
.unverifiedEnabled(true)
.unverifiedNumberOfDaysToRetain(30)
.build())
.build());
}
}
resources:
forum:
type: fusionauth:FusionAuthApplication
properties:
tenantId: ${fusionauth_tenant.portal.id}
authenticationTokenConfigurationEnabled: false
formConfiguration:
adminRegistrationFormId: ${fusionauth_form.admin_registration.id}
selfServiceFormId: ${fusionauth_form.self_service.id}
jwtConfiguration:
accessTokenId: ${fusionauth_key.access_token.id}
enabled: true
idTokenKeyId: ${fusionauth_key.id_token.id}
refreshTokenTtlMinutes: 43200
ttlSeconds: 3600
lambdaConfiguration:
accessTokenPopulateId: ${fusionauth_lambda.token_populate.id}
idTokenPopulateId: ${fusionauth_lambda.id_token_populate.id}
loginConfiguration:
allowTokenRefresh: false
generateRefreshTokens: false
requireAuthentication: true
multiFactorConfiguration:
emailTemplateId: 859f394b-22a6-4fa6-ba55-de700df9e950
smsTemplateId: 17760f96-dca7-448b-9a8f-c49016aa7210
loginPolicy: Required
trustPolicy: Any
oauthConfiguration:
authorizedOriginUrls:
- http://www.example.com/oauth-callback
authorizedUrlValidationPolicy: ExactMatch
enabledGrants:
- authorization_code
- implicit
generateRefreshTokens: false
logoutBehavior: AllApplications
logoutUrl: http://www.example.com/logout
requireClientAuthentication: false
providedScopePolicies:
- address:
enabled: false
required: false
email:
enabled: false
required: false
phone:
enabled: false
required: false
profile:
enabled: false
required: false
registrationConfiguration:
birthDate:
enabled: false
required: false
confirmPassword: false
enabled: false
firstName:
enabled: false
required: false
fullName:
enabled: false
required: false
lastName:
enabled: false
required: false
loginIdType:
middleName:
enabled: false
required: false
mobilePhone:
enabled: false
required: false
preferredLanguages:
enabled: false
required: false
type:
passwordlessConfigurationEnabled: false
registrationDeletePolicy:
unverifiedEnabled: true
unverifiedNumberOfDaysToRetain: 30
Create FusionAuthApplication Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FusionAuthApplication(name: string, args: FusionAuthApplicationArgs, opts?: CustomResourceOptions);
@overload
def FusionAuthApplication(resource_name: str,
args: FusionAuthApplicationArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FusionAuthApplication(resource_name: str,
opts: Optional[ResourceOptions] = None,
tenant_id: Optional[str] = None,
multi_factor_configuration: Optional[FusionAuthApplicationMultiFactorConfigurationArgs] = None,
email_configuration: Optional[FusionAuthApplicationEmailConfigurationArgs] = None,
name: Optional[str] = None,
passwordless_configuration_enabled: Optional[bool] = None,
oauth_configuration: Optional[FusionAuthApplicationOauthConfigurationArgs] = None,
form_configuration: Optional[FusionAuthApplicationFormConfigurationArgs] = None,
jwt_configuration: Optional[FusionAuthApplicationJwtConfigurationArgs] = None,
lambda_configuration: Optional[FusionAuthApplicationLambdaConfigurationArgs] = None,
login_configuration: Optional[FusionAuthApplicationLoginConfigurationArgs] = None,
access_control_configuration: Optional[FusionAuthApplicationAccessControlConfigurationArgs] = None,
clean_speak_configuration: Optional[FusionAuthApplicationCleanSpeakConfigurationArgs] = None,
authentication_token_configuration_enabled: Optional[bool] = None,
data: Optional[Mapping[str, Any]] = None,
registration_configuration: Optional[FusionAuthApplicationRegistrationConfigurationArgs] = None,
registration_delete_policy: Optional[FusionAuthApplicationRegistrationDeletePolicyArgs] = None,
samlv2_configuration: Optional[FusionAuthApplicationSamlv2ConfigurationArgs] = None,
application_id: Optional[str] = None,
theme_id: Optional[str] = None,
verification_email_template_id: Optional[str] = None,
verification_strategy: Optional[str] = None,
verify_registration: Optional[bool] = None)
func NewFusionAuthApplication(ctx *Context, name string, args FusionAuthApplicationArgs, opts ...ResourceOption) (*FusionAuthApplication, error)
public FusionAuthApplication(string name, FusionAuthApplicationArgs args, CustomResourceOptions? opts = null)
public FusionAuthApplication(String name, FusionAuthApplicationArgs args)
public FusionAuthApplication(String name, FusionAuthApplicationArgs args, CustomResourceOptions options)
type: fusionauth:FusionAuthApplication
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FusionAuthApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FusionAuthApplicationArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FusionAuthApplicationArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FusionAuthApplicationArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FusionAuthApplicationArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var fusionAuthApplicationResource = new Fusionauth.FusionAuthApplication("fusionAuthApplicationResource", new()
{
TenantId = "string",
MultiFactorConfiguration = new Fusionauth.Inputs.FusionAuthApplicationMultiFactorConfigurationArgs
{
EmailTemplateId = "string",
LoginPolicy = "string",
SmsTemplateId = "string",
TrustPolicy = "string",
},
EmailConfiguration = new Fusionauth.Inputs.FusionAuthApplicationEmailConfigurationArgs
{
EmailUpdateTemplateId = "string",
EmailVerificationTemplateId = "string",
EmailVerifiedTemplateId = "string",
ForgotPasswordTemplateId = "string",
LoginIdInUseOnCreateTemplateId = "string",
LoginIdInUseOnUpdateTemplateId = "string",
LoginNewDeviceTemplateId = "string",
LoginSuspiciousTemplateId = "string",
PasswordResetSuccessTemplateId = "string",
PasswordUpdateTemplateId = "string",
PasswordlessEmailTemplateId = "string",
SetPasswordEmailTemplateId = "string",
TwoFactorMethodAddTemplateId = "string",
TwoFactorMethodRemoveTemplateId = "string",
},
Name = "string",
PasswordlessConfigurationEnabled = false,
OauthConfiguration = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationArgs
{
ScopeHandlingPolicy = "string",
UnknownScopePolicy = "string",
GenerateRefreshTokens = false,
LogoutBehavior = "string",
ClientId = "string",
ClientSecret = "string",
ConsentMode = "string",
Debug = false,
DeviceVerificationUrl = "string",
EnabledGrants = new[]
{
"string",
},
AuthorizedOriginUrls = new[]
{
"string",
},
ClientAuthenticationPolicy = "string",
LogoutUrl = "string",
ProofKeyForCodeExchangePolicy = "string",
ProvidedScopePolicies = new[]
{
new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs
{
Address = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs
{
Enabled = false,
Required = false,
},
Email = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs
{
Enabled = false,
Required = false,
},
Phone = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs
{
Enabled = false,
Required = false,
},
Profile = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs
{
Enabled = false,
Required = false,
},
},
},
Relationship = "string",
RequireRegistration = false,
AuthorizedUrlValidationPolicy = "string",
AuthorizedRedirectUrls = new[]
{
"string",
},
},
FormConfiguration = new Fusionauth.Inputs.FusionAuthApplicationFormConfigurationArgs
{
AdminRegistrationFormId = "string",
SelfServiceFormId = "string",
},
JwtConfiguration = new Fusionauth.Inputs.FusionAuthApplicationJwtConfigurationArgs
{
AccessTokenId = "string",
Enabled = false,
IdTokenKeyId = "string",
RefreshTokenExpirationPolicy = "string",
RefreshTokenSlidingWindowMaximumTimeToLiveInMinutes = 0,
RefreshTokenTtlMinutes = 0,
RefreshTokenUsagePolicy = "string",
TtlSeconds = 0,
},
LambdaConfiguration = new Fusionauth.Inputs.FusionAuthApplicationLambdaConfigurationArgs
{
AccessTokenPopulateId = "string",
IdTokenPopulateId = "string",
Samlv2PopulateId = "string",
SelfServiceRegistrationValidationId = "string",
UserinfoPopulateId = "string",
},
LoginConfiguration = new Fusionauth.Inputs.FusionAuthApplicationLoginConfigurationArgs
{
AllowTokenRefresh = false,
GenerateRefreshTokens = false,
RequireAuthentication = false,
},
AccessControlConfiguration = new Fusionauth.Inputs.FusionAuthApplicationAccessControlConfigurationArgs
{
UiIpAccessControlListId = "string",
},
CleanSpeakConfiguration = new Fusionauth.Inputs.FusionAuthApplicationCleanSpeakConfigurationArgs
{
ApplicationIds = new[]
{
"string",
},
UsernameModeration = new Fusionauth.Inputs.FusionAuthApplicationCleanSpeakConfigurationUsernameModerationArgs
{
ApplicationId = "string",
Enabled = false,
},
},
AuthenticationTokenConfigurationEnabled = false,
Data =
{
{ "string", "any" },
},
RegistrationConfiguration = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationArgs
{
BirthDate = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationBirthDateArgs
{
Enabled = false,
Required = false,
},
ConfirmPassword = false,
Enabled = false,
FirstName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFirstNameArgs
{
Enabled = false,
Required = false,
},
FormId = "string",
FullName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFullNameArgs
{
Enabled = false,
Required = false,
},
LastName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationLastNameArgs
{
Enabled = false,
Required = false,
},
LoginIdType = "string",
MiddleName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs
{
Enabled = false,
Required = false,
},
MobilePhone = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs
{
Enabled = false,
Required = false,
},
PreferredLanguages = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs
{
Enabled = false,
Required = false,
},
Type = "string",
},
RegistrationDeletePolicy = new Fusionauth.Inputs.FusionAuthApplicationRegistrationDeletePolicyArgs
{
UnverifiedEnabled = false,
UnverifiedNumberOfDaysToRetain = 0,
},
Samlv2Configuration = new Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationArgs
{
Issuer = "string",
AuthorizedRedirectUrls = new[]
{
"string",
},
Debug = false,
Audience = "string",
DefaultVerificationKeyId = "string",
Enabled = false,
KeyId = "string",
Logout = new Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationLogoutArgs
{
Behavior = "string",
DefaultVerificationKeyId = "string",
KeyId = "string",
RequireSignedRequests = false,
SingleLogout = new Fusionauth.Inputs.FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogoutArgs
{
Enabled = false,
KeyId = "string",
Url = "string",
XmlSignatureCanonicalizationMethod = "string",
},
XmlSignatureCanonicalizationMethod = "string",
},
LogoutUrl = "string",
RequiredSignedRequests = false,
XmlSignatureCanonicalizationMethod = "string",
XmlSignatureLocation = "string",
},
ApplicationId = "string",
ThemeId = "string",
VerificationEmailTemplateId = "string",
VerificationStrategy = "string",
VerifyRegistration = false,
});
example, err := fusionauth.NewFusionAuthApplication(ctx, "fusionAuthApplicationResource", &fusionauth.FusionAuthApplicationArgs{
TenantId: pulumi.String("string"),
MultiFactorConfiguration: &fusionauth.FusionAuthApplicationMultiFactorConfigurationArgs{
EmailTemplateId: pulumi.String("string"),
LoginPolicy: pulumi.String("string"),
SmsTemplateId: pulumi.String("string"),
TrustPolicy: pulumi.String("string"),
},
EmailConfiguration: &fusionauth.FusionAuthApplicationEmailConfigurationArgs{
EmailUpdateTemplateId: pulumi.String("string"),
EmailVerificationTemplateId: pulumi.String("string"),
EmailVerifiedTemplateId: pulumi.String("string"),
ForgotPasswordTemplateId: pulumi.String("string"),
LoginIdInUseOnCreateTemplateId: pulumi.String("string"),
LoginIdInUseOnUpdateTemplateId: pulumi.String("string"),
LoginNewDeviceTemplateId: pulumi.String("string"),
LoginSuspiciousTemplateId: pulumi.String("string"),
PasswordResetSuccessTemplateId: pulumi.String("string"),
PasswordUpdateTemplateId: pulumi.String("string"),
PasswordlessEmailTemplateId: pulumi.String("string"),
SetPasswordEmailTemplateId: pulumi.String("string"),
TwoFactorMethodAddTemplateId: pulumi.String("string"),
TwoFactorMethodRemoveTemplateId: pulumi.String("string"),
},
Name: pulumi.String("string"),
PasswordlessConfigurationEnabled: pulumi.Bool(false),
OauthConfiguration: &fusionauth.FusionAuthApplicationOauthConfigurationArgs{
ScopeHandlingPolicy: pulumi.String("string"),
UnknownScopePolicy: pulumi.String("string"),
GenerateRefreshTokens: pulumi.Bool(false),
LogoutBehavior: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
ConsentMode: pulumi.String("string"),
Debug: pulumi.Bool(false),
DeviceVerificationUrl: pulumi.String("string"),
EnabledGrants: pulumi.StringArray{
pulumi.String("string"),
},
AuthorizedOriginUrls: pulumi.StringArray{
pulumi.String("string"),
},
ClientAuthenticationPolicy: pulumi.String("string"),
LogoutUrl: pulumi.String("string"),
ProofKeyForCodeExchangePolicy: pulumi.String("string"),
ProvidedScopePolicies: fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArray{
&fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs{
Address: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
Email: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
Phone: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
Profile: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
},
},
Relationship: pulumi.String("string"),
RequireRegistration: pulumi.Bool(false),
AuthorizedUrlValidationPolicy: pulumi.String("string"),
AuthorizedRedirectUrls: pulumi.StringArray{
pulumi.String("string"),
},
},
FormConfiguration: &fusionauth.FusionAuthApplicationFormConfigurationArgs{
AdminRegistrationFormId: pulumi.String("string"),
SelfServiceFormId: pulumi.String("string"),
},
JwtConfiguration: &fusionauth.FusionAuthApplicationJwtConfigurationArgs{
AccessTokenId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
IdTokenKeyId: pulumi.String("string"),
RefreshTokenExpirationPolicy: pulumi.String("string"),
RefreshTokenSlidingWindowMaximumTimeToLiveInMinutes: pulumi.Int(0),
RefreshTokenTtlMinutes: pulumi.Int(0),
RefreshTokenUsagePolicy: pulumi.String("string"),
TtlSeconds: pulumi.Int(0),
},
LambdaConfiguration: &fusionauth.FusionAuthApplicationLambdaConfigurationArgs{
AccessTokenPopulateId: pulumi.String("string"),
IdTokenPopulateId: pulumi.String("string"),
Samlv2PopulateId: pulumi.String("string"),
SelfServiceRegistrationValidationId: pulumi.String("string"),
UserinfoPopulateId: pulumi.String("string"),
},
LoginConfiguration: &fusionauth.FusionAuthApplicationLoginConfigurationArgs{
AllowTokenRefresh: pulumi.Bool(false),
GenerateRefreshTokens: pulumi.Bool(false),
RequireAuthentication: pulumi.Bool(false),
},
AccessControlConfiguration: &fusionauth.FusionAuthApplicationAccessControlConfigurationArgs{
UiIpAccessControlListId: pulumi.String("string"),
},
CleanSpeakConfiguration: &fusionauth.FusionAuthApplicationCleanSpeakConfigurationArgs{
ApplicationIds: pulumi.StringArray{
pulumi.String("string"),
},
UsernameModeration: &fusionauth.FusionAuthApplicationCleanSpeakConfigurationUsernameModerationArgs{
ApplicationId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
},
},
AuthenticationTokenConfigurationEnabled: pulumi.Bool(false),
Data: pulumi.Map{
"string": pulumi.Any("any"),
},
RegistrationConfiguration: &fusionauth.FusionAuthApplicationRegistrationConfigurationArgs{
BirthDate: &fusionauth.FusionAuthApplicationRegistrationConfigurationBirthDateArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
ConfirmPassword: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
FirstName: &fusionauth.FusionAuthApplicationRegistrationConfigurationFirstNameArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
FormId: pulumi.String("string"),
FullName: &fusionauth.FusionAuthApplicationRegistrationConfigurationFullNameArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
LastName: &fusionauth.FusionAuthApplicationRegistrationConfigurationLastNameArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
LoginIdType: pulumi.String("string"),
MiddleName: &fusionauth.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
MobilePhone: &fusionauth.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
PreferredLanguages: &fusionauth.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs{
Enabled: pulumi.Bool(false),
Required: pulumi.Bool(false),
},
Type: pulumi.String("string"),
},
RegistrationDeletePolicy: &fusionauth.FusionAuthApplicationRegistrationDeletePolicyArgs{
UnverifiedEnabled: pulumi.Bool(false),
UnverifiedNumberOfDaysToRetain: pulumi.Int(0),
},
Samlv2Configuration: &fusionauth.FusionAuthApplicationSamlv2ConfigurationArgs{
Issuer: pulumi.String("string"),
AuthorizedRedirectUrls: pulumi.StringArray{
pulumi.String("string"),
},
Debug: pulumi.Bool(false),
Audience: pulumi.String("string"),
DefaultVerificationKeyId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
KeyId: pulumi.String("string"),
Logout: &fusionauth.FusionAuthApplicationSamlv2ConfigurationLogoutArgs{
Behavior: pulumi.String("string"),
DefaultVerificationKeyId: pulumi.String("string"),
KeyId: pulumi.String("string"),
RequireSignedRequests: pulumi.Bool(false),
SingleLogout: &fusionauth.FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogoutArgs{
Enabled: pulumi.Bool(false),
KeyId: pulumi.String("string"),
Url: pulumi.String("string"),
XmlSignatureCanonicalizationMethod: pulumi.String("string"),
},
XmlSignatureCanonicalizationMethod: pulumi.String("string"),
},
LogoutUrl: pulumi.String("string"),
RequiredSignedRequests: pulumi.Bool(false),
XmlSignatureCanonicalizationMethod: pulumi.String("string"),
XmlSignatureLocation: pulumi.String("string"),
},
ApplicationId: pulumi.String("string"),
ThemeId: pulumi.String("string"),
VerificationEmailTemplateId: pulumi.String("string"),
VerificationStrategy: pulumi.String("string"),
VerifyRegistration: pulumi.Bool(false),
})
var fusionAuthApplicationResource = new FusionAuthApplication("fusionAuthApplicationResource", FusionAuthApplicationArgs.builder()
.tenantId("string")
.multiFactorConfiguration(FusionAuthApplicationMultiFactorConfigurationArgs.builder()
.emailTemplateId("string")
.loginPolicy("string")
.smsTemplateId("string")
.trustPolicy("string")
.build())
.emailConfiguration(FusionAuthApplicationEmailConfigurationArgs.builder()
.emailUpdateTemplateId("string")
.emailVerificationTemplateId("string")
.emailVerifiedTemplateId("string")
.forgotPasswordTemplateId("string")
.loginIdInUseOnCreateTemplateId("string")
.loginIdInUseOnUpdateTemplateId("string")
.loginNewDeviceTemplateId("string")
.loginSuspiciousTemplateId("string")
.passwordResetSuccessTemplateId("string")
.passwordUpdateTemplateId("string")
.passwordlessEmailTemplateId("string")
.setPasswordEmailTemplateId("string")
.twoFactorMethodAddTemplateId("string")
.twoFactorMethodRemoveTemplateId("string")
.build())
.name("string")
.passwordlessConfigurationEnabled(false)
.oauthConfiguration(FusionAuthApplicationOauthConfigurationArgs.builder()
.scopeHandlingPolicy("string")
.unknownScopePolicy("string")
.generateRefreshTokens(false)
.logoutBehavior("string")
.clientId("string")
.clientSecret("string")
.consentMode("string")
.debug(false)
.deviceVerificationUrl("string")
.enabledGrants("string")
.authorizedOriginUrls("string")
.clientAuthenticationPolicy("string")
.logoutUrl("string")
.proofKeyForCodeExchangePolicy("string")
.providedScopePolicies(FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs.builder()
.address(FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs.builder()
.enabled(false)
.required(false)
.build())
.email(FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs.builder()
.enabled(false)
.required(false)
.build())
.phone(FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs.builder()
.enabled(false)
.required(false)
.build())
.profile(FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs.builder()
.enabled(false)
.required(false)
.build())
.build())
.relationship("string")
.requireRegistration(false)
.authorizedUrlValidationPolicy("string")
.authorizedRedirectUrls("string")
.build())
.formConfiguration(FusionAuthApplicationFormConfigurationArgs.builder()
.adminRegistrationFormId("string")
.selfServiceFormId("string")
.build())
.jwtConfiguration(FusionAuthApplicationJwtConfigurationArgs.builder()
.accessTokenId("string")
.enabled(false)
.idTokenKeyId("string")
.refreshTokenExpirationPolicy("string")
.refreshTokenSlidingWindowMaximumTimeToLiveInMinutes(0)
.refreshTokenTtlMinutes(0)
.refreshTokenUsagePolicy("string")
.ttlSeconds(0)
.build())
.lambdaConfiguration(FusionAuthApplicationLambdaConfigurationArgs.builder()
.accessTokenPopulateId("string")
.idTokenPopulateId("string")
.samlv2PopulateId("string")
.selfServiceRegistrationValidationId("string")
.userinfoPopulateId("string")
.build())
.loginConfiguration(FusionAuthApplicationLoginConfigurationArgs.builder()
.allowTokenRefresh(false)
.generateRefreshTokens(false)
.requireAuthentication(false)
.build())
.accessControlConfiguration(FusionAuthApplicationAccessControlConfigurationArgs.builder()
.uiIpAccessControlListId("string")
.build())
.cleanSpeakConfiguration(FusionAuthApplicationCleanSpeakConfigurationArgs.builder()
.applicationIds("string")
.usernameModeration(FusionAuthApplicationCleanSpeakConfigurationUsernameModerationArgs.builder()
.applicationId("string")
.enabled(false)
.build())
.build())
.authenticationTokenConfigurationEnabled(false)
.data(Map.of("string", "any"))
.registrationConfiguration(FusionAuthApplicationRegistrationConfigurationArgs.builder()
.birthDate(FusionAuthApplicationRegistrationConfigurationBirthDateArgs.builder()
.enabled(false)
.required(false)
.build())
.confirmPassword(false)
.enabled(false)
.firstName(FusionAuthApplicationRegistrationConfigurationFirstNameArgs.builder()
.enabled(false)
.required(false)
.build())
.formId("string")
.fullName(FusionAuthApplicationRegistrationConfigurationFullNameArgs.builder()
.enabled(false)
.required(false)
.build())
.lastName(FusionAuthApplicationRegistrationConfigurationLastNameArgs.builder()
.enabled(false)
.required(false)
.build())
.loginIdType("string")
.middleName(FusionAuthApplicationRegistrationConfigurationMiddleNameArgs.builder()
.enabled(false)
.required(false)
.build())
.mobilePhone(FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs.builder()
.enabled(false)
.required(false)
.build())
.preferredLanguages(FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs.builder()
.enabled(false)
.required(false)
.build())
.type("string")
.build())
.registrationDeletePolicy(FusionAuthApplicationRegistrationDeletePolicyArgs.builder()
.unverifiedEnabled(false)
.unverifiedNumberOfDaysToRetain(0)
.build())
.samlv2Configuration(FusionAuthApplicationSamlv2ConfigurationArgs.builder()
.issuer("string")
.authorizedRedirectUrls("string")
.debug(false)
.audience("string")
.defaultVerificationKeyId("string")
.enabled(false)
.keyId("string")
.logout(FusionAuthApplicationSamlv2ConfigurationLogoutArgs.builder()
.behavior("string")
.defaultVerificationKeyId("string")
.keyId("string")
.requireSignedRequests(false)
.singleLogout(FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogoutArgs.builder()
.enabled(false)
.keyId("string")
.url("string")
.xmlSignatureCanonicalizationMethod("string")
.build())
.xmlSignatureCanonicalizationMethod("string")
.build())
.logoutUrl("string")
.requiredSignedRequests(false)
.xmlSignatureCanonicalizationMethod("string")
.xmlSignatureLocation("string")
.build())
.applicationId("string")
.themeId("string")
.verificationEmailTemplateId("string")
.verificationStrategy("string")
.verifyRegistration(false)
.build());
fusion_auth_application_resource = fusionauth.FusionAuthApplication("fusionAuthApplicationResource",
tenant_id="string",
multi_factor_configuration=fusionauth.FusionAuthApplicationMultiFactorConfigurationArgs(
email_template_id="string",
login_policy="string",
sms_template_id="string",
trust_policy="string",
),
email_configuration=fusionauth.FusionAuthApplicationEmailConfigurationArgs(
email_update_template_id="string",
email_verification_template_id="string",
email_verified_template_id="string",
forgot_password_template_id="string",
login_id_in_use_on_create_template_id="string",
login_id_in_use_on_update_template_id="string",
login_new_device_template_id="string",
login_suspicious_template_id="string",
password_reset_success_template_id="string",
password_update_template_id="string",
passwordless_email_template_id="string",
set_password_email_template_id="string",
two_factor_method_add_template_id="string",
two_factor_method_remove_template_id="string",
),
name="string",
passwordless_configuration_enabled=False,
oauth_configuration=fusionauth.FusionAuthApplicationOauthConfigurationArgs(
scope_handling_policy="string",
unknown_scope_policy="string",
generate_refresh_tokens=False,
logout_behavior="string",
client_id="string",
client_secret="string",
consent_mode="string",
debug=False,
device_verification_url="string",
enabled_grants=["string"],
authorized_origin_urls=["string"],
client_authentication_policy="string",
logout_url="string",
proof_key_for_code_exchange_policy="string",
provided_scope_policies=[fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs(
address=fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs(
enabled=False,
required=False,
),
email=fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs(
enabled=False,
required=False,
),
phone=fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs(
enabled=False,
required=False,
),
profile=fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs(
enabled=False,
required=False,
),
)],
relationship="string",
require_registration=False,
authorized_url_validation_policy="string",
authorized_redirect_urls=["string"],
),
form_configuration=fusionauth.FusionAuthApplicationFormConfigurationArgs(
admin_registration_form_id="string",
self_service_form_id="string",
),
jwt_configuration=fusionauth.FusionAuthApplicationJwtConfigurationArgs(
access_token_id="string",
enabled=False,
id_token_key_id="string",
refresh_token_expiration_policy="string",
refresh_token_sliding_window_maximum_time_to_live_in_minutes=0,
refresh_token_ttl_minutes=0,
refresh_token_usage_policy="string",
ttl_seconds=0,
),
lambda_configuration=fusionauth.FusionAuthApplicationLambdaConfigurationArgs(
access_token_populate_id="string",
id_token_populate_id="string",
samlv2_populate_id="string",
self_service_registration_validation_id="string",
userinfo_populate_id="string",
),
login_configuration=fusionauth.FusionAuthApplicationLoginConfigurationArgs(
allow_token_refresh=False,
generate_refresh_tokens=False,
require_authentication=False,
),
access_control_configuration=fusionauth.FusionAuthApplicationAccessControlConfigurationArgs(
ui_ip_access_control_list_id="string",
),
clean_speak_configuration=fusionauth.FusionAuthApplicationCleanSpeakConfigurationArgs(
application_ids=["string"],
username_moderation=fusionauth.FusionAuthApplicationCleanSpeakConfigurationUsernameModerationArgs(
application_id="string",
enabled=False,
),
),
authentication_token_configuration_enabled=False,
data={
"string": "any",
},
registration_configuration=fusionauth.FusionAuthApplicationRegistrationConfigurationArgs(
birth_date=fusionauth.FusionAuthApplicationRegistrationConfigurationBirthDateArgs(
enabled=False,
required=False,
),
confirm_password=False,
enabled=False,
first_name=fusionauth.FusionAuthApplicationRegistrationConfigurationFirstNameArgs(
enabled=False,
required=False,
),
form_id="string",
full_name=fusionauth.FusionAuthApplicationRegistrationConfigurationFullNameArgs(
enabled=False,
required=False,
),
last_name=fusionauth.FusionAuthApplicationRegistrationConfigurationLastNameArgs(
enabled=False,
required=False,
),
login_id_type="string",
middle_name=fusionauth.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs(
enabled=False,
required=False,
),
mobile_phone=fusionauth.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs(
enabled=False,
required=False,
),
preferred_languages=fusionauth.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs(
enabled=False,
required=False,
),
type="string",
),
registration_delete_policy=fusionauth.FusionAuthApplicationRegistrationDeletePolicyArgs(
unverified_enabled=False,
unverified_number_of_days_to_retain=0,
),
samlv2_configuration=fusionauth.FusionAuthApplicationSamlv2ConfigurationArgs(
issuer="string",
authorized_redirect_urls=["string"],
debug=False,
audience="string",
default_verification_key_id="string",
enabled=False,
key_id="string",
logout=fusionauth.FusionAuthApplicationSamlv2ConfigurationLogoutArgs(
behavior="string",
default_verification_key_id="string",
key_id="string",
require_signed_requests=False,
single_logout=fusionauth.FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogoutArgs(
enabled=False,
key_id="string",
url="string",
xml_signature_canonicalization_method="string",
),
xml_signature_canonicalization_method="string",
),
logout_url="string",
required_signed_requests=False,
xml_signature_canonicalization_method="string",
xml_signature_location="string",
),
application_id="string",
theme_id="string",
verification_email_template_id="string",
verification_strategy="string",
verify_registration=False)
const fusionAuthApplicationResource = new fusionauth.FusionAuthApplication("fusionAuthApplicationResource", {
tenantId: "string",
multiFactorConfiguration: {
emailTemplateId: "string",
loginPolicy: "string",
smsTemplateId: "string",
trustPolicy: "string",
},
emailConfiguration: {
emailUpdateTemplateId: "string",
emailVerificationTemplateId: "string",
emailVerifiedTemplateId: "string",
forgotPasswordTemplateId: "string",
loginIdInUseOnCreateTemplateId: "string",
loginIdInUseOnUpdateTemplateId: "string",
loginNewDeviceTemplateId: "string",
loginSuspiciousTemplateId: "string",
passwordResetSuccessTemplateId: "string",
passwordUpdateTemplateId: "string",
passwordlessEmailTemplateId: "string",
setPasswordEmailTemplateId: "string",
twoFactorMethodAddTemplateId: "string",
twoFactorMethodRemoveTemplateId: "string",
},
name: "string",
passwordlessConfigurationEnabled: false,
oauthConfiguration: {
scopeHandlingPolicy: "string",
unknownScopePolicy: "string",
generateRefreshTokens: false,
logoutBehavior: "string",
clientId: "string",
clientSecret: "string",
consentMode: "string",
debug: false,
deviceVerificationUrl: "string",
enabledGrants: ["string"],
authorizedOriginUrls: ["string"],
clientAuthenticationPolicy: "string",
logoutUrl: "string",
proofKeyForCodeExchangePolicy: "string",
providedScopePolicies: [{
address: {
enabled: false,
required: false,
},
email: {
enabled: false,
required: false,
},
phone: {
enabled: false,
required: false,
},
profile: {
enabled: false,
required: false,
},
}],
relationship: "string",
requireRegistration: false,
authorizedUrlValidationPolicy: "string",
authorizedRedirectUrls: ["string"],
},
formConfiguration: {
adminRegistrationFormId: "string",
selfServiceFormId: "string",
},
jwtConfiguration: {
accessTokenId: "string",
enabled: false,
idTokenKeyId: "string",
refreshTokenExpirationPolicy: "string",
refreshTokenSlidingWindowMaximumTimeToLiveInMinutes: 0,
refreshTokenTtlMinutes: 0,
refreshTokenUsagePolicy: "string",
ttlSeconds: 0,
},
lambdaConfiguration: {
accessTokenPopulateId: "string",
idTokenPopulateId: "string",
samlv2PopulateId: "string",
selfServiceRegistrationValidationId: "string",
userinfoPopulateId: "string",
},
loginConfiguration: {
allowTokenRefresh: false,
generateRefreshTokens: false,
requireAuthentication: false,
},
accessControlConfiguration: {
uiIpAccessControlListId: "string",
},
cleanSpeakConfiguration: {
applicationIds: ["string"],
usernameModeration: {
applicationId: "string",
enabled: false,
},
},
authenticationTokenConfigurationEnabled: false,
data: {
string: "any",
},
registrationConfiguration: {
birthDate: {
enabled: false,
required: false,
},
confirmPassword: false,
enabled: false,
firstName: {
enabled: false,
required: false,
},
formId: "string",
fullName: {
enabled: false,
required: false,
},
lastName: {
enabled: false,
required: false,
},
loginIdType: "string",
middleName: {
enabled: false,
required: false,
},
mobilePhone: {
enabled: false,
required: false,
},
preferredLanguages: {
enabled: false,
required: false,
},
type: "string",
},
registrationDeletePolicy: {
unverifiedEnabled: false,
unverifiedNumberOfDaysToRetain: 0,
},
samlv2Configuration: {
issuer: "string",
authorizedRedirectUrls: ["string"],
debug: false,
audience: "string",
defaultVerificationKeyId: "string",
enabled: false,
keyId: "string",
logout: {
behavior: "string",
defaultVerificationKeyId: "string",
keyId: "string",
requireSignedRequests: false,
singleLogout: {
enabled: false,
keyId: "string",
url: "string",
xmlSignatureCanonicalizationMethod: "string",
},
xmlSignatureCanonicalizationMethod: "string",
},
logoutUrl: "string",
requiredSignedRequests: false,
xmlSignatureCanonicalizationMethod: "string",
xmlSignatureLocation: "string",
},
applicationId: "string",
themeId: "string",
verificationEmailTemplateId: "string",
verificationStrategy: "string",
verifyRegistration: false,
});
type: fusionauth:FusionAuthApplication
properties:
accessControlConfiguration:
uiIpAccessControlListId: string
applicationId: string
authenticationTokenConfigurationEnabled: false
cleanSpeakConfiguration:
applicationIds:
- string
usernameModeration:
applicationId: string
enabled: false
data:
string: any
emailConfiguration:
emailUpdateTemplateId: string
emailVerificationTemplateId: string
emailVerifiedTemplateId: string
forgotPasswordTemplateId: string
loginIdInUseOnCreateTemplateId: string
loginIdInUseOnUpdateTemplateId: string
loginNewDeviceTemplateId: string
loginSuspiciousTemplateId: string
passwordResetSuccessTemplateId: string
passwordUpdateTemplateId: string
passwordlessEmailTemplateId: string
setPasswordEmailTemplateId: string
twoFactorMethodAddTemplateId: string
twoFactorMethodRemoveTemplateId: string
formConfiguration:
adminRegistrationFormId: string
selfServiceFormId: string
jwtConfiguration:
accessTokenId: string
enabled: false
idTokenKeyId: string
refreshTokenExpirationPolicy: string
refreshTokenSlidingWindowMaximumTimeToLiveInMinutes: 0
refreshTokenTtlMinutes: 0
refreshTokenUsagePolicy: string
ttlSeconds: 0
lambdaConfiguration:
accessTokenPopulateId: string
idTokenPopulateId: string
samlv2PopulateId: string
selfServiceRegistrationValidationId: string
userinfoPopulateId: string
loginConfiguration:
allowTokenRefresh: false
generateRefreshTokens: false
requireAuthentication: false
multiFactorConfiguration:
emailTemplateId: string
loginPolicy: string
smsTemplateId: string
trustPolicy: string
name: string
oauthConfiguration:
authorizedOriginUrls:
- string
authorizedRedirectUrls:
- string
authorizedUrlValidationPolicy: string
clientAuthenticationPolicy: string
clientId: string
clientSecret: string
consentMode: string
debug: false
deviceVerificationUrl: string
enabledGrants:
- string
generateRefreshTokens: false
logoutBehavior: string
logoutUrl: string
proofKeyForCodeExchangePolicy: string
providedScopePolicies:
- address:
enabled: false
required: false
email:
enabled: false
required: false
phone:
enabled: false
required: false
profile:
enabled: false
required: false
relationship: string
requireRegistration: false
scopeHandlingPolicy: string
unknownScopePolicy: string
passwordlessConfigurationEnabled: false
registrationConfiguration:
birthDate:
enabled: false
required: false
confirmPassword: false
enabled: false
firstName:
enabled: false
required: false
formId: string
fullName:
enabled: false
required: false
lastName:
enabled: false
required: false
loginIdType: string
middleName:
enabled: false
required: false
mobilePhone:
enabled: false
required: false
preferredLanguages:
enabled: false
required: false
type: string
registrationDeletePolicy:
unverifiedEnabled: false
unverifiedNumberOfDaysToRetain: 0
samlv2Configuration:
audience: string
authorizedRedirectUrls:
- string
debug: false
defaultVerificationKeyId: string
enabled: false
issuer: string
keyId: string
logout:
behavior: string
defaultVerificationKeyId: string
keyId: string
requireSignedRequests: false
singleLogout:
enabled: false
keyId: string
url: string
xmlSignatureCanonicalizationMethod: string
xmlSignatureCanonicalizationMethod: string
logoutUrl: string
requiredSignedRequests: false
xmlSignatureCanonicalizationMethod: string
xmlSignatureLocation: string
tenantId: string
themeId: string
verificationEmailTemplateId: string
verificationStrategy: string
verifyRegistration: false
FusionAuthApplication Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The FusionAuthApplication resource accepts the following input properties:
- Tenant
Id string - Access
Control theogravity.Configuration Fusionauth. Inputs. Fusion Auth Application Access Control Configuration - Application
Id string - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- Authentication
Token boolConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- Clean
Speak theogravity.Configuration Fusionauth. Inputs. Fusion Auth Application Clean Speak Configuration - Data Dictionary<string, object>
- An object that can hold any information about the Application that should be persisted.
- Email
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Email Configuration - Form
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Form Configuration - Jwt
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Jwt Configuration - Lambda
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Lambda Configuration - Login
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Login Configuration - Multi
Factor theogravity.Configuration Fusionauth. Inputs. Fusion Auth Application Multi Factor Configuration - Name string
- The name of the Application.
- Oauth
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Oauth Configuration - Passwordless
Configuration boolEnabled - Determines if passwordless login is enabled for this application.
- Registration
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration - Registration
Delete theogravity.Policy Fusionauth. Inputs. Fusion Auth Application Registration Delete Policy - Samlv2Configuration
theogravity.
Fusionauth. Inputs. Fusion Auth Application Samlv2Configuration - Theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- Verification
Email stringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- Verification
Strategy string - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- Verify
Registration bool - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- Tenant
Id string - Access
Control FusionConfiguration Auth Application Access Control Configuration Args - Application
Id string - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- Authentication
Token boolConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- Clean
Speak FusionConfiguration Auth Application Clean Speak Configuration Args - Data map[string]interface{}
- An object that can hold any information about the Application that should be persisted.
- Email
Configuration FusionAuth Application Email Configuration Args - Form
Configuration FusionAuth Application Form Configuration Args - Jwt
Configuration FusionAuth Application Jwt Configuration Args - Lambda
Configuration FusionAuth Application Lambda Configuration Args - Login
Configuration FusionAuth Application Login Configuration Args - Multi
Factor FusionConfiguration Auth Application Multi Factor Configuration Args - Name string
- The name of the Application.
- Oauth
Configuration FusionAuth Application Oauth Configuration Args - Passwordless
Configuration boolEnabled - Determines if passwordless login is enabled for this application.
- Registration
Configuration FusionAuth Application Registration Configuration Args - Registration
Delete FusionPolicy Auth Application Registration Delete Policy Args - Samlv2Configuration
Fusion
Auth Application Samlv2Configuration Args - Theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- Verification
Email stringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- Verification
Strategy string - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- Verify
Registration bool - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- tenant
Id String - access
Control FusionConfiguration Auth Application Access Control Configuration - application
Id String - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- authentication
Token BooleanConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- clean
Speak FusionConfiguration Auth Application Clean Speak Configuration - data Map<String,Object>
- An object that can hold any information about the Application that should be persisted.
- email
Configuration FusionAuth Application Email Configuration - form
Configuration FusionAuth Application Form Configuration - jwt
Configuration FusionAuth Application Jwt Configuration - lambda
Configuration FusionAuth Application Lambda Configuration - login
Configuration FusionAuth Application Login Configuration - multi
Factor FusionConfiguration Auth Application Multi Factor Configuration - name String
- The name of the Application.
- oauth
Configuration FusionAuth Application Oauth Configuration - passwordless
Configuration BooleanEnabled - Determines if passwordless login is enabled for this application.
- registration
Configuration FusionAuth Application Registration Configuration - registration
Delete FusionPolicy Auth Application Registration Delete Policy - samlv2Configuration
Fusion
Auth Application Samlv2Configuration - theme
Id String - The unique Id of the theme to be used to style the login page and other end user templates.
- verification
Email StringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- verification
Strategy String - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- verify
Registration Boolean - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- tenant
Id string - access
Control FusionConfiguration Auth Application Access Control Configuration - application
Id string - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- authentication
Token booleanConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- clean
Speak FusionConfiguration Auth Application Clean Speak Configuration - data {[key: string]: any}
- An object that can hold any information about the Application that should be persisted.
- email
Configuration FusionAuth Application Email Configuration - form
Configuration FusionAuth Application Form Configuration - jwt
Configuration FusionAuth Application Jwt Configuration - lambda
Configuration FusionAuth Application Lambda Configuration - login
Configuration FusionAuth Application Login Configuration - multi
Factor FusionConfiguration Auth Application Multi Factor Configuration - name string
- The name of the Application.
- oauth
Configuration FusionAuth Application Oauth Configuration - passwordless
Configuration booleanEnabled - Determines if passwordless login is enabled for this application.
- registration
Configuration FusionAuth Application Registration Configuration - registration
Delete FusionPolicy Auth Application Registration Delete Policy - samlv2Configuration
Fusion
Auth Application Samlv2Configuration - theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- verification
Email stringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- verification
Strategy string - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- verify
Registration boolean - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- tenant_
id str - access_
control_ Fusionconfiguration Auth Application Access Control Configuration Args - application_
id str - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- authentication_
token_ boolconfiguration_ enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- clean_
speak_ Fusionconfiguration Auth Application Clean Speak Configuration Args - data Mapping[str, Any]
- An object that can hold any information about the Application that should be persisted.
- email_
configuration FusionAuth Application Email Configuration Args - form_
configuration FusionAuth Application Form Configuration Args - jwt_
configuration FusionAuth Application Jwt Configuration Args - lambda_
configuration FusionAuth Application Lambda Configuration Args - login_
configuration FusionAuth Application Login Configuration Args - multi_
factor_ Fusionconfiguration Auth Application Multi Factor Configuration Args - name str
- The name of the Application.
- oauth_
configuration FusionAuth Application Oauth Configuration Args - passwordless_
configuration_ boolenabled - Determines if passwordless login is enabled for this application.
- registration_
configuration FusionAuth Application Registration Configuration Args - registration_
delete_ Fusionpolicy Auth Application Registration Delete Policy Args - samlv2_
configuration FusionAuth Application Samlv2Configuration Args - theme_
id str - The unique Id of the theme to be used to style the login page and other end user templates.
- verification_
email_ strtemplate_ id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- verification_
strategy str - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- verify_
registration bool - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- tenant
Id String - access
Control Property MapConfiguration - application
Id String - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- authentication
Token BooleanConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- clean
Speak Property MapConfiguration - data Map<Any>
- An object that can hold any information about the Application that should be persisted.
- email
Configuration Property Map - form
Configuration Property Map - jwt
Configuration Property Map - lambda
Configuration Property Map - login
Configuration Property Map - multi
Factor Property MapConfiguration - name String
- The name of the Application.
- oauth
Configuration Property Map - passwordless
Configuration BooleanEnabled - Determines if passwordless login is enabled for this application.
- registration
Configuration Property Map - registration
Delete Property MapPolicy - samlv2Configuration Property Map
- theme
Id String - The unique Id of the theme to be used to style the login page and other end user templates.
- verification
Email StringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- verification
Strategy String - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- verify
Registration Boolean - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
Outputs
All input properties are implicitly available as output properties. Additionally, the FusionAuthApplication resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing FusionAuthApplication Resource
Get an existing FusionAuthApplication resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FusionAuthApplicationState, opts?: CustomResourceOptions): FusionAuthApplication
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_control_configuration: Optional[FusionAuthApplicationAccessControlConfigurationArgs] = None,
application_id: Optional[str] = None,
authentication_token_configuration_enabled: Optional[bool] = None,
clean_speak_configuration: Optional[FusionAuthApplicationCleanSpeakConfigurationArgs] = None,
data: Optional[Mapping[str, Any]] = None,
email_configuration: Optional[FusionAuthApplicationEmailConfigurationArgs] = None,
form_configuration: Optional[FusionAuthApplicationFormConfigurationArgs] = None,
jwt_configuration: Optional[FusionAuthApplicationJwtConfigurationArgs] = None,
lambda_configuration: Optional[FusionAuthApplicationLambdaConfigurationArgs] = None,
login_configuration: Optional[FusionAuthApplicationLoginConfigurationArgs] = None,
multi_factor_configuration: Optional[FusionAuthApplicationMultiFactorConfigurationArgs] = None,
name: Optional[str] = None,
oauth_configuration: Optional[FusionAuthApplicationOauthConfigurationArgs] = None,
passwordless_configuration_enabled: Optional[bool] = None,
registration_configuration: Optional[FusionAuthApplicationRegistrationConfigurationArgs] = None,
registration_delete_policy: Optional[FusionAuthApplicationRegistrationDeletePolicyArgs] = None,
samlv2_configuration: Optional[FusionAuthApplicationSamlv2ConfigurationArgs] = None,
tenant_id: Optional[str] = None,
theme_id: Optional[str] = None,
verification_email_template_id: Optional[str] = None,
verification_strategy: Optional[str] = None,
verify_registration: Optional[bool] = None) -> FusionAuthApplication
func GetFusionAuthApplication(ctx *Context, name string, id IDInput, state *FusionAuthApplicationState, opts ...ResourceOption) (*FusionAuthApplication, error)
public static FusionAuthApplication Get(string name, Input<string> id, FusionAuthApplicationState? state, CustomResourceOptions? opts = null)
public static FusionAuthApplication get(String name, Output<String> id, FusionAuthApplicationState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Control theogravity.Configuration Fusionauth. Inputs. Fusion Auth Application Access Control Configuration - Application
Id string - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- Authentication
Token boolConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- Clean
Speak theogravity.Configuration Fusionauth. Inputs. Fusion Auth Application Clean Speak Configuration - Data Dictionary<string, object>
- An object that can hold any information about the Application that should be persisted.
- Email
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Email Configuration - Form
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Form Configuration - Jwt
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Jwt Configuration - Lambda
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Lambda Configuration - Login
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Login Configuration - Multi
Factor theogravity.Configuration Fusionauth. Inputs. Fusion Auth Application Multi Factor Configuration - Name string
- The name of the Application.
- Oauth
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Oauth Configuration - Passwordless
Configuration boolEnabled - Determines if passwordless login is enabled for this application.
- Registration
Configuration theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration - Registration
Delete theogravity.Policy Fusionauth. Inputs. Fusion Auth Application Registration Delete Policy - Samlv2Configuration
theogravity.
Fusionauth. Inputs. Fusion Auth Application Samlv2Configuration - Tenant
Id string - Theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- Verification
Email stringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- Verification
Strategy string - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- Verify
Registration bool - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- Access
Control FusionConfiguration Auth Application Access Control Configuration Args - Application
Id string - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- Authentication
Token boolConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- Clean
Speak FusionConfiguration Auth Application Clean Speak Configuration Args - Data map[string]interface{}
- An object that can hold any information about the Application that should be persisted.
- Email
Configuration FusionAuth Application Email Configuration Args - Form
Configuration FusionAuth Application Form Configuration Args - Jwt
Configuration FusionAuth Application Jwt Configuration Args - Lambda
Configuration FusionAuth Application Lambda Configuration Args - Login
Configuration FusionAuth Application Login Configuration Args - Multi
Factor FusionConfiguration Auth Application Multi Factor Configuration Args - Name string
- The name of the Application.
- Oauth
Configuration FusionAuth Application Oauth Configuration Args - Passwordless
Configuration boolEnabled - Determines if passwordless login is enabled for this application.
- Registration
Configuration FusionAuth Application Registration Configuration Args - Registration
Delete FusionPolicy Auth Application Registration Delete Policy Args - Samlv2Configuration
Fusion
Auth Application Samlv2Configuration Args - Tenant
Id string - Theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- Verification
Email stringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- Verification
Strategy string - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- Verify
Registration bool - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- access
Control FusionConfiguration Auth Application Access Control Configuration - application
Id String - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- authentication
Token BooleanConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- clean
Speak FusionConfiguration Auth Application Clean Speak Configuration - data Map<String,Object>
- An object that can hold any information about the Application that should be persisted.
- email
Configuration FusionAuth Application Email Configuration - form
Configuration FusionAuth Application Form Configuration - jwt
Configuration FusionAuth Application Jwt Configuration - lambda
Configuration FusionAuth Application Lambda Configuration - login
Configuration FusionAuth Application Login Configuration - multi
Factor FusionConfiguration Auth Application Multi Factor Configuration - name String
- The name of the Application.
- oauth
Configuration FusionAuth Application Oauth Configuration - passwordless
Configuration BooleanEnabled - Determines if passwordless login is enabled for this application.
- registration
Configuration FusionAuth Application Registration Configuration - registration
Delete FusionPolicy Auth Application Registration Delete Policy - samlv2Configuration
Fusion
Auth Application Samlv2Configuration - tenant
Id String - theme
Id String - The unique Id of the theme to be used to style the login page and other end user templates.
- verification
Email StringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- verification
Strategy String - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- verify
Registration Boolean - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- access
Control FusionConfiguration Auth Application Access Control Configuration - application
Id string - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- authentication
Token booleanConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- clean
Speak FusionConfiguration Auth Application Clean Speak Configuration - data {[key: string]: any}
- An object that can hold any information about the Application that should be persisted.
- email
Configuration FusionAuth Application Email Configuration - form
Configuration FusionAuth Application Form Configuration - jwt
Configuration FusionAuth Application Jwt Configuration - lambda
Configuration FusionAuth Application Lambda Configuration - login
Configuration FusionAuth Application Login Configuration - multi
Factor FusionConfiguration Auth Application Multi Factor Configuration - name string
- The name of the Application.
- oauth
Configuration FusionAuth Application Oauth Configuration - passwordless
Configuration booleanEnabled - Determines if passwordless login is enabled for this application.
- registration
Configuration FusionAuth Application Registration Configuration - registration
Delete FusionPolicy Auth Application Registration Delete Policy - samlv2Configuration
Fusion
Auth Application Samlv2Configuration - tenant
Id string - theme
Id string - The unique Id of the theme to be used to style the login page and other end user templates.
- verification
Email stringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- verification
Strategy string - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- verify
Registration boolean - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- access_
control_ Fusionconfiguration Auth Application Access Control Configuration Args - application_
id str - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- authentication_
token_ boolconfiguration_ enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- clean_
speak_ Fusionconfiguration Auth Application Clean Speak Configuration Args - data Mapping[str, Any]
- An object that can hold any information about the Application that should be persisted.
- email_
configuration FusionAuth Application Email Configuration Args - form_
configuration FusionAuth Application Form Configuration Args - jwt_
configuration FusionAuth Application Jwt Configuration Args - lambda_
configuration FusionAuth Application Lambda Configuration Args - login_
configuration FusionAuth Application Login Configuration Args - multi_
factor_ Fusionconfiguration Auth Application Multi Factor Configuration Args - name str
- The name of the Application.
- oauth_
configuration FusionAuth Application Oauth Configuration Args - passwordless_
configuration_ boolenabled - Determines if passwordless login is enabled for this application.
- registration_
configuration FusionAuth Application Registration Configuration Args - registration_
delete_ Fusionpolicy Auth Application Registration Delete Policy Args - samlv2_
configuration FusionAuth Application Samlv2Configuration Args - tenant_
id str - theme_
id str - The unique Id of the theme to be used to style the login page and other end user templates.
- verification_
email_ strtemplate_ id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- verification_
strategy str - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- verify_
registration bool - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
- access
Control Property MapConfiguration - application
Id String - The Id to use for the new Application. If not specified a secure random UUID will be generated.
- authentication
Token BooleanConfiguration Enabled - Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.
- clean
Speak Property MapConfiguration - data Map<Any>
- An object that can hold any information about the Application that should be persisted.
- email
Configuration Property Map - form
Configuration Property Map - jwt
Configuration Property Map - lambda
Configuration Property Map - login
Configuration Property Map - multi
Factor Property MapConfiguration - name String
- The name of the Application.
- oauth
Configuration Property Map - passwordless
Configuration BooleanEnabled - Determines if passwordless login is enabled for this application.
- registration
Configuration Property Map - registration
Delete Property MapPolicy - samlv2Configuration Property Map
- tenant
Id String - theme
Id String - The unique Id of the theme to be used to style the login page and other end user templates.
- verification
Email StringTemplate Id - The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.
- verification
Strategy String - The process by which the user will verify their email address. Possible values are
ClickableLink
orFormField
- verify
Registration Boolean - Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.
Supporting Types
FusionAuthApplicationAccessControlConfiguration, FusionAuthApplicationAccessControlConfigurationArgs
- Ui
Ip stringAccess Control List Id - The Id of the IP Access Control List limiting access to this application.
- Ui
Ip stringAccess Control List Id - The Id of the IP Access Control List limiting access to this application.
- ui
Ip StringAccess Control List Id - The Id of the IP Access Control List limiting access to this application.
- ui
Ip stringAccess Control List Id - The Id of the IP Access Control List limiting access to this application.
- ui_
ip_ straccess_ control_ list_ id - The Id of the IP Access Control List limiting access to this application.
- ui
Ip StringAccess Control List Id - The Id of the IP Access Control List limiting access to this application.
FusionAuthApplicationCleanSpeakConfiguration, FusionAuthApplicationCleanSpeakConfigurationArgs
- Application
Ids List<string> - An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
- Username
Moderation theogravity.Fusionauth. Inputs. Fusion Auth Application Clean Speak Configuration Username Moderation
- Application
Ids []string - An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
- Username
Moderation FusionAuth Application Clean Speak Configuration Username Moderation
- application
Ids List<String> - An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
- username
Moderation FusionAuth Application Clean Speak Configuration Username Moderation
- application
Ids string[] - An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
- username
Moderation FusionAuth Application Clean Speak Configuration Username Moderation
- application_
ids Sequence[str] - An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
- username_
moderation FusionAuth Application Clean Speak Configuration Username Moderation
- application
Ids List<String> - An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.
- username
Moderation Property Map
FusionAuthApplicationCleanSpeakConfigurationUsernameModeration, FusionAuthApplicationCleanSpeakConfigurationUsernameModerationArgs
- Application
Id string - The Id of the CleanSpeak application that usernames are sent to for moderation.
- Enabled bool
- True if CleanSpeak username moderation is enabled.
- Application
Id string - The Id of the CleanSpeak application that usernames are sent to for moderation.
- Enabled bool
- True if CleanSpeak username moderation is enabled.
- application
Id String - The Id of the CleanSpeak application that usernames are sent to for moderation.
- enabled Boolean
- True if CleanSpeak username moderation is enabled.
- application
Id string - The Id of the CleanSpeak application that usernames are sent to for moderation.
- enabled boolean
- True if CleanSpeak username moderation is enabled.
- application_
id str - The Id of the CleanSpeak application that usernames are sent to for moderation.
- enabled bool
- True if CleanSpeak username moderation is enabled.
- application
Id String - The Id of the CleanSpeak application that usernames are sent to for moderation.
- enabled Boolean
- True if CleanSpeak username moderation is enabled.
FusionAuthApplicationEmailConfiguration, FusionAuthApplicationEmailConfigurationArgs
- Email
Update stringTemplate Id - The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Email
Verification stringTemplate Id - The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Email
Verified stringTemplate Id - The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Forgot
Password stringTemplate Id - The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Login
Id stringIn Use On Create Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Login
Id stringIn Use On Update Template Id - The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Login
New stringDevice Template Id - The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Login
Suspicious stringTemplate Id - The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Password
Reset stringSuccess Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Password
Update stringTemplate Id - The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Passwordless
Email stringTemplate Id - The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Set
Password stringEmail Template Id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Two
Factor stringMethod Add Template Id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Two
Factor stringMethod Remove Template Id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Email
Update stringTemplate Id - The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Email
Verification stringTemplate Id - The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Email
Verified stringTemplate Id - The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Forgot
Password stringTemplate Id - The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Login
Id stringIn Use On Create Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Login
Id stringIn Use On Update Template Id - The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Login
New stringDevice Template Id - The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Login
Suspicious stringTemplate Id - The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Password
Reset stringSuccess Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Password
Update stringTemplate Id - The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Passwordless
Email stringTemplate Id - The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Set
Password stringEmail Template Id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Two
Factor stringMethod Add Template Id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- Two
Factor stringMethod Remove Template Id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Update StringTemplate Id - The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Verification StringTemplate Id - The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Verified StringTemplate Id - The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- forgot
Password StringTemplate Id - The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Id StringIn Use On Create Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Id StringIn Use On Update Template Id - The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
New StringDevice Template Id - The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Suspicious StringTemplate Id - The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- password
Reset StringSuccess Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- password
Update StringTemplate Id - The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- passwordless
Email StringTemplate Id - The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- set
Password StringEmail Template Id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- two
Factor StringMethod Add Template Id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- two
Factor StringMethod Remove Template Id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Update stringTemplate Id - The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Verification stringTemplate Id - The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Verified stringTemplate Id - The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- forgot
Password stringTemplate Id - The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Id stringIn Use On Create Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Id stringIn Use On Update Template Id - The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
New stringDevice Template Id - The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Suspicious stringTemplate Id - The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- password
Reset stringSuccess Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- password
Update stringTemplate Id - The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- passwordless
Email stringTemplate Id - The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- set
Password stringEmail Template Id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- two
Factor stringMethod Add Template Id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- two
Factor stringMethod Remove Template Id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email_
update_ strtemplate_ id - The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email_
verification_ strtemplate_ id - The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email_
verified_ strtemplate_ id - The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- forgot_
password_ strtemplate_ id - The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login_
id_ strin_ use_ on_ create_ template_ id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login_
id_ strin_ use_ on_ update_ template_ id - The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login_
new_ strdevice_ template_ id - The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login_
suspicious_ strtemplate_ id - The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- password_
reset_ strsuccess_ template_ id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- password_
update_ strtemplate_ id - The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- passwordless_
email_ strtemplate_ id - The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- set_
password_ stremail_ template_ id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- two_
factor_ strmethod_ add_ template_ id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- two_
factor_ strmethod_ remove_ template_ id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Update StringTemplate Id - The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Verification StringTemplate Id - The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- email
Verified StringTemplate Id - The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- forgot
Password StringTemplate Id - The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Id StringIn Use On Create Template Id - The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Id StringIn Use On Update Template Id - The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
New StringDevice Template Id - The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- login
Suspicious StringTemplate Id - The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- password
Reset StringSuccess Template Id - The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- password
Update StringTemplate Id - The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- passwordless
Email StringTemplate Id - The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- set
Password StringEmail Template Id - The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- two
Factor StringMethod Add Template Id - The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
- two
Factor StringMethod Remove Template Id - The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.
FusionAuthApplicationFormConfiguration, FusionAuthApplicationFormConfigurationArgs
- Admin
Registration stringForm Id - The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
- Self
Service stringForm Id - The unique Id of the form to to enable authenticated users to manage their profile on the account page.
- Admin
Registration stringForm Id - The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
- Self
Service stringForm Id - The unique Id of the form to to enable authenticated users to manage their profile on the account page.
- admin
Registration StringForm Id - The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
- self
Service StringForm Id - The unique Id of the form to to enable authenticated users to manage their profile on the account page.
- admin
Registration stringForm Id - The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
- self
Service stringForm Id - The unique Id of the form to to enable authenticated users to manage their profile on the account page.
- admin_
registration_ strform_ id - The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
- self_
service_ strform_ id - The unique Id of the form to to enable authenticated users to manage their profile on the account page.
- admin
Registration StringForm Id - The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.
- self
Service StringForm Id - The unique Id of the form to to enable authenticated users to manage their profile on the account page.
FusionAuthApplicationJwtConfiguration, FusionAuthApplicationJwtConfigurationArgs
- Access
Token stringId - The Id of the signing key used to sign the access token.
- Enabled bool
- Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
- Id
Token stringKey Id - The Id of the signing key used to sign the Id token.
- Refresh
Token stringExpiration Policy - The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until
refresh_token_sliding_window_maximum_time_to_live_in_minutes
is reached. - Refresh
Token intSliding Window Maximum Time To Live In Minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of
SlidingWindowWithMaximumLifetime
. Value must be greater than 0. - Refresh
Token intTtl Minutes - The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
- Refresh
Token stringUsage Policy - The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
- Ttl
Seconds int - The length of time in seconds the JWT will live before it is expired and no longer valid.
- Access
Token stringId - The Id of the signing key used to sign the access token.
- Enabled bool
- Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
- Id
Token stringKey Id - The Id of the signing key used to sign the Id token.
- Refresh
Token stringExpiration Policy - The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until
refresh_token_sliding_window_maximum_time_to_live_in_minutes
is reached. - Refresh
Token intSliding Window Maximum Time To Live In Minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of
SlidingWindowWithMaximumLifetime
. Value must be greater than 0. - Refresh
Token intTtl Minutes - The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
- Refresh
Token stringUsage Policy - The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
- Ttl
Seconds int - The length of time in seconds the JWT will live before it is expired and no longer valid.
- access
Token StringId - The Id of the signing key used to sign the access token.
- enabled Boolean
- Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
- id
Token StringKey Id - The Id of the signing key used to sign the Id token.
- refresh
Token StringExpiration Policy - The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until
refresh_token_sliding_window_maximum_time_to_live_in_minutes
is reached. - refresh
Token IntegerSliding Window Maximum Time To Live In Minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of
SlidingWindowWithMaximumLifetime
. Value must be greater than 0. - refresh
Token IntegerTtl Minutes - The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
- refresh
Token StringUsage Policy - The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
- ttl
Seconds Integer - The length of time in seconds the JWT will live before it is expired and no longer valid.
- access
Token stringId - The Id of the signing key used to sign the access token.
- enabled boolean
- Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
- id
Token stringKey Id - The Id of the signing key used to sign the Id token.
- refresh
Token stringExpiration Policy - The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until
refresh_token_sliding_window_maximum_time_to_live_in_minutes
is reached. - refresh
Token numberSliding Window Maximum Time To Live In Minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of
SlidingWindowWithMaximumLifetime
. Value must be greater than 0. - refresh
Token numberTtl Minutes - The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
- refresh
Token stringUsage Policy - The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
- ttl
Seconds number - The length of time in seconds the JWT will live before it is expired and no longer valid.
- access_
token_ strid - The Id of the signing key used to sign the access token.
- enabled bool
- Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
- id_
token_ strkey_ id - The Id of the signing key used to sign the Id token.
- refresh_
token_ strexpiration_ policy - The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until
refresh_token_sliding_window_maximum_time_to_live_in_minutes
is reached. - refresh_
token_ intsliding_ window_ maximum_ time_ to_ live_ in_ minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of
SlidingWindowWithMaximumLifetime
. Value must be greater than 0. - refresh_
token_ intttl_ minutes - The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
- refresh_
token_ strusage_ policy - The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
- ttl_
seconds int - The length of time in seconds the JWT will live before it is expired and no longer valid.
- access
Token StringId - The Id of the signing key used to sign the access token.
- enabled Boolean
- Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.
- id
Token StringKey Id - The Id of the signing key used to sign the Id token.
- refresh
Token StringExpiration Policy - The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until
refresh_token_sliding_window_maximum_time_to_live_in_minutes
is reached. - refresh
Token NumberSliding Window Maximum Time To Live In Minutes - The maximum lifetime of a refresh token when using a refresh token expiration policy of
SlidingWindowWithMaximumLifetime
. Value must be greater than 0. - refresh
Token NumberTtl Minutes - The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.
- refresh
Token StringUsage Policy - The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.
- ttl
Seconds Number - The length of time in seconds the JWT will live before it is expired and no longer valid.
FusionAuthApplicationLambdaConfiguration, FusionAuthApplicationLambdaConfigurationArgs
- Access
Token stringPopulate Id - The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
- Id
Token stringPopulate Id - The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
- Samlv2Populate
Id string - The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
- Self
Service stringRegistration Validation Id - The unique Id of the lambda that will be used to perform additional validation on registration form steps.
- Userinfo
Populate stringId - The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
- Access
Token stringPopulate Id - The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
- Id
Token stringPopulate Id - The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
- Samlv2Populate
Id string - The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
- Self
Service stringRegistration Validation Id - The unique Id of the lambda that will be used to perform additional validation on registration form steps.
- Userinfo
Populate stringId - The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
- access
Token StringPopulate Id - The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
- id
Token StringPopulate Id - The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
- samlv2Populate
Id String - The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
- self
Service StringRegistration Validation Id - The unique Id of the lambda that will be used to perform additional validation on registration form steps.
- userinfo
Populate StringId - The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
- access
Token stringPopulate Id - The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
- id
Token stringPopulate Id - The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
- samlv2Populate
Id string - The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
- self
Service stringRegistration Validation Id - The unique Id of the lambda that will be used to perform additional validation on registration form steps.
- userinfo
Populate stringId - The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
- access_
token_ strpopulate_ id - The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
- id_
token_ strpopulate_ id - The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
- samlv2_
populate_ strid - The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
- self_
service_ strregistration_ validation_ id - The unique Id of the lambda that will be used to perform additional validation on registration form steps.
- userinfo_
populate_ strid - The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
- access
Token StringPopulate Id - The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.
- id
Token StringPopulate Id - The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.
- samlv2Populate
Id String - The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.
- self
Service StringRegistration Validation Id - The unique Id of the lambda that will be used to perform additional validation on registration form steps.
- userinfo
Populate StringId - The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.
FusionAuthApplicationLoginConfiguration, FusionAuthApplicationLoginConfigurationArgs
- Allow
Token boolRefresh - Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
- Generate
Refresh boolTokens - Indicates if a Refresh Token should be issued from the Login API
- Require
Authentication bool - Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
- Allow
Token boolRefresh - Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
- Generate
Refresh boolTokens - Indicates if a Refresh Token should be issued from the Login API
- Require
Authentication bool - Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
- allow
Token BooleanRefresh - Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
- generate
Refresh BooleanTokens - Indicates if a Refresh Token should be issued from the Login API
- require
Authentication Boolean - Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
- allow
Token booleanRefresh - Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
- generate
Refresh booleanTokens - Indicates if a Refresh Token should be issued from the Login API
- require
Authentication boolean - Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
- allow_
token_ boolrefresh - Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
- generate_
refresh_ booltokens - Indicates if a Refresh Token should be issued from the Login API
- require_
authentication bool - Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
- allow
Token BooleanRefresh - Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.
- generate
Refresh BooleanTokens - Indicates if a Refresh Token should be issued from the Login API
- require
Authentication Boolean - Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.
FusionAuthApplicationMultiFactorConfiguration, FusionAuthApplicationMultiFactorConfigurationArgs
- Email
Template stringId - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- Login
Policy string - When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are
Enabled
,Disabled
orRequired
. - Sms
Template stringId - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- Trust
Policy string - When
multi_factor_configuration.login_policy
is set toEnabled
, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values areAny
,This
orNone
.
- Email
Template stringId - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- Login
Policy string - When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are
Enabled
,Disabled
orRequired
. - Sms
Template stringId - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- Trust
Policy string - When
multi_factor_configuration.login_policy
is set toEnabled
, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values areAny
,This
orNone
.
- email
Template StringId - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- login
Policy String - When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are
Enabled
,Disabled
orRequired
. - sms
Template StringId - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- trust
Policy String - When
multi_factor_configuration.login_policy
is set toEnabled
, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values areAny
,This
orNone
.
- email
Template stringId - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- login
Policy string - When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are
Enabled
,Disabled
orRequired
. - sms
Template stringId - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- trust
Policy string - When
multi_factor_configuration.login_policy
is set toEnabled
, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values areAny
,This
orNone
.
- email_
template_ strid - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- login_
policy str - When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are
Enabled
,Disabled
orRequired
. - sms_
template_ strid - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- trust_
policy str - When
multi_factor_configuration.login_policy
is set toEnabled
, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values areAny
,This
orNone
.
- email
Template StringId - The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.
- login
Policy String - When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are
Enabled
,Disabled
orRequired
. - sms
Template StringId - The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.
- trust
Policy String - When
multi_factor_configuration.login_policy
is set toEnabled
, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values areAny
,This
orNone
.
FusionAuthApplicationOauthConfiguration, FusionAuthApplicationOauthConfigurationArgs
- Scope
Handling stringPolicy - Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:
Compatibility
- OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.Strict
- OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
- Unknown
Scope stringPolicy - Controls the policy for handling unknown scopes on an OAuth request. The possible values are:
Allow
- Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.Remove
- Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.Reject
- Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
- List<string>
- An array of URLs that are the authorized origins for FusionAuth OAuth.
- List<string>
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- string
- Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
- Client
Authentication stringPolicy - Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
- Client
Id string - The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- Client
Secret string - The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- Consent
Mode string - Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when
application.oauthConfiguration.relationship
isThirdParty
. The possible values are:AlwaysPrompt
- Always prompt the user for consent.RememberDecision
- Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’sexternalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds
value.NeverPrompt
- The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were aFirstParty
application. This configuration is meant for testing purposes only and should not be used in production.
- Debug bool
- Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
- Device
Verification stringUrl - The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
- Enabled
Grants List<string> - The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
- Generate
Refresh boolTokens - Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
- Logout
Behavior string - Behavior when /oauth2/logout is called.
- Logout
Url string - The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
- Proof
Key stringFor Code Exchange Policy - Determines the PKCE requirements when using the authorization code grant.
- Provided
Scope List<theogravity.Policies Fusionauth. Inputs. Fusion Auth Application Oauth Configuration Provided Scope Policy> - Configures which of the default scopes are enabled and required.
- Relationship string
- The application’s relationship to the OAuth server. The possible values are:
FirstParty
- The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.ThirdParty
- The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’soauthConfiguration.consentMode
value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
- Require
Client boolAuthentication - Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.
- Require
Registration bool - When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
- Scope
Handling stringPolicy - Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:
Compatibility
- OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.Strict
- OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
- Unknown
Scope stringPolicy - Controls the policy for handling unknown scopes on an OAuth request. The possible values are:
Allow
- Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.Remove
- Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.Reject
- Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
- []string
- An array of URLs that are the authorized origins for FusionAuth OAuth.
- []string
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- string
- Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
- Client
Authentication stringPolicy - Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
- Client
Id string - The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- Client
Secret string - The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- Consent
Mode string - Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when
application.oauthConfiguration.relationship
isThirdParty
. The possible values are:AlwaysPrompt
- Always prompt the user for consent.RememberDecision
- Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’sexternalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds
value.NeverPrompt
- The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were aFirstParty
application. This configuration is meant for testing purposes only and should not be used in production.
- Debug bool
- Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
- Device
Verification stringUrl - The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
- Enabled
Grants []string - The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
- Generate
Refresh boolTokens - Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
- Logout
Behavior string - Behavior when /oauth2/logout is called.
- Logout
Url string - The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
- Proof
Key stringFor Code Exchange Policy - Determines the PKCE requirements when using the authorization code grant.
- Provided
Scope []FusionPolicies Auth Application Oauth Configuration Provided Scope Policy - Configures which of the default scopes are enabled and required.
- Relationship string
- The application’s relationship to the OAuth server. The possible values are:
FirstParty
- The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.ThirdParty
- The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’soauthConfiguration.consentMode
value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
- Require
Client boolAuthentication - Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.
- Require
Registration bool - When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
- scope
Handling StringPolicy - Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:
Compatibility
- OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.Strict
- OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
- unknown
Scope StringPolicy - Controls the policy for handling unknown scopes on an OAuth request. The possible values are:
Allow
- Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.Remove
- Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.Reject
- Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
- List<String>
- An array of URLs that are the authorized origins for FusionAuth OAuth.
- List<String>
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- String
- Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
- client
Authentication StringPolicy - Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
- client
Id String - The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- client
Secret String - The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- consent
Mode String - Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when
application.oauthConfiguration.relationship
isThirdParty
. The possible values are:AlwaysPrompt
- Always prompt the user for consent.RememberDecision
- Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’sexternalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds
value.NeverPrompt
- The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were aFirstParty
application. This configuration is meant for testing purposes only and should not be used in production.
- debug Boolean
- Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
- device
Verification StringUrl - The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
- enabled
Grants List<String> - The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
- generate
Refresh BooleanTokens - Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
- logout
Behavior String - Behavior when /oauth2/logout is called.
- logout
Url String - The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
- proof
Key StringFor Code Exchange Policy - Determines the PKCE requirements when using the authorization code grant.
- provided
Scope List<FusionPolicies Auth Application Oauth Configuration Provided Scope Policy> - Configures which of the default scopes are enabled and required.
- relationship String
- The application’s relationship to the OAuth server. The possible values are:
FirstParty
- The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.ThirdParty
- The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’soauthConfiguration.consentMode
value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
- require
Client BooleanAuthentication - Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.
- require
Registration Boolean - When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
- scope
Handling stringPolicy - Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:
Compatibility
- OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.Strict
- OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
- unknown
Scope stringPolicy - Controls the policy for handling unknown scopes on an OAuth request. The possible values are:
Allow
- Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.Remove
- Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.Reject
- Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
- string[]
- An array of URLs that are the authorized origins for FusionAuth OAuth.
- string[]
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- string
- Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
- client
Authentication stringPolicy - Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
- client
Id string - The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- client
Secret string - The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- consent
Mode string - Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when
application.oauthConfiguration.relationship
isThirdParty
. The possible values are:AlwaysPrompt
- Always prompt the user for consent.RememberDecision
- Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’sexternalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds
value.NeverPrompt
- The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were aFirstParty
application. This configuration is meant for testing purposes only and should not be used in production.
- debug boolean
- Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
- device
Verification stringUrl - The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
- enabled
Grants string[] - The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
- generate
Refresh booleanTokens - Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
- logout
Behavior string - Behavior when /oauth2/logout is called.
- logout
Url string - The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
- proof
Key stringFor Code Exchange Policy - Determines the PKCE requirements when using the authorization code grant.
- provided
Scope FusionPolicies Auth Application Oauth Configuration Provided Scope Policy[] - Configures which of the default scopes are enabled and required.
- relationship string
- The application’s relationship to the OAuth server. The possible values are:
FirstParty
- The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.ThirdParty
- The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’soauthConfiguration.consentMode
value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
- require
Client booleanAuthentication - Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.
- require
Registration boolean - When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
- scope_
handling_ strpolicy - Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:
Compatibility
- OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.Strict
- OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
- unknown_
scope_ strpolicy - Controls the policy for handling unknown scopes on an OAuth request. The possible values are:
Allow
- Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.Remove
- Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.Reject
- Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
- Sequence[str]
- An array of URLs that are the authorized origins for FusionAuth OAuth.
- Sequence[str]
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- str
- Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
- client_
authentication_ strpolicy - Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
- client_
id str - The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- client_
secret str - The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- consent_
mode str - Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when
application.oauthConfiguration.relationship
isThirdParty
. The possible values are:AlwaysPrompt
- Always prompt the user for consent.RememberDecision
- Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’sexternalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds
value.NeverPrompt
- The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were aFirstParty
application. This configuration is meant for testing purposes only and should not be used in production.
- debug bool
- Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
- device_
verification_ strurl - The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
- enabled_
grants Sequence[str] - The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
- generate_
refresh_ booltokens - Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
- logout_
behavior str - Behavior when /oauth2/logout is called.
- logout_
url str - The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
- proof_
key_ strfor_ code_ exchange_ policy - Determines the PKCE requirements when using the authorization code grant.
- provided_
scope_ Sequence[Fusionpolicies Auth Application Oauth Configuration Provided Scope Policy] - Configures which of the default scopes are enabled and required.
- relationship str
- The application’s relationship to the OAuth server. The possible values are:
FirstParty
- The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.ThirdParty
- The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’soauthConfiguration.consentMode
value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
- require_
client_ boolauthentication - Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.
- require_
registration bool - When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
- scope
Handling StringPolicy - Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:
Compatibility
- OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.Strict
- OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.
- unknown
Scope StringPolicy - Controls the policy for handling unknown scopes on an OAuth request. The possible values are:
Allow
- Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.Remove
- Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.Reject
- Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.
- List<String>
- An array of URLs that are the authorized origins for FusionAuth OAuth.
- List<String>
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- String
- Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.
- client
Authentication StringPolicy - Determines the client authentication requirements for the OAuth 2.0 Token endpoint.
- client
Id String - The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- client
Secret String - The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.
- consent
Mode String - Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when
application.oauthConfiguration.relationship
isThirdParty
. The possible values are:AlwaysPrompt
- Always prompt the user for consent.RememberDecision
- Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’sexternalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds
value.NeverPrompt
- The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were aFirstParty
application. This configuration is meant for testing purposes only and should not be used in production.
- debug Boolean
- Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant."
- device
Verification StringUrl - The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.
- enabled
Grants List<String> - The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.
- generate
Refresh BooleanTokens - Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.
- logout
Behavior String - Behavior when /oauth2/logout is called.
- logout
Url String - The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.
- proof
Key StringFor Code Exchange Policy - Determines the PKCE requirements when using the authorization code grant.
- provided
Scope List<Property Map>Policies - Configures which of the default scopes are enabled and required.
- relationship String
- The application’s relationship to the OAuth server. The possible values are:
FirstParty
- The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.ThirdParty
- The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’soauthConfiguration.consentMode
value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.
- require
Client BooleanAuthentication - Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.
- require
Registration Boolean - When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.
FusionAuthApplicationOauthConfigurationProvidedScopePolicy, FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs
- Address
theogravity.
Fusionauth. Inputs. Fusion Auth Application Oauth Configuration Provided Scope Policy Address - Email
theogravity.
Fusionauth. Inputs. Fusion Auth Application Oauth Configuration Provided Scope Policy Email - Phone
theogravity.
Fusionauth. Inputs. Fusion Auth Application Oauth Configuration Provided Scope Policy Phone - Profile
theogravity.
Fusionauth. Inputs. Fusion Auth Application Oauth Configuration Provided Scope Policy Profile
FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddress, FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs
FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmail, FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs
FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhone, FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs
FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfile, FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs
FusionAuthApplicationRegistrationConfiguration, FusionAuthApplicationRegistrationConfigurationArgs
- Birth
Date theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration Birth Date - Confirm
Password bool - Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
- Enabled bool
- Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
- First
Name theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration First Name - Form
Id string - The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
- Full
Name theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration Full Name - Last
Name theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration Last Name - Login
Id stringType - The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
- Middle
Name theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration Middle Name - Mobile
Phone theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration Mobile Phone - Preferred
Languages theogravity.Fusionauth. Inputs. Fusion Auth Application Registration Configuration Preferred Languages - Type string
- The type of registration flow.
- Birth
Date FusionAuth Application Registration Configuration Birth Date - Confirm
Password bool - Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
- Enabled bool
- Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
- First
Name FusionAuth Application Registration Configuration First Name - Form
Id string - The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
- Full
Name FusionAuth Application Registration Configuration Full Name - Last
Name FusionAuth Application Registration Configuration Last Name - Login
Id stringType - The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
- Middle
Name FusionAuth Application Registration Configuration Middle Name - Mobile
Phone FusionAuth Application Registration Configuration Mobile Phone - Preferred
Languages FusionAuth Application Registration Configuration Preferred Languages - Type string
- The type of registration flow.
- birth
Date FusionAuth Application Registration Configuration Birth Date - confirm
Password Boolean - Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
- enabled Boolean
- Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
- first
Name FusionAuth Application Registration Configuration First Name - form
Id String - The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
- full
Name FusionAuth Application Registration Configuration Full Name - last
Name FusionAuth Application Registration Configuration Last Name - login
Id StringType - The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
- middle
Name FusionAuth Application Registration Configuration Middle Name - mobile
Phone FusionAuth Application Registration Configuration Mobile Phone - preferred
Languages FusionAuth Application Registration Configuration Preferred Languages - type String
- The type of registration flow.
- birth
Date FusionAuth Application Registration Configuration Birth Date - confirm
Password boolean - Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
- enabled boolean
- Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
- first
Name FusionAuth Application Registration Configuration First Name - form
Id string - The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
- full
Name FusionAuth Application Registration Configuration Full Name - last
Name FusionAuth Application Registration Configuration Last Name - login
Id stringType - The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
- middle
Name FusionAuth Application Registration Configuration Middle Name - mobile
Phone FusionAuth Application Registration Configuration Mobile Phone - preferred
Languages FusionAuth Application Registration Configuration Preferred Languages - type string
- The type of registration flow.
- birth_
date FusionAuth Application Registration Configuration Birth Date - confirm_
password bool - Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
- enabled bool
- Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
- first_
name FusionAuth Application Registration Configuration First Name - form_
id str - The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
- full_
name FusionAuth Application Registration Configuration Full Name - last_
name FusionAuth Application Registration Configuration Last Name - login_
id_ strtype - The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
- middle_
name FusionAuth Application Registration Configuration Middle Name - mobile_
phone FusionAuth Application Registration Configuration Mobile Phone - preferred_
languages FusionAuth Application Registration Configuration Preferred Languages - type str
- The type of registration flow.
- birth
Date Property Map - confirm
Password Boolean - Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.
- enabled Boolean
- Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.
- first
Name Property Map - form
Id String - The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.
- full
Name Property Map - last
Name Property Map - login
Id StringType - The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.
- middle
Name Property Map - mobile
Phone Property Map - preferred
Languages Property Map - type String
- The type of registration flow.
FusionAuthApplicationRegistrationConfigurationBirthDate, FusionAuthApplicationRegistrationConfigurationBirthDateArgs
FusionAuthApplicationRegistrationConfigurationFirstName, FusionAuthApplicationRegistrationConfigurationFirstNameArgs
FusionAuthApplicationRegistrationConfigurationFullName, FusionAuthApplicationRegistrationConfigurationFullNameArgs
FusionAuthApplicationRegistrationConfigurationLastName, FusionAuthApplicationRegistrationConfigurationLastNameArgs
FusionAuthApplicationRegistrationConfigurationMiddleName, FusionAuthApplicationRegistrationConfigurationMiddleNameArgs
FusionAuthApplicationRegistrationConfigurationMobilePhone, FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs
FusionAuthApplicationRegistrationConfigurationPreferredLanguages, FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs
FusionAuthApplicationRegistrationDeletePolicy, FusionAuthApplicationRegistrationDeletePolicyArgs
- Unverified
Enabled bool - Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
- Unverified
Number intOf Days To Retain - The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
- Unverified
Enabled bool - Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
- Unverified
Number intOf Days To Retain - The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
- unverified
Enabled Boolean - Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
- unverified
Number IntegerOf Days To Retain - The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
- unverified
Enabled boolean - Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
- unverified
Number numberOf Days To Retain - The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
- unverified_
enabled bool - Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
- unverified_
number_ intof_ days_ to_ retain - The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
- unverified
Enabled Boolean - Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.
- unverified
Number NumberOf Days To Retain - The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.
FusionAuthApplicationSamlv2Configuration, FusionAuthApplicationSamlv2ConfigurationArgs
- List<string>
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- Issuer string
- The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
- Audience string
- The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
- Callback
Url string - The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.
- Debug bool
- Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
- Default
Verification stringKey Id - Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
- Enabled bool
- Whether or not the SAML IdP for this Application is enabled or not.
- Key
Id string - The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
- Logout
theogravity.
Fusionauth. Inputs. Fusion Auth Application Samlv2Configuration Logout - Logout
Url string - The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
- Required
Signed boolRequests - If set to true, will force verification through the key store.
- Xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- Xml
Signature stringLocation - The location to place the XML signature when signing a successful SAML response.
- []string
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- Issuer string
- The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
- Audience string
- The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
- Callback
Url string - The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.
- Debug bool
- Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
- Default
Verification stringKey Id - Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
- Enabled bool
- Whether or not the SAML IdP for this Application is enabled or not.
- Key
Id string - The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
- Logout
Fusion
Auth Application Samlv2Configuration Logout - Logout
Url string - The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
- Required
Signed boolRequests - If set to true, will force verification through the key store.
- Xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- Xml
Signature stringLocation - The location to place the XML signature when signing a successful SAML response.
- List<String>
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- issuer String
- The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
- audience String
- The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
- callback
Url String - The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.
- debug Boolean
- Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
- default
Verification StringKey Id - Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
- enabled Boolean
- Whether or not the SAML IdP for this Application is enabled or not.
- key
Id String - The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
- logout
Fusion
Auth Application Samlv2Configuration Logout - logout
Url String - The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
- required
Signed BooleanRequests - If set to true, will force verification through the key store.
- xml
Signature StringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- xml
Signature StringLocation - The location to place the XML signature when signing a successful SAML response.
- string[]
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- issuer string
- The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
- audience string
- The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
- callback
Url string - The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.
- debug boolean
- Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
- default
Verification stringKey Id - Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
- enabled boolean
- Whether or not the SAML IdP for this Application is enabled or not.
- key
Id string - The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
- logout
Fusion
Auth Application Samlv2Configuration Logout - logout
Url string - The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
- required
Signed booleanRequests - If set to true, will force verification through the key store.
- xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- xml
Signature stringLocation - The location to place the XML signature when signing a successful SAML response.
- Sequence[str]
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- issuer str
- The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
- audience str
- The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
- callback_
url str - The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.
- debug bool
- Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
- default_
verification_ strkey_ id - Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
- enabled bool
- Whether or not the SAML IdP for this Application is enabled or not.
- key_
id str - The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
- logout
Fusion
Auth Application Samlv2Configuration Logout - logout_
url str - The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
- required_
signed_ boolrequests - If set to true, will force verification through the key store.
- xml_
signature_ strcanonicalization_ method - The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- xml_
signature_ strlocation - The location to place the XML signature when signing a successful SAML response.
- List<String>
- An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.
- issuer String
- The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.
- audience String
- The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.
- callback
Url String - The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.
- debug Boolean
- Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.
- default
Verification StringKey Id - Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.
- enabled Boolean
- Whether or not the SAML IdP for this Application is enabled or not.
- key
Id String - The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.
- logout Property Map
- logout
Url String - The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.
- required
Signed BooleanRequests - If set to true, will force verification through the key store.
- xml
Signature StringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- xml
Signature StringLocation - The location to place the XML signature when signing a successful SAML response.
FusionAuthApplicationSamlv2ConfigurationLogout, FusionAuthApplicationSamlv2ConfigurationLogoutArgs
- Behavior string
- This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
- Default
Verification stringKey Id - The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
- Key
Id string - The unique Id of the Key used to sign the SAML Logout response.
- Require
Signed boolRequests - Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
- Single
Logout theogravity.Fusionauth. Inputs. Fusion Auth Application Samlv2Configuration Logout Single Logout - Xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- Behavior string
- This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
- Default
Verification stringKey Id - The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
- Key
Id string - The unique Id of the Key used to sign the SAML Logout response.
- Require
Signed boolRequests - Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
- Single
Logout FusionAuth Application Samlv2Configuration Logout Single Logout - Xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- behavior String
- This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
- default
Verification StringKey Id - The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
- key
Id String - The unique Id of the Key used to sign the SAML Logout response.
- require
Signed BooleanRequests - Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
- single
Logout FusionAuth Application Samlv2Configuration Logout Single Logout - xml
Signature StringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- behavior string
- This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
- default
Verification stringKey Id - The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
- key
Id string - The unique Id of the Key used to sign the SAML Logout response.
- require
Signed booleanRequests - Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
- single
Logout FusionAuth Application Samlv2Configuration Logout Single Logout - xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- behavior str
- This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
- default_
verification_ strkey_ id - The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
- key_
id str - The unique Id of the Key used to sign the SAML Logout response.
- require_
signed_ boolrequests - Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
- single_
logout FusionAuth Application Samlv2Configuration Logout Single Logout - xml_
signature_ strcanonicalization_ method - The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- behavior String
- This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.
- default
Verification StringKey Id - The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.
- key
Id String - The unique Id of the Key used to sign the SAML Logout response.
- require
Signed BooleanRequests - Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.
- single
Logout Property Map - xml
Signature StringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout, FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogoutArgs
- Enabled bool
- Whether or not SAML Single Logout for this SAML IdP is enabled.
- Key
Id string - The unique Id of the Key used to sign the SAML Single Logout response.
- Url string
- The URL at which you want to receive the LogoutRequest from FusionAuth.
- Xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- Enabled bool
- Whether or not SAML Single Logout for this SAML IdP is enabled.
- Key
Id string - The unique Id of the Key used to sign the SAML Single Logout response.
- Url string
- The URL at which you want to receive the LogoutRequest from FusionAuth.
- Xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- enabled Boolean
- Whether or not SAML Single Logout for this SAML IdP is enabled.
- key
Id String - The unique Id of the Key used to sign the SAML Single Logout response.
- url String
- The URL at which you want to receive the LogoutRequest from FusionAuth.
- xml
Signature StringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- enabled boolean
- Whether or not SAML Single Logout for this SAML IdP is enabled.
- key
Id string - The unique Id of the Key used to sign the SAML Single Logout response.
- url string
- The URL at which you want to receive the LogoutRequest from FusionAuth.
- xml
Signature stringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- enabled bool
- Whether or not SAML Single Logout for this SAML IdP is enabled.
- key_
id str - The unique Id of the Key used to sign the SAML Single Logout response.
- url str
- The URL at which you want to receive the LogoutRequest from FusionAuth.
- xml_
signature_ strcanonicalization_ method - The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
- enabled Boolean
- Whether or not SAML Single Logout for this SAML IdP is enabled.
- key
Id String - The unique Id of the Key used to sign the SAML Single Logout response.
- url String
- The URL at which you want to receive the LogoutRequest from FusionAuth.
- xml
Signature StringCanonicalization Method - The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.
Package Details
- Repository
- fusionauth theogravity/pulumi-fusionauth
- License
- MIT
- Notes
- This Pulumi package is based on the
fusionauth
Terraform Provider.