@pulumi/auth0 2.9.0 → 2.10.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/connection.d.ts +22 -0
- package/connection.js +6 -0
- package/connection.js.map +1 -1
- package/package.json +2 -2
- package/package.json.dev +2 -2
- package/tenant.d.ts +2 -2
- package/types/input.d.ts +83 -10
- package/types/output.d.ts +97 -24
package/connection.d.ts
CHANGED
|
@@ -12,6 +12,10 @@ import { input as inputs, output as outputs } from "./types";
|
|
|
12
12
|
* import * as auth0 from "@pulumi/auth0";
|
|
13
13
|
*
|
|
14
14
|
* const myConnection = new auth0.Connection("my_connection", {
|
|
15
|
+
* metadata: {
|
|
16
|
+
* key1: "foo",
|
|
17
|
+
* key2: "bar",
|
|
18
|
+
* },
|
|
15
19
|
* options: {
|
|
16
20
|
* bruteForceProtection: true,
|
|
17
21
|
* configuration: {
|
|
@@ -74,6 +78,12 @@ export declare class Connection extends pulumi.CustomResource {
|
|
|
74
78
|
* Indicates whether the connection is domain level.
|
|
75
79
|
*/
|
|
76
80
|
readonly isDomainConnection: pulumi.Output<boolean>;
|
|
81
|
+
/**
|
|
82
|
+
* Metadata associated with the connection, in the form of a map of string values (max 255 chars). Maximum of 10 metadata properties allowed.
|
|
83
|
+
*/
|
|
84
|
+
readonly metadata: pulumi.Output<{
|
|
85
|
+
[key: string]: string;
|
|
86
|
+
} | undefined>;
|
|
77
87
|
/**
|
|
78
88
|
* Name of the connection.
|
|
79
89
|
*/
|
|
@@ -129,6 +139,12 @@ export interface ConnectionState {
|
|
|
129
139
|
* Indicates whether the connection is domain level.
|
|
130
140
|
*/
|
|
131
141
|
isDomainConnection?: pulumi.Input<boolean>;
|
|
142
|
+
/**
|
|
143
|
+
* Metadata associated with the connection, in the form of a map of string values (max 255 chars). Maximum of 10 metadata properties allowed.
|
|
144
|
+
*/
|
|
145
|
+
metadata?: pulumi.Input<{
|
|
146
|
+
[key: string]: pulumi.Input<string>;
|
|
147
|
+
}>;
|
|
132
148
|
/**
|
|
133
149
|
* Name of the connection.
|
|
134
150
|
*/
|
|
@@ -176,6 +192,12 @@ export interface ConnectionArgs {
|
|
|
176
192
|
* Indicates whether the connection is domain level.
|
|
177
193
|
*/
|
|
178
194
|
isDomainConnection?: pulumi.Input<boolean>;
|
|
195
|
+
/**
|
|
196
|
+
* Metadata associated with the connection, in the form of a map of string values (max 255 chars). Maximum of 10 metadata properties allowed.
|
|
197
|
+
*/
|
|
198
|
+
metadata?: pulumi.Input<{
|
|
199
|
+
[key: string]: pulumi.Input<string>;
|
|
200
|
+
}>;
|
|
179
201
|
/**
|
|
180
202
|
* Name of the connection.
|
|
181
203
|
*/
|
package/connection.js
CHANGED
|
@@ -17,6 +17,10 @@ const utilities = require("./utilities");
|
|
|
17
17
|
* import * as auth0 from "@pulumi/auth0";
|
|
18
18
|
*
|
|
19
19
|
* const myConnection = new auth0.Connection("my_connection", {
|
|
20
|
+
* metadata: {
|
|
21
|
+
* key1: "foo",
|
|
22
|
+
* key2: "bar",
|
|
23
|
+
* },
|
|
20
24
|
* options: {
|
|
21
25
|
* bruteForceProtection: true,
|
|
22
26
|
* configuration: {
|
|
@@ -60,6 +64,7 @@ class Connection extends pulumi.CustomResource {
|
|
|
60
64
|
resourceInputs["displayName"] = state ? state.displayName : undefined;
|
|
61
65
|
resourceInputs["enabledClients"] = state ? state.enabledClients : undefined;
|
|
62
66
|
resourceInputs["isDomainConnection"] = state ? state.isDomainConnection : undefined;
|
|
67
|
+
resourceInputs["metadata"] = state ? state.metadata : undefined;
|
|
63
68
|
resourceInputs["name"] = state ? state.name : undefined;
|
|
64
69
|
resourceInputs["options"] = state ? state.options : undefined;
|
|
65
70
|
resourceInputs["realms"] = state ? state.realms : undefined;
|
|
@@ -76,6 +81,7 @@ class Connection extends pulumi.CustomResource {
|
|
|
76
81
|
resourceInputs["displayName"] = args ? args.displayName : undefined;
|
|
77
82
|
resourceInputs["enabledClients"] = args ? args.enabledClients : undefined;
|
|
78
83
|
resourceInputs["isDomainConnection"] = args ? args.isDomainConnection : undefined;
|
|
84
|
+
resourceInputs["metadata"] = args ? args.metadata : undefined;
|
|
79
85
|
resourceInputs["name"] = args ? args.name : undefined;
|
|
80
86
|
resourceInputs["options"] = args ? args.options : undefined;
|
|
81
87
|
resourceInputs["realms"] = args ? args.realms : undefined;
|
package/connection.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"connection.js","sourceRoot":"","sources":["../connection.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,yCAAyC;AAEzC
|
|
1
|
+
{"version":3,"file":"connection.js","sourceRoot":"","sources":["../connection.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiDG;AACH,MAAa,UAAW,SAAQ,MAAM,CAAC,cAAc;IAiFjD,YAAY,IAAY,EAAE,WAA8C,EAAE,IAAmC;QACzG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA0C,CAAC;YACzD,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;SACvE;aAAM;YACH,MAAM,IAAI,GAAG,WAAyC,CAAC;YACvD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;YACtD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;SACrE;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,UAAU,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC/D,CAAC;IAnHD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAuB,EAAE,IAAmC;QACrH,OAAO,IAAI,UAAU,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACjE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,UAAU,CAAC,YAAY,CAAC;IAC3D,CAAC;;AA1BL,gCAqHC;AAvGG,gBAAgB;AACO,uBAAY,GAAG,mCAAmC,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pulumi/auth0",
|
|
3
|
-
"version": "v2.
|
|
3
|
+
"version": "v2.10.0",
|
|
4
4
|
"description": "A Pulumi package for creating and managing auth0 cloud resources.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pulumi",
|
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
"license": "Apache-2.0",
|
|
12
12
|
"scripts": {
|
|
13
13
|
"build": "tsc",
|
|
14
|
-
"install": "node scripts/install-pulumi-plugin.js resource auth0 v2.
|
|
14
|
+
"install": "node scripts/install-pulumi-plugin.js resource auth0 v2.10.0"
|
|
15
15
|
},
|
|
16
16
|
"dependencies": {
|
|
17
17
|
"@pulumi/pulumi": "^3.0.0"
|
package/package.json.dev
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pulumi/auth0",
|
|
3
|
-
"version": "v2.
|
|
3
|
+
"version": "v2.10.0",
|
|
4
4
|
"description": "A Pulumi package for creating and managing auth0 cloud resources.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"pulumi",
|
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
"license": "Apache-2.0",
|
|
12
12
|
"scripts": {
|
|
13
13
|
"build": "tsc",
|
|
14
|
-
"install": "node scripts/install-pulumi-plugin.js resource auth0 v2.
|
|
14
|
+
"install": "node scripts/install-pulumi-plugin.js resource auth0 v2.10.0"
|
|
15
15
|
},
|
|
16
16
|
"dependencies": {
|
|
17
17
|
"@pulumi/pulumi": "^3.0.0"
|
package/tenant.d.ts
CHANGED
|
@@ -110,7 +110,7 @@ export declare class Tenant extends pulumi.CustomResource {
|
|
|
110
110
|
/**
|
|
111
111
|
* Integer. Number of hours during which a session can be inactive before the user must log in again.
|
|
112
112
|
*/
|
|
113
|
-
readonly idleSessionLifetime: pulumi.Output<number>;
|
|
113
|
+
readonly idleSessionLifetime: pulumi.Output<number | undefined>;
|
|
114
114
|
/**
|
|
115
115
|
* . String URL of logo to be shown for the tenant. Recommended size is 150px x 150px. If no URL is provided, the Auth0 logo will be used.
|
|
116
116
|
*/
|
|
@@ -122,7 +122,7 @@ export declare class Tenant extends pulumi.CustomResource {
|
|
|
122
122
|
/**
|
|
123
123
|
* Integer. Number of hours during which a session will stay valid.
|
|
124
124
|
*/
|
|
125
|
-
readonly sessionLifetime: pulumi.Output<number>;
|
|
125
|
+
readonly sessionLifetime: pulumi.Output<number | undefined>;
|
|
126
126
|
/**
|
|
127
127
|
* String. Support email address for authenticating users.
|
|
128
128
|
*/
|
package/types/input.d.ts
CHANGED
|
@@ -494,12 +494,6 @@ export interface ConnectionOptions {
|
|
|
494
494
|
*/
|
|
495
495
|
allowedAudiences?: pulumi.Input<pulumi.Input<string>[]>;
|
|
496
496
|
apiEnableUsers?: pulumi.Input<boolean>;
|
|
497
|
-
/**
|
|
498
|
-
* Azure AD domain name.
|
|
499
|
-
*
|
|
500
|
-
* @deprecated Use domain instead
|
|
501
|
-
*/
|
|
502
|
-
appDomain?: pulumi.Input<string>;
|
|
503
497
|
/**
|
|
504
498
|
* Azure AD app ID.
|
|
505
499
|
*/
|
|
@@ -542,6 +536,10 @@ export interface ConnectionOptions {
|
|
|
542
536
|
*/
|
|
543
537
|
digestAlgorithm?: pulumi.Input<string>;
|
|
544
538
|
disableCache?: pulumi.Input<boolean>;
|
|
539
|
+
/**
|
|
540
|
+
* (Boolean) Disables or enables user sign out.
|
|
541
|
+
*/
|
|
542
|
+
disableSignOut?: pulumi.Input<boolean>;
|
|
545
543
|
/**
|
|
546
544
|
* Boolean. Indicates whether or not to allow user sign-ups to your application.
|
|
547
545
|
*/
|
|
@@ -550,6 +548,9 @@ export interface ConnectionOptions {
|
|
|
550
548
|
* OpenID discovery URL. E.g. `https://auth.example.com/.well-known/openid-configuration`.
|
|
551
549
|
*/
|
|
552
550
|
discoveryUrl?: pulumi.Input<string>;
|
|
551
|
+
/**
|
|
552
|
+
* Azure AD domain name.
|
|
553
|
+
*/
|
|
553
554
|
domain?: pulumi.Input<string>;
|
|
554
555
|
/**
|
|
555
556
|
* List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.
|
|
@@ -563,9 +564,7 @@ export interface ConnectionOptions {
|
|
|
563
564
|
/**
|
|
564
565
|
* SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
|
|
565
566
|
*/
|
|
566
|
-
fieldsMap?: pulumi.Input<
|
|
567
|
-
[key: string]: pulumi.Input<string>;
|
|
568
|
-
}>;
|
|
567
|
+
fieldsMap?: pulumi.Input<string>;
|
|
569
568
|
forwardRequestInfo?: pulumi.Input<boolean>;
|
|
570
569
|
/**
|
|
571
570
|
* SMS number for the sender. Used when SMS Source is From.
|
|
@@ -601,6 +600,14 @@ export interface ConnectionOptions {
|
|
|
601
600
|
* SID for Copilot. Used when SMS Source is Copilot.
|
|
602
601
|
*/
|
|
603
602
|
messagingServiceSid?: pulumi.Input<string>;
|
|
603
|
+
/**
|
|
604
|
+
* URL of the SAML metadata document.
|
|
605
|
+
*/
|
|
606
|
+
metadataUrl?: pulumi.Input<string>;
|
|
607
|
+
/**
|
|
608
|
+
* XML content for the SAML metadata document.
|
|
609
|
+
*/
|
|
610
|
+
metadataXml?: pulumi.Input<string>;
|
|
604
611
|
/**
|
|
605
612
|
* Configuration settings Options for multifactor authentication. For details, see MFA Options.
|
|
606
613
|
*/
|
|
@@ -633,6 +640,10 @@ export interface ConnectionOptions {
|
|
|
633
640
|
* Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include `none`, `low`, `fair`, `good`, `excellent`.
|
|
634
641
|
*/
|
|
635
642
|
passwordPolicy?: pulumi.Input<string>;
|
|
643
|
+
/**
|
|
644
|
+
* (Boolean) Enables proof key for code exchange (PKCE) functionality for OAuth2 connections.
|
|
645
|
+
*/
|
|
646
|
+
pkceEnabled?: pulumi.Input<boolean>;
|
|
636
647
|
/**
|
|
637
648
|
* The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect` (default) and `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST`
|
|
638
649
|
*/
|
|
@@ -681,10 +692,17 @@ export interface ConnectionOptions {
|
|
|
681
692
|
* The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded
|
|
682
693
|
*/
|
|
683
694
|
signingCert?: pulumi.Input<string>;
|
|
695
|
+
/**
|
|
696
|
+
* . The key used to sign requests in the connection. Uses the `key` and `cert` properties to provide the private key and certificate respectively.
|
|
697
|
+
*/
|
|
698
|
+
signingKey?: pulumi.Input<inputs.ConnectionOptionsSigningKey>;
|
|
684
699
|
/**
|
|
685
700
|
* Version 1 is deprecated, use version 2.
|
|
686
701
|
*/
|
|
687
702
|
strategyVersion?: pulumi.Input<number>;
|
|
703
|
+
/**
|
|
704
|
+
* String. Subject line of the email. You can include [common variables](https://auth0.com/docs/email/templates#common-variables).
|
|
705
|
+
*/
|
|
688
706
|
subject?: pulumi.Input<string>;
|
|
689
707
|
/**
|
|
690
708
|
* Syntax of the SMS. Options include `markdown` and `liquid`.
|
|
@@ -739,6 +757,9 @@ export interface ConnectionOptionsGatewayAuthentication {
|
|
|
739
757
|
method?: pulumi.Input<string>;
|
|
740
758
|
secret?: pulumi.Input<string>;
|
|
741
759
|
secretBase64Encoded?: pulumi.Input<boolean>;
|
|
760
|
+
/**
|
|
761
|
+
* String. Subject line of the email. You can include [common variables](https://auth0.com/docs/email/templates#common-variables).
|
|
762
|
+
*/
|
|
742
763
|
subject?: pulumi.Input<string>;
|
|
743
764
|
}
|
|
744
765
|
export interface ConnectionOptionsIdpInitiated {
|
|
@@ -791,6 +812,10 @@ export interface ConnectionOptionsPasswordNoPersonalInfo {
|
|
|
791
812
|
*/
|
|
792
813
|
enable?: pulumi.Input<boolean>;
|
|
793
814
|
}
|
|
815
|
+
export interface ConnectionOptionsSigningKey {
|
|
816
|
+
cert: pulumi.Input<string>;
|
|
817
|
+
key: pulumi.Input<string>;
|
|
818
|
+
}
|
|
794
819
|
export interface ConnectionOptionsTotp {
|
|
795
820
|
/**
|
|
796
821
|
* Integer. Length of the one-time password.
|
|
@@ -1079,7 +1104,7 @@ export interface LogStreamSink {
|
|
|
1079
1104
|
*/
|
|
1080
1105
|
datadogApiKey?: pulumi.Input<string>;
|
|
1081
1106
|
/**
|
|
1082
|
-
* The Datadog region
|
|
1107
|
+
* The Datadog region. Options are ["us", "eu", "us3", "us5"]
|
|
1083
1108
|
*/
|
|
1084
1109
|
datadogRegion?: pulumi.Input<string>;
|
|
1085
1110
|
/**
|
|
@@ -1193,10 +1218,42 @@ export interface TenantErrorPage {
|
|
|
1193
1218
|
url: pulumi.Input<string>;
|
|
1194
1219
|
}
|
|
1195
1220
|
export interface TenantFlags {
|
|
1221
|
+
/**
|
|
1222
|
+
* Boolean. Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
|
|
1223
|
+
*/
|
|
1224
|
+
allowLegacyDelegationGrantTypes?: pulumi.Input<boolean>;
|
|
1225
|
+
/**
|
|
1226
|
+
* Boolean. Whether the legacy `auth/ro` endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
|
|
1227
|
+
*/
|
|
1228
|
+
allowLegacyRoGrantTypes?: pulumi.Input<boolean>;
|
|
1229
|
+
/**
|
|
1230
|
+
* Boolean. If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
|
|
1231
|
+
*/
|
|
1232
|
+
allowLegacyTokeninfoEndpoint?: pulumi.Input<boolean>;
|
|
1233
|
+
/**
|
|
1234
|
+
* Boolean. Enables new insights activity page view.
|
|
1235
|
+
*/
|
|
1236
|
+
dashboardInsightsView?: pulumi.Input<boolean>;
|
|
1237
|
+
/**
|
|
1238
|
+
* Boolean. Enables beta access to log streaming changes.
|
|
1239
|
+
*/
|
|
1240
|
+
dashboardLogStreamsNext?: pulumi.Input<boolean>;
|
|
1196
1241
|
/**
|
|
1197
1242
|
* Boolean. Indicated whether classic Universal Login prompts include additional security headers to prevent clickjacking.
|
|
1198
1243
|
*/
|
|
1199
1244
|
disableClickjackProtectionHeaders?: pulumi.Input<boolean>;
|
|
1245
|
+
/**
|
|
1246
|
+
* Boolean. Disables SAML fields map fix for bad mappings with repeated attributes.
|
|
1247
|
+
*/
|
|
1248
|
+
disableFieldsMapFix?: pulumi.Input<boolean>;
|
|
1249
|
+
/**
|
|
1250
|
+
* Boolean. If true, SMS phone numbers will not be obfuscated in Management API GET calls.
|
|
1251
|
+
*/
|
|
1252
|
+
disableManagementApiSmsObfuscation?: pulumi.Input<boolean>;
|
|
1253
|
+
/**
|
|
1254
|
+
* Boolean. If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
|
|
1255
|
+
*/
|
|
1256
|
+
enableAdfsWaadEmailVerification?: pulumi.Input<boolean>;
|
|
1200
1257
|
/**
|
|
1201
1258
|
* Boolean. Indicates whether the APIs section is enabled for the tenant.
|
|
1202
1259
|
*/
|
|
@@ -1213,10 +1270,18 @@ export interface TenantFlags {
|
|
|
1213
1270
|
* Boolean. Indicates whether the tenant allows dynamic client registration.
|
|
1214
1271
|
*/
|
|
1215
1272
|
enableDynamicClientRegistration?: pulumi.Input<boolean>;
|
|
1273
|
+
/**
|
|
1274
|
+
* Boolean. Whether ID tokens can be used to authorize some types of requests to API v2 (true) not not (false).
|
|
1275
|
+
*/
|
|
1276
|
+
enableIdtokenApi2?: pulumi.Input<boolean>;
|
|
1216
1277
|
/**
|
|
1217
1278
|
* Boolean. Indicates whether to use the older v2 legacy logs search.
|
|
1218
1279
|
*/
|
|
1219
1280
|
enableLegacyLogsSearchV2?: pulumi.Input<boolean>;
|
|
1281
|
+
/**
|
|
1282
|
+
* Boolean. Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
|
|
1283
|
+
*/
|
|
1284
|
+
enableLegacyProfile?: pulumi.Input<boolean>;
|
|
1220
1285
|
/**
|
|
1221
1286
|
* Boolean. Indicates whether advanced API Authorization scenarios are enabled.
|
|
1222
1287
|
*/
|
|
@@ -1225,6 +1290,14 @@ export interface TenantFlags {
|
|
|
1225
1290
|
* Boolean. Indicates whether the public sign up process shows a userExists error if the user already exists.
|
|
1226
1291
|
*/
|
|
1227
1292
|
enablePublicSignupUserExistsError?: pulumi.Input<boolean>;
|
|
1293
|
+
/**
|
|
1294
|
+
* Boolean. Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
|
|
1295
|
+
*/
|
|
1296
|
+
noDiscloseEnterpriseConnections?: pulumi.Input<boolean>;
|
|
1297
|
+
/**
|
|
1298
|
+
* Boolean. Delete underlying grant when a Refresh Token is revoked via the Authentication API.
|
|
1299
|
+
*/
|
|
1300
|
+
revokeRefreshTokenGrant?: pulumi.Input<boolean>;
|
|
1228
1301
|
/**
|
|
1229
1302
|
* Boolean. Indicates whether the tenant uses universal login.
|
|
1230
1303
|
*/
|
package/types/output.d.ts
CHANGED
|
@@ -461,19 +461,19 @@ export interface ClientRefreshToken {
|
|
|
461
461
|
/**
|
|
462
462
|
* Integer. The time in seconds after which inactive refresh tokens will expire.
|
|
463
463
|
*/
|
|
464
|
-
idleTokenLifetime
|
|
464
|
+
idleTokenLifetime: number;
|
|
465
465
|
/**
|
|
466
466
|
* Boolean, (Default=false) Whether or not inactive refresh tokens should be remain valid indefinitely.
|
|
467
467
|
*/
|
|
468
|
-
infiniteIdleTokenLifetime
|
|
468
|
+
infiniteIdleTokenLifetime: boolean;
|
|
469
469
|
/**
|
|
470
470
|
* Boolean, (Default=false) Whether or not refresh tokens should remain valid indefinitely. If false, `tokenLifetime` should also be set
|
|
471
471
|
*/
|
|
472
|
-
infiniteTokenLifetime
|
|
472
|
+
infiniteTokenLifetime: boolean;
|
|
473
473
|
/**
|
|
474
474
|
* Integer. The amount of time in seconds in which a refresh token may be reused without trigging reuse detection.
|
|
475
475
|
*/
|
|
476
|
-
leeway
|
|
476
|
+
leeway: number;
|
|
477
477
|
/**
|
|
478
478
|
* String. Options include `rotating`, `non-rotating`. When `rotating`, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
|
|
479
479
|
*/
|
|
@@ -481,7 +481,7 @@ export interface ClientRefreshToken {
|
|
|
481
481
|
/**
|
|
482
482
|
* Integer. The absolute lifetime of a refresh token in seconds.
|
|
483
483
|
*/
|
|
484
|
-
tokenLifetime
|
|
484
|
+
tokenLifetime: number;
|
|
485
485
|
}
|
|
486
486
|
export interface ConnectionOptions {
|
|
487
487
|
/**
|
|
@@ -493,12 +493,6 @@ export interface ConnectionOptions {
|
|
|
493
493
|
*/
|
|
494
494
|
allowedAudiences: string[];
|
|
495
495
|
apiEnableUsers?: boolean;
|
|
496
|
-
/**
|
|
497
|
-
* Azure AD domain name.
|
|
498
|
-
*
|
|
499
|
-
* @deprecated Use domain instead
|
|
500
|
-
*/
|
|
501
|
-
appDomain?: string;
|
|
502
496
|
/**
|
|
503
497
|
* Azure AD app ID.
|
|
504
498
|
*/
|
|
@@ -541,6 +535,10 @@ export interface ConnectionOptions {
|
|
|
541
535
|
*/
|
|
542
536
|
digestAlgorithm?: string;
|
|
543
537
|
disableCache?: boolean;
|
|
538
|
+
/**
|
|
539
|
+
* (Boolean) Disables or enables user sign out.
|
|
540
|
+
*/
|
|
541
|
+
disableSignOut?: boolean;
|
|
544
542
|
/**
|
|
545
543
|
* Boolean. Indicates whether or not to allow user sign-ups to your application.
|
|
546
544
|
*/
|
|
@@ -549,6 +547,9 @@ export interface ConnectionOptions {
|
|
|
549
547
|
* OpenID discovery URL. E.g. `https://auth.example.com/.well-known/openid-configuration`.
|
|
550
548
|
*/
|
|
551
549
|
discoveryUrl?: string;
|
|
550
|
+
/**
|
|
551
|
+
* Azure AD domain name.
|
|
552
|
+
*/
|
|
552
553
|
domain?: string;
|
|
553
554
|
/**
|
|
554
555
|
* List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.
|
|
@@ -562,9 +563,7 @@ export interface ConnectionOptions {
|
|
|
562
563
|
/**
|
|
563
564
|
* SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
|
|
564
565
|
*/
|
|
565
|
-
fieldsMap?:
|
|
566
|
-
[key: string]: string;
|
|
567
|
-
};
|
|
566
|
+
fieldsMap?: string;
|
|
568
567
|
forwardRequestInfo?: boolean;
|
|
569
568
|
/**
|
|
570
569
|
* SMS number for the sender. Used when SMS Source is From.
|
|
@@ -600,6 +599,14 @@ export interface ConnectionOptions {
|
|
|
600
599
|
* SID for Copilot. Used when SMS Source is Copilot.
|
|
601
600
|
*/
|
|
602
601
|
messagingServiceSid?: string;
|
|
602
|
+
/**
|
|
603
|
+
* URL of the SAML metadata document.
|
|
604
|
+
*/
|
|
605
|
+
metadataUrl?: string;
|
|
606
|
+
/**
|
|
607
|
+
* XML content for the SAML metadata document.
|
|
608
|
+
*/
|
|
609
|
+
metadataXml?: string;
|
|
603
610
|
/**
|
|
604
611
|
* Configuration settings Options for multifactor authentication. For details, see MFA Options.
|
|
605
612
|
*/
|
|
@@ -615,11 +622,11 @@ export interface ConnectionOptions {
|
|
|
615
622
|
/**
|
|
616
623
|
* Configuration settings for password complexity. For details, see Password Complexity Options.
|
|
617
624
|
*/
|
|
618
|
-
passwordComplexityOptions
|
|
625
|
+
passwordComplexityOptions: outputs.ConnectionOptionsPasswordComplexityOptions;
|
|
619
626
|
/**
|
|
620
627
|
* Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.
|
|
621
628
|
*/
|
|
622
|
-
passwordDictionary
|
|
629
|
+
passwordDictionary: outputs.ConnectionOptionsPasswordDictionary;
|
|
623
630
|
/**
|
|
624
631
|
* Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.
|
|
625
632
|
*/
|
|
@@ -627,11 +634,15 @@ export interface ConnectionOptions {
|
|
|
627
634
|
/**
|
|
628
635
|
* Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email. For details, see Password No Personal Info.
|
|
629
636
|
*/
|
|
630
|
-
passwordNoPersonalInfo
|
|
637
|
+
passwordNoPersonalInfo: outputs.ConnectionOptionsPasswordNoPersonalInfo;
|
|
631
638
|
/**
|
|
632
639
|
* Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include `none`, `low`, `fair`, `good`, `excellent`.
|
|
633
640
|
*/
|
|
634
641
|
passwordPolicy: string;
|
|
642
|
+
/**
|
|
643
|
+
* (Boolean) Enables proof key for code exchange (PKCE) functionality for OAuth2 connections.
|
|
644
|
+
*/
|
|
645
|
+
pkceEnabled?: boolean;
|
|
635
646
|
/**
|
|
636
647
|
* The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect` (default) and `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST`
|
|
637
648
|
*/
|
|
@@ -680,10 +691,17 @@ export interface ConnectionOptions {
|
|
|
680
691
|
* The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded
|
|
681
692
|
*/
|
|
682
693
|
signingCert?: string;
|
|
694
|
+
/**
|
|
695
|
+
* . The key used to sign requests in the connection. Uses the `key` and `cert` properties to provide the private key and certificate respectively.
|
|
696
|
+
*/
|
|
697
|
+
signingKey?: outputs.ConnectionOptionsSigningKey;
|
|
683
698
|
/**
|
|
684
699
|
* Version 1 is deprecated, use version 2.
|
|
685
700
|
*/
|
|
686
701
|
strategyVersion: number;
|
|
702
|
+
/**
|
|
703
|
+
* String. Subject line of the email. You can include [common variables](https://auth0.com/docs/email/templates#common-variables).
|
|
704
|
+
*/
|
|
687
705
|
subject?: string;
|
|
688
706
|
/**
|
|
689
707
|
* Syntax of the SMS. Options include `markdown` and `liquid`.
|
|
@@ -738,6 +756,9 @@ export interface ConnectionOptionsGatewayAuthentication {
|
|
|
738
756
|
method?: string;
|
|
739
757
|
secret?: string;
|
|
740
758
|
secretBase64Encoded?: boolean;
|
|
759
|
+
/**
|
|
760
|
+
* String. Subject line of the email. You can include [common variables](https://auth0.com/docs/email/templates#common-variables).
|
|
761
|
+
*/
|
|
741
762
|
subject?: string;
|
|
742
763
|
}
|
|
743
764
|
export interface ConnectionOptionsIdpInitiated {
|
|
@@ -790,6 +811,10 @@ export interface ConnectionOptionsPasswordNoPersonalInfo {
|
|
|
790
811
|
*/
|
|
791
812
|
enable?: boolean;
|
|
792
813
|
}
|
|
814
|
+
export interface ConnectionOptionsSigningKey {
|
|
815
|
+
cert: string;
|
|
816
|
+
key: string;
|
|
817
|
+
}
|
|
793
818
|
export interface ConnectionOptionsTotp {
|
|
794
819
|
/**
|
|
795
820
|
* Integer. Length of the one-time password.
|
|
@@ -1295,12 +1320,12 @@ export interface GlobalClientNativeSocialLoginFacebook {
|
|
|
1295
1320
|
}
|
|
1296
1321
|
export interface GlobalClientRefreshToken {
|
|
1297
1322
|
expirationType: string;
|
|
1298
|
-
idleTokenLifetime
|
|
1299
|
-
infiniteIdleTokenLifetime
|
|
1300
|
-
infiniteTokenLifetime
|
|
1301
|
-
leeway
|
|
1323
|
+
idleTokenLifetime: number;
|
|
1324
|
+
infiniteIdleTokenLifetime: boolean;
|
|
1325
|
+
infiniteTokenLifetime: boolean;
|
|
1326
|
+
leeway: number;
|
|
1302
1327
|
rotationType: string;
|
|
1303
|
-
tokenLifetime
|
|
1328
|
+
tokenLifetime: number;
|
|
1304
1329
|
}
|
|
1305
1330
|
export interface GuardianPhone {
|
|
1306
1331
|
/**
|
|
@@ -1310,7 +1335,7 @@ export interface GuardianPhone {
|
|
|
1310
1335
|
/**
|
|
1311
1336
|
* List(Resource). Options for the various providers. See Options.
|
|
1312
1337
|
*/
|
|
1313
|
-
options
|
|
1338
|
+
options: outputs.GuardianPhoneOptions;
|
|
1314
1339
|
/**
|
|
1315
1340
|
* String, Case-sensitive. Provider to use, one of `auth0`, `twilio` or `phone-message-hook`.
|
|
1316
1341
|
*/
|
|
@@ -1376,7 +1401,7 @@ export interface LogStreamSink {
|
|
|
1376
1401
|
*/
|
|
1377
1402
|
datadogApiKey?: string;
|
|
1378
1403
|
/**
|
|
1379
|
-
* The Datadog region
|
|
1404
|
+
* The Datadog region. Options are ["us", "eu", "us3", "us5"]
|
|
1380
1405
|
*/
|
|
1381
1406
|
datadogRegion?: string;
|
|
1382
1407
|
/**
|
|
@@ -1490,10 +1515,42 @@ export interface TenantErrorPage {
|
|
|
1490
1515
|
url: string;
|
|
1491
1516
|
}
|
|
1492
1517
|
export interface TenantFlags {
|
|
1518
|
+
/**
|
|
1519
|
+
* Boolean. Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
|
|
1520
|
+
*/
|
|
1521
|
+
allowLegacyDelegationGrantTypes: boolean;
|
|
1522
|
+
/**
|
|
1523
|
+
* Boolean. Whether the legacy `auth/ro` endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
|
|
1524
|
+
*/
|
|
1525
|
+
allowLegacyRoGrantTypes: boolean;
|
|
1526
|
+
/**
|
|
1527
|
+
* Boolean. If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
|
|
1528
|
+
*/
|
|
1529
|
+
allowLegacyTokeninfoEndpoint: boolean;
|
|
1530
|
+
/**
|
|
1531
|
+
* Boolean. Enables new insights activity page view.
|
|
1532
|
+
*/
|
|
1533
|
+
dashboardInsightsView: boolean;
|
|
1534
|
+
/**
|
|
1535
|
+
* Boolean. Enables beta access to log streaming changes.
|
|
1536
|
+
*/
|
|
1537
|
+
dashboardLogStreamsNext: boolean;
|
|
1493
1538
|
/**
|
|
1494
1539
|
* Boolean. Indicated whether classic Universal Login prompts include additional security headers to prevent clickjacking.
|
|
1495
1540
|
*/
|
|
1496
1541
|
disableClickjackProtectionHeaders: boolean;
|
|
1542
|
+
/**
|
|
1543
|
+
* Boolean. Disables SAML fields map fix for bad mappings with repeated attributes.
|
|
1544
|
+
*/
|
|
1545
|
+
disableFieldsMapFix: boolean;
|
|
1546
|
+
/**
|
|
1547
|
+
* Boolean. If true, SMS phone numbers will not be obfuscated in Management API GET calls.
|
|
1548
|
+
*/
|
|
1549
|
+
disableManagementApiSmsObfuscation: boolean;
|
|
1550
|
+
/**
|
|
1551
|
+
* Boolean. If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
|
|
1552
|
+
*/
|
|
1553
|
+
enableAdfsWaadEmailVerification: boolean;
|
|
1497
1554
|
/**
|
|
1498
1555
|
* Boolean. Indicates whether the APIs section is enabled for the tenant.
|
|
1499
1556
|
*/
|
|
@@ -1510,10 +1567,18 @@ export interface TenantFlags {
|
|
|
1510
1567
|
* Boolean. Indicates whether the tenant allows dynamic client registration.
|
|
1511
1568
|
*/
|
|
1512
1569
|
enableDynamicClientRegistration: boolean;
|
|
1570
|
+
/**
|
|
1571
|
+
* Boolean. Whether ID tokens can be used to authorize some types of requests to API v2 (true) not not (false).
|
|
1572
|
+
*/
|
|
1573
|
+
enableIdtokenApi2: boolean;
|
|
1513
1574
|
/**
|
|
1514
1575
|
* Boolean. Indicates whether to use the older v2 legacy logs search.
|
|
1515
1576
|
*/
|
|
1516
1577
|
enableLegacyLogsSearchV2: boolean;
|
|
1578
|
+
/**
|
|
1579
|
+
* Boolean. Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
|
|
1580
|
+
*/
|
|
1581
|
+
enableLegacyProfile: boolean;
|
|
1517
1582
|
/**
|
|
1518
1583
|
* Boolean. Indicates whether advanced API Authorization scenarios are enabled.
|
|
1519
1584
|
*/
|
|
@@ -1522,6 +1587,14 @@ export interface TenantFlags {
|
|
|
1522
1587
|
* Boolean. Indicates whether the public sign up process shows a userExists error if the user already exists.
|
|
1523
1588
|
*/
|
|
1524
1589
|
enablePublicSignupUserExistsError: boolean;
|
|
1590
|
+
/**
|
|
1591
|
+
* Boolean. Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
|
|
1592
|
+
*/
|
|
1593
|
+
noDiscloseEnterpriseConnections: boolean;
|
|
1594
|
+
/**
|
|
1595
|
+
* Boolean. Delete underlying grant when a Refresh Token is revoked via the Authentication API.
|
|
1596
|
+
*/
|
|
1597
|
+
revokeRefreshTokenGrant: boolean;
|
|
1525
1598
|
/**
|
|
1526
1599
|
* Boolean. Indicates whether the tenant uses universal login.
|
|
1527
1600
|
*/
|