@pulumi/auth0 3.41.0-alpha.1777270152 → 3.41.0

package/client.d.ts

@@ -110,6 +110,18 @@ export declare class Client extends pulumi.CustomResource {
      * Express Configuration settings for the client. Used with OIN Express Configuration.
      */
     readonly expressConfiguration: pulumi.Output<outputs.ClientExpressConfiguration>;
+    /**
+     * The URL of the Client ID Metadata Document. Only present for CIMD-registered clients.
+     */
+    readonly externalClientId: pulumi.Output<string>;
+    /**
+     * Who created the external metadata client: `admin` (via Management API), `client` (self-registered), or `unknown`.
+     */
+    readonly externalMetadataCreatedBy: pulumi.Output<string>;
+    /**
+     * Type of external metadata. Value is `cimd` for CIMD-registered clients.
+     */
+    readonly externalMetadataType: pulumi.Output<string>;
     /**
      * HTML form template to be used for WS-Federation.
      */
@@ -123,13 +135,17 @@ export declare class Client extends pulumi.CustomResource {
      */
     readonly initiateLoginUri: pulumi.Output<string | undefined>;
     /**
-     * Indicates whether this client is a first-party client.Defaults to true from the API
+     * Indicates whether this client is a first-party client.
      */
     readonly isFirstParty: pulumi.Output<boolean>;
     /**
      * Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to `clientSecretPost` or `clientSecretBasic`. Setting this property when creating the resource, will default the authentication method to `clientSecretPost`. To change the authentication method to `clientSecretBasic` use the `auth0.ClientCredentials` resource.
      */
     readonly isTokenEndpointIpHeaderTrusted: pulumi.Output<boolean>;
+    /**
+     * URL for the JSON Web Key Set (JWKS) containing the public keys used for `privateKeyJwt` authentication. Only present for CIMD clients using `privateKeyJwt` authentication.
+     */
+    readonly jwksUri: pulumi.Output<string>;
     /**
      * Configuration settings for the JWTs issued for this client.
      */
@@ -142,6 +158,10 @@ export declare class Client extends pulumi.CustomResource {
      * Additional configuration for native mobile apps.
      */
     readonly mobile: pulumi.Output<outputs.ClientMobile>;
+    /**
+     * Configuration for self-service organization features, controlling how organizations are created and managed for this client.
+     */
+    readonly myOrganizationConfiguration: pulumi.Output<outputs.ClientMyOrganizationConfiguration>;
     /**
      * Name of the client.
      */
@@ -316,6 +336,18 @@ export interface ClientState {
      * Express Configuration settings for the client. Used with OIN Express Configuration.
      */
     expressConfiguration?: pulumi.Input<inputs.ClientExpressConfiguration>;
+    /**
+     * The URL of the Client ID Metadata Document. Only present for CIMD-registered clients.
+     */
+    externalClientId?: pulumi.Input<string>;
+    /**
+     * Who created the external metadata client: `admin` (via Management API), `client` (self-registered), or `unknown`.
+     */
+    externalMetadataCreatedBy?: pulumi.Input<string>;
+    /**
+     * Type of external metadata. Value is `cimd` for CIMD-registered clients.
+     */
+    externalMetadataType?: pulumi.Input<string>;
     /**
      * HTML form template to be used for WS-Federation.
      */
@@ -329,13 +361,17 @@ export interface ClientState {
      */
     initiateLoginUri?: pulumi.Input<string>;
     /**
-     * Indicates whether this client is a first-party client.Defaults to true from the API
+     * Indicates whether this client is a first-party client.
      */
     isFirstParty?: pulumi.Input<boolean>;
     /**
      * Indicates whether the token endpoint IP header is trusted. Requires the authentication method to be set to `clientSecretPost` or `clientSecretBasic`. Setting this property when creating the resource, will default the authentication method to `clientSecretPost`. To change the authentication method to `clientSecretBasic` use the `auth0.ClientCredentials` resource.
      */
     isTokenEndpointIpHeaderTrusted?: pulumi.Input<boolean>;
+    /**
+     * URL for the JSON Web Key Set (JWKS) containing the public keys used for `privateKeyJwt` authentication. Only present for CIMD clients using `privateKeyJwt` authentication.
+     */
+    jwksUri?: pulumi.Input<string>;
     /**
      * Configuration settings for the JWTs issued for this client.
      */
@@ -348,6 +384,10 @@ export interface ClientState {
      * Additional configuration for native mobile apps.
      */
     mobile?: pulumi.Input<inputs.ClientMobile>;
+    /**
+     * Configuration for self-service organization features, controlling how organizations are created and managed for this client.
+     */
+    myOrganizationConfiguration?: pulumi.Input<inputs.ClientMyOrganizationConfiguration>;
     /**
      * Name of the client.
      */
@@ -523,7 +563,7 @@ export interface ClientArgs {
      */
     initiateLoginUri?: pulumi.Input<string>;
     /**
-     * Indicates whether this client is a first-party client.Defaults to true from the API
+     * Indicates whether this client is a first-party client.
      */
     isFirstParty?: pulumi.Input<boolean>;
     /**
@@ -542,6 +582,10 @@ export interface ClientArgs {
      * Additional configuration for native mobile apps.
      */
     mobile?: pulumi.Input<inputs.ClientMobile>;
+    /**
+     * Configuration for self-service organization features, controlling how organizations are created and managed for this client.
+     */
+    myOrganizationConfiguration?: pulumi.Input<inputs.ClientMyOrganizationConfiguration>;
     /**
      * Name of the client.
      */

package/client.js

@@ -65,14 +65,19 @@ class Client extends pulumi.CustomResource {
             resourceInputs["description"] = state?.description;
             resourceInputs["encryptionKey"] = state?.encryptionKey;
             resourceInputs["expressConfiguration"] = state?.expressConfiguration;
+            resourceInputs["externalClientId"] = state?.externalClientId;
+            resourceInputs["externalMetadataCreatedBy"] = state?.externalMetadataCreatedBy;
+            resourceInputs["externalMetadataType"] = state?.externalMetadataType;
             resourceInputs["formTemplate"] = state?.formTemplate;
             resourceInputs["grantTypes"] = state?.grantTypes;
             resourceInputs["initiateLoginUri"] = state?.initiateLoginUri;
             resourceInputs["isFirstParty"] = state?.isFirstParty;
             resourceInputs["isTokenEndpointIpHeaderTrusted"] = state?.isTokenEndpointIpHeaderTrusted;
+            resourceInputs["jwksUri"] = state?.jwksUri;
             resourceInputs["jwtConfiguration"] = state?.jwtConfiguration;
             resourceInputs["logoUri"] = state?.logoUri;
             resourceInputs["mobile"] = state?.mobile;
+            resourceInputs["myOrganizationConfiguration"] = state?.myOrganizationConfiguration;
             resourceInputs["name"] = state?.name;
             resourceInputs["nativeSocialLogin"] = state?.nativeSocialLogin;
             resourceInputs["oidcBackchannelLogoutUrls"] = state?.oidcBackchannelLogoutUrls;
@@ -122,6 +127,7 @@ class Client extends pulumi.CustomResource {
             resourceInputs["jwtConfiguration"] = args?.jwtConfiguration;
             resourceInputs["logoUri"] = args?.logoUri;
             resourceInputs["mobile"] = args?.mobile;
+            resourceInputs["myOrganizationConfiguration"] = args?.myOrganizationConfiguration;
             resourceInputs["name"] = args?.name;
             resourceInputs["nativeSocialLogin"] = args?.nativeSocialLogin;
             resourceInputs["oidcBackchannelLogoutUrls"] = args?.oidcBackchannelLogoutUrls;
@@ -142,6 +148,10 @@ class Client extends pulumi.CustomResource {
             resourceInputs["tokenQuota"] = args?.tokenQuota;
             resourceInputs["webOrigins"] = args?.webOrigins;
             resourceInputs["clientId"] = undefined /*out*/;
+            resourceInputs["externalClientId"] = undefined /*out*/;
+            resourceInputs["externalMetadataCreatedBy"] = undefined /*out*/;
+            resourceInputs["externalMetadataType"] = undefined /*out*/;
+            resourceInputs["jwksUri"] = undefined /*out*/;
             resourceInputs["signingKeys"] = undefined /*out*/;
         }
         opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);

package/client.js.map

@@ -1 +1 @@
-{"version":3,"file":"client.js","sourceRoot":"","sources":["../client.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;GAYG;AACH,MAAa,MAAO,SAAQ,MAAM,CAAC,cAAc;IAC7C;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAmB,EAAE,IAAmC;QACjH,OAAO,IAAI,MAAM,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7D,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,MAAM,CAAC,YAAY,CAAC;IACvD,CAAC;IAsMD,YAAY,IAAY,EAAE,WAAsC,EAAE,IAAmC;QACjG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAsC,CAAC;YACrD,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,EAAE,MAAM,CAAC;YACzC,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,mCAAmC,CAAC,GAAG,KAAK,EAAE,iCAAiC,CAAC;YAC/F,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,qBAAqB,CAAC,GAAG,KAAK,EAAE,mBAAmB,CAAC;YACnE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,EAAE,oBAAoB,CAAC;YACrE,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,EAAE,gBAAgB,CAAC;YAC7D,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,gCAAgC,CAAC,GAAG,KAAK,EAAE,8BAA8B,CAAC;YACzF,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,EAAE,gBAAgB,CAAC;YAC7D,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,EAAE,MAAM,CAAC;YACzC,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,EAAE,IAAI,CAAC;YACrC,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,2BAA2B,CAAC,GAAG,KAAK,EAAE,yBAAyB,CAAC;YAC/E,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,8BAA8B,CAAC,GAAG,KAAK,EAAE,4BAA4B,CAAC;YACrF,cAAc,CAAC,6BAA6B,CAAC,GAAG,KAAK,EAAE,2BAA2B,CAAC;YACnF,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,0BAA0B,CAAC,GAAG,KAAK,EAAE,wBAAwB,CAAC;YAC7E,cAAc,CAAC,oCAAoC,CAAC,GAAG,KAAK,EAAE,kCAAkC,CAAC;YACjG,cAAc,CAAC,0BAA0B,CAAC,GAAG,KAAK,EAAE,wBAAwB,CAAC;YAC7E,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,gDAAgD,CAAC,GAAG,KAAK,EAAE,8CAA8C,CAAC;YACzH,cAAc,CAAC,KAAK,CAAC,GAAG,KAAK,EAAE,GAAG,CAAC;YACnC,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;SACpD;aAAM;YACH,MAAM,IAAI,GAAG,WAAqC,CAAC;YACnD,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC;YACxC,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,EAAE,cAAc,CAAC;YACxD,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,EAAE,iBAAiB,CAAC;YAC9D,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,EAAE,cAAc,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,mCAAmC,CAAC,GAAG,IAAI,EAAE,iCAAiC,CAAC;YAC9F,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC;YACtD,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,EAAE,cAAc,CAAC;YACxD,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,EAAE,cAAc,CAAC;YACxD,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,EAAE,iBAAiB,CAAC;YAC9D,cAAc,CAAC,qBAAqB,CAAC,GAAG,IAAI,EAAE,mBAAmB,CAAC;YAClE,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,mBAAmB,CAAC;YAC3E,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC;YACtD,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,EAAE,oBAAoB,CAAC;YACpE,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,EAAE,YAAY,CAAC;YACpD,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,EAAE,gBAAgB,CAAC;YAC5D,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,EAAE,YAAY,CAAC;YACpD,cAAc,CAAC,gCAAgC,CAAC,GAAG,IAAI,EAAE,8BAA8B,CAAC;YACxF,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,EAAE,gBAAgB,CAAC;YAC5D,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC;YACxC,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,IAAI,CAAC;YACpC,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,EAAE,iBAAiB,CAAC;YAC9D,cAAc,CAAC,2BAA2B,CAAC,GAAG,IAAI,EAAE,yBAAyB,CAAC;YAC9E,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,EAAE,cAAc,CAAC;YACxD,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,8BAA8B,CAAC,GAAG,IAAI,EAAE,4BAA4B,CAAC;YACpF,cAAc,CAAC,6BAA6B,CAAC,GAAG,IAAI,EAAE,2BAA2B,CAAC;YAClF,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,EAAE,iBAAiB,CAAC;YAC9D,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,EAAE,YAAY,CAAC;YACpD,cAAc,CAAC,0BAA0B,CAAC,GAAG,IAAI,EAAE,wBAAwB,CAAC;YAC5E,cAAc,CAAC,oCAAoC,CAAC,GAAG,IAAI,EAAE,kCAAkC,CAAC;YAChG,cAAc,CAAC,0BAA0B,CAAC,GAAG,IAAI,EAAE,wBAAwB,CAAC;YAC5E,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,gDAAgD,CAAC,GAAG,IAAI,EAAE,8CAA8C,CAAC;YACxH,cAAc,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,GAAG,CAAC;YAClC,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC;YACtD,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,UAAU,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC/C,cAAc,CAAC,aAAa,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACrD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC;QAChE,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC3D,CAAC;;AA1UL,wBA2UC;AA7TG,gBAAgB;AACO,mBAAY,GAAG,2BAA2B,CAAC"}
+{"version":3,"file":"client.js","sourceRoot":"","sources":["../client.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;GAYG;AACH,MAAa,MAAO,SAAQ,MAAM,CAAC,cAAc;IAC7C;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAmB,EAAE,IAAmC;QACjH,OAAO,IAAI,MAAM,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7D,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,MAAM,CAAC,YAAY,CAAC;IACvD,CAAC;IA0ND,YAAY,IAAY,EAAE,WAAsC,EAAE,IAAmC;QACjG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAsC,CAAC;YACrD,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,EAAE,MAAM,CAAC;YACzC,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,mCAAmC,CAAC,GAAG,KAAK,EAAE,iCAAiC,CAAC;YAC/F,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,qBAAqB,CAAC,GAAG,KAAK,EAAE,mBAAmB,CAAC;YACnE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,EAAE,oBAAoB,CAAC;YACrE,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,EAAE,gBAAgB,CAAC;YAC7D,cAAc,CAAC,2BAA2B,CAAC,GAAG,KAAK,EAAE,yBAAyB,CAAC;YAC/E,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,EAAE,oBAAoB,CAAC;YACrE,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,EAAE,gBAAgB,CAAC;YAC7D,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,gCAAgC,CAAC,GAAG,KAAK,EAAE,8BAA8B,CAAC;YACzF,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,EAAE,gBAAgB,CAAC;YAC7D,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,EAAE,MAAM,CAAC;YACzC,cAAc,CAAC,6BAA6B,CAAC,GAAG,KAAK,EAAE,2BAA2B,CAAC;YACnF,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,EAAE,IAAI,CAAC;YACrC,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,2BAA2B,CAAC,GAAG,KAAK,EAAE,yBAAyB,CAAC;YAC/E,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,8BAA8B,CAAC,GAAG,KAAK,EAAE,4BAA4B,CAAC;YACrF,cAAc,CAAC,6BAA6B,CAAC,GAAG,KAAK,EAAE,2BAA2B,CAAC;YACnF,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,EAAE,iBAAiB,CAAC;YAC/D,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,0BAA0B,CAAC,GAAG,KAAK,EAAE,wBAAwB,CAAC;YAC7E,cAAc,CAAC,oCAAoC,CAAC,GAAG,KAAK,EAAE,kCAAkC,CAAC;YACjG,cAAc,CAAC,0BAA0B,CAAC,GAAG,KAAK,EAAE,wBAAwB,CAAC;YAC7E,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,gDAAgD,CAAC,GAAG,KAAK,EAAE,8CAA8C,CAAC;YACzH,cAAc,CAAC,KAAK,CAAC,GAAG,KAAK,EAAE,GAAG,CAAC;YACnC,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;SACpD;aAAM;YACH,MAAM,IAAI,GAAG,WAAqC,CAAC;YACnD,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC;YACxC,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,EAAE,cAAc,CAAC;YACxD,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,EAAE,iBAAiB,CAAC;YAC9D,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,EAAE,cAAc,CAAC;YACxD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,mCAAmC,CAAC,GAAG,IAAI,EAAE,iCAAiC,CAAC;YAC9F,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC;YACtD,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,EAAE,cAAc,CAAC;YACxD,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,EAAE,cAAc,CAAC;YACxD,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,EAAE,iBAAiB,CAAC;YAC9D,cAAc,CAAC,qBAAqB,CAAC,GAAG,IAAI,EAAE,mBAAmB,CAAC;YAClE,cAAc,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,mBAAmB,CAAC;YAC3E,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC;YACtD,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,EAAE,oBAAoB,CAAC;YACpE,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,EAAE,YAAY,CAAC;YACpD,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,EAAE,gBAAgB,CAAC;YAC5D,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,EAAE,YAAY,CAAC;YACpD,cAAc,CAAC,gCAAgC,CAAC,GAAG,IAAI,EAAE,8BAA8B,CAAC;YACxF,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,EAAE,gBAAgB,CAAC;YAC5D,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC;YACxC,cAAc,CAAC,6BAA6B,CAAC,GAAG,IAAI,EAAE,2BAA2B,CAAC;YAClF,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,IAAI,CAAC;YACpC,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,EAAE,iBAAiB,CAAC;YAC9D,cAAc,CAAC,2BAA2B,CAAC,GAAG,IAAI,EAAE,yBAAyB,CAAC;YAC9E,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,EAAE,cAAc,CAAC;YACxD,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,8BAA8B,CAAC,GAAG,IAAI,EAAE,4BAA4B,CAAC;YACpF,cAAc,CAAC,6BAA6B,CAAC,GAAG,IAAI,EAAE,2BAA2B,CAAC;YAClF,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,EAAE,iBAAiB,CAAC;YAC9D,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,EAAE,YAAY,CAAC;YACpD,cAAc,CAAC,0BAA0B,CAAC,GAAG,IAAI,EAAE,wBAAwB,CAAC;YAC5E,cAAc,CAAC,oCAAoC,CAAC,GAAG,IAAI,EAAE,kCAAkC,CAAC;YAChG,cAAc,CAAC,0BAA0B,CAAC,GAAG,IAAI,EAAE,wBAAwB,CAAC;YAC5E,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,gDAAgD,CAAC,GAAG,IAAI,EAAE,8CAA8C,CAAC;YACxH,cAAc,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,GAAG,CAAC;YAClC,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC;YACtD,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,UAAU,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC/C,cAAc,CAAC,kBAAkB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YACvD,cAAc,CAAC,2BAA2B,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAChE,cAAc,CAAC,sBAAsB,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC3D,cAAc,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;YAC9C,cAAc,CAAC,aAAa,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACrD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,aAAa,CAAC,EAAE,CAAC;QAChE,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,MAAM,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC3D,CAAC;;AAxWL,wBAyWC;AA3VG,gBAAgB;AACO,mBAAY,GAAG,2BAA2B,CAAC"}

package/clientCimd.d.ts

@@ -0,0 +1,394 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as inputs from "./types/input";
+import * as outputs from "./types/output";
+/**
+ * With this resource, you can register an Auth0 client from a Client ID Metadata Document (CIMD) URL. CIMD enables tenant admins to onboard MCP agent clients by providing a URL to an externally-hosted metadata document instead of using Dynamic Client Registration.
+ *
+ * Requires the `clientIdMetadataDocumentSupported` tenant setting to be enabled.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as auth0 from "@pulumi/auth0";
+ *
+ * const minimalClient = new auth0.ClientCimd("minimal_client", {externalClientId: "https://mcp-agent1.example.com/oauth/metadata.json"});
+ * const myMcpAgent = new auth0.ClientCimd("my_mcp_agent", {
+ *     externalClientId: "https://mcp-agent2.example.com/.well-known/client.json",
+ *     externalClientIdVersion: 1,
+ *     description: "MCP Agent - Production",
+ *     appType: "spa",
+ *     oidcConformant: true,
+ *     allowedOrigins: ["https://mcp-agent2.example.com"],
+ *     webOrigins: ["https://mcp-agent2.example.com"],
+ *     grantTypes: [
+ *         "authorization_code",
+ *         "refresh_token",
+ *     ],
+ *     clientMetadata: {
+ *         environment: "production",
+ *     },
+ *     jwtConfiguration: {
+ *         lifetimeInSeconds: 300,
+ *         alg: "RS256",
+ *     },
+ *     refreshToken: {
+ *         rotationType: "rotating",
+ *         expirationType: "expiring",
+ *         tokenLifetime: 2592000,
+ *         idleTokenLifetime: 1296000,
+ *         infiniteTokenLifetime: false,
+ *         infiniteIdleTokenLifetime: false,
+ *         leeway: 0,
+ *     },
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * This resource can be imported by specifying the client ID.
+ * Generally CIMD clients have a "tpc_" prefix in their client ID.
+ *
+ * Example:
+ *
+ * ```sh
+ * $ pulumi import auth0:index/clientCimd:ClientCimd my_mcp_agent "tpc_5FPpaVyZGSNRCBzTb2zURZ"
+ * ```
+ */
+export declare class ClientCimd extends pulumi.CustomResource {
+    /**
+     * Get an existing ClientCimd resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ClientCimdState, opts?: pulumi.CustomResourceOptions): ClientCimd;
+    /**
+     * Returns true if the given object is an instance of ClientCimd.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is ClientCimd;
+    /**
+     * URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
+     */
+    readonly allowedOrigins: pulumi.Output<string[] | undefined>;
+    /**
+     * Type of application the client represents. CIMD clients only support `native`, `spa`, and `regularWeb`.
+     */
+    readonly appType: pulumi.Output<string>;
+    /**
+     * URLs that Auth0 may call back after authentication. Derived from the CIMD metadata document.
+     */
+    readonly callbacks: pulumi.Output<string[]>;
+    /**
+     * The ID of the client.
+     */
+    readonly clientId: pulumi.Output<string>;
+    /**
+     * Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: `:,-+=_*?"/\()<>@ [Tab] [Space]`.
+     */
+    readonly clientMetadata: pulumi.Output<{
+        [key: string]: string;
+    } | undefined>;
+    /**
+     * Configure and associate an organization with the Client
+     */
+    readonly defaultOrganization: pulumi.Output<outputs.ClientCimdDefaultOrganization | undefined>;
+    /**
+     * Description of the purpose of the client.
+     */
+    readonly description: pulumi.Output<string | undefined>;
+    /**
+     * The HTTPS URL of the Client ID Metadata Document. Must include a path component (e.g. `https://app.example.com/client.json`). This value is immutable after creation.
+     */
+    readonly externalClientId: pulumi.Output<string>;
+    /**
+     * Version number for external*client*id metadata document changes. Update this value to sync the client with the latest values of the json metadata document.
+     */
+    readonly externalClientIdVersion: pulumi.Output<number | undefined>;
+    /**
+     * Who created the external metadata client: `admin` (via Management API) or `client` (self-registered).
+     */
+    readonly externalMetadataCreatedBy: pulumi.Output<string>;
+    /**
+     * Type of external metadata. Always `cimd` for CIMD-registered clients.
+     */
+    readonly externalMetadataType: pulumi.Output<string>;
+    /**
+     * Types of grants that this client is authorized to use. CIMD clients support `authorizationCode` and `refreshToken`.
+     */
+    readonly grantTypes: pulumi.Output<string[]>;
+    /**
+     * Whether this is a first-party client. Always `false` for CIMD clients.
+     */
+    readonly isFirstParty: pulumi.Output<boolean>;
+    /**
+     * URL for the JSON Web Key Set (JWKS) containing the public keys used for `privateKeyJwt` authentication.
+     */
+    readonly jwksUri: pulumi.Output<string>;
+    /**
+     * Configuration settings for the JWTs issued for this client.
+     */
+    readonly jwtConfiguration: pulumi.Output<outputs.ClientCimdJwtConfiguration>;
+    /**
+     * URL of the logo for this client, derived from the CIMD metadata document.
+     */
+    readonly logoUri: pulumi.Output<string>;
+    /**
+     * Name of the client, derived from the CIMD metadata document.
+     */
+    readonly name: pulumi.Output<string>;
+    /**
+     * Whether this client conforms to strict OIDC specifications. Must be `true` for CIMD clients.
+     */
+    readonly oidcConformant: pulumi.Output<boolean>;
+    /**
+     * Methods for discovering organizations during the pre*login*prompt. Can include `email` (allows users to find their organization by entering their email address) and/or `organizationName` (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that `organizationRequireBehavior` is set to `preLoginPrompt`.
+     */
+    readonly organizationDiscoveryMethods: pulumi.Output<string[] | undefined>;
+    /**
+     * Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows.
+     */
+    readonly redirectionPolicy: pulumi.Output<string>;
+    /**
+     * Configuration settings for the refresh tokens issued for this client.
+     */
+    readonly refreshToken: pulumi.Output<outputs.ClientCimdRefreshToken>;
+    /**
+     * Makes the use of Proof-of-Possession mandatory for this client.
+     */
+    readonly requireProofOfPossession: pulumi.Output<boolean | undefined>;
+    /**
+     * List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
+     */
+    readonly signingKeys: pulumi.Output<{
+        [key: string]: string;
+    }[]>;
+    /**
+     * Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it.
+     */
+    readonly skipNonVerifiableCallbackUriConfirmationPrompt: pulumi.Output<boolean | undefined>;
+    /**
+     * Security mode for third-party clients. `strict` enforces enhanced security controls
+     */
+    readonly thirdPartySecurityMode: pulumi.Output<string>;
+    /**
+     * The token quota configuration.
+     */
+    readonly tokenQuota: pulumi.Output<outputs.ClientCimdTokenQuota | undefined>;
+    /**
+     * Validation result of the CIMD metadata document.
+     */
+    readonly validations: pulumi.Output<outputs.ClientCimdValidation[]>;
+    /**
+     * URLs that represent valid web origins for use with web message response mode.
+     */
+    readonly webOrigins: pulumi.Output<string[] | undefined>;
+    /**
+     * Create a ClientCimd resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: ClientCimdArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering ClientCimd resources.
+ */
+export interface ClientCimdState {
+    /**
+     * URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
+     */
+    allowedOrigins?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Type of application the client represents. CIMD clients only support `native`, `spa`, and `regularWeb`.
+     */
+    appType?: pulumi.Input<string>;
+    /**
+     * URLs that Auth0 may call back after authentication. Derived from the CIMD metadata document.
+     */
+    callbacks?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * The ID of the client.
+     */
+    clientId?: pulumi.Input<string>;
+    /**
+     * Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: `:,-+=_*?"/\()<>@ [Tab] [Space]`.
+     */
+    clientMetadata?: pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>;
+    /**
+     * Configure and associate an organization with the Client
+     */
+    defaultOrganization?: pulumi.Input<inputs.ClientCimdDefaultOrganization>;
+    /**
+     * Description of the purpose of the client.
+     */
+    description?: pulumi.Input<string>;
+    /**
+     * The HTTPS URL of the Client ID Metadata Document. Must include a path component (e.g. `https://app.example.com/client.json`). This value is immutable after creation.
+     */
+    externalClientId?: pulumi.Input<string>;
+    /**
+     * Version number for external*client*id metadata document changes. Update this value to sync the client with the latest values of the json metadata document.
+     */
+    externalClientIdVersion?: pulumi.Input<number>;
+    /**
+     * Who created the external metadata client: `admin` (via Management API) or `client` (self-registered).
+     */
+    externalMetadataCreatedBy?: pulumi.Input<string>;
+    /**
+     * Type of external metadata. Always `cimd` for CIMD-registered clients.
+     */
+    externalMetadataType?: pulumi.Input<string>;
+    /**
+     * Types of grants that this client is authorized to use. CIMD clients support `authorizationCode` and `refreshToken`.
+     */
+    grantTypes?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Whether this is a first-party client. Always `false` for CIMD clients.
+     */
+    isFirstParty?: pulumi.Input<boolean>;
+    /**
+     * URL for the JSON Web Key Set (JWKS) containing the public keys used for `privateKeyJwt` authentication.
+     */
+    jwksUri?: pulumi.Input<string>;
+    /**
+     * Configuration settings for the JWTs issued for this client.
+     */
+    jwtConfiguration?: pulumi.Input<inputs.ClientCimdJwtConfiguration>;
+    /**
+     * URL of the logo for this client, derived from the CIMD metadata document.
+     */
+    logoUri?: pulumi.Input<string>;
+    /**
+     * Name of the client, derived from the CIMD metadata document.
+     */
+    name?: pulumi.Input<string>;
+    /**
+     * Whether this client conforms to strict OIDC specifications. Must be `true` for CIMD clients.
+     */
+    oidcConformant?: pulumi.Input<boolean>;
+    /**
+     * Methods for discovering organizations during the pre*login*prompt. Can include `email` (allows users to find their organization by entering their email address) and/or `organizationName` (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that `organizationRequireBehavior` is set to `preLoginPrompt`.
+     */
+    organizationDiscoveryMethods?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows.
+     */
+    redirectionPolicy?: pulumi.Input<string>;
+    /**
+     * Configuration settings for the refresh tokens issued for this client.
+     */
+    refreshToken?: pulumi.Input<inputs.ClientCimdRefreshToken>;
+    /**
+     * Makes the use of Proof-of-Possession mandatory for this client.
+     */
+    requireProofOfPossession?: pulumi.Input<boolean>;
+    /**
+     * List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
+     */
+    signingKeys?: pulumi.Input<pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>[]>;
+    /**
+     * Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it.
+     */
+    skipNonVerifiableCallbackUriConfirmationPrompt?: pulumi.Input<boolean>;
+    /**
+     * Security mode for third-party clients. `strict` enforces enhanced security controls
+     */
+    thirdPartySecurityMode?: pulumi.Input<string>;
+    /**
+     * The token quota configuration.
+     */
+    tokenQuota?: pulumi.Input<inputs.ClientCimdTokenQuota>;
+    /**
+     * Validation result of the CIMD metadata document.
+     */
+    validations?: pulumi.Input<pulumi.Input<inputs.ClientCimdValidation>[]>;
+    /**
+     * URLs that represent valid web origins for use with web message response mode.
+     */
+    webOrigins?: pulumi.Input<pulumi.Input<string>[]>;
+}
+/**
+ * The set of arguments for constructing a ClientCimd resource.
+ */
+export interface ClientCimdArgs {
+    /**
+     * URLs that represent valid origins for cross-origin resource sharing. By default, all your callback URLs will be allowed.
+     */
+    allowedOrigins?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Type of application the client represents. CIMD clients only support `native`, `spa`, and `regularWeb`.
+     */
+    appType?: pulumi.Input<string>;
+    /**
+     * Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: `:,-+=_*?"/\()<>@ [Tab] [Space]`.
+     */
+    clientMetadata?: pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>;
+    /**
+     * Configure and associate an organization with the Client
+     */
+    defaultOrganization?: pulumi.Input<inputs.ClientCimdDefaultOrganization>;
+    /**
+     * Description of the purpose of the client.
+     */
+    description?: pulumi.Input<string>;
+    /**
+     * The HTTPS URL of the Client ID Metadata Document. Must include a path component (e.g. `https://app.example.com/client.json`). This value is immutable after creation.
+     */
+    externalClientId: pulumi.Input<string>;
+    /**
+     * Version number for external*client*id metadata document changes. Update this value to sync the client with the latest values of the json metadata document.
+     */
+    externalClientIdVersion?: pulumi.Input<number>;
+    /**
+     * Types of grants that this client is authorized to use. CIMD clients support `authorizationCode` and `refreshToken`.
+     */
+    grantTypes?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Configuration settings for the JWTs issued for this client.
+     */
+    jwtConfiguration?: pulumi.Input<inputs.ClientCimdJwtConfiguration>;
+    /**
+     * Whether this client conforms to strict OIDC specifications. Must be `true` for CIMD clients.
+     */
+    oidcConformant?: pulumi.Input<boolean>;
+    /**
+     * Methods for discovering organizations during the pre*login*prompt. Can include `email` (allows users to find their organization by entering their email address) and/or `organizationName` (requires users to enter the organization name directly). These methods can be combined. Setting this property requires that `organizationRequireBehavior` is set to `preLoginPrompt`.
+     */
+    organizationDiscoveryMethods?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Controls whether Auth0 redirects users to the application's callback URL on authentication errors or in email verification flows.
+     */
+    redirectionPolicy?: pulumi.Input<string>;
+    /**
+     * Configuration settings for the refresh tokens issued for this client.
+     */
+    refreshToken?: pulumi.Input<inputs.ClientCimdRefreshToken>;
+    /**
+     * Makes the use of Proof-of-Possession mandatory for this client.
+     */
+    requireProofOfPossession?: pulumi.Input<boolean>;
+    /**
+     * Indicates whether the confirmation prompt appears when using non-verifiable callback URIs. Set to true to skip the prompt, false to show it.
+     */
+    skipNonVerifiableCallbackUriConfirmationPrompt?: pulumi.Input<boolean>;
+    /**
+     * The token quota configuration.
+     */
+    tokenQuota?: pulumi.Input<inputs.ClientCimdTokenQuota>;
+    /**
+     * URLs that represent valid web origins for use with web message response mode.
+     */
+    webOrigins?: pulumi.Input<pulumi.Input<string>[]>;
+}