@pulumi/keycloak 6.9.0-alpha.1766555854 → 6.9.0

package/oidc/facebookIdentityProvider.d.ts

@@ -0,0 +1,363 @@
+import * as pulumi from "@pulumi/pulumi";
+/**
+ * Allows for creating and managing OIDC Identity Providers within Keycloak.
+ *
+ * OIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as keycloak from "@pulumi/keycloak";
+ *
+ * const realm = new keycloak.Realm("realm", {
+ *     realm: "my-realm",
+ *     enabled: true,
+ * });
+ * const facebook = new keycloak.oidc.FacebookIdentityProvider("facebook", {
+ *     realm: realm.id,
+ *     clientId: facebookIdentityProviderClientId,
+ *     clientSecret: facebookIdentityProviderClientSecret,
+ *     trustEmail: true,
+ *     fetchedFields: "picture",
+ *     syncMode: "IMPORT",
+ *     extraConfig: {
+ *         myCustomConfigKey: "myValue",
+ *     },
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * Facebook Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where idp_alias is the identity provider alias.
+ *
+ * Example:
+ *
+ * bash
+ *
+ * ```sh
+ * $ pulumi import keycloak:oidc/facebookIdentityProvider:FacebookIdentityProvider facebook_identity_provider my-realm/my-facebook-idp
+ * ```
+ */
+export declare class FacebookIdentityProvider extends pulumi.CustomResource {
+    /**
+     * Get an existing FacebookIdentityProvider resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: FacebookIdentityProviderState, opts?: pulumi.CustomResourceOptions): FacebookIdentityProvider;
+    /**
+     * Returns true if the given object is an instance of FacebookIdentityProvider.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is FacebookIdentityProvider;
+    /**
+     * When `true`, unauthenticated requests with `prompt=none` will be forwarded to Google instead of returning an error. Defaults to `false`.
+     */
+    readonly acceptsPromptNoneForwardFromClient: pulumi.Output<boolean | undefined>;
+    /**
+     * When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
+     */
+    readonly addReadTokenRoleOnCreate: pulumi.Output<boolean | undefined>;
+    /**
+     * The alias for the Facebook identity provider.
+     */
+    readonly alias: pulumi.Output<string>;
+    /**
+     * Enable/disable authenticate users by default.
+     */
+    readonly authenticateByDefault: pulumi.Output<boolean | undefined>;
+    /**
+     * The client or client identifier registered within the identity provider.
+     */
+    readonly clientId: pulumi.Output<string>;
+    /**
+     * The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
+     */
+    readonly clientSecret: pulumi.Output<string>;
+    /**
+     * The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid profile email`.
+     */
+    readonly defaultScopes: pulumi.Output<string | undefined>;
+    /**
+     * When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`.
+     */
+    readonly disableUserInfo: pulumi.Output<boolean | undefined>;
+    /**
+     * Display name for the Facebook identity provider in the GUI.
+     */
+    readonly displayName: pulumi.Output<string>;
+    /**
+     * When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`.
+     */
+    readonly enabled: pulumi.Output<boolean | undefined>;
+    readonly extraConfig: pulumi.Output<{
+        [key: string]: string;
+    } | undefined>;
+    /**
+     * Provide additional fields which would be fetched using the profile request. This will be appended to the default set of `id,name,email,first_name,last_name`.
+     */
+    readonly fetchedFields: pulumi.Output<string | undefined>;
+    /**
+     * The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.
+     */
+    readonly firstBrokerLoginFlowAlias: pulumi.Output<string | undefined>;
+    /**
+     * A number defining the order of this identity provider in the GUI.
+     */
+    readonly guiOrder: pulumi.Output<string | undefined>;
+    /**
+     * When `true`, this identity provider will be hidden on the login page. Defaults to `false`.
+     */
+    readonly hideOnLoginPage: pulumi.Output<boolean | undefined>;
+    /**
+     * (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.
+     */
+    readonly internalId: pulumi.Output<string>;
+    /**
+     * When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
+     */
+    readonly linkOnly: pulumi.Output<boolean | undefined>;
+    readonly orgDomain: pulumi.Output<string | undefined>;
+    readonly orgRedirectModeEmailMatches: pulumi.Output<boolean | undefined>;
+    /**
+     * ID of organization with which this identity is linked.
+     */
+    readonly organizationId: pulumi.Output<string | undefined>;
+    /**
+     * The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
+     */
+    readonly postBrokerLoginFlowAlias: pulumi.Output<string | undefined>;
+    /**
+     * The ID of the identity provider to use. Defaults to `facebook`, which should be used unless you have extended Keycloak and provided your own implementation.
+     */
+    readonly providerId: pulumi.Output<string | undefined>;
+    /**
+     * The name of the realm. This is unique across Keycloak.
+     */
+    readonly realm: pulumi.Output<string>;
+    /**
+     * When `true`, tokens will be stored after authenticating users. Defaults to `true`.
+     */
+    readonly storeToken: pulumi.Output<boolean | undefined>;
+    /**
+     * The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.
+     */
+    readonly syncMode: pulumi.Output<string | undefined>;
+    /**
+     * When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
+     */
+    readonly trustEmail: pulumi.Output<boolean | undefined>;
+    /**
+     * Create a FacebookIdentityProvider resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: FacebookIdentityProviderArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering FacebookIdentityProvider resources.
+ */
+export interface FacebookIdentityProviderState {
+    /**
+     * When `true`, unauthenticated requests with `prompt=none` will be forwarded to Google instead of returning an error. Defaults to `false`.
+     */
+    acceptsPromptNoneForwardFromClient?: pulumi.Input<boolean>;
+    /**
+     * When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
+     */
+    addReadTokenRoleOnCreate?: pulumi.Input<boolean>;
+    /**
+     * The alias for the Facebook identity provider.
+     */
+    alias?: pulumi.Input<string>;
+    /**
+     * Enable/disable authenticate users by default.
+     */
+    authenticateByDefault?: pulumi.Input<boolean>;
+    /**
+     * The client or client identifier registered within the identity provider.
+     */
+    clientId?: pulumi.Input<string>;
+    /**
+     * The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
+     */
+    clientSecret?: pulumi.Input<string>;
+    /**
+     * The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid profile email`.
+     */
+    defaultScopes?: pulumi.Input<string>;
+    /**
+     * When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`.
+     */
+    disableUserInfo?: pulumi.Input<boolean>;
+    /**
+     * Display name for the Facebook identity provider in the GUI.
+     */
+    displayName?: pulumi.Input<string>;
+    /**
+     * When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`.
+     */
+    enabled?: pulumi.Input<boolean>;
+    extraConfig?: pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>;
+    /**
+     * Provide additional fields which would be fetched using the profile request. This will be appended to the default set of `id,name,email,first_name,last_name`.
+     */
+    fetchedFields?: pulumi.Input<string>;
+    /**
+     * The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.
+     */
+    firstBrokerLoginFlowAlias?: pulumi.Input<string>;
+    /**
+     * A number defining the order of this identity provider in the GUI.
+     */
+    guiOrder?: pulumi.Input<string>;
+    /**
+     * When `true`, this identity provider will be hidden on the login page. Defaults to `false`.
+     */
+    hideOnLoginPage?: pulumi.Input<boolean>;
+    /**
+     * (Computed) The unique ID that Keycloak assigns to the identity provider upon creation.
+     */
+    internalId?: pulumi.Input<string>;
+    /**
+     * When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
+     */
+    linkOnly?: pulumi.Input<boolean>;
+    orgDomain?: pulumi.Input<string>;
+    orgRedirectModeEmailMatches?: pulumi.Input<boolean>;
+    /**
+     * ID of organization with which this identity is linked.
+     */
+    organizationId?: pulumi.Input<string>;
+    /**
+     * The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
+     */
+    postBrokerLoginFlowAlias?: pulumi.Input<string>;
+    /**
+     * The ID of the identity provider to use. Defaults to `facebook`, which should be used unless you have extended Keycloak and provided your own implementation.
+     */
+    providerId?: pulumi.Input<string>;
+    /**
+     * The name of the realm. This is unique across Keycloak.
+     */
+    realm?: pulumi.Input<string>;
+    /**
+     * When `true`, tokens will be stored after authenticating users. Defaults to `true`.
+     */
+    storeToken?: pulumi.Input<boolean>;
+    /**
+     * The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.
+     */
+    syncMode?: pulumi.Input<string>;
+    /**
+     * When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
+     */
+    trustEmail?: pulumi.Input<boolean>;
+}
+/**
+ * The set of arguments for constructing a FacebookIdentityProvider resource.
+ */
+export interface FacebookIdentityProviderArgs {
+    /**
+     * When `true`, unauthenticated requests with `prompt=none` will be forwarded to Google instead of returning an error. Defaults to `false`.
+     */
+    acceptsPromptNoneForwardFromClient?: pulumi.Input<boolean>;
+    /**
+     * When `true`, new users will be able to read stored tokens. This will automatically assign the `broker.read-token` role. Defaults to `false`.
+     */
+    addReadTokenRoleOnCreate?: pulumi.Input<boolean>;
+    /**
+     * The alias for the Facebook identity provider.
+     */
+    alias?: pulumi.Input<string>;
+    /**
+     * Enable/disable authenticate users by default.
+     */
+    authenticateByDefault?: pulumi.Input<boolean>;
+    /**
+     * The client or client identifier registered within the identity provider.
+     */
+    clientId: pulumi.Input<string>;
+    /**
+     * The client or client secret registered within the identity provider. This field is able to obtain its value from vault, use $${vault.ID} format.
+     */
+    clientSecret: pulumi.Input<string>;
+    /**
+     * The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to `openid profile email`.
+     */
+    defaultScopes?: pulumi.Input<string>;
+    /**
+     * When `true`, disables the usage of the user info service to obtain additional user information. Defaults to `false`.
+     */
+    disableUserInfo?: pulumi.Input<boolean>;
+    /**
+     * Display name for the Facebook identity provider in the GUI.
+     */
+    displayName?: pulumi.Input<string>;
+    /**
+     * When `true`, users will be able to log in to this realm using this identity provider. Defaults to `true`.
+     */
+    enabled?: pulumi.Input<boolean>;
+    extraConfig?: pulumi.Input<{
+        [key: string]: pulumi.Input<string>;
+    }>;
+    /**
+     * Provide additional fields which would be fetched using the profile request. This will be appended to the default set of `id,name,email,first_name,last_name`.
+     */
+    fetchedFields?: pulumi.Input<string>;
+    /**
+     * The authentication flow to use when users log in for the first time through this identity provider. Defaults to `first broker login`.
+     */
+    firstBrokerLoginFlowAlias?: pulumi.Input<string>;
+    /**
+     * A number defining the order of this identity provider in the GUI.
+     */
+    guiOrder?: pulumi.Input<string>;
+    /**
+     * When `true`, this identity provider will be hidden on the login page. Defaults to `false`.
+     */
+    hideOnLoginPage?: pulumi.Input<boolean>;
+    /**
+     * When `true`, users cannot sign-in using this provider, but their existing accounts will be linked when possible. Defaults to `false`.
+     */
+    linkOnly?: pulumi.Input<boolean>;
+    orgDomain?: pulumi.Input<string>;
+    orgRedirectModeEmailMatches?: pulumi.Input<boolean>;
+    /**
+     * ID of organization with which this identity is linked.
+     */
+    organizationId?: pulumi.Input<string>;
+    /**
+     * The authentication flow to use after users have successfully logged in, which can be used to perform additional user verification (such as OTP checking). Defaults to an empty string, which means no post login flow will be used.
+     */
+    postBrokerLoginFlowAlias?: pulumi.Input<string>;
+    /**
+     * The ID of the identity provider to use. Defaults to `facebook`, which should be used unless you have extended Keycloak and provided your own implementation.
+     */
+    providerId?: pulumi.Input<string>;
+    /**
+     * The name of the realm. This is unique across Keycloak.
+     */
+    realm: pulumi.Input<string>;
+    /**
+     * When `true`, tokens will be stored after authenticating users. Defaults to `true`.
+     */
+    storeToken?: pulumi.Input<boolean>;
+    /**
+     * The default sync mode to use for all mappers attached to this identity provider. Can be once of `IMPORT`, `FORCE`, or `LEGACY`.
+     */
+    syncMode?: pulumi.Input<string>;
+    /**
+     * When `true`, email addresses for users in this provider will automatically be verified regardless of the realm's email verification policy. Defaults to `false`.
+     */
+    trustEmail?: pulumi.Input<boolean>;
+}

package/oidc/facebookIdentityProvider.js

@@ -0,0 +1,150 @@
+"use strict";
+// *** WARNING: this file was generated by pulumi-language-nodejs. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FacebookIdentityProvider = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("../utilities");
+/**
+ * Allows for creating and managing OIDC Identity Providers within Keycloak.
+ *
+ * OIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as keycloak from "@pulumi/keycloak";
+ *
+ * const realm = new keycloak.Realm("realm", {
+ *     realm: "my-realm",
+ *     enabled: true,
+ * });
+ * const facebook = new keycloak.oidc.FacebookIdentityProvider("facebook", {
+ *     realm: realm.id,
+ *     clientId: facebookIdentityProviderClientId,
+ *     clientSecret: facebookIdentityProviderClientSecret,
+ *     trustEmail: true,
+ *     fetchedFields: "picture",
+ *     syncMode: "IMPORT",
+ *     extraConfig: {
+ *         myCustomConfigKey: "myValue",
+ *     },
+ * });
+ * ```
+ *
+ * ## Import
+ *
+ * Facebook Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where idp_alias is the identity provider alias.
+ *
+ * Example:
+ *
+ * bash
+ *
+ * ```sh
+ * $ pulumi import keycloak:oidc/facebookIdentityProvider:FacebookIdentityProvider facebook_identity_provider my-realm/my-facebook-idp
+ * ```
+ */
+class FacebookIdentityProvider extends pulumi.CustomResource {
+    /**
+     * Get an existing FacebookIdentityProvider resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new FacebookIdentityProvider(name, state, { ...opts, id: id });
+    }
+    /**
+     * Returns true if the given object is an instance of FacebookIdentityProvider.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === FacebookIdentityProvider.__pulumiType;
+    }
+    constructor(name, argsOrState, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            resourceInputs["acceptsPromptNoneForwardFromClient"] = state?.acceptsPromptNoneForwardFromClient;
+            resourceInputs["addReadTokenRoleOnCreate"] = state?.addReadTokenRoleOnCreate;
+            resourceInputs["alias"] = state?.alias;
+            resourceInputs["authenticateByDefault"] = state?.authenticateByDefault;
+            resourceInputs["clientId"] = state?.clientId;
+            resourceInputs["clientSecret"] = state?.clientSecret;
+            resourceInputs["defaultScopes"] = state?.defaultScopes;
+            resourceInputs["disableUserInfo"] = state?.disableUserInfo;
+            resourceInputs["displayName"] = state?.displayName;
+            resourceInputs["enabled"] = state?.enabled;
+            resourceInputs["extraConfig"] = state?.extraConfig;
+            resourceInputs["fetchedFields"] = state?.fetchedFields;
+            resourceInputs["firstBrokerLoginFlowAlias"] = state?.firstBrokerLoginFlowAlias;
+            resourceInputs["guiOrder"] = state?.guiOrder;
+            resourceInputs["hideOnLoginPage"] = state?.hideOnLoginPage;
+            resourceInputs["internalId"] = state?.internalId;
+            resourceInputs["linkOnly"] = state?.linkOnly;
+            resourceInputs["orgDomain"] = state?.orgDomain;
+            resourceInputs["orgRedirectModeEmailMatches"] = state?.orgRedirectModeEmailMatches;
+            resourceInputs["organizationId"] = state?.organizationId;
+            resourceInputs["postBrokerLoginFlowAlias"] = state?.postBrokerLoginFlowAlias;
+            resourceInputs["providerId"] = state?.providerId;
+            resourceInputs["realm"] = state?.realm;
+            resourceInputs["storeToken"] = state?.storeToken;
+            resourceInputs["syncMode"] = state?.syncMode;
+            resourceInputs["trustEmail"] = state?.trustEmail;
+        }
+        else {
+            const args = argsOrState;
+            if (args?.clientId === undefined && !opts.urn) {
+                throw new Error("Missing required property 'clientId'");
+            }
+            if (args?.clientSecret === undefined && !opts.urn) {
+                throw new Error("Missing required property 'clientSecret'");
+            }
+            if (args?.realm === undefined && !opts.urn) {
+                throw new Error("Missing required property 'realm'");
+            }
+            resourceInputs["acceptsPromptNoneForwardFromClient"] = args?.acceptsPromptNoneForwardFromClient;
+            resourceInputs["addReadTokenRoleOnCreate"] = args?.addReadTokenRoleOnCreate;
+            resourceInputs["alias"] = args?.alias;
+            resourceInputs["authenticateByDefault"] = args?.authenticateByDefault;
+            resourceInputs["clientId"] = args?.clientId;
+            resourceInputs["clientSecret"] = args?.clientSecret ? pulumi.secret(args.clientSecret) : undefined;
+            resourceInputs["defaultScopes"] = args?.defaultScopes;
+            resourceInputs["disableUserInfo"] = args?.disableUserInfo;
+            resourceInputs["displayName"] = args?.displayName;
+            resourceInputs["enabled"] = args?.enabled;
+            resourceInputs["extraConfig"] = args?.extraConfig;
+            resourceInputs["fetchedFields"] = args?.fetchedFields;
+            resourceInputs["firstBrokerLoginFlowAlias"] = args?.firstBrokerLoginFlowAlias;
+            resourceInputs["guiOrder"] = args?.guiOrder;
+            resourceInputs["hideOnLoginPage"] = args?.hideOnLoginPage;
+            resourceInputs["linkOnly"] = args?.linkOnly;
+            resourceInputs["orgDomain"] = args?.orgDomain;
+            resourceInputs["orgRedirectModeEmailMatches"] = args?.orgRedirectModeEmailMatches;
+            resourceInputs["organizationId"] = args?.organizationId;
+            resourceInputs["postBrokerLoginFlowAlias"] = args?.postBrokerLoginFlowAlias;
+            resourceInputs["providerId"] = args?.providerId;
+            resourceInputs["realm"] = args?.realm;
+            resourceInputs["storeToken"] = args?.storeToken;
+            resourceInputs["syncMode"] = args?.syncMode;
+            resourceInputs["trustEmail"] = args?.trustEmail;
+            resourceInputs["internalId"] = undefined /*out*/;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        const secretOpts = { additionalSecretOutputs: ["clientSecret"] };
+        opts = pulumi.mergeOptions(opts, secretOpts);
+        super(FacebookIdentityProvider.__pulumiType, name, resourceInputs, opts);
+    }
+}
+exports.FacebookIdentityProvider = FacebookIdentityProvider;
+/** @internal */
+FacebookIdentityProvider.__pulumiType = 'keycloak:oidc/facebookIdentityProvider:FacebookIdentityProvider';
+//# sourceMappingURL=facebookIdentityProvider.js.map

package/oidc/facebookIdentityProvider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"facebookIdentityProvider.js","sourceRoot":"","sources":["../../oidc/facebookIdentityProvider.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAE1C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuCG;AACH,MAAa,wBAAyB,SAAQ,MAAM,CAAC,cAAc;IAC/D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAqC,EAAE,IAAmC;QACnI,OAAO,IAAI,wBAAwB,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC/E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,wBAAwB,CAAC,YAAY,CAAC;IACzE,CAAC;IA0GD,YAAY,IAAY,EAAE,WAA0E,EAAE,IAAmC;QACrI,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAwD,CAAC;YACvE,cAAc,CAAC,oCAAoC,CAAC,GAAG,KAAK,EAAE,kCAAkC,CAAC;YACjG,cAAc,CAAC,0BAA0B,CAAC,GAAG,KAAK,EAAE,wBAAwB,CAAC;YAC7E,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,EAAE,KAAK,CAAC;YACvC,cAAc,CAAC,uBAAuB,CAAC,GAAG,KAAK,EAAE,qBAAqB,CAAC;YACvE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,2BAA2B,CAAC,GAAG,KAAK,EAAE,yBAAyB,CAAC;YAC/E,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,EAAE,eAAe,CAAC;YAC3D,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,6BAA6B,CAAC,GAAG,KAAK,EAAE,2BAA2B,CAAC;YACnF,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;YACzD,cAAc,CAAC,0BAA0B,CAAC,GAAG,KAAK,EAAE,wBAAwB,CAAC;YAC7E,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,EAAE,KAAK,CAAC;YACvC,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;SACpD;aAAM;YACH,MAAM,IAAI,GAAG,WAAuD,CAAC;YACrE,IAAI,IAAI,EAAE,QAAQ,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC3C,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,IAAI,IAAI,EAAE,YAAY,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC/C,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;aAC/D;YACD,IAAI,IAAI,EAAE,KAAK,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACxC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;aACxD;YACD,cAAc,CAAC,oCAAoC,CAAC,GAAG,IAAI,EAAE,kCAAkC,CAAC;YAChG,cAAc,CAAC,0BAA0B,CAAC,GAAG,IAAI,EAAE,wBAAwB,CAAC;YAC5E,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,KAAK,CAAC;YACtC,cAAc,CAAC,uBAAuB,CAAC,GAAG,IAAI,EAAE,qBAAqB,CAAC;YACtE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,EAAE,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YACnG,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC;YACtD,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC;YACtD,cAAc,CAAC,2BAA2B,CAAC,GAAG,IAAI,EAAE,yBAAyB,CAAC;YAC9E,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,EAAE,eAAe,CAAC;YAC1D,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,6BAA6B,CAAC,GAAG,IAAI,EAAE,2BAA2B,CAAC;YAClF,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,EAAE,cAAc,CAAC;YACxD,cAAc,CAAC,0BAA0B,CAAC,GAAG,IAAI,EAAE,wBAAwB,CAAC;YAC5E,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,KAAK,CAAC;YACtC,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,OAAO,CAAC;SACpD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC;QACjE,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,wBAAwB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC7E,CAAC;;AA7ML,4DA8MC;AAhMG,gBAAgB;AACO,qCAAY,GAAG,iEAAiE,CAAC"}

package/oidc/index.d.ts

@@ -1,3 +1,6 @@
+export { FacebookIdentityProviderArgs, FacebookIdentityProviderState } from "./facebookIdentityProvider";
+export type FacebookIdentityProvider = import("./facebookIdentityProvider").FacebookIdentityProvider;
+export declare const FacebookIdentityProvider: typeof import("./facebookIdentityProvider").FacebookIdentityProvider;
 export { GithubIdentityProviderArgs, GithubIdentityProviderState } from "./githubIdentityProvider";
 export type GithubIdentityProvider = import("./githubIdentityProvider").GithubIdentityProvider;
 export declare const GithubIdentityProvider: typeof import("./githubIdentityProvider").GithubIdentityProvider;

package/oidc/index.js

@@ -2,9 +2,11 @@
 // *** WARNING: this file was generated by pulumi-language-nodejs. ***
 // *** Do not edit by hand unless you're certain you know what you are doing! ***
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.IdentityProvider = exports.GoogleIdentityProvider = exports.GithubIdentityProvider = void 0;
+exports.IdentityProvider = exports.GoogleIdentityProvider = exports.GithubIdentityProvider = exports.FacebookIdentityProvider = void 0;
 const pulumi = require("@pulumi/pulumi");
 const utilities = require("../utilities");
+exports.FacebookIdentityProvider = null;
+utilities.lazyLoad(exports, ["FacebookIdentityProvider"], () => require("./facebookIdentityProvider"));
 exports.GithubIdentityProvider = null;
 utilities.lazyLoad(exports, ["GithubIdentityProvider"], () => require("./githubIdentityProvider"));
 exports.GoogleIdentityProvider = null;
@@ -15,6 +17,8 @@ const _module = {
     version: utilities.getVersion(),
     construct: (name, type, urn) => {
         switch (type) {
+            case "keycloak:oidc/facebookIdentityProvider:FacebookIdentityProvider":
+                return new exports.FacebookIdentityProvider(name, undefined, { urn });
             case "keycloak:oidc/githubIdentityProvider:GithubIdentityProvider":
                 return new exports.GithubIdentityProvider(name, undefined, { urn });
             case "keycloak:oidc/googleIdentityProvider:GoogleIdentityProvider":
@@ -26,6 +30,7 @@ const _module = {
         }
     },
 };
+pulumi.runtime.registerResourceModule("keycloak", "oidc/facebookIdentityProvider", _module);
 pulumi.runtime.registerResourceModule("keycloak", "oidc/githubIdentityProvider", _module);
 pulumi.runtime.registerResourceModule("keycloak", "oidc/googleIdentityProvider", _module);
 pulumi.runtime.registerResourceModule("keycloak", "oidc/identityProvider", _module);

package/oidc/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../oidc/index.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAK7B,QAAA,sBAAsB,GAAqE,IAAW,CAAC;AACpH,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,wBAAwB,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC,CAAC;AAItF,QAAA,sBAAsB,GAAqE,IAAW,CAAC;AACpH,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,wBAAwB,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC,CAAC;AAItF,QAAA,gBAAgB,GAAyD,IAAW,CAAC;AAClG,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,kBAAkB,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC,CAAC;AAGvF,MAAM,OAAO,GAAG;IACZ,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE;IAC/B,SAAS,EAAE,CAAC,IAAY,EAAE,IAAY,EAAE,GAAW,EAAmB,EAAE;QACpE,QAAQ,IAAI,EAAE;YACV,KAAK,6DAA6D;gBAC9D,OAAO,IAAI,8BAAsB,CAAC,IAAI,EAAO,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,CAAA;YACpE,KAAK,6DAA6D;gBAC9D,OAAO,IAAI,8BAAsB,CAAC,IAAI,EAAO,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,CAAA;YACpE,KAAK,iDAAiD;gBAClD,OAAO,IAAI,wBAAgB,CAAC,IAAI,EAAO,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,CAAA;YAC9D;gBACI,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,EAAE,CAAC,CAAC;SACxD;IACL,CAAC;CACJ,CAAC;AACF,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,UAAU,EAAE,6BAA6B,EAAE,OAAO,CAAC,CAAA;AACzF,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,UAAU,EAAE,6BAA6B,EAAE,OAAO,CAAC,CAAA;AACzF,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,UAAU,EAAE,uBAAuB,EAAE,OAAO,CAAC,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../oidc/index.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AACzC,0CAA0C;AAK7B,QAAA,wBAAwB,GAAyE,IAAW,CAAC;AAC1H,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,0BAA0B,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,4BAA4B,CAAC,CAAC,CAAC;AAI1F,QAAA,sBAAsB,GAAqE,IAAW,CAAC;AACpH,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,wBAAwB,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC,CAAC;AAItF,QAAA,sBAAsB,GAAqE,IAAW,CAAC;AACpH,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,wBAAwB,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,0BAA0B,CAAC,CAAC,CAAC;AAItF,QAAA,gBAAgB,GAAyD,IAAW,CAAC;AAClG,SAAS,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC,kBAAkB,CAAC,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC,CAAC;AAGvF,MAAM,OAAO,GAAG;IACZ,OAAO,EAAE,SAAS,CAAC,UAAU,EAAE;IAC/B,SAAS,EAAE,CAAC,IAAY,EAAE,IAAY,EAAE,GAAW,EAAmB,EAAE;QACpE,QAAQ,IAAI,EAAE;YACV,KAAK,iEAAiE;gBAClE,OAAO,IAAI,gCAAwB,CAAC,IAAI,EAAO,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,CAAA;YACtE,KAAK,6DAA6D;gBAC9D,OAAO,IAAI,8BAAsB,CAAC,IAAI,EAAO,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,CAAA;YACpE,KAAK,6DAA6D;gBAC9D,OAAO,IAAI,8BAAsB,CAAC,IAAI,EAAO,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,CAAA;YACpE,KAAK,iDAAiD;gBAClD,OAAO,IAAI,wBAAgB,CAAC,IAAI,EAAO,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,CAAA;YAC9D;gBACI,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAI,EAAE,CAAC,CAAC;SACxD;IACL,CAAC;CACJ,CAAC;AACF,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,UAAU,EAAE,+BAA+B,EAAE,OAAO,CAAC,CAAA;AAC3F,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,UAAU,EAAE,6BAA6B,EAAE,OAAO,CAAC,CAAA;AACzF,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,UAAU,EAAE,6BAA6B,EAAE,OAAO,CAAC,CAAA;AACzF,MAAM,CAAC,OAAO,CAAC,sBAAsB,CAAC,UAAU,EAAE,uBAAuB,EAAE,OAAO,CAAC,CAAA"}

package/openid/client.d.ts

@@ -202,7 +202,7 @@ export declare class Client extends pulumi.CustomResource {
     /**
      * The description of this client in the GUI.
      */
-    readonly description: pulumi.Output<string>;
+    readonly description: pulumi.Output<string | undefined>;
     /**
      * When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`.
      */
@@ -274,6 +274,10 @@ export declare class Client extends pulumi.CustomResource {
      * The realm this client is attached to.
      */
     readonly realmId: pulumi.Output<string>;
+    /**
+     * Enable support for Demonstrating Proof-of-Possession (DPoP) bound tokens.
+     */
+    readonly requireDpopBoundTokens: pulumi.Output<boolean>;
     /**
      * (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute).
      */
@@ -512,6 +516,10 @@ export interface ClientState {
      * The realm this client is attached to.
      */
     realmId?: pulumi.Input<string>;
+    /**
+     * Enable support for Demonstrating Proof-of-Possession (DPoP) bound tokens.
+     */
+    requireDpopBoundTokens?: pulumi.Input<boolean>;
     /**
      * (Computed) When authorization is enabled for this client, this attribute is the unique ID for the client (the same value as the `.id` attribute).
      */
@@ -742,6 +750,10 @@ export interface ClientArgs {
      * The realm this client is attached to.
      */
     realmId: pulumi.Input<string>;
+    /**
+     * Enable support for Demonstrating Proof-of-Possession (DPoP) bound tokens.
+     */
+    requireDpopBoundTokens?: pulumi.Input<boolean>;
     /**
      * When specified, this URL is prepended to any relative URLs found within `validRedirectUris`, `webOrigins`, and `adminUrl`. NOTE: Due to limitations in the Keycloak API, when the `rootUrl` attribute is used, the `validRedirectUris`, `webOrigins`, and `adminUrl` attributes will be required.
      */

package/openid/client.js

@@ -153,6 +153,7 @@ class Client extends pulumi.CustomResource {
             resourceInputs["oauth2DevicePollingInterval"] = state?.oauth2DevicePollingInterval;
             resourceInputs["pkceCodeChallengeMethod"] = state?.pkceCodeChallengeMethod;
             resourceInputs["realmId"] = state?.realmId;
+            resourceInputs["requireDpopBoundTokens"] = state?.requireDpopBoundTokens;
             resourceInputs["resourceServerId"] = state?.resourceServerId;
             resourceInputs["rootUrl"] = state?.rootUrl;
             resourceInputs["serviceAccountUserId"] = state?.serviceAccountUserId;
@@ -215,6 +216,7 @@ class Client extends pulumi.CustomResource {
             resourceInputs["oauth2DevicePollingInterval"] = args?.oauth2DevicePollingInterval;
             resourceInputs["pkceCodeChallengeMethod"] = args?.pkceCodeChallengeMethod;
             resourceInputs["realmId"] = args?.realmId;
+            resourceInputs["requireDpopBoundTokens"] = args?.requireDpopBoundTokens;
             resourceInputs["rootUrl"] = args?.rootUrl;
             resourceInputs["serviceAccountsEnabled"] = args?.serviceAccountsEnabled;
             resourceInputs["standardFlowEnabled"] = args?.standardFlowEnabled;