With this resource, you can create and manage SCIM bearer tokens for a connection. This resource only works with enterprise connections
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const azureAd = new auth0.Connection("azure_ad", {
name: "Acceptance-Test-Azure-AD",
strategy: "waad",
showAsButton: true,
options: {
identityApi: "microsoft-identity-platform-v2.0",
clientId: "123456",
clientSecret: "123456",
strategyVersion: 2,
tenantDomain: "example.onmicrosoft.com",
domain: "example.onmicrosoft.com",
domainAliases: [
"example.com",
"api.example.com",
],
useWsfed: false,
waadProtocol: "openid-connect",
waadCommonEndpoint: false,
userIdAttribute: "oid",
apiEnableUsers: true,
scopes: [
"basic_profile",
"ext_groups",
"ext_profile",
],
setUserRootAttributes: "on_each_login",
shouldTrustEmailVerifiedConnection: "never_set_emails_as_verified",
upstreamParams: JSON.stringify({
screen_name: {
alias: "login_hint",
},
}),
},
});
const myScimConfig = new auth0.ConnectionScimConfiguration("my_scim_config", {connectionId: azureAd.id});
const myScimToken = new auth0.ConnectionScimToken("my_scim_token", {
connectionId: azureAd.id,
scopes: [
"post:users",
"get:users",
],
}, {
dependsOn: [myScimConfig],
});
import pulumi
import json
import pulumi_auth0 as auth0
azure_ad = auth0.Connection("azure_ad",
name="Acceptance-Test-Azure-AD",
strategy="waad",
show_as_button=True,
options={
"identity_api": "microsoft-identity-platform-v2.0",
"client_id": "123456",
"client_secret": "123456",
"strategy_version": 2,
"tenant_domain": "example.onmicrosoft.com",
"domain": "example.onmicrosoft.com",
"domain_aliases": [
"example.com",
"api.example.com",
],
"use_wsfed": False,
"waad_protocol": "openid-connect",
"waad_common_endpoint": False,
"user_id_attribute": "oid",
"api_enable_users": True,
"scopes": [
"basic_profile",
"ext_groups",
"ext_profile",
],
"set_user_root_attributes": "on_each_login",
"should_trust_email_verified_connection": "never_set_emails_as_verified",
"upstream_params": json.dumps({
"screen_name": {
"alias": "login_hint",
},
}),
})
my_scim_config = auth0.ConnectionScimConfiguration("my_scim_config", connection_id=azure_ad.id)
my_scim_token = auth0.ConnectionScimToken("my_scim_token",
connection_id=azure_ad.id,
scopes=[
"post:users",
"get:users",
],
opts = pulumi.ResourceOptions(depends_on=[my_scim_config]))
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"screen_name": map[string]interface{}{
"alias": "login_hint",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
azureAd, err := auth0.NewConnection(ctx, "azure_ad", &auth0.ConnectionArgs{
Name: pulumi.String("Acceptance-Test-Azure-AD"),
Strategy: pulumi.String("waad"),
ShowAsButton: pulumi.Bool(true),
Options: &auth0.ConnectionOptionsArgs{
IdentityApi: pulumi.String("microsoft-identity-platform-v2.0"),
ClientId: pulumi.String("123456"),
ClientSecret: pulumi.String("123456"),
StrategyVersion: pulumi.Int(2),
TenantDomain: pulumi.String("example.onmicrosoft.com"),
Domain: pulumi.String("example.onmicrosoft.com"),
DomainAliases: pulumi.StringArray{
pulumi.String("example.com"),
pulumi.String("api.example.com"),
},
UseWsfed: pulumi.Bool(false),
WaadProtocol: pulumi.String("openid-connect"),
WaadCommonEndpoint: pulumi.Bool(false),
UserIdAttribute: pulumi.String("oid"),
ApiEnableUsers: pulumi.Bool(true),
Scopes: pulumi.StringArray{
pulumi.String("basic_profile"),
pulumi.String("ext_groups"),
pulumi.String("ext_profile"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
ShouldTrustEmailVerifiedConnection: pulumi.String("never_set_emails_as_verified"),
UpstreamParams: pulumi.String(json0),
},
})
if err != nil {
return err
}
myScimConfig, err := auth0.NewConnectionScimConfiguration(ctx, "my_scim_config", &auth0.ConnectionScimConfigurationArgs{
ConnectionId: azureAd.ID(),
})
if err != nil {
return err
}
_, err = auth0.NewConnectionScimToken(ctx, "my_scim_token", &auth0.ConnectionScimTokenArgs{
ConnectionId: azureAd.ID(),
Scopes: pulumi.StringArray{
pulumi.String("post:users"),
pulumi.String("get:users"),
},
}, pulumi.DependsOn([]pulumi.Resource{
myScimConfig,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var azureAd = new Auth0.Connection("azure_ad", new()
{
Name = "Acceptance-Test-Azure-AD",
Strategy = "waad",
ShowAsButton = true,
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
IdentityApi = "microsoft-identity-platform-v2.0",
ClientId = "123456",
ClientSecret = "123456",
StrategyVersion = 2,
TenantDomain = "example.onmicrosoft.com",
Domain = "example.onmicrosoft.com",
DomainAliases = new[]
{
"example.com",
"api.example.com",
},
UseWsfed = false,
WaadProtocol = "openid-connect",
WaadCommonEndpoint = false,
UserIdAttribute = "oid",
ApiEnableUsers = true,
Scopes = new[]
{
"basic_profile",
"ext_groups",
"ext_profile",
},
SetUserRootAttributes = "on_each_login",
ShouldTrustEmailVerifiedConnection = "never_set_emails_as_verified",
UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["screen_name"] = new Dictionary<string, object?>
{
["alias"] = "login_hint",
},
}),
},
});
var myScimConfig = new Auth0.ConnectionScimConfiguration("my_scim_config", new()
{
ConnectionId = azureAd.Id,
});
var myScimToken = new Auth0.ConnectionScimToken("my_scim_token", new()
{
ConnectionId = azureAd.Id,
Scopes = new[]
{
"post:users",
"get:users",
},
}, new CustomResourceOptions
{
DependsOn =
{
myScimConfig,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.ConnectionScimConfiguration;
import com.pulumi.auth0.ConnectionScimConfigurationArgs;
import com.pulumi.auth0.ConnectionScimToken;
import com.pulumi.auth0.ConnectionScimTokenArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azureAd = new Connection("azureAd", ConnectionArgs.builder()
.name("Acceptance-Test-Azure-AD")
.strategy("waad")
.showAsButton(true)
.options(ConnectionOptionsArgs.builder()
.identityApi("microsoft-identity-platform-v2.0")
.clientId("123456")
.clientSecret("123456")
.strategyVersion(2)
.tenantDomain("example.onmicrosoft.com")
.domain("example.onmicrosoft.com")
.domainAliases(
"example.com",
"api.example.com")
.useWsfed(false)
.waadProtocol("openid-connect")
.waadCommonEndpoint(false)
.userIdAttribute("oid")
.apiEnableUsers(true)
.scopes(
"basic_profile",
"ext_groups",
"ext_profile")
.setUserRootAttributes("on_each_login")
.shouldTrustEmailVerifiedConnection("never_set_emails_as_verified")
.upstreamParams(serializeJson(
jsonObject(
jsonProperty("screen_name", jsonObject(
jsonProperty("alias", "login_hint")
))
)))
.build())
.build());
var myScimConfig = new ConnectionScimConfiguration("myScimConfig", ConnectionScimConfigurationArgs.builder()
.connectionId(azureAd.id())
.build());
var myScimToken = new ConnectionScimToken("myScimToken", ConnectionScimTokenArgs.builder()
.connectionId(azureAd.id())
.scopes(
"post:users",
"get:users")
.build(), CustomResourceOptions.builder()
.dependsOn(myScimConfig)
.build());
}
}
resources:
azureAd:
type: auth0:Connection
name: azure_ad
properties:
name: Acceptance-Test-Azure-AD
strategy: waad
showAsButton: true
options:
identityApi: microsoft-identity-platform-v2.0
clientId: '123456'
clientSecret: '123456'
strategyVersion: 2
tenantDomain: example.onmicrosoft.com
domain: example.onmicrosoft.com
domainAliases:
- example.com
- api.example.com
useWsfed: false
waadProtocol: openid-connect
waadCommonEndpoint: false
userIdAttribute: oid
apiEnableUsers: true
scopes:
- basic_profile
- ext_groups
- ext_profile
setUserRootAttributes: on_each_login
shouldTrustEmailVerifiedConnection: never_set_emails_as_verified
upstreamParams:
fn::toJSON:
screen_name:
alias: login_hint
myScimConfig:
type: auth0:ConnectionScimConfiguration
name: my_scim_config
properties:
connectionId: ${azureAd.id}
myScimToken:
type: auth0:ConnectionScimToken
name: my_scim_token
properties:
connectionId: ${azureAd.id}
scopes:
- post:users
- get:users
options:
dependsOn:
- ${myScimConfig}
Create ConnectionScimToken Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ConnectionScimToken(name: string, args: ConnectionScimTokenArgs, opts?: CustomResourceOptions);@overload
def ConnectionScimToken(resource_name: str,
args: ConnectionScimTokenArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ConnectionScimToken(resource_name: str,
opts: Optional[ResourceOptions] = None,
connection_id: Optional[str] = None,
scopes: Optional[Sequence[str]] = None)func NewConnectionScimToken(ctx *Context, name string, args ConnectionScimTokenArgs, opts ...ResourceOption) (*ConnectionScimToken, error)public ConnectionScimToken(string name, ConnectionScimTokenArgs args, CustomResourceOptions? opts = null)
public ConnectionScimToken(String name, ConnectionScimTokenArgs args)
public ConnectionScimToken(String name, ConnectionScimTokenArgs args, CustomResourceOptions options)
type: auth0:ConnectionScimToken
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ConnectionScimTokenArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ConnectionScimTokenArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ConnectionScimTokenArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ConnectionScimTokenArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ConnectionScimTokenArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var connectionScimTokenResource = new Auth0.ConnectionScimToken("connectionScimTokenResource", new()
{
ConnectionId = "string",
Scopes = new[]
{
"string",
},
});
example, err := auth0.NewConnectionScimToken(ctx, "connectionScimTokenResource", &auth0.ConnectionScimTokenArgs{
ConnectionId: pulumi.String("string"),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
})
var connectionScimTokenResource = new ConnectionScimToken("connectionScimTokenResource", ConnectionScimTokenArgs.builder()
.connectionId("string")
.scopes("string")
.build());
connection_scim_token_resource = auth0.ConnectionScimToken("connectionScimTokenResource",
connection_id="string",
scopes=["string"])
const connectionScimTokenResource = new auth0.ConnectionScimToken("connectionScimTokenResource", {
connectionId: "string",
scopes: ["string"],
});
type: auth0:ConnectionScimToken
properties:
connectionId: string
scopes:
- string
ConnectionScimToken Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ConnectionScimToken resource accepts the following input properties:
- Connection
Id string - ID of the connection for this SCIM token.
- Scopes List<string>
- The scopes associated with the SCIM token.
- Connection
Id string - ID of the connection for this SCIM token.
- Scopes []string
- The scopes associated with the SCIM token.
- connection
Id String - ID of the connection for this SCIM token.
- scopes List<String>
- The scopes associated with the SCIM token.
- connection
Id string - ID of the connection for this SCIM token.
- scopes string[]
- The scopes associated with the SCIM token.
- connection_
id str - ID of the connection for this SCIM token.
- scopes Sequence[str]
- The scopes associated with the SCIM token.
- connection
Id String - ID of the connection for this SCIM token.
- scopes List<String>
- The scopes associated with the SCIM token.
Outputs
All input properties are implicitly available as output properties. Additionally, the ConnectionScimToken resource produces the following output properties:
- created_
at str - The date and time when the token was created (ISO8601 format).
- id str
- The provider-assigned unique ID for this managed resource.
- token str
- The SCIM bearer token value.
- token_
id str - The ID of the SCIM token.
Look up Existing ConnectionScimToken Resource
Get an existing ConnectionScimToken resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ConnectionScimTokenState, opts?: CustomResourceOptions): ConnectionScimToken@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
connection_id: Optional[str] = None,
created_at: Optional[str] = None,
scopes: Optional[Sequence[str]] = None,
token: Optional[str] = None,
token_id: Optional[str] = None) -> ConnectionScimTokenfunc GetConnectionScimToken(ctx *Context, name string, id IDInput, state *ConnectionScimTokenState, opts ...ResourceOption) (*ConnectionScimToken, error)public static ConnectionScimToken Get(string name, Input<string> id, ConnectionScimTokenState? state, CustomResourceOptions? opts = null)public static ConnectionScimToken get(String name, Output<String> id, ConnectionScimTokenState state, CustomResourceOptions options)resources: _: type: auth0:ConnectionScimToken get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Connection
Id string - ID of the connection for this SCIM token.
- Created
At string - The date and time when the token was created (ISO8601 format).
- Scopes List<string>
- The scopes associated with the SCIM token.
- Token string
- The SCIM bearer token value.
- Token
Id string - The ID of the SCIM token.
- Connection
Id string - ID of the connection for this SCIM token.
- Created
At string - The date and time when the token was created (ISO8601 format).
- Scopes []string
- The scopes associated with the SCIM token.
- Token string
- The SCIM bearer token value.
- Token
Id string - The ID of the SCIM token.
- connection
Id String - ID of the connection for this SCIM token.
- created
At String - The date and time when the token was created (ISO8601 format).
- scopes List<String>
- The scopes associated with the SCIM token.
- token String
- The SCIM bearer token value.
- token
Id String - The ID of the SCIM token.
- connection
Id string - ID of the connection for this SCIM token.
- created
At string - The date and time when the token was created (ISO8601 format).
- scopes string[]
- The scopes associated with the SCIM token.
- token string
- The SCIM bearer token value.
- token
Id string - The ID of the SCIM token.
- connection_
id str - ID of the connection for this SCIM token.
- created_
at str - The date and time when the token was created (ISO8601 format).
- scopes Sequence[str]
- The scopes associated with the SCIM token.
- token str
- The SCIM bearer token value.
- token_
id str - The ID of the SCIM token.
- connection
Id String - ID of the connection for this SCIM token.
- created
At String - The date and time when the token was created (ISO8601 format).
- scopes List<String>
- The scopes associated with the SCIM token.
- token String
- The SCIM bearer token value.
- token
Id String - The ID of the SCIM token.
Package Details
- Repository
- Auth0 pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
auth0Terraform Provider.
