pulumi-gcp-kotlin/com.pulumi.gcp.iam.kotlin.inputs/WorkforcePoolProviderOidcArgs

WorkforcePoolProviderOidcArgs

data class WorkforcePoolProviderOidcArgs(val clientId: Output<String>, val clientSecret: Output<WorkforcePoolProviderOidcClientSecretArgs>? = null, val issuerUri: Output<String>, val jwksJson: Output<String>? = null, val webSsoConfig: Output<WorkforcePoolProviderOidcWebSsoConfigArgs>? = null) : ConvertibleToJava<WorkforcePoolProviderOidcArgs>

Constructors

constructor(clientId: Output<String>, clientSecret: Output<WorkforcePoolProviderOidcClientSecretArgs>? = null, issuerUri: Output<String>, jwksJson: Output<String>? = null, webSsoConfig: Output<WorkforcePoolProviderOidcWebSsoConfigArgs>? = null)

Properties

clientId

val clientId: Output<String>

The client ID. Must match the audience claim of the JWT issued by the identity provider.

clientSecret

val clientSecret: Output<WorkforcePoolProviderOidcClientSecretArgs>? = null

The optional client secret. Required to enable Authorization Code flow for web sign-in. Structure is documented below.

issuerUri

val issuerUri: Output<String>

The OIDC issuer URI. Must be a valid URI using the 'https' scheme.

jwksJson

val jwksJson: Output<String>? = null

OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the jwks_uri from the discovery document fetched from the .well-known path for the issuer_uri. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields:

webSsoConfig

val webSsoConfig: Output<WorkforcePoolProviderOidcWebSsoConfigArgs>? = null

Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser. Structure is documented below.

Functions

toJava

open override fun toJava(): WorkforcePoolProviderOidcArgs