pulumi-gcp-kotlin/com.pulumi.gcp.iam.kotlin.outputs/WorkforcePoolProviderOidc

WorkforcePoolProviderOidc

data class WorkforcePoolProviderOidc(val clientId: String, val clientSecret: WorkforcePoolProviderOidcClientSecret? = null, val issuerUri: String, val jwksJson: String? = null, val webSsoConfig: WorkforcePoolProviderOidcWebSsoConfig? = null)

Constructors

Link copied to clipboard
constructor(clientId: String, clientSecret: WorkforcePoolProviderOidcClientSecret? = null, issuerUri: String, jwksJson: String? = null, webSsoConfig: WorkforcePoolProviderOidcWebSsoConfig? = null)

Types

Link copied to clipboard
object Companion

Properties

Link copied to clipboard
val clientId: String

The client ID. Must match the audience claim of the JWT issued by the identity provider.

Link copied to clipboard
val clientSecret: WorkforcePoolProviderOidcClientSecret? = null

The optional client secret. Required to enable Authorization Code flow for web sign-in. Structure is documented below.

Link copied to clipboard
val issuerUri: String

The OIDC issuer URI. Must be a valid URI using the 'https' scheme.

Link copied to clipboard
val jwksJson: String? = null

OIDC JWKs in JSON String format. For details on definition of a JWK, see https:tools.ietf.org/html/rfc7517. If not set, then we use the jwks_uri from the discovery document fetched from the .well-known path for the issuer_uri. Currently, RSA and EC asymmetric keys are supported. The JWK must use following format and include only the following fields:

Link copied to clipboard
val webSsoConfig: WorkforcePoolProviderOidcWebSsoConfig? = null

Configuration for web single sign-on for the OIDC provider. Here, web sign-in refers to console sign-in and gcloud sign-in through the browser. Structure is documented below.