pulumi-keycloak-kotlin/com.pulumi.keycloak.openid.kotlin/ClientPermissionsArgs

ClientPermissionsArgs

data class ClientPermissionsArgs(val clientId: Output<String>? = null, val configureScope: Output<ClientPermissionsConfigureScopeArgs>? = null, val manageScope: Output<ClientPermissionsManageScopeArgs>? = null, val mapRolesClientScopeScope: Output<ClientPermissionsMapRolesClientScopeScopeArgs>? = null, val mapRolesCompositeScope: Output<ClientPermissionsMapRolesCompositeScopeArgs>? = null, val mapRolesScope: Output<ClientPermissionsMapRolesScopeArgs>? = null, val realmId: Output<String>? = null, val tokenExchangeScope: Output<ClientPermissionsTokenExchangeScopeArgs>? = null, val viewScope: Output<ClientPermissionsViewScopeArgs>? = null) : ConvertibleToJava<ClientPermissionsArgs>

Allows you to manage all openid client Scope Based Permissions. This is part of a preview keycloak feature. You need to enable this feature to be able to use this resource. More information about enabling the preview feature can be found here: https://www.keycloak.org/docs/latest/securing_apps/index.html#_token-exchange When enabling Openid Client Permissions, Keycloak does several things automatically:

Enable Authorization on build-in realm-management client
Create scopes "view", "manage", "configure", "map-roles", "map-roles-client-scope", "map-roles-composite", " token-exchange"
Create a resource representing the openid client
Create all scope based permission for the scopes and openid client resource If the realm-management Authorization is not enable, you have to ceate a dependency (depends_on) with the policy and the openid client.