pulumi-keycloak-kotlin/com.pulumi.keycloak.openid.kotlin/ClientScopeArgs

ClientScopeArgs

data class ClientScopeArgs(val consentScreenText: Output<String>? = null, val description: Output<String>? = null, val guiOrder: Output<Int>? = null, val includeInTokenScope: Output<Boolean>? = null, val name: Output<String>? = null, val realmId: Output<String>? = null) : ConvertibleToJava<ClientScopeArgs>

Allows for creating and managing Keycloak client scopes that can be attached to clients that use the OpenID Connect protocol. Client Scopes can be used to share common protocol and role mappings between multiple clients within a realm. They can also be used by clients to conditionally request claims or roles for a user based on the OAuth 2.0 scope parameter.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
    realm: "my-realm",
    enabled: true,
});
const openidClientScope = new keycloak.openid.ClientScope("openid_client_scope", {
    realmId: realm.id,
    name: "groups",
    description: "When requested, this scope will map a user's group memberships to a claim",
    includeInTokenScope: true,
    guiOrder: 1,
});

import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
    realm="my-realm",
    enabled=True)
openid_client_scope = keycloak.openid.ClientScope("openid_client_scope",
    realm_id=realm.id,
    name="groups",
    description="When requested, this scope will map a user's group memberships to a claim",
    include_in_token_scope=True,
    gui_order=1)

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
    var realm = new Keycloak.Realm("realm", new()
    {
        RealmName = "my-realm",
        Enabled = true,
    });
    var openidClientScope = new Keycloak.OpenId.ClientScope("openid_client_scope", new()
    {
        RealmId = realm.Id,
        Name = "groups",
        Description = "When requested, this scope will map a user's group memberships to a claim",
        IncludeInTokenScope = true,
        GuiOrder = 1,
    });
});

package main
import (
	"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
	"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = openid.NewClientScope(ctx, "openid_client_scope", &openid.ClientScopeArgs{
			RealmId:             realm.ID(),
			Name:                pulumi.String("groups"),
			Description:         pulumi.String("When requested, this scope will map a user's group memberships to a claim"),
			IncludeInTokenScope: pulumi.Bool(true),
			GuiOrder:            pulumi.Int(1),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.openid.ClientScope;
import com.pulumi.keycloak.openid.ClientScopeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var realm = new Realm("realm", RealmArgs.builder()
            .realm("my-realm")
            .enabled(true)
            .build());
        var openidClientScope = new ClientScope("openidClientScope", ClientScopeArgs.builder()
            .realmId(realm.id())
            .name("groups")
            .description("When requested, this scope will map a user's group memberships to a claim")
            .includeInTokenScope(true)
            .guiOrder(1)
            .build());
    }
}

resources:
  realm:
    type: keycloak:Realm
    properties:
      realm: my-realm
      enabled: true
  openidClientScope:
    type: keycloak:openid:ClientScope
    name: openid_client_scope
    properties:
      realmId: ${realm.id}
      name: groups
      description: When requested, this scope will map a user's group memberships to a claim
      includeInTokenScope: true
      guiOrder: 1

Import

Client scopes can be imported using the format {{realm_id}}/{{client_scope_id}}, where client_scope_id is the unique ID that Keycloak assigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID. Example: bash

$ pulumi import keycloak:openid/clientScope:ClientScope openid_client_scope my-realm/8e8f7fe1-df9b-40ed-bed3-4597aa0dac52

Constructors

ClientScopeArgs

constructor(consentScreenText: Output<String>? = null, description: Output<String>? = null, guiOrder: Output<Int>? = null, includeInTokenScope: Output<Boolean>? = null, name: Output<String>? = null, realmId: Output<String>? = null)

Properties

consentScreenText

val consentScreenText: Output<String>? = null

When set, a consent screen will be displayed to users authenticating to clients with this scope attached. The consent screen will display the string value of this attribute.

description

val description: Output<String>? = null

The description of this client scope in the GUI.

guiOrder

val guiOrder: Output<Int>? = null

Specify order of the client scope in GUI (such as in Consent page) as integer.

includeInTokenScope

val includeInTokenScope: Output<Boolean>? = null

When true, the name of this client scope will be added to the access token property 'scope' as well as to the Token Introspection Endpoint response.

name

val name: Output<String>? = null

The display name of this client scope in the GUI.

realmId

val realmId: Output<String>? = null

The realm this client scope belongs to.

Functions

toJava

open override fun toJava(): ClientScopeArgs