{ "name": "fusionauth", "displayName": "FusionAuth", "version": "6.0.2", "description": "A Pulumi package for managing FusionAuth instances.", "keywords": [ "pulumi", "fusionauth", "category/infrastructure" ], "homepage": "https://github.com/theogravity/pulumi-fusionauth", "license": "MIT", "attribution": "This Pulumi package is based on the [`fusionauth` Terraform Provider](https://github.com/FusionAuth/terraform-provider-fusionauth).", "repository": "https://github.com/theogravity/pulumi-fusionauth", "logoUrl": "https://avatars.githubusercontent.com/u/41974756?s=200&v=4", "pluginDownloadURL": "https://github.com/theogravity/pulumi-fusionauth/releases/download/v${VERSION}", "publisher": "Theo Gravity", "meta": { "moduleFormat": "(.*)(?:/[^/]*)" }, "language": { "csharp": { "packageReferences": { "Pulumi": "3.*" }, "compatibility": "tfbridge20", "rootNamespace": "theogravity" }, "go": { "importBasePath": "github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth", "generateResourceContainerTypes": true, "generateExtraInputTypes": true }, "nodejs": { "packageName": "pulumi-fusionauth", "packageDescription": "A Pulumi package for managing FusionAuth instances.", "readme": "> This provider is a derived work of the [Terraform Provider](https://github.com/FusionAuth/terraform-provider-fusionauth)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> first check the [`pulumi-fusionauth` repo](https://github.com/theogravity/pulumi-fusionauth/issues); however, if that doesn't turn up anything,\n> please consult the source [`terraform-provider-fusionauth` repo](https://github.com/FusionAuth/terraform-provider-fusionauth/issues).", "dependencies": { "@pulumi/pulumi": "^3.0.0" }, "devDependencies": { "@types/mime": "^2.0.0", "@types/node": "^10.0.0" }, "compatibility": "tfbridge20", "disableUnionOutputTypes": true }, "python": { "packageName": "theogravity_pulumi_fusionauth", "requires": { "pulumi": ">=3.0.0,<4.0.0" }, "readme": "> This provider is a derived work of the [Terraform Provider](https://github.com/FusionAuth/terraform-provider-fusionauth)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> first check the [`pulumi-fusionauth` repo](https://github.com/theogravity/pulumi-fusionauth/issues); however, if that doesn't turn up anything,\n> please consult the source [`terraform-provider-fusionauth` repo](https://github.com/FusionAuth/terraform-provider-fusionauth/issues).", "compatibility": "tfbridge20", "pyproject": {} } }, "config": { "variables": { "apiKey": { "type": "string", "defaultInfo": { "environment": [ "FUSION_AUTH_API_KEY" ] } }, "host": { "type": "string", "defaultInfo": { "environment": [ "FUSION_AUTH_HOST_URL" ] } } }, "defaults": [ "apiKey", "host" ] }, "types": { "fusionauth:index/FusionAuthApiKeyPermissionsEndpoint:FusionAuthApiKeyPermissionsEndpoint": { "properties": { "delete": { "type": "boolean", "description": "HTTP DELETE Verb\n" }, "endpoint": { "type": "string" }, "get": { "type": "boolean", "description": "HTTP GET Verb\n" }, "patch": { "type": "boolean", "description": "HTTP PATCH Verb\n" }, "post": { "type": "boolean", "description": "HTTP POST Verb\n" }, "put": { "type": "boolean", "description": "HTTP PUT Verb\n" } }, "type": "object", "required": [ "endpoint" ] }, "fusionauth:index/FusionAuthApplicationAccessControlConfiguration:FusionAuthApplicationAccessControlConfiguration": { "properties": { "uiIpAccessControlListId": { "type": "string", "description": "The Id of the IP Access Control List limiting access to this application.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationCleanSpeakConfiguration:FusionAuthApplicationCleanSpeakConfiguration": { "properties": { "applicationIds": { "type": "array", "items": { "type": "string" }, "description": "An array of UUIDs that map to the CleanSpeak applications for this Application. It is possible that a single Application in FusionAuth might have multiple Applications in CleanSpeak. For example, a FusionAuth Application for a game might have one CleanSpeak Application for usernames and another Application for chat.\n" }, "usernameModeration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationCleanSpeakConfigurationUsernameModeration:FusionAuthApplicationCleanSpeakConfigurationUsernameModeration" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationCleanSpeakConfigurationUsernameModeration:FusionAuthApplicationCleanSpeakConfigurationUsernameModeration": { "properties": { "applicationId": { "type": "string", "description": "The Id of the CleanSpeak application that usernames are sent to for moderation.\n" }, "enabled": { "type": "boolean", "description": "True if CleanSpeak username moderation is enabled.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationEmailConfiguration:FusionAuthApplicationEmailConfiguration": { "properties": { "emailUpdateTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when their email address is updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.\n" }, "emailVerificationTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users to verify that their email address is valid. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.\n" }, "emailVerifiedTemplateId": { "type": "string", "description": "The Id of the Email Template used to verify user emails. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.\n" }, "forgotPasswordTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when a user is sent a forgot password email. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.\n" }, "loginIdInUseOnCreateTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.\n" }, "loginIdInUseOnUpdateTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when another user attempts to update an existing account to use their login Id. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.\n" }, "loginNewDeviceTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when they log in on a new device. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.\n" }, "loginSuspiciousTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when a suspicious login occurs. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.\n" }, "passwordResetSuccessTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been reset. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.\n" }, "passwordUpdateTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when their password has been updated. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.\n" }, "passwordlessEmailTemplateId": { "type": "string", "description": "The Id of the Passwordless Email Template, sent to users when they start a passwordless login. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.\n" }, "setPasswordEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.\n" }, "twoFactorMethodAddTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when a MFA method has been added to their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.\n" }, "twoFactorMethodRemoveTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when a MFA method has been removed from their account. When configured, this value will take precedence over the same configuration from the Tenant when an application context is known.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationFormConfiguration:FusionAuthApplicationFormConfiguration": { "properties": { "adminRegistrationFormId": { "type": "string", "description": "The unique Id of the form to use for the Add and Edit User Registration form when used in the FusionAuth admin UI.\n" }, "selfServiceFormConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationFormConfigurationSelfServiceFormConfiguration:FusionAuthApplicationFormConfigurationSelfServiceFormConfiguration" }, "selfServiceFormId": { "type": "string", "description": "The unique Id of the form to to enable authenticated users to manage their profile on the account page.\n" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "adminRegistrationFormId" ] } } }, "fusionauth:index/FusionAuthApplicationFormConfigurationSelfServiceFormConfiguration:FusionAuthApplicationFormConfigurationSelfServiceFormConfiguration": { "properties": { "requireCurrentPasswordOnPasswordChange": { "type": "boolean", "description": "When enabled a user will be required to provide their current password when changing their password on a self-service account form.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationJwtConfiguration:FusionAuthApplicationJwtConfiguration": { "properties": { "accessTokenId": { "type": "string", "description": "The Id of the signing key used to sign the access token.\n" }, "enabled": { "type": "boolean", "description": "Indicates if this application is using the JWT configuration defined here or the global JWT configuration defined by the System Configuration. If this is false the signing algorithm configured in the System Configuration will be used. If true the signing algorithm defined in this application will be used.\n" }, "idTokenKeyId": { "type": "string", "description": "The Id of the signing key used to sign the Id token.\n" }, "refreshTokenExpirationPolicy": { "type": "string", "description": "The Refresh Token expiration policy. The possible values are: Fixed - the expiration is calculated from the time the token is issued. SlidingWindow - the expiration is calculated from the last time the token was used. SlidingWindowWithMaximumLifetime - the expiration is calculated from the last time the token was used, or until `refresh_token_sliding_window_maximum_ttl_in_minutes` is reached.\n" }, "refreshTokenSlidingWindowMaximumTtlInMinutes": { "type": "integer", "description": "The maximum lifetime of a refresh token when using a refresh token expiration policy of `SlidingWindowWithMaximumLifetime`. Value must be greater than 0.\n" }, "refreshTokenTtlMinutes": { "type": "integer", "description": "The length of time in minutes the JWT refresh token will live before it is expired and is not able to be exchanged for a JWT.\n" }, "refreshTokenUsagePolicy": { "type": "string", "description": "The refresh token usage policy. The following are valid values: Reusable - the token does not change after it was issued. OneTimeUse - the token value will be changed each time the token is used to refresh a JWT. The client must store the new value after each usage. Defaults to Reusable.\n" }, "ttlSeconds": { "type": "integer", "description": "The length of time in seconds the JWT will live before it is expired and no longer valid.\n" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "accessTokenId", "idTokenKeyId" ] } } }, "fusionauth:index/FusionAuthApplicationLambdaConfiguration:FusionAuthApplicationLambdaConfiguration": { "properties": { "accessTokenPopulateId": { "type": "string", "description": "The Id of the Lambda that will be invoked when an access token is generated for this application. This will be utilized during OAuth2 and OpenID Connect authentication requests as well as when an access token is generated for the Login API.\n" }, "idTokenPopulateId": { "type": "string", "description": "The Id of the Lambda that will be invoked when an Id token is generated for this application during an OpenID Connect authentication request.\n" }, "samlv2PopulateId": { "type": "string", "description": "The Id of the Lambda that will be invoked when a a SAML response is generated during a SAML authentication request.\n" }, "selfServiceRegistrationValidationId": { "type": "string", "description": "The unique Id of the lambda that will be used to perform additional validation on registration form steps.\n" }, "userinfoPopulateId": { "type": "string", "description": "The Id of the Lambda that will be invoked when a UserInfo response is generated for this application.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationLoginConfiguration:FusionAuthApplicationLoginConfiguration": { "properties": { "allowTokenRefresh": { "type": "boolean", "description": "Indicates if a JWT may be refreshed using a Refresh Token for this application. This configuration is separate from issuing new Refresh Tokens which is controlled by the generateRefreshTokens parameter. This configuration indicates specifically if an existing Refresh Token may be used to request a new JWT using the Refresh API.\n" }, "generateRefreshTokens": { "type": "boolean", "description": "Indicates if a Refresh Token should be issued from the Login API\n" }, "requireAuthentication": { "type": "boolean", "description": "Indicates if the Login API should require an API key. If you set this value to false and your FusionAuth API is on a public network, anyone may attempt to use the Login API.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationMultiFactorConfiguration:FusionAuthApplicationMultiFactorConfiguration": { "properties": { "emailTemplateId": { "type": "string", "description": "The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.\n" }, "loginPolicy": { "type": "string", "description": "When enabled and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When disabled, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When required, the user will be required to complete a two-factor challenge during login. Possible values are `Enabled`, `Disabled` or `Required`.\n" }, "smsTemplateId": { "type": "string", "description": "The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.\n" }, "trustPolicy": { "type": "string", "description": "When `multi_factor_configuration.login_policy` is set to `Enabled`, this trust policy is utilized when determining if a user must complete a two-factor challenge during login. Possible values are `Any`, `This` or `None`.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationOauthConfiguration:FusionAuthApplicationOauthConfiguration": { "properties": { "authorizedOriginUrls": { "type": "array", "items": { "type": "string" }, "description": "An array of URLs that are the authorized origins for FusionAuth OAuth.\n" }, "authorizedRedirectUrls": { "type": "array", "items": { "type": "string" }, "description": "An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.\n" }, "authorizedUrlValidationPolicy": { "type": "string", "description": "Determines whether wildcard expressions will be allowed in the authorized_redirect_urls and authorized_origin_urls.\n" }, "clientAuthenticationPolicy": { "type": "string", "description": "Determines the client authentication requirements for the OAuth 2.0 Token endpoint.\n" }, "clientId": { "type": "string", "description": "The OAuth 2.0 client id. If you leave this blank during a POST, a client id will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.\n" }, "clientSecret": { "type": "string", "description": "The OAuth 2.0 client secret. If you leave this blank during a POST, a secure secret will be generated for you. If you leave this blank during PUT, the previous value will be maintained. For both POST and PUT you can provide a value and it will be stored.\n" }, "consentMode": { "type": "string", "description": "Controls the policy for prompting a user to consent to requested OAuth scopes. This configuration only takes effect when `application.oauthConfiguration.relationship` is `ThirdParty`. The possible values are:\n* `AlwaysPrompt` - Always prompt the user for consent.\n* `RememberDecision` - Remember previous consents; only prompt if the choice expires or if the requested or required scopes have changed. The duration of this persisted choice is controlled by the Tenant’s `externalIdentifierConfiguration.rememberOAuthScopeConsentChoiceTimeToLiveInSeconds` value.\n* `NeverPrompt` - The user will be never be prompted to consent to requested OAuth scopes. Permission will be granted implicitly as if this were a `FirstParty` application. This configuration is meant for testing purposes only and should not be used in production.\n" }, "debug": { "type": "boolean", "description": "Whether or not FusionAuth will log a debug Event Log. This is particular useful for debugging the authorization code exchange with the Token endpoint during an Authorization Code grant.\"\n" }, "deviceVerificationUrl": { "type": "string", "description": "The device verification URL to be used with the Device Code grant type, this field is required when device_code is enabled.\n" }, "enabledGrants": { "type": "array", "items": { "type": "string" }, "description": "The enabled grants for this application. In order to utilize a particular grant with the OAuth 2.0 endpoints you must have enabled the grant.\n" }, "generateRefreshTokens": { "type": "boolean", "description": "Determines if the OAuth 2.0 Token endpoint will generate a refresh token when the offline_access scope is requested.\n" }, "logoutBehavior": { "type": "string", "description": "Behavior when /oauth2/logout is called.\n" }, "logoutUrl": { "type": "string", "description": "The logout URL for the Application. FusionAuth will redirect to this URL after the user logs out of OAuth.\n" }, "proofKeyForCodeExchangePolicy": { "type": "string", "description": "Determines the PKCE requirements when using the authorization code grant.\n" }, "providedScopePolicies": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationOauthConfigurationProvidedScopePolicy:FusionAuthApplicationOauthConfigurationProvidedScopePolicy" }, "description": "Configures which of the default scopes are enabled and required.\n" }, "relationship": { "type": "string", "description": "The application’s relationship to the OAuth server. The possible values are:\n* `FirstParty` - The application has the same owner as the authorization server. Consent to requested OAuth scopes is granted implicitly.\n* `ThirdParty` - The application is external to the authorization server. Users will be prompted to consent to requested OAuth scopes based on the application object’s `oauthConfiguration.consentMode` value. Note: An Essentials or Enterprise plan is required to utilize third-party applications.\n" }, "requireClientAuthentication": { "type": "boolean", "description": "Determines if the OAuth 2.0 Token endpoint requires client authentication. If this is enabled, the client must provide client credentials when using the Token endpoint. The client_id and client_secret may be provided using a Basic Authorization HTTP header, or by sending these parameters in the request body using POST data.\n", "deprecationMessage": "In version 1.28.0 and beyond, client authentication can be managed via oauth_configuration.client_authentication_policy." }, "requireRegistration": { "type": "boolean", "description": "When enabled the user will be required to be registered, or complete registration before redirecting to the configured callback in the authorization code grant or the implicit grant. This configuration does not currently apply to any other grant.\n" }, "scopeHandlingPolicy": { "type": "string", "description": "Controls the policy for handling of OAuth scopes when populating JWTs and the UserInfo response. The possible values are:\n* `Compatibility` - OAuth workflows will populate JWT and UserInfo claims in a manner compatible with versions of FusionAuth before version 1.50.0.\n* `Strict` - OAuth workflows will populate token and UserInfo claims according to the OpenID Connect 1.0 specification based on requested and consented scopes.\n" }, "unknownScopePolicy": { "type": "string", "description": "Controls the policy for handling unknown scopes on an OAuth request. The possible values are:\n* `Allow` - Unknown scopes will be allowed on the request, passed through the OAuth workflow, and written to the resulting tokens without consent.\n* `Remove` - Unknown scopes will be removed from the OAuth workflow, but the workflow will proceed without them.\n* `Reject` - Unknown scopes will be rejected and cause the OAuth workflow to fail with an error.\n" } }, "type": "object", "required": [ "scopeHandlingPolicy", "unknownScopePolicy" ], "language": { "nodejs": { "requiredOutputs": [ "clientId", "clientSecret", "providedScopePolicies", "scopeHandlingPolicy", "unknownScopePolicy" ] } } }, "fusionauth:index/FusionAuthApplicationOauthConfigurationProvidedScopePolicy:FusionAuthApplicationOauthConfigurationProvidedScopePolicy": { "properties": { "address": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationOauthConfigurationProvidedScopePolicyAddress:FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddress" }, "email": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationOauthConfigurationProvidedScopePolicyEmail:FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmail" }, "phone": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationOauthConfigurationProvidedScopePolicyPhone:FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhone" }, "profile": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationOauthConfigurationProvidedScopePolicyProfile:FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfile" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddress:FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddress": { "properties": { "enabled": { "type": "boolean" }, "required": { "type": "boolean" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmail:FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmail": { "properties": { "enabled": { "type": "boolean" }, "required": { "type": "boolean" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhone:FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhone": { "properties": { "enabled": { "type": "boolean" }, "required": { "type": "boolean" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfile:FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfile": { "properties": { "enabled": { "type": "boolean" }, "required": { "type": "boolean" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationRegistrationConfiguration:FusionAuthApplicationRegistrationConfiguration": { "properties": { "birthDate": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationRegistrationConfigurationBirthDate:FusionAuthApplicationRegistrationConfigurationBirthDate" }, "confirmPassword": { "type": "boolean", "description": "Determines if the password should be confirmed during self service registration, this means that the user will be required to type the password twice.\n" }, "enabled": { "type": "boolean", "description": "Determines if self service registration is enabled for this application. When this value is false, you may still use the Registration API, this only affects if the self service option is available during the OAuth 2.0 login.\n" }, "firstName": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationRegistrationConfigurationFirstName:FusionAuthApplicationRegistrationConfigurationFirstName" }, "formId": { "type": "string", "description": "The Id of an associated Form when using advanced registration configuration type. This field is required when application.registrationConfiguration.type is set to advanced.\n" }, "fullName": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationRegistrationConfigurationFullName:FusionAuthApplicationRegistrationConfigurationFullName" }, "lastName": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationRegistrationConfigurationLastName:FusionAuthApplicationRegistrationConfigurationLastName" }, "loginIdType": { "type": "string", "description": "The unique login Id that will be collected during registration, this value can be email or username. Leaving the default value of email is preferred because an email address is globally unique.\n" }, "middleName": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationRegistrationConfigurationMiddleName:FusionAuthApplicationRegistrationConfigurationMiddleName" }, "mobilePhone": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationRegistrationConfigurationMobilePhone:FusionAuthApplicationRegistrationConfigurationMobilePhone" }, "preferredLanguages": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationRegistrationConfigurationPreferredLanguages:FusionAuthApplicationRegistrationConfigurationPreferredLanguages" }, "type": { "type": "string", "description": "The type of registration flow.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationRegistrationConfigurationBirthDate:FusionAuthApplicationRegistrationConfigurationBirthDate": { "properties": { "enabled": { "type": "boolean" }, "required": { "type": "boolean" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationRegistrationConfigurationFirstName:FusionAuthApplicationRegistrationConfigurationFirstName": { "properties": { "enabled": { "type": "boolean" }, "required": { "type": "boolean" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationRegistrationConfigurationFullName:FusionAuthApplicationRegistrationConfigurationFullName": { "properties": { "enabled": { "type": "boolean" }, "required": { "type": "boolean" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationRegistrationConfigurationLastName:FusionAuthApplicationRegistrationConfigurationLastName": { "properties": { "enabled": { "type": "boolean" }, "required": { "type": "boolean" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationRegistrationConfigurationMiddleName:FusionAuthApplicationRegistrationConfigurationMiddleName": { "properties": { "enabled": { "type": "boolean" }, "required": { "type": "boolean" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationRegistrationConfigurationMobilePhone:FusionAuthApplicationRegistrationConfigurationMobilePhone": { "properties": { "enabled": { "type": "boolean" }, "required": { "type": "boolean" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationRegistrationConfigurationPreferredLanguages:FusionAuthApplicationRegistrationConfigurationPreferredLanguages": { "properties": { "enabled": { "type": "boolean" }, "required": { "type": "boolean" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationRegistrationDeletePolicy:FusionAuthApplicationRegistrationDeletePolicy": { "properties": { "unverifiedEnabled": { "type": "boolean", "description": "Indicates that users without a verified registration for this application will have their registration permanently deleted after application.registrationDeletePolicy.unverified.numberOfDaysToRetain days.\n" }, "unverifiedNumberOfDaysToRetain": { "type": "integer", "description": "The number of days from registration a user’s registration will be retained before being deleted for not completing registration verification. This field is required when application.registrationDeletePolicy.enabled is set to true. Value must be greater than 0.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationSamlv2Configuration:FusionAuthApplicationSamlv2Configuration": { "properties": { "assertionEncryptionConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfiguration:FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfiguration" }, "audience": { "type": "string", "description": "The audience for the SAML response sent to back to the service provider from FusionAuth. Some service providers require different audience values than the issuer and this configuration option lets you change the audience in the response.\n" }, "authorizedRedirectUrls": { "type": "array", "items": { "type": "string" }, "description": "An array of URLs that are the authorized redirect URLs for FusionAuth OAuth.\n" }, "callbackUrl": { "type": "string", "description": "The URL of the callback (sometimes called the Assertion Consumer Service or ACS). This is where FusionAuth sends the browser after the user logs in via SAML.\n", "deprecationMessage": "In version 1.20.0 and beyond, Callback URLs can be managed via authorized_redirect_urls." }, "debug": { "type": "boolean", "description": "Whether or not FusionAuth will log SAML debug messages to the event log. This is useful for debugging purposes.\n" }, "defaultVerificationKeyId": { "type": "string", "description": "Default verification key to use for HTTP Redirect Bindings, and for POST Bindings when no key is found in request.\n" }, "enabled": { "type": "boolean", "description": "Whether or not the SAML IdP for this Application is enabled or not.\n" }, "initiatedLogin": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationSamlv2ConfigurationInitiatedLogin:FusionAuthApplicationSamlv2ConfigurationInitiatedLogin" }, "issuer": { "type": "string", "description": "The issuer that identifies the service provider and allows FusionAuth to load the correct Application and SAML configuration. If you don’t know the issuer, you can often times put in anything here and FusionAuth will display an error message with the issuer from the service provider when you test the SAML login.\n" }, "keyId": { "type": "string", "description": "The id of the Key used to sign the SAML response. If you do not specify this property, FusionAuth will create a new key and associate it with this Application.\n" }, "loginHintConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationSamlv2ConfigurationLoginHintConfiguration:FusionAuthApplicationSamlv2ConfigurationLoginHintConfiguration" }, "logout": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationSamlv2ConfigurationLogout:FusionAuthApplicationSamlv2ConfigurationLogout" }, "logoutUrl": { "type": "string", "description": "The URL that the browser is taken to after the user logs out of the SAML service provider. Often service providers need this URL in order to correctly hook up single-logout. Note that FusionAuth does not support the SAML single-logout profile because most service providers to not support it properly.\n" }, "requiredSignedRequests": { "type": "boolean", "description": "If set to true, will force verification through the key store.\n" }, "xmlSignatureCanonicalizationMethod": { "type": "string", "description": "The XML signature canonicalization method used when digesting and signing the SAML response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.\n" }, "xmlSignatureLocation": { "type": "string", "description": "The location to place the XML signature when signing a successful SAML response.\n" } }, "type": "object", "required": [ "authorizedRedirectUrls", "issuer" ], "language": { "nodejs": { "requiredOutputs": [ "authorizedRedirectUrls", "callbackUrl", "issuer", "keyId", "logout" ] } } }, "fusionauth:index/FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfiguration:FusionAuthApplicationSamlv2ConfigurationAssertionEncryptionConfiguration": { "properties": { "digestAlgorithm": { "type": "string", "description": "The message digest algorithm to use when encrypting the symmetric key for transport. The possible values are: SHA1 - SHA-1 hashing algorithm, SHA256 - SHA-256 hashing algorithm, SHA384 - SHA-384 hashing algorithm or SHA512 - SHA-512 hashing algorithm. Using SHA256 or higher is recommended.\n" }, "enabled": { "type": "boolean", "description": "Determines if SAML assertion encryption is enabled for this Application.\n" }, "encryptionAlgorithm": { "type": "string", "description": "The symmetric key encryption algorithm that will be used to encrypt SAML assertions. A new symmetric key will be generated every time an assertion is encrypted. AES ciphers can operate in Cipher Block Chaining (CBC) or Galois/Counter Mode (GCM). The possible values are: AES128, AES192, AES256, AES128GCM, AES192GCM, AES256GCM or TripleDES.\n" }, "keyLocation": { "type": "string", "description": "The location that the encrypted symmetric key information will be placed in the SAML response in relation to the EncryptedData element containing the encrypted assertion value. The possible values are: Child (The EncryptedKey element will be wrapped in a KeyInfo element and added inside the EncryptedData) or Sibling (The EncryptedKey element will be added to the document as a sibling of EncryptedData).\n" }, "keyTransportAlgorithm": { "type": "string", "description": "The encryption algorithm used to encrypt the symmetric key for transport in the SAML response. The possible values are: RSAv15, RSA_OAEP or RSA_OAEP_MGF1P.\n" }, "keyTransportEncryptionKeyId": { "type": "string", "description": "The unique Id of the Key used to encrypt the symmetric key for transport in the SAML response. The selected Key must contain an RSA certificate. This parameter is required when application.samlv2Configuration.assertionEncryptionConfiguration.enabled is set to true.\n" }, "maskGenerationFunction": { "type": "string", "description": "The mask generation function and hash function to use for the Optimal Asymmetric Encryption Padding when encrypting a symmetric key for transport. The possible values are: MGF1_SHA1, MGF1_SHA224, MGF1_SHA256, MGF1_SHA384 or MGF1_SHA512. This value is only used when the `application.samlv2Configuration.assertionEncryptionConfiguration.keyTransportAlgorithm` is set to RSA_OAEP. RSAv15 does not require a message digest function, and RSA_OAEP_MGF1P will always use MGF1_SHA1 regardless of this value.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationSamlv2ConfigurationInitiatedLogin:FusionAuthApplicationSamlv2ConfigurationInitiatedLogin": { "properties": { "enabled": { "type": "boolean", "description": "Determines if SAML v2 IdP initiated login is enabled for this application. See application.samlv2Configuration.authorizedRedirectURLs for information on which destination URLs are allowed.\n" }, "nameIdFormat": { "type": "string", "description": "The value sent in the AuthN response to the SAML v2 Service Provider in the NameID assertion.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationSamlv2ConfigurationLoginHintConfiguration:FusionAuthApplicationSamlv2ConfigurationLoginHintConfiguration": { "properties": { "enabled": { "type": "boolean", "description": "When enabled, FusionAuth will accept a username or email address as a login hint on a custom HTTP request parameter.\n" }, "parameterName": { "type": "string", "description": "The name of the parameter that will be used to pass the login hint to the SAML v2 IdP.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationSamlv2ConfigurationLogout:FusionAuthApplicationSamlv2ConfigurationLogout": { "properties": { "behavior": { "type": "string", "description": "This configuration is functionally equivalent to the Logout Behavior found in the OAuth2 configuration.\n" }, "defaultVerificationKeyId": { "type": "string", "description": "The unique Id of the Key used to verify the signature if the public key cannot be determined by the KeyInfo element when using POST bindings, or the key used to verify the signature when using HTTP Redirect bindings.\n" }, "keyId": { "type": "string", "description": "The unique Id of the Key used to sign the SAML Logout response.\n" }, "requireSignedRequests": { "type": "boolean", "description": "Set this parameter equal to true to require the SAML v2 Service Provider to sign the Logout request. When this value is true all Logout requests missing a signature will be rejected.\n" }, "singleLogout": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout:FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout" }, "xmlSignatureCanonicalizationMethod": { "type": "string", "description": "The XML signature canonicalization method used when digesting and signing the SAML Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout:FusionAuthApplicationSamlv2ConfigurationLogoutSingleLogout": { "properties": { "enabled": { "type": "boolean", "description": "Whether or not SAML Single Logout for this SAML IdP is enabled.\n" }, "keyId": { "type": "string", "description": "The unique Id of the Key used to sign the SAML Single Logout response.\n" }, "url": { "type": "string", "description": "The URL at which you want to receive the LogoutRequest from FusionAuth.\n" }, "xmlSignatureCanonicalizationMethod": { "type": "string", "description": "The XML signature canonicalization method used when digesting and signing the SAML Single Logout response. Unfortunately, many service providers do not correctly implement the XML signature specifications and force a specific canonicalization method. This setting allows you to change the canonicalization method to match the service provider. Often, service providers don’t even document their required method. You might need to contact enterprise support at the service provider to figure out what method they use.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthApplicationWebauthnConfiguration:FusionAuthApplicationWebauthnConfiguration": { "properties": { "bootstrapWorkflowEnabled": { "type": "boolean", "description": "Indicates if this application enables WebAuthn workflows based on the configuration defined here or the Tenant WebAuthn configuration. If this is false, WebAuthn workflows will be enabled based on the Tenant configuration. If true, WebAuthn workflows will be enabled according to the configuration of this application.\n" }, "enabled": { "type": "boolean", "description": "Whether the WebAuthn bootstrap workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.\n" }, "reauthenticationWorkflowEnabled": { "type": "boolean", "description": "Whether the WebAuthn reauthentication workflow is enabled for this application. This overrides the tenant configuration. Has no effect if application.webAuthnConfiguration.enabled is false.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthEntityTypeJwtConfiguration:FusionAuthEntityTypeJwtConfiguration": { "properties": { "accessTokenKeyId": { "type": "string", "description": "The unique ID of the signing key used to sign the access token. Required when\nenabled is set to true.\n" }, "enabled": { "type": "boolean", "description": "Indicates if this application is using the JWT configuration defined here or the global JWT\nconfiguration defined by the Tenant. If this is false the signing algorithm configured in the Tenant will be used.\nIf true the signing algorithm defined in this application will be used.\n" }, "timeToLiveInSeconds": { "type": "integer", "description": "The length of time in seconds the JWT will live before it is expired and no longer valid. Required when enabled is set to true.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthFormFieldValidator:FusionAuthFormFieldValidator": { "properties": { "enabled": { "type": "boolean", "description": "Determines if user input should be validated.\n" }, "expression": { "type": "string", "description": "A regular expression used to validate user input. Must be a valid regular expression pattern.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthFormStep:FusionAuthFormStep": { "properties": { "fields": { "type": "array", "items": { "type": "string" }, "description": "An ordered list of Form Field Ids assigned to this step.\n" } }, "type": "object", "required": [ "fields" ] }, "fusionauth:index/FusionAuthIdpAppleApplicationConfiguration:FusionAuthIdpAppleApplicationConfiguration": { "properties": { "applicationId": { "type": "string", "description": "ID of the Application to apply this configuration to.\n" }, "bundleId": { "type": "string", "description": "The Apple Bundle identifier found in your Apple Developer Account which has been configured for Sign in with Apple. The Bundle identifier is used to Sign in with Apple from native applications. The request must include `bundle_id` or `services_id` . If `services_id` is omitted, this field is required.\n" }, "buttonText": { "type": "string", "description": "This is an optional Application specific override for the top level button text.\n" }, "createRegistration": { "type": "boolean", "description": "Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.\n" }, "enabled": { "type": "boolean", "description": "Determines if this identity provider is enabled for the Application specified by the applicationId key.\n" }, "keyId": { "type": "string", "description": "This is an optional Application specific override for the top level keyId.\n" }, "scope": { "type": "string", "description": "This is an optional Application specific override for for the top level scope.\n" }, "servicesId": { "type": "string", "description": "This is an optional Application specific override for for the top level servicesId.\n" }, "teamId": { "type": "string", "description": "This is an optional Application specific override for for the top level teamId.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpAppleTenantConfiguration:FusionAuthIdpAppleTenantConfiguration": { "properties": { "limitUserLinkCountEnabled": { "type": "boolean", "description": "When enabled, the number of identity provider links a user may create is enforced by maximumLinks\n" }, "limitUserLinkCountMaximumLinks": { "type": "integer", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant that this configuration applies to.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpExternalJwtApplicationConfiguration:FusionAuthIdpExternalJwtApplicationConfiguration": { "properties": { "applicationId": { "type": "string", "description": "ID of the Application to apply this configuration to.\n" }, "createRegistration": { "type": "boolean", "description": "Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.\n" }, "enabled": { "type": "boolean", "description": "Determines if this identity provider is enabled for the Application specified by the applicationId key.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpExternalJwtTenantConfiguration:FusionAuthIdpExternalJwtTenantConfiguration": { "properties": { "limitUserLinkCountEnabled": { "type": "boolean", "description": "When enabled, the number of identity provider links a user may create is enforced by maximumLinks\n" }, "limitUserLinkCountMaximumLinks": { "type": "integer", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant that this configuration applies to.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpFacebookApplicationConfiguration:FusionAuthIdpFacebookApplicationConfiguration": { "properties": { "appId": { "type": "string", "description": "This is an optional Application specific override for the top level `app_id`.\n" }, "applicationId": { "type": "string", "description": "ID of the FusionAuth Application to apply this configuration to.\n" }, "buttonText": { "type": "string", "description": "This is an optional Application specific override for the top level `button_text`.\n" }, "clientSecret": { "type": "string", "description": "This is an optional Application specific override for the top level `client_secret`.\n", "secret": true }, "createRegistration": { "type": "boolean", "description": "Determines if a `UserRegistration` is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.\n" }, "enabled": { "type": "boolean", "description": "Determines if this identity provider is enabled for the Application specified by the `application_id` property.\n" }, "fields": { "type": "string", "description": "This is an optional Application specific override for the top level `fields`.\n" }, "permissions": { "type": "string", "description": "This is an optional Application specific override for the top level `permissions`.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpFacebookTenantConfiguration:FusionAuthIdpFacebookTenantConfiguration": { "properties": { "limitUserLinkCountEnabled": { "type": "boolean", "description": "When enabled, the number of identity provider links a user may create is enforced by maximumLinks\n" }, "limitUserLinkCountMaximumLinks": { "type": "integer", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant that this configuration applies to.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpGoogleApplicationConfiguration:FusionAuthIdpGoogleApplicationConfiguration": { "properties": { "applicationId": { "type": "string", "description": "ID of the Application to apply this configuration to.\n" }, "buttonText": { "type": "string", "description": "This is an optional Application specific override for the top level button text.\n" }, "clientId": { "type": "string", "description": "This is an optional Application specific override for the top level client id.\n" }, "clientSecret": { "type": "string", "description": "This is an optional Application specific override for the top level client secret.\n", "secret": true }, "createRegistration": { "type": "boolean", "description": "Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.\n" }, "enabled": { "type": "boolean", "description": "Determines if this identity provider is enabled for the Application specified by the applicationId key.\n" }, "properties": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpGoogleApplicationConfigurationProperties:FusionAuthIdpGoogleApplicationConfigurationProperties", "description": "This is an optional Application specific override for the top level properties.\n" }, "scope": { "type": "string", "description": "This is an optional Application specific override for for the top level scope.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpGoogleApplicationConfigurationProperties:FusionAuthIdpGoogleApplicationConfigurationProperties": { "properties": { "api": { "type": "string", "description": "This is an optional Application specific override for the top level properties.api . If this `login_method` is set to UsePopup, or the Application configuration is unset and the top level loginMethod is set to UsePopup, and this value contains the conflicting ux_mode=redirect property, that single property will be replaced with ux_mode=popup.\n" }, "button": { "type": "string", "description": "This is an optional Application specific override for the top level `button`.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpGoogleProperties:FusionAuthIdpGoogleProperties": { "properties": { "api": { "type": "string", "description": "Google Identity Services login API configuration in a properties file formatted String. Any attribute from Google's documentation can be added. Properties can be referenced in templates that support Google login to initialize the API via HTML or JavaScript. The properties specified in this field should not include the data- prefix on the property name. If the `login_method` is set to UsePopup and this value contains the conflicting ux_mode=redirect property, that single property will be replaced with ux_mode=popup.\n" }, "button": { "type": "string", "description": "Google Identity Services button configuration in a properties file formatted String. Any attribute from Google's documentation can be added. Properties can be referenced in templates that support Google login to render the login button via HTML or JavaScript. The properties specified in this field should not include the data- prefix on the property name.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpGoogleTenantConfiguration:FusionAuthIdpGoogleTenantConfiguration": { "properties": { "limitUserLinkCountEnabled": { "type": "boolean", "description": "When enabled, the number of identity provider links a user may create is enforced by maximumLinks\n" }, "limitUserLinkCountMaximumLinks": { "type": "integer", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant that this configuration applies to.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpLinkedInApplicationConfiguration:FusionAuthIdpLinkedInApplicationConfiguration": { "properties": { "applicationId": { "type": "string", "description": "ID of the FusionAuth Application to apply this configuration to.\n" }, "buttonText": { "type": "string", "description": "This is an optional Application specific override for the top level `button_text`.\n" }, "clientId": { "type": "string", "description": "This is an optional Application specific override for the top level `client_id`.\n", "secret": true }, "clientSecret": { "type": "string", "description": "This is an optional Application specific override for the top level `client_secret`.\n", "secret": true }, "createRegistration": { "type": "boolean", "description": "Determines if a `UserRegistration` is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.\n" }, "enabled": { "type": "boolean", "description": "Determines if this identity provider is enabled for the Application specified by the `application_id` property.\n" }, "scope": { "type": "string", "description": "This is an optional Application specific override for the top level `scope`.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpLinkedInTenantConfiguration:FusionAuthIdpLinkedInTenantConfiguration": { "properties": { "limitUserLinkCountEnabled": { "type": "boolean", "description": "When enabled, the number of identity provider links a user may create is enforced by maximumLinks\n" }, "limitUserLinkCountMaximumLinks": { "type": "integer", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant that this configuration applies to.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpOpenIdConnectApplicationConfiguration:FusionAuthIdpOpenIdConnectApplicationConfiguration": { "properties": { "applicationId": { "type": "string", "description": "ID of the Application to apply this configuration to.\n" }, "buttonImageUrl": { "type": "string", "description": "This is an optional Application specific override for the top level button image URL.\n" }, "buttonText": { "type": "string", "description": "This is an optional Application specific override for the top level button text.\n" }, "createRegistration": { "type": "boolean", "description": "Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.\n" }, "enabled": { "type": "boolean", "description": "Determines if this identity provider is enabled for the Application specified by the applicationId key.\n" }, "oauth2ClientId": { "type": "string", "description": "This is an optional Application specific override for the top level client id.\n" }, "oauth2ClientSecret": { "type": "string", "description": "This is an optional Application specific override for the top level client secret.\n", "secret": true }, "oauth2Scope": { "type": "string", "description": "This is an optional Application specific override for the top level scope.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpOpenIdConnectTenantConfiguration:FusionAuthIdpOpenIdConnectTenantConfiguration": { "properties": { "limitUserLinkCountEnabled": { "type": "boolean", "description": "When enabled, the number of identity provider links a user may create is enforced by maximumLinks\n" }, "limitUserLinkCountMaximumLinks": { "type": "integer", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant that this configuration applies to.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpPsnApplicationConfiguration:FusionAuthIdpPsnApplicationConfiguration": { "properties": { "applicationId": { "type": "string", "description": "ID of the Application to apply this configuration to.\n" }, "buttonText": { "type": "string", "description": "This is an optional Application specific override for the top level button text.\n" }, "clientId": { "type": "string", "description": "This is an optional Application specific override for the top level client_id.\n" }, "clientSecret": { "type": "string", "description": "This is an optional Application specific override for the top level client_secret.\n" }, "createRegistration": { "type": "boolean", "description": "Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.\n" }, "enabled": { "type": "boolean", "description": "Determines if this identity provider is enabled for the Application specified by the applicationId key.\n" }, "scope": { "type": "string", "description": "This is an optional Application specific override for the top level scope.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpPsnTenantConfiguration:FusionAuthIdpPsnTenantConfiguration": { "properties": { "limitUserLinkCountEnabled": { "type": "boolean", "description": "When enabled, the number of identity provider links a user may create is enforced by maximumLinks\n" }, "limitUserLinkCountMaximumLinks": { "type": "integer", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant that this configuration applies to.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration:FusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration": { "properties": { "applicationId": { "type": "string" }, "createRegistration": { "type": "boolean", "description": "Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.\n" }, "enabled": { "type": "boolean", "description": "Determines if this identity provider is enabled for the Application specified by the applicationId key.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration:FusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration": { "properties": { "decryption": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationDecryption:FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationDecryption", "description": "The decryption configuration for the SAML v2 identity provider.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationDecryption:FusionAuthIdpSamlV2IdpInitiatedAssertionConfigurationDecryption": { "properties": { "enabled": { "type": "boolean", "description": "Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.\n" }, "keyTransportDecryptionKeyId": { "type": "string", "description": "The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when `'enabled` is true.\n" } }, "type": "object", "required": [ "keyTransportDecryptionKeyId" ] }, "fusionauth:index/FusionAuthIdpSamlV2IdpInitiatedTenantConfiguration:FusionAuthIdpSamlV2IdpInitiatedTenantConfiguration": { "properties": { "limitUserLinkCountEnabled": { "type": "boolean", "description": "When enabled, the number of identity provider links a user may create is enforced by maximumLinks\n" }, "limitUserLinkCountMaximumLinks": { "type": "integer", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "tenantId": { "type": "string" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpSamlv2ApplicationConfiguration:FusionAuthIdpSamlv2ApplicationConfiguration": { "properties": { "applicationId": { "type": "string", "description": "ID of the Application to apply this configuration to.\n" }, "buttonImageUrl": { "type": "string", "description": "This is an optional Application specific override for the top level button image URL.\n" }, "buttonText": { "type": "string", "description": "This is an optional Application specific override for the top level button text.\n" }, "createRegistration": { "type": "boolean", "description": "Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.\n" }, "enabled": { "type": "boolean", "description": "Determines if this identity provider is enabled for the Application specified by the applicationId key.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpSamlv2AssertionConfiguration:FusionAuthIdpSamlv2AssertionConfiguration": { "properties": { "decryption": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2AssertionConfigurationDecryption:FusionAuthIdpSamlv2AssertionConfigurationDecryption", "description": "The configuration for the SAML assertion decryption.\n" }, "destination": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2AssertionConfigurationDestination:FusionAuthIdpSamlv2AssertionConfigurationDestination", "description": "The array of URLs that FusionAuth will accept as SAML login destinations if the `policy` setting is AllowAlternates.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpSamlv2AssertionConfigurationDecryption:FusionAuthIdpSamlv2AssertionConfigurationDecryption": { "properties": { "enabled": { "type": "boolean", "description": "Determines if FusionAuth requires encrypted assertions in SAML responses from the identity provider. When true, SAML responses from the identity provider containing unencrypted assertions will be rejected by FusionAuth.\n" }, "keyTransportDecryptionKeyId": { "type": "string", "description": "The Id of the key stored in Key Master that is used to decrypt the symmetric key on the SAML response sent to FusionAuth from the identity provider. The selected Key must contain an RSA private key. Required when `enabled` is true.\n" } }, "type": "object", "required": [ "keyTransportDecryptionKeyId" ] }, "fusionauth:index/FusionAuthIdpSamlv2AssertionConfigurationDestination:FusionAuthIdpSamlv2AssertionConfigurationDestination": { "properties": { "alternates": { "type": "array", "items": { "type": "string" }, "description": "The alternate destinations of the assertion.\n" }, "policy": { "type": "string", "description": "The policy to use when performing a destination assertion on the SAML login request. The possible values are `Enabled`, `Disabled`, and `AllowAlternates`.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpSamlv2IdpInitiatedConfiguration:FusionAuthIdpSamlv2IdpInitiatedConfiguration": { "properties": { "enabled": { "type": "boolean", "description": "Determines if FusionAuth will accept IdP initiated login requests from this SAMLv2 Identity Provider.\n" }, "issuer": { "type": "string", "description": "The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Required when `enabled` is true.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpSamlv2LoginHintConfiguration:FusionAuthIdpSamlv2LoginHintConfiguration": { "properties": { "enabled": { "type": "boolean", "description": "When enabled and HTTP-Redirect bindings are used, FusionAuth will provide the username or email address when available to the IdP as a login hint using the configured parameter name set by the `parameter_name` to initiate the AuthN request.\n" }, "parameterName": { "type": "string", "description": "The name of the parameter used to pass the username or email as login hint to the IDP when enabled, and HTTP redirect bindings are used to initiate the AuthN request. The default value is `login_hint`. Required when `enabled` is true.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpSamlv2TenantConfiguration:FusionAuthIdpSamlv2TenantConfiguration": { "properties": { "limitUserLinkCountEnabled": { "type": "boolean", "description": "When enabled, the number of identity provider links a user may create is enforced by maximumLinks\n" }, "limitUserLinkCountMaximumLinks": { "type": "integer", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant that this configuration applies to.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpSteamApplicationConfiguration:FusionAuthIdpSteamApplicationConfiguration": { "properties": { "apiMode": { "type": "string", "description": "This is an optional Application specific override for the top level apiMode.\n" }, "applicationId": { "type": "string", "description": "ID of the Application to apply this configuration to.\n" }, "buttonText": { "type": "string", "description": "This is an optional Application specific override for the top level button text.\n" }, "clientId": { "type": "string", "description": "This is an optional Application specific override for the top level client_id.\n" }, "createRegistration": { "type": "boolean", "description": "Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.\n" }, "enabled": { "type": "boolean", "description": "Determines if this identity provider is enabled for the Application specified by the applicationId key.\n" }, "scope": { "type": "string", "description": "This is an optional Application specific override for the top level scope.\n" }, "webApiKey": { "type": "string", "description": "This is an optional Application specific override for the top level webAPIKey.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpSteamTenantConfiguration:FusionAuthIdpSteamTenantConfiguration": { "properties": { "limitUserLinkCountEnabled": { "type": "boolean", "description": "When enabled, the number of identity provider links a user may create is enforced by maximumLinks\n" }, "limitUserLinkCountMaximumLinks": { "type": "integer", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant that this configuration applies to.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpTwitchApplicationConfiguration:FusionAuthIdpTwitchApplicationConfiguration": { "properties": { "applicationId": { "type": "string", "description": "ID of the Application to apply this configuration to.\n" }, "buttonText": { "type": "string", "description": "This is an optional Application specific override for the top level button text.\n" }, "clientId": { "type": "string", "description": "This is an optional Application specific override for the top level client_id.\n" }, "clientSecret": { "type": "string", "description": "This is an optional Application specific override for the top level client_secret.\n" }, "createRegistration": { "type": "boolean", "description": "Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.\n" }, "enabled": { "type": "boolean", "description": "Determines if this identity provider is enabled for the Application specified by the applicationId key.\n" }, "scope": { "type": "string", "description": "This is an optional Application specific override for the top level scope.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpTwitchTenantConfiguration:FusionAuthIdpTwitchTenantConfiguration": { "properties": { "limitUserLinkCountEnabled": { "type": "boolean", "description": "When enabled, the number of identity provider links a user may create is enforced by maximumLinks\n" }, "limitUserLinkCountMaximumLinks": { "type": "integer", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant that this configuration applies to.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpXBoxApplicationConfiguration:FusionAuthIdpXBoxApplicationConfiguration": { "properties": { "applicationId": { "type": "string", "description": "ID of the Application to apply this configuration to.\n" }, "buttonText": { "type": "string", "description": "This is an optional Application specific override for the top level button text.\n" }, "clientId": { "type": "string", "description": "This is an optional Application specific override for the top level client_id.\n" }, "clientSecret": { "type": "string", "description": "This is an optional Application specific override for the top level client_secret.\n" }, "createRegistration": { "type": "boolean", "description": "Determines if a UserRegistration is created for the User automatically or not. If a user doesn’t exist in FusionAuth and logs in through an identity provider, this boolean controls whether or not FusionAuth creates a registration for the User in the Application they are logging into.\n" }, "enabled": { "type": "boolean", "description": "Determines if this identity provider is enabled for the Application specified by the applicationId key.\n" }, "scope": { "type": "string", "description": "This is an optional Application specific override for the top level scope.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthIdpXBoxTenantConfiguration:FusionAuthIdpXBoxTenantConfiguration": { "properties": { "limitUserLinkCountEnabled": { "type": "boolean", "description": "When enabled, the number of identity provider links a user may create is enforced by maximumLinks\n" }, "limitUserLinkCountMaximumLinks": { "type": "integer", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant that this configuration applies to.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthSystemConfigurationAuditLogConfiguration:FusionAuthSystemConfigurationAuditLogConfiguration": { "properties": { "delete": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationAuditLogConfigurationDelete:FusionAuthSystemConfigurationAuditLogConfigurationDelete" } }, "type": "object" }, "fusionauth:index/FusionAuthSystemConfigurationAuditLogConfigurationDelete:FusionAuthSystemConfigurationAuditLogConfigurationDelete": { "properties": { "enabled": { "type": "boolean", "description": "Whether or not FusionAuth should delete the Audit Log based upon this configuration. When true the auditLogConfiguration.delete.numberOfDaysToRetain will be used to identify audit logs that are eligible for deletion. When this value is set to false audit logs will be preserved forever.\n" }, "numberOfDaysToRetain": { "type": "integer", "description": "The number of days to retain the Audit Log.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthSystemConfigurationCorsConfiguration:FusionAuthSystemConfigurationCorsConfiguration": { "properties": { "allowCredentials": { "type": "boolean", "description": "The Access-Control-Allow-Credentials response header values as described by MDN Access-Control-Allow-Credentials.\n" }, "allowedHeaders": { "type": "array", "items": { "type": "string" }, "description": "The Access-Control-Allow-Headers response header values as described by MDN Access-Control-Allow-Headers.\n" }, "allowedMethods": { "type": "array", "items": { "type": "string" }, "description": "The Access-Control-Allow-Methods response header values as described by MDN Access-Control-Allow-Methods.\n" }, "allowedOrigins": { "type": "array", "items": { "type": "string" }, "description": "The Access-Control-Allow-Origin response header values as described by MDN Access-Control-Allow-Origin. If the wildcard * is specified, no additional domains may be specified.\n" }, "debug": { "type": "boolean", "description": "Whether or not FusionAuth will log debug messages to the event log. This is primarily useful for identifying why the FusionAuth CORS filter is rejecting a request and returning an HTTP response status code of 403.\n" }, "enabled": { "type": "boolean", "description": "Whether the FusionAuth CORS filter will process requests made to FusionAuth.\n" }, "exposedHeaders": { "type": "array", "items": { "type": "string" }, "description": "The Access-Control-Expose-Headers response header values as described by MDN Access-Control-Expose-Headers.\n" }, "preflightMaxAgeInSeconds": { "type": "integer", "description": "The Access-Control-Max-Age response header values as described by MDN Access-Control-Max-Age.\n" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "allowedHeaders", "allowedMethods", "exposedHeaders" ] } } }, "fusionauth:index/FusionAuthSystemConfigurationEventLogConfiguration:FusionAuthSystemConfigurationEventLogConfiguration": { "properties": { "numberToRetain": { "type": "integer", "description": "The number of events to retain. Once the the number of event logs exceeds this configured value they will be deleted starting with the oldest event logs.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthSystemConfigurationLoginRecordConfiguration:FusionAuthSystemConfigurationLoginRecordConfiguration": { "properties": { "delete": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationLoginRecordConfigurationDelete:FusionAuthSystemConfigurationLoginRecordConfigurationDelete" } }, "type": "object" }, "fusionauth:index/FusionAuthSystemConfigurationLoginRecordConfigurationDelete:FusionAuthSystemConfigurationLoginRecordConfigurationDelete": { "properties": { "enabled": { "type": "boolean", "description": "Whether or not FusionAuth should delete the login records based upon this configuration. When true the loginRecordConfiguration.delete.numberOfDaysToRetain will be used to identify login records that are eligible for deletion. When this value is set to false login records will be preserved forever.\n" }, "numberOfDaysToRetain": { "type": "integer", "description": "The number of days to retain login records.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthSystemConfigurationTrustedProxyConfiguration:FusionAuthSystemConfigurationTrustedProxyConfiguration": { "properties": { "trustPolicy": { "type": "string", "description": "This setting is used to resolve the client IP address for use in logging, webhooks, and IP-based access control when an X-Forwarded-For header is provided. Because proxies are free to rewrite the X-Forwarded-For header, an untrusted proxy could write a value that allowed it to bypass IP-based ACLs, or cause an incorrect IP address to be logged or sent to a webhook. Valid values are `All` and `OnlyConfigured`.\n" }, "trusteds": { "type": "array", "items": { "type": "string" }, "description": "An array of IP addresses, representing the set of trusted upstream proxies. This value will be accepted but ignored when `trust_policy` is set to `All`. Values may be specified as IPv4, or IPv6 format, and ranges of addresses are also accepted in CIDR notation.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthSystemConfigurationUiConfiguration:FusionAuthSystemConfigurationUiConfiguration": { "properties": { "headerColor": { "type": "string", "description": "A hexadecimal color to override the default menu color in the user interface.\n" }, "logoUrl": { "type": "string", "description": "A URL of a logo to override the default FusionAuth logo in the user interface.\n" }, "menuFontColor": { "type": "string", "description": "A hexadecimal color to override the default menu font color in the user interface.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthSystemConfigurationUsageDataConfiguration:FusionAuthSystemConfigurationUsageDataConfiguration": { "properties": { "enabled": { "type": "boolean", "description": "Whether or not FusionAuth collects and sends usage data to improve the product.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthSystemConfigurationWebhookEventLogConfiguration:FusionAuthSystemConfigurationWebhookEventLogConfiguration": { "properties": { "delete": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationWebhookEventLogConfigurationDelete:FusionAuthSystemConfigurationWebhookEventLogConfigurationDelete" } }, "type": "object" }, "fusionauth:index/FusionAuthSystemConfigurationWebhookEventLogConfigurationDelete:FusionAuthSystemConfigurationWebhookEventLogConfigurationDelete": { "properties": { "enabled": { "type": "boolean", "description": "Whether or not FusionAuth should delete the webhook event logs based upon this configuration. When true the webhookEventLogConfiguration.delete.numberOfDaysToRetain will be used to identify webhook event logs that are eligible for deletion. When this value is set to false webhook event logs will be preserved forever.\n" }, "numberOfDaysToRetain": { "type": "integer", "description": "The number of days to retain webhook event logs.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantAccessControlConfiguration:FusionAuthTenantAccessControlConfiguration": { "properties": { "uiIpAccessControlListId": { "type": "string", "description": "The Id of the IP Access Control List limiting access to all applications in this tenant.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantCaptchaConfiguration:FusionAuthTenantCaptchaConfiguration": { "properties": { "captchaMethod": { "type": "string", "description": "The type of captcha method to use. This field is required when tenant.captchaConfiguration.enabled is set to true.\n" }, "enabled": { "type": "boolean", "description": "Whether captcha configuration is enabled.\n" }, "secretKey": { "type": "string", "description": "The secret key for this captcha method. This field is required when tenant.captchaConfiguration.enabled is set to true.\n" }, "siteKey": { "type": "string", "description": "The site key for this captcha method. This field is required when tenant.captchaConfiguration.enabled is set to true.\n" }, "threshold": { "type": "number", "description": "The numeric threshold which separates a passing score from a failing one. This value only applies if using either the Google v3 or HCaptcha Enterprise method, otherwise this value is ignored.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantConnectorPolicy:FusionAuthTenantConnectorPolicy": { "properties": { "connectorId": { "type": "string", "description": "The identifier of the Connector to which this policy refers.\n" }, "domains": { "type": "array", "items": { "type": "string" }, "description": "A list of email domains to which this connector should apply. A value of [\"*\"] indicates this connector applies to all users.\n" }, "migrate": { "type": "boolean", "description": "If true, the user’s data will be migrated to FusionAuth at first successful authentication; subsequent authentications will occur against the FusionAuth datastore. If false, the Connector’s source will be treated as authoritative.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantEmailConfiguration:FusionAuthTenantEmailConfiguration": { "properties": { "additionalHeaders": { "type": "object", "additionalProperties": { "type": "string" }, "description": "The additional SMTP headers to be added to each outgoing email. Each SMTP header consists of a name and a value.\n" }, "debug": { "type": "boolean", "description": "Determines if debug should be enabled to create an event log to assist in debugging SMTP errors.\n" }, "defaultFromEmail": { "type": "string", "description": "The default email address that emails will be sent from when a from address is not provided on an individual email template. This is the address part email address (i.e. Jared Dunn ).\n" }, "defaultFromName": { "type": "string", "description": "The default From Name used in sending emails when a from name is not provided on an individual email template. This is the display name part of the email address ( i.e. Jared Dunn ).\n" }, "emailUpdateEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when a user is sent a forgot password email.\n" }, "emailVerifiedEmailTemplateId": { "type": "string", "description": "The Id of the Email Template used to verify user emails.\n" }, "forgotPasswordEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when a user is sent a forgot password email.\n" }, "host": { "type": "string", "description": "The host name of the SMTP server that FusionAuth will use.\n" }, "implicitEmailVerificationAllowed": { "type": "boolean", "description": "When set to true, this allows email to be verified as a result of completing a similar email based workflow such as change password. When seto false, the user must explicitly complete the email verification workflow even if the user has already completed a similar email workflow such as change password.\n" }, "loginIdInUseOnCreateEmailTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id.\n" }, "loginIdInUseOnUpdateEmailTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when another user attempts to create an account with their login Id.\n" }, "loginNewDeviceEmailTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when they log in on a new device.\n" }, "loginSuspiciousEmailTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when a suspicious login occurs.\n" }, "password": { "type": "string", "description": "An optional password FusionAuth will use to authenticate with the SMTP server.\n", "secret": true }, "passwordResetSuccessEmailTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password habeen reset.\n" }, "passwordUpdateEmailTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when they have completed a 'forgot password' workflow and their password has been rese\n" }, "passwordlessEmailTemplateId": { "type": "string", "description": "The Id of the Passwordless Email Template.\n" }, "port": { "type": "integer", "description": "The port of the SMTP server that FusionAuth will use.\n" }, "properties": { "type": "string", "description": "Additional Email Configuration in a properties file formatted String.\n", "secret": true }, "security": { "type": "string", "description": "The type of security protocol FusionAuth will use when connecting to the SMTP server.\n" }, "setPasswordEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when a user had their account created for them and they must set their password manually and they are sent an email to set their password.\n" }, "twoFactorMethodAddEmailTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when a MFA method has been added to their account.\n" }, "twoFactorMethodRemoveEmailTemplateId": { "type": "string", "description": "The Id of the Email Template used to send emails to users when a MFA method has been removed from their account.\n" }, "unverified": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantEmailConfigurationUnverified:FusionAuthTenantEmailConfigurationUnverified" }, "username": { "type": "string", "description": "An optional username FusionAuth will to authenticate with the SMTP server.\n" }, "verificationEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used to send the verification emails to users. These emails are used to verify that a user’s email address ivalid. If either the verifyEmail or verifyEmailWhenChanged fields are true this field is required.\n" }, "verificationStrategy": { "type": "string", "description": "The process by which the user will verify their email address. Possible values are `ClickableLink` or `FormField`.\n" }, "verifyEmail": { "type": "boolean", "description": "Whether the user’s email addresses are verified when the registers with your application.\n" }, "verifyEmailWhenChanged": { "type": "boolean", "description": "Whether the user’s email addresses are verified when the user changes them.\n" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "defaultFromEmail", "unverified" ] } } }, "fusionauth:index/FusionAuthTenantEmailConfigurationUnverified:FusionAuthTenantEmailConfigurationUnverified": { "properties": { "allowEmailChangeWhenGated": { "type": "boolean", "description": "When this value is set to true, the user is allowed to change their email address when they are gated because they haven’t verified their email address.\n" }, "behavior": { "type": "string", "description": "= (Optional) The behavior when detecting breaches at time of user login.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantEventConfiguration:FusionAuthTenantEventConfiguration": { "properties": { "enabled": { "type": "boolean", "description": "Whether or not FusionAuth should send these types of events to any configured Webhooks.\n" }, "event": { "type": "string", "description": "The event type\n" }, "transactionType": { "type": "string", "description": "The transaction type that FusionAuth uses when sending these types of events to any configured Webhooks.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantExternalIdentifierConfiguration:FusionAuthTenantExternalIdentifierConfiguration": { "properties": { "authorizationGrantIdTimeToLiveInSeconds": { "type": "integer", "description": "The time in seconds until a OAuth authorization code in no longer valid to be exchanged for an access token. This is essentially the time allowed between the start of an Authorization request during the Authorization code grant and when you request an access token using this authorization code on the Token endpoint. Defaults to 30.\n" }, "changePasswordIdGenerator": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGenerator:FusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGenerator" }, "changePasswordIdTimeToLiveInSeconds": { "type": "integer", "description": "The time in seconds until a change password Id is no longer valid and cannot be used by the Change Password API. Value must be greater than 0. Defaults to 600.\n" }, "deviceCodeTimeToLiveInSeconds": { "type": "integer", "description": "The time in seconds until a device code Id is no longer valid and cannot be used by the Token API. Value must be greater than 0. Defaults to 300.\n" }, "deviceUserCodeIdGenerator": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGenerator:FusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGenerator" }, "emailVerificationIdGenerator": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGenerator:FusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGenerator" }, "emailVerificationIdTimeToLiveInSeconds": { "type": "integer", "description": "The time in seconds until a email verification Id is no longer valid and cannot be used by the Verify Email API. Value must be greater than 0.\n" }, "emailVerificationOneTimeCodeGenerator": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGenerator:FusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGenerator" }, "externalAuthenticationIdTimeToLiveInSeconds": { "type": "integer", "description": "The time in seconds until an external authentication Id is no longer valid and cannot be used by the Token API. Value must be greater than 0. Defaults to 300.\n" }, "loginIntentTimeToLiveInSeconds": { "type": "integer", "description": "The time in seconds until a Login Timeout identifier is no longer valid to complete post-authentication steps in the OAuth workflow. Must be greater than 0. Defaults to 1800.\n" }, "oneTimePasswordTimeToLiveInSeconds": { "type": "integer", "description": "The time in seconds until a One Time Password is no longer valid and cannot be used by the Login API. Value must be greater than 0. Defaults to 60.\n" }, "passwordlessLoginGenerator": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGenerator:FusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGenerator" }, "passwordlessLoginTimeToLiveInSeconds": { "type": "integer", "description": "The time in seconds until a passwordless code is no longer valid and cannot be used by the Passwordless API. Value must be greater than 0. Defaults to 180.\n" }, "pendingAccountLinkTimeToLiveInSeconds": { "type": "integer", "description": "The number of seconds before the pending account link identifier is no longer valid to complete an account link request. Value must be greater than 0. Defaults to 3600\n" }, "registrationVerificationIdGenerator": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGenerator:FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGenerator" }, "registrationVerificationIdTimeToLiveInSeconds": { "type": "integer", "description": "The time in seconds until a registration verification Id is no longer valid and cannot be used by the Verify Registration API. Value must be greater than 0.\n" }, "registrationVerificationOneTimeCodeGenerator": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGenerator:FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGenerator" }, "rememberOauthScopeConsentChoiceTimeToLiveInSeconds": { "type": "integer", "description": "The time in seconds until remembered OAuth scope consent choices are no longer valid, and the User will be prompted to consent to requested OAuth scopes even if they have not changed. Applies only when `application.oauthConfiguration.consentMode` is set to RememberDecision. Value must be greater than 0. Note: An Essentials or Enterprise plan is required to utilize advanced OAuth scopes. Defaults to 2592000.\n" }, "samlV2AuthnRequestIdTtlSeconds": { "type": "integer", "description": "The time in seconds that a SAML AuthN request will be eligible for use to authenticate with FusionAuth. Defaults to 300.\n" }, "setupPasswordIdGenerator": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGenerator:FusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGenerator" }, "setupPasswordIdTimeToLiveInSeconds": { "type": "integer", "description": "The time in seconds until a setup password Id is no longer valid and cannot be used by the Change Password API. Value must be greater than 0.\n" }, "trustTokenTimeToLiveInSeconds": { "type": "integer", "description": "The number of seconds before the Trust Token is no longer valid to complete a request that requires trust. Value must be greater than 0. Defaults to 180\n" }, "twoFactorIdTimeToLiveInSeconds": { "type": "integer", "description": "The time in seconds until a two factor Id is no longer valid and cannot be used by the Two Factor Login API. Value must be greater than 0. Defaults to 300.\n" }, "twoFactorOneTimeCodeIdGenerator": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGenerator:FusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGenerator" }, "twoFactorOneTimeCodeIdTimeToLiveInSeconds": { "type": "integer", "description": "The number of seconds before the Two-Factor One Time Code used to enable or disable a two-factor method is no longer valid. Must be greater than 0. Defaults to 60.\n" }, "twoFactorTrustIdTimeToLiveInSeconds": { "type": "integer", "description": "The time in seconds until an issued Two Factor trust Id is no longer valid and the User will be Optional to complete Two Factor authentication during the next authentication attempt. Value must be greater than 0.\n" }, "webauthnAuthenticationChallengeTimeToLiveInSeconds": { "type": "integer", "description": "The time in seconds until a WebAuthn authentication challenge is no longer valid and the User will be required to restart the WebAuthn authentication ceremony by creating a new challenge. This value also controls the timeout for the client-side WebAuthn navigator.credentials.get API call. Value must be greater than 0. Note: A license is required to utilize WebAuthn. Defaults to 180.\n" }, "webauthnRegistrationChallengeTimeToLiveInSeconds": { "type": "integer", "description": "The time in seconds until a WebAuthn registration challenge is no longer valid and the User will be required to restart the WebAuthn registration ceremony by creating a new challenge. This value also controls the timeout for the client-side WebAuthn navigator.credentials.create API call. Value must be greater than 0. Note: A license is required to utilize WebAuthn. Defaults to 180.\n" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "emailVerificationIdTimeToLiveInSeconds", "registrationVerificationIdTimeToLiveInSeconds", "setupPasswordIdTimeToLiveInSeconds", "twoFactorTrustIdTimeToLiveInSeconds" ] } } }, "fusionauth:index/FusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGenerator:FusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGenerator": { "properties": { "length": { "type": "integer", "description": "The length of the secure generator used for generating the change password Id. Defaults to 32.\n" }, "type": { "type": "string", "description": "The type of the secure generator used for generating the change password Id. Defaults to randomBytes.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGenerator:FusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGenerator": { "properties": { "length": { "type": "integer", "description": "The length of the secure generator used for generating the change password Id. Defaults to 6.\n" }, "type": { "type": "string", "description": "The type of the secure generator used for generating the change password Id. Defaults to randomAlphaNumeric.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGenerator:FusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGenerator": { "properties": { "length": { "type": "integer", "description": "The length of the secure generator used for generating the change password Id. Defaults to 32.\n" }, "type": { "type": "string", "description": "The type of the secure generator used for generating the change password Id. Defaults to randomBytes.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGenerator:FusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGenerator": { "properties": { "length": { "type": "integer", "description": "The length of the secure generator used for generating the email verification one time code. Defaults to 6.\n" }, "type": { "type": "string", "description": "The type of the secure generator used for generating the email verification one time code. Defaults to randomAlphaNumeric.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGenerator:FusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGenerator": { "properties": { "length": { "type": "integer", "description": "The length of the secure generator used for generating the change password Id. Defaults to 32\n" }, "type": { "type": "string", "description": "The type of the secure generator used for generating the change password Id. Defaults to randomBytes.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGenerator:FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGenerator": { "properties": { "length": { "type": "integer", "description": "The length of the secure generator used for generating the change password Id. Defaults to 32\n" }, "type": { "type": "string", "description": "The type of the secure generator used for generating the change password Id. Defaults to randomBytes.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGenerator:FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGenerator": { "properties": { "length": { "type": "integer", "description": "The length of the secure generator used for generating the registration verification one time code. Defaults to 6.\n" }, "type": { "type": "string", "description": "The type of the secure generator used for generating the registration verification one time code. Defaults to randomAlphaNumeric.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGenerator:FusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGenerator": { "properties": { "length": { "type": "integer", "description": "The length of the secure generator used for generating the change password Id. Defaults to 32.\n" }, "type": { "type": "string", "description": "The type of the secure generator used for generating the change password Id. Defaults to randomBytes.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGenerator:FusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGenerator": { "properties": { "length": { "type": "integer", "description": "The length of the secure generator used for generating the the two factor code Id. Defaults to 6\n" }, "type": { "type": "string", "description": "The type of the secure generator used for generating the two factor one time code Id. Defaults to randomDigits.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantFailedAuthenticationConfiguration:FusionAuthTenantFailedAuthenticationConfiguration": { "properties": { "actionCancelPolicyOnPasswordReset": { "type": "boolean", "description": "Indicates whether you want the user to be able to self-service unlock their account prior to the action duration by completing a password reset workflow.\n" }, "actionDuration": { "type": "integer", "description": "The duration of the User Action. This value along with the actionDurationUnit will be used to set the duration of the User Action. Value must be greater than 0.\n" }, "actionDurationUnit": { "type": "string", "description": "The unit of time associated with a duration.\n" }, "emailUser": { "type": "boolean", "description": "Indicates you would like to email the user when the user’s account is locked due to this action being taken. This requires the User Action specified by the tenant.failedAuthenticationConfiguration.userActionId to also be configured for email. If the User Action is not configured to be able to email the user, this configuration will be ignored.\n" }, "resetCountInSeconds": { "type": "integer", "description": "The length of time in seconds before the failed authentication count will be reset. Value must be greater than 0.\n" }, "tooManyAttempts": { "type": "integer", "description": "The number of failed attempts considered to be too many. Once this threshold is reached the specified User Action will be applied to the user for the duration specified. Value must be greater than 0.\n" }, "userActionId": { "type": "string", "description": "The Id of the User Action that is applied when the threshold is reached for too many failed authentication attempts.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantFamilyConfiguration:FusionAuthTenantFamilyConfiguration": { "properties": { "allowChildRegistrations": { "type": "boolean", "description": "Whether to allow child registrations.\n" }, "confirmChildEmailTemplateId": { "type": "string", "description": "The unique Id of the email template to use when confirming a child.\n" }, "deleteOrphanedAccounts": { "type": "boolean", "description": "Indicates that child users without parental verification will be permanently deleted after tenant.familyConfiguration.deleteOrphanedAccountsDays days.\n" }, "deleteOrphanedAccountsDays": { "type": "integer", "description": "The number of days from creation child users will be retained before being deleted for not completing parental verification. Value must be greater than 0.\n" }, "enabled": { "type": "boolean", "description": "Whether family configuration is enabled.\n" }, "familyRequestEmailTemplateId": { "type": "string", "description": "The unique Id of the email template to use when a family request is made.\n" }, "maximumChildAge": { "type": "integer", "description": "The maximum age of a child. Value must be greater than 0.\n" }, "minimumOwnerAge": { "type": "integer", "description": "The minimum age to be an owner. Value must be greater than 0.\n" }, "parentEmailRequired": { "type": "boolean", "description": "Whether a parent email is required.\n" }, "parentRegistrationEmailTemplateId": { "type": "string", "description": "The unique Id of the email template to use for parent registration.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantFormConfiguration:FusionAuthTenantFormConfiguration": { "properties": { "adminUserFormId": { "type": "string", "description": "The unique Id of the form to use for the Add and Edit User form when used in the FusionAuth admin UI.\n" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "adminUserFormId" ] } } }, "fusionauth:index/FusionAuthTenantJwtConfiguration:FusionAuthTenantJwtConfiguration": { "properties": { "accessTokenKeyId": { "type": "string", "description": "The unique id of the signing key used to sign the access token. Required prior to `1.30.0`.\n" }, "idTokenKeyId": { "type": "string", "description": "The unique id of the signing key used to sign the Id token. Required prior to `1.30.0`.\n" }, "refreshTokenExpirationPolicy": { "type": "string", "description": "The refresh token expiration policy.\n" }, "refreshTokenOneTimeUseConfigurationGracePeriodInSeconds": { "type": "integer", "description": "The length of time specified in seconds that a one-time use token can be reused. This value must be greater than 0 and less than 86400 which is equal to 24 hours. Setting this value to 0 effectively disables the grace period which means a one-time token may not be reused. For security reasons, you should keep this value as small as possible, and only increase past 0 to improve reliability for an asynchronous or clustered integration that may require a brief grace period. Defaults to 0.\n" }, "refreshTokenRevocationPolicyOnLoginPrevented": { "type": "boolean", "description": "When enabled, the refresh token will be revoked when a user action, such as locking an account based on a number of failed login attempts, prevents user login.\n" }, "refreshTokenRevocationPolicyOnMultiFactorEnable": { "type": "boolean", "description": "When enabled, all refresh tokens will be revoked when a user enables multi-factor authentication for the first time. This policy will not be applied when adding subsequent multi-factor methods to the user.\n" }, "refreshTokenRevocationPolicyOnOneTimeTokenReuse": { "type": "boolean", "description": "When enabled, if a one-time use refresh token is reused, the token will be revoked. This does not cause all refresh tokens to be revoked, only the reused token is revoked.\n" }, "refreshTokenRevocationPolicyOnPasswordChange": { "type": "boolean", "description": "When enabled, the refresh token will be revoked when a user changes their password.\"\n" }, "refreshTokenSlidingWindowMaximumTimeToLiveInMinutes": { "type": "integer", "description": "The maximum lifetime of a refresh token when using a refresh token expiration policy of SlidingWindowWithMaximumLifetime. Value must be greater than 0.\n" }, "refreshTokenTimeToLiveInMinutes": { "type": "integer", "description": "The length of time in minutes a Refresh Token is valid from the time it was issued. Value must be greater than 0.\n" }, "refreshTokenUsagePolicy": { "type": "string", "description": "The refresh token usage policy.\n" }, "timeToLiveInSeconds": { "type": "integer", "description": "The length of time in seconds this JWT is valid from the time it was issued. Value must be greater than 0.\n" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "accessTokenKeyId", "idTokenKeyId" ] } } }, "fusionauth:index/FusionAuthTenantLambdaConfiguration:FusionAuthTenantLambdaConfiguration": { "properties": { "loginValidationId": { "type": "string", "description": "The Id of the lambda that will be invoked at the end of a successful login request in order to extend custom validation of a login request.\n" }, "scimEnterpriseUserRequestConverterId": { "type": "string", "description": "The Id of a SCIM User Request lambda that will be used to convert the SCIM Enterprise User request to a FusionAuth User. Note: An Enterprise plan is required to utilize SCIM. Required when `scim_server_configuration.enabled` is true.\n" }, "scimEnterpriseUserResponseConverterId": { "type": "string", "description": "The Id of a SCIM User Response lambda that will be used to convert a FusionAuth Enterprise User to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when `scim_server_configuration.enabled` is true.\n" }, "scimGroupRequestConverterId": { "type": "string", "description": "The Id of a SCIM Group Request lambda that will be used to convert the SCIM Group request to a FusionAuth Group. Note: An Enterprise plan is required to utilize SCIM. Required when `scim_server_configuration.enabled` is true.\n" }, "scimGroupResponseConverterId": { "type": "string", "description": "The Id of a SCIM Group Response lambda that will be used to convert a FusionAuth Group to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when `scim_server_configuration.enabled` is true.\n" }, "scimUserRequestConverterId": { "type": "string", "description": "The Id of a SCIM User Request lambda that will be used to convert the SCIM User request to a FusionAuth User. Note: An Enterprise plan is required to utilize SCIM. Required when `scim_server_configuration.enabled` is true.\n" }, "scimUserResponseConverterId": { "type": "string", "description": "The Id of a SCIM User Response lambda that will be used to convert a FusionAuth User to a SCIM Server response. Note: An Enterprise plan is required to utilize SCIM. Required when `scim_server_configuration.enabled` is true.\n" } }, "type": "object", "required": [ "loginValidationId", "scimEnterpriseUserRequestConverterId", "scimEnterpriseUserResponseConverterId", "scimGroupRequestConverterId", "scimGroupResponseConverterId", "scimUserRequestConverterId", "scimUserResponseConverterId" ] }, "fusionauth:index/FusionAuthTenantLoginConfiguration:FusionAuthTenantLoginConfiguration": { "properties": { "requireAuthentication": { "type": "boolean", "description": "Indicates whether to require an API key for the Login API when an `applicationId` is not provided. When an `applicationId` is provided to the Login API call, the application configuration will take precedence. In almost all cases, you will want to this to be `true`.\n" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "requireAuthentication" ] } } }, "fusionauth:index/FusionAuthTenantMaximumPasswordAge:FusionAuthTenantMaximumPasswordAge": { "properties": { "days": { "type": "integer", "description": "The password maximum age in days. The number of days after which FusionAuth will require a user to change their password. Required when systemConfiguration.maximumPasswordAge.enabled is set to true.\n" }, "enabled": { "type": "boolean", "description": "Indicates that the maximum password age is enabled and being enforced.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantMinimumPasswordAge:FusionAuthTenantMinimumPasswordAge": { "properties": { "enabled": { "type": "boolean", "description": "Indicates that the minimum password age is enabled and being enforced.\n" }, "seconds": { "type": "integer", "description": "The password minimum age in seconds. When enabled FusionAuth will not allow a password to be changed until it reaches this minimum age. Required when systemConfiguration.minimumPasswordAge.enabled is set to true.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantMultiFactorConfiguration:FusionAuthTenantMultiFactorConfiguration": { "properties": { "authenticator": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantMultiFactorConfigurationAuthenticator:FusionAuthTenantMultiFactorConfigurationAuthenticator" }, "email": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantMultiFactorConfigurationEmail:FusionAuthTenantMultiFactorConfigurationEmail" }, "loginPolicy": { "type": "string", "description": "When set to `Enabled` and a user has one or more two-factor methods configured, the user will be required to complete a two-factor challenge during login. When set to `Disabled`, even when a user has configured one or more two-factor methods, the user will not be required to complete a two-factor challenge during login. When the login policy is to `Required`, a two-factor challenge will be required during login. If a user does not have configured two-factor methods, they will not be able to log in.\n" }, "sms": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantMultiFactorConfigurationSms:FusionAuthTenantMultiFactorConfigurationSms" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "email", "sms" ] } } }, "fusionauth:index/FusionAuthTenantMultiFactorConfigurationAuthenticator:FusionAuthTenantMultiFactorConfigurationAuthenticator": { "properties": { "enabled": { "type": "boolean", "description": "When enabled, users may utilize an authenticator application to complete a multi-factor authentication request. This method uses TOTP (Time-Based One-Time Password) as defined in RFC 6238 and often uses an native mobile app such as Google Authenticator.\n" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "enabled" ] } } }, "fusionauth:index/FusionAuthTenantMultiFactorConfigurationEmail:FusionAuthTenantMultiFactorConfigurationEmail": { "properties": { "enabled": { "type": "boolean", "description": "When enabled, users may utilize an email address to complete a multi-factor authentication request.\n" }, "templateId": { "type": "string", "description": "The Id of the email template that is used when notifying a user to complete a multi-factor authentication request.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantMultiFactorConfigurationSms:FusionAuthTenantMultiFactorConfigurationSms": { "properties": { "enabled": { "type": "boolean", "description": "When enabled, users may utilize a mobile phone number to complete a multi-factor authentication request.\n" }, "messengerId": { "type": "string", "description": "The messenger that is used to deliver a SMS multi-factor authentication request.\n" }, "templateId": { "type": "string", "description": "The Id of the SMS template that is used when notifying a user to complete a multi-factor authentication request.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantOauthConfiguration:FusionAuthTenantOauthConfiguration": { "properties": { "clientCredentialsAccessTokenPopulateLambdaId": { "type": "string", "description": "The Id of a lambda that will be called to populate the JWT during a client credentials grant. **Note:** A paid edition of FusionAuth is required to utilize client credentials grant.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantPasswordEncryptionConfiguration:FusionAuthTenantPasswordEncryptionConfiguration": { "properties": { "encryptionScheme": { "type": "string", "description": "The default method for encrypting the User’s password.\n" }, "encryptionSchemeFactor": { "type": "integer", "description": "The factor used by the password encryption scheme. If not provided, the PasswordEncryptor provides a default value. Generally this will be used as an iteration count to generate the hash. The actual use of this value is up to the PasswordEncryptor implementation.\n" }, "modifyEncryptionSchemeOnLogin": { "type": "boolean", "description": "When enabled a user’s hash configuration will be modified to match these configured settings. This can be useful to increase a password hash strength over time or upgrade imported users to a more secure encryption scheme after an initial import.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantPasswordValidationRules:FusionAuthTenantPasswordValidationRules": { "properties": { "breachDetection": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantPasswordValidationRulesBreachDetection:FusionAuthTenantPasswordValidationRulesBreachDetection" }, "maxLength": { "type": "integer", "description": "The maximum length of a password when a new user is created or a user requests a password change. This value must be greater than 0 and less than or equal to 256. When `passwordEncryptionConfiguration.encryptionScheme` is equal to `bcrypt`, the maximum will be limited to 50.\n" }, "minLength": { "type": "integer", "description": "The minimum length of a password when a new user is created or a user requests a password change.\n" }, "rememberPreviousPasswords": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantPasswordValidationRulesRememberPreviousPasswords:FusionAuthTenantPasswordValidationRulesRememberPreviousPasswords" }, "requireNonAlpha": { "type": "boolean", "description": "Whether to force the user to use at least one non-alphanumeric character.\n" }, "requireNumber": { "type": "boolean", "description": "Whether to force the user to use at least one number.\n" }, "requiredMixedCase": { "type": "boolean", "description": "Whether to force the user to use at least one uppercase and one lowercase character.\n" }, "validateOnLogin": { "type": "boolean", "description": "When enabled the user’s password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password.\n" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "breachDetection" ] } } }, "fusionauth:index/FusionAuthTenantPasswordValidationRulesBreachDetection:FusionAuthTenantPasswordValidationRulesBreachDetection": { "properties": { "enabled": { "type": "boolean", "description": "Whether to enable Reactor breach detection. Requires an activated license.\n" }, "matchMode": { "type": "string", "description": "The level of severity where Reactor will consider a breach.\n" }, "notifyUserEmailTemplateId": { "type": "string", "description": "The Id of the email template to use when notifying user of breached password. Required if tenant.passwordValidationRules.breachDetection.onLogin is set to NotifyUser.\n" }, "onLogin": { "type": "string", "description": "The behavior when detecting breaches at time of user login\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantPasswordValidationRulesRememberPreviousPasswords:FusionAuthTenantPasswordValidationRulesRememberPreviousPasswords": { "properties": { "count": { "type": "integer", "description": "The number of previous passwords to remember. Value must be greater than 0.\n" }, "enabled": { "type": "boolean", "description": "Whether to prevent a user from using any of their previous passwords.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantRateLimitConfiguration:FusionAuthTenantRateLimitConfiguration": { "properties": { "failedLogin": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantRateLimitConfigurationFailedLogin:FusionAuthTenantRateLimitConfigurationFailedLogin" }, "forgotPassword": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantRateLimitConfigurationForgotPassword:FusionAuthTenantRateLimitConfigurationForgotPassword" }, "sendEmailVerification": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantRateLimitConfigurationSendEmailVerification:FusionAuthTenantRateLimitConfigurationSendEmailVerification" }, "sendPasswordless": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantRateLimitConfigurationSendPasswordless:FusionAuthTenantRateLimitConfigurationSendPasswordless" }, "sendRegistrationVerification": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantRateLimitConfigurationSendRegistrationVerification:FusionAuthTenantRateLimitConfigurationSendRegistrationVerification" }, "sendTwoFactor": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantRateLimitConfigurationSendTwoFactor:FusionAuthTenantRateLimitConfigurationSendTwoFactor" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "failedLogin", "forgotPassword", "sendEmailVerification", "sendPasswordless", "sendRegistrationVerification", "sendTwoFactor" ] } } }, "fusionauth:index/FusionAuthTenantRateLimitConfigurationFailedLogin:FusionAuthTenantRateLimitConfigurationFailedLogin": { "properties": { "enabled": { "type": "boolean", "description": "Whether rate limiting is enabled for failed login.\n" }, "limit": { "type": "integer", "description": "The number of times a user can fail to login within the configured `time_period_in_seconds` duration. If a Failed authentication action has been configured then it will take precedence.\n" }, "timePeriodInSeconds": { "type": "integer", "description": "The duration for the number of times a user can fail login before being rate limited.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantRateLimitConfigurationForgotPassword:FusionAuthTenantRateLimitConfigurationForgotPassword": { "properties": { "enabled": { "type": "boolean", "description": "Whether rate limiting is enabled for forgot password.\n" }, "limit": { "type": "integer", "description": "The number of times a user can request a forgot password email within the configured `time_period_in_seconds` duration.\n" }, "timePeriodInSeconds": { "type": "integer", "description": "The duration for the number of times a user can request a forgot password email before being rate limited.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantRateLimitConfigurationSendEmailVerification:FusionAuthTenantRateLimitConfigurationSendEmailVerification": { "properties": { "enabled": { "type": "boolean", "description": "Whether rate limiting is enabled for send email verification.\n" }, "limit": { "type": "integer", "description": "The number of times a user can request a verification email within the configured `time_period_in_seconds` duration.\n" }, "timePeriodInSeconds": { "type": "integer", "description": "The duration for the number of times a user can request a verification email before being rate limited.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantRateLimitConfigurationSendPasswordless:FusionAuthTenantRateLimitConfigurationSendPasswordless": { "properties": { "enabled": { "type": "boolean", "description": "Whether rate limiting is enabled for send passwordless.\n" }, "limit": { "type": "integer", "description": "The number of times a user can request a passwordless login email within the configured `time_period_in_seconds` duration.\n" }, "timePeriodInSeconds": { "type": "integer", "description": "The duration for the number of times a user can request a passwordless login email before being rate limited.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantRateLimitConfigurationSendRegistrationVerification:FusionAuthTenantRateLimitConfigurationSendRegistrationVerification": { "properties": { "enabled": { "type": "boolean", "description": "Whether rate limiting is enabled for send registration verification.\n" }, "limit": { "type": "integer", "description": "The number of times a user can request a registration verification email within the configured `time_period_in_seconds` duration.\n" }, "timePeriodInSeconds": { "type": "integer", "description": "The duration for the number of times a user can request a registration verification email before being rate limited.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantRateLimitConfigurationSendTwoFactor:FusionAuthTenantRateLimitConfigurationSendTwoFactor": { "properties": { "enabled": { "type": "boolean", "description": "Whether rate limiting is enabled for send two factor.\n" }, "limit": { "type": "integer", "description": "The number of times a user can request a two-factor code by email or SMS within the configured `time_period_in_seconds` duration.\n" }, "timePeriodInSeconds": { "type": "integer", "description": "The duration for the number of times a user can request a two-factor code by email or SMS before being rate limited.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantRegistrationConfiguration:FusionAuthTenantRegistrationConfiguration": { "properties": { "blockedDomains": { "type": "array", "items": { "type": "string" }, "description": "A list of unique domains that are not allowed to register when self service is enabled.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantScimServerConfiguration:FusionAuthTenantScimServerConfiguration": { "properties": { "clientEntityTypeId": { "type": "string", "description": "The Entity Type that will be used to represent SCIM Clients for this tenant. Note: An Enterprise plan is required to utilize SCIM. Required when `scim_server_configuration.enabled` is true.\n" }, "enabled": { "type": "boolean", "description": "Whether or not this tenant has the SCIM endpoints enabled. Note: An Enterprise plan is required to utilize SCIM.\n" }, "schemas": { "type": "string", "description": "SON formatted as a SCIM Schemas endpoint response. Because the SCIM lambdas may modify the JSON response, ensure the Schema's response matches that generated by the response lambdas. More about Schema definitions. When this parameter is not provided, it will default to EnterpriseUser, Group, and User schema definitions as defined by the SCIM core schemas spec. Note: An Enterprise plan is required to utilize SCIM.\n" }, "serverEntityTypeId": { "type": "string", "description": "The Entity Type that will be used to represent SCIM Servers for this tenant. Note: An Enterprise plan is required to utilize SCIM. Required when `scim_server_configuration.enabled` is true.\n" } }, "type": "object", "required": [ "clientEntityTypeId", "serverEntityTypeId" ], "language": { "nodejs": { "requiredOutputs": [ "clientEntityTypeId", "schemas", "serverEntityTypeId" ] } } }, "fusionauth:index/FusionAuthTenantSsoConfiguration:FusionAuthTenantSsoConfiguration": { "properties": { "deviceTrustTimeToLiveInSeconds": { "type": "integer", "description": "The number of seconds before a trusted device is reset. When reset, a user is forced to complete captcha during login and complete two factor authentication if applicable.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantUserDeletePolicy:FusionAuthTenantUserDeletePolicy": { "properties": { "unverifiedEnabled": { "type": "boolean", "description": "Indicates that users without a verified email address will be permanently deleted after tenant.userDeletePolicy.unverified.numberOfDaysToRetain days.\n" }, "unverifiedNumberOfDaysToRetain": { "type": "integer", "description": "The number of days from creation users will be retained before being deleted for not completing email verification. This field is required when tenant.userDeletePolicy.unverified.enabled is set to true. Value must be greater than 0.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantUsernameConfiguration:FusionAuthTenantUsernameConfiguration": { "properties": { "unique": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantUsernameConfigurationUnique:FusionAuthTenantUsernameConfigurationUnique", "description": "Indicates that users without a verified email address will be permanently deleted after tenant.userDeletePolicy.unverified.numberOfDaysToRetain days.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantUsernameConfigurationUnique:FusionAuthTenantUsernameConfigurationUnique": { "properties": { "enabled": { "type": "boolean", "description": "When true, FusionAuth will handle username collisions by generating a random suffix.\n" }, "numberOfDigits": { "type": "integer", "description": "The maximum number of digits to use when building a unique suffix for a username. A number will be randomly selected and will be 1 or more digits up to this configured value in length. For example, if this value is 5, the suffix will be a number between 00001 and 99999, inclusive.\n" }, "separator": { "type": "string", "description": "A single character to use as a separator from the requested username and a unique suffix that is added when a duplicate username is detected. This value can be a single non-alphanumeric ASCII character.\n" }, "strategy": { "type": "string", "description": "When enabled the user’s password will be validated during login. If the password does not meet the currently configured validation rules the user will be required to change their password.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantWebauthnConfiguration:FusionAuthTenantWebauthnConfiguration": { "properties": { "bootstrapWorkflow": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantWebauthnConfigurationBootstrapWorkflow:FusionAuthTenantWebauthnConfigurationBootstrapWorkflow", "description": "The Bootstrap Workflow configuration.\n" }, "debug": { "type": "boolean", "description": "Determines if debug should be enabled for this tenant to create an event log to assist in debugging WebAuthn errors. Note: A license is required to utilize WebAuthn..\n" }, "enabled": { "type": "boolean", "description": "Whether or not this tenant has WebAuthn enabled globally.. Note: A license is required to utilize WebAuthn..\n" }, "reauthenticationWorkflow": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantWebauthnConfigurationReauthenticationWorkflow:FusionAuthTenantWebauthnConfigurationReauthenticationWorkflow", "description": "The Reauthentication Workflow configuration.\n" }, "relyingPartyId": { "type": "string", "description": "The value this tenant will use for the Relying Party Id in WebAuthn ceremonies. Passkeys can only be used to authenticate on sites using the same Relying Party Id they were registered with. This value must match the browser origin or be a registrable domain suffix of the browser origin. For example, if your domain is auth.piedpiper.com, you could use auth.piedpiper.com or piedpiper.com but not m.auth.piedpiper.com or com. When this parameter is omitted, FusionAuth will use null for the Relying Party Id in passkey creation and request options. A null value in the WebAuthn JavaScript API will use the browser origin. Note: A license is required to utilize WebAuthn.\n" }, "relyingPartyName": { "type": "string", "description": "The value this tenant will use for the Relying Party name in WebAuthn ceremonies. This value may be displayed by browser or operating system dialogs during WebAuthn ceremonies. When this parameter is omitted, FusionAuth will use the tenant.issuer value. Note: A license is required to utilize WebAuthn.\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantWebauthnConfigurationBootstrapWorkflow:FusionAuthTenantWebauthnConfigurationBootstrapWorkflow": { "properties": { "authenticatorAttachmentPreference": { "type": "string", "description": "Determines the authenticator attachment requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Any, CrossPlatform and Platform. Note: A license is required to utilize WebAuthn and an Enterprise plan is required to utilize WebAuthn cross-platform authenticators..\n" }, "enabled": { "type": "boolean", "description": "Whether or not this tenant has the WebAuthn bootstrap workflow enabled. The bootstrap workflow is used when the user must \"bootstrap\" the authentication process by identifying themselves prior to the WebAuthn ceremony and can be used to authenticate from a new device using WebAuthn. Note: A license is required to utilize WebAuthn..\n" }, "userVerificationRequirement": { "type": "string", "description": "Determines the user verification requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Discouraged, Preferred and Required. Note: A license is required to utilize WebAuthn..\n" } }, "type": "object" }, "fusionauth:index/FusionAuthTenantWebauthnConfigurationReauthenticationWorkflow:FusionAuthTenantWebauthnConfigurationReauthenticationWorkflow": { "properties": { "authenticatorAttachmentPreference": { "type": "string", "description": "Determines the authenticator attachment requirement for WebAuthn passkey registration when using the reauthentication workflow. The possible values are:: Any, CrossPlatform and Platform. Note: A license is required to utilize WebAuthn and an Enterprise plan is required to utilize WebAuthn cross-platform authenticators..\n" }, "enabled": { "type": "boolean", "description": "Whether or not this tenant has the WebAuthn reauthentication workflow enabled. The reauthentication workflow will automatically prompt a user to authenticate using WebAuthn for repeated logins from the same device. Note: A license is required to utilize WebAuthn..\n" }, "userVerificationRequirement": { "type": "string", "description": "Determines the user verification requirement for WebAuthn passkey registration when using the bootstrap workflow. The possible values are: Discouraged, Preferred and Required. Note: A license is required to utilize WebAuthn..\n" } }, "type": "object" }, "fusionauth:index/FusionAuthUserActionOption:FusionAuthUserActionOption": { "properties": { "localizedNames": { "type": "object", "additionalProperties": { "type": "string" }, "description": "A mapping of localized names for this User Action Option. The key is the Locale and the value is the name of the User Action Option for that language.\n" }, "name": { "type": "string", "description": "The name of this User Action Option.\n" } }, "type": "object", "required": [ "name" ] }, "fusionauth:index/FusionAuthUserTwoFactorMethod:FusionAuthUserTwoFactorMethod": { "properties": { "authenticatorAlgorithm": { "type": "string", "description": "The algorithm used by the TOTP authenticator. With the current implementation, this will always be HmacSHA1.\n" }, "authenticatorCodeLength": { "type": "integer", "description": "The length of code generated by the TOTP. With the current implementation, this will always be 6.\n" }, "authenticatorTimeStep": { "type": "integer", "description": "The time-step size in seconds. With the current implementation, this will always be 30.\n" }, "email": { "type": "string", "description": "The value of the email address for this method.\n" }, "method": { "type": "string", "description": "The type of this method. There will also be an object with the same value containing additional information about this method.\n" }, "mobilePhone": { "type": "string", "description": "The value of the mobile phone for this method.\n" }, "secret": { "type": "string", "description": "A base64 encoded secret\n", "secret": true }, "twoFactorMethodId": { "type": "string", "description": "The unique Id of the method.\n" } }, "type": "object", "language": { "nodejs": { "requiredOutputs": [ "authenticatorAlgorithm", "authenticatorCodeLength", "authenticatorTimeStep", "twoFactorMethodId" ] } } }, "fusionauth:index/FusionAuthWebhookEventsEnabled:FusionAuthWebhookEventsEnabled": { "properties": { "auditLogCreate": { "type": "boolean", "description": "When an audit log is created\n" }, "eventLogCreate": { "type": "boolean", "description": "When an event log is created\n" }, "jwtPublicKeyUpdate": { "type": "boolean", "description": "When a JWT RSA Public / Private keypair may have been changed\n" }, "jwtRefresh": { "type": "boolean", "description": "When an access token is refreshed using a refresh token\n" }, "jwtRefreshTokenRevoke": { "type": "boolean", "description": "When a JWT Refresh Token is revoked\n" }, "kickstartSuccess": { "type": "boolean", "description": "When kickstart has successfully completed\n" }, "userAction": { "type": "boolean", "description": "When a user action is triggered\n" }, "userBulkCreate": { "type": "boolean", "description": "When multiple users are created in bulk (i.e. during an import)\n" }, "userCreate": { "type": "boolean", "description": "When a user is created\n" }, "userCreateComplete": { "type": "boolean", "description": "When a user create transaction has completed\n" }, "userDeactivate": { "type": "boolean", "description": "When a user is deactivated\n" }, "userDelete": { "type": "boolean", "description": "When a user is deleted\n" }, "userDeleteComplete": { "type": "boolean", "description": "When a user delete transaction has completed\n" }, "userEmailUpdate": { "type": "boolean", "description": "When a user updates their email address\n" }, "userEmailVerified": { "type": "boolean", "description": "When a user verifies their email address\n" }, "userIdentityProviderLink": { "type": "boolean", "description": "When a user is linked to an identity provider\n" }, "userIdentityProviderUnlink": { "type": "boolean", "description": "When a link to an identity provider is removed\n" }, "userLoginFailed": { "type": "boolean", "description": "When a user fails a login request\n" }, "userLoginIdDuplicateCreate": { "type": "boolean", "description": "When a request to create a user with a login Id (email or username) which is already in use has been received\n" }, "userLoginIdDuplicateUpdate": { "type": "boolean", "description": "When a request to update a user and change their login Id (email or username) to one that is already in use has been received\n" }, "userLoginNewDevice": { "type": "boolean", "description": "When a user begins a login request with a new device\n" }, "userLoginSuccess": { "type": "boolean", "description": "When a user completes a login request\n" }, "userLoginSuspicious": { "type": "boolean", "description": "When a user logs in and is considered to be a potential threat\n" }, "userPasswordBreach": { "type": "boolean", "description": "When Reactor detects a user is using a potentially breached password (requires an activated license)\n" }, "userPasswordResetSend": { "type": "boolean", "description": "When a forgot password email has been sent to a user\n" }, "userPasswordResetStart": { "type": "boolean", "description": "When the process to reset a user password has started\n" }, "userPasswordResetSuccess": { "type": "boolean", "description": "When a user has successfully reset their password\n" }, "userPasswordUpdate": { "type": "boolean", "description": "When a user has updated their password\n" }, "userReactivate": { "type": "boolean", "description": "When a user is reactivated\n" }, "userRegistrationCreate": { "type": "boolean", "description": "When a user registration is created\n" }, "userRegistrationCreateComplete": { "type": "boolean", "description": "When a user registration create transaction has completed\n" }, "userRegistrationDelete": { "type": "boolean", "description": "When a user registration is deleted\n" }, "userRegistrationDeleteComplete": { "type": "boolean", "description": "When a user registration delete transaction has completed\n" }, "userRegistrationUpdate": { "type": "boolean", "description": "When a user registration is updated\n" }, "userRegistrationUpdateComplete": { "type": "boolean", "description": "When a user registration update transaction has completed\n" }, "userRegistrationVerified": { "type": "boolean", "description": "When a user completes registration verification\n" }, "userTwoFactorMethodAdd": { "type": "boolean", "description": "When a user has added a two-factor method\n" }, "userTwoFactorMethodRemove": { "type": "boolean", "description": "When a user has removed a two-factor method\n" }, "userUpdate": { "type": "boolean", "description": "When a user is updated\n" }, "userUpdateComplete": { "type": "boolean", "description": "When a user update transaction has completed\n" } }, "type": "object" }, "fusionauth:index/FusionAuthWebhookSignatureConfiguration:FusionAuthWebhookSignatureConfiguration": { "properties": { "enabled": { "type": "boolean", "description": "Wether or not webhook signing is enabled\n" }, "signingKeyId": { "type": "string", "description": "The UUID key used for signing the Webhook\n" } }, "type": "object" }, "fusionauth:index/getApplicationWebauthnConfiguration:getApplicationWebauthnConfiguration": { "properties": { "bootstrapWorkflowEnabled": { "type": "boolean" }, "enabled": { "type": "boolean" }, "reauthenticationWorkflowEnabled": { "type": "boolean" } }, "type": "object", "required": [ "bootstrapWorkflowEnabled", "enabled", "reauthenticationWorkflowEnabled" ], "language": { "nodejs": { "requiredInputs": [] } } }, "fusionauth:index/getFormFieldValidator:getFormFieldValidator": { "properties": { "enabled": { "type": "boolean", "description": "Determines if user input should be validated.\n" }, "expression": { "type": "string", "description": "A regular expression used to validate user input. Must be a valid regular expression pattern.\n" } }, "type": "object" }, "fusionauth:index/getFormStep:getFormStep": { "properties": { "fields": { "type": "array", "items": { "type": "string" }, "description": "An ordered list of Form Field Ids assigned to this step.\n" } }, "type": "object", "required": [ "fields" ] } }, "provider": { "description": "The provider type for the fusionauth package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n", "properties": { "apiKey": { "type": "string" }, "host": { "type": "string" } }, "type": "object", "inputProperties": { "apiKey": { "type": "string", "defaultInfo": { "environment": [ "FUSION_AUTH_API_KEY" ] } }, "host": { "type": "string", "defaultInfo": { "environment": [ "FUSION_AUTH_HOST_URL" ] } } } }, "resources": { "fusionauth:index/fusionAuthApiKey:FusionAuthApiKey": { "description": "## # API Key\n\nThe FusionAuth APIs are primarily secured using API keys. This API can only be accessed using an API key that is set as a keyManager. In order to retrieve, update or delete an API key, an API key with equal or greater permissions must be used. A \"tenant-scoped\" API key can retrieve, create, update or delete an API key for the same tenant. This page describes APIs that are used to manage API keys.\n\n[API Key](https://fusionauth.io/docs/v1/tech/apis/api-keys/)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst example = new fusionauth.FusionAuthApiKey(\"example\", {\n description: \"my super secret key\",\n key: \"super-secret-key\",\n permissionsEndpoints: [{\n \"delete\": true,\n endpoint: \"/api/application\",\n get: true,\n patch: true,\n post: true,\n put: true,\n }],\n tenantId: \"94f751c5-4883-4684-a817-6b106778edec\",\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nexample = fusionauth.FusionAuthApiKey(\"example\",\n description=\"my super secret key\",\n key=\"super-secret-key\",\n permissions_endpoints=[{\n \"delete\": True,\n \"endpoint\": \"/api/application\",\n \"get\": True,\n \"patch\": True,\n \"post\": True,\n \"put\": True,\n }],\n tenant_id=\"94f751c5-4883-4684-a817-6b106778edec\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var example = new Fusionauth.FusionAuthApiKey(\"example\", new()\n {\n Description = \"my super secret key\",\n Key = \"super-secret-key\",\n PermissionsEndpoints = new[]\n {\n new Fusionauth.Inputs.FusionAuthApiKeyPermissionsEndpointArgs\n {\n Delete = true,\n Endpoint = \"/api/application\",\n Get = true,\n Patch = true,\n Post = true,\n Put = true,\n },\n },\n TenantId = \"94f751c5-4883-4684-a817-6b106778edec\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthApiKey(ctx, \"example\", &fusionauth.FusionAuthApiKeyArgs{\n\t\t\tDescription: pulumi.String(\"my super secret key\"),\n\t\t\tKey: pulumi.String(\"super-secret-key\"),\n\t\t\tPermissionsEndpoints: fusionauth.FusionAuthApiKeyPermissionsEndpointArray{\n\t\t\t\t&fusionauth.FusionAuthApiKeyPermissionsEndpointArgs{\n\t\t\t\t\tDelete: pulumi.Bool(true),\n\t\t\t\t\tEndpoint: pulumi.String(\"/api/application\"),\n\t\t\t\t\tGet: pulumi.Bool(true),\n\t\t\t\t\tPatch: pulumi.Bool(true),\n\t\t\t\t\tPost: pulumi.Bool(true),\n\t\t\t\t\tPut: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTenantId: pulumi.String(\"94f751c5-4883-4684-a817-6b106778edec\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthApiKey;\nimport com.pulumi.fusionauth.FusionAuthApiKeyArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthApiKeyPermissionsEndpointArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new FusionAuthApiKey(\"example\", FusionAuthApiKeyArgs.builder()\n .description(\"my super secret key\")\n .key(\"super-secret-key\")\n .permissionsEndpoints(FusionAuthApiKeyPermissionsEndpointArgs.builder()\n .delete(true)\n .endpoint(\"/api/application\")\n .get(true)\n .patch(true)\n .post(true)\n .put(true)\n .build())\n .tenantId(\"94f751c5-4883-4684-a817-6b106778edec\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: fusionauth:FusionAuthApiKey\n properties:\n description: my super secret key\n key: super-secret-key\n permissionsEndpoints:\n - delete: true\n endpoint: /api/application\n get: true\n patch: true\n post: true\n put: true\n tenantId: 94f751c5-4883-4684-a817-6b106778edec\n```\n\n", "properties": { "description": { "type": "string", "description": "Description of the key.\n" }, "expirationInstant": { "type": "integer", "description": "The expiration instant of this API key. Using an expired API key for API Authentication will result in a 401 response code.\n" }, "ipAccessControlListId": { "type": "string", "description": "The Id of the IP Access Control List limiting access to this API key.\n" }, "key": { "type": "string", "description": "API key string. When you create an API key the key is defaulted to a secure random value but the API key is simply a string, so you may call it super-secret-key if you’d like. However a long and random value makes a good API key in that it is unique and difficult to guess.\n", "secret": true }, "keyId": { "type": "string", "description": "The Id to use for the new Form. If not specified a secure random UUID will be generated.\n" }, "permissionsEndpoints": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthApiKeyPermissionsEndpoint:FusionAuthApiKeyPermissionsEndpoint" }, "description": "Endpoint permissions for this key. Each key of the object is an endpoint, with the value being an array of the HTTP methods which can be used against the endpoint. An Empty permissions_endpoints object mean that this is a super key that authorizes this key for all the endpoints.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the Tenant. This value is required if the key is meant to be tenant scoped. Tenant scoped keys can only be used to access users and other tenant scoped objects for the specified tenant. This value is read-only once the key is created.\n" } }, "type": "object", "required": [ "key" ], "inputProperties": { "description": { "type": "string", "description": "Description of the key.\n" }, "expirationInstant": { "type": "integer", "description": "The expiration instant of this API key. Using an expired API key for API Authentication will result in a 401 response code.\n" }, "ipAccessControlListId": { "type": "string", "description": "The Id of the IP Access Control List limiting access to this API key.\n" }, "key": { "type": "string", "description": "API key string. When you create an API key the key is defaulted to a secure random value but the API key is simply a string, so you may call it super-secret-key if you’d like. However a long and random value makes a good API key in that it is unique and difficult to guess.\n", "secret": true, "willReplaceOnChanges": true }, "keyId": { "type": "string", "description": "The Id to use for the new Form. If not specified a secure random UUID will be generated.\n" }, "permissionsEndpoints": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthApiKeyPermissionsEndpoint:FusionAuthApiKeyPermissionsEndpoint" }, "description": "Endpoint permissions for this key. Each key of the object is an endpoint, with the value being an array of the HTTP methods which can be used against the endpoint. An Empty permissions_endpoints object mean that this is a super key that authorizes this key for all the endpoints.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the Tenant. This value is required if the key is meant to be tenant scoped. Tenant scoped keys can only be used to access users and other tenant scoped objects for the specified tenant. This value is read-only once the key is created.\n", "willReplaceOnChanges": true } }, "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthApiKey resources.\n", "properties": { "description": { "type": "string", "description": "Description of the key.\n" }, "expirationInstant": { "type": "integer", "description": "The expiration instant of this API key. Using an expired API key for API Authentication will result in a 401 response code.\n" }, "ipAccessControlListId": { "type": "string", "description": "The Id of the IP Access Control List limiting access to this API key.\n" }, "key": { "type": "string", "description": "API key string. When you create an API key the key is defaulted to a secure random value but the API key is simply a string, so you may call it super-secret-key if you’d like. However a long and random value makes a good API key in that it is unique and difficult to guess.\n", "secret": true, "willReplaceOnChanges": true }, "keyId": { "type": "string", "description": "The Id to use for the new Form. If not specified a secure random UUID will be generated.\n" }, "permissionsEndpoints": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthApiKeyPermissionsEndpoint:FusionAuthApiKeyPermissionsEndpoint" }, "description": "Endpoint permissions for this key. Each key of the object is an endpoint, with the value being an array of the HTTP methods which can be used against the endpoint. An Empty permissions_endpoints object mean that this is a super key that authorizes this key for all the endpoints.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the Tenant. This value is required if the key is meant to be tenant scoped. Tenant scoped keys can only be used to access users and other tenant scoped objects for the specified tenant. This value is read-only once the key is created.\n", "willReplaceOnChanges": true } }, "type": "object" } }, "fusionauth:index/fusionAuthApplication:FusionAuthApplication": { "description": "## # Application Resource\n\n[Applications API](https://fusionauth.io/docs/v1/tech/apis/applications)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst forum = new fusionauth.FusionAuthApplication(\"forum\", {\n tenantId: fusionauth_tenant.portal.id,\n authenticationTokenConfigurationEnabled: false,\n formConfiguration: {\n adminRegistrationFormId: fusionauth_form.admin_registration.id,\n selfServiceFormId: fusionauth_form.self_service.id,\n },\n jwtConfiguration: {\n accessTokenId: fusionauth_key.access_token.id,\n enabled: true,\n idTokenKeyId: fusionauth_key.id_token.id,\n refreshTokenTtlMinutes: 43200,\n ttlSeconds: 3600,\n },\n lambdaConfiguration: {\n accessTokenPopulateId: fusionauth_lambda.token_populate.id,\n idTokenPopulateId: fusionauth_lambda.id_token_populate.id,\n },\n loginConfiguration: {\n allowTokenRefresh: false,\n generateRefreshTokens: false,\n requireAuthentication: true,\n },\n multiFactorConfiguration: {\n emailTemplateId: \"859f394b-22a6-4fa6-ba55-de700df9e950\",\n smsTemplateId: \"17760f96-dca7-448b-9a8f-c49016aa7210\",\n loginPolicy: \"Required\",\n trustPolicy: \"Any\",\n },\n oauthConfiguration: {\n authorizedOriginUrls: [\"http://www.example.com/oauth-callback\"],\n authorizedUrlValidationPolicy: \"ExactMatch\",\n enabledGrants: [\n \"authorization_code\",\n \"implicit\",\n ],\n generateRefreshTokens: false,\n logoutBehavior: \"AllApplications\",\n logoutUrl: \"http://www.example.com/logout\",\n requireClientAuthentication: false,\n providedScopePolicies: [{\n address: {\n enabled: false,\n required: false,\n },\n email: {\n enabled: false,\n required: false,\n },\n phone: {\n enabled: false,\n required: false,\n },\n profile: {\n enabled: false,\n required: false,\n },\n }],\n },\n registrationConfiguration: {\n birthDate: {\n enabled: false,\n required: false,\n },\n confirmPassword: false,\n enabled: false,\n firstName: {\n enabled: false,\n required: false,\n },\n fullName: {\n enabled: false,\n required: false,\n },\n lastName: {\n enabled: false,\n required: false,\n },\n loginIdType: \"\",\n middleName: {\n enabled: false,\n required: false,\n },\n mobilePhone: {\n enabled: false,\n required: false,\n },\n preferredLanguages: {\n enabled: false,\n required: false,\n },\n type: \"\",\n },\n passwordlessConfigurationEnabled: false,\n registrationDeletePolicy: {\n unverifiedEnabled: true,\n unverifiedNumberOfDaysToRetain: 30,\n },\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nforum = fusionauth.FusionAuthApplication(\"forum\",\n tenant_id=fusionauth_tenant[\"portal\"][\"id\"],\n authentication_token_configuration_enabled=False,\n form_configuration={\n \"admin_registration_form_id\": fusionauth_form[\"admin_registration\"][\"id\"],\n \"self_service_form_id\": fusionauth_form[\"self_service\"][\"id\"],\n },\n jwt_configuration={\n \"access_token_id\": fusionauth_key[\"access_token\"][\"id\"],\n \"enabled\": True,\n \"id_token_key_id\": fusionauth_key[\"id_token\"][\"id\"],\n \"refresh_token_ttl_minutes\": 43200,\n \"ttl_seconds\": 3600,\n },\n lambda_configuration={\n \"access_token_populate_id\": fusionauth_lambda[\"token_populate\"][\"id\"],\n \"id_token_populate_id\": fusionauth_lambda[\"id_token_populate\"][\"id\"],\n },\n login_configuration={\n \"allow_token_refresh\": False,\n \"generate_refresh_tokens\": False,\n \"require_authentication\": True,\n },\n multi_factor_configuration={\n \"email_template_id\": \"859f394b-22a6-4fa6-ba55-de700df9e950\",\n \"sms_template_id\": \"17760f96-dca7-448b-9a8f-c49016aa7210\",\n \"login_policy\": \"Required\",\n \"trust_policy\": \"Any\",\n },\n oauth_configuration={\n \"authorized_origin_urls\": [\"http://www.example.com/oauth-callback\"],\n \"authorized_url_validation_policy\": \"ExactMatch\",\n \"enabled_grants\": [\n \"authorization_code\",\n \"implicit\",\n ],\n \"generate_refresh_tokens\": False,\n \"logout_behavior\": \"AllApplications\",\n \"logout_url\": \"http://www.example.com/logout\",\n \"require_client_authentication\": False,\n \"provided_scope_policies\": [{\n \"address\": {\n \"enabled\": False,\n \"required\": False,\n },\n \"email\": {\n \"enabled\": False,\n \"required\": False,\n },\n \"phone\": {\n \"enabled\": False,\n \"required\": False,\n },\n \"profile\": {\n \"enabled\": False,\n \"required\": False,\n },\n }],\n },\n registration_configuration={\n \"birth_date\": {\n \"enabled\": False,\n \"required\": False,\n },\n \"confirm_password\": False,\n \"enabled\": False,\n \"first_name\": {\n \"enabled\": False,\n \"required\": False,\n },\n \"full_name\": {\n \"enabled\": False,\n \"required\": False,\n },\n \"last_name\": {\n \"enabled\": False,\n \"required\": False,\n },\n \"login_id_type\": \"\",\n \"middle_name\": {\n \"enabled\": False,\n \"required\": False,\n },\n \"mobile_phone\": {\n \"enabled\": False,\n \"required\": False,\n },\n \"preferred_languages\": {\n \"enabled\": False,\n \"required\": False,\n },\n \"type\": \"\",\n },\n passwordless_configuration_enabled=False,\n registration_delete_policy={\n \"unverified_enabled\": True,\n \"unverified_number_of_days_to_retain\": 30,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var forum = new Fusionauth.FusionAuthApplication(\"forum\", new()\n {\n TenantId = fusionauth_tenant.Portal.Id,\n AuthenticationTokenConfigurationEnabled = false,\n FormConfiguration = new Fusionauth.Inputs.FusionAuthApplicationFormConfigurationArgs\n {\n AdminRegistrationFormId = fusionauth_form.Admin_registration.Id,\n SelfServiceFormId = fusionauth_form.Self_service.Id,\n },\n JwtConfiguration = new Fusionauth.Inputs.FusionAuthApplicationJwtConfigurationArgs\n {\n AccessTokenId = fusionauth_key.Access_token.Id,\n Enabled = true,\n IdTokenKeyId = fusionauth_key.Id_token.Id,\n RefreshTokenTtlMinutes = 43200,\n TtlSeconds = 3600,\n },\n LambdaConfiguration = new Fusionauth.Inputs.FusionAuthApplicationLambdaConfigurationArgs\n {\n AccessTokenPopulateId = fusionauth_lambda.Token_populate.Id,\n IdTokenPopulateId = fusionauth_lambda.Id_token_populate.Id,\n },\n LoginConfiguration = new Fusionauth.Inputs.FusionAuthApplicationLoginConfigurationArgs\n {\n AllowTokenRefresh = false,\n GenerateRefreshTokens = false,\n RequireAuthentication = true,\n },\n MultiFactorConfiguration = new Fusionauth.Inputs.FusionAuthApplicationMultiFactorConfigurationArgs\n {\n EmailTemplateId = \"859f394b-22a6-4fa6-ba55-de700df9e950\",\n SmsTemplateId = \"17760f96-dca7-448b-9a8f-c49016aa7210\",\n LoginPolicy = \"Required\",\n TrustPolicy = \"Any\",\n },\n OauthConfiguration = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationArgs\n {\n AuthorizedOriginUrls = new[]\n {\n \"http://www.example.com/oauth-callback\",\n },\n AuthorizedUrlValidationPolicy = \"ExactMatch\",\n EnabledGrants = new[]\n {\n \"authorization_code\",\n \"implicit\",\n },\n GenerateRefreshTokens = false,\n LogoutBehavior = \"AllApplications\",\n LogoutUrl = \"http://www.example.com/logout\",\n RequireClientAuthentication = false,\n ProvidedScopePolicies = new[]\n {\n new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs\n {\n Address = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs\n {\n Enabled = false,\n Required = false,\n },\n Email = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs\n {\n Enabled = false,\n Required = false,\n },\n Phone = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs\n {\n Enabled = false,\n Required = false,\n },\n Profile = new Fusionauth.Inputs.FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs\n {\n Enabled = false,\n Required = false,\n },\n },\n },\n },\n RegistrationConfiguration = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationArgs\n {\n BirthDate = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationBirthDateArgs\n {\n Enabled = false,\n Required = false,\n },\n ConfirmPassword = false,\n Enabled = false,\n FirstName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFirstNameArgs\n {\n Enabled = false,\n Required = false,\n },\n FullName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationFullNameArgs\n {\n Enabled = false,\n Required = false,\n },\n LastName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationLastNameArgs\n {\n Enabled = false,\n Required = false,\n },\n LoginIdType = \"\",\n MiddleName = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs\n {\n Enabled = false,\n Required = false,\n },\n MobilePhone = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs\n {\n Enabled = false,\n Required = false,\n },\n PreferredLanguages = new Fusionauth.Inputs.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs\n {\n Enabled = false,\n Required = false,\n },\n Type = \"\",\n },\n PasswordlessConfigurationEnabled = false,\n RegistrationDeletePolicy = new Fusionauth.Inputs.FusionAuthApplicationRegistrationDeletePolicyArgs\n {\n UnverifiedEnabled = true,\n UnverifiedNumberOfDaysToRetain = 30,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthApplication(ctx, \"forum\", &fusionauth.FusionAuthApplicationArgs{\n\t\t\tTenantId: pulumi.Any(fusionauth_tenant.Portal.Id),\n\t\t\tAuthenticationTokenConfigurationEnabled: pulumi.Bool(false),\n\t\t\tFormConfiguration: &fusionauth.FusionAuthApplicationFormConfigurationArgs{\n\t\t\t\tAdminRegistrationFormId: pulumi.Any(fusionauth_form.Admin_registration.Id),\n\t\t\t\tSelfServiceFormId: pulumi.Any(fusionauth_form.Self_service.Id),\n\t\t\t},\n\t\t\tJwtConfiguration: &fusionauth.FusionAuthApplicationJwtConfigurationArgs{\n\t\t\t\tAccessTokenId: pulumi.Any(fusionauth_key.Access_token.Id),\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tIdTokenKeyId: pulumi.Any(fusionauth_key.Id_token.Id),\n\t\t\t\tRefreshTokenTtlMinutes: pulumi.Int(43200),\n\t\t\t\tTtlSeconds: pulumi.Int(3600),\n\t\t\t},\n\t\t\tLambdaConfiguration: &fusionauth.FusionAuthApplicationLambdaConfigurationArgs{\n\t\t\t\tAccessTokenPopulateId: pulumi.Any(fusionauth_lambda.Token_populate.Id),\n\t\t\t\tIdTokenPopulateId: pulumi.Any(fusionauth_lambda.Id_token_populate.Id),\n\t\t\t},\n\t\t\tLoginConfiguration: &fusionauth.FusionAuthApplicationLoginConfigurationArgs{\n\t\t\t\tAllowTokenRefresh: pulumi.Bool(false),\n\t\t\t\tGenerateRefreshTokens: pulumi.Bool(false),\n\t\t\t\tRequireAuthentication: pulumi.Bool(true),\n\t\t\t},\n\t\t\tMultiFactorConfiguration: &fusionauth.FusionAuthApplicationMultiFactorConfigurationArgs{\n\t\t\t\tEmailTemplateId: pulumi.String(\"859f394b-22a6-4fa6-ba55-de700df9e950\"),\n\t\t\t\tSmsTemplateId: pulumi.String(\"17760f96-dca7-448b-9a8f-c49016aa7210\"),\n\t\t\t\tLoginPolicy: pulumi.String(\"Required\"),\n\t\t\t\tTrustPolicy: pulumi.String(\"Any\"),\n\t\t\t},\n\t\t\tOauthConfiguration: &fusionauth.FusionAuthApplicationOauthConfigurationArgs{\n\t\t\t\tAuthorizedOriginUrls: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"http://www.example.com/oauth-callback\"),\n\t\t\t\t},\n\t\t\t\tAuthorizedUrlValidationPolicy: pulumi.String(\"ExactMatch\"),\n\t\t\t\tEnabledGrants: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"authorization_code\"),\n\t\t\t\t\tpulumi.String(\"implicit\"),\n\t\t\t\t},\n\t\t\t\tGenerateRefreshTokens: pulumi.Bool(false),\n\t\t\t\tLogoutBehavior: pulumi.String(\"AllApplications\"),\n\t\t\t\tLogoutUrl: pulumi.String(\"http://www.example.com/logout\"),\n\t\t\t\tRequireClientAuthentication: pulumi.Bool(false),\n\t\t\t\tProvidedScopePolicies: fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArray{\n\t\t\t\t\t&fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs{\n\t\t\t\t\t\tAddress: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs{\n\t\t\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\t\t\tRequired: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEmail: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs{\n\t\t\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\t\t\tRequired: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tPhone: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs{\n\t\t\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\t\t\tRequired: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tProfile: &fusionauth.FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs{\n\t\t\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\t\t\tRequired: pulumi.Bool(false),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegistrationConfiguration: &fusionauth.FusionAuthApplicationRegistrationConfigurationArgs{\n\t\t\t\tBirthDate: &fusionauth.FusionAuthApplicationRegistrationConfigurationBirthDateArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tRequired: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tConfirmPassword: pulumi.Bool(false),\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\tFirstName: &fusionauth.FusionAuthApplicationRegistrationConfigurationFirstNameArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tRequired: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tFullName: &fusionauth.FusionAuthApplicationRegistrationConfigurationFullNameArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tRequired: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tLastName: &fusionauth.FusionAuthApplicationRegistrationConfigurationLastNameArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tRequired: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tLoginIdType: pulumi.String(\"\"),\n\t\t\t\tMiddleName: &fusionauth.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tRequired: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tMobilePhone: &fusionauth.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tRequired: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tPreferredLanguages: &fusionauth.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tRequired: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tType: pulumi.String(\"\"),\n\t\t\t},\n\t\t\tPasswordlessConfigurationEnabled: pulumi.Bool(false),\n\t\t\tRegistrationDeletePolicy: &fusionauth.FusionAuthApplicationRegistrationDeletePolicyArgs{\n\t\t\t\tUnverifiedEnabled: pulumi.Bool(true),\n\t\t\t\tUnverifiedNumberOfDaysToRetain: pulumi.Int(30),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthApplication;\nimport com.pulumi.fusionauth.FusionAuthApplicationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthApplicationFormConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthApplicationJwtConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthApplicationLambdaConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthApplicationLoginConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthApplicationMultiFactorConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthApplicationOauthConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationBirthDateArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationFirstNameArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationFullNameArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationLastNameArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationMiddleNameArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthApplicationRegistrationDeletePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var forum = new FusionAuthApplication(\"forum\", FusionAuthApplicationArgs.builder()\n .tenantId(fusionauth_tenant.portal().id())\n .authenticationTokenConfigurationEnabled(false)\n .formConfiguration(FusionAuthApplicationFormConfigurationArgs.builder()\n .adminRegistrationFormId(fusionauth_form.admin_registration().id())\n .selfServiceFormId(fusionauth_form.self_service().id())\n .build())\n .jwtConfiguration(FusionAuthApplicationJwtConfigurationArgs.builder()\n .accessTokenId(fusionauth_key.access_token().id())\n .enabled(true)\n .idTokenKeyId(fusionauth_key.id_token().id())\n .refreshTokenTtlMinutes(43200)\n .ttlSeconds(3600)\n .build())\n .lambdaConfiguration(FusionAuthApplicationLambdaConfigurationArgs.builder()\n .accessTokenPopulateId(fusionauth_lambda.token_populate().id())\n .idTokenPopulateId(fusionauth_lambda.id_token_populate().id())\n .build())\n .loginConfiguration(FusionAuthApplicationLoginConfigurationArgs.builder()\n .allowTokenRefresh(false)\n .generateRefreshTokens(false)\n .requireAuthentication(true)\n .build())\n .multiFactorConfiguration(FusionAuthApplicationMultiFactorConfigurationArgs.builder()\n .emailTemplateId(\"859f394b-22a6-4fa6-ba55-de700df9e950\")\n .smsTemplateId(\"17760f96-dca7-448b-9a8f-c49016aa7210\")\n .loginPolicy(\"Required\")\n .trustPolicy(\"Any\")\n .build())\n .oauthConfiguration(FusionAuthApplicationOauthConfigurationArgs.builder()\n .authorizedOriginUrls(\"http://www.example.com/oauth-callback\")\n .authorizedUrlValidationPolicy(\"ExactMatch\")\n .enabledGrants( \n \"authorization_code\",\n \"implicit\")\n .generateRefreshTokens(false)\n .logoutBehavior(\"AllApplications\")\n .logoutUrl(\"http://www.example.com/logout\")\n .requireClientAuthentication(false)\n .providedScopePolicies(FusionAuthApplicationOauthConfigurationProvidedScopePolicyArgs.builder()\n .address(FusionAuthApplicationOauthConfigurationProvidedScopePolicyAddressArgs.builder()\n .enabled(false)\n .required(false)\n .build())\n .email(FusionAuthApplicationOauthConfigurationProvidedScopePolicyEmailArgs.builder()\n .enabled(false)\n .required(false)\n .build())\n .phone(FusionAuthApplicationOauthConfigurationProvidedScopePolicyPhoneArgs.builder()\n .enabled(false)\n .required(false)\n .build())\n .profile(FusionAuthApplicationOauthConfigurationProvidedScopePolicyProfileArgs.builder()\n .enabled(false)\n .required(false)\n .build())\n .build())\n .build())\n .registrationConfiguration(FusionAuthApplicationRegistrationConfigurationArgs.builder()\n .birthDate(FusionAuthApplicationRegistrationConfigurationBirthDateArgs.builder()\n .enabled(false)\n .required(false)\n .build())\n .confirmPassword(false)\n .enabled(false)\n .firstName(FusionAuthApplicationRegistrationConfigurationFirstNameArgs.builder()\n .enabled(false)\n .required(false)\n .build())\n .fullName(FusionAuthApplicationRegistrationConfigurationFullNameArgs.builder()\n .enabled(false)\n .required(false)\n .build())\n .lastName(FusionAuthApplicationRegistrationConfigurationLastNameArgs.builder()\n .enabled(false)\n .required(false)\n .build())\n .loginIdType(\"\")\n .middleName(FusionAuthApplicationRegistrationConfigurationMiddleNameArgs.builder()\n .enabled(false)\n .required(false)\n .build())\n .mobilePhone(FusionAuthApplicationRegistrationConfigurationMobilePhoneArgs.builder()\n .enabled(false)\n .required(false)\n .build())\n .preferredLanguages(FusionAuthApplicationRegistrationConfigurationPreferredLanguagesArgs.builder()\n .enabled(false)\n .required(false)\n .build())\n .type(\"\")\n .build())\n .passwordlessConfigurationEnabled(false)\n .registrationDeletePolicy(FusionAuthApplicationRegistrationDeletePolicyArgs.builder()\n .unverifiedEnabled(true)\n .unverifiedNumberOfDaysToRetain(30)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n forum:\n type: fusionauth:FusionAuthApplication\n properties:\n tenantId: ${fusionauth_tenant.portal.id}\n authenticationTokenConfigurationEnabled: false\n formConfiguration:\n adminRegistrationFormId: ${fusionauth_form.admin_registration.id}\n selfServiceFormId: ${fusionauth_form.self_service.id}\n jwtConfiguration:\n accessTokenId: ${fusionauth_key.access_token.id}\n enabled: true\n idTokenKeyId: ${fusionauth_key.id_token.id}\n refreshTokenTtlMinutes: 43200\n ttlSeconds: 3600\n lambdaConfiguration:\n accessTokenPopulateId: ${fusionauth_lambda.token_populate.id}\n idTokenPopulateId: ${fusionauth_lambda.id_token_populate.id}\n loginConfiguration:\n allowTokenRefresh: false\n generateRefreshTokens: false\n requireAuthentication: true\n multiFactorConfiguration:\n emailTemplateId: 859f394b-22a6-4fa6-ba55-de700df9e950\n smsTemplateId: 17760f96-dca7-448b-9a8f-c49016aa7210\n loginPolicy: Required\n trustPolicy: Any\n oauthConfiguration:\n authorizedOriginUrls:\n - http://www.example.com/oauth-callback\n authorizedUrlValidationPolicy: ExactMatch\n enabledGrants:\n - authorization_code\n - implicit\n generateRefreshTokens: false\n logoutBehavior: AllApplications\n logoutUrl: http://www.example.com/logout\n requireClientAuthentication: false\n providedScopePolicies:\n - address:\n enabled: false\n required: false\n email:\n enabled: false\n required: false\n phone:\n enabled: false\n required: false\n profile:\n enabled: false\n required: false\n registrationConfiguration:\n birthDate:\n enabled: false\n required: false\n confirmPassword: false\n enabled: false\n firstName:\n enabled: false\n required: false\n fullName:\n enabled: false\n required: false\n lastName:\n enabled: false\n required: false\n loginIdType: \"\"\n middleName:\n enabled: false\n required: false\n mobilePhone:\n enabled: false\n required: false\n preferredLanguages:\n enabled: false\n required: false\n type: \"\"\n passwordlessConfigurationEnabled: false\n registrationDeletePolicy:\n unverifiedEnabled: true\n unverifiedNumberOfDaysToRetain: 30\n```\n\n", "properties": { "accessControlConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationAccessControlConfiguration:FusionAuthApplicationAccessControlConfiguration" }, "applicationId": { "type": "string", "description": "The Id to use for the new Application. If not specified a secure random UUID will be generated.\n" }, "authenticationTokenConfigurationEnabled": { "type": "boolean", "description": "Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.\n" }, "cleanSpeakConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationCleanSpeakConfiguration:FusionAuthApplicationCleanSpeakConfiguration" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Application that should be persisted.\n" }, "emailConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationEmailConfiguration:FusionAuthApplicationEmailConfiguration" }, "formConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationFormConfiguration:FusionAuthApplicationFormConfiguration" }, "insertInstant": { "type": "integer", "description": "The instant that the Application was added to the FusionAuth database.\n" }, "jwtConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationJwtConfiguration:FusionAuthApplicationJwtConfiguration" }, "lambdaConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationLambdaConfiguration:FusionAuthApplicationLambdaConfiguration" }, "lastUpdateInstant": { "type": "integer", "description": "The instant that the Application was last updated in the FusionAuth database.\n" }, "loginConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationLoginConfiguration:FusionAuthApplicationLoginConfiguration" }, "multiFactorConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationMultiFactorConfiguration:FusionAuthApplicationMultiFactorConfiguration" }, "name": { "type": "string", "description": "The name of the Application.\n" }, "oauthConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationOauthConfiguration:FusionAuthApplicationOauthConfiguration" }, "passwordlessConfigurationEnabled": { "type": "boolean", "description": "Determines if passwordless login is enabled for this application.\n" }, "registrationConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationRegistrationConfiguration:FusionAuthApplicationRegistrationConfiguration" }, "registrationDeletePolicy": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationRegistrationDeletePolicy:FusionAuthApplicationRegistrationDeletePolicy" }, "samlv2Configuration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationSamlv2Configuration:FusionAuthApplicationSamlv2Configuration" }, "tenantId": { "type": "string", "description": "The Id of the Tenant that this Application belongs to.\n" }, "themeId": { "type": "string", "description": "The unique Id of the theme to be used to style the login page and other end user templates.\n" }, "verificationEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.\n" }, "verificationStrategy": { "type": "string", "description": "The process by which the user will verify their email address. Possible values are `ClickableLink` or `FormField`\n" }, "verifyRegistration": { "type": "boolean", "description": "Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.\n" }, "webauthnConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationWebauthnConfiguration:FusionAuthApplicationWebauthnConfiguration" } }, "type": "object", "required": [ "accessControlConfiguration", "cleanSpeakConfiguration", "emailConfiguration", "insertInstant", "lambdaConfiguration", "lastUpdateInstant", "loginConfiguration", "multiFactorConfiguration", "name", "oauthConfiguration", "registrationConfiguration", "registrationDeletePolicy", "samlv2Configuration", "tenantId" ], "inputProperties": { "accessControlConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationAccessControlConfiguration:FusionAuthApplicationAccessControlConfiguration" }, "applicationId": { "type": "string", "description": "The Id to use for the new Application. If not specified a secure random UUID will be generated.\n" }, "authenticationTokenConfigurationEnabled": { "type": "boolean", "description": "Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.\n" }, "cleanSpeakConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationCleanSpeakConfiguration:FusionAuthApplicationCleanSpeakConfiguration" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Application that should be persisted.\n" }, "emailConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationEmailConfiguration:FusionAuthApplicationEmailConfiguration" }, "formConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationFormConfiguration:FusionAuthApplicationFormConfiguration" }, "jwtConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationJwtConfiguration:FusionAuthApplicationJwtConfiguration" }, "lambdaConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationLambdaConfiguration:FusionAuthApplicationLambdaConfiguration" }, "loginConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationLoginConfiguration:FusionAuthApplicationLoginConfiguration" }, "multiFactorConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationMultiFactorConfiguration:FusionAuthApplicationMultiFactorConfiguration" }, "name": { "type": "string", "description": "The name of the Application.\n" }, "oauthConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationOauthConfiguration:FusionAuthApplicationOauthConfiguration" }, "passwordlessConfigurationEnabled": { "type": "boolean", "description": "Determines if passwordless login is enabled for this application.\n" }, "registrationConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationRegistrationConfiguration:FusionAuthApplicationRegistrationConfiguration" }, "registrationDeletePolicy": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationRegistrationDeletePolicy:FusionAuthApplicationRegistrationDeletePolicy" }, "samlv2Configuration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationSamlv2Configuration:FusionAuthApplicationSamlv2Configuration" }, "tenantId": { "type": "string", "description": "The Id of the Tenant that this Application belongs to.\n" }, "themeId": { "type": "string", "description": "The unique Id of the theme to be used to style the login page and other end user templates.\n" }, "verificationEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.\n" }, "verificationStrategy": { "type": "string", "description": "The process by which the user will verify their email address. Possible values are `ClickableLink` or `FormField`\n" }, "verifyRegistration": { "type": "boolean", "description": "Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.\n" }, "webauthnConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationWebauthnConfiguration:FusionAuthApplicationWebauthnConfiguration" } }, "requiredInputs": [ "tenantId" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthApplication resources.\n", "properties": { "accessControlConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationAccessControlConfiguration:FusionAuthApplicationAccessControlConfiguration" }, "applicationId": { "type": "string", "description": "The Id to use for the new Application. If not specified a secure random UUID will be generated.\n" }, "authenticationTokenConfigurationEnabled": { "type": "boolean", "description": "Determines if Users can have Authentication Tokens associated with this Application. This feature may not be enabled for the FusionAuth application.\n" }, "cleanSpeakConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationCleanSpeakConfiguration:FusionAuthApplicationCleanSpeakConfiguration" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Application that should be persisted.\n" }, "emailConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationEmailConfiguration:FusionAuthApplicationEmailConfiguration" }, "formConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationFormConfiguration:FusionAuthApplicationFormConfiguration" }, "insertInstant": { "type": "integer", "description": "The instant that the Application was added to the FusionAuth database.\n" }, "jwtConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationJwtConfiguration:FusionAuthApplicationJwtConfiguration" }, "lambdaConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationLambdaConfiguration:FusionAuthApplicationLambdaConfiguration" }, "lastUpdateInstant": { "type": "integer", "description": "The instant that the Application was last updated in the FusionAuth database.\n" }, "loginConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationLoginConfiguration:FusionAuthApplicationLoginConfiguration" }, "multiFactorConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationMultiFactorConfiguration:FusionAuthApplicationMultiFactorConfiguration" }, "name": { "type": "string", "description": "The name of the Application.\n" }, "oauthConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationOauthConfiguration:FusionAuthApplicationOauthConfiguration" }, "passwordlessConfigurationEnabled": { "type": "boolean", "description": "Determines if passwordless login is enabled for this application.\n" }, "registrationConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationRegistrationConfiguration:FusionAuthApplicationRegistrationConfiguration" }, "registrationDeletePolicy": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationRegistrationDeletePolicy:FusionAuthApplicationRegistrationDeletePolicy" }, "samlv2Configuration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationSamlv2Configuration:FusionAuthApplicationSamlv2Configuration" }, "tenantId": { "type": "string", "description": "The Id of the Tenant that this Application belongs to.\n" }, "themeId": { "type": "string", "description": "The unique Id of the theme to be used to style the login page and other end user templates.\n" }, "verificationEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used to send the Registration Verification emails to users. If the verifyRegistration field is true this field is required.\n" }, "verificationStrategy": { "type": "string", "description": "The process by which the user will verify their email address. Possible values are `ClickableLink` or `FormField`\n" }, "verifyRegistration": { "type": "boolean", "description": "Whether or not registrations to this Application may be verified. When this is set to true the verificationEmailTemplateId parameter is also required.\n" }, "webauthnConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthApplicationWebauthnConfiguration:FusionAuthApplicationWebauthnConfiguration" } }, "type": "object" } }, "fusionauth:index/fusionAuthApplicationOAuthScope:FusionAuthApplicationOAuthScope": { "description": "## # Application OAuth Scope Resource\n\nThe Application OAuth Scope resource allows you to define the scopes that an application can request when using OAuth.\n\n[Application OAuth Scope API](https://fusionauth.io/docs/apis/scopes)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst _this = new fusionauth.FusionAuthApplicationOAuthScope(\"this\", {\n applicationId: fusionauth_application[\"this\"].id,\n data: {\n addedBy: \"Tom\",\n addedOn: \"2025-02-05\",\n },\n defaultConsentDetail: \"This will provide the requesting application read-only access to your data\",\n defaultConsentMessage: \"View your data\",\n description: \"Provides an application read-only access to a user's data\",\n required: true,\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nthis = fusionauth.FusionAuthApplicationOAuthScope(\"this\",\n application_id=fusionauth_application[\"this\"][\"id\"],\n data={\n \"addedBy\": \"Tom\",\n \"addedOn\": \"2025-02-05\",\n },\n default_consent_detail=\"This will provide the requesting application read-only access to your data\",\n default_consent_message=\"View your data\",\n description=\"Provides an application read-only access to a user's data\",\n required=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var @this = new Fusionauth.FusionAuthApplicationOAuthScope(\"this\", new()\n {\n ApplicationId = fusionauth_application.This.Id,\n Data = \n {\n { \"addedBy\", \"Tom\" },\n { \"addedOn\", \"2025-02-05\" },\n },\n DefaultConsentDetail = \"This will provide the requesting application read-only access to your data\",\n DefaultConsentMessage = \"View your data\",\n Description = \"Provides an application read-only access to a user's data\",\n Required = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthApplicationOAuthScope(ctx, \"this\", &fusionauth.FusionAuthApplicationOAuthScopeArgs{\n\t\t\tApplicationId: pulumi.Any(fusionauth_application.This.Id),\n\t\t\tData: pulumi.StringMap{\n\t\t\t\t\"addedBy\": pulumi.String(\"Tom\"),\n\t\t\t\t\"addedOn\": pulumi.String(\"2025-02-05\"),\n\t\t\t},\n\t\t\tDefaultConsentDetail: pulumi.String(\"This will provide the requesting application read-only access to your data\"),\n\t\t\tDefaultConsentMessage: pulumi.String(\"View your data\"),\n\t\t\tDescription: pulumi.String(\"Provides an application read-only access to a user's data\"),\n\t\t\tRequired: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthApplicationOAuthScope;\nimport com.pulumi.fusionauth.FusionAuthApplicationOAuthScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var this_ = new FusionAuthApplicationOAuthScope(\"this\", FusionAuthApplicationOAuthScopeArgs.builder()\n .applicationId(fusionauth_application.this().id())\n .data(Map.ofEntries(\n Map.entry(\"addedBy\", \"Tom\"),\n Map.entry(\"addedOn\", \"2025-02-05\")\n ))\n .defaultConsentDetail(\"This will provide the requesting application read-only access to your data\")\n .defaultConsentMessage(\"View your data\")\n .description(\"Provides an application read-only access to a user's data\")\n .required(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n this:\n type: fusionauth:FusionAuthApplicationOAuthScope\n properties:\n applicationId: ${fusionauth_application.this.id}\n data:\n addedBy: Tom\n addedOn: 2025-02-05\n defaultConsentDetail: This will provide the requesting application read-only access to your data\n defaultConsentMessage: View your data\n description: Provides an application read-only access to a user's data\n required: true\n```\n\n", "properties": { "applicationId": { "type": "string", "description": "ID of the application that this role is for.\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the OAuth Scope that should be persisted.\n" }, "defaultConsentDetail": { "type": "string", "description": "\"The default detail to display on the OAuth consent screen if one cannot be found in the theme.\n" }, "defaultConsentMessage": { "type": "string", "description": "The default message to display on the OAuth consent screen if one cannot be found in the theme.\n" }, "description": { "type": "string", "description": "A description of the OAuth Scope. This is used for display purposes only.\n" }, "name": { "type": "string", "description": "The name of the Role.\n" }, "required": { "type": "boolean", "description": "Determines if the OAuth Scope is required when requested in an OAuth workflow.\n" }, "scopeId": { "type": "string", "description": "The Id to use for the new OAuth Scope. If not specified a secure random UUID will be generated.\n" } }, "type": "object", "required": [ "applicationId", "name", "scopeId" ], "inputProperties": { "applicationId": { "type": "string", "description": "ID of the application that this role is for.\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the OAuth Scope that should be persisted.\n" }, "defaultConsentDetail": { "type": "string", "description": "\"The default detail to display on the OAuth consent screen if one cannot be found in the theme.\n" }, "defaultConsentMessage": { "type": "string", "description": "The default message to display on the OAuth consent screen if one cannot be found in the theme.\n" }, "description": { "type": "string", "description": "A description of the OAuth Scope. This is used for display purposes only.\n" }, "name": { "type": "string", "description": "The name of the Role.\n", "willReplaceOnChanges": true }, "required": { "type": "boolean", "description": "Determines if the OAuth Scope is required when requested in an OAuth workflow.\n" }, "scopeId": { "type": "string", "description": "The Id to use for the new OAuth Scope. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true } }, "requiredInputs": [ "applicationId" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthApplicationOAuthScope resources.\n", "properties": { "applicationId": { "type": "string", "description": "ID of the application that this role is for.\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the OAuth Scope that should be persisted.\n" }, "defaultConsentDetail": { "type": "string", "description": "\"The default detail to display on the OAuth consent screen if one cannot be found in the theme.\n" }, "defaultConsentMessage": { "type": "string", "description": "The default message to display on the OAuth consent screen if one cannot be found in the theme.\n" }, "description": { "type": "string", "description": "A description of the OAuth Scope. This is used for display purposes only.\n" }, "name": { "type": "string", "description": "The name of the Role.\n", "willReplaceOnChanges": true }, "required": { "type": "boolean", "description": "Determines if the OAuth Scope is required when requested in an OAuth workflow.\n" }, "scopeId": { "type": "string", "description": "The Id to use for the new OAuth Scope. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true } }, "type": "object" } }, "fusionauth:index/fusionAuthApplicationRole:FusionAuthApplicationRole": { "description": "## # Application Role Resource\n\nThis Resource is used to create a role for an Application.\n\n[Application Roles API](https://fusionauth.io/docs/v1/tech/apis/applications)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst myAppAdminRole = new fusionauth.FusionAuthApplicationRole(\"myAppAdminRole\", {\n applicationId: fusionauth_application.my_app.id,\n description: \"\",\n isDefault: false,\n isSuperRole: true,\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nmy_app_admin_role = fusionauth.FusionAuthApplicationRole(\"myAppAdminRole\",\n application_id=fusionauth_application[\"my_app\"][\"id\"],\n description=\"\",\n is_default=False,\n is_super_role=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var myAppAdminRole = new Fusionauth.FusionAuthApplicationRole(\"myAppAdminRole\", new()\n {\n ApplicationId = fusionauth_application.My_app.Id,\n Description = \"\",\n IsDefault = false,\n IsSuperRole = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthApplicationRole(ctx, \"myAppAdminRole\", &fusionauth.FusionAuthApplicationRoleArgs{\n\t\t\tApplicationId: pulumi.Any(fusionauth_application.My_app.Id),\n\t\t\tDescription: pulumi.String(\"\"),\n\t\t\tIsDefault: pulumi.Bool(false),\n\t\t\tIsSuperRole: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthApplicationRole;\nimport com.pulumi.fusionauth.FusionAuthApplicationRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myAppAdminRole = new FusionAuthApplicationRole(\"myAppAdminRole\", FusionAuthApplicationRoleArgs.builder()\n .applicationId(fusionauth_application.my_app().id())\n .description(\"\")\n .isDefault(false)\n .isSuperRole(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myAppAdminRole:\n type: fusionauth:FusionAuthApplicationRole\n properties:\n applicationId: ${fusionauth_application.my_app.id}\n description: \"\"\n isDefault: false\n isSuperRole: true\n```\n\n", "properties": { "applicationId": { "type": "string", "description": "ID of the application that this role is for.\n" }, "description": { "type": "string", "description": "A description for the role.\n" }, "isDefault": { "type": "boolean", "description": "Whether or not the Role is a default role. A default role is automatically assigned to a user during registration if no roles are provided.\n" }, "isSuperRole": { "type": "boolean", "description": "Whether or not the Role is a considered to be a super user role. This is a marker to indicate that it supersedes all other roles. FusionAuth will attempt to enforce this contract when using the web UI, it is not enforced programmatically when using the API.\n" }, "name": { "type": "string", "description": "The name of the Role.\n" } }, "type": "object", "required": [ "applicationId", "name" ], "inputProperties": { "applicationId": { "type": "string", "description": "ID of the application that this role is for.\n" }, "description": { "type": "string", "description": "A description for the role.\n" }, "isDefault": { "type": "boolean", "description": "Whether or not the Role is a default role. A default role is automatically assigned to a user during registration if no roles are provided.\n" }, "isSuperRole": { "type": "boolean", "description": "Whether or not the Role is a considered to be a super user role. This is a marker to indicate that it supersedes all other roles. FusionAuth will attempt to enforce this contract when using the web UI, it is not enforced programmatically when using the API.\n" }, "name": { "type": "string", "description": "The name of the Role.\n", "willReplaceOnChanges": true } }, "requiredInputs": [ "applicationId" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthApplicationRole resources.\n", "properties": { "applicationId": { "type": "string", "description": "ID of the application that this role is for.\n" }, "description": { "type": "string", "description": "A description for the role.\n" }, "isDefault": { "type": "boolean", "description": "Whether or not the Role is a default role. A default role is automatically assigned to a user during registration if no roles are provided.\n" }, "isSuperRole": { "type": "boolean", "description": "Whether or not the Role is a considered to be a super user role. This is a marker to indicate that it supersedes all other roles. FusionAuth will attempt to enforce this contract when using the web UI, it is not enforced programmatically when using the API.\n" }, "name": { "type": "string", "description": "The name of the Role.\n", "willReplaceOnChanges": true } }, "type": "object" } }, "fusionauth:index/fusionAuthEMail:FusionAuthEMail": { "description": "## # Email Resource\n\nThis resource contains the APIs for managing Email Templates.\n\n[Emails API](https://fusionauth.io/docs/v1/tech/apis/emails)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fs from \"fs\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst helloWorld = new fusionauth.FusionAuthEMail(\"helloWorld\", {\n defaultFromName: \"Welcome Team\",\n defaultHtmlTemplate: fs.readFileSync(`${path.module}/email_templates/HelloWorld.html.ftl`, \"utf8\"),\n defaultSubject: \"Hello\",\n defaultTextTemplate: fs.readFileSync(`${path.module}/email_templates/HelloWorld.txt.ftl`, \"utf8\"),\n fromEmail: \"welcome@example.com.com\",\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nhello_world = fusionauth.FusionAuthEMail(\"helloWorld\",\n default_from_name=\"Welcome Team\",\n default_html_template=(lambda path: open(path).read())(f\"{path['module']}/email_templates/HelloWorld.html.ftl\"),\n default_subject=\"Hello\",\n default_text_template=(lambda path: open(path).read())(f\"{path['module']}/email_templates/HelloWorld.txt.ftl\"),\n from_email=\"welcome@example.com.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var helloWorld = new Fusionauth.FusionAuthEMail(\"helloWorld\", new()\n {\n DefaultFromName = \"Welcome Team\",\n DefaultHtmlTemplate = File.ReadAllText($\"{path.Module}/email_templates/HelloWorld.html.ftl\"),\n DefaultSubject = \"Hello\",\n DefaultTextTemplate = File.ReadAllText($\"{path.Module}/email_templates/HelloWorld.txt.ftl\"),\n FromEmail = \"welcome@example.com.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthEMail(ctx, \"helloWorld\", &fusionauth.FusionAuthEMailArgs{\n\t\t\tDefaultFromName: pulumi.String(\"Welcome Team\"),\n\t\t\tDefaultHtmlTemplate: pulumi.String(readFileOrPanic(fmt.Sprintf(\"%v/email_templates/HelloWorld.html.ftl\", path.Module))),\n\t\t\tDefaultSubject: pulumi.String(\"Hello\"),\n\t\t\tDefaultTextTemplate: pulumi.String(readFileOrPanic(fmt.Sprintf(\"%v/email_templates/HelloWorld.txt.ftl\", path.Module))),\n\t\t\tFromEmail: pulumi.String(\"welcome@example.com.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthEMail;\nimport com.pulumi.fusionauth.FusionAuthEMailArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var helloWorld = new FusionAuthEMail(\"helloWorld\", FusionAuthEMailArgs.builder()\n .defaultFromName(\"Welcome Team\")\n .defaultHtmlTemplate(Files.readString(Paths.get(String.format(\"%s/email_templates/HelloWorld.html.ftl\", path.module()))))\n .defaultSubject(\"Hello\")\n .defaultTextTemplate(Files.readString(Paths.get(String.format(\"%s/email_templates/HelloWorld.txt.ftl\", path.module()))))\n .fromEmail(\"welcome@example.com.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n helloWorld:\n type: fusionauth:FusionAuthEMail\n properties:\n defaultFromName: Welcome Team\n defaultHtmlTemplate:\n fn::readFile: ${path.module}/email_templates/HelloWorld.html.ftl\n defaultSubject: Hello\n defaultTextTemplate:\n fn::readFile: ${path.module}/email_templates/HelloWorld.txt.ftl\n fromEmail: welcome@example.com.com\n```\n\n", "properties": { "defaultFromName": { "type": "string", "description": "The default From Name used when sending emails. If not provided, and a localized value cannot be determined, the default value for the tenant will be used. This is the display name part of the email address ( i.e. Jared Dunn ).\n" }, "defaultHtmlTemplate": { "type": "string", "description": "The default HTML Email Template.\n" }, "defaultSubject": { "type": "string", "description": "The default Subject used when sending emails.\n" }, "defaultTextTemplate": { "type": "string", "description": "The default Text Email Template.\n" }, "emailId": { "type": "string", "description": "The Id to use for the new Email Template. If not specified a secure random UUID will be generated.\n" }, "fromEmail": { "type": "string", "description": "The email address that this email will be sent from. If not provided, the default value for the tenant will be used. This is the address part email address (i.e. Jared Dunn ).\n" }, "localizedFromNames": { "type": "object", "additionalProperties": { "type": "string" }, "description": "The From Name used when sending emails to users who speak other languages. This overrides the default From Name based on the user’s list of preferred languages.\n" }, "localizedHtmlTemplates": { "type": "object", "additionalProperties": { "type": "string" }, "description": "The HTML Email Template used when sending emails to users who speak other languages. This overrides the default HTML Email Template based on the user’s list of preferred languages.\n" }, "localizedSubjects": { "type": "object", "additionalProperties": { "type": "string" }, "description": "The Subject used when sending emails to users who speak other languages. This overrides the default Subject based on the user’s list of preferred languages.\n" }, "localizedTextTemplates": { "type": "object", "additionalProperties": { "type": "string" }, "description": "The Text Email Template used when sending emails to users who speak other languages. This overrides the default Text Email Template based on the user’s list of preferred languages.\n" }, "name": { "type": "string", "description": "A descriptive name for the email template (i.e. \"April 2016 Coupon Email\")\n" } }, "type": "object", "required": [ "defaultHtmlTemplate", "defaultSubject", "defaultTextTemplate", "name" ], "inputProperties": { "defaultFromName": { "type": "string", "description": "The default From Name used when sending emails. If not provided, and a localized value cannot be determined, the default value for the tenant will be used. This is the display name part of the email address ( i.e. Jared Dunn ).\n" }, "defaultHtmlTemplate": { "type": "string", "description": "The default HTML Email Template.\n" }, "defaultSubject": { "type": "string", "description": "The default Subject used when sending emails.\n" }, "defaultTextTemplate": { "type": "string", "description": "The default Text Email Template.\n" }, "emailId": { "type": "string", "description": "The Id to use for the new Email Template. If not specified a secure random UUID will be generated.\n" }, "fromEmail": { "type": "string", "description": "The email address that this email will be sent from. If not provided, the default value for the tenant will be used. This is the address part email address (i.e. Jared Dunn ).\n" }, "localizedFromNames": { "type": "object", "additionalProperties": { "type": "string" }, "description": "The From Name used when sending emails to users who speak other languages. This overrides the default From Name based on the user’s list of preferred languages.\n" }, "localizedHtmlTemplates": { "type": "object", "additionalProperties": { "type": "string" }, "description": "The HTML Email Template used when sending emails to users who speak other languages. This overrides the default HTML Email Template based on the user’s list of preferred languages.\n" }, "localizedSubjects": { "type": "object", "additionalProperties": { "type": "string" }, "description": "The Subject used when sending emails to users who speak other languages. This overrides the default Subject based on the user’s list of preferred languages.\n" }, "localizedTextTemplates": { "type": "object", "additionalProperties": { "type": "string" }, "description": "The Text Email Template used when sending emails to users who speak other languages. This overrides the default Text Email Template based on the user’s list of preferred languages.\n" }, "name": { "type": "string", "description": "A descriptive name for the email template (i.e. \"April 2016 Coupon Email\")\n" } }, "requiredInputs": [ "defaultHtmlTemplate", "defaultSubject", "defaultTextTemplate" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthEMail resources.\n", "properties": { "defaultFromName": { "type": "string", "description": "The default From Name used when sending emails. If not provided, and a localized value cannot be determined, the default value for the tenant will be used. This is the display name part of the email address ( i.e. Jared Dunn ).\n" }, "defaultHtmlTemplate": { "type": "string", "description": "The default HTML Email Template.\n" }, "defaultSubject": { "type": "string", "description": "The default Subject used when sending emails.\n" }, "defaultTextTemplate": { "type": "string", "description": "The default Text Email Template.\n" }, "emailId": { "type": "string", "description": "The Id to use for the new Email Template. If not specified a secure random UUID will be generated.\n" }, "fromEmail": { "type": "string", "description": "The email address that this email will be sent from. If not provided, the default value for the tenant will be used. This is the address part email address (i.e. Jared Dunn ).\n" }, "localizedFromNames": { "type": "object", "additionalProperties": { "type": "string" }, "description": "The From Name used when sending emails to users who speak other languages. This overrides the default From Name based on the user’s list of preferred languages.\n" }, "localizedHtmlTemplates": { "type": "object", "additionalProperties": { "type": "string" }, "description": "The HTML Email Template used when sending emails to users who speak other languages. This overrides the default HTML Email Template based on the user’s list of preferred languages.\n" }, "localizedSubjects": { "type": "object", "additionalProperties": { "type": "string" }, "description": "The Subject used when sending emails to users who speak other languages. This overrides the default Subject based on the user’s list of preferred languages.\n" }, "localizedTextTemplates": { "type": "object", "additionalProperties": { "type": "string" }, "description": "The Text Email Template used when sending emails to users who speak other languages. This overrides the default Text Email Template based on the user’s list of preferred languages.\n" }, "name": { "type": "string", "description": "A descriptive name for the email template (i.e. \"April 2016 Coupon Email\")\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthEntity:FusionAuthEntity": { "description": "## # Entity Resource\n\nEntities are arbitrary objects which can be modeled in FusionAuth. Anything which is not a user but might need\npermissions managed by FusionAuth is a possible entity. Examples might include devices, cars, computers, customers,\ncompanies, etc.\n\nFusionAuth’s Entity Management has the following major concepts:\n\n* Entity Types categorize Entities. An Entity Type could be `Device`, `API` or `Company`.\n* Permissions are defined on an Entity Type. These are arbitrary strings which can fit the business domain. A Permission\n could be `read`, `write`, or `file-lawsuit`.\n* Entities are instances of a single type. An Entity could be a `nest device`, an `Email API` or `Raviga`.\n* Entities can have Grants. Grants are relationships between a target Entity and one of two other types: a recipient\n Entity or a User. Grants can have zero or more Permissions associated with them.\n\nYou can use the Client Credentials grant to see if an Entity has permission to access another Entity.\n\n[Entity API](https://fusionauth.io/docs/v1/tech/apis/entity-management/entities)\n\n", "properties": { "clientId": { "type": "string", "description": "The OAuth 2.0 client ID. If you leave this blank on create, the value of the Entity ID will\nbe used. Must be a UUID.\n" }, "clientSecret": { "type": "string", "description": "The OAuth 2.0 client secret. If you leave this blank on create, a secure secret will be\ngenerated for you. If you leave this blank during an update, the previous value will be maintained. For both create\nand update you can provide a value and it will be stored.\n", "secret": true }, "data": { "type": "string", "description": "An object that can hold any information about the Entity that should be persisted. Please review\nthe limits on data field types as you plan for and build your custom data schema. Must be a JSON serialised string.\n" }, "entityId": { "type": "string", "description": "The ID to use for the new Entity. If not specified a secure random UUID will be generated.\n" }, "entityTypeId": { "type": "string", "description": "The ID of the Entity Type. Types are consulted for permission checks.\n" }, "name": { "type": "string", "description": "A descriptive name for the Entity (i.e. \"Raviga\" or \"Email Service\").\n" }, "tenantId": { "type": "string", "description": "The unique ID of the tenant used to scope this API request.\n\nFor more information see:\n[FusionAuth Entity Management API Overview](https://fusionauth.io/docs/v1/tech/apis/entity-management/)\n" } }, "type": "object", "required": [ "clientId", "clientSecret", "entityId", "entityTypeId", "name" ], "inputProperties": { "clientId": { "type": "string", "description": "The OAuth 2.0 client ID. If you leave this blank on create, the value of the Entity ID will\nbe used. Must be a UUID.\n" }, "clientSecret": { "type": "string", "description": "The OAuth 2.0 client secret. If you leave this blank on create, a secure secret will be\ngenerated for you. If you leave this blank during an update, the previous value will be maintained. For both create\nand update you can provide a value and it will be stored.\n", "secret": true }, "data": { "type": "string", "description": "An object that can hold any information about the Entity that should be persisted. Please review\nthe limits on data field types as you plan for and build your custom data schema. Must be a JSON serialised string.\n" }, "entityId": { "type": "string", "description": "The ID to use for the new Entity. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "entityTypeId": { "type": "string", "description": "The ID of the Entity Type. Types are consulted for permission checks.\n" }, "name": { "type": "string", "description": "A descriptive name for the Entity (i.e. \"Raviga\" or \"Email Service\").\n" }, "tenantId": { "type": "string", "description": "The unique ID of the tenant used to scope this API request.\n\nFor more information see:\n[FusionAuth Entity Management API Overview](https://fusionauth.io/docs/v1/tech/apis/entity-management/)\n", "willReplaceOnChanges": true } }, "requiredInputs": [ "entityTypeId" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthEntity resources.\n", "properties": { "clientId": { "type": "string", "description": "The OAuth 2.0 client ID. If you leave this blank on create, the value of the Entity ID will\nbe used. Must be a UUID.\n" }, "clientSecret": { "type": "string", "description": "The OAuth 2.0 client secret. If you leave this blank on create, a secure secret will be\ngenerated for you. If you leave this blank during an update, the previous value will be maintained. For both create\nand update you can provide a value and it will be stored.\n", "secret": true }, "data": { "type": "string", "description": "An object that can hold any information about the Entity that should be persisted. Please review\nthe limits on data field types as you plan for and build your custom data schema. Must be a JSON serialised string.\n" }, "entityId": { "type": "string", "description": "The ID to use for the new Entity. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "entityTypeId": { "type": "string", "description": "The ID of the Entity Type. Types are consulted for permission checks.\n" }, "name": { "type": "string", "description": "A descriptive name for the Entity (i.e. \"Raviga\" or \"Email Service\").\n" }, "tenantId": { "type": "string", "description": "The unique ID of the tenant used to scope this API request.\n\nFor more information see:\n[FusionAuth Entity Management API Overview](https://fusionauth.io/docs/v1/tech/apis/entity-management/)\n", "willReplaceOnChanges": true } }, "type": "object" } }, "fusionauth:index/fusionAuthEntityGrant:FusionAuthEntityGrant": { "description": "## # Entity Grant Resource\n\nEntities can have Grants. Grants are relationships between a target Entity and one of two other types:\n\n* A Recipient Entity\n* A User.\n\nGrants can have zero or more Permissions associated with them.\n\n[Entity Grant API](https://fusionauth.io/docs/v1/tech/apis/entity-management/grants)\n\n## Example Usage\n\n", "properties": { "data": { "type": "string", "description": "An object that can hold any information about the Grant that should be persisted. Please review the limits on data field types as you plan for and build your custom data schema. Must be a JSON string.\n" }, "entityId": { "type": "string", "description": "The Id of the Entity to which access is granted.\n" }, "permissions": { "type": "array", "items": { "type": "string" }, "description": "The set of permissions of this Grant.\n" }, "recipientEntityId": { "type": "string", "description": "The Entity Id for which access is granted. If `recipient_entity_id` is not provided, then the `user_id` will be required.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant used to scope this API request.\n" }, "userId": { "type": "string", "description": "The User Id for which access is granted. If `user_id` is not provided, then the `recipient_entity_id` will be required.\n" } }, "type": "object", "required": [ "entityId", "tenantId" ], "inputProperties": { "data": { "type": "string", "description": "An object that can hold any information about the Grant that should be persisted. Please review the limits on data field types as you plan for and build your custom data schema. Must be a JSON string.\n" }, "entityId": { "type": "string", "description": "The Id of the Entity to which access is granted.\n", "willReplaceOnChanges": true }, "permissions": { "type": "array", "items": { "type": "string" }, "description": "The set of permissions of this Grant.\n" }, "recipientEntityId": { "type": "string", "description": "The Entity Id for which access is granted. If `recipient_entity_id` is not provided, then the `user_id` will be required.\n", "willReplaceOnChanges": true }, "tenantId": { "type": "string", "description": "The unique Id of the tenant used to scope this API request.\n", "willReplaceOnChanges": true }, "userId": { "type": "string", "description": "The User Id for which access is granted. If `user_id` is not provided, then the `recipient_entity_id` will be required.\n", "willReplaceOnChanges": true } }, "requiredInputs": [ "entityId" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthEntityGrant resources.\n", "properties": { "data": { "type": "string", "description": "An object that can hold any information about the Grant that should be persisted. Please review the limits on data field types as you plan for and build your custom data schema. Must be a JSON string.\n" }, "entityId": { "type": "string", "description": "The Id of the Entity to which access is granted.\n", "willReplaceOnChanges": true }, "permissions": { "type": "array", "items": { "type": "string" }, "description": "The set of permissions of this Grant.\n" }, "recipientEntityId": { "type": "string", "description": "The Entity Id for which access is granted. If `recipient_entity_id` is not provided, then the `user_id` will be required.\n", "willReplaceOnChanges": true }, "tenantId": { "type": "string", "description": "The unique Id of the tenant used to scope this API request.\n", "willReplaceOnChanges": true }, "userId": { "type": "string", "description": "The User Id for which access is granted. If `user_id` is not provided, then the `recipient_entity_id` will be required.\n", "willReplaceOnChanges": true } }, "type": "object" } }, "fusionauth:index/fusionAuthEntityType:FusionAuthEntityType": { "description": "## # Entity Type Resource\n\nEntity Types categorize Entities. For example, an Entity Type could be `Device`, `API` or `Company`.\n\n[Entity Type API](https://fusionauth.io/docs/v1/tech/apis/entity-management/entity-types/#create-an-entity-type)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst company = new fusionauth.FusionAuthEntityType(\"company\", {\n data: JSON.stringify({\n createdBy: \"jared@fusionauth.io\",\n }),\n jwtConfiguration: {\n accessTokenKeyId: \"a7516c7c-6234-4021-b0b4-8870c807aeb2\",\n enabled: true,\n timeToLiveInSeconds: 3600,\n },\n});\n```\n```python\nimport pulumi\nimport json\nimport theogravity_pulumi_fusionauth as fusionauth\n\ncompany = fusionauth.FusionAuthEntityType(\"company\",\n data=json.dumps({\n \"createdBy\": \"jared@fusionauth.io\",\n }),\n jwt_configuration={\n \"access_token_key_id\": \"a7516c7c-6234-4021-b0b4-8870c807aeb2\",\n \"enabled\": True,\n \"time_to_live_in_seconds\": 3600,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var company = new Fusionauth.FusionAuthEntityType(\"company\", new()\n {\n Data = JsonSerializer.Serialize(new Dictionary\n {\n [\"createdBy\"] = \"jared@fusionauth.io\",\n }),\n JwtConfiguration = new Fusionauth.Inputs.FusionAuthEntityTypeJwtConfigurationArgs\n {\n AccessTokenKeyId = \"a7516c7c-6234-4021-b0b4-8870c807aeb2\",\n Enabled = true,\n TimeToLiveInSeconds = 3600,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"createdBy\": \"jared@fusionauth.io\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = fusionauth.NewFusionAuthEntityType(ctx, \"company\", &fusionauth.FusionAuthEntityTypeArgs{\n\t\t\tData: pulumi.String(json0),\n\t\t\tJwtConfiguration: &fusionauth.FusionAuthEntityTypeJwtConfigurationArgs{\n\t\t\t\tAccessTokenKeyId: pulumi.String(\"a7516c7c-6234-4021-b0b4-8870c807aeb2\"),\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tTimeToLiveInSeconds: pulumi.Int(3600),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthEntityType;\nimport com.pulumi.fusionauth.FusionAuthEntityTypeArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthEntityTypeJwtConfigurationArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var company = new FusionAuthEntityType(\"company\", FusionAuthEntityTypeArgs.builder()\n .data(serializeJson(\n jsonObject(\n jsonProperty(\"createdBy\", \"jared@fusionauth.io\")\n )))\n .jwtConfiguration(FusionAuthEntityTypeJwtConfigurationArgs.builder()\n .accessTokenKeyId(\"a7516c7c-6234-4021-b0b4-8870c807aeb2\")\n .enabled(true)\n .timeToLiveInSeconds(3600)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n company:\n type: fusionauth:FusionAuthEntityType\n properties:\n data:\n fn::toJSON:\n createdBy: jared@fusionauth.io\n jwtConfiguration:\n accessTokenKeyId: a7516c7c-6234-4021-b0b4-8870c807aeb2\n enabled: true\n timeToLiveInSeconds: 3600\n```\n\n", "properties": { "data": { "type": "string", "description": "An object that can hold any information about the Entity Type that should be persisted. Must be aJSON string.\n" }, "entityTypeId": { "type": "string", "description": "The ID to use for the new Entity Type. If not specified a secure random UUID will be generated.\n" }, "jwtConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthEntityTypeJwtConfiguration:FusionAuthEntityTypeJwtConfiguration", "description": "A block to configure JSON Web Token (JWT) options.\n" }, "name": { "type": "string", "description": "A descriptive name for the entity type (i.e. `Customer` or `Email_Service`).\n" } }, "type": "object", "required": [ "entityTypeId", "jwtConfiguration", "name" ], "inputProperties": { "data": { "type": "string", "description": "An object that can hold any information about the Entity Type that should be persisted. Must be aJSON string.\n" }, "entityTypeId": { "type": "string", "description": "The ID to use for the new Entity Type. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "jwtConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthEntityTypeJwtConfiguration:FusionAuthEntityTypeJwtConfiguration", "description": "A block to configure JSON Web Token (JWT) options.\n" }, "name": { "type": "string", "description": "A descriptive name for the entity type (i.e. `Customer` or `Email_Service`).\n" } }, "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthEntityType resources.\n", "properties": { "data": { "type": "string", "description": "An object that can hold any information about the Entity Type that should be persisted. Must be aJSON string.\n" }, "entityTypeId": { "type": "string", "description": "The ID to use for the new Entity Type. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "jwtConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthEntityTypeJwtConfiguration:FusionAuthEntityTypeJwtConfiguration", "description": "A block to configure JSON Web Token (JWT) options.\n" }, "name": { "type": "string", "description": "A descriptive name for the entity type (i.e. `Customer` or `Email_Service`).\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthEntityTypePermission:FusionAuthEntityTypePermission": { "properties": { "data": { "type": "string", "description": "An object that can hold any information about the Permission that should be persisted. Must be a JSON string.\n" }, "description": { "type": "string", "description": "The description of the Permission.\n" }, "entityTypeId": { "type": "string", "description": "The Id of the Entity Type.\n" }, "isDefault": { "type": "boolean", "description": "Whether or not the Permission is a default permission. A default permission is automatically granted to an entity of\nthis type if no permissions are provided in a grant request.\n" }, "name": { "type": "string", "description": "The name of the Permission.\n" }, "permissionId": { "type": "string", "description": "The Id to use for the new permission. If not specified a secure random UUID will be generated.\n" } }, "type": "object", "required": [ "entityTypeId", "name", "permissionId" ], "inputProperties": { "data": { "type": "string", "description": "An object that can hold any information about the Permission that should be persisted. Must be a JSON string.\n" }, "description": { "type": "string", "description": "The description of the Permission.\n" }, "entityTypeId": { "type": "string", "description": "The Id of the Entity Type.\n", "willReplaceOnChanges": true }, "isDefault": { "type": "boolean", "description": "Whether or not the Permission is a default permission. A default permission is automatically granted to an entity of\nthis type if no permissions are provided in a grant request.\n" }, "name": { "type": "string", "description": "The name of the Permission.\n", "willReplaceOnChanges": true }, "permissionId": { "type": "string", "description": "The Id to use for the new permission. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true } }, "requiredInputs": [ "entityTypeId" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthEntityTypePermission resources.\n", "properties": { "data": { "type": "string", "description": "An object that can hold any information about the Permission that should be persisted. Must be a JSON string.\n" }, "description": { "type": "string", "description": "The description of the Permission.\n" }, "entityTypeId": { "type": "string", "description": "The Id of the Entity Type.\n", "willReplaceOnChanges": true }, "isDefault": { "type": "boolean", "description": "Whether or not the Permission is a default permission. A default permission is automatically granted to an entity of\nthis type if no permissions are provided in a grant request.\n" }, "name": { "type": "string", "description": "The name of the Permission.\n", "willReplaceOnChanges": true }, "permissionId": { "type": "string", "description": "The Id to use for the new permission. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true } }, "type": "object" } }, "fusionauth:index/fusionAuthForm:FusionAuthForm": { "description": "## # Form Resource\n\nA FusionAuth Form is a customizable object that contains one-to-many ordered steps. Each step is comprised of one or more Form Fields.\n\n[Form API](https://fusionauth.io/docs/v1/tech/apis/forms/)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst form = new fusionauth.FusionAuthForm(\"form\", {\n data: {\n description: \"This form customizes the registration experience.\",\n },\n steps: [\n {\n fields: [\"91909721-7d4f-b110-8f21-cfdee2a1edb8\"],\n },\n {\n fields: [\n \"8ed89a31-c325-3156-72ed-6e89183af917\",\n \"a977cfd4-a9ed-c4cf-650f-f4539268ac38\",\n ],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nform = fusionauth.FusionAuthForm(\"form\",\n data={\n \"description\": \"This form customizes the registration experience.\",\n },\n steps=[\n {\n \"fields\": [\"91909721-7d4f-b110-8f21-cfdee2a1edb8\"],\n },\n {\n \"fields\": [\n \"8ed89a31-c325-3156-72ed-6e89183af917\",\n \"a977cfd4-a9ed-c4cf-650f-f4539268ac38\",\n ],\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var form = new Fusionauth.FusionAuthForm(\"form\", new()\n {\n Data = \n {\n { \"description\", \"This form customizes the registration experience.\" },\n },\n Steps = new[]\n {\n new Fusionauth.Inputs.FusionAuthFormStepArgs\n {\n Fields = new[]\n {\n \"91909721-7d4f-b110-8f21-cfdee2a1edb8\",\n },\n },\n new Fusionauth.Inputs.FusionAuthFormStepArgs\n {\n Fields = new[]\n {\n \"8ed89a31-c325-3156-72ed-6e89183af917\",\n \"a977cfd4-a9ed-c4cf-650f-f4539268ac38\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthForm(ctx, \"form\", &fusionauth.FusionAuthFormArgs{\n\t\t\tData: pulumi.StringMap{\n\t\t\t\t\"description\": pulumi.String(\"This form customizes the registration experience.\"),\n\t\t\t},\n\t\t\tSteps: fusionauth.FusionAuthFormStepArray{\n\t\t\t\t&fusionauth.FusionAuthFormStepArgs{\n\t\t\t\t\tFields: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"91909721-7d4f-b110-8f21-cfdee2a1edb8\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthFormStepArgs{\n\t\t\t\t\tFields: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"8ed89a31-c325-3156-72ed-6e89183af917\"),\n\t\t\t\t\t\tpulumi.String(\"a977cfd4-a9ed-c4cf-650f-f4539268ac38\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthForm;\nimport com.pulumi.fusionauth.FusionAuthFormArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthFormStepArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var form = new FusionAuthForm(\"form\", FusionAuthFormArgs.builder()\n .data(Map.of(\"description\", \"This form customizes the registration experience.\"))\n .steps( \n FusionAuthFormStepArgs.builder()\n .fields(\"91909721-7d4f-b110-8f21-cfdee2a1edb8\")\n .build(),\n FusionAuthFormStepArgs.builder()\n .fields( \n \"8ed89a31-c325-3156-72ed-6e89183af917\",\n \"a977cfd4-a9ed-c4cf-650f-f4539268ac38\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n form:\n type: fusionauth:FusionAuthForm\n properties:\n data:\n description: This form customizes the registration experience.\n steps:\n - fields:\n - 91909721-7d4f-b110-8f21-cfdee2a1edb8\n - fields:\n - 8ed89a31-c325-3156-72ed-6e89183af917\n - a977cfd4-a9ed-c4cf-650f-f4539268ac38\n```\n\n", "properties": { "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Form Field that should be persisted.\n" }, "formId": { "type": "string", "description": "The Id to use for the new Form. If not specified a secure random UUID will be generated.\n" }, "name": { "type": "string", "description": "The unique name of the Form Field.\n" }, "steps": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthFormStep:FusionAuthFormStep" }, "description": "An ordered list of objects containing one or more Form Fields. A Form must have at least one step defined.\n" }, "type": { "type": "string", "description": "The type of form being created, a form type cannot be changed after the form has been created.\n" } }, "type": "object", "required": [ "name", "steps" ], "inputProperties": { "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Form Field that should be persisted.\n" }, "formId": { "type": "string", "description": "The Id to use for the new Form. If not specified a secure random UUID will be generated.\n" }, "name": { "type": "string", "description": "The unique name of the Form Field.\n" }, "steps": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthFormStep:FusionAuthFormStep" }, "description": "An ordered list of objects containing one or more Form Fields. A Form must have at least one step defined.\n" }, "type": { "type": "string", "description": "The type of form being created, a form type cannot be changed after the form has been created.\n", "willReplaceOnChanges": true } }, "requiredInputs": [ "steps" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthForm resources.\n", "properties": { "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Form Field that should be persisted.\n" }, "formId": { "type": "string", "description": "The Id to use for the new Form. If not specified a secure random UUID will be generated.\n" }, "name": { "type": "string", "description": "The unique name of the Form Field.\n" }, "steps": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthFormStep:FusionAuthFormStep" }, "description": "An ordered list of objects containing one or more Form Fields. A Form must have at least one step defined.\n" }, "type": { "type": "string", "description": "The type of form being created, a form type cannot be changed after the form has been created.\n", "willReplaceOnChanges": true } }, "type": "object" } }, "fusionauth:index/fusionAuthFormField:FusionAuthFormField": { "description": "## # Form Field Resource\n\nA FusionAuth Form Field is an object that can be customized to receive input within a FusionAuth Form.\n\n[Form Field API](https://fusionauth.io/docs/v1/tech/apis/form-fields/)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst field = new fusionauth.FusionAuthFormField(\"field\", {\n confirm: true,\n data: {\n leftAddOn: \"send\",\n },\n description: \"Information about this custom field\",\n key: \"user.firstName\",\n required: true,\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nfield = fusionauth.FusionAuthFormField(\"field\",\n confirm=True,\n data={\n \"leftAddOn\": \"send\",\n },\n description=\"Information about this custom field\",\n key=\"user.firstName\",\n required=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var field = new Fusionauth.FusionAuthFormField(\"field\", new()\n {\n Confirm = true,\n Data = \n {\n { \"leftAddOn\", \"send\" },\n },\n Description = \"Information about this custom field\",\n Key = \"user.firstName\",\n Required = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthFormField(ctx, \"field\", &fusionauth.FusionAuthFormFieldArgs{\n\t\t\tConfirm: pulumi.Bool(true),\n\t\t\tData: pulumi.StringMap{\n\t\t\t\t\"leftAddOn\": pulumi.String(\"send\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Information about this custom field\"),\n\t\t\tKey: pulumi.String(\"user.firstName\"),\n\t\t\tRequired: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthFormField;\nimport com.pulumi.fusionauth.FusionAuthFormFieldArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var field = new FusionAuthFormField(\"field\", FusionAuthFormFieldArgs.builder()\n .confirm(true)\n .data(Map.of(\"leftAddOn\", \"send\"))\n .description(\"Information about this custom field\")\n .key(\"user.firstName\")\n .required(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n field:\n type: fusionauth:FusionAuthFormField\n properties:\n confirm: true\n data:\n leftAddOn: send\n description: Information about this custom field\n key: user.firstName\n required: true\n```\n\n", "properties": { "confirm": { "type": "boolean", "description": "Determines if the user input should be confirmed by requiring the value to be entered twice. If true, a confirmation field is included.\n" }, "consentId": { "type": "string", "description": "The Id of an existing Consent. This field will be required when the type is set to consent.\n" }, "control": { "type": "string", "description": "The Form Field control\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Form Field that should be persisted.\n" }, "description": { "type": "string", "description": "A description of the Form Field.\n" }, "formFieldId": { "type": "string", "description": "The Id to use for the new Form Field. If not specified a secure random UUID will be generated.\n" }, "key": { "type": "string", "description": "The key is the path to the value in the user or registration object.\n" }, "name": { "type": "string", "description": "The unique name of the Form Field.\n" }, "options": { "type": "array", "items": { "type": "string" }, "description": "A list of options that are applied to checkbox, radio, or select controls.\n" }, "required": { "type": "boolean", "description": "Determines if a value is required to complete the form.\n" }, "type": { "type": "string", "description": "The data type used to store the value in FusionAuth.\n" }, "validator": { "$ref": "#/types/fusionauth:index%2FFusionAuthFormFieldValidator:FusionAuthFormFieldValidator" } }, "type": "object", "required": [ "control", "key", "name", "validator" ], "inputProperties": { "confirm": { "type": "boolean", "description": "Determines if the user input should be confirmed by requiring the value to be entered twice. If true, a confirmation field is included.\n" }, "consentId": { "type": "string", "description": "The Id of an existing Consent. This field will be required when the type is set to consent.\n" }, "control": { "type": "string", "description": "The Form Field control\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Form Field that should be persisted.\n" }, "description": { "type": "string", "description": "A description of the Form Field.\n" }, "formFieldId": { "type": "string", "description": "The Id to use for the new Form Field. If not specified a secure random UUID will be generated.\n" }, "key": { "type": "string", "description": "The key is the path to the value in the user or registration object.\n", "willReplaceOnChanges": true }, "name": { "type": "string", "description": "The unique name of the Form Field.\n" }, "options": { "type": "array", "items": { "type": "string" }, "description": "A list of options that are applied to checkbox, radio, or select controls.\n" }, "required": { "type": "boolean", "description": "Determines if a value is required to complete the form.\n" }, "type": { "type": "string", "description": "The data type used to store the value in FusionAuth.\n" }, "validator": { "$ref": "#/types/fusionauth:index%2FFusionAuthFormFieldValidator:FusionAuthFormFieldValidator" } }, "requiredInputs": [ "key" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthFormField resources.\n", "properties": { "confirm": { "type": "boolean", "description": "Determines if the user input should be confirmed by requiring the value to be entered twice. If true, a confirmation field is included.\n" }, "consentId": { "type": "string", "description": "The Id of an existing Consent. This field will be required when the type is set to consent.\n" }, "control": { "type": "string", "description": "The Form Field control\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Form Field that should be persisted.\n" }, "description": { "type": "string", "description": "A description of the Form Field.\n" }, "formFieldId": { "type": "string", "description": "The Id to use for the new Form Field. If not specified a secure random UUID will be generated.\n" }, "key": { "type": "string", "description": "The key is the path to the value in the user or registration object.\n", "willReplaceOnChanges": true }, "name": { "type": "string", "description": "The unique name of the Form Field.\n" }, "options": { "type": "array", "items": { "type": "string" }, "description": "A list of options that are applied to checkbox, radio, or select controls.\n" }, "required": { "type": "boolean", "description": "Determines if a value is required to complete the form.\n" }, "type": { "type": "string", "description": "The data type used to store the value in FusionAuth.\n" }, "validator": { "$ref": "#/types/fusionauth:index%2FFusionAuthFormFieldValidator:FusionAuthFormFieldValidator" } }, "type": "object" } }, "fusionauth:index/fusionAuthGenericConnector:FusionAuthGenericConnector": { "description": "## # Generic Connector Resource\n\nA FusionAuth Generic Connector is a named object that provides configuration for allowing authentication against external systems.\n\n[Generic Connector API](https://fusionauth.io/docs/v1/tech/apis/connectors/generic/)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst example = new fusionauth.FusionAuthGenericConnector(\"example\", {\n authenticationUrl: \"http://mygameserver.local:7001/fusionauth-connector\",\n connectTimeout: 1000,\n data: {\n foo: \"bar\",\n },\n debug: false,\n headers: {\n foo: \"bar\",\n bar: \"baz\",\n },\n httpAuthenticationPassword: \"supersecret\",\n httpAuthenticationUsername: \"me\",\n readTimeout: 2000,\n sslCertificateKeyId: \"00000000-0000-0000-0000-000000000678\",\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nexample = fusionauth.FusionAuthGenericConnector(\"example\",\n authentication_url=\"http://mygameserver.local:7001/fusionauth-connector\",\n connect_timeout=1000,\n data={\n \"foo\": \"bar\",\n },\n debug=False,\n headers={\n \"foo\": \"bar\",\n \"bar\": \"baz\",\n },\n http_authentication_password=\"supersecret\",\n http_authentication_username=\"me\",\n read_timeout=2000,\n ssl_certificate_key_id=\"00000000-0000-0000-0000-000000000678\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var example = new Fusionauth.FusionAuthGenericConnector(\"example\", new()\n {\n AuthenticationUrl = \"http://mygameserver.local:7001/fusionauth-connector\",\n ConnectTimeout = 1000,\n Data = \n {\n { \"foo\", \"bar\" },\n },\n Debug = false,\n Headers = \n {\n { \"foo\", \"bar\" },\n { \"bar\", \"baz\" },\n },\n HttpAuthenticationPassword = \"supersecret\",\n HttpAuthenticationUsername = \"me\",\n ReadTimeout = 2000,\n SslCertificateKeyId = \"00000000-0000-0000-0000-000000000678\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthGenericConnector(ctx, \"example\", &fusionauth.FusionAuthGenericConnectorArgs{\n\t\t\tAuthenticationUrl: pulumi.String(\"http://mygameserver.local:7001/fusionauth-connector\"),\n\t\t\tConnectTimeout: pulumi.Int(1000),\n\t\t\tData: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t\tDebug: pulumi.Bool(false),\n\t\t\tHeaders: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\"bar\": pulumi.String(\"baz\"),\n\t\t\t},\n\t\t\tHttpAuthenticationPassword: pulumi.String(\"supersecret\"),\n\t\t\tHttpAuthenticationUsername: pulumi.String(\"me\"),\n\t\t\tReadTimeout: pulumi.Int(2000),\n\t\t\tSslCertificateKeyId: pulumi.String(\"00000000-0000-0000-0000-000000000678\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthGenericConnector;\nimport com.pulumi.fusionauth.FusionAuthGenericConnectorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new FusionAuthGenericConnector(\"example\", FusionAuthGenericConnectorArgs.builder()\n .authenticationUrl(\"http://mygameserver.local:7001/fusionauth-connector\")\n .connectTimeout(1000)\n .data(Map.of(\"foo\", \"bar\"))\n .debug(false)\n .headers(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"bar\", \"baz\")\n ))\n .httpAuthenticationPassword(\"supersecret\")\n .httpAuthenticationUsername(\"me\")\n .readTimeout(2000)\n .sslCertificateKeyId(\"00000000-0000-0000-0000-000000000678\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: fusionauth:FusionAuthGenericConnector\n properties:\n authenticationUrl: http://mygameserver.local:7001/fusionauth-connector\n connectTimeout: 1000\n data:\n foo: bar\n debug: false\n headers:\n foo: bar\n bar: baz\n httpAuthenticationPassword: supersecret\n httpAuthenticationUsername: me\n readTimeout: 2000\n sslCertificateKeyId: 00000000-0000-0000-0000-000000000678\n```\n\n", "properties": { "authenticationUrl": { "type": "string", "description": "The fully qualified URL used to send an HTTP request to authenticate the user.\n" }, "connectTimeout": { "type": "integer", "description": "The connect timeout for the HTTP connection, in milliseconds. Value must be greater than 0.\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Connector that should be persisted.\n" }, "debug": { "type": "boolean", "description": "Determines if debug should be enabled to create an event log to assist in debugging integration errors. Defaults to false.\n" }, "headers": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold HTTPHeader key and value pairs.\n" }, "httpAuthenticationPassword": { "type": "string", "description": "The HTTP basic authentication password that is sent as part of the HTTP request for the events.\n", "secret": true }, "httpAuthenticationUsername": { "type": "string", "description": "The HTTP basic authentication username that is sent as part of the HTTP request for the events.\n", "secret": true }, "name": { "type": "string", "description": "The unique Connector name.\n" }, "readTimeout": { "type": "integer", "description": "The read timeout in milliseconds used when FusionAuth sends events to the Webhook.\n" }, "sslCertificateKeyId": { "type": "string", "description": "The Id of an existing [Key](https://fusionauth.io/docs/v1/tech/apis/keys/). The X509 certificate is used for client certificate authentication in requests to the Connector.\n" } }, "type": "object", "required": [ "authenticationUrl", "connectTimeout", "name", "readTimeout" ], "inputProperties": { "authenticationUrl": { "type": "string", "description": "The fully qualified URL used to send an HTTP request to authenticate the user.\n" }, "connectTimeout": { "type": "integer", "description": "The connect timeout for the HTTP connection, in milliseconds. Value must be greater than 0.\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Connector that should be persisted.\n" }, "debug": { "type": "boolean", "description": "Determines if debug should be enabled to create an event log to assist in debugging integration errors. Defaults to false.\n" }, "headers": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold HTTPHeader key and value pairs.\n" }, "httpAuthenticationPassword": { "type": "string", "description": "The HTTP basic authentication password that is sent as part of the HTTP request for the events.\n", "secret": true }, "httpAuthenticationUsername": { "type": "string", "description": "The HTTP basic authentication username that is sent as part of the HTTP request for the events.\n", "secret": true }, "name": { "type": "string", "description": "The unique Connector name.\n" }, "readTimeout": { "type": "integer", "description": "The read timeout in milliseconds used when FusionAuth sends events to the Webhook.\n" }, "sslCertificateKeyId": { "type": "string", "description": "The Id of an existing [Key](https://fusionauth.io/docs/v1/tech/apis/keys/). The X509 certificate is used for client certificate authentication in requests to the Connector.\n" } }, "requiredInputs": [ "authenticationUrl", "connectTimeout", "readTimeout" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthGenericConnector resources.\n", "properties": { "authenticationUrl": { "type": "string", "description": "The fully qualified URL used to send an HTTP request to authenticate the user.\n" }, "connectTimeout": { "type": "integer", "description": "The connect timeout for the HTTP connection, in milliseconds. Value must be greater than 0.\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Connector that should be persisted.\n" }, "debug": { "type": "boolean", "description": "Determines if debug should be enabled to create an event log to assist in debugging integration errors. Defaults to false.\n" }, "headers": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold HTTPHeader key and value pairs.\n" }, "httpAuthenticationPassword": { "type": "string", "description": "The HTTP basic authentication password that is sent as part of the HTTP request for the events.\n", "secret": true }, "httpAuthenticationUsername": { "type": "string", "description": "The HTTP basic authentication username that is sent as part of the HTTP request for the events.\n", "secret": true }, "name": { "type": "string", "description": "The unique Connector name.\n" }, "readTimeout": { "type": "integer", "description": "The read timeout in milliseconds used when FusionAuth sends events to the Webhook.\n" }, "sslCertificateKeyId": { "type": "string", "description": "The Id of an existing [Key](https://fusionauth.io/docs/v1/tech/apis/keys/). The X509 certificate is used for client certificate authentication in requests to the Connector.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthGroup:FusionAuthGroup": { "description": "## # Group Resource\n\nA FusionAuth Group is a named object that optionally contains one to many Application Roles.\n\nWhen a Group does not contain any Application Roles it can still be utilized to logically associate users. Assigning Application Roles to a group allow it to be used to dynamically manage Role assignment to registered Users. In this second scenario as long as a User is registered to an Application the Group membership will allow them to inherit the corresponding Roles from the Group.\n\n[Groups API](https://fusionauth.io/docs/v1/tech/apis/groups)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst myGroup = new fusionauth.FusionAuthGroup(\"myGroup\", {\n tenantId: fusionauth_tenant.my_tenant.id,\n roleIds: [fusionauth_application_role.admins.id],\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nmy_group = fusionauth.FusionAuthGroup(\"myGroup\",\n tenant_id=fusionauth_tenant[\"my_tenant\"][\"id\"],\n role_ids=[fusionauth_application_role[\"admins\"][\"id\"]])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var myGroup = new Fusionauth.FusionAuthGroup(\"myGroup\", new()\n {\n TenantId = fusionauth_tenant.My_tenant.Id,\n RoleIds = new[]\n {\n fusionauth_application_role.Admins.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthGroup(ctx, \"myGroup\", &fusionauth.FusionAuthGroupArgs{\n\t\t\tTenantId: pulumi.Any(fusionauth_tenant.My_tenant.Id),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\tfusionauth_application_role.Admins.Id,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthGroup;\nimport com.pulumi.fusionauth.FusionAuthGroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var myGroup = new FusionAuthGroup(\"myGroup\", FusionAuthGroupArgs.builder()\n .tenantId(fusionauth_tenant.my_tenant().id())\n .roleIds(fusionauth_application_role.admins().id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n myGroup:\n type: fusionauth:FusionAuthGroup\n properties:\n tenantId: ${fusionauth_tenant.my_tenant.id}\n roleIds:\n - ${fusionauth_application_role.admins.id}\n```\n\n", "properties": { "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Group that should be persisted.\n" }, "groupId": { "type": "string", "description": "The Id to use for the new Group. If not specified a secure random UUID will be generated.\n" }, "name": { "type": "string", "description": "The name of the Group.\n" }, "roleIds": { "type": "array", "items": { "type": "string" }, "description": "The Application Roles to assign to this group.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant used to scope this API request.\n" } }, "type": "object", "required": [ "groupId", "name", "tenantId" ], "inputProperties": { "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Group that should be persisted.\n" }, "groupId": { "type": "string", "description": "The Id to use for the new Group. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "name": { "type": "string", "description": "The name of the Group.\n" }, "roleIds": { "type": "array", "items": { "type": "string" }, "description": "The Application Roles to assign to this group.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant used to scope this API request.\n" } }, "requiredInputs": [ "tenantId" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthGroup resources.\n", "properties": { "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Group that should be persisted.\n" }, "groupId": { "type": "string", "description": "The Id to use for the new Group. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "name": { "type": "string", "description": "The name of the Group.\n" }, "roleIds": { "type": "array", "items": { "type": "string" }, "description": "The Application Roles to assign to this group.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant used to scope this API request.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthIdpApple:FusionAuthIdpApple": { "description": "## # Apple Identity Provider Resource\n\nThe Apple identity provider type will use the Sign in with Apple APIs and will provide a Sign with Apple button on FusionAuth’s login page that will either redirect to an Apple sign in page or leverage native controls when using Safari on macOS or iOS. Additionally, this identity provider will call Apple’s /auth/token API to load additional details about the user and store them in FusionAuth.\n\nFusionAuth will also store the Apple refresh_token that is returned from the /auth/token endpoint in the UserRegistration object inside the tokens Map. This Map stores the tokens from the various identity providers so that you can use them in your application to call their APIs.\n\n[Apple Identity Providers API](https://fusionauth.io/docs/v1/tech/apis/identity-providers/apple/#create-the-apple-identity-provider)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst apple = new fusionauth.FusionAuthIdpApple(\"apple\", {\n applicationConfigurations: [{\n applicationId: \"1c212e59-0d0e-6b1a-ad48-f4f92793be32\",\n createRegistration: true,\n enabled: true,\n }],\n buttonText: \"Sign in with Apple\",\n debug: false,\n enabled: true,\n keyId: \"2f81529c-4d39-4ce2-982e-cf5fbb1325f6\",\n scope: \"email name\",\n servicesId: \"com.piedpiper.webapp\",\n teamId: \"R4NQ1P4UEB\",\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\napple = fusionauth.FusionAuthIdpApple(\"apple\",\n application_configurations=[{\n \"application_id\": \"1c212e59-0d0e-6b1a-ad48-f4f92793be32\",\n \"create_registration\": True,\n \"enabled\": True,\n }],\n button_text=\"Sign in with Apple\",\n debug=False,\n enabled=True,\n key_id=\"2f81529c-4d39-4ce2-982e-cf5fbb1325f6\",\n scope=\"email name\",\n services_id=\"com.piedpiper.webapp\",\n team_id=\"R4NQ1P4UEB\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var apple = new Fusionauth.FusionAuthIdpApple(\"apple\", new()\n {\n ApplicationConfigurations = new[]\n {\n new Fusionauth.Inputs.FusionAuthIdpAppleApplicationConfigurationArgs\n {\n ApplicationId = \"1c212e59-0d0e-6b1a-ad48-f4f92793be32\",\n CreateRegistration = true,\n Enabled = true,\n },\n },\n ButtonText = \"Sign in with Apple\",\n Debug = false,\n Enabled = true,\n KeyId = \"2f81529c-4d39-4ce2-982e-cf5fbb1325f6\",\n Scope = \"email name\",\n ServicesId = \"com.piedpiper.webapp\",\n TeamId = \"R4NQ1P4UEB\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthIdpApple(ctx, \"apple\", &fusionauth.FusionAuthIdpAppleArgs{\n\t\t\tApplicationConfigurations: fusionauth.FusionAuthIdpAppleApplicationConfigurationArray{\n\t\t\t\t&fusionauth.FusionAuthIdpAppleApplicationConfigurationArgs{\n\t\t\t\t\tApplicationId: pulumi.String(\"1c212e59-0d0e-6b1a-ad48-f4f92793be32\"),\n\t\t\t\t\tCreateRegistration: pulumi.Bool(true),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tButtonText: pulumi.String(\"Sign in with Apple\"),\n\t\t\tDebug: pulumi.Bool(false),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tKeyId: pulumi.String(\"2f81529c-4d39-4ce2-982e-cf5fbb1325f6\"),\n\t\t\tScope: pulumi.String(\"email name\"),\n\t\t\tServicesId: pulumi.String(\"com.piedpiper.webapp\"),\n\t\t\tTeamId: pulumi.String(\"R4NQ1P4UEB\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthIdpApple;\nimport com.pulumi.fusionauth.FusionAuthIdpAppleArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthIdpAppleApplicationConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var apple = new FusionAuthIdpApple(\"apple\", FusionAuthIdpAppleArgs.builder()\n .applicationConfigurations(FusionAuthIdpAppleApplicationConfigurationArgs.builder()\n .applicationId(\"1c212e59-0d0e-6b1a-ad48-f4f92793be32\")\n .createRegistration(true)\n .enabled(true)\n .build())\n .buttonText(\"Sign in with Apple\")\n .debug(false)\n .enabled(true)\n .keyId(\"2f81529c-4d39-4ce2-982e-cf5fbb1325f6\")\n .scope(\"email name\")\n .servicesId(\"com.piedpiper.webapp\")\n .teamId(\"R4NQ1P4UEB\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n apple:\n type: fusionauth:FusionAuthIdpApple\n properties:\n applicationConfigurations:\n - applicationId: 1c212e59-0d0e-6b1a-ad48-f4f92793be32\n createRegistration: true\n enabled: true\n buttonText: Sign in with Apple\n debug: false\n enabled: true\n keyId: 2f81529c-4d39-4ce2-982e-cf5fbb1325f6\n scope: email name\n servicesId: com.piedpiper.webapp\n teamId: R4NQ1P4UEB\n```\n\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpAppleApplicationConfiguration:FusionAuthIdpAppleApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "bundleId": { "type": "string", "description": "The Apple Bundle identifier found in your Apple Developer Account which has been configured for Sign in with Apple. The Bundle identifier is used to Sign in with Apple from native applications. The request must include `bundle_id` or `services_id` . If `services_id` is omitted, this field is required.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "keyId": { "type": "string", "description": "The unique Id of the private key downloaded from Apple and imported into Key Master that will be used to sign the client secret.\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "scope": { "type": "string", "description": "The top-level space separated scope that you are requesting from Apple.\n" }, "servicesId": { "type": "string", "description": "The unique Id of the private key downloaded from Apple and imported into Key Master that will be used to sign the client secret.\n" }, "teamId": { "type": "string", "description": "The Apple App ID Prefix, or Team ID found in your Apple Developer Account which has been configured for Sign in with Apple.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpAppleTenantConfiguration:FusionAuthIdpAppleTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "type": "object", "required": [ "bundleId", "buttonText", "keyId", "linkingStrategy", "servicesId", "teamId" ], "inputProperties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpAppleApplicationConfiguration:FusionAuthIdpAppleApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "bundleId": { "type": "string", "description": "The Apple Bundle identifier found in your Apple Developer Account which has been configured for Sign in with Apple. The Bundle identifier is used to Sign in with Apple from native applications. The request must include `bundle_id` or `services_id` . If `services_id` is omitted, this field is required.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "keyId": { "type": "string", "description": "The unique Id of the private key downloaded from Apple and imported into Key Master that will be used to sign the client secret.\n", "willReplaceOnChanges": true }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "scope": { "type": "string", "description": "The top-level space separated scope that you are requesting from Apple.\n" }, "servicesId": { "type": "string", "description": "The unique Id of the private key downloaded from Apple and imported into Key Master that will be used to sign the client secret.\n" }, "teamId": { "type": "string", "description": "The Apple App ID Prefix, or Team ID found in your Apple Developer Account which has been configured for Sign in with Apple.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpAppleTenantConfiguration:FusionAuthIdpAppleTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "requiredInputs": [ "bundleId", "buttonText", "keyId", "servicesId", "teamId" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthIdpApple resources.\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpAppleApplicationConfiguration:FusionAuthIdpAppleApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "bundleId": { "type": "string", "description": "The Apple Bundle identifier found in your Apple Developer Account which has been configured for Sign in with Apple. The Bundle identifier is used to Sign in with Apple from native applications. The request must include `bundle_id` or `services_id` . If `services_id` is omitted, this field is required.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "keyId": { "type": "string", "description": "The unique Id of the private key downloaded from Apple and imported into Key Master that will be used to sign the client secret.\n", "willReplaceOnChanges": true }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "scope": { "type": "string", "description": "The top-level space separated scope that you are requesting from Apple.\n" }, "servicesId": { "type": "string", "description": "The unique Id of the private key downloaded from Apple and imported into Key Master that will be used to sign the client secret.\n" }, "teamId": { "type": "string", "description": "The Apple App ID Prefix, or Team ID found in your Apple Developer Account which has been configured for Sign in with Apple.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpAppleTenantConfiguration:FusionAuthIdpAppleTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthIdpExternalJwt:FusionAuthIdpExternalJwt": { "description": "## # External JWT Identity Provider Resource\n\nThis is a special type of identity provider that is only used via the JWT Reconcile API. This identity provider defines the claims inside the incoming JWT and how they map to fields in the FusionAuth User object.\n\nIn order for this identity provider to use the JWT, it also needs the public key or HMAC secret that the JWT was signed with. FusionAuth will verify that the JWT is valid and has not expired. Once the JWT has been validated, FusionAuth will reconcile it to ensure that the User exists and is up-to-date.\n\n[External JWT Identity Providers API](https://fusionauth.io/docs/v1/tech/apis/identity-providers/external-jwt/)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst jwt = new fusionauth.FusionAuthIdpExternalJwt(\"jwt\", {\n claimMap: {\n dept: \"RegistrationData\",\n first_name: \"firstName\",\n last_name: \"lastName\",\n },\n debug: false,\n enabled: true,\n headerKeyParameter: \"kid\",\n oauth2AuthorizationEndpoint: \"https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect\",\n oauth2TokenEndpoint: \"https://acme.com/adfs/oauth2/token\",\n uniqueIdentityClaim: \"email\",\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\njwt = fusionauth.FusionAuthIdpExternalJwt(\"jwt\",\n claim_map={\n \"dept\": \"RegistrationData\",\n \"first_name\": \"firstName\",\n \"last_name\": \"lastName\",\n },\n debug=False,\n enabled=True,\n header_key_parameter=\"kid\",\n oauth2_authorization_endpoint=\"https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect\",\n oauth2_token_endpoint=\"https://acme.com/adfs/oauth2/token\",\n unique_identity_claim=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var jwt = new Fusionauth.FusionAuthIdpExternalJwt(\"jwt\", new()\n {\n ClaimMap = \n {\n { \"dept\", \"RegistrationData\" },\n { \"first_name\", \"firstName\" },\n { \"last_name\", \"lastName\" },\n },\n Debug = false,\n Enabled = true,\n HeaderKeyParameter = \"kid\",\n Oauth2AuthorizationEndpoint = \"https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect\",\n Oauth2TokenEndpoint = \"https://acme.com/adfs/oauth2/token\",\n UniqueIdentityClaim = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthIdpExternalJwt(ctx, \"jwt\", &fusionauth.FusionAuthIdpExternalJwtArgs{\n\t\t\tClaimMap: pulumi.StringMap{\n\t\t\t\t\"dept\": pulumi.String(\"RegistrationData\"),\n\t\t\t\t\"first_name\": pulumi.String(\"firstName\"),\n\t\t\t\t\"last_name\": pulumi.String(\"lastName\"),\n\t\t\t},\n\t\t\tDebug: pulumi.Bool(false),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tHeaderKeyParameter: pulumi.String(\"kid\"),\n\t\t\tOauth2AuthorizationEndpoint: pulumi.String(\"https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect\"),\n\t\t\tOauth2TokenEndpoint: pulumi.String(\"https://acme.com/adfs/oauth2/token\"),\n\t\t\tUniqueIdentityClaim: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthIdpExternalJwt;\nimport com.pulumi.fusionauth.FusionAuthIdpExternalJwtArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var jwt = new FusionAuthIdpExternalJwt(\"jwt\", FusionAuthIdpExternalJwtArgs.builder()\n .claimMap(Map.ofEntries(\n Map.entry(\"dept\", \"RegistrationData\"),\n Map.entry(\"first_name\", \"firstName\"),\n Map.entry(\"last_name\", \"lastName\")\n ))\n .debug(false)\n .enabled(true)\n .headerKeyParameter(\"kid\")\n .oauth2AuthorizationEndpoint(\"https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect\")\n .oauth2TokenEndpoint(\"https://acme.com/adfs/oauth2/token\")\n .uniqueIdentityClaim(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n jwt:\n type: fusionauth:FusionAuthIdpExternalJwt\n properties:\n claimMap:\n dept: RegistrationData\n first_name: firstName\n last_name: lastName\n debug: false\n enabled: true\n headerKeyParameter: kid\n oauth2AuthorizationEndpoint: https://acme.com/adfs/oauth2/authorize?client_id=cf3b00da-9551-460a-ad18-33232e6cbff0&response_type=code&redirect_uri=https://acme.com/oauth2/redirect\n oauth2TokenEndpoint: https://acme.com/adfs/oauth2/token\n uniqueIdentityClaim: email\n```\n\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpExternalJwtApplicationConfiguration:FusionAuthIdpExternalJwtApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "claimMap": { "type": "object", "additionalProperties": { "type": "string" }, "description": "A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider. The following are allowed values: birthDate, firstName, lastName, fullName, middleName, mobilePhone, imageUrl, timezone, UserData and RegistrationData.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "defaultKeyId": { "type": "string", "description": "When configured this key will be used to verify the signature of the JWT when the header key defined by the headerKeyParameter property is not found in the JWT header. In most cases, the JWT header will contain the key identifier and this value will be used to resolve the correct public key or X.509 certificate to verify the signature. This assumes the public key or X.509 certificate has already been imported using the Key API or Key Master in the FusionAuth admin UI.\n" }, "domains": { "type": "array", "items": { "type": "string" }, "description": "An array of domains that are managed by this Identity Provider.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "headerKeyParameter": { "type": "string", "description": "The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "name": { "type": "string", "description": "The name of the Identity Provider.\n" }, "oauth2AuthorizationEndpoint": { "type": "string", "description": "The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.\n" }, "oauth2EmailClaim": { "type": "string", "description": "The name of the claim that contains the user's email address. This will only be used when the `linking_strategy`is equal to LinkByEmail or LinkByEmailForExistingUser.\n" }, "oauth2EmailVerifiedClaim": { "type": "string", "description": "The name of the claim that identities if the user's email address has been verified. When the `linking_strategy` is equal to LinkByEmail or LinkByEmailForExistingUser and this claim is present and the value is false a link will not be established and an error will be returned indicating a link cannot be established using an unverified email address.\n" }, "oauth2TokenEndpoint": { "type": "string", "description": "The token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.\n" }, "oauth2UniqueIdClaim": { "type": "string", "description": "The name of the claim that contains the user's unique user Id.\n" }, "oauth2UsernameClaim": { "type": "string", "description": "The name of the claim that contains the user's username. This will only be used when the `linking_strategy` is equal to LinkByUsername or LinkByUsernameForExistingUser.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpExternalJwtTenantConfiguration:FusionAuthIdpExternalJwtTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" }, "uniqueIdentityClaim": { "type": "string", "description": "(Optional) The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.\n", "deprecationMessage": "This field is deprecated and will be removed in a future release. Prefer the use of oauth2_unique_id_claim." } }, "type": "object", "required": [ "headerKeyParameter", "linkingStrategy", "name" ], "inputProperties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpExternalJwtApplicationConfiguration:FusionAuthIdpExternalJwtApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "claimMap": { "type": "object", "additionalProperties": { "type": "string" }, "description": "A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider. The following are allowed values: birthDate, firstName, lastName, fullName, middleName, mobilePhone, imageUrl, timezone, UserData and RegistrationData.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "defaultKeyId": { "type": "string", "description": "When configured this key will be used to verify the signature of the JWT when the header key defined by the headerKeyParameter property is not found in the JWT header. In most cases, the JWT header will contain the key identifier and this value will be used to resolve the correct public key or X.509 certificate to verify the signature. This assumes the public key or X.509 certificate has already been imported using the Key API or Key Master in the FusionAuth admin UI.\n" }, "domains": { "type": "array", "items": { "type": "string" }, "description": "An array of domains that are managed by this Identity Provider.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "headerKeyParameter": { "type": "string", "description": "The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "name": { "type": "string", "description": "The name of the Identity Provider.\n" }, "oauth2AuthorizationEndpoint": { "type": "string", "description": "The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.\n" }, "oauth2EmailClaim": { "type": "string", "description": "The name of the claim that contains the user's email address. This will only be used when the `linking_strategy`is equal to LinkByEmail or LinkByEmailForExistingUser.\n" }, "oauth2EmailVerifiedClaim": { "type": "string", "description": "The name of the claim that identities if the user's email address has been verified. When the `linking_strategy` is equal to LinkByEmail or LinkByEmailForExistingUser and this claim is present and the value is false a link will not be established and an error will be returned indicating a link cannot be established using an unverified email address.\n" }, "oauth2TokenEndpoint": { "type": "string", "description": "The token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.\n" }, "oauth2UniqueIdClaim": { "type": "string", "description": "The name of the claim that contains the user's unique user Id.\n" }, "oauth2UsernameClaim": { "type": "string", "description": "The name of the claim that contains the user's username. This will only be used when the `linking_strategy` is equal to LinkByUsername or LinkByUsernameForExistingUser.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpExternalJwtTenantConfiguration:FusionAuthIdpExternalJwtTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" }, "uniqueIdentityClaim": { "type": "string", "description": "(Optional) The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.\n", "deprecationMessage": "This field is deprecated and will be removed in a future release. Prefer the use of oauth2_unique_id_claim." } }, "requiredInputs": [ "headerKeyParameter" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthIdpExternalJwt resources.\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpExternalJwtApplicationConfiguration:FusionAuthIdpExternalJwtApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "claimMap": { "type": "object", "additionalProperties": { "type": "string" }, "description": "A map of incoming claims to User fields, User data or Registration data. The key of the map is the incoming claim name from the configured identity provider. The following are allowed values: birthDate, firstName, lastName, fullName, middleName, mobilePhone, imageUrl, timezone, UserData and RegistrationData.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "defaultKeyId": { "type": "string", "description": "When configured this key will be used to verify the signature of the JWT when the header key defined by the headerKeyParameter property is not found in the JWT header. In most cases, the JWT header will contain the key identifier and this value will be used to resolve the correct public key or X.509 certificate to verify the signature. This assumes the public key or X.509 certificate has already been imported using the Key API or Key Master in the FusionAuth admin UI.\n" }, "domains": { "type": "array", "items": { "type": "string" }, "description": "An array of domains that are managed by this Identity Provider.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "headerKeyParameter": { "type": "string", "description": "The name header claim that identifies the public key used to verify the signature. In most cases this be kid or x5t.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "name": { "type": "string", "description": "The name of the Identity Provider.\n" }, "oauth2AuthorizationEndpoint": { "type": "string", "description": "The authorization endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to perform the browser redirect to the OAuth2 authorize endpoint.\n" }, "oauth2EmailClaim": { "type": "string", "description": "The name of the claim that contains the user's email address. This will only be used when the `linking_strategy`is equal to LinkByEmail or LinkByEmailForExistingUser.\n" }, "oauth2EmailVerifiedClaim": { "type": "string", "description": "The name of the claim that identities if the user's email address has been verified. When the `linking_strategy` is equal to LinkByEmail or LinkByEmailForExistingUser and this claim is present and the value is false a link will not be established and an error will be returned indicating a link cannot be established using an unverified email address.\n" }, "oauth2TokenEndpoint": { "type": "string", "description": "The token endpoint for this Identity Provider. This value is not utilized by FusionAuth is only provided to be returned by the Lookup Identity Provider API response. During integration you may then utilize this value to complete the OAuth2 grant workflow.\n" }, "oauth2UniqueIdClaim": { "type": "string", "description": "The name of the claim that contains the user's unique user Id.\n" }, "oauth2UsernameClaim": { "type": "string", "description": "The name of the claim that contains the user's username. This will only be used when the `linking_strategy` is equal to LinkByUsername or LinkByUsernameForExistingUser.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpExternalJwtTenantConfiguration:FusionAuthIdpExternalJwtTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" }, "uniqueIdentityClaim": { "type": "string", "description": "(Optional) The name of the claim that represents the unique identify of the User. This will generally be email or the name of the claim that provides the email address.\n", "deprecationMessage": "This field is deprecated and will be removed in a future release. Prefer the use of oauth2_unique_id_claim." } }, "type": "object" } }, "fusionauth:index/fusionAuthIdpFacebook:FusionAuthIdpFacebook": { "description": "## # Facebook Identity Provider Resource\n\nThe Facebook identity provider type will use the Facebook OAuth login API. It will provide a `Login with Facebook` button on FusionAuth’s login page that will leverage the Facebook login pop-up dialog. Additionally, this identity provider will call Facebook’s Graph API to load additional details about the user and store them in FusionAuth.\n\nThe email address returned by the Facebook Graph API will be used to create or lookup the existing user. Additional claims returned by Facebook can be used to reconcile the User to FusionAuth by using a Facebook Reconcile Lambda. Unless you assign a reconcile lambda to this provider, on the `email` address will be used from the available claims returned by Facebook.\n\nWhen the `picture` field is not requested FusionAuth will also call Facebook’s `/me/picture` API to load the user’s profile image and store it as the `imageUrl` in FusionAuth. When the `picture` field is requested, the user’s profile image will be returned by the `/me` API and a second request to the `/me/picture` endpoint will not be required.\n\nFinally, FusionAuth will call Facebook’s `/oauth/access_token` API to exchange the login token for a long-lived Facebook token. This token is stored in the `UserRegistration` object inside the `tokens` Map. This Map stores the tokens from the various identity providers so that you can use them in your application to call their APIs.\n\nPlease note if an `idp_hint` is appended to the OAuth Authorize endpoint, then the interaction behavior will be defaulted to `redirect`, even if popup interaction is explicitly configured.\n\n[Facebook Identity Providers API](https://fusionauth.io/docs/v1/tech/apis/identity-providers/facebook)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst facebook = new fusionauth.FusionAuthIdpFacebook(\"facebook\", {\n applicationConfigurations: [{\n applicationId: fusionauth_application.myapp.id,\n createRegistration: true,\n enabled: true,\n }],\n buttonText: \"Login with Facebook\",\n debug: false,\n enabled: true,\n appId: \"9876543210\",\n clientSecret: \"716a572f917640698cdb99e9d7e64115\",\n fields: \"email\",\n permissions: \"email\",\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nfacebook = fusionauth.FusionAuthIdpFacebook(\"facebook\",\n application_configurations=[{\n \"application_id\": fusionauth_application[\"myapp\"][\"id\"],\n \"create_registration\": True,\n \"enabled\": True,\n }],\n button_text=\"Login with Facebook\",\n debug=False,\n enabled=True,\n app_id=\"9876543210\",\n client_secret=\"716a572f917640698cdb99e9d7e64115\",\n fields=\"email\",\n permissions=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var facebook = new Fusionauth.FusionAuthIdpFacebook(\"facebook\", new()\n {\n ApplicationConfigurations = new[]\n {\n new Fusionauth.Inputs.FusionAuthIdpFacebookApplicationConfigurationArgs\n {\n ApplicationId = fusionauth_application.Myapp.Id,\n CreateRegistration = true,\n Enabled = true,\n },\n },\n ButtonText = \"Login with Facebook\",\n Debug = false,\n Enabled = true,\n AppId = \"9876543210\",\n ClientSecret = \"716a572f917640698cdb99e9d7e64115\",\n Fields = \"email\",\n Permissions = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthIdpFacebook(ctx, \"facebook\", &fusionauth.FusionAuthIdpFacebookArgs{\n\t\t\tApplicationConfigurations: fusionauth.FusionAuthIdpFacebookApplicationConfigurationArray{\n\t\t\t\t&fusionauth.FusionAuthIdpFacebookApplicationConfigurationArgs{\n\t\t\t\t\tApplicationId: pulumi.Any(fusionauth_application.Myapp.Id),\n\t\t\t\t\tCreateRegistration: pulumi.Bool(true),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tButtonText: pulumi.String(\"Login with Facebook\"),\n\t\t\tDebug: pulumi.Bool(false),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAppId: pulumi.String(\"9876543210\"),\n\t\t\tClientSecret: pulumi.String(\"716a572f917640698cdb99e9d7e64115\"),\n\t\t\tFields: pulumi.String(\"email\"),\n\t\t\tPermissions: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthIdpFacebook;\nimport com.pulumi.fusionauth.FusionAuthIdpFacebookArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthIdpFacebookApplicationConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var facebook = new FusionAuthIdpFacebook(\"facebook\", FusionAuthIdpFacebookArgs.builder()\n .applicationConfigurations(FusionAuthIdpFacebookApplicationConfigurationArgs.builder()\n .applicationId(fusionauth_application.myapp().id())\n .createRegistration(true)\n .enabled(true)\n .build())\n .buttonText(\"Login with Facebook\")\n .debug(false)\n .enabled(true)\n .appId(\"9876543210\")\n .clientSecret(\"716a572f917640698cdb99e9d7e64115\")\n .fields(\"email\")\n .permissions(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n facebook:\n type: fusionauth:FusionAuthIdpFacebook\n properties:\n applicationConfigurations:\n - applicationId: ${fusionauth_application.myapp.id}\n createRegistration: true\n enabled: true\n buttonText: Login with Facebook\n debug: false\n enabled: true\n appId: '9876543210'\n clientSecret: 716a572f917640698cdb99e9d7e64115\n fields: email\n permissions: email\n```\n\n", "properties": { "appId": { "type": "string", "description": "The top-level Facebook `appId` for your Application. This value is retrieved from the Facebook developer website when you setup your Facebook developer account.\n" }, "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpFacebookApplicationConfiguration:FusionAuthIdpFacebookApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret, also known as 'App Secret', to use with the Facebook Identity Provider when retrieving the long-lived token. This value is retrieved from the Facebook developer website when you setup your Facebook developer account.\n", "secret": true }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, an Event Log is created each time this provider is invoked to reconcile a login.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "fields": { "type": "string", "description": "The top-level fields that you are requesting from Facebook.\nField values are documented at [Facebook Graph API](https://developers.facebook.com/docs/graph-api/using-graph-api/)\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the Facebook Identity Provider and the user.\nThe valid values are:\n* `CreatePendingLink` - Do not automatically link, instead return a pending link identifier that can be used to link to an existing user.\n* `LinkAnonymously` - Always create a link based upon the unique Id returned by the identity provider. A username or email is not required and will not be used to link the user. A reconcile lambda will not be used in this configuration.\n* `LinkByEmail` - Link to an existing user based upon email. A user will be created with the email returned by the identity provider if one does not already exist.\n* `LinkByEmailForExistingUser` - Only link to an existing user based upon email. A user will not be created if one does not already exist with email returned by the identity provider.\n* `LinkByUsername` - Link to an existing user based upon username. A user will be created with the username returned by the identity provider if one does not already exist.\n* `LinkByUsernameForExistingUser` - Only link to an existing user based upon username. A user will not be created if one does not already exist with username returned by the identity provider.\n" }, "loginMethod": { "type": "string", "description": "The login method to use for this Identity Provider.\nThe valid values are:\n* `UsePopup` - When logging in use a popup window and the Facebook javascript library.\n* `UseRedirect` - When logging in use the Facebook OAuth redirect login flow.\n" }, "permissions": { "type": "string", "description": "The top-level permissions that your application is asking of the user’s Facebook account.\nPermission values are documented at [Facebook Login API](https://developers.facebook.com/docs/permissions/reference)\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpFacebookTenantConfiguration:FusionAuthIdpFacebookTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "type": "object", "required": [ "appId", "buttonText", "clientSecret", "lambdaReconcileId", "linkingStrategy" ], "inputProperties": { "appId": { "type": "string", "description": "The top-level Facebook `appId` for your Application. This value is retrieved from the Facebook developer website when you setup your Facebook developer account.\n" }, "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpFacebookApplicationConfiguration:FusionAuthIdpFacebookApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret, also known as 'App Secret', to use with the Facebook Identity Provider when retrieving the long-lived token. This value is retrieved from the Facebook developer website when you setup your Facebook developer account.\n", "secret": true }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, an Event Log is created each time this provider is invoked to reconcile a login.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "fields": { "type": "string", "description": "The top-level fields that you are requesting from Facebook.\nField values are documented at [Facebook Graph API](https://developers.facebook.com/docs/graph-api/using-graph-api/)\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the Facebook Identity Provider and the user.\nThe valid values are:\n* `CreatePendingLink` - Do not automatically link, instead return a pending link identifier that can be used to link to an existing user.\n* `LinkAnonymously` - Always create a link based upon the unique Id returned by the identity provider. A username or email is not required and will not be used to link the user. A reconcile lambda will not be used in this configuration.\n* `LinkByEmail` - Link to an existing user based upon email. A user will be created with the email returned by the identity provider if one does not already exist.\n* `LinkByEmailForExistingUser` - Only link to an existing user based upon email. A user will not be created if one does not already exist with email returned by the identity provider.\n* `LinkByUsername` - Link to an existing user based upon username. A user will be created with the username returned by the identity provider if one does not already exist.\n* `LinkByUsernameForExistingUser` - Only link to an existing user based upon username. A user will not be created if one does not already exist with username returned by the identity provider.\n" }, "loginMethod": { "type": "string", "description": "The login method to use for this Identity Provider.\nThe valid values are:\n* `UsePopup` - When logging in use a popup window and the Facebook javascript library.\n* `UseRedirect` - When logging in use the Facebook OAuth redirect login flow.\n" }, "permissions": { "type": "string", "description": "The top-level permissions that your application is asking of the user’s Facebook account.\nPermission values are documented at [Facebook Login API](https://developers.facebook.com/docs/permissions/reference)\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpFacebookTenantConfiguration:FusionAuthIdpFacebookTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "requiredInputs": [ "appId", "buttonText", "clientSecret" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthIdpFacebook resources.\n", "properties": { "appId": { "type": "string", "description": "The top-level Facebook `appId` for your Application. This value is retrieved from the Facebook developer website when you setup your Facebook developer account.\n" }, "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpFacebookApplicationConfiguration:FusionAuthIdpFacebookApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret, also known as 'App Secret', to use with the Facebook Identity Provider when retrieving the long-lived token. This value is retrieved from the Facebook developer website when you setup your Facebook developer account.\n", "secret": true }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, an Event Log is created each time this provider is invoked to reconcile a login.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "fields": { "type": "string", "description": "The top-level fields that you are requesting from Facebook.\nField values are documented at [Facebook Graph API](https://developers.facebook.com/docs/graph-api/using-graph-api/)\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the Facebook Identity Provider and the user.\nThe valid values are:\n* `CreatePendingLink` - Do not automatically link, instead return a pending link identifier that can be used to link to an existing user.\n* `LinkAnonymously` - Always create a link based upon the unique Id returned by the identity provider. A username or email is not required and will not be used to link the user. A reconcile lambda will not be used in this configuration.\n* `LinkByEmail` - Link to an existing user based upon email. A user will be created with the email returned by the identity provider if one does not already exist.\n* `LinkByEmailForExistingUser` - Only link to an existing user based upon email. A user will not be created if one does not already exist with email returned by the identity provider.\n* `LinkByUsername` - Link to an existing user based upon username. A user will be created with the username returned by the identity provider if one does not already exist.\n* `LinkByUsernameForExistingUser` - Only link to an existing user based upon username. A user will not be created if one does not already exist with username returned by the identity provider.\n" }, "loginMethod": { "type": "string", "description": "The login method to use for this Identity Provider.\nThe valid values are:\n* `UsePopup` - When logging in use a popup window and the Facebook javascript library.\n* `UseRedirect` - When logging in use the Facebook OAuth redirect login flow.\n" }, "permissions": { "type": "string", "description": "The top-level permissions that your application is asking of the user’s Facebook account.\nPermission values are documented at [Facebook Login API](https://developers.facebook.com/docs/permissions/reference)\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpFacebookTenantConfiguration:FusionAuthIdpFacebookTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthIdpGoogle:FusionAuthIdpGoogle": { "description": "## # Google Identity Provider Resource\n\nThe Google identity provider type will use the Google OAuth v2.0 login API. it will provide a Login with Google button on FusionAuth’s login page that will leverage the Google login pop-up dialog. Additionally, this identity provider will call Google’s /oauth2/v3/tokeninfo API to load additional details about the user and store them in FusionAuth.\n\nThe email address returned by the Google Token info API will be used to create or lookup the existing user. Additional claims returned by Google can be used to reconcile the User to FusionAuth by using a Google Reconcile Lambda. Unless you assign a reconcile lambda to this provider, on the email address will be used from the available claims returned by Google.\n\nFusionAuth will also store the Google access_token that is returned from the login pop-up dialog in the UserRegistration object inside the tokens Map. This Map stores the tokens from the various identity providers so that you can use them in your application to call their APIs.\n\n[Google Identity Providers API](https://fusionauth.io/docs/v1/tech/apis/identity-providers/google#create-the-google-identity-provider)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst google = new fusionauth.FusionAuthIdpGoogle(\"google\", {\n applicationConfigurations: [{\n applicationId: fusionauth_application.myapp.id,\n createRegistration: true,\n enabled: true,\n }],\n buttonText: \"Login with Google\",\n debug: false,\n clientId: \"254311943570-8e2i2hds0qdnee4124socceeh2q2mtjl.apps.googleusercontent.com\",\n clientSecret: \"BRr7x7xz_-cXxIFznBDIdxF1\",\n scope: \"profile\",\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\ngoogle = fusionauth.FusionAuthIdpGoogle(\"google\",\n application_configurations=[{\n \"application_id\": fusionauth_application[\"myapp\"][\"id\"],\n \"create_registration\": True,\n \"enabled\": True,\n }],\n button_text=\"Login with Google\",\n debug=False,\n client_id=\"254311943570-8e2i2hds0qdnee4124socceeh2q2mtjl.apps.googleusercontent.com\",\n client_secret=\"BRr7x7xz_-cXxIFznBDIdxF1\",\n scope=\"profile\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var google = new Fusionauth.FusionAuthIdpGoogle(\"google\", new()\n {\n ApplicationConfigurations = new[]\n {\n new Fusionauth.Inputs.FusionAuthIdpGoogleApplicationConfigurationArgs\n {\n ApplicationId = fusionauth_application.Myapp.Id,\n CreateRegistration = true,\n Enabled = true,\n },\n },\n ButtonText = \"Login with Google\",\n Debug = false,\n ClientId = \"254311943570-8e2i2hds0qdnee4124socceeh2q2mtjl.apps.googleusercontent.com\",\n ClientSecret = \"BRr7x7xz_-cXxIFznBDIdxF1\",\n Scope = \"profile\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthIdpGoogle(ctx, \"google\", &fusionauth.FusionAuthIdpGoogleArgs{\n\t\t\tApplicationConfigurations: fusionauth.FusionAuthIdpGoogleApplicationConfigurationArray{\n\t\t\t\t&fusionauth.FusionAuthIdpGoogleApplicationConfigurationArgs{\n\t\t\t\t\tApplicationId: pulumi.Any(fusionauth_application.Myapp.Id),\n\t\t\t\t\tCreateRegistration: pulumi.Bool(true),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tButtonText: pulumi.String(\"Login with Google\"),\n\t\t\tDebug: pulumi.Bool(false),\n\t\t\tClientId: pulumi.String(\"254311943570-8e2i2hds0qdnee4124socceeh2q2mtjl.apps.googleusercontent.com\"),\n\t\t\tClientSecret: pulumi.String(\"BRr7x7xz_-cXxIFznBDIdxF1\"),\n\t\t\tScope: pulumi.String(\"profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthIdpGoogle;\nimport com.pulumi.fusionauth.FusionAuthIdpGoogleArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthIdpGoogleApplicationConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var google = new FusionAuthIdpGoogle(\"google\", FusionAuthIdpGoogleArgs.builder()\n .applicationConfigurations(FusionAuthIdpGoogleApplicationConfigurationArgs.builder()\n .applicationId(fusionauth_application.myapp().id())\n .createRegistration(true)\n .enabled(true)\n .build())\n .buttonText(\"Login with Google\")\n .debug(false)\n .clientId(\"254311943570-8e2i2hds0qdnee4124socceeh2q2mtjl.apps.googleusercontent.com\")\n .clientSecret(\"BRr7x7xz_-cXxIFznBDIdxF1\")\n .scope(\"profile\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n google:\n type: fusionauth:FusionAuthIdpGoogle\n properties:\n applicationConfigurations:\n - applicationId: ${fusionauth_application.myapp.id}\n createRegistration: true\n enabled: true\n buttonText: Login with Google\n debug: false\n clientId: 254311943570-8e2i2hds0qdnee4124socceeh2q2mtjl.apps.googleusercontent.com\n clientSecret: BRr7x7xz_-cXxIFznBDIdxF1\n scope: profile\n```\n\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpGoogleApplicationConfiguration:FusionAuthIdpGoogleApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level Google client id for your Application. This value is retrieved from the Google developer website when you setup your Google developer account.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret to use with the Google Identity Provider when retrieving the long-lived token. This value is retrieved from the Google developer website when you setup your Google developer account.\n", "secret": true }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "loginMethod": { "type": "string", "description": "The login method to use for this Identity Provider.\n" }, "properties": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpGoogleProperties:FusionAuthIdpGoogleProperties", "description": "An object to hold configuration parameters for the Google Identity Services API.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from Google.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpGoogleTenantConfiguration:FusionAuthIdpGoogleTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "type": "object", "required": [ "buttonText", "clientId", "linkingStrategy" ], "inputProperties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpGoogleApplicationConfiguration:FusionAuthIdpGoogleApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level Google client id for your Application. This value is retrieved from the Google developer website when you setup your Google developer account.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret to use with the Google Identity Provider when retrieving the long-lived token. This value is retrieved from the Google developer website when you setup your Google developer account.\n", "secret": true }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "loginMethod": { "type": "string", "description": "The login method to use for this Identity Provider.\n" }, "properties": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpGoogleProperties:FusionAuthIdpGoogleProperties", "description": "An object to hold configuration parameters for the Google Identity Services API.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from Google.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpGoogleTenantConfiguration:FusionAuthIdpGoogleTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "requiredInputs": [ "buttonText", "clientId" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthIdpGoogle resources.\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpGoogleApplicationConfiguration:FusionAuthIdpGoogleApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level Google client id for your Application. This value is retrieved from the Google developer website when you setup your Google developer account.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret to use with the Google Identity Provider when retrieving the long-lived token. This value is retrieved from the Google developer website when you setup your Google developer account.\n", "secret": true }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "loginMethod": { "type": "string", "description": "The login method to use for this Identity Provider.\n" }, "properties": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpGoogleProperties:FusionAuthIdpGoogleProperties", "description": "An object to hold configuration parameters for the Google Identity Services API.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from Google.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpGoogleTenantConfiguration:FusionAuthIdpGoogleTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthIdpLinkedIn:FusionAuthIdpLinkedIn": { "description": "## # LinkedIn Identity Provider Resource\n\nThe LinkedIn identity provider type will use OAuth 2.0 to authenticate a user with LinkedIn. It will also provide a\n`Login with LinkedIn` button on FusionAuth’s login page that will direct a user to the LinkedIn login page.\nAdditionally, after successful user authentication, this identity provider will call LinkedIn’s `/v2/me` and\n`/v2/emailAddress` APIs to load additional details about the user and store them in FusionAuth.\n\nThe email address returned by the LinkedIn `/v2/emailAddress` API will be used to create or look up the existing user.\nAdditional claims returned by LinkedIn can be used to reconcile the User to FusionAuth by using a LinkedIn Reconcile\nlambda. Unless you assign a reconcile lambda to this provider, only the email address will be used from the available\nclaims returned by LinkedIn.\n\nFusionAuth will also store the LinkedIn `access_token` returned from the login endpoint in the `identityProviderLink`\nobject. This object is accessible using the Link API.\n\nThe `identityProviderLink` object stores the token so that you can use it in your application to call LinkedIn APIs on\nbehalf of the user if desired.\n\n[LinkedIn Identity Providers API](https://fusionauth.io/docs/v1/tech/apis/identity-providers/linkedin)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst linkedin = new fusionauth.FusionAuthIdpLinkedIn(\"linkedin\", {\n applicationConfigurations: [{\n applicationId: fusionauth_application.myapp.id,\n createRegistration: true,\n enabled: true,\n }],\n buttonText: \"Login with LinkedIn\",\n debug: false,\n enabled: true,\n clientId: \"9876543210\",\n clientSecret: \"716a572f917640698cdb99e9d7e64115\",\n scope: \"r_emailaddress r_liteprofile\",\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nlinkedin = fusionauth.FusionAuthIdpLinkedIn(\"linkedin\",\n application_configurations=[{\n \"application_id\": fusionauth_application[\"myapp\"][\"id\"],\n \"create_registration\": True,\n \"enabled\": True,\n }],\n button_text=\"Login with LinkedIn\",\n debug=False,\n enabled=True,\n client_id=\"9876543210\",\n client_secret=\"716a572f917640698cdb99e9d7e64115\",\n scope=\"r_emailaddress r_liteprofile\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var linkedin = new Fusionauth.FusionAuthIdpLinkedIn(\"linkedin\", new()\n {\n ApplicationConfigurations = new[]\n {\n new Fusionauth.Inputs.FusionAuthIdpLinkedInApplicationConfigurationArgs\n {\n ApplicationId = fusionauth_application.Myapp.Id,\n CreateRegistration = true,\n Enabled = true,\n },\n },\n ButtonText = \"Login with LinkedIn\",\n Debug = false,\n Enabled = true,\n ClientId = \"9876543210\",\n ClientSecret = \"716a572f917640698cdb99e9d7e64115\",\n Scope = \"r_emailaddress r_liteprofile\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthIdpLinkedIn(ctx, \"linkedin\", &fusionauth.FusionAuthIdpLinkedInArgs{\n\t\t\tApplicationConfigurations: fusionauth.FusionAuthIdpLinkedInApplicationConfigurationArray{\n\t\t\t\t&fusionauth.FusionAuthIdpLinkedInApplicationConfigurationArgs{\n\t\t\t\t\tApplicationId: pulumi.Any(fusionauth_application.Myapp.Id),\n\t\t\t\t\tCreateRegistration: pulumi.Bool(true),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tButtonText: pulumi.String(\"Login with LinkedIn\"),\n\t\t\tDebug: pulumi.Bool(false),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tClientId: pulumi.String(\"9876543210\"),\n\t\t\tClientSecret: pulumi.String(\"716a572f917640698cdb99e9d7e64115\"),\n\t\t\tScope: pulumi.String(\"r_emailaddress r_liteprofile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthIdpLinkedIn;\nimport com.pulumi.fusionauth.FusionAuthIdpLinkedInArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthIdpLinkedInApplicationConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var linkedin = new FusionAuthIdpLinkedIn(\"linkedin\", FusionAuthIdpLinkedInArgs.builder()\n .applicationConfigurations(FusionAuthIdpLinkedInApplicationConfigurationArgs.builder()\n .applicationId(fusionauth_application.myapp().id())\n .createRegistration(true)\n .enabled(true)\n .build())\n .buttonText(\"Login with LinkedIn\")\n .debug(false)\n .enabled(true)\n .clientId(\"9876543210\")\n .clientSecret(\"716a572f917640698cdb99e9d7e64115\")\n .scope(\"r_emailaddress r_liteprofile\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n linkedin:\n type: fusionauth:FusionAuthIdpLinkedIn\n properties:\n applicationConfigurations:\n - applicationId: ${fusionauth_application.myapp.id}\n createRegistration: true\n enabled: true\n buttonText: Login with LinkedIn\n debug: false\n enabled: true\n clientId: '9876543210'\n clientSecret: 716a572f917640698cdb99e9d7e64115\n scope: r_emailaddress r_liteprofile\n```\n\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpLinkedInApplicationConfiguration:FusionAuthIdpLinkedInApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level LinkedIn client id for your Application. This value is retrieved from the LinkedIn developer website when you set up your LinkedIn app.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret to use with the LinkedIn Identity Provider when retrieving the long-lived token. This value is retrieved from the LinkedIn developer website when you set up your LinkedIn app.\n", "secret": true }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, an Event Log is created each time this provider is invoked to reconcile a login.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the Facebook Identity Provider and the user.\nThe valid values are:\n* `CreatePendingLink` - Do not automatically link, instead return a pending link identifier that can be used to link to an existing user.\n* `LinkAnonymously` - Always create a link based upon the unique Id returned by the identity provider. A username or email is not required and will not be used to link the user. A reconcile lambda will not be used in this configuration.\n* `LinkByEmail` - Link to an existing user based upon email. A user will be created with the email returned by the identity provider if one does not already exist.\n* `LinkByEmailForExistingUser` - Only link to an existing user based upon email. A user will not be created if one does not already exist with email returned by the identity provider.\n* `LinkByUsername` - Link to an existing user based upon username. A user will be created with the username returned by the identity provider if one does not already exist.\n* `LinkByUsernameForExistingUser` - Only link to an existing user based upon username. A user will not be created if one does not already exist with username returned by the identity provider.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from LinkedIn.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpLinkedInTenantConfiguration:FusionAuthIdpLinkedInTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "type": "object", "required": [ "buttonText", "clientId", "clientSecret", "lambdaReconcileId", "linkingStrategy" ], "inputProperties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpLinkedInApplicationConfiguration:FusionAuthIdpLinkedInApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level LinkedIn client id for your Application. This value is retrieved from the LinkedIn developer website when you set up your LinkedIn app.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret to use with the LinkedIn Identity Provider when retrieving the long-lived token. This value is retrieved from the LinkedIn developer website when you set up your LinkedIn app.\n", "secret": true }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, an Event Log is created each time this provider is invoked to reconcile a login.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the Facebook Identity Provider and the user.\nThe valid values are:\n* `CreatePendingLink` - Do not automatically link, instead return a pending link identifier that can be used to link to an existing user.\n* `LinkAnonymously` - Always create a link based upon the unique Id returned by the identity provider. A username or email is not required and will not be used to link the user. A reconcile lambda will not be used in this configuration.\n* `LinkByEmail` - Link to an existing user based upon email. A user will be created with the email returned by the identity provider if one does not already exist.\n* `LinkByEmailForExistingUser` - Only link to an existing user based upon email. A user will not be created if one does not already exist with email returned by the identity provider.\n* `LinkByUsername` - Link to an existing user based upon username. A user will be created with the username returned by the identity provider if one does not already exist.\n* `LinkByUsernameForExistingUser` - Only link to an existing user based upon username. A user will not be created if one does not already exist with username returned by the identity provider.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from LinkedIn.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpLinkedInTenantConfiguration:FusionAuthIdpLinkedInTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "requiredInputs": [ "buttonText", "clientId", "clientSecret" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthIdpLinkedIn resources.\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpLinkedInApplicationConfiguration:FusionAuthIdpLinkedInApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level LinkedIn client id for your Application. This value is retrieved from the LinkedIn developer website when you set up your LinkedIn app.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret to use with the LinkedIn Identity Provider when retrieving the long-lived token. This value is retrieved from the LinkedIn developer website when you set up your LinkedIn app.\n", "secret": true }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, an Event Log is created each time this provider is invoked to reconcile a login.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the Facebook Identity Provider and the user.\nThe valid values are:\n* `CreatePendingLink` - Do not automatically link, instead return a pending link identifier that can be used to link to an existing user.\n* `LinkAnonymously` - Always create a link based upon the unique Id returned by the identity provider. A username or email is not required and will not be used to link the user. A reconcile lambda will not be used in this configuration.\n* `LinkByEmail` - Link to an existing user based upon email. A user will be created with the email returned by the identity provider if one does not already exist.\n* `LinkByEmailForExistingUser` - Only link to an existing user based upon email. A user will not be created if one does not already exist with email returned by the identity provider.\n* `LinkByUsername` - Link to an existing user based upon username. A user will be created with the username returned by the identity provider if one does not already exist.\n* `LinkByUsernameForExistingUser` - Only link to an existing user based upon username. A user will not be created if one does not already exist with username returned by the identity provider.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from LinkedIn.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpLinkedInTenantConfiguration:FusionAuthIdpLinkedInTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthIdpOpenIdConnect:FusionAuthIdpOpenIdConnect": { "description": "## # OpenID Connect Identity Provider Resource\n\nOpenID Connect identity providers connect to external OpenID Connect login systems. This type of login will optionally provide a Login with …​ button on FusionAuth’s login page. This button is customizable by using different properties of the identity provider.\n\nOptionally, this identity provider can define one or more domains it is associated with. This is useful for allowing employees to log in with their corporate credentials. As long as the company has an identity solution that provides OpenID Connect, you can leverage this feature. This is referred to as a Domain Based Identity Provider. If you enable domains for an identity provider, the Login with …​ button will not be displayed. Instead, only the email form field will be displayed initially on the FusionAuth login page. Once the user types in their email address, FusionAuth will determine if the user is logging in locally or if they should be redirected to this identity provider. This is determined by extracting the domain from their email address and comparing it to the domains associated with the identity provider.\n\nFusionAuth will also leverage the /userinfo API that is part of the OpenID Connect specification. The email address returned from the Userinfo response will be used to create or lookup the existing user. Additional claims from the Userinfo response can be used to reconcile the User in FusionAuth by using an OpenID Connect Reconcile Lambda. Unless you assign a reconcile lambda to this provider, on the email address will be used from the available claims returned by the OpenID Connect identity provider.\n\nIf the external OpenID Connect identity provider returns a refresh token, it will be stored in the UserRegistration object inside the tokens Map. This Map stores the tokens from the various identity providers so that you can use them in your application to call their APIs.\n\n[OpenID Connect Identity Providers API](https://fusionauth.io/docs/v1/tech/apis/identity-providers/openid-connect)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst openID = new fusionauth.FusionAuthIdpOpenIdConnect(\"openID\", {\n applicationConfigurations: [{\n applicationId: fusionauth_application.myapp.id,\n createRegistration: true,\n enabled: true,\n }],\n oauth2AuthorizationEndpoint: \"https://acme.com/oauth2/authorization\",\n oauth2ClientId: \"191c23dc-b772-4558-bd21-dc1cbf74ae21\",\n oauth2ClientSecret: \"SUsnoP0pWUYfXvWbSe5pvj8Di5nAxOvO\",\n oauth2ClientAuthenticationMethod: \"client_secret_basic\",\n oauth2Scope: \"openid offline_access\",\n oauth2TokenEndpoint: \"https://acme.com/oauth2/token\",\n oauth2UserInfoEndpoint: \"https://acme.com/oauth2/userinfo\",\n buttonText: \"Login with OpenID Connect\",\n debug: false,\n enabled: true,\n tenantConfigurations: [{\n tenantId: fusionauth_tenant.example.id,\n limitUserLinkCountEnabled: false,\n limitUserLinkCountMaximumLinks: 42,\n }],\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nopen_id = fusionauth.FusionAuthIdpOpenIdConnect(\"openID\",\n application_configurations=[{\n \"application_id\": fusionauth_application[\"myapp\"][\"id\"],\n \"create_registration\": True,\n \"enabled\": True,\n }],\n oauth2_authorization_endpoint=\"https://acme.com/oauth2/authorization\",\n oauth2_client_id=\"191c23dc-b772-4558-bd21-dc1cbf74ae21\",\n oauth2_client_secret=\"SUsnoP0pWUYfXvWbSe5pvj8Di5nAxOvO\",\n oauth2_client_authentication_method=\"client_secret_basic\",\n oauth2_scope=\"openid offline_access\",\n oauth2_token_endpoint=\"https://acme.com/oauth2/token\",\n oauth2_user_info_endpoint=\"https://acme.com/oauth2/userinfo\",\n button_text=\"Login with OpenID Connect\",\n debug=False,\n enabled=True,\n tenant_configurations=[{\n \"tenant_id\": fusionauth_tenant[\"example\"][\"id\"],\n \"limit_user_link_count_enabled\": False,\n \"limit_user_link_count_maximum_links\": 42,\n }])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var openID = new Fusionauth.FusionAuthIdpOpenIdConnect(\"openID\", new()\n {\n ApplicationConfigurations = new[]\n {\n new Fusionauth.Inputs.FusionAuthIdpOpenIdConnectApplicationConfigurationArgs\n {\n ApplicationId = fusionauth_application.Myapp.Id,\n CreateRegistration = true,\n Enabled = true,\n },\n },\n Oauth2AuthorizationEndpoint = \"https://acme.com/oauth2/authorization\",\n Oauth2ClientId = \"191c23dc-b772-4558-bd21-dc1cbf74ae21\",\n Oauth2ClientSecret = \"SUsnoP0pWUYfXvWbSe5pvj8Di5nAxOvO\",\n Oauth2ClientAuthenticationMethod = \"client_secret_basic\",\n Oauth2Scope = \"openid offline_access\",\n Oauth2TokenEndpoint = \"https://acme.com/oauth2/token\",\n Oauth2UserInfoEndpoint = \"https://acme.com/oauth2/userinfo\",\n ButtonText = \"Login with OpenID Connect\",\n Debug = false,\n Enabled = true,\n TenantConfigurations = new[]\n {\n new Fusionauth.Inputs.FusionAuthIdpOpenIdConnectTenantConfigurationArgs\n {\n TenantId = fusionauth_tenant.Example.Id,\n LimitUserLinkCountEnabled = false,\n LimitUserLinkCountMaximumLinks = 42,\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthIdpOpenIdConnect(ctx, \"openID\", &fusionauth.FusionAuthIdpOpenIdConnectArgs{\n\t\t\tApplicationConfigurations: fusionauth.FusionAuthIdpOpenIdConnectApplicationConfigurationArray{\n\t\t\t\t&fusionauth.FusionAuthIdpOpenIdConnectApplicationConfigurationArgs{\n\t\t\t\t\tApplicationId: pulumi.Any(fusionauth_application.Myapp.Id),\n\t\t\t\t\tCreateRegistration: pulumi.Bool(true),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tOauth2AuthorizationEndpoint: pulumi.String(\"https://acme.com/oauth2/authorization\"),\n\t\t\tOauth2ClientId: pulumi.String(\"191c23dc-b772-4558-bd21-dc1cbf74ae21\"),\n\t\t\tOauth2ClientSecret: pulumi.String(\"SUsnoP0pWUYfXvWbSe5pvj8Di5nAxOvO\"),\n\t\t\tOauth2ClientAuthenticationMethod: pulumi.String(\"client_secret_basic\"),\n\t\t\tOauth2Scope: pulumi.String(\"openid offline_access\"),\n\t\t\tOauth2TokenEndpoint: pulumi.String(\"https://acme.com/oauth2/token\"),\n\t\t\tOauth2UserInfoEndpoint: pulumi.String(\"https://acme.com/oauth2/userinfo\"),\n\t\t\tButtonText: pulumi.String(\"Login with OpenID Connect\"),\n\t\t\tDebug: pulumi.Bool(false),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tTenantConfigurations: fusionauth.FusionAuthIdpOpenIdConnectTenantConfigurationArray{\n\t\t\t\t&fusionauth.FusionAuthIdpOpenIdConnectTenantConfigurationArgs{\n\t\t\t\t\tTenantId: pulumi.Any(fusionauth_tenant.Example.Id),\n\t\t\t\t\tLimitUserLinkCountEnabled: pulumi.Bool(false),\n\t\t\t\t\tLimitUserLinkCountMaximumLinks: pulumi.Int(42),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthIdpOpenIdConnect;\nimport com.pulumi.fusionauth.FusionAuthIdpOpenIdConnectArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthIdpOpenIdConnectApplicationConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthIdpOpenIdConnectTenantConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var openID = new FusionAuthIdpOpenIdConnect(\"openID\", FusionAuthIdpOpenIdConnectArgs.builder()\n .applicationConfigurations(FusionAuthIdpOpenIdConnectApplicationConfigurationArgs.builder()\n .applicationId(fusionauth_application.myapp().id())\n .createRegistration(true)\n .enabled(true)\n .build())\n .oauth2AuthorizationEndpoint(\"https://acme.com/oauth2/authorization\")\n .oauth2ClientId(\"191c23dc-b772-4558-bd21-dc1cbf74ae21\")\n .oauth2ClientSecret(\"SUsnoP0pWUYfXvWbSe5pvj8Di5nAxOvO\")\n .oauth2ClientAuthenticationMethod(\"client_secret_basic\")\n .oauth2Scope(\"openid offline_access\")\n .oauth2TokenEndpoint(\"https://acme.com/oauth2/token\")\n .oauth2UserInfoEndpoint(\"https://acme.com/oauth2/userinfo\")\n .buttonText(\"Login with OpenID Connect\")\n .debug(false)\n .enabled(true)\n .tenantConfigurations(FusionAuthIdpOpenIdConnectTenantConfigurationArgs.builder()\n .tenantId(fusionauth_tenant.example().id())\n .limitUserLinkCountEnabled(false)\n .limitUserLinkCountMaximumLinks(42)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n openID:\n type: fusionauth:FusionAuthIdpOpenIdConnect\n properties:\n applicationConfigurations:\n - applicationId: ${fusionauth_application.myapp.id}\n createRegistration: true\n enabled: true\n oauth2AuthorizationEndpoint: https://acme.com/oauth2/authorization\n oauth2ClientId: 191c23dc-b772-4558-bd21-dc1cbf74ae21\n oauth2ClientSecret: SUsnoP0pWUYfXvWbSe5pvj8Di5nAxOvO\n oauth2ClientAuthenticationMethod: client_secret_basic\n oauth2Scope: openid offline_access\n oauth2TokenEndpoint: https://acme.com/oauth2/token\n oauth2UserInfoEndpoint: https://acme.com/oauth2/userinfo\n buttonText: Login with OpenID Connect\n debug: false\n enabled: true\n tenantConfigurations:\n - tenantId: ${fusionauth_tenant.example.id}\n limitUserLinkCountEnabled: false\n limitUserLinkCountMaximumLinks: 42\n```\n\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpOpenIdConnectApplicationConfiguration:FusionAuthIdpOpenIdConnectApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonImageUrl": { "type": "string", "description": "The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "domains": { "type": "array", "items": { "type": "string" }, "description": "This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "name": { "type": "string", "description": "The name of this OpenID Connect identity provider. This is only used for display purposes.\n" }, "oauth2AuthorizationEndpoint": { "type": "string", "description": "The top-level authorization endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the authorization endpoint. If you provide an issuer then this field will be ignored.\n" }, "oauth2ClientAuthenticationMethod": { "type": "string", "description": "The client authentication method to use with the OpenID Connect identity provider.\n" }, "oauth2ClientId": { "type": "string", "description": "The top-level client id for your Application.\n" }, "oauth2ClientSecret": { "type": "string", "description": "The top-level client secret to use with the OpenID Connect identity provider.\n", "secret": true }, "oauth2EmailClaim": { "type": "string", "description": "An optional configuration to modify the expected name of the claim returned by the IdP that contains the email address.\n" }, "oauth2EmailVerifiedClaim": { "type": "string", "description": "An optional configuration to modify the expected name of the claim returned by the IdP that contains the email verified status.\n" }, "oauth2Issuer": { "type": "string", "description": "The top-level issuer URI for the OpenID Connect identity provider. If this is provided, the authorization endpoint, token endpoint and userinfo endpoint will all be resolved using the issuer URI plus /.well-known/openid-configuration.\n" }, "oauth2Scope": { "type": "string", "description": "The top-level scope that you are requesting from the OpenID Connect identity provider.\n" }, "oauth2TokenEndpoint": { "type": "string", "description": "The top-level token endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the token endpoint. If you provide an issuer then this field will be ignored.\n" }, "oauth2UniqueIdClaim": { "type": "string", "description": "An optional configuration to modify the expected name of the claim returned by the IdP that contains the user Id.\n" }, "oauth2UserInfoEndpoint": { "type": "string", "description": "The top-level userinfo endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the userinfo endpoint. If you provide an issuer then this field will be ignored.\n" }, "oauth2UsernameClaim": { "type": "string", "description": "An optional configuration to modify the expected name of the claim returned by the IdP that contains the username.\n" }, "postRequest": { "type": "boolean", "description": "Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpOpenIdConnectTenantConfiguration:FusionAuthIdpOpenIdConnectTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "type": "object", "required": [ "buttonText", "linkingStrategy", "name", "oauth2ClientId" ], "inputProperties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpOpenIdConnectApplicationConfiguration:FusionAuthIdpOpenIdConnectApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonImageUrl": { "type": "string", "description": "The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "domains": { "type": "array", "items": { "type": "string" }, "description": "This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "name": { "type": "string", "description": "The name of this OpenID Connect identity provider. This is only used for display purposes.\n" }, "oauth2AuthorizationEndpoint": { "type": "string", "description": "The top-level authorization endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the authorization endpoint. If you provide an issuer then this field will be ignored.\n" }, "oauth2ClientAuthenticationMethod": { "type": "string", "description": "The client authentication method to use with the OpenID Connect identity provider.\n" }, "oauth2ClientId": { "type": "string", "description": "The top-level client id for your Application.\n" }, "oauth2ClientSecret": { "type": "string", "description": "The top-level client secret to use with the OpenID Connect identity provider.\n", "secret": true }, "oauth2EmailClaim": { "type": "string", "description": "An optional configuration to modify the expected name of the claim returned by the IdP that contains the email address.\n" }, "oauth2EmailVerifiedClaim": { "type": "string", "description": "An optional configuration to modify the expected name of the claim returned by the IdP that contains the email verified status.\n" }, "oauth2Issuer": { "type": "string", "description": "The top-level issuer URI for the OpenID Connect identity provider. If this is provided, the authorization endpoint, token endpoint and userinfo endpoint will all be resolved using the issuer URI plus /.well-known/openid-configuration.\n" }, "oauth2Scope": { "type": "string", "description": "The top-level scope that you are requesting from the OpenID Connect identity provider.\n" }, "oauth2TokenEndpoint": { "type": "string", "description": "The top-level token endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the token endpoint. If you provide an issuer then this field will be ignored.\n" }, "oauth2UniqueIdClaim": { "type": "string", "description": "An optional configuration to modify the expected name of the claim returned by the IdP that contains the user Id.\n" }, "oauth2UserInfoEndpoint": { "type": "string", "description": "The top-level userinfo endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the userinfo endpoint. If you provide an issuer then this field will be ignored.\n" }, "oauth2UsernameClaim": { "type": "string", "description": "An optional configuration to modify the expected name of the claim returned by the IdP that contains the username.\n" }, "postRequest": { "type": "boolean", "description": "Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpOpenIdConnectTenantConfiguration:FusionAuthIdpOpenIdConnectTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "requiredInputs": [ "buttonText", "oauth2ClientId" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthIdpOpenIdConnect resources.\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpOpenIdConnectApplicationConfiguration:FusionAuthIdpOpenIdConnectApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonImageUrl": { "type": "string", "description": "The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "domains": { "type": "array", "items": { "type": "string" }, "description": "This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "name": { "type": "string", "description": "The name of this OpenID Connect identity provider. This is only used for display purposes.\n" }, "oauth2AuthorizationEndpoint": { "type": "string", "description": "The top-level authorization endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the authorization endpoint. If you provide an issuer then this field will be ignored.\n" }, "oauth2ClientAuthenticationMethod": { "type": "string", "description": "The client authentication method to use with the OpenID Connect identity provider.\n" }, "oauth2ClientId": { "type": "string", "description": "The top-level client id for your Application.\n" }, "oauth2ClientSecret": { "type": "string", "description": "The top-level client secret to use with the OpenID Connect identity provider.\n", "secret": true }, "oauth2EmailClaim": { "type": "string", "description": "An optional configuration to modify the expected name of the claim returned by the IdP that contains the email address.\n" }, "oauth2EmailVerifiedClaim": { "type": "string", "description": "An optional configuration to modify the expected name of the claim returned by the IdP that contains the email verified status.\n" }, "oauth2Issuer": { "type": "string", "description": "The top-level issuer URI for the OpenID Connect identity provider. If this is provided, the authorization endpoint, token endpoint and userinfo endpoint will all be resolved using the issuer URI plus /.well-known/openid-configuration.\n" }, "oauth2Scope": { "type": "string", "description": "The top-level scope that you are requesting from the OpenID Connect identity provider.\n" }, "oauth2TokenEndpoint": { "type": "string", "description": "The top-level token endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the token endpoint. If you provide an issuer then this field will be ignored.\n" }, "oauth2UniqueIdClaim": { "type": "string", "description": "An optional configuration to modify the expected name of the claim returned by the IdP that contains the user Id.\n" }, "oauth2UserInfoEndpoint": { "type": "string", "description": "The top-level userinfo endpoint for the OpenID Connect identity provider. You can leave this blank if you provide the issuer field, which will be used to make a request to the OpenID Connect .well-known endpoint in order to dynamically resolve the userinfo endpoint. If you provide an issuer then this field will be ignored.\n" }, "oauth2UsernameClaim": { "type": "string", "description": "An optional configuration to modify the expected name of the claim returned by the IdP that contains the username.\n" }, "postRequest": { "type": "boolean", "description": "Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpOpenIdConnectTenantConfiguration:FusionAuthIdpOpenIdConnectTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthIdpPsn:FusionAuthIdpPsn": { "description": "## # Sony Playstation Network Identity Provider Resource\n\nThe Sony PlayStation Network identity provider type will use the Sony OAuth v2.0 login API. It will also provide a Login with Sony PlayStation Network button on FusionAuth’s login page that will direct a user to the Sony login page.\n\nThis identity provider will call Sony’s API to load the user’s email and online_id and use those as email and username to lookup or create a user in FusionAuth depending on the linking strategy configured for this identity provider. Additional claims returned by Sony PlayStation Network can be used to reconcile the user to FusionAuth by using a Sony PlayStation Network Reconcile Lambda.\n\nFusionAuth will also store the Sony PlayStation Network access_token returned from the Sony PlayStation Network API in the link between the user and the identity provider. This token can be used by an application to make further requests to Sony PlayStation Network APIs on behalf of the user.\n\n[Sony PlayStation Network Identity Provider APIs](https://fusionauth.io/docs/v1/tech/apis/identity-providers/sonypsn/)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst sonyPsn = new fusionauth.FusionAuthIdpPsn(\"sonyPsn\", {\n applicationConfigurations: [{\n applicationId: fusionauth_application.my_app.id,\n createRegistration: true,\n enabled: true,\n }],\n buttonText: \"Login with Playstation\",\n clientId: \"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\",\n clientSecret: \"693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\",\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nsony_psn = fusionauth.FusionAuthIdpPsn(\"sonyPsn\",\n application_configurations=[{\n \"application_id\": fusionauth_application[\"my_app\"][\"id\"],\n \"create_registration\": True,\n \"enabled\": True,\n }],\n button_text=\"Login with Playstation\",\n client_id=\"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\",\n client_secret=\"693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var sonyPsn = new Fusionauth.FusionAuthIdpPsn(\"sonyPsn\", new()\n {\n ApplicationConfigurations = new[]\n {\n new Fusionauth.Inputs.FusionAuthIdpPsnApplicationConfigurationArgs\n {\n ApplicationId = fusionauth_application.My_app.Id,\n CreateRegistration = true,\n Enabled = true,\n },\n },\n ButtonText = \"Login with Playstation\",\n ClientId = \"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\",\n ClientSecret = \"693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthIdpPsn(ctx, \"sonyPsn\", &fusionauth.FusionAuthIdpPsnArgs{\n\t\t\tApplicationConfigurations: fusionauth.FusionAuthIdpPsnApplicationConfigurationArray{\n\t\t\t\t&fusionauth.FusionAuthIdpPsnApplicationConfigurationArgs{\n\t\t\t\t\tApplicationId: pulumi.Any(fusionauth_application.My_app.Id),\n\t\t\t\t\tCreateRegistration: pulumi.Bool(true),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tButtonText: pulumi.String(\"Login with Playstation\"),\n\t\t\tClientId: pulumi.String(\"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\"),\n\t\t\tClientSecret: pulumi.String(\"693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthIdpPsn;\nimport com.pulumi.fusionauth.FusionAuthIdpPsnArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthIdpPsnApplicationConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sonyPsn = new FusionAuthIdpPsn(\"sonyPsn\", FusionAuthIdpPsnArgs.builder()\n .applicationConfigurations(FusionAuthIdpPsnApplicationConfigurationArgs.builder()\n .applicationId(fusionauth_application.my_app().id())\n .createRegistration(true)\n .enabled(true)\n .build())\n .buttonText(\"Login with Playstation\")\n .clientId(\"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\")\n .clientSecret(\"693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sonyPsn:\n type: fusionauth:FusionAuthIdpPsn\n properties:\n applicationConfigurations:\n - applicationId: ${fusionauth_application.my_app.id}\n createRegistration: true\n enabled: true\n buttonText: Login with Playstation\n clientId: 0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\n clientSecret: 693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\n```\n\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpPsnApplicationConfiguration:FusionAuthIdpPsnApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level Sony PlayStation Network client id for your Application. This value is retrieved from the Sony PlayStation Network developer website when you setup your Sony PlayStation Network developer account.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret to use with the Sony PlayStation Network Identity Provider when retrieving the long-lived token. This value is retrieved from the Sony PlayStation Network developer website when you setup your Sony PlayStation Network developer account.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from Sony PlayStation Network.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpPsnTenantConfiguration:FusionAuthIdpPsnTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "type": "object", "required": [ "buttonText", "clientId", "clientSecret", "linkingStrategy" ], "inputProperties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpPsnApplicationConfiguration:FusionAuthIdpPsnApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level Sony PlayStation Network client id for your Application. This value is retrieved from the Sony PlayStation Network developer website when you setup your Sony PlayStation Network developer account.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret to use with the Sony PlayStation Network Identity Provider when retrieving the long-lived token. This value is retrieved from the Sony PlayStation Network developer website when you setup your Sony PlayStation Network developer account.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from Sony PlayStation Network.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpPsnTenantConfiguration:FusionAuthIdpPsnTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "requiredInputs": [ "buttonText", "clientId", "clientSecret" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthIdpPsn resources.\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpPsnApplicationConfiguration:FusionAuthIdpPsnApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level Sony PlayStation Network client id for your Application. This value is retrieved from the Sony PlayStation Network developer website when you setup your Sony PlayStation Network developer account.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret to use with the Sony PlayStation Network Identity Provider when retrieving the long-lived token. This value is retrieved from the Sony PlayStation Network developer website when you setup your Sony PlayStation Network developer account.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from Sony PlayStation Network.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpPsnTenantConfiguration:FusionAuthIdpPsnTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthIdpSamlV2IdpInitiated:FusionAuthIdpSamlV2IdpInitiated": { "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration:FusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "assertionConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration:FusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration", "description": "The assertion configuration for the SAML v2 identity provider.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login\nan Event Log will be created.\n" }, "emailClaim": { "type": "string", "description": "The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely\nidentity the user. If this is not set, the `use_name_for_email` flag must be true.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n" }, "issuer": { "type": "string", "description": "The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1\nthis value was required to be a URL.\n" }, "keyId": { "type": "string", "description": "The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the\nidentity provider. This key must be a verification only key or certificate (meaning that it only has a public key\ncomponent).\n" }, "lambdaReconcileId": { "type": "string", "description": "The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "name": { "type": "string", "description": "The name of this SAML v2 identity provider. This is only used for display purposes.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlV2IdpInitiatedTenantConfiguration:FusionAuthIdpSamlV2IdpInitiatedTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" }, "uniqueIdClaim": { "type": "string", "description": "The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set,\nthe `email_claim` will be used when linking user.\n" }, "useNameForEmail": { "type": "boolean", "description": "Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation\nprocessing. If this is false, then the `email_claim` property must be set.\n" }, "usernameClaim": { "type": "string", "description": "The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID\nvalue will be used to link a user. This property is required when `linking_stategy` is set to LinkByUsername or\nLinkByUsernameForExistingUser\n" } }, "type": "object", "required": [ "issuer", "keyId", "linkingStrategy", "name" ], "inputProperties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration:FusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "assertionConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration:FusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration", "description": "The assertion configuration for the SAML v2 identity provider.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login\nan Event Log will be created.\n" }, "emailClaim": { "type": "string", "description": "The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely\nidentity the user. If this is not set, the `use_name_for_email` flag must be true.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "issuer": { "type": "string", "description": "The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1\nthis value was required to be a URL.\n" }, "keyId": { "type": "string", "description": "The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the\nidentity provider. This key must be a verification only key or certificate (meaning that it only has a public key\ncomponent).\n", "willReplaceOnChanges": true }, "lambdaReconcileId": { "type": "string", "description": "The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "name": { "type": "string", "description": "The name of this SAML v2 identity provider. This is only used for display purposes.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlV2IdpInitiatedTenantConfiguration:FusionAuthIdpSamlV2IdpInitiatedTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" }, "uniqueIdClaim": { "type": "string", "description": "The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set,\nthe `email_claim` will be used when linking user.\n" }, "useNameForEmail": { "type": "boolean", "description": "Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation\nprocessing. If this is false, then the `email_claim` property must be set.\n" }, "usernameClaim": { "type": "string", "description": "The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID\nvalue will be used to link a user. This property is required when `linking_stategy` is set to LinkByUsername or\nLinkByUsernameForExistingUser\n" } }, "requiredInputs": [ "issuer", "keyId" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthIdpSamlV2IdpInitiated resources.\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration:FusionAuthIdpSamlV2IdpInitiatedApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "assertionConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration:FusionAuthIdpSamlV2IdpInitiatedAssertionConfiguration", "description": "The assertion configuration for the SAML v2 identity provider.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login\nan Event Log will be created.\n" }, "emailClaim": { "type": "string", "description": "The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely\nidentity the user. If this is not set, the `use_name_for_email` flag must be true.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "issuer": { "type": "string", "description": "The EntityId (unique identifier) of the SAML v2 identity provider. This value should be provided to you. Prior to 1.27.1\nthis value was required to be a URL.\n" }, "keyId": { "type": "string", "description": "The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the\nidentity provider. This key must be a verification only key or certificate (meaning that it only has a public key\ncomponent).\n", "willReplaceOnChanges": true }, "lambdaReconcileId": { "type": "string", "description": "The id of a SAML reconcile lambda that is applied when the identity provider sends back a successful SAML response.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "name": { "type": "string", "description": "The name of this SAML v2 identity provider. This is only used for display purposes.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlV2IdpInitiatedTenantConfiguration:FusionAuthIdpSamlV2IdpInitiatedTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" }, "uniqueIdClaim": { "type": "string", "description": "The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set,\nthe `email_claim` will be used when linking user.\n" }, "useNameForEmail": { "type": "boolean", "description": "Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation\nprocessing. If this is false, then the `email_claim` property must be set.\n" }, "usernameClaim": { "type": "string", "description": "The name of the claim in the SAML response that FusionAuth uses to identity the username. If this is not set, the NameID\nvalue will be used to link a user. This property is required when `linking_stategy` is set to LinkByUsername or\nLinkByUsernameForExistingUser\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthIdpSamlv2:FusionAuthIdpSamlv2": { "description": "## # SAML v2 Identity Provider Resource\n\nSAML v2 identity providers connect to external SAML v2 login systems. This type of login will optionally provide a Login with …​ button on FusionAuth’s login page. This button is customizable by using different properties of the identity provider.\n\nOptionally, this identity provider can define one or more domains it is associated with. This is useful for allowing employees to log in with their corporate credentials. As long as the company has an identity solution that provides SAML v2, you can leverage this feature. This is referred to as a Domain Based Identity Provider. If you enable domains for an identity provider, the Login with …​ button will not be displayed. Instead, only the email form field will be displayed initially on the FusionAuth login page. Once the user types in their email address, FusionAuth will determine if the user is logging in locally or if they should be redirected to this identity provider. This is determined by extracting the domain from their email address and comparing it to the domains associated with the identity provider.\n\nFusionAuth will locate the user’s email address in the SAML assertion which will be used to create or lookup the existing user. Additional claims from the SAML response can be used to reconcile the User to FusionAuth by using a SAML v2 Reconcile Lambda. Unless you assign a reconcile lambda to this provider, on the email address will be used from the available assertions returned by the SAML v2 identity provider.\n\n[SAML v2 Connect Identity Providers API](https://fusionauth.io/docs/v1/tech/apis/identity-providers/samlv2/)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst saml = new fusionauth.FusionAuthIdpSamlv2(\"saml\", {\n applicationConfigurations: [{\n applicationId: fusionauth_application.myapp.id,\n buttonText: \"Login with SAML (app text)\",\n createRegistration: true,\n enabled: true,\n }],\n buttonText: \"Login with SAML\",\n debug: false,\n emailClaim: \"email\",\n idpEndpoint: \"https://www.example.com/login\",\n postRequest: true,\n requestSigningKey: \"3168129b-91fa-46f4-9676-947f5509fdce\",\n signRequest: true,\n useNameForEmail: true,\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nsaml = fusionauth.FusionAuthIdpSamlv2(\"saml\",\n application_configurations=[{\n \"application_id\": fusionauth_application[\"myapp\"][\"id\"],\n \"button_text\": \"Login with SAML (app text)\",\n \"create_registration\": True,\n \"enabled\": True,\n }],\n button_text=\"Login with SAML\",\n debug=False,\n email_claim=\"email\",\n idp_endpoint=\"https://www.example.com/login\",\n post_request=True,\n request_signing_key=\"3168129b-91fa-46f4-9676-947f5509fdce\",\n sign_request=True,\n use_name_for_email=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var saml = new Fusionauth.FusionAuthIdpSamlv2(\"saml\", new()\n {\n ApplicationConfigurations = new[]\n {\n new Fusionauth.Inputs.FusionAuthIdpSamlv2ApplicationConfigurationArgs\n {\n ApplicationId = fusionauth_application.Myapp.Id,\n ButtonText = \"Login with SAML (app text)\",\n CreateRegistration = true,\n Enabled = true,\n },\n },\n ButtonText = \"Login with SAML\",\n Debug = false,\n EmailClaim = \"email\",\n IdpEndpoint = \"https://www.example.com/login\",\n PostRequest = true,\n RequestSigningKey = \"3168129b-91fa-46f4-9676-947f5509fdce\",\n SignRequest = true,\n UseNameForEmail = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthIdpSamlv2(ctx, \"saml\", &fusionauth.FusionAuthIdpSamlv2Args{\n\t\t\tApplicationConfigurations: fusionauth.FusionAuthIdpSamlv2ApplicationConfigurationArray{\n\t\t\t\t&fusionauth.FusionAuthIdpSamlv2ApplicationConfigurationArgs{\n\t\t\t\t\tApplicationId: pulumi.Any(fusionauth_application.Myapp.Id),\n\t\t\t\t\tButtonText: pulumi.String(\"Login with SAML (app text)\"),\n\t\t\t\t\tCreateRegistration: pulumi.Bool(true),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tButtonText: pulumi.String(\"Login with SAML\"),\n\t\t\tDebug: pulumi.Bool(false),\n\t\t\tEmailClaim: pulumi.String(\"email\"),\n\t\t\tIdpEndpoint: pulumi.String(\"https://www.example.com/login\"),\n\t\t\tPostRequest: pulumi.Bool(true),\n\t\t\tRequestSigningKey: pulumi.String(\"3168129b-91fa-46f4-9676-947f5509fdce\"),\n\t\t\tSignRequest: pulumi.Bool(true),\n\t\t\tUseNameForEmail: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthIdpSamlv2;\nimport com.pulumi.fusionauth.FusionAuthIdpSamlv2Args;\nimport com.pulumi.fusionauth.inputs.FusionAuthIdpSamlv2ApplicationConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var saml = new FusionAuthIdpSamlv2(\"saml\", FusionAuthIdpSamlv2Args.builder()\n .applicationConfigurations(FusionAuthIdpSamlv2ApplicationConfigurationArgs.builder()\n .applicationId(fusionauth_application.myapp().id())\n .buttonText(\"Login with SAML (app text)\")\n .createRegistration(true)\n .enabled(true)\n .build())\n .buttonText(\"Login with SAML\")\n .debug(false)\n .emailClaim(\"email\")\n .idpEndpoint(\"https://www.example.com/login\")\n .postRequest(true)\n .requestSigningKey(\"3168129b-91fa-46f4-9676-947f5509fdce\")\n .signRequest(true)\n .useNameForEmail(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n saml:\n type: fusionauth:FusionAuthIdpSamlv2\n properties:\n applicationConfigurations:\n - applicationId: ${fusionauth_application.myapp.id}\n buttonText: Login with SAML (app text)\n createRegistration: true\n enabled: true\n buttonText: Login with SAML\n debug: false\n emailClaim: email\n idpEndpoint: https://www.example.com/login\n postRequest: true\n requestSigningKey: 3168129b-91fa-46f4-9676-947f5509fdce\n signRequest: true\n useNameForEmail: true\n```\n\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2ApplicationConfiguration:FusionAuthIdpSamlv2ApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "assertionConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2AssertionConfiguration:FusionAuthIdpSamlv2AssertionConfiguration", "description": "The configuration for the SAML assertion.\n" }, "buttonImageUrl": { "type": "string", "description": "The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "domains": { "type": "array", "items": { "type": "string" }, "description": "This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.\n" }, "emailClaim": { "type": "string", "description": "The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the `use_name_for_email` flag must be true.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpEndpoint": { "type": "string", "description": "The SAML v2 login page of the identity provider.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n" }, "idpInitiatedConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2IdpInitiatedConfiguration:FusionAuthIdpSamlv2IdpInitiatedConfiguration", "description": "The configuration for the IdP initiated login.\n" }, "keyId": { "type": "string", "description": "The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "loginHintConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2LoginHintConfiguration:FusionAuthIdpSamlv2LoginHintConfiguration", "description": "The configuration for the login hint.\n" }, "name": { "type": "string", "description": "The name of this OpenID Connect identity provider. This is only used for display purposes.\n" }, "nameIdFormat": { "type": "string", "description": "Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.\n" }, "postRequest": { "type": "boolean", "description": "Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.\n" }, "requestSigningKey": { "type": "string", "description": "The key pair Id to use to sign the SAML request. Required when `sign_request` is true.\n" }, "signRequest": { "type": "boolean", "description": "When true authentication requests sent to the identity provider will be signed.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2TenantConfiguration:FusionAuthIdpSamlv2TenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" }, "uniqueIdClaim": { "type": "string", "description": "The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, `the email_claim` will be used when linking user.\n" }, "useNameForEmail": { "type": "boolean", "description": "Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the `email_claim` property must be set.\n" }, "usernameClaim": { "type": "string", "description": "The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.\n" }, "xmlSignatureCanonicalizationMethod": { "type": "string", "description": "The XML signature canonicalization method used when digesting and signing the SAML request.\n" } }, "type": "object", "required": [ "buttonText", "keyId", "linkingStrategy", "name", "nameIdFormat" ], "inputProperties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2ApplicationConfiguration:FusionAuthIdpSamlv2ApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "assertionConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2AssertionConfiguration:FusionAuthIdpSamlv2AssertionConfiguration", "description": "The configuration for the SAML assertion.\n" }, "buttonImageUrl": { "type": "string", "description": "The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "domains": { "type": "array", "items": { "type": "string" }, "description": "This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.\n" }, "emailClaim": { "type": "string", "description": "The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the `use_name_for_email` flag must be true.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpEndpoint": { "type": "string", "description": "The SAML v2 login page of the identity provider.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "idpInitiatedConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2IdpInitiatedConfiguration:FusionAuthIdpSamlv2IdpInitiatedConfiguration", "description": "The configuration for the IdP initiated login.\n" }, "keyId": { "type": "string", "description": "The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "loginHintConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2LoginHintConfiguration:FusionAuthIdpSamlv2LoginHintConfiguration", "description": "The configuration for the login hint.\n" }, "name": { "type": "string", "description": "The name of this OpenID Connect identity provider. This is only used for display purposes.\n" }, "nameIdFormat": { "type": "string", "description": "Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.\n" }, "postRequest": { "type": "boolean", "description": "Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.\n" }, "requestSigningKey": { "type": "string", "description": "The key pair Id to use to sign the SAML request. Required when `sign_request` is true.\n" }, "signRequest": { "type": "boolean", "description": "When true authentication requests sent to the identity provider will be signed.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2TenantConfiguration:FusionAuthIdpSamlv2TenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" }, "uniqueIdClaim": { "type": "string", "description": "The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, `the email_claim` will be used when linking user.\n" }, "useNameForEmail": { "type": "boolean", "description": "Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the `email_claim` property must be set.\n" }, "usernameClaim": { "type": "string", "description": "The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.\n" }, "xmlSignatureCanonicalizationMethod": { "type": "string", "description": "The XML signature canonicalization method used when digesting and signing the SAML request.\n" } }, "requiredInputs": [ "buttonText", "keyId" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthIdpSamlv2 resources.\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2ApplicationConfiguration:FusionAuthIdpSamlv2ApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "assertionConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2AssertionConfiguration:FusionAuthIdpSamlv2AssertionConfiguration", "description": "The configuration for the SAML assertion.\n" }, "buttonImageUrl": { "type": "string", "description": "The top-level button image (URL) to use on the FusionAuth login page for this Identity Provider.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "domains": { "type": "array", "items": { "type": "string" }, "description": "This is an optional list of domains that this OpenID Connect provider should be used for. This converts the FusionAuth login form to a domain-based login form. This type of form first asks the user for their email. FusionAuth then uses their email to determine if an OpenID Connect identity provider should be used. If an OpenID Connect provider should be used, the browser is redirected to the authorization endpoint of that identity provider. Otherwise, the password field is revealed on the form so that the user can login using FusionAuth.\n" }, "emailClaim": { "type": "string", "description": "The name of the email claim (Attribute in the Assertion element) in the SAML response that FusionAuth uses to uniquely identity the user. If this is not set, the `use_name_for_email` flag must be true.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpEndpoint": { "type": "string", "description": "The SAML v2 login page of the identity provider.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "idpInitiatedConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2IdpInitiatedConfiguration:FusionAuthIdpSamlv2IdpInitiatedConfiguration", "description": "The configuration for the IdP initiated login.\n" }, "keyId": { "type": "string", "description": "The id of the key stored in Key Master that is used to verify the SAML response sent back to FusionAuth from the identity provider. This key must be a verification only key or certificate (meaning that it only has a public key component).\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "loginHintConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2LoginHintConfiguration:FusionAuthIdpSamlv2LoginHintConfiguration", "description": "The configuration for the login hint.\n" }, "name": { "type": "string", "description": "The name of this OpenID Connect identity provider. This is only used for display purposes.\n" }, "nameIdFormat": { "type": "string", "description": "Either urn:oasis:names:tc:SAML:2.0:nameid-format:persistent or urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress depending on which NameId format you wish to use.\n" }, "postRequest": { "type": "boolean", "description": "Set this value equal to true if you wish to use POST bindings with this OpenID Connect identity provider. The default value of false means that a redirect binding which uses a GET request will be used.\n" }, "requestSigningKey": { "type": "string", "description": "The key pair Id to use to sign the SAML request. Required when `sign_request` is true.\n" }, "signRequest": { "type": "boolean", "description": "When true authentication requests sent to the identity provider will be signed.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSamlv2TenantConfiguration:FusionAuthIdpSamlv2TenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" }, "uniqueIdClaim": { "type": "string", "description": "The name of the unique claim in the SAML response that FusionAuth uses to uniquely link the user. If this is not set, `the email_claim` will be used when linking user.\n" }, "useNameForEmail": { "type": "boolean", "description": "Whether or not FusionAuth will use the NameID element value as the email address of the user for reconciliation processing. If this is false, then the `email_claim` property must be set.\n" }, "usernameClaim": { "type": "string", "description": "The name of the claim in the SAML response that FusionAuth uses to identify the username. If this is not set, the NameId value will be used to link a user. This property is required when linkingStrategy is set to LinkByUsername or LinkByUsernameForExistingUser.\n" }, "xmlSignatureCanonicalizationMethod": { "type": "string", "description": "The XML signature canonicalization method used when digesting and signing the SAML request.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthIdpSteam:FusionAuthIdpSteam": { "description": "## # Steam Identity Provider Resource\n\nThe Steam identity provider type will use the Steam OAuth login API. It will also provide a Login with Steam button on FusionAuth’s login page that will direct a user to the Steam login page. The Steam login uses the implicit OAuth grant and will return to the callback URL with token and state in the URL Fragment. This is handled by the FusionAuth /oauth2/implicit javascript function to pass those values to the /oauth2/callback endpoint.\n\nThis identity provider will call Steam’s API to load the Steam user’s personaname and use that as username to lookup or create a user in FusionAuth depending on the linking strategy configured for this identity provider. However, Steam does not allow access to user emails, so neither email linking strategy can be used and user’s will not be able to login or be created.\n\nFusionAuth will also store the Steam token that is returned from the Steam login in the link between the user and the identity provider. This token can be used by an application to make further requests to Steam APIs on behalf of the user.\n\n[Steam Identity Provider APIs](https://fusionauth.io/docs/v1/tech/apis/identity-providers/steam/ )\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst steam = new fusionauth.FusionAuthIdpSteam(\"steam\", {\n applicationConfigurations: [{\n applicationId: fusionauth_application.GPS_Insight.id,\n createRegistration: true,\n enabled: true,\n }],\n buttonText: \"Login with Steam\",\n clientId: \"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\",\n scope: \"Xboxlive.signin Xboxlive.offline_access\",\n webApiKey: \"HG0A97ACKPQ5ZLPU0007BN6674OA25TY\",\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nsteam = fusionauth.FusionAuthIdpSteam(\"steam\",\n application_configurations=[{\n \"application_id\": fusionauth_application[\"GPS_Insight\"][\"id\"],\n \"create_registration\": True,\n \"enabled\": True,\n }],\n button_text=\"Login with Steam\",\n client_id=\"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\",\n scope=\"Xboxlive.signin Xboxlive.offline_access\",\n web_api_key=\"HG0A97ACKPQ5ZLPU0007BN6674OA25TY\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var steam = new Fusionauth.FusionAuthIdpSteam(\"steam\", new()\n {\n ApplicationConfigurations = new[]\n {\n new Fusionauth.Inputs.FusionAuthIdpSteamApplicationConfigurationArgs\n {\n ApplicationId = fusionauth_application.GPS_Insight.Id,\n CreateRegistration = true,\n Enabled = true,\n },\n },\n ButtonText = \"Login with Steam\",\n ClientId = \"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\",\n Scope = \"Xboxlive.signin Xboxlive.offline_access\",\n WebApiKey = \"HG0A97ACKPQ5ZLPU0007BN6674OA25TY\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthIdpSteam(ctx, \"steam\", &fusionauth.FusionAuthIdpSteamArgs{\n\t\t\tApplicationConfigurations: fusionauth.FusionAuthIdpSteamApplicationConfigurationArray{\n\t\t\t\t&fusionauth.FusionAuthIdpSteamApplicationConfigurationArgs{\n\t\t\t\t\tApplicationId: pulumi.Any(fusionauth_application.GPS_Insight.Id),\n\t\t\t\t\tCreateRegistration: pulumi.Bool(true),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tButtonText: pulumi.String(\"Login with Steam\"),\n\t\t\tClientId: pulumi.String(\"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\"),\n\t\t\tScope: pulumi.String(\"Xboxlive.signin Xboxlive.offline_access\"),\n\t\t\tWebApiKey: pulumi.String(\"HG0A97ACKPQ5ZLPU0007BN6674OA25TY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthIdpSteam;\nimport com.pulumi.fusionauth.FusionAuthIdpSteamArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthIdpSteamApplicationConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var steam = new FusionAuthIdpSteam(\"steam\", FusionAuthIdpSteamArgs.builder()\n .applicationConfigurations(FusionAuthIdpSteamApplicationConfigurationArgs.builder()\n .applicationId(fusionauth_application.GPS_Insight().id())\n .createRegistration(true)\n .enabled(true)\n .build())\n .buttonText(\"Login with Steam\")\n .clientId(\"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\")\n .scope(\"Xboxlive.signin Xboxlive.offline_access\")\n .webApiKey(\"HG0A97ACKPQ5ZLPU0007BN6674OA25TY\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n steam:\n type: fusionauth:FusionAuthIdpSteam\n properties:\n applicationConfigurations:\n - applicationId: ${fusionauth_application.GPS_Insight.id}\n createRegistration: true\n enabled: true\n buttonText: Login with Steam\n clientId: 0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\n scope: Xboxlive.signin Xboxlive.offline_access\n webApiKey: HG0A97ACKPQ5ZLPU0007BN6674OA25TY\n```\n\n", "properties": { "apiMode": { "type": "string", "description": "Determines which Steam API to utilize. The possible values are: `Partner` and `Public`\n" }, "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSteamApplicationConfiguration:FusionAuthIdpSteamApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level Steam client id for your Application. This value is retrieved from the Steam developer website when you setup your Steam developer account.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from Steam.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSteamTenantConfiguration:FusionAuthIdpSteamTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" }, "webApiKey": { "type": "string", "description": "The top-level web API key to use with the Steam Identity Provider when retrieving the player summary info. This value is retrieved from the Steam developer website when you setup your Steam developer account.\n" } }, "type": "object", "required": [ "buttonText", "clientId", "linkingStrategy", "webApiKey" ], "inputProperties": { "apiMode": { "type": "string", "description": "Determines which Steam API to utilize. The possible values are: `Partner` and `Public`\n" }, "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSteamApplicationConfiguration:FusionAuthIdpSteamApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level Steam client id for your Application. This value is retrieved from the Steam developer website when you setup your Steam developer account.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from Steam.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSteamTenantConfiguration:FusionAuthIdpSteamTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" }, "webApiKey": { "type": "string", "description": "The top-level web API key to use with the Steam Identity Provider when retrieving the player summary info. This value is retrieved from the Steam developer website when you setup your Steam developer account.\n" } }, "requiredInputs": [ "buttonText", "clientId", "webApiKey" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthIdpSteam resources.\n", "properties": { "apiMode": { "type": "string", "description": "Determines which Steam API to utilize. The possible values are: `Partner` and `Public`\n" }, "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSteamApplicationConfiguration:FusionAuthIdpSteamApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level Steam client id for your Application. This value is retrieved from the Steam developer website when you setup your Steam developer account.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from Steam.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpSteamTenantConfiguration:FusionAuthIdpSteamTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" }, "webApiKey": { "type": "string", "description": "The top-level web API key to use with the Steam Identity Provider when retrieving the player summary info. This value is retrieved from the Steam developer website when you setup your Steam developer account.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthIdpTwitch:FusionAuthIdpTwitch": { "description": "## # Twitch Identity Provider Resource\n\nThe Twitch identity provider type will use the Twitch OAuth v2.0 login API. It will also provide a Login with Twitch button on FusionAuth’s login page that will direct a user to the Twitch login page.\n\nThis identity provider will call Twitch’s API to load the user’s email and preferred_username and use those as email and username to lookup or create a user in FusionAuth depending on the linking strategy configured for this identity provider. Additional claims returned by Twitch can be used to reconcile the user to FusionAuth by using a Twitch Reconcile Lambda.\n\nFusionAuth will also store the Twitch refresh_token returned from the Twitch API in the link between the user and the identity provider. This token can be used by an application to make further requests to Twitch APIs on behalf of the user.\n\n[Twitch Identity Provider APIs](https://fusionauth.io/docs/v1/tech/apis/identity-providers/twitch/)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst twitch = new fusionauth.FusionAuthIdpTwitch(\"twitch\", {\n applicationConfigurations: [{\n applicationId: fusionauth_application.my_app.id,\n createRegistration: true,\n enabled: true,\n }],\n buttonText: \"Login with Twitch\",\n clientId: \"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\",\n clientSecret: \"693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\",\n scope: \"Xboxlive.signin Xboxlive.offline_access\",\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\ntwitch = fusionauth.FusionAuthIdpTwitch(\"twitch\",\n application_configurations=[{\n \"application_id\": fusionauth_application[\"my_app\"][\"id\"],\n \"create_registration\": True,\n \"enabled\": True,\n }],\n button_text=\"Login with Twitch\",\n client_id=\"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\",\n client_secret=\"693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\",\n scope=\"Xboxlive.signin Xboxlive.offline_access\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var twitch = new Fusionauth.FusionAuthIdpTwitch(\"twitch\", new()\n {\n ApplicationConfigurations = new[]\n {\n new Fusionauth.Inputs.FusionAuthIdpTwitchApplicationConfigurationArgs\n {\n ApplicationId = fusionauth_application.My_app.Id,\n CreateRegistration = true,\n Enabled = true,\n },\n },\n ButtonText = \"Login with Twitch\",\n ClientId = \"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\",\n ClientSecret = \"693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\",\n Scope = \"Xboxlive.signin Xboxlive.offline_access\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthIdpTwitch(ctx, \"twitch\", &fusionauth.FusionAuthIdpTwitchArgs{\n\t\t\tApplicationConfigurations: fusionauth.FusionAuthIdpTwitchApplicationConfigurationArray{\n\t\t\t\t&fusionauth.FusionAuthIdpTwitchApplicationConfigurationArgs{\n\t\t\t\t\tApplicationId: pulumi.Any(fusionauth_application.My_app.Id),\n\t\t\t\t\tCreateRegistration: pulumi.Bool(true),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tButtonText: pulumi.String(\"Login with Twitch\"),\n\t\t\tClientId: pulumi.String(\"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\"),\n\t\t\tClientSecret: pulumi.String(\"693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\"),\n\t\t\tScope: pulumi.String(\"Xboxlive.signin Xboxlive.offline_access\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthIdpTwitch;\nimport com.pulumi.fusionauth.FusionAuthIdpTwitchArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthIdpTwitchApplicationConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var twitch = new FusionAuthIdpTwitch(\"twitch\", FusionAuthIdpTwitchArgs.builder()\n .applicationConfigurations(FusionAuthIdpTwitchApplicationConfigurationArgs.builder()\n .applicationId(fusionauth_application.my_app().id())\n .createRegistration(true)\n .enabled(true)\n .build())\n .buttonText(\"Login with Twitch\")\n .clientId(\"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\")\n .clientSecret(\"693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\")\n .scope(\"Xboxlive.signin Xboxlive.offline_access\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n twitch:\n type: fusionauth:FusionAuthIdpTwitch\n properties:\n applicationConfigurations:\n - applicationId: ${fusionauth_application.my_app.id}\n createRegistration: true\n enabled: true\n buttonText: Login with Twitch\n clientId: 0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\n clientSecret: 693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\n scope: Xboxlive.signin Xboxlive.offline_access\n```\n\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpTwitchApplicationConfiguration:FusionAuthIdpTwitchApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level Xbox client id for your Application. This value is retrieved from the Xbox developer website when you setup your Xbox developer account.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret to use with the Xbox Identity Provider when retrieving the long-lived token. This value is retrieved from the Xbox developer website when you setup your Xbox developer account.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from Xbox.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpTwitchTenantConfiguration:FusionAuthIdpTwitchTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "type": "object", "required": [ "buttonText", "clientId", "clientSecret", "linkingStrategy" ], "inputProperties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpTwitchApplicationConfiguration:FusionAuthIdpTwitchApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level Xbox client id for your Application. This value is retrieved from the Xbox developer website when you setup your Xbox developer account.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret to use with the Xbox Identity Provider when retrieving the long-lived token. This value is retrieved from the Xbox developer website when you setup your Xbox developer account.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from Xbox.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpTwitchTenantConfiguration:FusionAuthIdpTwitchTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "requiredInputs": [ "buttonText", "clientId", "clientSecret" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthIdpTwitch resources.\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpTwitchApplicationConfiguration:FusionAuthIdpTwitchApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level Xbox client id for your Application. This value is retrieved from the Xbox developer website when you setup your Xbox developer account.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret to use with the Xbox Identity Provider when retrieving the long-lived token. This value is retrieved from the Xbox developer website when you setup your Xbox developer account.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from Xbox.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpTwitchTenantConfiguration:FusionAuthIdpTwitchTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthIdpXBox:FusionAuthIdpXBox": { "description": "## # Xbox Identity Provider Resource\n\nThe Xbox identity provider type will use the Xbox OAuth v2.0 login API. It will also provide a Login with Xbox button on FusionAuth’s login page that will direct a user to the Xbox login page.\n\nThis identity provider will call Xbox’s API to load the user’s email and gtg (Gamer Tag) and use those as email and username to lookup or create a user in FusionAuth depending on the linking strategy configured for this identity provider. Additional claims returned by Xbox can be used to reconcile the user to FusionAuth by using an Xbox Reconcile Lambda.\n\nFusionAuth will also store the Xbox refresh_token returned from the Xbox API in the link between the user and the identity provider. This token can be used by an application to make further requests to Xbox APIs on behalf of the user.\n\n[Xbox Identity Provider APIs](https://fusionauth.io/docs/v1/tech/apis/identity-providers/xbox/)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst xbox = new fusionauth.FusionAuthIdpXBox(\"xbox\", {\n applicationConfigurations: [{\n applicationId: fusionauth_application.GPS_Insight.id,\n createRegistration: true,\n enabled: true,\n }],\n buttonText: \"Login with Xbox\",\n clientId: \"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\",\n clientSecret: \"693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\",\n scope: \"Xboxlive.signin Xboxlive.offline_access\",\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nxbox = fusionauth.FusionAuthIdpXBox(\"xbox\",\n application_configurations=[{\n \"application_id\": fusionauth_application[\"GPS_Insight\"][\"id\"],\n \"create_registration\": True,\n \"enabled\": True,\n }],\n button_text=\"Login with Xbox\",\n client_id=\"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\",\n client_secret=\"693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\",\n scope=\"Xboxlive.signin Xboxlive.offline_access\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var xbox = new Fusionauth.FusionAuthIdpXBox(\"xbox\", new()\n {\n ApplicationConfigurations = new[]\n {\n new Fusionauth.Inputs.FusionAuthIdpXBoxApplicationConfigurationArgs\n {\n ApplicationId = fusionauth_application.GPS_Insight.Id,\n CreateRegistration = true,\n Enabled = true,\n },\n },\n ButtonText = \"Login with Xbox\",\n ClientId = \"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\",\n ClientSecret = \"693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\",\n Scope = \"Xboxlive.signin Xboxlive.offline_access\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthIdpXBox(ctx, \"xbox\", &fusionauth.FusionAuthIdpXBoxArgs{\n\t\t\tApplicationConfigurations: fusionauth.FusionAuthIdpXBoxApplicationConfigurationArray{\n\t\t\t\t&fusionauth.FusionAuthIdpXBoxApplicationConfigurationArgs{\n\t\t\t\t\tApplicationId: pulumi.Any(fusionauth_application.GPS_Insight.Id),\n\t\t\t\t\tCreateRegistration: pulumi.Bool(true),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tButtonText: pulumi.String(\"Login with Xbox\"),\n\t\t\tClientId: pulumi.String(\"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\"),\n\t\t\tClientSecret: pulumi.String(\"693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\"),\n\t\t\tScope: pulumi.String(\"Xboxlive.signin Xboxlive.offline_access\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthIdpXBox;\nimport com.pulumi.fusionauth.FusionAuthIdpXBoxArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthIdpXBoxApplicationConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var xbox = new FusionAuthIdpXBox(\"xbox\", FusionAuthIdpXBoxArgs.builder()\n .applicationConfigurations(FusionAuthIdpXBoxApplicationConfigurationArgs.builder()\n .applicationId(fusionauth_application.GPS_Insight().id())\n .createRegistration(true)\n .enabled(true)\n .build())\n .buttonText(\"Login with Xbox\")\n .clientId(\"0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\")\n .clientSecret(\"693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\")\n .scope(\"Xboxlive.signin Xboxlive.offline_access\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n xbox:\n type: fusionauth:FusionAuthIdpXBox\n properties:\n applicationConfigurations:\n - applicationId: ${fusionauth_application.GPS_Insight.id}\n createRegistration: true\n enabled: true\n buttonText: Login with Xbox\n clientId: 0eb1ce3c-2fb1-4ae9-b361-d49fc6e764cc\n clientSecret: 693s000cbn66k0mxtqzr_c_NfLy3~6_SEA\n scope: Xboxlive.signin Xboxlive.offline_access\n```\n\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpXBoxApplicationConfiguration:FusionAuthIdpXBoxApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level Xbox client id for your Application. This value is retrieved from the Xbox developer website when you setup your Xbox developer account.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret to use with the Xbox Identity Provider when retrieving the long-lived token. This value is retrieved from the Xbox developer website when you setup your Xbox developer account.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n" }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from Xbox.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpXBoxTenantConfiguration:FusionAuthIdpXBoxTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "type": "object", "required": [ "buttonText", "clientId", "clientSecret", "linkingStrategy" ], "inputProperties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpXBoxApplicationConfiguration:FusionAuthIdpXBoxApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level Xbox client id for your Application. This value is retrieved from the Xbox developer website when you setup your Xbox developer account.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret to use with the Xbox Identity Provider when retrieving the long-lived token. This value is retrieved from the Xbox developer website when you setup your Xbox developer account.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from Xbox.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpXBoxTenantConfiguration:FusionAuthIdpXBoxTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "requiredInputs": [ "buttonText", "clientId", "clientSecret" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthIdpXBox resources.\n", "properties": { "applicationConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpXBoxApplicationConfiguration:FusionAuthIdpXBoxApplicationConfiguration" }, "description": "The configuration for each Application that the identity provider is enabled for.\n" }, "buttonText": { "type": "string", "description": "The top-level button text to use on the FusionAuth login page for this Identity Provider.\n" }, "clientId": { "type": "string", "description": "The top-level Xbox client id for your Application. This value is retrieved from the Xbox developer website when you setup your Xbox developer account.\n" }, "clientSecret": { "type": "string", "description": "The top-level client secret to use with the Xbox Identity Provider when retrieving the long-lived token. This value is retrieved from the Xbox developer website when you setup your Xbox developer account.\n" }, "debug": { "type": "boolean", "description": "Determines if debug is enabled for this provider. When enabled, each time this provider is invoked to reconcile a login an Event Log will be created.\n" }, "enabled": { "type": "boolean", "description": "Determines if this provider is enabled. If it is false then it will be disabled globally.\n" }, "idpId": { "type": "string", "description": "The ID to use for the new identity provider. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "lambdaReconcileId": { "type": "string", "description": "The unique Id of the lambda to used during the user reconcile process to map custom claims from the external identity provider to the FusionAuth user.\n" }, "linkingStrategy": { "type": "string", "description": "The linking strategy to use when creating the link between the {idp_display_name} Identity Provider and the user.\n" }, "scope": { "type": "string", "description": "The top-level scope that you are requesting from Xbox.\n" }, "tenantConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthIdpXBoxTenantConfiguration:FusionAuthIdpXBoxTenantConfiguration" }, "description": "The configuration for each Tenant that limits the number of links a user may have for a particular identity provider.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthImportedKey:FusionAuthImportedKey": { "description": "## # Imported Key Resource\n\nCryptographic keys are used in signing and verifying JWTs and verifying responses for third party identity providers. It is more likely you will interact with keys using the FusionAuth UI in the Key Master menu.\n\n[Keys API](https://fusionauth.io/docs/v1/tech/apis/keys)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fs from \"fs\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst name = new fusionauth.FusionAuthImportedKey(\"name\", {\n kid: \"8675309\",\n privateKey: fs.readFileSync(\"./AuthKey_8675309.p8\", \"utf8\"),\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nname = fusionauth.FusionAuthImportedKey(\"name\",\n kid=\"8675309\",\n private_key=(lambda path: open(path).read())(\"./AuthKey_8675309.p8\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var name = new Fusionauth.FusionAuthImportedKey(\"name\", new()\n {\n Kid = \"8675309\",\n PrivateKey = File.ReadAllText(\"./AuthKey_8675309.p8\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthImportedKey(ctx, \"name\", &fusionauth.FusionAuthImportedKeyArgs{\n\t\t\tKid: pulumi.String(\"8675309\"),\n\t\t\tPrivateKey: pulumi.String(readFileOrPanic(\"./AuthKey_8675309.p8\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthImportedKey;\nimport com.pulumi.fusionauth.FusionAuthImportedKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var name = new FusionAuthImportedKey(\"name\", FusionAuthImportedKeyArgs.builder()\n .kid(\"8675309\")\n .privateKey(Files.readString(Paths.get(\"./AuthKey_8675309.p8\")))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n name:\n type: fusionauth:FusionAuthImportedKey\n properties:\n kid: '8675309'\n privateKey:\n fn::readFile: ./AuthKey_8675309.p8\n```\n\n", "properties": { "algorithm": { "type": "string", "description": "The algorithm used to encrypt the Key. The following values represent algorithms supported by FusionAuth:\n* `ES256` - ECDSA using P-256 curve and SHA-256 hash algorithm\n* `ES384` - ECDSA using P-384 curve and SHA-384 hash algorithm\n* `ES512` - ECDSA using P-521 curve and SHA-512 hash algorithm\n* `RS256` - RSA using SHA-256 hash algorithm\n* `RS384` - RSA using SHA-384 hash algorithm\n* `RS512` - RSA using SHA-512 hash algorithm\n* `HS256` - HMAC using SHA-256 hash algorithm\n* `HS384` - HMAC using SHA-384 hash algorithm\n* `HS512` - HMAC using SHA-512 hash algorithm\n" }, "certificate": { "type": "string", "description": "The certificate to import. The publicKey will be extracted from the certificate.\n" }, "keyId": { "type": "string", "description": "The Id to use for the new key. If not specified a secure random UUID will be generated.\n" }, "kid": { "type": "string", "description": "The Key identifier 'kid'.\n" }, "name": { "type": "string", "description": "The name of the Key.\n" }, "privateKey": { "type": "string", "description": "The Key private key. Optional if importing an RSA or EC key. If the key is only to be used for token validation, only a public key is necessary and this field may be omitted.\n", "secret": true }, "publicKey": { "type": "string", "description": "\"The Key public key. Required if importing an RSA or EC key and a certificate is not provided.\"\n" }, "secret": { "type": "string", "description": "The Key secret. This field is required if importing an HMAC key type.\n", "secret": true }, "type": { "type": "string", "description": "The Key type. This field is required if importing an HMAC key type, or if importing a public key / private key pair. The possible values are:\n* `EC`\n* `RSA`\n* `HMAC`\n" } }, "type": "object", "required": [ "algorithm", "certificate", "kid", "name", "publicKey", "type" ], "inputProperties": { "algorithm": { "type": "string", "description": "The algorithm used to encrypt the Key. The following values represent algorithms supported by FusionAuth:\n* `ES256` - ECDSA using P-256 curve and SHA-256 hash algorithm\n* `ES384` - ECDSA using P-384 curve and SHA-384 hash algorithm\n* `ES512` - ECDSA using P-521 curve and SHA-512 hash algorithm\n* `RS256` - RSA using SHA-256 hash algorithm\n* `RS384` - RSA using SHA-384 hash algorithm\n* `RS512` - RSA using SHA-512 hash algorithm\n* `HS256` - HMAC using SHA-256 hash algorithm\n* `HS384` - HMAC using SHA-384 hash algorithm\n* `HS512` - HMAC using SHA-512 hash algorithm\n", "willReplaceOnChanges": true }, "certificate": { "type": "string", "description": "The certificate to import. The publicKey will be extracted from the certificate.\n", "willReplaceOnChanges": true }, "keyId": { "type": "string", "description": "The Id to use for the new key. If not specified a secure random UUID will be generated.\n" }, "kid": { "type": "string", "description": "The Key identifier 'kid'.\n", "willReplaceOnChanges": true }, "name": { "type": "string", "description": "The name of the Key.\n" }, "privateKey": { "type": "string", "description": "The Key private key. Optional if importing an RSA or EC key. If the key is only to be used for token validation, only a public key is necessary and this field may be omitted.\n", "secret": true, "willReplaceOnChanges": true }, "publicKey": { "type": "string", "description": "\"The Key public key. Required if importing an RSA or EC key and a certificate is not provided.\"\n", "willReplaceOnChanges": true }, "secret": { "type": "string", "description": "The Key secret. This field is required if importing an HMAC key type.\n", "secret": true, "willReplaceOnChanges": true }, "type": { "type": "string", "description": "The Key type. This field is required if importing an HMAC key type, or if importing a public key / private key pair. The possible values are:\n* `EC`\n* `RSA`\n* `HMAC`\n", "willReplaceOnChanges": true } }, "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthImportedKey resources.\n", "properties": { "algorithm": { "type": "string", "description": "The algorithm used to encrypt the Key. The following values represent algorithms supported by FusionAuth:\n* `ES256` - ECDSA using P-256 curve and SHA-256 hash algorithm\n* `ES384` - ECDSA using P-384 curve and SHA-384 hash algorithm\n* `ES512` - ECDSA using P-521 curve and SHA-512 hash algorithm\n* `RS256` - RSA using SHA-256 hash algorithm\n* `RS384` - RSA using SHA-384 hash algorithm\n* `RS512` - RSA using SHA-512 hash algorithm\n* `HS256` - HMAC using SHA-256 hash algorithm\n* `HS384` - HMAC using SHA-384 hash algorithm\n* `HS512` - HMAC using SHA-512 hash algorithm\n", "willReplaceOnChanges": true }, "certificate": { "type": "string", "description": "The certificate to import. The publicKey will be extracted from the certificate.\n", "willReplaceOnChanges": true }, "keyId": { "type": "string", "description": "The Id to use for the new key. If not specified a secure random UUID will be generated.\n" }, "kid": { "type": "string", "description": "The Key identifier 'kid'.\n", "willReplaceOnChanges": true }, "name": { "type": "string", "description": "The name of the Key.\n" }, "privateKey": { "type": "string", "description": "The Key private key. Optional if importing an RSA or EC key. If the key is only to be used for token validation, only a public key is necessary and this field may be omitted.\n", "secret": true, "willReplaceOnChanges": true }, "publicKey": { "type": "string", "description": "\"The Key public key. Required if importing an RSA or EC key and a certificate is not provided.\"\n", "willReplaceOnChanges": true }, "secret": { "type": "string", "description": "The Key secret. This field is required if importing an HMAC key type.\n", "secret": true, "willReplaceOnChanges": true }, "type": { "type": "string", "description": "The Key type. This field is required if importing an HMAC key type, or if importing a public key / private key pair. The possible values are:\n* `EC`\n* `RSA`\n* `HMAC`\n", "willReplaceOnChanges": true } }, "type": "object" } }, "fusionauth:index/fusionAuthKey:FusionAuthKey": { "description": "## # Key Resource\n\nCryptographic keys are used in signing and verifying JWTs and verifying responses for third party identity providers. It is more likely you will interact with keys using the FusionAuth UI in the Key Master menu.\n\n[Keys API](https://fusionauth.io/docs/v1/tech/apis/keys)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst adminId = new fusionauth.FusionAuthKey(\"adminId\", {\n algorithm: \"RS256\",\n length: 2048,\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nadmin_id = fusionauth.FusionAuthKey(\"adminId\",\n algorithm=\"RS256\",\n length=2048)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var adminId = new Fusionauth.FusionAuthKey(\"adminId\", new()\n {\n Algorithm = \"RS256\",\n Length = 2048,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthKey(ctx, \"adminId\", &fusionauth.FusionAuthKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"RS256\"),\n\t\t\tLength: pulumi.Int(2048),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthKey;\nimport com.pulumi.fusionauth.FusionAuthKeyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var adminId = new FusionAuthKey(\"adminId\", FusionAuthKeyArgs.builder()\n .algorithm(\"RS256\")\n .length(2048)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n adminId:\n type: fusionauth:FusionAuthKey\n properties:\n algorithm: RS256\n length: 2048\n```\n\n", "properties": { "algorithm": { "type": "string", "description": "The algorithm used to encrypt the Key. The following values represent algorithms supported by FusionAuth:\n* `ES256` - ECDSA using P-256 curve and SHA-256 hash algorithm\n* `ES384` - ECDSA using P-384 curve and SHA-384 hash algorithm\n* `ES512` - ECDSA using P-521 curve and SHA-512 hash algorithm\n* `RS256` - RSA using SHA-256 hash algorithm\n* `RS384` - RSA using SHA-384 hash algorithm\n* `RS512` - RSA using SHA-512 hash algorithm\n* `HS256` - HMAC using SHA-256 hash algorithm\n* `HS384` - HMAC using SHA-384 hash algorithm\n* `HS512` - HMAC using SHA-512 hash algorithm\n" }, "issuer": { "type": "string", "description": "The issuer of the RSA or EC certificate. If omitted, this value will default to the value of tenant issuer on the default tenant. For HMAC keys, this field does not apply and will be ignored if specified, and no default value will be set.\n" }, "keyId": { "type": "string", "description": "The Id to use for the new key. If not specified a secure random UUID will be generated.\n" }, "kid": { "type": "string", "description": "The id used in the JWT header to identify the key used to generate the signature\n" }, "length": { "type": "integer", "description": "The length of the RSA or EC certificate. This field is required when generating RSA key types.\n" }, "name": { "type": "string", "description": "The name of the Key.\n" } }, "type": "object", "required": [ "algorithm", "issuer", "keyId", "kid", "name" ], "inputProperties": { "algorithm": { "type": "string", "description": "The algorithm used to encrypt the Key. The following values represent algorithms supported by FusionAuth:\n* `ES256` - ECDSA using P-256 curve and SHA-256 hash algorithm\n* `ES384` - ECDSA using P-384 curve and SHA-384 hash algorithm\n* `ES512` - ECDSA using P-521 curve and SHA-512 hash algorithm\n* `RS256` - RSA using SHA-256 hash algorithm\n* `RS384` - RSA using SHA-384 hash algorithm\n* `RS512` - RSA using SHA-512 hash algorithm\n* `HS256` - HMAC using SHA-256 hash algorithm\n* `HS384` - HMAC using SHA-384 hash algorithm\n* `HS512` - HMAC using SHA-512 hash algorithm\n", "willReplaceOnChanges": true }, "issuer": { "type": "string", "description": "The issuer of the RSA or EC certificate. If omitted, this value will default to the value of tenant issuer on the default tenant. For HMAC keys, this field does not apply and will be ignored if specified, and no default value will be set.\n", "willReplaceOnChanges": true }, "keyId": { "type": "string", "description": "The Id to use for the new key. If not specified a secure random UUID will be generated.\n" }, "length": { "type": "integer", "description": "The length of the RSA or EC certificate. This field is required when generating RSA key types.\n", "willReplaceOnChanges": true }, "name": { "type": "string", "description": "The name of the Key.\n" } }, "requiredInputs": [ "algorithm" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthKey resources.\n", "properties": { "algorithm": { "type": "string", "description": "The algorithm used to encrypt the Key. The following values represent algorithms supported by FusionAuth:\n* `ES256` - ECDSA using P-256 curve and SHA-256 hash algorithm\n* `ES384` - ECDSA using P-384 curve and SHA-384 hash algorithm\n* `ES512` - ECDSA using P-521 curve and SHA-512 hash algorithm\n* `RS256` - RSA using SHA-256 hash algorithm\n* `RS384` - RSA using SHA-384 hash algorithm\n* `RS512` - RSA using SHA-512 hash algorithm\n* `HS256` - HMAC using SHA-256 hash algorithm\n* `HS384` - HMAC using SHA-384 hash algorithm\n* `HS512` - HMAC using SHA-512 hash algorithm\n", "willReplaceOnChanges": true }, "issuer": { "type": "string", "description": "The issuer of the RSA or EC certificate. If omitted, this value will default to the value of tenant issuer on the default tenant. For HMAC keys, this field does not apply and will be ignored if specified, and no default value will be set.\n", "willReplaceOnChanges": true }, "keyId": { "type": "string", "description": "The Id to use for the new key. If not specified a secure random UUID will be generated.\n" }, "kid": { "type": "string", "description": "The id used in the JWT header to identify the key used to generate the signature\n" }, "length": { "type": "integer", "description": "The length of the RSA or EC certificate. This field is required when generating RSA key types.\n", "willReplaceOnChanges": true }, "name": { "type": "string", "description": "The name of the Key.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthLambda:FusionAuthLambda": { "description": "## # Lambda Resource\n\nLambdas are user defined JavaScript functions that may be executed at runtime to perform various functions. Lambdas may be used to customize the claims returned in a JWT, reconcile a SAML v2 response or an OpenID Connect response when using these external identity providers.\n\n[Lambdas API](https://fusionauth.io/docs/v1/tech/apis/lambdas)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst preferredUsername = new fusionauth.FusionAuthLambda(\"preferredUsername\", {\n body: `// Using the user and registration parameters add additional values to the jwt object.\nfunction populate(jwt, user, registration) {\n jwt.preferred_username = registration.username;\n}\n \n`,\n enabled: true,\n type: \"JWTPopulate\",\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\npreferred_username = fusionauth.FusionAuthLambda(\"preferredUsername\",\n body=\"\"\"// Using the user and registration parameters add additional values to the jwt object.\nfunction populate(jwt, user, registration) {\n jwt.preferred_username = registration.username;\n}\n \n\"\"\",\n enabled=True,\n type=\"JWTPopulate\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var preferredUsername = new Fusionauth.FusionAuthLambda(\"preferredUsername\", new()\n {\n Body = @\"// Using the user and registration parameters add additional values to the jwt object.\nfunction populate(jwt, user, registration) {\n jwt.preferred_username = registration.username;\n}\n \n\",\n Enabled = true,\n Type = \"JWTPopulate\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthLambda(ctx, \"preferredUsername\", &fusionauth.FusionAuthLambdaArgs{\n\t\t\tBody: pulumi.String(`// Using the user and registration parameters add additional values to the jwt object.\nfunction populate(jwt, user, registration) {\n jwt.preferred_username = registration.username;\n}\n \n`),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tType: pulumi.String(\"JWTPopulate\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthLambda;\nimport com.pulumi.fusionauth.FusionAuthLambdaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var preferredUsername = new FusionAuthLambda(\"preferredUsername\", FusionAuthLambdaArgs.builder()\n .body(\"\"\"\n// Using the user and registration parameters add additional values to the jwt object.\nfunction populate(jwt, user, registration) {\n jwt.preferred_username = registration.username;\n}\n \n \"\"\")\n .enabled(true)\n .type(\"JWTPopulate\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n preferredUsername:\n type: fusionauth:FusionAuthLambda\n properties:\n body: \"// Using the user and registration parameters add additional values to the jwt object.\\nfunction populate(jwt, user, registration) {\\n jwt.preferred_username = registration.username;\\n}\\n \\n\"\n enabled: true\n type: JWTPopulate\n```\n\n", "properties": { "body": { "type": "string", "description": "The lambda function body, a JavaScript function.\n" }, "debug": { "type": "boolean", "description": "Whether or not debug event logging is enabled for this Lambda.\n" }, "enabled": { "type": "boolean", "description": "Whether or not this Lambda is enabled.\n", "deprecationMessage": "Not currently used and may be removed in a future version." }, "engineType": { "type": "string", "description": "The JavaScript execution engine for the lambda.\n" }, "lambdaId": { "type": "string", "description": "The Id to use for the new lambda. If not specified a secure random UUID will be generated.\n" }, "name": { "type": "string", "description": "The name of the lambda.\n" }, "type": { "type": "string", "description": "The lambda type. The possible values are:\n* `AppleReconcile`\n* `ClientCredentialsJWTPopulate`\n* `EpicGamesReconcile`\n* `ExternalJWTReconcile`\n* `FacebookReconcile`\n* `GoogleReconcile`\n* `HYPRReconcile`\n* `JWTPopulate`\n* `LDAPConnectorReconcile`\n* `LinkedInReconcile`\n* `LoginValidation`\n* `NintendoReconcile`\n* `OpenIDReconcile`\n* `SAMLv2Populate`\n* `SAMLv2Reconcile`\n* `SCIMServerGroupRequestConverter`\n* `SCIMServerGroupResponseConverter`\n* `SCIMServerUserRequestConverter`\n* `SCIMServerUserResponseConverter`\n* `SelfServiceRegistrationValidation`\n* `SonyPSNReconcile`\n* `SteamReconcile`\n* `TwitchReconcile`\n* `TwitterReconcile`\n* `UserInfoPopulate`\n* `XboxReconcile`\n" } }, "type": "object", "required": [ "body", "lambdaId", "name", "type" ], "inputProperties": { "body": { "type": "string", "description": "The lambda function body, a JavaScript function.\n" }, "debug": { "type": "boolean", "description": "Whether or not debug event logging is enabled for this Lambda.\n" }, "enabled": { "type": "boolean", "description": "Whether or not this Lambda is enabled.\n", "deprecationMessage": "Not currently used and may be removed in a future version." }, "engineType": { "type": "string", "description": "The JavaScript execution engine for the lambda.\n" }, "lambdaId": { "type": "string", "description": "The Id to use for the new lambda. If not specified a secure random UUID will be generated.\n" }, "name": { "type": "string", "description": "The name of the lambda.\n" }, "type": { "type": "string", "description": "The lambda type. The possible values are:\n* `AppleReconcile`\n* `ClientCredentialsJWTPopulate`\n* `EpicGamesReconcile`\n* `ExternalJWTReconcile`\n* `FacebookReconcile`\n* `GoogleReconcile`\n* `HYPRReconcile`\n* `JWTPopulate`\n* `LDAPConnectorReconcile`\n* `LinkedInReconcile`\n* `LoginValidation`\n* `NintendoReconcile`\n* `OpenIDReconcile`\n* `SAMLv2Populate`\n* `SAMLv2Reconcile`\n* `SCIMServerGroupRequestConverter`\n* `SCIMServerGroupResponseConverter`\n* `SCIMServerUserRequestConverter`\n* `SCIMServerUserResponseConverter`\n* `SelfServiceRegistrationValidation`\n* `SonyPSNReconcile`\n* `SteamReconcile`\n* `TwitchReconcile`\n* `TwitterReconcile`\n* `UserInfoPopulate`\n* `XboxReconcile`\n", "willReplaceOnChanges": true } }, "requiredInputs": [ "body", "type" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthLambda resources.\n", "properties": { "body": { "type": "string", "description": "The lambda function body, a JavaScript function.\n" }, "debug": { "type": "boolean", "description": "Whether or not debug event logging is enabled for this Lambda.\n" }, "enabled": { "type": "boolean", "description": "Whether or not this Lambda is enabled.\n", "deprecationMessage": "Not currently used and may be removed in a future version." }, "engineType": { "type": "string", "description": "The JavaScript execution engine for the lambda.\n" }, "lambdaId": { "type": "string", "description": "The Id to use for the new lambda. If not specified a secure random UUID will be generated.\n" }, "name": { "type": "string", "description": "The name of the lambda.\n" }, "type": { "type": "string", "description": "The lambda type. The possible values are:\n* `AppleReconcile`\n* `ClientCredentialsJWTPopulate`\n* `EpicGamesReconcile`\n* `ExternalJWTReconcile`\n* `FacebookReconcile`\n* `GoogleReconcile`\n* `HYPRReconcile`\n* `JWTPopulate`\n* `LDAPConnectorReconcile`\n* `LinkedInReconcile`\n* `LoginValidation`\n* `NintendoReconcile`\n* `OpenIDReconcile`\n* `SAMLv2Populate`\n* `SAMLv2Reconcile`\n* `SCIMServerGroupRequestConverter`\n* `SCIMServerGroupResponseConverter`\n* `SCIMServerUserRequestConverter`\n* `SCIMServerUserResponseConverter`\n* `SelfServiceRegistrationValidation`\n* `SonyPSNReconcile`\n* `SteamReconcile`\n* `TwitchReconcile`\n* `TwitterReconcile`\n* `UserInfoPopulate`\n* `XboxReconcile`\n", "willReplaceOnChanges": true } }, "type": "object" } }, "fusionauth:index/fusionAuthReactor:FusionAuthReactor": { "description": "## # Reactor Resource\n\nThe Reactor is FusionAuth’s license system. Reactor is used to activate features based upon your licensing tier.\n\n[Reactor API](https://fusionauth.io/docs/v1/tech/apis/reactor)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst reactor = new fusionauth.FusionAuthReactor(\"reactor\", {\n license: \"abc\",\n licenseId: \"xyz\",\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nreactor = fusionauth.FusionAuthReactor(\"reactor\",\n license=\"abc\",\n license_id=\"xyz\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var reactor = new Fusionauth.FusionAuthReactor(\"reactor\", new()\n {\n License = \"abc\",\n LicenseId = \"xyz\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthReactor(ctx, \"reactor\", &fusionauth.FusionAuthReactorArgs{\n\t\t\tLicense: pulumi.String(\"abc\"),\n\t\t\tLicenseId: pulumi.String(\"xyz\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthReactor;\nimport com.pulumi.fusionauth.FusionAuthReactorArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var reactor = new FusionAuthReactor(\"reactor\", FusionAuthReactorArgs.builder()\n .license(\"abc\")\n .licenseId(\"xyz\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reactor:\n type: fusionauth:FusionAuthReactor\n properties:\n license: abc\n licenseId: xyz\n```\n\n", "properties": { "license": { "type": "string", "description": "The Base64 encoded license value. This value is necessary in an air gapped configuration where outbound network access is not available.\n", "secret": true }, "licenseId": { "type": "string", "description": "The license Id to activate.\n", "secret": true } }, "type": "object", "required": [ "licenseId" ], "inputProperties": { "license": { "type": "string", "description": "The Base64 encoded license value. This value is necessary in an air gapped configuration where outbound network access is not available.\n", "secret": true }, "licenseId": { "type": "string", "description": "The license Id to activate.\n", "secret": true } }, "requiredInputs": [ "licenseId" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthReactor resources.\n", "properties": { "license": { "type": "string", "description": "The Base64 encoded license value. This value is necessary in an air gapped configuration where outbound network access is not available.\n", "secret": true }, "licenseId": { "type": "string", "description": "The license Id to activate.\n", "secret": true } }, "type": "object" } }, "fusionauth:index/fusionAuthRegistration:FusionAuthRegistration": { "description": "## # Registration Resource\n\nA registration is the association between a User and an Application that they log into.\n\n[Registrations API](https://fusionauth.io/docs/v1/tech/apis/registrations)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst example = new fusionauth.FusionAuthRegistration(\"example\", {\n userId: fusionauth_user.example.id,\n applicationId: data.fusionauth_application.FusionAuth.id,\n roles: [\"admin\"],\n username: \"theadmin\",\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nexample = fusionauth.FusionAuthRegistration(\"example\",\n user_id=fusionauth_user[\"example\"][\"id\"],\n application_id=data[\"fusionauth_application\"][\"FusionAuth\"][\"id\"],\n roles=[\"admin\"],\n username=\"theadmin\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var example = new Fusionauth.FusionAuthRegistration(\"example\", new()\n {\n UserId = fusionauth_user.Example.Id,\n ApplicationId = data.Fusionauth_application.FusionAuth.Id,\n Roles = new[]\n {\n \"admin\",\n },\n Username = \"theadmin\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthRegistration(ctx, \"example\", &fusionauth.FusionAuthRegistrationArgs{\n\t\t\tUserId: pulumi.Any(fusionauth_user.Example.Id),\n\t\t\tApplicationId: pulumi.Any(data.Fusionauth_application.FusionAuth.Id),\n\t\t\tRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"admin\"),\n\t\t\t},\n\t\t\tUsername: pulumi.String(\"theadmin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthRegistration;\nimport com.pulumi.fusionauth.FusionAuthRegistrationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new FusionAuthRegistration(\"example\", FusionAuthRegistrationArgs.builder()\n .userId(fusionauth_user.example().id())\n .applicationId(data.fusionauth_application().FusionAuth().id())\n .roles(\"admin\")\n .username(\"theadmin\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: fusionauth:FusionAuthRegistration\n properties:\n userId: ${fusionauth_user.example.id}\n applicationId: ${data.fusionauth_application.FusionAuth.id}\n roles:\n - admin\n username: theadmin\n```\n\n", "properties": { "applicationId": { "type": "string", "description": "The Id of the Application that this registration is for.\n" }, "authenticationToken": { "type": "string", "description": "The authentication token that may be used in place of the User’s password when authenticating against this application represented by this registration. This parameter is ignored if generateAuthenticationToken is set to true and instead the value will be generated.\n", "secret": true }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the User for this registration that should be persisted.\n" }, "generateAuthenticationToken": { "type": "boolean", "description": "Determines if FusionAuth should generate an Authentication Token for this registration.\n" }, "preferredLanguages": { "type": "array", "items": { "type": "string" }, "description": "An array of locale strings that give, in order, the User’s preferred languages for this registration. These are important for email templates and other localizable text.\n" }, "registrationId": { "type": "string", "description": "The Id of this registration. If not specified a secure random UUID will be generated.\n" }, "roles": { "type": "array", "items": { "type": "string" }, "description": "The list of roles that the User has for this registration.\n" }, "skipRegistrationValidation": { "type": "boolean", "description": "Indicates to FusionAuth that it should skip registration verification even if it is enabled for the Application.\n" }, "timezone": { "type": "string", "description": "The User’s preferred timezone for this registration. The string will be in an IANA time zone format.\n" }, "userId": { "type": "string", "description": "The Id of the User that is registering for the Application.\n" }, "username": { "type": "string", "description": "The username of the User for this registration only.\n" } }, "type": "object", "required": [ "applicationId", "authenticationToken", "registrationId", "userId" ], "inputProperties": { "applicationId": { "type": "string", "description": "The Id of the Application that this registration is for.\n", "willReplaceOnChanges": true }, "authenticationToken": { "type": "string", "description": "The authentication token that may be used in place of the User’s password when authenticating against this application represented by this registration. This parameter is ignored if generateAuthenticationToken is set to true and instead the value will be generated.\n", "secret": true }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the User for this registration that should be persisted.\n" }, "generateAuthenticationToken": { "type": "boolean", "description": "Determines if FusionAuth should generate an Authentication Token for this registration.\n" }, "preferredLanguages": { "type": "array", "items": { "type": "string" }, "description": "An array of locale strings that give, in order, the User’s preferred languages for this registration. These are important for email templates and other localizable text.\n" }, "registrationId": { "type": "string", "description": "The Id of this registration. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "roles": { "type": "array", "items": { "type": "string" }, "description": "The list of roles that the User has for this registration.\n" }, "skipRegistrationValidation": { "type": "boolean", "description": "Indicates to FusionAuth that it should skip registration verification even if it is enabled for the Application.\n" }, "timezone": { "type": "string", "description": "The User’s preferred timezone for this registration. The string will be in an IANA time zone format.\n" }, "userId": { "type": "string", "description": "The Id of the User that is registering for the Application.\n", "willReplaceOnChanges": true }, "username": { "type": "string", "description": "The username of the User for this registration only.\n" } }, "requiredInputs": [ "applicationId", "userId" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthRegistration resources.\n", "properties": { "applicationId": { "type": "string", "description": "The Id of the Application that this registration is for.\n", "willReplaceOnChanges": true }, "authenticationToken": { "type": "string", "description": "The authentication token that may be used in place of the User’s password when authenticating against this application represented by this registration. This parameter is ignored if generateAuthenticationToken is set to true and instead the value will be generated.\n", "secret": true }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the User for this registration that should be persisted.\n" }, "generateAuthenticationToken": { "type": "boolean", "description": "Determines if FusionAuth should generate an Authentication Token for this registration.\n" }, "preferredLanguages": { "type": "array", "items": { "type": "string" }, "description": "An array of locale strings that give, in order, the User’s preferred languages for this registration. These are important for email templates and other localizable text.\n" }, "registrationId": { "type": "string", "description": "The Id of this registration. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "roles": { "type": "array", "items": { "type": "string" }, "description": "The list of roles that the User has for this registration.\n" }, "skipRegistrationValidation": { "type": "boolean", "description": "Indicates to FusionAuth that it should skip registration verification even if it is enabled for the Application.\n" }, "timezone": { "type": "string", "description": "The User’s preferred timezone for this registration. The string will be in an IANA time zone format.\n" }, "userId": { "type": "string", "description": "The Id of the User that is registering for the Application.\n", "willReplaceOnChanges": true }, "username": { "type": "string", "description": "The username of the User for this registration only.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthSystemConfiguration:FusionAuthSystemConfiguration": { "description": "## # System Configuration Resource\n\nA registration is the association between a User and an Application that they log into.\n\n[System Configuration API](https://fusionauth.io/docs/v1/tech/apis/system)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst example = new fusionauth.FusionAuthSystemConfiguration(\"example\", {\n auditLogConfiguration: {\n \"delete\": {\n enabled: true,\n numberOfDaysToRetain: 367,\n },\n },\n corsConfiguration: {\n allowedMethods: [\n \"POST\",\n \"PUT\",\n ],\n },\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nexample = fusionauth.FusionAuthSystemConfiguration(\"example\",\n audit_log_configuration={\n \"delete\": {\n \"enabled\": True,\n \"number_of_days_to_retain\": 367,\n },\n },\n cors_configuration={\n \"allowed_methods\": [\n \"POST\",\n \"PUT\",\n ],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var example = new Fusionauth.FusionAuthSystemConfiguration(\"example\", new()\n {\n AuditLogConfiguration = new Fusionauth.Inputs.FusionAuthSystemConfigurationAuditLogConfigurationArgs\n {\n Delete = new Fusionauth.Inputs.FusionAuthSystemConfigurationAuditLogConfigurationDeleteArgs\n {\n Enabled = true,\n NumberOfDaysToRetain = 367,\n },\n },\n CorsConfiguration = new Fusionauth.Inputs.FusionAuthSystemConfigurationCorsConfigurationArgs\n {\n AllowedMethods = new[]\n {\n \"POST\",\n \"PUT\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthSystemConfiguration(ctx, \"example\", &fusionauth.FusionAuthSystemConfigurationArgs{\n\t\t\tAuditLogConfiguration: &fusionauth.FusionAuthSystemConfigurationAuditLogConfigurationArgs{\n\t\t\t\tDelete: &fusionauth.FusionAuthSystemConfigurationAuditLogConfigurationDeleteArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tNumberOfDaysToRetain: pulumi.Int(367),\n\t\t\t\t},\n\t\t\t},\n\t\t\tCorsConfiguration: &fusionauth.FusionAuthSystemConfigurationCorsConfigurationArgs{\n\t\t\t\tAllowedMethods: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"POST\"),\n\t\t\t\t\tpulumi.String(\"PUT\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthSystemConfiguration;\nimport com.pulumi.fusionauth.FusionAuthSystemConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthSystemConfigurationAuditLogConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthSystemConfigurationAuditLogConfigurationDeleteArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthSystemConfigurationCorsConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new FusionAuthSystemConfiguration(\"example\", FusionAuthSystemConfigurationArgs.builder()\n .auditLogConfiguration(FusionAuthSystemConfigurationAuditLogConfigurationArgs.builder()\n .delete(FusionAuthSystemConfigurationAuditLogConfigurationDeleteArgs.builder()\n .enabled(true)\n .numberOfDaysToRetain(367)\n .build())\n .build())\n .corsConfiguration(FusionAuthSystemConfigurationCorsConfigurationArgs.builder()\n .allowedMethods( \n \"POST\",\n \"PUT\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: fusionauth:FusionAuthSystemConfiguration\n properties:\n auditLogConfiguration:\n delete:\n enabled: true\n numberOfDaysToRetain: 367\n corsConfiguration:\n allowedMethods:\n - POST\n - PUT\n```\n\n", "properties": { "auditLogConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationAuditLogConfiguration:FusionAuthSystemConfigurationAuditLogConfiguration" }, "corsConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationCorsConfiguration:FusionAuthSystemConfigurationCorsConfiguration" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the System that should be persisted.\n" }, "eventLogConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationEventLogConfiguration:FusionAuthSystemConfigurationEventLogConfiguration" }, "loginRecordConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationLoginRecordConfiguration:FusionAuthSystemConfigurationLoginRecordConfiguration" }, "reportTimezone": { "type": "string", "description": "The time zone used to adjust the stored UTC time when generating reports. Since reports are usually rolled up hourly, this timezone will be used for demarcating the hours.\n" }, "trustedProxyConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationTrustedProxyConfiguration:FusionAuthSystemConfigurationTrustedProxyConfiguration", "description": "The trusted proxy configuration.\n" }, "uiConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationUiConfiguration:FusionAuthSystemConfigurationUiConfiguration" }, "usageDataConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationUsageDataConfiguration:FusionAuthSystemConfigurationUsageDataConfiguration", "description": "The usage data configuration.\n" }, "webhookEventLogConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationWebhookEventLogConfiguration:FusionAuthSystemConfigurationWebhookEventLogConfiguration" } }, "type": "object", "required": [ "auditLogConfiguration", "corsConfiguration", "eventLogConfiguration", "loginRecordConfiguration", "uiConfiguration", "webhookEventLogConfiguration" ], "inputProperties": { "auditLogConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationAuditLogConfiguration:FusionAuthSystemConfigurationAuditLogConfiguration" }, "corsConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationCorsConfiguration:FusionAuthSystemConfigurationCorsConfiguration" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the System that should be persisted.\n" }, "eventLogConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationEventLogConfiguration:FusionAuthSystemConfigurationEventLogConfiguration" }, "loginRecordConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationLoginRecordConfiguration:FusionAuthSystemConfigurationLoginRecordConfiguration" }, "reportTimezone": { "type": "string", "description": "The time zone used to adjust the stored UTC time when generating reports. Since reports are usually rolled up hourly, this timezone will be used for demarcating the hours.\n" }, "trustedProxyConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationTrustedProxyConfiguration:FusionAuthSystemConfigurationTrustedProxyConfiguration", "description": "The trusted proxy configuration.\n" }, "uiConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationUiConfiguration:FusionAuthSystemConfigurationUiConfiguration" }, "usageDataConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationUsageDataConfiguration:FusionAuthSystemConfigurationUsageDataConfiguration", "description": "The usage data configuration.\n" }, "webhookEventLogConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationWebhookEventLogConfiguration:FusionAuthSystemConfigurationWebhookEventLogConfiguration" } }, "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthSystemConfiguration resources.\n", "properties": { "auditLogConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationAuditLogConfiguration:FusionAuthSystemConfigurationAuditLogConfiguration" }, "corsConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationCorsConfiguration:FusionAuthSystemConfigurationCorsConfiguration" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the System that should be persisted.\n" }, "eventLogConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationEventLogConfiguration:FusionAuthSystemConfigurationEventLogConfiguration" }, "loginRecordConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationLoginRecordConfiguration:FusionAuthSystemConfigurationLoginRecordConfiguration" }, "reportTimezone": { "type": "string", "description": "The time zone used to adjust the stored UTC time when generating reports. Since reports are usually rolled up hourly, this timezone will be used for demarcating the hours.\n" }, "trustedProxyConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationTrustedProxyConfiguration:FusionAuthSystemConfigurationTrustedProxyConfiguration", "description": "The trusted proxy configuration.\n" }, "uiConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationUiConfiguration:FusionAuthSystemConfigurationUiConfiguration" }, "usageDataConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationUsageDataConfiguration:FusionAuthSystemConfigurationUsageDataConfiguration", "description": "The usage data configuration.\n" }, "webhookEventLogConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthSystemConfigurationWebhookEventLogConfiguration:FusionAuthSystemConfigurationWebhookEventLogConfiguration" } }, "type": "object" } }, "fusionauth:index/fusionAuthTenant:FusionAuthTenant": { "description": "## # Tenant Resource\n\nA FusionAuth Tenant is a named object that represents a discrete namespace for Users, Applications and Groups. A user is unique by email address or username within a tenant.\n\nTenants may be useful to support a multi-tenant application where you wish to use a single instance of FusionAuth but require the ability to have duplicate users across the tenants in your own application. In this scenario a user may exist multiple times with the same email address and different passwords across tenants.\n\nTenants may also be useful in a test or staging environment to allow multiple users to call APIs and create and modify users without possibility of collision.\n\n[Tenants API](https://fusionauth.io/docs/v1/tech/apis/tenants)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst example = new fusionauth.FusionAuthTenant(\"example\", {\n connectorPolicies: [{\n connectorId: \"b57b3d0f-f7a4-4831-a838-549717362ea8\",\n domains: [\"*\"],\n migrate: false,\n }],\n emailConfiguration: {\n forgotPasswordEmailTemplateId: fusionauth_email.ForgotPassword_Example.id,\n host: \"smtp.sendgrid.net\",\n password: \"password\",\n passwordlessEmailTemplateId: fusionauth_email.PasswordlessLogin_Example.id,\n port: 587,\n security: \"TLS\",\n setPasswordEmailTemplateId: fusionauth_email.SetupPassword_Example.id,\n username: \"username\",\n verifyEmail: true,\n verifyEmailWhenChanged: true,\n additionalHeaders: {\n HeaderName1: \"HeaderValue1\",\n HeaderName2: \"HeaderValue2\",\n },\n },\n eventConfigurations: [\n {\n enabled: false,\n event: \"jwt.public-key.update\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"jwt.refresh-token.revoke\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"jwt.refresh\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"group.create\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"group.create.complete\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"group.delete\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"group.delete.complete\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"group.member.add\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"group.member.add.complete\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"group.member.remove\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"group.member.remove.complete\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"group.member.update\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"group.member.update.complete\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"group.update\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"group.update.complete\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.action\",\n transactionType: \"None\",\n },\n {\n event: \"user.bulk.create\",\n enabled: false,\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.create\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.create.complete\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.deactivate\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.delete\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.delete.complete\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.email.update\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.email.verified\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.identity-provider.link\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.identity-provider.unlink\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.loginId.duplicate.create\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.loginId.duplicate.update\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.login.failed\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.login.new-device\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.login.success\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.login.suspicious\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.password.breach\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.password.reset.send\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.password.reset.start\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.password.reset.success\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.password.update\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.reactivate\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.registration.create\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.registration.create.complete\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.registration.delete\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.registration.delete.complete\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.registration.update\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.registration.update.complete\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.registration.verified\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.two-factor.method.add\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.two-factor.method.remove\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.update\",\n transactionType: \"None\",\n },\n {\n enabled: false,\n event: \"user.update.complete\",\n transactionType: \"None\",\n },\n ],\n externalIdentifierConfiguration: {\n authorizationGrantIdTimeToLiveInSeconds: 30,\n changePasswordIdGenerator: {\n length: 32,\n type: \"randomBytes\",\n },\n changePasswordIdTimeToLiveInSeconds: 600,\n deviceCodeTimeToLiveInSeconds: 1800,\n deviceUserCodeIdGenerator: {\n length: 6,\n type: \"randomAlphaNumeric\",\n },\n emailVerificationIdGenerator: {\n length: 32,\n type: \"randomBytes\",\n },\n emailVerificationIdTimeToLiveInSeconds: 86400,\n emailVerificationOneTimeCodeGenerator: {\n length: 6,\n type: \"randomAlphaNumeric\",\n },\n externalAuthenticationIdTimeToLiveInSeconds: 300,\n loginIntentTimeToLiveInSeconds: 1800,\n oneTimePasswordTimeToLiveInSeconds: 60,\n passwordlessLoginGenerator: {\n length: 32,\n type: \"randomBytes\",\n },\n passwordlessLoginTimeToLiveInSeconds: 600,\n registrationVerificationIdGenerator: {\n length: 32,\n type: \"randomBytes\",\n },\n registrationVerificationIdTimeToLiveInSeconds: 86400,\n registrationVerificationOneTimeCodeGenerator: {\n length: 6,\n type: \"randomAlphaNumeric\",\n },\n samlV2AuthnRequestIdTtlSeconds: 300,\n setupPasswordIdGenerator: {\n length: 32,\n type: \"randomBytes\",\n },\n setupPasswordIdTimeToLiveInSeconds: 86400,\n twoFactorIdTimeToLiveInSeconds: 300,\n twoFactorOneTimeCodeIdGenerator: {\n length: 6,\n type: \"randomDigits\",\n },\n twoFactorOneTimeCodeIdTimeToLiveInSeconds: 60,\n twoFactorTrustIdTimeToLiveInSeconds: 2592000,\n },\n failedAuthenticationConfiguration: {\n actionDuration: 3,\n actionDurationUnit: \"MINUTES\",\n resetCountInSeconds: 60,\n tooManyAttempts: 5,\n },\n familyConfiguration: {\n allowChildRegistrations: true,\n deleteOrphanedAccounts: false,\n deleteOrphanedAccountsDays: 30,\n enabled: true,\n maximumChildAge: 12,\n minimumOwnerAge: 21,\n parentEmailRequired: false,\n },\n formConfiguration: {\n adminUserFormId: \"e92751a5-25f4-4bca-ad91-66cdf67725d2\",\n },\n httpSessionMaxInactiveInterval: 3600,\n issuer: \"https://example.com\",\n jwtConfigurations: [{\n accessTokenKeyId: fusionauth_key.accesstoken.id,\n idTokenKeyId: fusionauth_key.idtoken.id,\n refreshTokenTimeToLiveInMinutes: 43200,\n timeToLiveInSeconds: 3600,\n }],\n loginConfiguration: {\n requireAuthentication: true,\n },\n maximumPasswordAge: {\n days: 180,\n enabled: false,\n },\n minimumPasswordAge: {\n enabled: false,\n seconds: 30,\n },\n oauthConfigurations: [{\n clientCredentialsAccessTokenPopulateLambdaId: fusionauth_lambda.client_jwt_populate.id,\n }],\n passwordEncryptionConfigurations: [{\n encryptionScheme: \"salted-pbkdf2-hmac-sha256\",\n encryptionSchemeFactor: 24000,\n modifyEncryptionSchemeOnLogin: false,\n }],\n passwordValidationRules: {\n maxLength: 256,\n minLength: 7,\n rememberPreviousPasswords: {\n count: 1,\n enabled: false,\n },\n requiredMixedCase: false,\n requireNonAlpha: false,\n requireNumber: false,\n validateOnLogin: false,\n },\n rateLimitConfiguration: {\n failedLogin: {\n enabled: true,\n limit: 5,\n timePeriodInSeconds: 60,\n },\n forgotPassword: {\n enabled: false,\n limit: 5,\n timePeriodInSeconds: 60,\n },\n sendEmailVerification: {\n enabled: false,\n limit: 5,\n timePeriodInSeconds: 60,\n },\n sendPasswordless: {\n enabled: false,\n limit: 5,\n timePeriodInSeconds: 60,\n },\n sendRegistrationVerification: {\n enabled: false,\n limit: 5,\n timePeriodInSeconds: 60,\n },\n sendTwoFactor: {\n enabled: false,\n limit: 5,\n timePeriodInSeconds: 60,\n },\n },\n registrationConfiguration: {\n blockedDomains: [\"example.com\"],\n },\n captchaConfiguration: {\n enabled: true,\n captchaMethod: \"GoogleRecaptchaV3\",\n siteKey: \"captcha_site_key\",\n secretKey: \"captcha_secret_key\",\n threshold: 0.5,\n },\n themeId: fusionauth_theme.example_theme.id,\n userDeletePolicy: {\n unverifiedEnabled: false,\n unverifiedNumberOfDaysToRetain: 30,\n },\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nexample = fusionauth.FusionAuthTenant(\"example\",\n connector_policies=[{\n \"connector_id\": \"b57b3d0f-f7a4-4831-a838-549717362ea8\",\n \"domains\": [\"*\"],\n \"migrate\": False,\n }],\n email_configuration={\n \"forgot_password_email_template_id\": fusionauth_email[\"ForgotPassword_Example\"][\"id\"],\n \"host\": \"smtp.sendgrid.net\",\n \"password\": \"password\",\n \"passwordless_email_template_id\": fusionauth_email[\"PasswordlessLogin_Example\"][\"id\"],\n \"port\": 587,\n \"security\": \"TLS\",\n \"set_password_email_template_id\": fusionauth_email[\"SetupPassword_Example\"][\"id\"],\n \"username\": \"username\",\n \"verify_email\": True,\n \"verify_email_when_changed\": True,\n \"additional_headers\": {\n \"HeaderName1\": \"HeaderValue1\",\n \"HeaderName2\": \"HeaderValue2\",\n },\n },\n event_configurations=[\n {\n \"enabled\": False,\n \"event\": \"jwt.public-key.update\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"jwt.refresh-token.revoke\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"jwt.refresh\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"group.create\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"group.create.complete\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"group.delete\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"group.delete.complete\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"group.member.add\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"group.member.add.complete\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"group.member.remove\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"group.member.remove.complete\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"group.member.update\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"group.member.update.complete\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"group.update\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"group.update.complete\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.action\",\n \"transaction_type\": \"None\",\n },\n {\n \"event\": \"user.bulk.create\",\n \"enabled\": False,\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.create\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.create.complete\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.deactivate\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.delete\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.delete.complete\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.email.update\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.email.verified\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.identity-provider.link\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.identity-provider.unlink\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.loginId.duplicate.create\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.loginId.duplicate.update\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.login.failed\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.login.new-device\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.login.success\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.login.suspicious\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.password.breach\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.password.reset.send\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.password.reset.start\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.password.reset.success\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.password.update\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.reactivate\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.registration.create\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.registration.create.complete\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.registration.delete\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.registration.delete.complete\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.registration.update\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.registration.update.complete\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.registration.verified\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.two-factor.method.add\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.two-factor.method.remove\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.update\",\n \"transaction_type\": \"None\",\n },\n {\n \"enabled\": False,\n \"event\": \"user.update.complete\",\n \"transaction_type\": \"None\",\n },\n ],\n external_identifier_configuration={\n \"authorization_grant_id_time_to_live_in_seconds\": 30,\n \"change_password_id_generator\": {\n \"length\": 32,\n \"type\": \"randomBytes\",\n },\n \"change_password_id_time_to_live_in_seconds\": 600,\n \"device_code_time_to_live_in_seconds\": 1800,\n \"device_user_code_id_generator\": {\n \"length\": 6,\n \"type\": \"randomAlphaNumeric\",\n },\n \"email_verification_id_generator\": {\n \"length\": 32,\n \"type\": \"randomBytes\",\n },\n \"email_verification_id_time_to_live_in_seconds\": 86400,\n \"email_verification_one_time_code_generator\": {\n \"length\": 6,\n \"type\": \"randomAlphaNumeric\",\n },\n \"external_authentication_id_time_to_live_in_seconds\": 300,\n \"login_intent_time_to_live_in_seconds\": 1800,\n \"one_time_password_time_to_live_in_seconds\": 60,\n \"passwordless_login_generator\": {\n \"length\": 32,\n \"type\": \"randomBytes\",\n },\n \"passwordless_login_time_to_live_in_seconds\": 600,\n \"registration_verification_id_generator\": {\n \"length\": 32,\n \"type\": \"randomBytes\",\n },\n \"registration_verification_id_time_to_live_in_seconds\": 86400,\n \"registration_verification_one_time_code_generator\": {\n \"length\": 6,\n \"type\": \"randomAlphaNumeric\",\n },\n \"saml_v2_authn_request_id_ttl_seconds\": 300,\n \"setup_password_id_generator\": {\n \"length\": 32,\n \"type\": \"randomBytes\",\n },\n \"setup_password_id_time_to_live_in_seconds\": 86400,\n \"two_factor_id_time_to_live_in_seconds\": 300,\n \"two_factor_one_time_code_id_generator\": {\n \"length\": 6,\n \"type\": \"randomDigits\",\n },\n \"two_factor_one_time_code_id_time_to_live_in_seconds\": 60,\n \"two_factor_trust_id_time_to_live_in_seconds\": 2592000,\n },\n failed_authentication_configuration={\n \"action_duration\": 3,\n \"action_duration_unit\": \"MINUTES\",\n \"reset_count_in_seconds\": 60,\n \"too_many_attempts\": 5,\n },\n family_configuration={\n \"allow_child_registrations\": True,\n \"delete_orphaned_accounts\": False,\n \"delete_orphaned_accounts_days\": 30,\n \"enabled\": True,\n \"maximum_child_age\": 12,\n \"minimum_owner_age\": 21,\n \"parent_email_required\": False,\n },\n form_configuration={\n \"admin_user_form_id\": \"e92751a5-25f4-4bca-ad91-66cdf67725d2\",\n },\n http_session_max_inactive_interval=3600,\n issuer=\"https://example.com\",\n jwt_configurations=[{\n \"access_token_key_id\": fusionauth_key[\"accesstoken\"][\"id\"],\n \"id_token_key_id\": fusionauth_key[\"idtoken\"][\"id\"],\n \"refresh_token_time_to_live_in_minutes\": 43200,\n \"time_to_live_in_seconds\": 3600,\n }],\n login_configuration={\n \"require_authentication\": True,\n },\n maximum_password_age={\n \"days\": 180,\n \"enabled\": False,\n },\n minimum_password_age={\n \"enabled\": False,\n \"seconds\": 30,\n },\n oauth_configurations=[{\n \"client_credentials_access_token_populate_lambda_id\": fusionauth_lambda[\"client_jwt_populate\"][\"id\"],\n }],\n password_encryption_configurations=[{\n \"encryption_scheme\": \"salted-pbkdf2-hmac-sha256\",\n \"encryption_scheme_factor\": 24000,\n \"modify_encryption_scheme_on_login\": False,\n }],\n password_validation_rules={\n \"max_length\": 256,\n \"min_length\": 7,\n \"remember_previous_passwords\": {\n \"count\": 1,\n \"enabled\": False,\n },\n \"required_mixed_case\": False,\n \"require_non_alpha\": False,\n \"require_number\": False,\n \"validate_on_login\": False,\n },\n rate_limit_configuration={\n \"failed_login\": {\n \"enabled\": True,\n \"limit\": 5,\n \"time_period_in_seconds\": 60,\n },\n \"forgot_password\": {\n \"enabled\": False,\n \"limit\": 5,\n \"time_period_in_seconds\": 60,\n },\n \"send_email_verification\": {\n \"enabled\": False,\n \"limit\": 5,\n \"time_period_in_seconds\": 60,\n },\n \"send_passwordless\": {\n \"enabled\": False,\n \"limit\": 5,\n \"time_period_in_seconds\": 60,\n },\n \"send_registration_verification\": {\n \"enabled\": False,\n \"limit\": 5,\n \"time_period_in_seconds\": 60,\n },\n \"send_two_factor\": {\n \"enabled\": False,\n \"limit\": 5,\n \"time_period_in_seconds\": 60,\n },\n },\n registration_configuration={\n \"blocked_domains\": [\"example.com\"],\n },\n captcha_configuration={\n \"enabled\": True,\n \"captcha_method\": \"GoogleRecaptchaV3\",\n \"site_key\": \"captcha_site_key\",\n \"secret_key\": \"captcha_secret_key\",\n \"threshold\": 0.5,\n },\n theme_id=fusionauth_theme[\"example_theme\"][\"id\"],\n user_delete_policy={\n \"unverified_enabled\": False,\n \"unverified_number_of_days_to_retain\": 30,\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var example = new Fusionauth.FusionAuthTenant(\"example\", new()\n {\n ConnectorPolicies = new[]\n {\n new Fusionauth.Inputs.FusionAuthTenantConnectorPolicyArgs\n {\n ConnectorId = \"b57b3d0f-f7a4-4831-a838-549717362ea8\",\n Domains = new[]\n {\n \"*\",\n },\n Migrate = false,\n },\n },\n EmailConfiguration = new Fusionauth.Inputs.FusionAuthTenantEmailConfigurationArgs\n {\n ForgotPasswordEmailTemplateId = fusionauth_email.ForgotPassword_Example.Id,\n Host = \"smtp.sendgrid.net\",\n Password = \"password\",\n PasswordlessEmailTemplateId = fusionauth_email.PasswordlessLogin_Example.Id,\n Port = 587,\n Security = \"TLS\",\n SetPasswordEmailTemplateId = fusionauth_email.SetupPassword_Example.Id,\n Username = \"username\",\n VerifyEmail = true,\n VerifyEmailWhenChanged = true,\n AdditionalHeaders = \n {\n { \"HeaderName1\", \"HeaderValue1\" },\n { \"HeaderName2\", \"HeaderValue2\" },\n },\n },\n EventConfigurations = new[]\n {\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"jwt.public-key.update\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"jwt.refresh-token.revoke\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"jwt.refresh\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"group.create\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"group.create.complete\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"group.delete\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"group.delete.complete\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"group.member.add\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"group.member.add.complete\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"group.member.remove\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"group.member.remove.complete\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"group.member.update\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"group.member.update.complete\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"group.update\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"group.update.complete\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.action\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Event = \"user.bulk.create\",\n Enabled = false,\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.create\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.create.complete\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.deactivate\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.delete\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.delete.complete\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.email.update\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.email.verified\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.identity-provider.link\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.identity-provider.unlink\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.loginId.duplicate.create\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.loginId.duplicate.update\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.login.failed\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.login.new-device\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.login.success\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.login.suspicious\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.password.breach\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.password.reset.send\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.password.reset.start\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.password.reset.success\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.password.update\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.reactivate\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.registration.create\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.registration.create.complete\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.registration.delete\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.registration.delete.complete\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.registration.update\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.registration.update.complete\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.registration.verified\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.two-factor.method.add\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.two-factor.method.remove\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.update\",\n TransactionType = \"None\",\n },\n new Fusionauth.Inputs.FusionAuthTenantEventConfigurationArgs\n {\n Enabled = false,\n Event = \"user.update.complete\",\n TransactionType = \"None\",\n },\n },\n ExternalIdentifierConfiguration = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationArgs\n {\n AuthorizationGrantIdTimeToLiveInSeconds = 30,\n ChangePasswordIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGeneratorArgs\n {\n Length = 32,\n Type = \"randomBytes\",\n },\n ChangePasswordIdTimeToLiveInSeconds = 600,\n DeviceCodeTimeToLiveInSeconds = 1800,\n DeviceUserCodeIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGeneratorArgs\n {\n Length = 6,\n Type = \"randomAlphaNumeric\",\n },\n EmailVerificationIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGeneratorArgs\n {\n Length = 32,\n Type = \"randomBytes\",\n },\n EmailVerificationIdTimeToLiveInSeconds = 86400,\n EmailVerificationOneTimeCodeGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGeneratorArgs\n {\n Length = 6,\n Type = \"randomAlphaNumeric\",\n },\n ExternalAuthenticationIdTimeToLiveInSeconds = 300,\n LoginIntentTimeToLiveInSeconds = 1800,\n OneTimePasswordTimeToLiveInSeconds = 60,\n PasswordlessLoginGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGeneratorArgs\n {\n Length = 32,\n Type = \"randomBytes\",\n },\n PasswordlessLoginTimeToLiveInSeconds = 600,\n RegistrationVerificationIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGeneratorArgs\n {\n Length = 32,\n Type = \"randomBytes\",\n },\n RegistrationVerificationIdTimeToLiveInSeconds = 86400,\n RegistrationVerificationOneTimeCodeGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGeneratorArgs\n {\n Length = 6,\n Type = \"randomAlphaNumeric\",\n },\n SamlV2AuthnRequestIdTtlSeconds = 300,\n SetupPasswordIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGeneratorArgs\n {\n Length = 32,\n Type = \"randomBytes\",\n },\n SetupPasswordIdTimeToLiveInSeconds = 86400,\n TwoFactorIdTimeToLiveInSeconds = 300,\n TwoFactorOneTimeCodeIdGenerator = new Fusionauth.Inputs.FusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGeneratorArgs\n {\n Length = 6,\n Type = \"randomDigits\",\n },\n TwoFactorOneTimeCodeIdTimeToLiveInSeconds = 60,\n TwoFactorTrustIdTimeToLiveInSeconds = 2592000,\n },\n FailedAuthenticationConfiguration = new Fusionauth.Inputs.FusionAuthTenantFailedAuthenticationConfigurationArgs\n {\n ActionDuration = 3,\n ActionDurationUnit = \"MINUTES\",\n ResetCountInSeconds = 60,\n TooManyAttempts = 5,\n },\n FamilyConfiguration = new Fusionauth.Inputs.FusionAuthTenantFamilyConfigurationArgs\n {\n AllowChildRegistrations = true,\n DeleteOrphanedAccounts = false,\n DeleteOrphanedAccountsDays = 30,\n Enabled = true,\n MaximumChildAge = 12,\n MinimumOwnerAge = 21,\n ParentEmailRequired = false,\n },\n FormConfiguration = new Fusionauth.Inputs.FusionAuthTenantFormConfigurationArgs\n {\n AdminUserFormId = \"e92751a5-25f4-4bca-ad91-66cdf67725d2\",\n },\n HttpSessionMaxInactiveInterval = 3600,\n Issuer = \"https://example.com\",\n JwtConfigurations = new[]\n {\n new Fusionauth.Inputs.FusionAuthTenantJwtConfigurationArgs\n {\n AccessTokenKeyId = fusionauth_key.Accesstoken.Id,\n IdTokenKeyId = fusionauth_key.Idtoken.Id,\n RefreshTokenTimeToLiveInMinutes = 43200,\n TimeToLiveInSeconds = 3600,\n },\n },\n LoginConfiguration = new Fusionauth.Inputs.FusionAuthTenantLoginConfigurationArgs\n {\n RequireAuthentication = true,\n },\n MaximumPasswordAge = new Fusionauth.Inputs.FusionAuthTenantMaximumPasswordAgeArgs\n {\n Days = 180,\n Enabled = false,\n },\n MinimumPasswordAge = new Fusionauth.Inputs.FusionAuthTenantMinimumPasswordAgeArgs\n {\n Enabled = false,\n Seconds = 30,\n },\n OauthConfigurations = new[]\n {\n new Fusionauth.Inputs.FusionAuthTenantOauthConfigurationArgs\n {\n ClientCredentialsAccessTokenPopulateLambdaId = fusionauth_lambda.Client_jwt_populate.Id,\n },\n },\n PasswordEncryptionConfigurations = new[]\n {\n new Fusionauth.Inputs.FusionAuthTenantPasswordEncryptionConfigurationArgs\n {\n EncryptionScheme = \"salted-pbkdf2-hmac-sha256\",\n EncryptionSchemeFactor = 24000,\n ModifyEncryptionSchemeOnLogin = false,\n },\n },\n PasswordValidationRules = new Fusionauth.Inputs.FusionAuthTenantPasswordValidationRulesArgs\n {\n MaxLength = 256,\n MinLength = 7,\n RememberPreviousPasswords = new Fusionauth.Inputs.FusionAuthTenantPasswordValidationRulesRememberPreviousPasswordsArgs\n {\n Count = 1,\n Enabled = false,\n },\n RequiredMixedCase = false,\n RequireNonAlpha = false,\n RequireNumber = false,\n ValidateOnLogin = false,\n },\n RateLimitConfiguration = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationArgs\n {\n FailedLogin = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationFailedLoginArgs\n {\n Enabled = true,\n Limit = 5,\n TimePeriodInSeconds = 60,\n },\n ForgotPassword = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationForgotPasswordArgs\n {\n Enabled = false,\n Limit = 5,\n TimePeriodInSeconds = 60,\n },\n SendEmailVerification = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationSendEmailVerificationArgs\n {\n Enabled = false,\n Limit = 5,\n TimePeriodInSeconds = 60,\n },\n SendPasswordless = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationSendPasswordlessArgs\n {\n Enabled = false,\n Limit = 5,\n TimePeriodInSeconds = 60,\n },\n SendRegistrationVerification = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationSendRegistrationVerificationArgs\n {\n Enabled = false,\n Limit = 5,\n TimePeriodInSeconds = 60,\n },\n SendTwoFactor = new Fusionauth.Inputs.FusionAuthTenantRateLimitConfigurationSendTwoFactorArgs\n {\n Enabled = false,\n Limit = 5,\n TimePeriodInSeconds = 60,\n },\n },\n RegistrationConfiguration = new Fusionauth.Inputs.FusionAuthTenantRegistrationConfigurationArgs\n {\n BlockedDomains = new[]\n {\n \"example.com\",\n },\n },\n CaptchaConfiguration = new Fusionauth.Inputs.FusionAuthTenantCaptchaConfigurationArgs\n {\n Enabled = true,\n CaptchaMethod = \"GoogleRecaptchaV3\",\n SiteKey = \"captcha_site_key\",\n SecretKey = \"captcha_secret_key\",\n Threshold = 0.5,\n },\n ThemeId = fusionauth_theme.Example_theme.Id,\n UserDeletePolicy = new Fusionauth.Inputs.FusionAuthTenantUserDeletePolicyArgs\n {\n UnverifiedEnabled = false,\n UnverifiedNumberOfDaysToRetain = 30,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthTenant(ctx, \"example\", &fusionauth.FusionAuthTenantArgs{\n\t\t\tConnectorPolicies: fusionauth.FusionAuthTenantConnectorPolicyArray{\n\t\t\t\t&fusionauth.FusionAuthTenantConnectorPolicyArgs{\n\t\t\t\t\tConnectorId: pulumi.String(\"b57b3d0f-f7a4-4831-a838-549717362ea8\"),\n\t\t\t\t\tDomains: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t},\n\t\t\t\t\tMigrate: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEmailConfiguration: &fusionauth.FusionAuthTenantEmailConfigurationArgs{\n\t\t\t\tForgotPasswordEmailTemplateId: pulumi.Any(fusionauth_email.ForgotPassword_Example.Id),\n\t\t\t\tHost: pulumi.String(\"smtp.sendgrid.net\"),\n\t\t\t\tPassword: pulumi.String(\"password\"),\n\t\t\t\tPasswordlessEmailTemplateId: pulumi.Any(fusionauth_email.PasswordlessLogin_Example.Id),\n\t\t\t\tPort: pulumi.Int(587),\n\t\t\t\tSecurity: pulumi.String(\"TLS\"),\n\t\t\t\tSetPasswordEmailTemplateId: pulumi.Any(fusionauth_email.SetupPassword_Example.Id),\n\t\t\t\tUsername: pulumi.String(\"username\"),\n\t\t\t\tVerifyEmail: pulumi.Bool(true),\n\t\t\t\tVerifyEmailWhenChanged: pulumi.Bool(true),\n\t\t\t\tAdditionalHeaders: pulumi.StringMap{\n\t\t\t\t\t\"HeaderName1\": pulumi.String(\"HeaderValue1\"),\n\t\t\t\t\t\"HeaderName2\": pulumi.String(\"HeaderValue2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEventConfigurations: fusionauth.FusionAuthTenantEventConfigurationArray{\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"jwt.public-key.update\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"jwt.refresh-token.revoke\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"jwt.refresh\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"group.create\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"group.create.complete\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"group.delete\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"group.delete.complete\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"group.member.add\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"group.member.add.complete\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"group.member.remove\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"group.member.remove.complete\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"group.member.update\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"group.member.update.complete\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"group.update\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"group.update.complete\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.action\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEvent: pulumi.String(\"user.bulk.create\"),\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.create\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.create.complete\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.deactivate\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.delete\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.delete.complete\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.email.update\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.email.verified\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.identity-provider.link\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.identity-provider.unlink\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.loginId.duplicate.create\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.loginId.duplicate.update\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.login.failed\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.login.new-device\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.login.success\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.login.suspicious\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.password.breach\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.password.reset.send\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.password.reset.start\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.password.reset.success\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.password.update\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.reactivate\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.registration.create\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.registration.create.complete\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.registration.delete\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.registration.delete.complete\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.registration.update\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.registration.update.complete\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.registration.verified\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.two-factor.method.add\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.two-factor.method.remove\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.update\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t\t&fusionauth.FusionAuthTenantEventConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tEvent: pulumi.String(\"user.update.complete\"),\n\t\t\t\t\tTransactionType: pulumi.String(\"None\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tExternalIdentifierConfiguration: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationArgs{\n\t\t\t\tAuthorizationGrantIdTimeToLiveInSeconds: pulumi.Int(30),\n\t\t\t\tChangePasswordIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGeneratorArgs{\n\t\t\t\t\tLength: pulumi.Int(32),\n\t\t\t\t\tType: pulumi.String(\"randomBytes\"),\n\t\t\t\t},\n\t\t\t\tChangePasswordIdTimeToLiveInSeconds: pulumi.Int(600),\n\t\t\t\tDeviceCodeTimeToLiveInSeconds: pulumi.Int(1800),\n\t\t\t\tDeviceUserCodeIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGeneratorArgs{\n\t\t\t\t\tLength: pulumi.Int(6),\n\t\t\t\t\tType: pulumi.String(\"randomAlphaNumeric\"),\n\t\t\t\t},\n\t\t\t\tEmailVerificationIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGeneratorArgs{\n\t\t\t\t\tLength: pulumi.Int(32),\n\t\t\t\t\tType: pulumi.String(\"randomBytes\"),\n\t\t\t\t},\n\t\t\t\tEmailVerificationIdTimeToLiveInSeconds: pulumi.Int(86400),\n\t\t\t\tEmailVerificationOneTimeCodeGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGeneratorArgs{\n\t\t\t\t\tLength: pulumi.Int(6),\n\t\t\t\t\tType: pulumi.String(\"randomAlphaNumeric\"),\n\t\t\t\t},\n\t\t\t\tExternalAuthenticationIdTimeToLiveInSeconds: pulumi.Int(300),\n\t\t\t\tLoginIntentTimeToLiveInSeconds: pulumi.Int(1800),\n\t\t\t\tOneTimePasswordTimeToLiveInSeconds: pulumi.Int(60),\n\t\t\t\tPasswordlessLoginGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGeneratorArgs{\n\t\t\t\t\tLength: pulumi.Int(32),\n\t\t\t\t\tType: pulumi.String(\"randomBytes\"),\n\t\t\t\t},\n\t\t\t\tPasswordlessLoginTimeToLiveInSeconds: pulumi.Int(600),\n\t\t\t\tRegistrationVerificationIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGeneratorArgs{\n\t\t\t\t\tLength: pulumi.Int(32),\n\t\t\t\t\tType: pulumi.String(\"randomBytes\"),\n\t\t\t\t},\n\t\t\t\tRegistrationVerificationIdTimeToLiveInSeconds: pulumi.Int(86400),\n\t\t\t\tRegistrationVerificationOneTimeCodeGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGeneratorArgs{\n\t\t\t\t\tLength: pulumi.Int(6),\n\t\t\t\t\tType: pulumi.String(\"randomAlphaNumeric\"),\n\t\t\t\t},\n\t\t\t\tSamlV2AuthnRequestIdTtlSeconds: pulumi.Int(300),\n\t\t\t\tSetupPasswordIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGeneratorArgs{\n\t\t\t\t\tLength: pulumi.Int(32),\n\t\t\t\t\tType: pulumi.String(\"randomBytes\"),\n\t\t\t\t},\n\t\t\t\tSetupPasswordIdTimeToLiveInSeconds: pulumi.Int(86400),\n\t\t\t\tTwoFactorIdTimeToLiveInSeconds: pulumi.Int(300),\n\t\t\t\tTwoFactorOneTimeCodeIdGenerator: &fusionauth.FusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGeneratorArgs{\n\t\t\t\t\tLength: pulumi.Int(6),\n\t\t\t\t\tType: pulumi.String(\"randomDigits\"),\n\t\t\t\t},\n\t\t\t\tTwoFactorOneTimeCodeIdTimeToLiveInSeconds: pulumi.Int(60),\n\t\t\t\tTwoFactorTrustIdTimeToLiveInSeconds: pulumi.Int(2592000),\n\t\t\t},\n\t\t\tFailedAuthenticationConfiguration: &fusionauth.FusionAuthTenantFailedAuthenticationConfigurationArgs{\n\t\t\t\tActionDuration: pulumi.Int(3),\n\t\t\t\tActionDurationUnit: pulumi.String(\"MINUTES\"),\n\t\t\t\tResetCountInSeconds: pulumi.Int(60),\n\t\t\t\tTooManyAttempts: pulumi.Int(5),\n\t\t\t},\n\t\t\tFamilyConfiguration: &fusionauth.FusionAuthTenantFamilyConfigurationArgs{\n\t\t\t\tAllowChildRegistrations: pulumi.Bool(true),\n\t\t\t\tDeleteOrphanedAccounts: pulumi.Bool(false),\n\t\t\t\tDeleteOrphanedAccountsDays: pulumi.Int(30),\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tMaximumChildAge: pulumi.Int(12),\n\t\t\t\tMinimumOwnerAge: pulumi.Int(21),\n\t\t\t\tParentEmailRequired: pulumi.Bool(false),\n\t\t\t},\n\t\t\tFormConfiguration: &fusionauth.FusionAuthTenantFormConfigurationArgs{\n\t\t\t\tAdminUserFormId: pulumi.String(\"e92751a5-25f4-4bca-ad91-66cdf67725d2\"),\n\t\t\t},\n\t\t\tHttpSessionMaxInactiveInterval: pulumi.Int(3600),\n\t\t\tIssuer: pulumi.String(\"https://example.com\"),\n\t\t\tJwtConfigurations: fusionauth.FusionAuthTenantJwtConfigurationArray{\n\t\t\t\t&fusionauth.FusionAuthTenantJwtConfigurationArgs{\n\t\t\t\t\tAccessTokenKeyId: pulumi.Any(fusionauth_key.Accesstoken.Id),\n\t\t\t\t\tIdTokenKeyId: pulumi.Any(fusionauth_key.Idtoken.Id),\n\t\t\t\t\tRefreshTokenTimeToLiveInMinutes: pulumi.Int(43200),\n\t\t\t\t\tTimeToLiveInSeconds: pulumi.Int(3600),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLoginConfiguration: &fusionauth.FusionAuthTenantLoginConfigurationArgs{\n\t\t\t\tRequireAuthentication: pulumi.Bool(true),\n\t\t\t},\n\t\t\tMaximumPasswordAge: &fusionauth.FusionAuthTenantMaximumPasswordAgeArgs{\n\t\t\t\tDays: pulumi.Int(180),\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tMinimumPasswordAge: &fusionauth.FusionAuthTenantMinimumPasswordAgeArgs{\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\tSeconds: pulumi.Int(30),\n\t\t\t},\n\t\t\tOauthConfigurations: fusionauth.FusionAuthTenantOauthConfigurationArray{\n\t\t\t\t&fusionauth.FusionAuthTenantOauthConfigurationArgs{\n\t\t\t\t\tClientCredentialsAccessTokenPopulateLambdaId: pulumi.Any(fusionauth_lambda.Client_jwt_populate.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPasswordEncryptionConfigurations: fusionauth.FusionAuthTenantPasswordEncryptionConfigurationArray{\n\t\t\t\t&fusionauth.FusionAuthTenantPasswordEncryptionConfigurationArgs{\n\t\t\t\t\tEncryptionScheme: pulumi.String(\"salted-pbkdf2-hmac-sha256\"),\n\t\t\t\t\tEncryptionSchemeFactor: pulumi.Int(24000),\n\t\t\t\t\tModifyEncryptionSchemeOnLogin: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPasswordValidationRules: &fusionauth.FusionAuthTenantPasswordValidationRulesArgs{\n\t\t\t\tMaxLength: pulumi.Int(256),\n\t\t\t\tMinLength: pulumi.Int(7),\n\t\t\t\tRememberPreviousPasswords: &fusionauth.FusionAuthTenantPasswordValidationRulesRememberPreviousPasswordsArgs{\n\t\t\t\t\tCount: pulumi.Int(1),\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t\tRequiredMixedCase: pulumi.Bool(false),\n\t\t\t\tRequireNonAlpha: pulumi.Bool(false),\n\t\t\t\tRequireNumber: pulumi.Bool(false),\n\t\t\t\tValidateOnLogin: pulumi.Bool(false),\n\t\t\t},\n\t\t\tRateLimitConfiguration: &fusionauth.FusionAuthTenantRateLimitConfigurationArgs{\n\t\t\t\tFailedLogin: &fusionauth.FusionAuthTenantRateLimitConfigurationFailedLoginArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tLimit: pulumi.Int(5),\n\t\t\t\t\tTimePeriodInSeconds: pulumi.Int(60),\n\t\t\t\t},\n\t\t\t\tForgotPassword: &fusionauth.FusionAuthTenantRateLimitConfigurationForgotPasswordArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tLimit: pulumi.Int(5),\n\t\t\t\t\tTimePeriodInSeconds: pulumi.Int(60),\n\t\t\t\t},\n\t\t\t\tSendEmailVerification: &fusionauth.FusionAuthTenantRateLimitConfigurationSendEmailVerificationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tLimit: pulumi.Int(5),\n\t\t\t\t\tTimePeriodInSeconds: pulumi.Int(60),\n\t\t\t\t},\n\t\t\t\tSendPasswordless: &fusionauth.FusionAuthTenantRateLimitConfigurationSendPasswordlessArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tLimit: pulumi.Int(5),\n\t\t\t\t\tTimePeriodInSeconds: pulumi.Int(60),\n\t\t\t\t},\n\t\t\t\tSendRegistrationVerification: &fusionauth.FusionAuthTenantRateLimitConfigurationSendRegistrationVerificationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tLimit: pulumi.Int(5),\n\t\t\t\t\tTimePeriodInSeconds: pulumi.Int(60),\n\t\t\t\t},\n\t\t\t\tSendTwoFactor: &fusionauth.FusionAuthTenantRateLimitConfigurationSendTwoFactorArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t\t\tLimit: pulumi.Int(5),\n\t\t\t\t\tTimePeriodInSeconds: pulumi.Int(60),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRegistrationConfiguration: &fusionauth.FusionAuthTenantRegistrationConfigurationArgs{\n\t\t\t\tBlockedDomains: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"example.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tCaptchaConfiguration: &fusionauth.FusionAuthTenantCaptchaConfigurationArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tCaptchaMethod: pulumi.String(\"GoogleRecaptchaV3\"),\n\t\t\t\tSiteKey: pulumi.String(\"captcha_site_key\"),\n\t\t\t\tSecretKey: pulumi.String(\"captcha_secret_key\"),\n\t\t\t\tThreshold: pulumi.Float64(0.5),\n\t\t\t},\n\t\t\tThemeId: pulumi.Any(fusionauth_theme.Example_theme.Id),\n\t\t\tUserDeletePolicy: &fusionauth.FusionAuthTenantUserDeletePolicyArgs{\n\t\t\t\tUnverifiedEnabled: pulumi.Bool(false),\n\t\t\t\tUnverifiedNumberOfDaysToRetain: pulumi.Int(30),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthTenant;\nimport com.pulumi.fusionauth.FusionAuthTenantArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantConnectorPolicyArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantEmailConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantEventConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGeneratorArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGeneratorArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGeneratorArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGeneratorArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGeneratorArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGeneratorArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGeneratorArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGeneratorArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGeneratorArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantFailedAuthenticationConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantFamilyConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantFormConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantJwtConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantLoginConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantMaximumPasswordAgeArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantMinimumPasswordAgeArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantOauthConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantPasswordEncryptionConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantPasswordValidationRulesArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantPasswordValidationRulesRememberPreviousPasswordsArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantRateLimitConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantRateLimitConfigurationFailedLoginArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantRateLimitConfigurationForgotPasswordArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantRateLimitConfigurationSendEmailVerificationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantRateLimitConfigurationSendPasswordlessArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantRateLimitConfigurationSendRegistrationVerificationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantRateLimitConfigurationSendTwoFactorArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantRegistrationConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantCaptchaConfigurationArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthTenantUserDeletePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new FusionAuthTenant(\"example\", FusionAuthTenantArgs.builder()\n .connectorPolicies(FusionAuthTenantConnectorPolicyArgs.builder()\n .connectorId(\"b57b3d0f-f7a4-4831-a838-549717362ea8\")\n .domains(\"*\")\n .migrate(false)\n .build())\n .emailConfiguration(FusionAuthTenantEmailConfigurationArgs.builder()\n .forgotPasswordEmailTemplateId(fusionauth_email.ForgotPassword_Example().id())\n .host(\"smtp.sendgrid.net\")\n .password(\"password\")\n .passwordlessEmailTemplateId(fusionauth_email.PasswordlessLogin_Example().id())\n .port(587)\n .security(\"TLS\")\n .setPasswordEmailTemplateId(fusionauth_email.SetupPassword_Example().id())\n .username(\"username\")\n .verifyEmail(true)\n .verifyEmailWhenChanged(true)\n .additionalHeaders(Map.ofEntries(\n Map.entry(\"HeaderName1\", \"HeaderValue1\"),\n Map.entry(\"HeaderName2\", \"HeaderValue2\")\n ))\n .build())\n .eventConfigurations( \n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"jwt.public-key.update\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"jwt.refresh-token.revoke\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"jwt.refresh\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"group.create\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"group.create.complete\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"group.delete\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"group.delete.complete\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"group.member.add\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"group.member.add.complete\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"group.member.remove\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"group.member.remove.complete\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"group.member.update\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"group.member.update.complete\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"group.update\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"group.update.complete\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.action\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .event(\"user.bulk.create\")\n .enabled(false)\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.create\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.create.complete\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.deactivate\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.delete\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.delete.complete\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.email.update\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.email.verified\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.identity-provider.link\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.identity-provider.unlink\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.loginId.duplicate.create\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.loginId.duplicate.update\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.login.failed\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.login.new-device\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.login.success\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.login.suspicious\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.password.breach\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.password.reset.send\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.password.reset.start\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.password.reset.success\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.password.update\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.reactivate\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.registration.create\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.registration.create.complete\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.registration.delete\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.registration.delete.complete\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.registration.update\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.registration.update.complete\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.registration.verified\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.two-factor.method.add\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.two-factor.method.remove\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.update\")\n .transactionType(\"None\")\n .build(),\n FusionAuthTenantEventConfigurationArgs.builder()\n .enabled(false)\n .event(\"user.update.complete\")\n .transactionType(\"None\")\n .build())\n .externalIdentifierConfiguration(FusionAuthTenantExternalIdentifierConfigurationArgs.builder()\n .authorizationGrantIdTimeToLiveInSeconds(30)\n .changePasswordIdGenerator(FusionAuthTenantExternalIdentifierConfigurationChangePasswordIdGeneratorArgs.builder()\n .length(32)\n .type(\"randomBytes\")\n .build())\n .changePasswordIdTimeToLiveInSeconds(600)\n .deviceCodeTimeToLiveInSeconds(1800)\n .deviceUserCodeIdGenerator(FusionAuthTenantExternalIdentifierConfigurationDeviceUserCodeIdGeneratorArgs.builder()\n .length(6)\n .type(\"randomAlphaNumeric\")\n .build())\n .emailVerificationIdGenerator(FusionAuthTenantExternalIdentifierConfigurationEmailVerificationIdGeneratorArgs.builder()\n .length(32)\n .type(\"randomBytes\")\n .build())\n .emailVerificationIdTimeToLiveInSeconds(86400)\n .emailVerificationOneTimeCodeGenerator(FusionAuthTenantExternalIdentifierConfigurationEmailVerificationOneTimeCodeGeneratorArgs.builder()\n .length(6)\n .type(\"randomAlphaNumeric\")\n .build())\n .externalAuthenticationIdTimeToLiveInSeconds(300)\n .loginIntentTimeToLiveInSeconds(1800)\n .oneTimePasswordTimeToLiveInSeconds(60)\n .passwordlessLoginGenerator(FusionAuthTenantExternalIdentifierConfigurationPasswordlessLoginGeneratorArgs.builder()\n .length(32)\n .type(\"randomBytes\")\n .build())\n .passwordlessLoginTimeToLiveInSeconds(600)\n .registrationVerificationIdGenerator(FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationIdGeneratorArgs.builder()\n .length(32)\n .type(\"randomBytes\")\n .build())\n .registrationVerificationIdTimeToLiveInSeconds(86400)\n .registrationVerificationOneTimeCodeGenerator(FusionAuthTenantExternalIdentifierConfigurationRegistrationVerificationOneTimeCodeGeneratorArgs.builder()\n .length(6)\n .type(\"randomAlphaNumeric\")\n .build())\n .samlV2AuthnRequestIdTtlSeconds(300)\n .setupPasswordIdGenerator(FusionAuthTenantExternalIdentifierConfigurationSetupPasswordIdGeneratorArgs.builder()\n .length(32)\n .type(\"randomBytes\")\n .build())\n .setupPasswordIdTimeToLiveInSeconds(86400)\n .twoFactorIdTimeToLiveInSeconds(300)\n .twoFactorOneTimeCodeIdGenerator(FusionAuthTenantExternalIdentifierConfigurationTwoFactorOneTimeCodeIdGeneratorArgs.builder()\n .length(6)\n .type(\"randomDigits\")\n .build())\n .twoFactorOneTimeCodeIdTimeToLiveInSeconds(60)\n .twoFactorTrustIdTimeToLiveInSeconds(2592000)\n .build())\n .failedAuthenticationConfiguration(FusionAuthTenantFailedAuthenticationConfigurationArgs.builder()\n .actionDuration(3)\n .actionDurationUnit(\"MINUTES\")\n .resetCountInSeconds(60)\n .tooManyAttempts(5)\n .build())\n .familyConfiguration(FusionAuthTenantFamilyConfigurationArgs.builder()\n .allowChildRegistrations(true)\n .deleteOrphanedAccounts(false)\n .deleteOrphanedAccountsDays(30)\n .enabled(true)\n .maximumChildAge(12)\n .minimumOwnerAge(21)\n .parentEmailRequired(false)\n .build())\n .formConfiguration(FusionAuthTenantFormConfigurationArgs.builder()\n .adminUserFormId(\"e92751a5-25f4-4bca-ad91-66cdf67725d2\")\n .build())\n .httpSessionMaxInactiveInterval(3600)\n .issuer(\"https://example.com\")\n .jwtConfigurations(FusionAuthTenantJwtConfigurationArgs.builder()\n .accessTokenKeyId(fusionauth_key.accesstoken().id())\n .idTokenKeyId(fusionauth_key.idtoken().id())\n .refreshTokenTimeToLiveInMinutes(43200)\n .timeToLiveInSeconds(3600)\n .build())\n .loginConfiguration(FusionAuthTenantLoginConfigurationArgs.builder()\n .requireAuthentication(true)\n .build())\n .maximumPasswordAge(FusionAuthTenantMaximumPasswordAgeArgs.builder()\n .days(180)\n .enabled(false)\n .build())\n .minimumPasswordAge(FusionAuthTenantMinimumPasswordAgeArgs.builder()\n .enabled(false)\n .seconds(30)\n .build())\n .oauthConfigurations(FusionAuthTenantOauthConfigurationArgs.builder()\n .clientCredentialsAccessTokenPopulateLambdaId(fusionauth_lambda.client_jwt_populate().id())\n .build())\n .passwordEncryptionConfigurations(FusionAuthTenantPasswordEncryptionConfigurationArgs.builder()\n .encryptionScheme(\"salted-pbkdf2-hmac-sha256\")\n .encryptionSchemeFactor(24000)\n .modifyEncryptionSchemeOnLogin(false)\n .build())\n .passwordValidationRules(FusionAuthTenantPasswordValidationRulesArgs.builder()\n .maxLength(256)\n .minLength(7)\n .rememberPreviousPasswords(FusionAuthTenantPasswordValidationRulesRememberPreviousPasswordsArgs.builder()\n .count(1)\n .enabled(false)\n .build())\n .requiredMixedCase(false)\n .requireNonAlpha(false)\n .requireNumber(false)\n .validateOnLogin(false)\n .build())\n .rateLimitConfiguration(FusionAuthTenantRateLimitConfigurationArgs.builder()\n .failedLogin(FusionAuthTenantRateLimitConfigurationFailedLoginArgs.builder()\n .enabled(true)\n .limit(5)\n .timePeriodInSeconds(60)\n .build())\n .forgotPassword(FusionAuthTenantRateLimitConfigurationForgotPasswordArgs.builder()\n .enabled(false)\n .limit(5)\n .timePeriodInSeconds(60)\n .build())\n .sendEmailVerification(FusionAuthTenantRateLimitConfigurationSendEmailVerificationArgs.builder()\n .enabled(false)\n .limit(5)\n .timePeriodInSeconds(60)\n .build())\n .sendPasswordless(FusionAuthTenantRateLimitConfigurationSendPasswordlessArgs.builder()\n .enabled(false)\n .limit(5)\n .timePeriodInSeconds(60)\n .build())\n .sendRegistrationVerification(FusionAuthTenantRateLimitConfigurationSendRegistrationVerificationArgs.builder()\n .enabled(false)\n .limit(5)\n .timePeriodInSeconds(60)\n .build())\n .sendTwoFactor(FusionAuthTenantRateLimitConfigurationSendTwoFactorArgs.builder()\n .enabled(false)\n .limit(5)\n .timePeriodInSeconds(60)\n .build())\n .build())\n .registrationConfiguration(FusionAuthTenantRegistrationConfigurationArgs.builder()\n .blockedDomains(\"example.com\")\n .build())\n .captchaConfiguration(FusionAuthTenantCaptchaConfigurationArgs.builder()\n .enabled(true)\n .captchaMethod(\"GoogleRecaptchaV3\")\n .siteKey(\"captcha_site_key\")\n .secretKey(\"captcha_secret_key\")\n .threshold(0.5)\n .build())\n .themeId(fusionauth_theme.example_theme().id())\n .userDeletePolicy(FusionAuthTenantUserDeletePolicyArgs.builder()\n .unverifiedEnabled(false)\n .unverifiedNumberOfDaysToRetain(30)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: fusionauth:FusionAuthTenant\n properties:\n connectorPolicies:\n - connectorId: b57b3d0f-f7a4-4831-a838-549717362ea8\n domains:\n - '*'\n migrate: false\n emailConfiguration:\n forgotPasswordEmailTemplateId: ${fusionauth_email.ForgotPassword_Example.id}\n host: smtp.sendgrid.net\n password: password\n passwordlessEmailTemplateId: ${fusionauth_email.PasswordlessLogin_Example.id}\n port: 587\n security: TLS\n setPasswordEmailTemplateId: ${fusionauth_email.SetupPassword_Example.id}\n username: username\n verifyEmail: true\n verifyEmailWhenChanged: true\n additionalHeaders:\n HeaderName1: HeaderValue1\n HeaderName2: HeaderValue2\n eventConfigurations:\n - enabled: false\n event: jwt.public-key.update\n transactionType: None\n - enabled: false\n event: jwt.refresh-token.revoke\n transactionType: None\n - enabled: false\n event: jwt.refresh\n transactionType: None\n - enabled: false\n event: group.create\n transactionType: None\n - enabled: false\n event: group.create.complete\n transactionType: None\n - enabled: false\n event: group.delete\n transactionType: None\n - enabled: false\n event: group.delete.complete\n transactionType: None\n - enabled: false\n event: group.member.add\n transactionType: None\n - enabled: false\n event: group.member.add.complete\n transactionType: None\n - enabled: false\n event: group.member.remove\n transactionType: None\n - enabled: false\n event: group.member.remove.complete\n transactionType: None\n - enabled: false\n event: group.member.update\n transactionType: None\n - enabled: false\n event: group.member.update.complete\n transactionType: None\n - enabled: false\n event: group.update\n transactionType: None\n - enabled: false\n event: group.update.complete\n transactionType: None\n - enabled: false\n event: user.action\n transactionType: None\n - event: user.bulk.create\n enabled: false\n transactionType: None\n - enabled: false\n event: user.create\n transactionType: None\n - enabled: false\n event: user.create.complete\n transactionType: None\n - enabled: false\n event: user.deactivate\n transactionType: None\n - enabled: false\n event: user.delete\n transactionType: None\n - enabled: false\n event: user.delete.complete\n transactionType: None\n - enabled: false\n event: user.email.update\n transactionType: None\n - enabled: false\n event: user.email.verified\n transactionType: None\n - enabled: false\n event: user.identity-provider.link\n transactionType: None\n - enabled: false\n event: user.identity-provider.unlink\n transactionType: None\n - enabled: false\n event: user.loginId.duplicate.create\n transactionType: None\n - enabled: false\n event: user.loginId.duplicate.update\n transactionType: None\n - enabled: false\n event: user.login.failed\n transactionType: None\n - enabled: false\n event: user.login.new-device\n transactionType: None\n - enabled: false\n event: user.login.success\n transactionType: None\n - enabled: false\n event: user.login.suspicious\n transactionType: None\n - enabled: false\n event: user.password.breach\n transactionType: None\n - enabled: false\n event: user.password.reset.send\n transactionType: None\n - enabled: false\n event: user.password.reset.start\n transactionType: None\n - enabled: false\n event: user.password.reset.success\n transactionType: None\n - enabled: false\n event: user.password.update\n transactionType: None\n - enabled: false\n event: user.reactivate\n transactionType: None\n - enabled: false\n event: user.registration.create\n transactionType: None\n - enabled: false\n event: user.registration.create.complete\n transactionType: None\n - enabled: false\n event: user.registration.delete\n transactionType: None\n - enabled: false\n event: user.registration.delete.complete\n transactionType: None\n - enabled: false\n event: user.registration.update\n transactionType: None\n - enabled: false\n event: user.registration.update.complete\n transactionType: None\n - enabled: false\n event: user.registration.verified\n transactionType: None\n - enabled: false\n event: user.two-factor.method.add\n transactionType: None\n - enabled: false\n event: user.two-factor.method.remove\n transactionType: None\n - enabled: false\n event: user.update\n transactionType: None\n - enabled: false\n event: user.update.complete\n transactionType: None\n externalIdentifierConfiguration:\n authorizationGrantIdTimeToLiveInSeconds: 30\n changePasswordIdGenerator:\n length: 32\n type: randomBytes\n changePasswordIdTimeToLiveInSeconds: 600\n deviceCodeTimeToLiveInSeconds: 1800\n deviceUserCodeIdGenerator:\n length: 6\n type: randomAlphaNumeric\n emailVerificationIdGenerator:\n length: 32\n type: randomBytes\n emailVerificationIdTimeToLiveInSeconds: 86400\n emailVerificationOneTimeCodeGenerator:\n length: 6\n type: randomAlphaNumeric\n externalAuthenticationIdTimeToLiveInSeconds: 300\n loginIntentTimeToLiveInSeconds: 1800\n oneTimePasswordTimeToLiveInSeconds: 60\n passwordlessLoginGenerator:\n length: 32\n type: randomBytes\n passwordlessLoginTimeToLiveInSeconds: 600\n registrationVerificationIdGenerator:\n length: 32\n type: randomBytes\n registrationVerificationIdTimeToLiveInSeconds: 86400\n registrationVerificationOneTimeCodeGenerator:\n length: 6\n type: randomAlphaNumeric\n samlV2AuthnRequestIdTtlSeconds: 300\n setupPasswordIdGenerator:\n length: 32\n type: randomBytes\n setupPasswordIdTimeToLiveInSeconds: 86400\n twoFactorIdTimeToLiveInSeconds: 300\n twoFactorOneTimeCodeIdGenerator:\n length: 6\n type: randomDigits\n twoFactorOneTimeCodeIdTimeToLiveInSeconds: 60\n twoFactorTrustIdTimeToLiveInSeconds: 2.592e+06\n failedAuthenticationConfiguration:\n actionDuration: 3\n actionDurationUnit: MINUTES\n resetCountInSeconds: 60\n tooManyAttempts: 5\n familyConfiguration:\n allowChildRegistrations: true\n deleteOrphanedAccounts: false\n deleteOrphanedAccountsDays: 30\n enabled: true\n maximumChildAge: 12\n minimumOwnerAge: 21\n parentEmailRequired: false\n formConfiguration:\n adminUserFormId: e92751a5-25f4-4bca-ad91-66cdf67725d2\n httpSessionMaxInactiveInterval: 3600\n issuer: https://example.com\n jwtConfigurations:\n - accessTokenKeyId: ${fusionauth_key.accesstoken.id}\n idTokenKeyId: ${fusionauth_key.idtoken.id}\n refreshTokenTimeToLiveInMinutes: 43200\n timeToLiveInSeconds: 3600\n loginConfiguration:\n requireAuthentication: true\n maximumPasswordAge:\n days: 180\n enabled: false\n minimumPasswordAge:\n enabled: false\n seconds: 30\n oauthConfigurations:\n - clientCredentialsAccessTokenPopulateLambdaId: ${fusionauth_lambda.client_jwt_populate.id}\n passwordEncryptionConfigurations:\n - encryptionScheme: salted-pbkdf2-hmac-sha256\n encryptionSchemeFactor: 24000\n modifyEncryptionSchemeOnLogin: false\n passwordValidationRules:\n maxLength: 256\n minLength: 7\n rememberPreviousPasswords:\n count: 1\n enabled: false\n requiredMixedCase: false\n requireNonAlpha: false\n requireNumber: false\n validateOnLogin: false\n rateLimitConfiguration:\n failedLogin:\n enabled: true\n limit: 5\n timePeriodInSeconds: 60\n forgotPassword:\n enabled: false\n limit: 5\n timePeriodInSeconds: 60\n sendEmailVerification:\n enabled: false\n limit: 5\n timePeriodInSeconds: 60\n sendPasswordless:\n enabled: false\n limit: 5\n timePeriodInSeconds: 60\n sendRegistrationVerification:\n enabled: false\n limit: 5\n timePeriodInSeconds: 60\n sendTwoFactor:\n enabled: false\n limit: 5\n timePeriodInSeconds: 60\n registrationConfiguration:\n blockedDomains:\n - example.com\n captchaConfiguration:\n enabled: true\n captchaMethod: GoogleRecaptchaV3\n siteKey: captcha_site_key\n secretKey: captcha_secret_key\n threshold: 0.5\n themeId: ${fusionauth_theme.example_theme.id}\n userDeletePolicy:\n unverifiedEnabled: false\n unverifiedNumberOfDaysToRetain: 30\n```\n\n", "properties": { "accessControlConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantAccessControlConfiguration:FusionAuthTenantAccessControlConfiguration" }, "captchaConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantCaptchaConfiguration:FusionAuthTenantCaptchaConfiguration" }, "connectorPolicies": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantConnectorPolicy:FusionAuthTenantConnectorPolicy" }, "description": "A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Tenant that should be persisted.\n" }, "emailConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantEmailConfiguration:FusionAuthTenantEmailConfiguration", "description": "The email configuration for the tenant.\n" }, "eventConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantEventConfiguration:FusionAuthTenantEventConfiguration" } }, "externalIdentifierConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantExternalIdentifierConfiguration:FusionAuthTenantExternalIdentifierConfiguration" }, "failedAuthenticationConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantFailedAuthenticationConfiguration:FusionAuthTenantFailedAuthenticationConfiguration" }, "familyConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantFamilyConfiguration:FusionAuthTenantFamilyConfiguration" }, "formConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantFormConfiguration:FusionAuthTenantFormConfiguration" }, "httpSessionMaxInactiveInterval": { "type": "integer", "description": "Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.\n" }, "issuer": { "type": "string", "description": "The named issuer used to sign tokens, this is generally your public fully qualified domain.\n" }, "jwtConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantJwtConfiguration:FusionAuthTenantJwtConfiguration" }, "description": "The JWT configuration for the tenant.\n" }, "lambdaConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantLambdaConfiguration:FusionAuthTenantLambdaConfiguration", "description": "Lamnda configuration for this tenant.\n" }, "loginConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantLoginConfiguration:FusionAuthTenantLoginConfiguration" }, "logoutUrl": { "type": "string", "description": "The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.\n" }, "maximumPasswordAge": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantMaximumPasswordAge:FusionAuthTenantMaximumPasswordAge" }, "minimumPasswordAge": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantMinimumPasswordAge:FusionAuthTenantMinimumPasswordAge" }, "multiFactorConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantMultiFactorConfiguration:FusionAuthTenantMultiFactorConfiguration" }, "name": { "type": "string", "description": "The unique name of the Tenant.\n" }, "oauthConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantOauthConfiguration:FusionAuthTenantOauthConfiguration" } }, "passwordEncryptionConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantPasswordEncryptionConfiguration:FusionAuthTenantPasswordEncryptionConfiguration" } }, "passwordValidationRules": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantPasswordValidationRules:FusionAuthTenantPasswordValidationRules" }, "rateLimitConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantRateLimitConfiguration:FusionAuthTenantRateLimitConfiguration" }, "registrationConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantRegistrationConfiguration:FusionAuthTenantRegistrationConfiguration" }, "scimServerConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantScimServerConfiguration:FusionAuthTenantScimServerConfiguration" }, "sourceTenantId": { "type": "string", "description": "The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.\n" }, "ssoConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantSsoConfiguration:FusionAuthTenantSsoConfiguration" }, "tenantId": { "type": "string", "description": "The Id to use for the new Tenant. If not specified a secure random UUID will be generated.\n" }, "themeId": { "type": "string", "description": "The unique Id of the theme to be used to style the login page and other end user templates.\n" }, "userDeletePolicy": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantUserDeletePolicy:FusionAuthTenantUserDeletePolicy" }, "usernameConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantUsernameConfiguration:FusionAuthTenantUsernameConfiguration" }, "webauthnConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantWebauthnConfiguration:FusionAuthTenantWebauthnConfiguration", "description": "The WebAuthn configuration for this tenant.\n" }, "webhookIds": { "type": "array", "items": { "type": "string" }, "description": "An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.\n" } }, "type": "object", "required": [ "captchaConfiguration", "connectorPolicies", "failedAuthenticationConfiguration", "familyConfiguration", "formConfiguration", "issuer", "maximumPasswordAge", "minimumPasswordAge", "name", "passwordEncryptionConfigurations", "passwordValidationRules", "rateLimitConfiguration", "registrationConfiguration", "tenantId", "themeId", "userDeletePolicy", "usernameConfiguration" ], "inputProperties": { "accessControlConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantAccessControlConfiguration:FusionAuthTenantAccessControlConfiguration" }, "captchaConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantCaptchaConfiguration:FusionAuthTenantCaptchaConfiguration" }, "connectorPolicies": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantConnectorPolicy:FusionAuthTenantConnectorPolicy" }, "description": "A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Tenant that should be persisted.\n" }, "emailConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantEmailConfiguration:FusionAuthTenantEmailConfiguration", "description": "The email configuration for the tenant.\n" }, "eventConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantEventConfiguration:FusionAuthTenantEventConfiguration" } }, "externalIdentifierConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantExternalIdentifierConfiguration:FusionAuthTenantExternalIdentifierConfiguration" }, "failedAuthenticationConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantFailedAuthenticationConfiguration:FusionAuthTenantFailedAuthenticationConfiguration" }, "familyConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantFamilyConfiguration:FusionAuthTenantFamilyConfiguration" }, "formConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantFormConfiguration:FusionAuthTenantFormConfiguration" }, "httpSessionMaxInactiveInterval": { "type": "integer", "description": "Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.\n" }, "issuer": { "type": "string", "description": "The named issuer used to sign tokens, this is generally your public fully qualified domain.\n" }, "jwtConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantJwtConfiguration:FusionAuthTenantJwtConfiguration" }, "description": "The JWT configuration for the tenant.\n" }, "lambdaConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantLambdaConfiguration:FusionAuthTenantLambdaConfiguration", "description": "Lamnda configuration for this tenant.\n" }, "loginConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantLoginConfiguration:FusionAuthTenantLoginConfiguration" }, "logoutUrl": { "type": "string", "description": "The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.\n" }, "maximumPasswordAge": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantMaximumPasswordAge:FusionAuthTenantMaximumPasswordAge" }, "minimumPasswordAge": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantMinimumPasswordAge:FusionAuthTenantMinimumPasswordAge" }, "multiFactorConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantMultiFactorConfiguration:FusionAuthTenantMultiFactorConfiguration" }, "name": { "type": "string", "description": "The unique name of the Tenant.\n" }, "oauthConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantOauthConfiguration:FusionAuthTenantOauthConfiguration" } }, "passwordEncryptionConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantPasswordEncryptionConfiguration:FusionAuthTenantPasswordEncryptionConfiguration" } }, "passwordValidationRules": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantPasswordValidationRules:FusionAuthTenantPasswordValidationRules" }, "rateLimitConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantRateLimitConfiguration:FusionAuthTenantRateLimitConfiguration" }, "registrationConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantRegistrationConfiguration:FusionAuthTenantRegistrationConfiguration" }, "scimServerConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantScimServerConfiguration:FusionAuthTenantScimServerConfiguration" }, "sourceTenantId": { "type": "string", "description": "The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.\n" }, "ssoConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantSsoConfiguration:FusionAuthTenantSsoConfiguration" }, "tenantId": { "type": "string", "description": "The Id to use for the new Tenant. If not specified a secure random UUID will be generated.\n" }, "themeId": { "type": "string", "description": "The unique Id of the theme to be used to style the login page and other end user templates.\n" }, "userDeletePolicy": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantUserDeletePolicy:FusionAuthTenantUserDeletePolicy" }, "usernameConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantUsernameConfiguration:FusionAuthTenantUsernameConfiguration" }, "webauthnConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantWebauthnConfiguration:FusionAuthTenantWebauthnConfiguration", "description": "The WebAuthn configuration for this tenant.\n" }, "webhookIds": { "type": "array", "items": { "type": "string" }, "description": "An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.\n" } }, "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthTenant resources.\n", "properties": { "accessControlConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantAccessControlConfiguration:FusionAuthTenantAccessControlConfiguration" }, "captchaConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantCaptchaConfiguration:FusionAuthTenantCaptchaConfiguration" }, "connectorPolicies": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantConnectorPolicy:FusionAuthTenantConnectorPolicy" }, "description": "A list of Connector policies. Users will be authenticated against Connectors in order. Each Connector can be included in this list at most once and must exist.\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Tenant that should be persisted.\n" }, "emailConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantEmailConfiguration:FusionAuthTenantEmailConfiguration", "description": "The email configuration for the tenant.\n" }, "eventConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantEventConfiguration:FusionAuthTenantEventConfiguration" } }, "externalIdentifierConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantExternalIdentifierConfiguration:FusionAuthTenantExternalIdentifierConfiguration" }, "failedAuthenticationConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantFailedAuthenticationConfiguration:FusionAuthTenantFailedAuthenticationConfiguration" }, "familyConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantFamilyConfiguration:FusionAuthTenantFamilyConfiguration" }, "formConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantFormConfiguration:FusionAuthTenantFormConfiguration" }, "httpSessionMaxInactiveInterval": { "type": "integer", "description": "Time in seconds until an inactive session will be invalidated. Used when creating a new session in the FusionAuth OAuth frontend.\n" }, "issuer": { "type": "string", "description": "The named issuer used to sign tokens, this is generally your public fully qualified domain.\n" }, "jwtConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantJwtConfiguration:FusionAuthTenantJwtConfiguration" }, "description": "The JWT configuration for the tenant.\n" }, "lambdaConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantLambdaConfiguration:FusionAuthTenantLambdaConfiguration", "description": "Lamnda configuration for this tenant.\n" }, "loginConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantLoginConfiguration:FusionAuthTenantLoginConfiguration" }, "logoutUrl": { "type": "string", "description": "The logout redirect URL when sending the user’s browser to the /oauth2/logout URI of the FusionAuth Front End. This value is only used when a logout URL is not defined in your Application.\n" }, "maximumPasswordAge": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantMaximumPasswordAge:FusionAuthTenantMaximumPasswordAge" }, "minimumPasswordAge": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantMinimumPasswordAge:FusionAuthTenantMinimumPasswordAge" }, "multiFactorConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantMultiFactorConfiguration:FusionAuthTenantMultiFactorConfiguration" }, "name": { "type": "string", "description": "The unique name of the Tenant.\n" }, "oauthConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantOauthConfiguration:FusionAuthTenantOauthConfiguration" } }, "passwordEncryptionConfigurations": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantPasswordEncryptionConfiguration:FusionAuthTenantPasswordEncryptionConfiguration" } }, "passwordValidationRules": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantPasswordValidationRules:FusionAuthTenantPasswordValidationRules" }, "rateLimitConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantRateLimitConfiguration:FusionAuthTenantRateLimitConfiguration" }, "registrationConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantRegistrationConfiguration:FusionAuthTenantRegistrationConfiguration" }, "scimServerConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantScimServerConfiguration:FusionAuthTenantScimServerConfiguration" }, "sourceTenantId": { "type": "string", "description": "The optional Id of an existing Tenant to make a copy of. If present, the tenant.id and tenant.name values of the request body will be applied to the new Tenant, all other values will be copied from the source Tenant to the new Tenant.\n" }, "ssoConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantSsoConfiguration:FusionAuthTenantSsoConfiguration" }, "tenantId": { "type": "string", "description": "The Id to use for the new Tenant. If not specified a secure random UUID will be generated.\n" }, "themeId": { "type": "string", "description": "The unique Id of the theme to be used to style the login page and other end user templates.\n" }, "userDeletePolicy": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantUserDeletePolicy:FusionAuthTenantUserDeletePolicy" }, "usernameConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantUsernameConfiguration:FusionAuthTenantUsernameConfiguration" }, "webauthnConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthTenantWebauthnConfiguration:FusionAuthTenantWebauthnConfiguration", "description": "The WebAuthn configuration for this tenant.\n" }, "webhookIds": { "type": "array", "items": { "type": "string" }, "description": "An array of Webhook Ids. For Webhooks that are not already configured for All Tenants, specifying an Id on this request will indicate the associated Webhook should handle events for this tenant.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthTheme:FusionAuthTheme": { "description": "## # Theme Resource\n\nUI login themes can be configured to enable custom branding for your FusionAuth login workflow. Themes are configured per Tenant or optionally by Application.\n\n[Themes API](https://fusionauth.io/docs/v1/tech/apis/themes)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst mytheme = new fusionauth.FusionAuthTheme(\"mytheme\", {\n accountEdit: \"[#ftl/]\",\n accountIndex: \"[#ftl/]\",\n accountTwoFactorDisable: \"[#ftl/]\",\n accountTwoFactorEnable: \"[#ftl/]\",\n accountTwoFactorIndex: \"[#ftl/]\",\n accountWebauthnAdd: \"[#ftl/]\",\n accountWebauthnDelete: \"[#ftl/]\",\n accountWebauthnIndex: \"[#ftl/]\",\n confirmationRequired: \"[#ftl/]\",\n defaultMessages: \"[#ftl/]\",\n emailComplete: \"[#ftl/]\",\n emailSend: \"[#ftl/]\",\n emailSent: \"[#ftl/]\",\n emailVerificationRequired: \"[#ftl/]\",\n emailVerify: \"[#ftl/]\",\n helpers: \"[#ftl/]\",\n index: \"[#ftl/]\",\n oauth2Authorize: \"[#ftl/]\",\n oauth2AuthorizedNotRegistered: \"[#ftl/]\",\n oauth2ChildRegistrationNotAllowed: \"[#ftl/]\",\n oauth2ChildRegistrationNotAllowedComplete: \"[#ftl/]\",\n oauth2CompleteRegistration: \"[#ftl/]\",\n oauth2Consent: \"[#ftl/]\",\n oauth2Device: \"[#ftl/]\",\n oauth2DeviceComplete: \"[#ftl/]\",\n oauth2Error: \"[#ftl/]\",\n oauth2Logout: \"[#ftl/]\",\n oauth2Passwordless: \"[#ftl/]\",\n oauth2Register: \"[#ftl/]\",\n oauth2StartIdpLink: \"[#ftl/]\",\n oauth2TwoFactor: \"[#ftl/]\",\n oauth2TwoFactorEnable: \"[#ftl/]\",\n oauth2TwoFactorEnableComplete: \"[#ftl/]\",\n oauth2TwoFactorMethods: \"[#ftl/]\",\n oauth2Wait: \"[#ftl/]\",\n oauth2Webauthn: \"[#ftl/]\",\n oauth2WebauthnReauth: \"[#ftl/]\",\n oauth2WebauthnReauthEnable: \"[#ftl/]\",\n passwordChange: \"[#ftl/]\",\n passwordComplete: \"[#ftl/]\",\n passwordForgot: \"[#ftl/]\",\n passwordSent: \"[#ftl/]\",\n registrationComplete: \"[#ftl/]\",\n registrationSend: \"[#ftl/]\",\n registrationSent: \"[#ftl/]\",\n registrationVerificationRequired: \"[#ftl/]\",\n registrationVerify: \"[#ftl/]\",\n samlv2Logout: \"[#ftl/]\",\n stylesheet: \"/* stylish */\",\n unauthorized: \"[#ftl/]\",\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nmytheme = fusionauth.FusionAuthTheme(\"mytheme\",\n account_edit=\"[#ftl/]\",\n account_index=\"[#ftl/]\",\n account_two_factor_disable=\"[#ftl/]\",\n account_two_factor_enable=\"[#ftl/]\",\n account_two_factor_index=\"[#ftl/]\",\n account_webauthn_add=\"[#ftl/]\",\n account_webauthn_delete=\"[#ftl/]\",\n account_webauthn_index=\"[#ftl/]\",\n confirmation_required=\"[#ftl/]\",\n default_messages=\"[#ftl/]\",\n email_complete=\"[#ftl/]\",\n email_send=\"[#ftl/]\",\n email_sent=\"[#ftl/]\",\n email_verification_required=\"[#ftl/]\",\n email_verify=\"[#ftl/]\",\n helpers=\"[#ftl/]\",\n index=\"[#ftl/]\",\n oauth2_authorize=\"[#ftl/]\",\n oauth2_authorized_not_registered=\"[#ftl/]\",\n oauth2_child_registration_not_allowed=\"[#ftl/]\",\n oauth2_child_registration_not_allowed_complete=\"[#ftl/]\",\n oauth2_complete_registration=\"[#ftl/]\",\n oauth2_consent=\"[#ftl/]\",\n oauth2_device=\"[#ftl/]\",\n oauth2_device_complete=\"[#ftl/]\",\n oauth2_error=\"[#ftl/]\",\n oauth2_logout=\"[#ftl/]\",\n oauth2_passwordless=\"[#ftl/]\",\n oauth2_register=\"[#ftl/]\",\n oauth2_start_idp_link=\"[#ftl/]\",\n oauth2_two_factor=\"[#ftl/]\",\n oauth2_two_factor_enable=\"[#ftl/]\",\n oauth2_two_factor_enable_complete=\"[#ftl/]\",\n oauth2_two_factor_methods=\"[#ftl/]\",\n oauth2_wait=\"[#ftl/]\",\n oauth2_webauthn=\"[#ftl/]\",\n oauth2_webauthn_reauth=\"[#ftl/]\",\n oauth2_webauthn_reauth_enable=\"[#ftl/]\",\n password_change=\"[#ftl/]\",\n password_complete=\"[#ftl/]\",\n password_forgot=\"[#ftl/]\",\n password_sent=\"[#ftl/]\",\n registration_complete=\"[#ftl/]\",\n registration_send=\"[#ftl/]\",\n registration_sent=\"[#ftl/]\",\n registration_verification_required=\"[#ftl/]\",\n registration_verify=\"[#ftl/]\",\n samlv2_logout=\"[#ftl/]\",\n stylesheet=\"/* stylish */\",\n unauthorized=\"[#ftl/]\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var mytheme = new Fusionauth.FusionAuthTheme(\"mytheme\", new()\n {\n AccountEdit = \"[#ftl/]\",\n AccountIndex = \"[#ftl/]\",\n AccountTwoFactorDisable = \"[#ftl/]\",\n AccountTwoFactorEnable = \"[#ftl/]\",\n AccountTwoFactorIndex = \"[#ftl/]\",\n AccountWebauthnAdd = \"[#ftl/]\",\n AccountWebauthnDelete = \"[#ftl/]\",\n AccountWebauthnIndex = \"[#ftl/]\",\n ConfirmationRequired = \"[#ftl/]\",\n DefaultMessages = \"[#ftl/]\",\n EmailComplete = \"[#ftl/]\",\n EmailSend = \"[#ftl/]\",\n EmailSent = \"[#ftl/]\",\n EmailVerificationRequired = \"[#ftl/]\",\n EmailVerify = \"[#ftl/]\",\n Helpers = \"[#ftl/]\",\n Index = \"[#ftl/]\",\n Oauth2Authorize = \"[#ftl/]\",\n Oauth2AuthorizedNotRegistered = \"[#ftl/]\",\n Oauth2ChildRegistrationNotAllowed = \"[#ftl/]\",\n Oauth2ChildRegistrationNotAllowedComplete = \"[#ftl/]\",\n Oauth2CompleteRegistration = \"[#ftl/]\",\n Oauth2Consent = \"[#ftl/]\",\n Oauth2Device = \"[#ftl/]\",\n Oauth2DeviceComplete = \"[#ftl/]\",\n Oauth2Error = \"[#ftl/]\",\n Oauth2Logout = \"[#ftl/]\",\n Oauth2Passwordless = \"[#ftl/]\",\n Oauth2Register = \"[#ftl/]\",\n Oauth2StartIdpLink = \"[#ftl/]\",\n Oauth2TwoFactor = \"[#ftl/]\",\n Oauth2TwoFactorEnable = \"[#ftl/]\",\n Oauth2TwoFactorEnableComplete = \"[#ftl/]\",\n Oauth2TwoFactorMethods = \"[#ftl/]\",\n Oauth2Wait = \"[#ftl/]\",\n Oauth2Webauthn = \"[#ftl/]\",\n Oauth2WebauthnReauth = \"[#ftl/]\",\n Oauth2WebauthnReauthEnable = \"[#ftl/]\",\n PasswordChange = \"[#ftl/]\",\n PasswordComplete = \"[#ftl/]\",\n PasswordForgot = \"[#ftl/]\",\n PasswordSent = \"[#ftl/]\",\n RegistrationComplete = \"[#ftl/]\",\n RegistrationSend = \"[#ftl/]\",\n RegistrationSent = \"[#ftl/]\",\n RegistrationVerificationRequired = \"[#ftl/]\",\n RegistrationVerify = \"[#ftl/]\",\n Samlv2Logout = \"[#ftl/]\",\n Stylesheet = \"/* stylish */\",\n Unauthorized = \"[#ftl/]\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthTheme(ctx, \"mytheme\", &fusionauth.FusionAuthThemeArgs{\n\t\t\tAccountEdit: pulumi.String(\"[#ftl/]\"),\n\t\t\tAccountIndex: pulumi.String(\"[#ftl/]\"),\n\t\t\tAccountTwoFactorDisable: pulumi.String(\"[#ftl/]\"),\n\t\t\tAccountTwoFactorEnable: pulumi.String(\"[#ftl/]\"),\n\t\t\tAccountTwoFactorIndex: pulumi.String(\"[#ftl/]\"),\n\t\t\tAccountWebauthnAdd: pulumi.String(\"[#ftl/]\"),\n\t\t\tAccountWebauthnDelete: pulumi.String(\"[#ftl/]\"),\n\t\t\tAccountWebauthnIndex: pulumi.String(\"[#ftl/]\"),\n\t\t\tConfirmationRequired: pulumi.String(\"[#ftl/]\"),\n\t\t\tDefaultMessages: pulumi.String(\"[#ftl/]\"),\n\t\t\tEmailComplete: pulumi.String(\"[#ftl/]\"),\n\t\t\tEmailSend: pulumi.String(\"[#ftl/]\"),\n\t\t\tEmailSent: pulumi.String(\"[#ftl/]\"),\n\t\t\tEmailVerificationRequired: pulumi.String(\"[#ftl/]\"),\n\t\t\tEmailVerify: pulumi.String(\"[#ftl/]\"),\n\t\t\tHelpers: pulumi.String(\"[#ftl/]\"),\n\t\t\tIndex: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2Authorize: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2AuthorizedNotRegistered: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2ChildRegistrationNotAllowed: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2ChildRegistrationNotAllowedComplete: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2CompleteRegistration: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2Consent: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2Device: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2DeviceComplete: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2Error: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2Logout: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2Passwordless: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2Register: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2StartIdpLink: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2TwoFactor: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2TwoFactorEnable: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2TwoFactorEnableComplete: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2TwoFactorMethods: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2Wait: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2Webauthn: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2WebauthnReauth: pulumi.String(\"[#ftl/]\"),\n\t\t\tOauth2WebauthnReauthEnable: pulumi.String(\"[#ftl/]\"),\n\t\t\tPasswordChange: pulumi.String(\"[#ftl/]\"),\n\t\t\tPasswordComplete: pulumi.String(\"[#ftl/]\"),\n\t\t\tPasswordForgot: pulumi.String(\"[#ftl/]\"),\n\t\t\tPasswordSent: pulumi.String(\"[#ftl/]\"),\n\t\t\tRegistrationComplete: pulumi.String(\"[#ftl/]\"),\n\t\t\tRegistrationSend: pulumi.String(\"[#ftl/]\"),\n\t\t\tRegistrationSent: pulumi.String(\"[#ftl/]\"),\n\t\t\tRegistrationVerificationRequired: pulumi.String(\"[#ftl/]\"),\n\t\t\tRegistrationVerify: pulumi.String(\"[#ftl/]\"),\n\t\t\tSamlv2Logout: pulumi.String(\"[#ftl/]\"),\n\t\t\tStylesheet: pulumi.String(\"/* stylish */\"),\n\t\t\tUnauthorized: pulumi.String(\"[#ftl/]\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthTheme;\nimport com.pulumi.fusionauth.FusionAuthThemeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var mytheme = new FusionAuthTheme(\"mytheme\", FusionAuthThemeArgs.builder()\n .accountEdit(\"[#ftl/]\")\n .accountIndex(\"[#ftl/]\")\n .accountTwoFactorDisable(\"[#ftl/]\")\n .accountTwoFactorEnable(\"[#ftl/]\")\n .accountTwoFactorIndex(\"[#ftl/]\")\n .accountWebauthnAdd(\"[#ftl/]\")\n .accountWebauthnDelete(\"[#ftl/]\")\n .accountWebauthnIndex(\"[#ftl/]\")\n .confirmationRequired(\"[#ftl/]\")\n .defaultMessages(\"[#ftl/]\")\n .emailComplete(\"[#ftl/]\")\n .emailSend(\"[#ftl/]\")\n .emailSent(\"[#ftl/]\")\n .emailVerificationRequired(\"[#ftl/]\")\n .emailVerify(\"[#ftl/]\")\n .helpers(\"[#ftl/]\")\n .index(\"[#ftl/]\")\n .oauth2Authorize(\"[#ftl/]\")\n .oauth2AuthorizedNotRegistered(\"[#ftl/]\")\n .oauth2ChildRegistrationNotAllowed(\"[#ftl/]\")\n .oauth2ChildRegistrationNotAllowedComplete(\"[#ftl/]\")\n .oauth2CompleteRegistration(\"[#ftl/]\")\n .oauth2Consent(\"[#ftl/]\")\n .oauth2Device(\"[#ftl/]\")\n .oauth2DeviceComplete(\"[#ftl/]\")\n .oauth2Error(\"[#ftl/]\")\n .oauth2Logout(\"[#ftl/]\")\n .oauth2Passwordless(\"[#ftl/]\")\n .oauth2Register(\"[#ftl/]\")\n .oauth2StartIdpLink(\"[#ftl/]\")\n .oauth2TwoFactor(\"[#ftl/]\")\n .oauth2TwoFactorEnable(\"[#ftl/]\")\n .oauth2TwoFactorEnableComplete(\"[#ftl/]\")\n .oauth2TwoFactorMethods(\"[#ftl/]\")\n .oauth2Wait(\"[#ftl/]\")\n .oauth2Webauthn(\"[#ftl/]\")\n .oauth2WebauthnReauth(\"[#ftl/]\")\n .oauth2WebauthnReauthEnable(\"[#ftl/]\")\n .passwordChange(\"[#ftl/]\")\n .passwordComplete(\"[#ftl/]\")\n .passwordForgot(\"[#ftl/]\")\n .passwordSent(\"[#ftl/]\")\n .registrationComplete(\"[#ftl/]\")\n .registrationSend(\"[#ftl/]\")\n .registrationSent(\"[#ftl/]\")\n .registrationVerificationRequired(\"[#ftl/]\")\n .registrationVerify(\"[#ftl/]\")\n .samlv2Logout(\"[#ftl/]\")\n .stylesheet(\"/* stylish */\")\n .unauthorized(\"[#ftl/]\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n mytheme:\n type: fusionauth:FusionAuthTheme\n properties:\n accountEdit: '[#ftl/]'\n accountIndex: '[#ftl/]'\n accountTwoFactorDisable: '[#ftl/]'\n accountTwoFactorEnable: '[#ftl/]'\n accountTwoFactorIndex: '[#ftl/]'\n accountWebauthnAdd: '[#ftl/]'\n accountWebauthnDelete: '[#ftl/]'\n accountWebauthnIndex: '[#ftl/]'\n confirmationRequired: '[#ftl/]'\n defaultMessages: '[#ftl/]'\n emailComplete: '[#ftl/]'\n # Deprecated Properties\n emailSend: '[#ftl/]'\n emailSent: '[#ftl/]'\n emailVerificationRequired: '[#ftl/]'\n emailVerify: '[#ftl/]'\n helpers: '[#ftl/]'\n index: '[#ftl/]'\n oauth2Authorize: '[#ftl/]'\n oauth2AuthorizedNotRegistered: '[#ftl/]'\n oauth2ChildRegistrationNotAllowed: '[#ftl/]'\n oauth2ChildRegistrationNotAllowedComplete: '[#ftl/]'\n oauth2CompleteRegistration: '[#ftl/]'\n oauth2Consent: '[#ftl/]'\n oauth2Device: '[#ftl/]'\n oauth2DeviceComplete: '[#ftl/]'\n oauth2Error: '[#ftl/]'\n oauth2Logout: '[#ftl/]'\n oauth2Passwordless: '[#ftl/]'\n oauth2Register: '[#ftl/]'\n oauth2StartIdpLink: '[#ftl/]'\n oauth2TwoFactor: '[#ftl/]'\n oauth2TwoFactorEnable: '[#ftl/]'\n oauth2TwoFactorEnableComplete: '[#ftl/]'\n oauth2TwoFactorMethods: '[#ftl/]'\n oauth2Wait: '[#ftl/]'\n oauth2Webauthn: '[#ftl/]'\n oauth2WebauthnReauth: '[#ftl/]'\n oauth2WebauthnReauthEnable: '[#ftl/]'\n passwordChange: '[#ftl/]'\n passwordComplete: '[#ftl/]'\n passwordForgot: '[#ftl/]'\n passwordSent: '[#ftl/]'\n registrationComplete: '[#ftl/]'\n registrationSend: '[#ftl/]'\n registrationSent: '[#ftl/]'\n registrationVerificationRequired: '[#ftl/]'\n registrationVerify: '[#ftl/]'\n samlv2Logout: '[#ftl/]'\n stylesheet: /* stylish */\n unauthorized: '[#ftl/]'\n```\n\n", "properties": { "accountEdit": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/edit path. This page contains a form that enables authenticated users to update their profile.\n" }, "accountIndex": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account path. This is the self-service account landing page. An authenticated user may use this as a starting point for operations such as updating their profile or configuring multi-factor authentication.\n" }, "accountTwoFactorDisable": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/two-factor/disable path. This page contains a form that accepts a verification code used to disable a multi-factor authentication method.\n" }, "accountTwoFactorEnable": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/two-factor/enable path. This page contains a form that accepts a verification code used to enable a multi-factor authentication method. Additionally, this page contains presentation of recovery codes when a user enables multi-factor authentication for the first time.\n" }, "accountTwoFactorIndex": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/two-factor path. This page displays an authenticated user’s configured multi-factor authentication methods. Additionally, it provides links to enable and disable a method.\n" }, "accountWebauthnAdd": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/webauthn/add path. This page contains a form that allows a user to register a new WebAuthn passkey.\n" }, "accountWebauthnDelete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/webauthn/delete path. This page contains a form that allows a user to delete a WebAuthn passkey.\n" }, "accountWebauthnIndex": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/webauthn/ path. This page displays an authenticated user’s registered WebAuthn passkeys. Additionally, it provides links to delete an existing passkey and register a new passkey.\n" }, "confirmationRequired": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /confirmation-required path. This page is displayed when a user attempts to complete an email based workflow that did not begin in the same browser. For example, if the user starts a forgot password workflow, and then opens the link in a separate browser the user will be shown this panel.\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Theme that should be persisted.\n" }, "defaultMessages": { "type": "string", "description": "A properties file formatted String containing at least all of the message keys defined in the FusionAuth shipped messages file.\n\n> **Note:** `default_messages` Is Required if not copying an existing Theme.\n" }, "emailComplete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /email/complete path. This page is used after a user has verified their email address by clicking the URL in the email. After FusionAuth has updated their user object to indicate that their email was verified, the browser is redirected to this page.\n" }, "emailSend": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /email/send page. This page is used after a user has\nasked for the verification email to be resent. This can happen if the URL in the email expired and the user clicked it.\nIn this case, the user can provide their email address again and FusionAuth will resend the email. After the user\nsubmits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page.\n", "deprecationMessage": "Use email_sent instead. API endpoint has been migrated from /email/send to /email/sent." }, "emailSent": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /email/sent path. This page is used after a user has asked for the verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page.\n" }, "emailVerificationRequired": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /email/verification-required path. This page is rendered when a user is required to verify their email address prior to being allowed to proceed with login. This occurs when Unverified behavior is set to Gated in email verification settings on the Tenant.\n" }, "emailVerify": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /email/verify path. This page is rendered when a user clicks the URL from the verification email and the verificationId has expired. FusionAuth expires verificationId after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.\n" }, "helpers": { "type": "string", "description": "A FreeMarker template that contains all of the macros and templates used by the rest of the login Theme FreeMarker templates. This allows you to configure the general layout of your UI configuration and login theme without having to copy and paste HTML into each of the templates.\n" }, "index": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the / path. This is the root landing page. This page is available to unauthenticated users and will be displayed whenever someone navigates to the FusionAuth host’s root page. Prior to version 1.27.0, navigating to this URL would redirect to /admin and would subsequently render the FusionAuth admin login page.\n" }, "localizedMessages": { "type": "object", "additionalProperties": { "type": "string" }, "description": "A Map of localized versions of the messages. The key is the Locale and the value is a properties file formatted String.\n" }, "name": { "type": "string", "description": "A unique name for the Theme.\n" }, "oauth2Authorize": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/authorize path. This is the main login page for FusionAuth and is used for all interactive OAuth2 and OpenID Connect workflows.\n" }, "oauth2AuthorizedNotRegistered": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/authorized-not-registered path. This page is rendered when a user is not registered and the Application configuration requires registration before FusionAuth will complete the redirect.\n" }, "oauth2ChildRegistrationNotAllowed": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/child-registration-not-allowed path. This page contains a form where a child must provide their parent’s email address to ask their parent to create an account for them in a Consent workflow.\n" }, "oauth2ChildRegistrationNotAllowedComplete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/child-registration-not-allowed-complete path. This page is rendered is rendered after a child provides their parent’s email address for parental consent in a Consent workflow.\n" }, "oauth2CompleteRegistration": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/complete-registration path. This page contains a form that is used for users that have accounts but might be missing required fields.\n" }, "oauth2Consent": { "type": "string", "description": "A FreeMarker template that is rendered when a third party application requests scopes from the user.\n" }, "oauth2Device": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/device path. This page contains a form for accepting an end user’s short code for the interactive portion of the OAuth Device Authorization Grant workflow.\n" }, "oauth2DeviceComplete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/device-complete path. This page contains a complete message indicating the device authentication has completed.\n" }, "oauth2Error": { "type": "string", "description": "This page is used if the user starts or is in the middle of the OAuth workflow and any type of error occurs. This could be caused by the user messing with the URL or internally some type of information wasn’t passed between the OAuth endpoints correctly. For example, if you are federating login to an external IdP and that IdP does not properly echo the state parameter, FusionAuth’s OAuth workflow will break and this page will be displayed.\n" }, "oauth2Logout": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/logout page. This page is used if the user initiates a logout. This page causes the user to be logged out of all associated applications via a front-channel mechanism before being redirected.\n" }, "oauth2Passwordless": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/passwordless path. This page is rendered when the user starts the passwordless login workflow. The page renders the form where the user types in their email address.\n" }, "oauth2Register": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/register path. This page is used to register or sign up the user for the application when self-service registration is enabled.\n" }, "oauth2StartIdpLink": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/start-idp-link path. This page is used if the Identity Provider is configured to have a pending link. The user is presented with the option to link their account with an existing FusionAuth user account.\n" }, "oauth2TwoFactor": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/two-factor path. This page is used if the user has two-factor authentication enabled and they need to type in their code again. FusionAuth will properly handle the processing on the back end. This page contains the form that the user will put their code into.\n" }, "oauth2TwoFactorEnable": { "type": "string", "description": "A FreeMarker template that contains the OAuth2 two-factor enable form.\n" }, "oauth2TwoFactorEnableComplete": { "type": "string", "description": "A FreeMarker template that contains the OAuth2 two-factor enable complete form.\n" }, "oauth2TwoFactorMethods": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/two-factor-methods path. This page contains a form providing a user with their configured multi-factor authentication options that they may use to complete the authentication challenge.\n" }, "oauth2Wait": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/wait path. This page is rendered when FusionAuth is waiting for an external provider to complete an out of band authentication request. For example, during a HYPR login this page will be displayed until the user completes authentication.\n" }, "oauth2Webauthn": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/webauthn path. This page contains a form where a user can enter their loginId (username or email address) to authenticate with one of their registered WebAuthn passkeys. This page uses the WebAuthn bootstrap workflow.\n" }, "oauth2WebauthnReauth": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/webauthn-reauth path. This page contains a form that lists the WebAuthn passkeys currently available for re-authentication. A user can select one of the listed passkeys to authenticate using the corresponding passkey and user account.\n" }, "oauth2WebauthnReauthEnable": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/webauthn-reauth-enable path. This page contains two forms. One allows the user to select one of their existing WebAuthn passkeys to use for re-authentication. The other allows the user to register a new WebAuthn passkey for re-authentication.\n" }, "passwordChange": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /password/change path. This page is used if the user is required to change their password or if they have requested a password reset. This page contains the form that allows the user to provide a new password.\n" }, "passwordComplete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /password/complete path. This page is used after the user has successfully updated their password, or reset it. This page should instruct the user that their password was updated and that they need to login again.\n" }, "passwordForgot": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /password/forgot path. This page is used when a user starts the forgot password workflow. This page renders the form where the user types in their email address.\n" }, "passwordSent": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /password/sent path. This page is used when a user has submitted the forgot password form with their email. FusionAuth does not indicate back to the user if their email address was valid in order to prevent malicious activity that could reveal valid email addresses. Therefore, this page should indicate to the user that if their email was valid, they will receive an email shortly with a link to reset their password.\n" }, "registrationComplete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /registration/complete path. This page is used after a user has verified their email address for a specific application (i.e. a user registration) by clicking the URL in the email. After FusionAuth has updated their registration object to indicate that their email was verified, the browser is redirected to this page.\n" }, "registrationSend": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /registration/send page. This page is used after a\nuser has asked for the application specific verification email to be resent. This can happen if the URL in the email\nexpired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend\nthe email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is\nredirected to this page.\n", "deprecationMessage": "Use registration_sent instead. API endpoint has been migrated from /registration/send to /registration/sent." }, "registrationSent": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /registration/sent path. This page is used after a user has asked for the application specific verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page.\n" }, "registrationVerificationRequired": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /registration/verification-required path. This page is rendered when a user is required to verify their registration prior to being allowed to proceed with the registration flow. This occurs when Unverified behavior is set to Gated in registration verification settings on the Application.\n" }, "registrationVerify": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /registration/verify path. This page is used when a user clicks the URL from the application specific verification email and the verificationId has expired. FusionAuth expires verificationId after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.\n" }, "samlv2Logout": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /samlv2/logout path. This page is used if the user initiates a SAML logout. This page causes the user to be logged out of all associated applications via a front-channel mechanism before being redirected.\n" }, "sourceThemeId": { "type": "string", "description": "The optional Id of an existing Theme to make a copy of. If present, the defaultMessages, localizedMessages, templates,\nand stylesheet from the source Theme will be copied to the new Theme.\n" }, "stylesheet": { "type": "string", "description": "A CSS stylesheet used to style the templates.\n" }, "themeId": { "type": "string", "description": "The Id to use for the new Theme. If not specified a secure random UUID will be generated.\n" }, "unauthorized": { "type": "string", "description": "An optional FreeMarker template that contains the unauthorized page.\n" } }, "type": "object", "required": [ "accountEdit", "accountIndex", "accountTwoFactorDisable", "accountTwoFactorEnable", "accountTwoFactorIndex", "accountWebauthnAdd", "accountWebauthnDelete", "accountWebauthnIndex", "confirmationRequired", "defaultMessages", "emailComplete", "emailSend", "emailSent", "emailVerificationRequired", "emailVerify", "helpers", "index", "name", "oauth2Authorize", "oauth2AuthorizedNotRegistered", "oauth2ChildRegistrationNotAllowed", "oauth2ChildRegistrationNotAllowedComplete", "oauth2CompleteRegistration", "oauth2Consent", "oauth2Device", "oauth2DeviceComplete", "oauth2Error", "oauth2Logout", "oauth2Passwordless", "oauth2Register", "oauth2StartIdpLink", "oauth2TwoFactor", "oauth2TwoFactorEnable", "oauth2TwoFactorEnableComplete", "oauth2TwoFactorMethods", "oauth2Wait", "oauth2Webauthn", "oauth2WebauthnReauth", "oauth2WebauthnReauthEnable", "passwordChange", "passwordComplete", "passwordForgot", "passwordSent", "registrationComplete", "registrationSend", "registrationSent", "registrationVerificationRequired", "registrationVerify", "samlv2Logout", "stylesheet", "themeId", "unauthorized" ], "inputProperties": { "accountEdit": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/edit path. This page contains a form that enables authenticated users to update their profile.\n" }, "accountIndex": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account path. This is the self-service account landing page. An authenticated user may use this as a starting point for operations such as updating their profile or configuring multi-factor authentication.\n" }, "accountTwoFactorDisable": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/two-factor/disable path. This page contains a form that accepts a verification code used to disable a multi-factor authentication method.\n" }, "accountTwoFactorEnable": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/two-factor/enable path. This page contains a form that accepts a verification code used to enable a multi-factor authentication method. Additionally, this page contains presentation of recovery codes when a user enables multi-factor authentication for the first time.\n" }, "accountTwoFactorIndex": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/two-factor path. This page displays an authenticated user’s configured multi-factor authentication methods. Additionally, it provides links to enable and disable a method.\n" }, "accountWebauthnAdd": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/webauthn/add path. This page contains a form that allows a user to register a new WebAuthn passkey.\n" }, "accountWebauthnDelete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/webauthn/delete path. This page contains a form that allows a user to delete a WebAuthn passkey.\n" }, "accountWebauthnIndex": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/webauthn/ path. This page displays an authenticated user’s registered WebAuthn passkeys. Additionally, it provides links to delete an existing passkey and register a new passkey.\n" }, "confirmationRequired": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /confirmation-required path. This page is displayed when a user attempts to complete an email based workflow that did not begin in the same browser. For example, if the user starts a forgot password workflow, and then opens the link in a separate browser the user will be shown this panel.\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Theme that should be persisted.\n" }, "defaultMessages": { "type": "string", "description": "A properties file formatted String containing at least all of the message keys defined in the FusionAuth shipped messages file.\n\n> **Note:** `default_messages` Is Required if not copying an existing Theme.\n" }, "emailComplete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /email/complete path. This page is used after a user has verified their email address by clicking the URL in the email. After FusionAuth has updated their user object to indicate that their email was verified, the browser is redirected to this page.\n" }, "emailSend": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /email/send page. This page is used after a user has\nasked for the verification email to be resent. This can happen if the URL in the email expired and the user clicked it.\nIn this case, the user can provide their email address again and FusionAuth will resend the email. After the user\nsubmits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page.\n", "deprecationMessage": "Use email_sent instead. API endpoint has been migrated from /email/send to /email/sent." }, "emailSent": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /email/sent path. This page is used after a user has asked for the verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page.\n" }, "emailVerificationRequired": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /email/verification-required path. This page is rendered when a user is required to verify their email address prior to being allowed to proceed with login. This occurs when Unverified behavior is set to Gated in email verification settings on the Tenant.\n" }, "emailVerify": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /email/verify path. This page is rendered when a user clicks the URL from the verification email and the verificationId has expired. FusionAuth expires verificationId after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.\n" }, "helpers": { "type": "string", "description": "A FreeMarker template that contains all of the macros and templates used by the rest of the login Theme FreeMarker templates. This allows you to configure the general layout of your UI configuration and login theme without having to copy and paste HTML into each of the templates.\n" }, "index": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the / path. This is the root landing page. This page is available to unauthenticated users and will be displayed whenever someone navigates to the FusionAuth host’s root page. Prior to version 1.27.0, navigating to this URL would redirect to /admin and would subsequently render the FusionAuth admin login page.\n" }, "localizedMessages": { "type": "object", "additionalProperties": { "type": "string" }, "description": "A Map of localized versions of the messages. The key is the Locale and the value is a properties file formatted String.\n" }, "name": { "type": "string", "description": "A unique name for the Theme.\n" }, "oauth2Authorize": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/authorize path. This is the main login page for FusionAuth and is used for all interactive OAuth2 and OpenID Connect workflows.\n" }, "oauth2AuthorizedNotRegistered": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/authorized-not-registered path. This page is rendered when a user is not registered and the Application configuration requires registration before FusionAuth will complete the redirect.\n" }, "oauth2ChildRegistrationNotAllowed": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/child-registration-not-allowed path. This page contains a form where a child must provide their parent’s email address to ask their parent to create an account for them in a Consent workflow.\n" }, "oauth2ChildRegistrationNotAllowedComplete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/child-registration-not-allowed-complete path. This page is rendered is rendered after a child provides their parent’s email address for parental consent in a Consent workflow.\n" }, "oauth2CompleteRegistration": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/complete-registration path. This page contains a form that is used for users that have accounts but might be missing required fields.\n" }, "oauth2Consent": { "type": "string", "description": "A FreeMarker template that is rendered when a third party application requests scopes from the user.\n" }, "oauth2Device": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/device path. This page contains a form for accepting an end user’s short code for the interactive portion of the OAuth Device Authorization Grant workflow.\n" }, "oauth2DeviceComplete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/device-complete path. This page contains a complete message indicating the device authentication has completed.\n" }, "oauth2Error": { "type": "string", "description": "This page is used if the user starts or is in the middle of the OAuth workflow and any type of error occurs. This could be caused by the user messing with the URL or internally some type of information wasn’t passed between the OAuth endpoints correctly. For example, if you are federating login to an external IdP and that IdP does not properly echo the state parameter, FusionAuth’s OAuth workflow will break and this page will be displayed.\n" }, "oauth2Logout": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/logout page. This page is used if the user initiates a logout. This page causes the user to be logged out of all associated applications via a front-channel mechanism before being redirected.\n" }, "oauth2Passwordless": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/passwordless path. This page is rendered when the user starts the passwordless login workflow. The page renders the form where the user types in their email address.\n" }, "oauth2Register": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/register path. This page is used to register or sign up the user for the application when self-service registration is enabled.\n" }, "oauth2StartIdpLink": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/start-idp-link path. This page is used if the Identity Provider is configured to have a pending link. The user is presented with the option to link their account with an existing FusionAuth user account.\n" }, "oauth2TwoFactor": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/two-factor path. This page is used if the user has two-factor authentication enabled and they need to type in their code again. FusionAuth will properly handle the processing on the back end. This page contains the form that the user will put their code into.\n" }, "oauth2TwoFactorEnable": { "type": "string", "description": "A FreeMarker template that contains the OAuth2 two-factor enable form.\n" }, "oauth2TwoFactorEnableComplete": { "type": "string", "description": "A FreeMarker template that contains the OAuth2 two-factor enable complete form.\n" }, "oauth2TwoFactorMethods": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/two-factor-methods path. This page contains a form providing a user with their configured multi-factor authentication options that they may use to complete the authentication challenge.\n" }, "oauth2Wait": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/wait path. This page is rendered when FusionAuth is waiting for an external provider to complete an out of band authentication request. For example, during a HYPR login this page will be displayed until the user completes authentication.\n" }, "oauth2Webauthn": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/webauthn path. This page contains a form where a user can enter their loginId (username or email address) to authenticate with one of their registered WebAuthn passkeys. This page uses the WebAuthn bootstrap workflow.\n" }, "oauth2WebauthnReauth": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/webauthn-reauth path. This page contains a form that lists the WebAuthn passkeys currently available for re-authentication. A user can select one of the listed passkeys to authenticate using the corresponding passkey and user account.\n" }, "oauth2WebauthnReauthEnable": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/webauthn-reauth-enable path. This page contains two forms. One allows the user to select one of their existing WebAuthn passkeys to use for re-authentication. The other allows the user to register a new WebAuthn passkey for re-authentication.\n" }, "passwordChange": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /password/change path. This page is used if the user is required to change their password or if they have requested a password reset. This page contains the form that allows the user to provide a new password.\n" }, "passwordComplete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /password/complete path. This page is used after the user has successfully updated their password, or reset it. This page should instruct the user that their password was updated and that they need to login again.\n" }, "passwordForgot": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /password/forgot path. This page is used when a user starts the forgot password workflow. This page renders the form where the user types in their email address.\n" }, "passwordSent": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /password/sent path. This page is used when a user has submitted the forgot password form with their email. FusionAuth does not indicate back to the user if their email address was valid in order to prevent malicious activity that could reveal valid email addresses. Therefore, this page should indicate to the user that if their email was valid, they will receive an email shortly with a link to reset their password.\n" }, "registrationComplete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /registration/complete path. This page is used after a user has verified their email address for a specific application (i.e. a user registration) by clicking the URL in the email. After FusionAuth has updated their registration object to indicate that their email was verified, the browser is redirected to this page.\n" }, "registrationSend": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /registration/send page. This page is used after a\nuser has asked for the application specific verification email to be resent. This can happen if the URL in the email\nexpired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend\nthe email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is\nredirected to this page.\n", "deprecationMessage": "Use registration_sent instead. API endpoint has been migrated from /registration/send to /registration/sent." }, "registrationSent": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /registration/sent path. This page is used after a user has asked for the application specific verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page.\n" }, "registrationVerificationRequired": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /registration/verification-required path. This page is rendered when a user is required to verify their registration prior to being allowed to proceed with the registration flow. This occurs when Unverified behavior is set to Gated in registration verification settings on the Application.\n" }, "registrationVerify": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /registration/verify path. This page is used when a user clicks the URL from the application specific verification email and the verificationId has expired. FusionAuth expires verificationId after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.\n" }, "samlv2Logout": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /samlv2/logout path. This page is used if the user initiates a SAML logout. This page causes the user to be logged out of all associated applications via a front-channel mechanism before being redirected.\n" }, "sourceThemeId": { "type": "string", "description": "The optional Id of an existing Theme to make a copy of. If present, the defaultMessages, localizedMessages, templates,\nand stylesheet from the source Theme will be copied to the new Theme.\n" }, "stylesheet": { "type": "string", "description": "A CSS stylesheet used to style the templates.\n" }, "themeId": { "type": "string", "description": "The Id to use for the new Theme. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "unauthorized": { "type": "string", "description": "An optional FreeMarker template that contains the unauthorized page.\n" } }, "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthTheme resources.\n", "properties": { "accountEdit": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/edit path. This page contains a form that enables authenticated users to update their profile.\n" }, "accountIndex": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account path. This is the self-service account landing page. An authenticated user may use this as a starting point for operations such as updating their profile or configuring multi-factor authentication.\n" }, "accountTwoFactorDisable": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/two-factor/disable path. This page contains a form that accepts a verification code used to disable a multi-factor authentication method.\n" }, "accountTwoFactorEnable": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/two-factor/enable path. This page contains a form that accepts a verification code used to enable a multi-factor authentication method. Additionally, this page contains presentation of recovery codes when a user enables multi-factor authentication for the first time.\n" }, "accountTwoFactorIndex": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/two-factor path. This page displays an authenticated user’s configured multi-factor authentication methods. Additionally, it provides links to enable and disable a method.\n" }, "accountWebauthnAdd": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/webauthn/add path. This page contains a form that allows a user to register a new WebAuthn passkey.\n" }, "accountWebauthnDelete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/webauthn/delete path. This page contains a form that allows a user to delete a WebAuthn passkey.\n" }, "accountWebauthnIndex": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /account/webauthn/ path. This page displays an authenticated user’s registered WebAuthn passkeys. Additionally, it provides links to delete an existing passkey and register a new passkey.\n" }, "confirmationRequired": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /confirmation-required path. This page is displayed when a user attempts to complete an email based workflow that did not begin in the same browser. For example, if the user starts a forgot password workflow, and then opens the link in a separate browser the user will be shown this panel.\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Theme that should be persisted.\n" }, "defaultMessages": { "type": "string", "description": "A properties file formatted String containing at least all of the message keys defined in the FusionAuth shipped messages file.\n\n> **Note:** `default_messages` Is Required if not copying an existing Theme.\n" }, "emailComplete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /email/complete path. This page is used after a user has verified their email address by clicking the URL in the email. After FusionAuth has updated their user object to indicate that their email was verified, the browser is redirected to this page.\n" }, "emailSend": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /email/send page. This page is used after a user has\nasked for the verification email to be resent. This can happen if the URL in the email expired and the user clicked it.\nIn this case, the user can provide their email address again and FusionAuth will resend the email. After the user\nsubmits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page.\n", "deprecationMessage": "Use email_sent instead. API endpoint has been migrated from /email/send to /email/sent." }, "emailSent": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /email/sent path. This page is used after a user has asked for the verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page.\n" }, "emailVerificationRequired": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /email/verification-required path. This page is rendered when a user is required to verify their email address prior to being allowed to proceed with login. This occurs when Unverified behavior is set to Gated in email verification settings on the Tenant.\n" }, "emailVerify": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /email/verify path. This page is rendered when a user clicks the URL from the verification email and the verificationId has expired. FusionAuth expires verificationId after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.\n" }, "helpers": { "type": "string", "description": "A FreeMarker template that contains all of the macros and templates used by the rest of the login Theme FreeMarker templates. This allows you to configure the general layout of your UI configuration and login theme without having to copy and paste HTML into each of the templates.\n" }, "index": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the / path. This is the root landing page. This page is available to unauthenticated users and will be displayed whenever someone navigates to the FusionAuth host’s root page. Prior to version 1.27.0, navigating to this URL would redirect to /admin and would subsequently render the FusionAuth admin login page.\n" }, "localizedMessages": { "type": "object", "additionalProperties": { "type": "string" }, "description": "A Map of localized versions of the messages. The key is the Locale and the value is a properties file formatted String.\n" }, "name": { "type": "string", "description": "A unique name for the Theme.\n" }, "oauth2Authorize": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/authorize path. This is the main login page for FusionAuth and is used for all interactive OAuth2 and OpenID Connect workflows.\n" }, "oauth2AuthorizedNotRegistered": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/authorized-not-registered path. This page is rendered when a user is not registered and the Application configuration requires registration before FusionAuth will complete the redirect.\n" }, "oauth2ChildRegistrationNotAllowed": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/child-registration-not-allowed path. This page contains a form where a child must provide their parent’s email address to ask their parent to create an account for them in a Consent workflow.\n" }, "oauth2ChildRegistrationNotAllowedComplete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/child-registration-not-allowed-complete path. This page is rendered is rendered after a child provides their parent’s email address for parental consent in a Consent workflow.\n" }, "oauth2CompleteRegistration": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/complete-registration path. This page contains a form that is used for users that have accounts but might be missing required fields.\n" }, "oauth2Consent": { "type": "string", "description": "A FreeMarker template that is rendered when a third party application requests scopes from the user.\n" }, "oauth2Device": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/device path. This page contains a form for accepting an end user’s short code for the interactive portion of the OAuth Device Authorization Grant workflow.\n" }, "oauth2DeviceComplete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/device-complete path. This page contains a complete message indicating the device authentication has completed.\n" }, "oauth2Error": { "type": "string", "description": "This page is used if the user starts or is in the middle of the OAuth workflow and any type of error occurs. This could be caused by the user messing with the URL or internally some type of information wasn’t passed between the OAuth endpoints correctly. For example, if you are federating login to an external IdP and that IdP does not properly echo the state parameter, FusionAuth’s OAuth workflow will break and this page will be displayed.\n" }, "oauth2Logout": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/logout page. This page is used if the user initiates a logout. This page causes the user to be logged out of all associated applications via a front-channel mechanism before being redirected.\n" }, "oauth2Passwordless": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/passwordless path. This page is rendered when the user starts the passwordless login workflow. The page renders the form where the user types in their email address.\n" }, "oauth2Register": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/register path. This page is used to register or sign up the user for the application when self-service registration is enabled.\n" }, "oauth2StartIdpLink": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/start-idp-link path. This page is used if the Identity Provider is configured to have a pending link. The user is presented with the option to link their account with an existing FusionAuth user account.\n" }, "oauth2TwoFactor": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/two-factor path. This page is used if the user has two-factor authentication enabled and they need to type in their code again. FusionAuth will properly handle the processing on the back end. This page contains the form that the user will put their code into.\n" }, "oauth2TwoFactorEnable": { "type": "string", "description": "A FreeMarker template that contains the OAuth2 two-factor enable form.\n" }, "oauth2TwoFactorEnableComplete": { "type": "string", "description": "A FreeMarker template that contains the OAuth2 two-factor enable complete form.\n" }, "oauth2TwoFactorMethods": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/two-factor-methods path. This page contains a form providing a user with their configured multi-factor authentication options that they may use to complete the authentication challenge.\n" }, "oauth2Wait": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/wait path. This page is rendered when FusionAuth is waiting for an external provider to complete an out of band authentication request. For example, during a HYPR login this page will be displayed until the user completes authentication.\n" }, "oauth2Webauthn": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/webauthn path. This page contains a form where a user can enter their loginId (username or email address) to authenticate with one of their registered WebAuthn passkeys. This page uses the WebAuthn bootstrap workflow.\n" }, "oauth2WebauthnReauth": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/webauthn-reauth path. This page contains a form that lists the WebAuthn passkeys currently available for re-authentication. A user can select one of the listed passkeys to authenticate using the corresponding passkey and user account.\n" }, "oauth2WebauthnReauthEnable": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /oauth2/webauthn-reauth-enable path. This page contains two forms. One allows the user to select one of their existing WebAuthn passkeys to use for re-authentication. The other allows the user to register a new WebAuthn passkey for re-authentication.\n" }, "passwordChange": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /password/change path. This page is used if the user is required to change their password or if they have requested a password reset. This page contains the form that allows the user to provide a new password.\n" }, "passwordComplete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /password/complete path. This page is used after the user has successfully updated their password, or reset it. This page should instruct the user that their password was updated and that they need to login again.\n" }, "passwordForgot": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /password/forgot path. This page is used when a user starts the forgot password workflow. This page renders the form where the user types in their email address.\n" }, "passwordSent": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /password/sent path. This page is used when a user has submitted the forgot password form with their email. FusionAuth does not indicate back to the user if their email address was valid in order to prevent malicious activity that could reveal valid email addresses. Therefore, this page should indicate to the user that if their email was valid, they will receive an email shortly with a link to reset their password.\n" }, "registrationComplete": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /registration/complete path. This page is used after a user has verified their email address for a specific application (i.e. a user registration) by clicking the URL in the email. After FusionAuth has updated their registration object to indicate that their email was verified, the browser is redirected to this page.\n" }, "registrationSend": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /registration/send page. This page is used after a\nuser has asked for the application specific verification email to be resent. This can happen if the URL in the email\nexpired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend\nthe email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is\nredirected to this page.\n", "deprecationMessage": "Use registration_sent instead. API endpoint has been migrated from /registration/send to /registration/sent." }, "registrationSent": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /registration/sent path. This page is used after a user has asked for the application specific verification email to be resent. This can happen if the URL in the email expired and the user clicked it. In this case, the user can provide their email address again and FusionAuth will resend the email. After the user submits their email and FusionAuth re-sends a verification email to them, the browser is redirected to this page.\n" }, "registrationVerificationRequired": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /registration/verification-required path. This page is rendered when a user is required to verify their registration prior to being allowed to proceed with the registration flow. This occurs when Unverified behavior is set to Gated in registration verification settings on the Application.\n" }, "registrationVerify": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /registration/verify path. This page is used when a user clicks the URL from the application specific verification email and the verificationId has expired. FusionAuth expires verificationId after a period of time (which is configurable). If the user has a URL from the verification email that has expired, this page will be rendered and the error will be displayed to the user.\n" }, "samlv2Logout": { "type": "string", "description": "A FreeMarker template that is rendered when the user requests the /samlv2/logout path. This page is used if the user initiates a SAML logout. This page causes the user to be logged out of all associated applications via a front-channel mechanism before being redirected.\n" }, "sourceThemeId": { "type": "string", "description": "The optional Id of an existing Theme to make a copy of. If present, the defaultMessages, localizedMessages, templates,\nand stylesheet from the source Theme will be copied to the new Theme.\n" }, "stylesheet": { "type": "string", "description": "A CSS stylesheet used to style the templates.\n" }, "themeId": { "type": "string", "description": "The Id to use for the new Theme. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true }, "unauthorized": { "type": "string", "description": "An optional FreeMarker template that contains the unauthorized page.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthUser:FusionAuthUser": { "description": "## # User Resource\n\n[Users API](https://fusionauth.io/docs/v1/tech/apis/users)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst example = new fusionauth.FusionAuthUser(\"example\", {\n userId: \"4c4511df-0d0d-4029-8c2b-f6c01b9e138d\",\n birthDate: \"1976-05-30\",\n data: JSON.stringify({\n displayName: \"Johnny Boy\",\n favoriteColors: [\n \"Red\",\n \"Blue\",\n ],\n }),\n email: \"example@fusionauth.io\",\n encryptionScheme: \"salted-sha256\",\n expiry: 1571786483322,\n firstName: \"John\",\n fullName: \"John Doe\",\n imageUrl: \"http://65.media.tumblr.com/tumblr_l7dbl0MHbU1qz50x3o1_500.png\",\n lastName: \"Doe\",\n middleName: \"William\",\n mobilePhone: \"303-555-1234\",\n passwordChangeRequired: false,\n preferredLanguages: [\n \"en\",\n \"fr\",\n ],\n timezone: \"America/Denver\",\n usernameStatus: \"ACTIVE\",\n username: \"johnny123\",\n});\n```\n```python\nimport pulumi\nimport json\nimport theogravity_pulumi_fusionauth as fusionauth\n\nexample = fusionauth.FusionAuthUser(\"example\",\n user_id=\"4c4511df-0d0d-4029-8c2b-f6c01b9e138d\",\n birth_date=\"1976-05-30\",\n data=json.dumps({\n \"displayName\": \"Johnny Boy\",\n \"favoriteColors\": [\n \"Red\",\n \"Blue\",\n ],\n }),\n email=\"example@fusionauth.io\",\n encryption_scheme=\"salted-sha256\",\n expiry=1571786483322,\n first_name=\"John\",\n full_name=\"John Doe\",\n image_url=\"http://65.media.tumblr.com/tumblr_l7dbl0MHbU1qz50x3o1_500.png\",\n last_name=\"Doe\",\n middle_name=\"William\",\n mobile_phone=\"303-555-1234\",\n password_change_required=False,\n preferred_languages=[\n \"en\",\n \"fr\",\n ],\n timezone=\"America/Denver\",\n username_status=\"ACTIVE\",\n username=\"johnny123\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var example = new Fusionauth.FusionAuthUser(\"example\", new()\n {\n UserId = \"4c4511df-0d0d-4029-8c2b-f6c01b9e138d\",\n BirthDate = \"1976-05-30\",\n Data = JsonSerializer.Serialize(new Dictionary\n {\n [\"displayName\"] = \"Johnny Boy\",\n [\"favoriteColors\"] = new[]\n {\n \"Red\",\n \"Blue\",\n },\n }),\n Email = \"example@fusionauth.io\",\n EncryptionScheme = \"salted-sha256\",\n Expiry = 1571786483322,\n FirstName = \"John\",\n FullName = \"John Doe\",\n ImageUrl = \"http://65.media.tumblr.com/tumblr_l7dbl0MHbU1qz50x3o1_500.png\",\n LastName = \"Doe\",\n MiddleName = \"William\",\n MobilePhone = \"303-555-1234\",\n PasswordChangeRequired = false,\n PreferredLanguages = new[]\n {\n \"en\",\n \"fr\",\n },\n Timezone = \"America/Denver\",\n UsernameStatus = \"ACTIVE\",\n Username = \"johnny123\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"displayName\": \"Johnny Boy\",\n\t\t\t\"favoriteColors\": []string{\n\t\t\t\t\"Red\",\n\t\t\t\t\"Blue\",\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = fusionauth.NewFusionAuthUser(ctx, \"example\", &fusionauth.FusionAuthUserArgs{\n\t\t\tUserId: pulumi.String(\"4c4511df-0d0d-4029-8c2b-f6c01b9e138d\"),\n\t\t\tBirthDate: pulumi.String(\"1976-05-30\"),\n\t\t\tData: pulumi.String(json0),\n\t\t\tEmail: pulumi.String(\"example@fusionauth.io\"),\n\t\t\tEncryptionScheme: pulumi.String(\"salted-sha256\"),\n\t\t\tExpiry: pulumi.Int(1571786483322),\n\t\t\tFirstName: pulumi.String(\"John\"),\n\t\t\tFullName: pulumi.String(\"John Doe\"),\n\t\t\tImageUrl: pulumi.String(\"http://65.media.tumblr.com/tumblr_l7dbl0MHbU1qz50x3o1_500.png\"),\n\t\t\tLastName: pulumi.String(\"Doe\"),\n\t\t\tMiddleName: pulumi.String(\"William\"),\n\t\t\tMobilePhone: pulumi.String(\"303-555-1234\"),\n\t\t\tPasswordChangeRequired: pulumi.Bool(false),\n\t\t\tPreferredLanguages: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"en\"),\n\t\t\t\tpulumi.String(\"fr\"),\n\t\t\t},\n\t\t\tTimezone: pulumi.String(\"America/Denver\"),\n\t\t\tUsernameStatus: pulumi.String(\"ACTIVE\"),\n\t\t\tUsername: pulumi.String(\"johnny123\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthUser;\nimport com.pulumi.fusionauth.FusionAuthUserArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new FusionAuthUser(\"example\", FusionAuthUserArgs.builder()\n .userId(\"4c4511df-0d0d-4029-8c2b-f6c01b9e138d\")\n .birthDate(\"1976-05-30\")\n .data(serializeJson(\n jsonObject(\n jsonProperty(\"displayName\", \"Johnny Boy\"),\n jsonProperty(\"favoriteColors\", jsonArray(\n \"Red\", \n \"Blue\"\n ))\n )))\n .email(\"example@fusionauth.io\")\n .encryptionScheme(\"salted-sha256\")\n .expiry(1571786483322)\n .firstName(\"John\")\n .fullName(\"John Doe\")\n .imageUrl(\"http://65.media.tumblr.com/tumblr_l7dbl0MHbU1qz50x3o1_500.png\")\n .lastName(\"Doe\")\n .middleName(\"William\")\n .mobilePhone(\"303-555-1234\")\n .passwordChangeRequired(false)\n .preferredLanguages( \n \"en\",\n \"fr\")\n .timezone(\"America/Denver\")\n .usernameStatus(\"ACTIVE\")\n .username(\"johnny123\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: fusionauth:FusionAuthUser\n properties:\n userId: 4c4511df-0d0d-4029-8c2b-f6c01b9e138d\n birthDate: 1976-05-30\n data:\n fn::toJSON:\n displayName: Johnny Boy\n favoriteColors:\n - Red\n - Blue\n email: example@fusionauth.io\n encryptionScheme: salted-sha256\n expiry: 1.571786483322e+12\n firstName: John\n fullName: John Doe\n imageUrl: http://65.media.tumblr.com/tumblr_l7dbl0MHbU1qz50x3o1_500.png\n lastName: Doe\n middleName: William\n mobilePhone: 303-555-1234\n passwordChangeRequired: false\n preferredLanguages:\n - en\n - fr\n timezone: America/Denver\n usernameStatus: ACTIVE\n username: johnny123\n```\n\n", "properties": { "applicationId": { "type": "string", "description": "An optional Application Id. When this value is provided, it will be used to resolve an application specific email template if you have configured transactional emails such as setup password, email verification and others.\n" }, "birthDate": { "type": "string", "description": "An ISO-8601 formatted date of the User’s birthdate such as YYYY-MM-DD.\n" }, "data": { "type": "string", "description": "An object that can hold any information about a User that should be persisted. Must be a JSON serialised string.\n" }, "disableDomainBlock": { "type": "boolean", "description": "A tenant has the option to configure one or more email domains to be blocked in order to restrict email domains during user create or update. Setting this property equal to true will override the tenant configuration. See `registration_configuration.blocked_domains` in the Tenant resource.\n" }, "email": { "type": "string", "description": "The User’s email address. An email address is a unique in FusionAuth and stored in lower case.\n" }, "encryptionScheme": { "type": "string", "description": "The method for encrypting the User’s password.\n" }, "expiry": { "type": "integer", "description": "The expiration instant of the User’s account. An expired user is not permitted to login.\n" }, "factor": { "type": "integer", "description": "The factor used by the password encryption scheme. If not provided, the PasswordEncryptor provides a default value.\nGenerally this will be used as an iteration count to generate the hash. The actual use of this value is up to the\nPasswordEncryptor implementation.\n" }, "firstName": { "type": "string", "description": "The first name of the User.\n" }, "fullName": { "type": "string", "description": "The User’s full name as a separate field that is not calculated from firstName and lastName.\n" }, "imageUrl": { "type": "string", "description": "The URL that points to an image file that is the User’s profile image.\n" }, "lastName": { "type": "string", "description": "The User’s last name.\n" }, "middleName": { "type": "string", "description": "The User’s middle name.\n" }, "mobilePhone": { "type": "string", "description": "The User’s mobile phone number. This is useful is you will be sending push notifications or SMS messages to the User.\n" }, "parentEmail": { "type": "string", "description": "The email address of the user’s parent or guardian. This field is used to allow a child user to identify their parent so FusionAuth can make a request to the parent to confirm the parent relationship.\n" }, "password": { "type": "string", "description": "The User’s plaintext password. This password will be hashed and the provided value will never be stored and cannot be retrieved.\n", "secret": true }, "passwordChangeRequired": { "type": "boolean", "description": "Indicates that the User’s password needs to be changed during their next login attempt.\n" }, "preferredLanguages": { "type": "array", "items": { "type": "string" }, "description": "An array of locale strings that give, in order, the User’s preferred languages. These are important for email templates and other localizable text.\n" }, "sendSetPasswordEmail": { "type": "boolean", "description": "Indicates to FusionAuth to send the User an email asking them to set their password. The Email Template that is used is configured in the System Configuration setting for Set Password Email Template.\n" }, "skipVerification": { "type": "boolean", "description": "Indicates to FusionAuth that it should skip email verification even if it is enabled. This is useful for creating admin or internal User accounts.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant used to scope this API request.\n" }, "timezone": { "type": "string", "description": "The User’s preferred timezone. The string must be in an IANA time zone format.\n" }, "twoFactorMethods": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthUserTwoFactorMethod:FusionAuthUserTwoFactorMethod" } }, "twoFactorRecoveryCodes": { "type": "array", "items": { "type": "string" }, "description": "A list of recovery codes. These may be used in place of a code provided by an MFA factor. They are single use. If a recovery code is used in a disable request, all MFA methods are removed. If, after that, a Multi-Factor method is added, a new set of recovery codes will be generated.\n", "secret": true }, "userId": { "type": "string", "description": "The Id to use for the new User. If not specified a secure random UUID will be generated..\n" }, "username": { "type": "string", "description": "The username of the User. The username is stored and returned as a case sensitive value, however a username is considered unique regardless of the case. bob is considered equal to BoB so either version of this username can be used whenever providing it as input to an API.\n" }, "usernameStatus": { "type": "string", "description": "The current status of the username. This is used if you are moderating usernames via CleanSpeak.\n" } }, "type": "object", "required": [ "factor", "twoFactorMethods", "twoFactorRecoveryCodes", "userId" ], "inputProperties": { "applicationId": { "type": "string", "description": "An optional Application Id. When this value is provided, it will be used to resolve an application specific email template if you have configured transactional emails such as setup password, email verification and others.\n", "willReplaceOnChanges": true }, "birthDate": { "type": "string", "description": "An ISO-8601 formatted date of the User’s birthdate such as YYYY-MM-DD.\n" }, "data": { "type": "string", "description": "An object that can hold any information about a User that should be persisted. Must be a JSON serialised string.\n" }, "disableDomainBlock": { "type": "boolean", "description": "A tenant has the option to configure one or more email domains to be blocked in order to restrict email domains during user create or update. Setting this property equal to true will override the tenant configuration. See `registration_configuration.blocked_domains` in the Tenant resource.\n" }, "email": { "type": "string", "description": "The User’s email address. An email address is a unique in FusionAuth and stored in lower case.\n" }, "encryptionScheme": { "type": "string", "description": "The method for encrypting the User’s password.\n" }, "expiry": { "type": "integer", "description": "The expiration instant of the User’s account. An expired user is not permitted to login.\n" }, "factor": { "type": "integer", "description": "The factor used by the password encryption scheme. If not provided, the PasswordEncryptor provides a default value.\nGenerally this will be used as an iteration count to generate the hash. The actual use of this value is up to the\nPasswordEncryptor implementation.\n" }, "firstName": { "type": "string", "description": "The first name of the User.\n" }, "fullName": { "type": "string", "description": "The User’s full name as a separate field that is not calculated from firstName and lastName.\n" }, "imageUrl": { "type": "string", "description": "The URL that points to an image file that is the User’s profile image.\n" }, "lastName": { "type": "string", "description": "The User’s last name.\n" }, "middleName": { "type": "string", "description": "The User’s middle name.\n" }, "mobilePhone": { "type": "string", "description": "The User’s mobile phone number. This is useful is you will be sending push notifications or SMS messages to the User.\n" }, "parentEmail": { "type": "string", "description": "The email address of the user’s parent or guardian. This field is used to allow a child user to identify their parent so FusionAuth can make a request to the parent to confirm the parent relationship.\n" }, "password": { "type": "string", "description": "The User’s plaintext password. This password will be hashed and the provided value will never be stored and cannot be retrieved.\n", "secret": true }, "passwordChangeRequired": { "type": "boolean", "description": "Indicates that the User’s password needs to be changed during their next login attempt.\n" }, "preferredLanguages": { "type": "array", "items": { "type": "string" }, "description": "An array of locale strings that give, in order, the User’s preferred languages. These are important for email templates and other localizable text.\n" }, "sendSetPasswordEmail": { "type": "boolean", "description": "Indicates to FusionAuth to send the User an email asking them to set their password. The Email Template that is used is configured in the System Configuration setting for Set Password Email Template.\n" }, "skipVerification": { "type": "boolean", "description": "Indicates to FusionAuth that it should skip email verification even if it is enabled. This is useful for creating admin or internal User accounts.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant used to scope this API request.\n", "willReplaceOnChanges": true }, "timezone": { "type": "string", "description": "The User’s preferred timezone. The string must be in an IANA time zone format.\n" }, "twoFactorMethods": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthUserTwoFactorMethod:FusionAuthUserTwoFactorMethod" } }, "twoFactorRecoveryCodes": { "type": "array", "items": { "type": "string" }, "description": "A list of recovery codes. These may be used in place of a code provided by an MFA factor. They are single use. If a recovery code is used in a disable request, all MFA methods are removed. If, after that, a Multi-Factor method is added, a new set of recovery codes will be generated.\n", "secret": true }, "userId": { "type": "string", "description": "The Id to use for the new User. If not specified a secure random UUID will be generated..\n", "willReplaceOnChanges": true }, "username": { "type": "string", "description": "The username of the User. The username is stored and returned as a case sensitive value, however a username is considered unique regardless of the case. bob is considered equal to BoB so either version of this username can be used whenever providing it as input to an API.\n" }, "usernameStatus": { "type": "string", "description": "The current status of the username. This is used if you are moderating usernames via CleanSpeak.\n" } }, "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthUser resources.\n", "properties": { "applicationId": { "type": "string", "description": "An optional Application Id. When this value is provided, it will be used to resolve an application specific email template if you have configured transactional emails such as setup password, email verification and others.\n", "willReplaceOnChanges": true }, "birthDate": { "type": "string", "description": "An ISO-8601 formatted date of the User’s birthdate such as YYYY-MM-DD.\n" }, "data": { "type": "string", "description": "An object that can hold any information about a User that should be persisted. Must be a JSON serialised string.\n" }, "disableDomainBlock": { "type": "boolean", "description": "A tenant has the option to configure one or more email domains to be blocked in order to restrict email domains during user create or update. Setting this property equal to true will override the tenant configuration. See `registration_configuration.blocked_domains` in the Tenant resource.\n" }, "email": { "type": "string", "description": "The User’s email address. An email address is a unique in FusionAuth and stored in lower case.\n" }, "encryptionScheme": { "type": "string", "description": "The method for encrypting the User’s password.\n" }, "expiry": { "type": "integer", "description": "The expiration instant of the User’s account. An expired user is not permitted to login.\n" }, "factor": { "type": "integer", "description": "The factor used by the password encryption scheme. If not provided, the PasswordEncryptor provides a default value.\nGenerally this will be used as an iteration count to generate the hash. The actual use of this value is up to the\nPasswordEncryptor implementation.\n" }, "firstName": { "type": "string", "description": "The first name of the User.\n" }, "fullName": { "type": "string", "description": "The User’s full name as a separate field that is not calculated from firstName and lastName.\n" }, "imageUrl": { "type": "string", "description": "The URL that points to an image file that is the User’s profile image.\n" }, "lastName": { "type": "string", "description": "The User’s last name.\n" }, "middleName": { "type": "string", "description": "The User’s middle name.\n" }, "mobilePhone": { "type": "string", "description": "The User’s mobile phone number. This is useful is you will be sending push notifications or SMS messages to the User.\n" }, "parentEmail": { "type": "string", "description": "The email address of the user’s parent or guardian. This field is used to allow a child user to identify their parent so FusionAuth can make a request to the parent to confirm the parent relationship.\n" }, "password": { "type": "string", "description": "The User’s plaintext password. This password will be hashed and the provided value will never be stored and cannot be retrieved.\n", "secret": true }, "passwordChangeRequired": { "type": "boolean", "description": "Indicates that the User’s password needs to be changed during their next login attempt.\n" }, "preferredLanguages": { "type": "array", "items": { "type": "string" }, "description": "An array of locale strings that give, in order, the User’s preferred languages. These are important for email templates and other localizable text.\n" }, "sendSetPasswordEmail": { "type": "boolean", "description": "Indicates to FusionAuth to send the User an email asking them to set their password. The Email Template that is used is configured in the System Configuration setting for Set Password Email Template.\n" }, "skipVerification": { "type": "boolean", "description": "Indicates to FusionAuth that it should skip email verification even if it is enabled. This is useful for creating admin or internal User accounts.\n" }, "tenantId": { "type": "string", "description": "The unique Id of the tenant used to scope this API request.\n", "willReplaceOnChanges": true }, "timezone": { "type": "string", "description": "The User’s preferred timezone. The string must be in an IANA time zone format.\n" }, "twoFactorMethods": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthUserTwoFactorMethod:FusionAuthUserTwoFactorMethod" } }, "twoFactorRecoveryCodes": { "type": "array", "items": { "type": "string" }, "description": "A list of recovery codes. These may be used in place of a code provided by an MFA factor. They are single use. If a recovery code is used in a disable request, all MFA methods are removed. If, after that, a Multi-Factor method is added, a new set of recovery codes will be generated.\n", "secret": true }, "userId": { "type": "string", "description": "The Id to use for the new User. If not specified a secure random UUID will be generated..\n", "willReplaceOnChanges": true }, "username": { "type": "string", "description": "The username of the User. The username is stored and returned as a case sensitive value, however a username is considered unique regardless of the case. bob is considered equal to BoB so either version of this username can be used whenever providing it as input to an API.\n" }, "usernameStatus": { "type": "string", "description": "The current status of the username. This is used if you are moderating usernames via CleanSpeak.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthUserAction:FusionAuthUserAction": { "description": "## # User Action Resource\n\n[User Actions API](https://fusionauth.io/docs/v1/tech/apis/user-actions/)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst example = new fusionauth.FusionAuthUserAction(\"example\", {\n preventLogin: true,\n temporal: true,\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nexample = fusionauth.FusionAuthUserAction(\"example\",\n prevent_login=True,\n temporal=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var example = new Fusionauth.FusionAuthUserAction(\"example\", new()\n {\n PreventLogin = true,\n Temporal = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthUserAction(ctx, \"example\", &fusionauth.FusionAuthUserActionArgs{\n\t\t\tPreventLogin: pulumi.Bool(true),\n\t\t\tTemporal: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthUserAction;\nimport com.pulumi.fusionauth.FusionAuthUserActionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new FusionAuthUserAction(\"example\", FusionAuthUserActionArgs.builder()\n .preventLogin(true)\n .temporal(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: fusionauth:FusionAuthUserAction\n properties:\n preventLogin: true\n temporal: true\n```\n\n", "properties": { "cancelEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when User Actions are canceled.\n" }, "endEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when User Actions expired automatically (end).\n" }, "includeEmailInEventJson": { "type": "boolean", "description": "Whether to include the email information in the JSON that is sent to the Webhook when a user action is taken.\n" }, "localizedNames": { "type": "object", "additionalProperties": { "type": "string" }, "description": "A mapping of localized names for this User Action. The key is the Locale and the value is the name of the User Action for that language.\n" }, "modifyEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when User Actions are modified.\n" }, "name": { "type": "string", "description": "The name of this User Action.\n" }, "options": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthUserActionOption:FusionAuthUserActionOption" }, "description": "The list of User Action Options.\n" }, "preventLogin": { "type": "boolean", "description": "Whether or not this User Action will prevent user login. When this value is set to true the action must also be marked as a time based action. See `temporal`.\n" }, "sendEndEvent": { "type": "boolean", "description": "Whether or not FusionAuth will send events to any registered Webhooks when this User Action expires.\n" }, "startEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when User Actions are started (created).\n" }, "temporal": { "type": "boolean", "description": "Whether or not this User Action is time-based (temporal).\n" }, "userActionId": { "type": "string", "description": "The id of this User Action.\n" }, "userEmailingEnabled": { "type": "boolean", "description": "Whether or not email is enabled for this User Action.\n" }, "userNotificationsEnabled": { "type": "boolean", "description": "Whether or not user notifications are enabled for this User Action.\n" } }, "type": "object", "required": [ "name", "userActionId" ], "inputProperties": { "cancelEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when User Actions are canceled.\n" }, "endEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when User Actions expired automatically (end).\n" }, "includeEmailInEventJson": { "type": "boolean", "description": "Whether to include the email information in the JSON that is sent to the Webhook when a user action is taken.\n" }, "localizedNames": { "type": "object", "additionalProperties": { "type": "string" }, "description": "A mapping of localized names for this User Action. The key is the Locale and the value is the name of the User Action for that language.\n" }, "modifyEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when User Actions are modified.\n" }, "name": { "type": "string", "description": "The name of this User Action.\n" }, "options": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthUserActionOption:FusionAuthUserActionOption" }, "description": "The list of User Action Options.\n" }, "preventLogin": { "type": "boolean", "description": "Whether or not this User Action will prevent user login. When this value is set to true the action must also be marked as a time based action. See `temporal`.\n" }, "sendEndEvent": { "type": "boolean", "description": "Whether or not FusionAuth will send events to any registered Webhooks when this User Action expires.\n" }, "startEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when User Actions are started (created).\n" }, "temporal": { "type": "boolean", "description": "Whether or not this User Action is time-based (temporal).\n" }, "userActionId": { "type": "string", "description": "The id of this User Action.\n" }, "userEmailingEnabled": { "type": "boolean", "description": "Whether or not email is enabled for this User Action.\n" }, "userNotificationsEnabled": { "type": "boolean", "description": "Whether or not user notifications are enabled for this User Action.\n" } }, "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthUserAction resources.\n", "properties": { "cancelEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when User Actions are canceled.\n" }, "endEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when User Actions expired automatically (end).\n" }, "includeEmailInEventJson": { "type": "boolean", "description": "Whether to include the email information in the JSON that is sent to the Webhook when a user action is taken.\n" }, "localizedNames": { "type": "object", "additionalProperties": { "type": "string" }, "description": "A mapping of localized names for this User Action. The key is the Locale and the value is the name of the User Action for that language.\n" }, "modifyEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when User Actions are modified.\n" }, "name": { "type": "string", "description": "The name of this User Action.\n" }, "options": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FFusionAuthUserActionOption:FusionAuthUserActionOption" }, "description": "The list of User Action Options.\n" }, "preventLogin": { "type": "boolean", "description": "Whether or not this User Action will prevent user login. When this value is set to true the action must also be marked as a time based action. See `temporal`.\n" }, "sendEndEvent": { "type": "boolean", "description": "Whether or not FusionAuth will send events to any registered Webhooks when this User Action expires.\n" }, "startEmailTemplateId": { "type": "string", "description": "The Id of the Email Template that is used when User Actions are started (created).\n" }, "temporal": { "type": "boolean", "description": "Whether or not this User Action is time-based (temporal).\n" }, "userActionId": { "type": "string", "description": "The id of this User Action.\n" }, "userEmailingEnabled": { "type": "boolean", "description": "Whether or not email is enabled for this User Action.\n" }, "userNotificationsEnabled": { "type": "boolean", "description": "Whether or not user notifications are enabled for this User Action.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthUserGroupMembership:FusionAuthUserGroupMembership": { "description": "## # User Group Membership Resource\n\n[User Group Membership API](https://fusionauth.io/docs/apis/groups#request-5)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst _this = new fusionauth.FusionAuthUserGroupMembership(\"this\", {\n groupId: fusionauth_group[\"this\"].id,\n userId: fusionauth_user[\"this\"].id,\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nthis = fusionauth.FusionAuthUserGroupMembership(\"this\",\n group_id=fusionauth_group[\"this\"][\"id\"],\n user_id=fusionauth_user[\"this\"][\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var @this = new Fusionauth.FusionAuthUserGroupMembership(\"this\", new()\n {\n GroupId = fusionauth_group.This.Id,\n UserId = fusionauth_user.This.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthUserGroupMembership(ctx, \"this\", &fusionauth.FusionAuthUserGroupMembershipArgs{\n\t\t\tGroupId: pulumi.Any(fusionauth_group.This.Id),\n\t\t\tUserId: pulumi.Any(fusionauth_user.This.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthUserGroupMembership;\nimport com.pulumi.fusionauth.FusionAuthUserGroupMembershipArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var this_ = new FusionAuthUserGroupMembership(\"this\", FusionAuthUserGroupMembershipArgs.builder()\n .groupId(fusionauth_group.this().id())\n .userId(fusionauth_user.this().id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n this:\n type: fusionauth:FusionAuthUserGroupMembership\n properties:\n groupId: ${fusionauth_group.this.id}\n userId: ${fusionauth_user.this.id}\n```\n\n", "properties": { "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the User for this membership that should be persisted.\n" }, "groupId": { "type": "string", "description": "The Id of the Group of this membership.\n" }, "membershipId": { "type": "string", "description": "The Id of the User Group Membership. If not provided, a random UUID will be generated.\n" }, "userId": { "type": "string", "description": "\"The Id of the User of this membership.\n" } }, "type": "object", "required": [ "groupId", "membershipId", "userId" ], "inputProperties": { "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the User for this membership that should be persisted.\n" }, "groupId": { "type": "string", "description": "The Id of the Group of this membership.\n" }, "membershipId": { "type": "string", "description": "The Id of the User Group Membership. If not provided, a random UUID will be generated.\n", "willReplaceOnChanges": true }, "userId": { "type": "string", "description": "\"The Id of the User of this membership.\n" } }, "requiredInputs": [ "groupId", "userId" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthUserGroupMembership resources.\n", "properties": { "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the User for this membership that should be persisted.\n" }, "groupId": { "type": "string", "description": "The Id of the Group of this membership.\n" }, "membershipId": { "type": "string", "description": "The Id of the User Group Membership. If not provided, a random UUID will be generated.\n", "willReplaceOnChanges": true }, "userId": { "type": "string", "description": "\"The Id of the User of this membership.\n" } }, "type": "object" } }, "fusionauth:index/fusionAuthWebhook:FusionAuthWebhook": { "description": "## # Webhook Resource\n\nA FusionAuth Webhook is intended to consume JSON events emitted by FusionAuth. Creating a Webhook allows you to tell FusionAuth where you would like to receive these JSON events.\n\n[Webhooks API](https://fusionauth.io/docs/v1/tech/apis/webhooks)\n\n## Example Usage\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"pulumi-fusionauth\";\n\nconst example = new fusionauth.FusionAuthWebhook(\"example\", {\n tenantIds: [\n \"00000000-0000-0000-0000-000000000003\",\n fusionauth_tenant.example.id,\n ],\n connectTimeout: 1000,\n description: \"The standard game Webhook\",\n eventsEnabled: {\n userCreate: true,\n userDelete: false,\n },\n global: false,\n headers: {\n foo: \"bar\",\n bar: \"baz\",\n },\n httpAuthenticationPassword: \"password\",\n httpAuthenticationUsername: \"username\",\n readTimeout: 2000,\n sslCertificate: \" -----BEGIN CERTIFICATE-----\\\\nMIIDUjCCArugAwIBAgIJANZCTNN98L9ZMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV\\\\nBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZz\\\\nZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkB\\\\nFhFzamZkZkBsc2tkamZjLmNvbTAeFw0xNDA0MDkyMTA2MDdaFw0xNDA1MDkyMTA2\\\\nMDdaMHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVy\\\\nMQ8wDQYDVQQKEwZzZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAw\\\\nHgYJKoZIhvcNAQkBFhFzamZkZkBsc2tkamZjLmNvbTCBnzANBgkqhkiG9w0BAQEF\\\\nAAOBjQAwgYkCgYEAxnQBqyuYvjUE4aFQ6vVZU5RqHmy3KiTg2NcxELIlZztUTK3a\\\\nVFbJoBB4ixHXCCYslujthILyBjgT3F+IhSpPAcrlu8O5LVPaPCysh/SNrGNwH4lq\\\\neiW9Z5WAhRO/nG7NZNa0USPHAei6b9Sv9PxuKCY+GJfAIwlO4/bltIH06/kCAwEA\\\\nAaOB3zCB3DAdBgNVHQ4EFgQUU4SqJEFm1zW+CcLxmLlARrqtMN0wgawGA1UdIwSB\\\\npDCBoYAUU4SqJEFm1zW+CcLxmLlARrqtMN2hfqR8MHoxCzAJBgNVBAYTAlVTMQsw\\\\nCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZzZXRoLXMxCjAI\\\\nBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkBFhFzamZkZkBs\\\\nc2tkamZjLmNvbYIJANZCTNN98L9ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\\\\nBQADgYEAY/cJsi3w6R4hF4PzAXLhGOg1tzTDYvol3w024WoehJur+qM0AY6UqtoJ\\\\nneCq9af32IKbbOKkoaok+t1+/tylQVF/0FXMTKepxaMbG22vr4TmN3idPUYYbPfW\\\\n5GkF7Hh96BjerrtiUPGuBZL50HoLZ5aR5oZUMAu7TXhOFp+vZp8=\\\\n-----END CERTIFICATE-----\\n\",\n url: \"http://mygameserver.local:7001/fusionauth-webhook\",\n signatureConfiguration: {\n enabled: true,\n signingKeyId: fusionauth_key.webhook_key.id,\n },\n});\n```\n```python\nimport pulumi\nimport theogravity_pulumi_fusionauth as fusionauth\n\nexample = fusionauth.FusionAuthWebhook(\"example\",\n tenant_ids=[\n \"00000000-0000-0000-0000-000000000003\",\n fusionauth_tenant[\"example\"][\"id\"],\n ],\n connect_timeout=1000,\n description=\"The standard game Webhook\",\n events_enabled={\n \"user_create\": True,\n \"user_delete\": False,\n },\n global_=False,\n headers={\n \"foo\": \"bar\",\n \"bar\": \"baz\",\n },\n http_authentication_password=\"password\",\n http_authentication_username=\"username\",\n read_timeout=2000,\n ssl_certificate=\" -----BEGIN CERTIFICATE-----\\\\nMIIDUjCCArugAwIBAgIJANZCTNN98L9ZMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV\\\\nBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZz\\\\nZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkB\\\\nFhFzamZkZkBsc2tkamZjLmNvbTAeFw0xNDA0MDkyMTA2MDdaFw0xNDA1MDkyMTA2\\\\nMDdaMHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVy\\\\nMQ8wDQYDVQQKEwZzZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAw\\\\nHgYJKoZIhvcNAQkBFhFzamZkZkBsc2tkamZjLmNvbTCBnzANBgkqhkiG9w0BAQEF\\\\nAAOBjQAwgYkCgYEAxnQBqyuYvjUE4aFQ6vVZU5RqHmy3KiTg2NcxELIlZztUTK3a\\\\nVFbJoBB4ixHXCCYslujthILyBjgT3F+IhSpPAcrlu8O5LVPaPCysh/SNrGNwH4lq\\\\neiW9Z5WAhRO/nG7NZNa0USPHAei6b9Sv9PxuKCY+GJfAIwlO4/bltIH06/kCAwEA\\\\nAaOB3zCB3DAdBgNVHQ4EFgQUU4SqJEFm1zW+CcLxmLlARrqtMN0wgawGA1UdIwSB\\\\npDCBoYAUU4SqJEFm1zW+CcLxmLlARrqtMN2hfqR8MHoxCzAJBgNVBAYTAlVTMQsw\\\\nCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZzZXRoLXMxCjAI\\\\nBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkBFhFzamZkZkBs\\\\nc2tkamZjLmNvbYIJANZCTNN98L9ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\\\\nBQADgYEAY/cJsi3w6R4hF4PzAXLhGOg1tzTDYvol3w024WoehJur+qM0AY6UqtoJ\\\\nneCq9af32IKbbOKkoaok+t1+/tylQVF/0FXMTKepxaMbG22vr4TmN3idPUYYbPfW\\\\n5GkF7Hh96BjerrtiUPGuBZL50HoLZ5aR5oZUMAu7TXhOFp+vZp8=\\\\n-----END CERTIFICATE-----\\n\",\n url=\"http://mygameserver.local:7001/fusionauth-webhook\",\n signature_configuration={\n \"enabled\": True,\n \"signing_key_id\": fusionauth_key[\"webhook_key\"][\"id\"],\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = theogravity.Fusionauth;\n\nreturn await Deployment.RunAsync(() => \n{\n var example = new Fusionauth.FusionAuthWebhook(\"example\", new()\n {\n TenantIds = new[]\n {\n \"00000000-0000-0000-0000-000000000003\",\n fusionauth_tenant.Example.Id,\n },\n ConnectTimeout = 1000,\n Description = \"The standard game Webhook\",\n EventsEnabled = new Fusionauth.Inputs.FusionAuthWebhookEventsEnabledArgs\n {\n UserCreate = true,\n UserDelete = false,\n },\n Global = false,\n Headers = \n {\n { \"foo\", \"bar\" },\n { \"bar\", \"baz\" },\n },\n HttpAuthenticationPassword = \"password\",\n HttpAuthenticationUsername = \"username\",\n ReadTimeout = 2000,\n SslCertificate = @\" -----BEGIN CERTIFICATE-----\\nMIIDUjCCArugAwIBAgIJANZCTNN98L9ZMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV\\nBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZz\\nZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkB\\nFhFzamZkZkBsc2tkamZjLmNvbTAeFw0xNDA0MDkyMTA2MDdaFw0xNDA1MDkyMTA2\\nMDdaMHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVy\\nMQ8wDQYDVQQKEwZzZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAw\\nHgYJKoZIhvcNAQkBFhFzamZkZkBsc2tkamZjLmNvbTCBnzANBgkqhkiG9w0BAQEF\\nAAOBjQAwgYkCgYEAxnQBqyuYvjUE4aFQ6vVZU5RqHmy3KiTg2NcxELIlZztUTK3a\\nVFbJoBB4ixHXCCYslujthILyBjgT3F+IhSpPAcrlu8O5LVPaPCysh/SNrGNwH4lq\\neiW9Z5WAhRO/nG7NZNa0USPHAei6b9Sv9PxuKCY+GJfAIwlO4/bltIH06/kCAwEA\\nAaOB3zCB3DAdBgNVHQ4EFgQUU4SqJEFm1zW+CcLxmLlARrqtMN0wgawGA1UdIwSB\\npDCBoYAUU4SqJEFm1zW+CcLxmLlARrqtMN2hfqR8MHoxCzAJBgNVBAYTAlVTMQsw\\nCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZzZXRoLXMxCjAI\\nBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkBFhFzamZkZkBs\\nc2tkamZjLmNvbYIJANZCTNN98L9ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\\nBQADgYEAY/cJsi3w6R4hF4PzAXLhGOg1tzTDYvol3w024WoehJur+qM0AY6UqtoJ\\nneCq9af32IKbbOKkoaok+t1+/tylQVF/0FXMTKepxaMbG22vr4TmN3idPUYYbPfW\\n5GkF7Hh96BjerrtiUPGuBZL50HoLZ5aR5oZUMAu7TXhOFp+vZp8=\\n-----END CERTIFICATE-----\n\",\n Url = \"http://mygameserver.local:7001/fusionauth-webhook\",\n SignatureConfiguration = new Fusionauth.Inputs.FusionAuthWebhookSignatureConfigurationArgs\n {\n Enabled = true,\n SigningKeyId = fusionauth_key.Webhook_key.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.NewFusionAuthWebhook(ctx, \"example\", &fusionauth.FusionAuthWebhookArgs{\n\t\t\tTenantIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"00000000-0000-0000-0000-000000000003\"),\n\t\t\t\tfusionauth_tenant.Example.Id,\n\t\t\t},\n\t\t\tConnectTimeout: pulumi.Int(1000),\n\t\t\tDescription: pulumi.String(\"The standard game Webhook\"),\n\t\t\tEventsEnabled: &fusionauth.FusionAuthWebhookEventsEnabledArgs{\n\t\t\t\tUserCreate: pulumi.Bool(true),\n\t\t\t\tUserDelete: pulumi.Bool(false),\n\t\t\t},\n\t\t\tGlobal: pulumi.Bool(false),\n\t\t\tHeaders: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\"bar\": pulumi.String(\"baz\"),\n\t\t\t},\n\t\t\tHttpAuthenticationPassword: pulumi.String(\"password\"),\n\t\t\tHttpAuthenticationUsername: pulumi.String(\"username\"),\n\t\t\tReadTimeout: pulumi.Int(2000),\n\t\t\tSslCertificate: pulumi.String(\" -----BEGIN CERTIFICATE-----\\\\nMIIDUjCCArugAwIBAgIJANZCTNN98L9ZMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV\\\\nBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZz\\\\nZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkB\\\\nFhFzamZkZkBsc2tkamZjLmNvbTAeFw0xNDA0MDkyMTA2MDdaFw0xNDA1MDkyMTA2\\\\nMDdaMHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVy\\\\nMQ8wDQYDVQQKEwZzZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAw\\\\nHgYJKoZIhvcNAQkBFhFzamZkZkBsc2tkamZjLmNvbTCBnzANBgkqhkiG9w0BAQEF\\\\nAAOBjQAwgYkCgYEAxnQBqyuYvjUE4aFQ6vVZU5RqHmy3KiTg2NcxELIlZztUTK3a\\\\nVFbJoBB4ixHXCCYslujthILyBjgT3F+IhSpPAcrlu8O5LVPaPCysh/SNrGNwH4lq\\\\neiW9Z5WAhRO/nG7NZNa0USPHAei6b9Sv9PxuKCY+GJfAIwlO4/bltIH06/kCAwEA\\\\nAaOB3zCB3DAdBgNVHQ4EFgQUU4SqJEFm1zW+CcLxmLlARrqtMN0wgawGA1UdIwSB\\\\npDCBoYAUU4SqJEFm1zW+CcLxmLlARrqtMN2hfqR8MHoxCzAJBgNVBAYTAlVTMQsw\\\\nCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZzZXRoLXMxCjAI\\\\nBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkBFhFzamZkZkBs\\\\nc2tkamZjLmNvbYIJANZCTNN98L9ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\\\\nBQADgYEAY/cJsi3w6R4hF4PzAXLhGOg1tzTDYvol3w024WoehJur+qM0AY6UqtoJ\\\\nneCq9af32IKbbOKkoaok+t1+/tylQVF/0FXMTKepxaMbG22vr4TmN3idPUYYbPfW\\\\n5GkF7Hh96BjerrtiUPGuBZL50HoLZ5aR5oZUMAu7TXhOFp+vZp8=\\\\n-----END CERTIFICATE-----\\n\"),\n\t\t\tUrl: pulumi.String(\"http://mygameserver.local:7001/fusionauth-webhook\"),\n\t\t\tSignatureConfiguration: &fusionauth.FusionAuthWebhookSignatureConfigurationArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tSigningKeyId: pulumi.Any(fusionauth_key.Webhook_key.Id),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionAuthWebhook;\nimport com.pulumi.fusionauth.FusionAuthWebhookArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthWebhookEventsEnabledArgs;\nimport com.pulumi.fusionauth.inputs.FusionAuthWebhookSignatureConfigurationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new FusionAuthWebhook(\"example\", FusionAuthWebhookArgs.builder()\n .tenantIds( \n \"00000000-0000-0000-0000-000000000003\",\n fusionauth_tenant.example().id())\n .connectTimeout(1000)\n .description(\"The standard game Webhook\")\n .eventsEnabled(FusionAuthWebhookEventsEnabledArgs.builder()\n .userCreate(true)\n .userDelete(false)\n .build())\n .global(false)\n .headers(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"bar\", \"baz\")\n ))\n .httpAuthenticationPassword(\"password\")\n .httpAuthenticationUsername(\"username\")\n .readTimeout(2000)\n .sslCertificate(\"\"\"\n -----BEGIN CERTIFICATE-----\\nMIIDUjCCArugAwIBAgIJANZCTNN98L9ZMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV\\nBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZz\\nZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkB\\nFhFzamZkZkBsc2tkamZjLmNvbTAeFw0xNDA0MDkyMTA2MDdaFw0xNDA1MDkyMTA2\\nMDdaMHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVy\\nMQ8wDQYDVQQKEwZzZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAw\\nHgYJKoZIhvcNAQkBFhFzamZkZkBsc2tkamZjLmNvbTCBnzANBgkqhkiG9w0BAQEF\\nAAOBjQAwgYkCgYEAxnQBqyuYvjUE4aFQ6vVZU5RqHmy3KiTg2NcxELIlZztUTK3a\\nVFbJoBB4ixHXCCYslujthILyBjgT3F+IhSpPAcrlu8O5LVPaPCysh/SNrGNwH4lq\\neiW9Z5WAhRO/nG7NZNa0USPHAei6b9Sv9PxuKCY+GJfAIwlO4/bltIH06/kCAwEA\\nAaOB3zCB3DAdBgNVHQ4EFgQUU4SqJEFm1zW+CcLxmLlARrqtMN0wgawGA1UdIwSB\\npDCBoYAUU4SqJEFm1zW+CcLxmLlARrqtMN2hfqR8MHoxCzAJBgNVBAYTAlVTMQsw\\nCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZzZXRoLXMxCjAI\\nBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkBFhFzamZkZkBs\\nc2tkamZjLmNvbYIJANZCTNN98L9ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\\nBQADgYEAY/cJsi3w6R4hF4PzAXLhGOg1tzTDYvol3w024WoehJur+qM0AY6UqtoJ\\nneCq9af32IKbbOKkoaok+t1+/tylQVF/0FXMTKepxaMbG22vr4TmN3idPUYYbPfW\\n5GkF7Hh96BjerrtiUPGuBZL50HoLZ5aR5oZUMAu7TXhOFp+vZp8=\\n-----END CERTIFICATE-----\n \"\"\")\n .url(\"http://mygameserver.local:7001/fusionauth-webhook\")\n .signatureConfiguration(FusionAuthWebhookSignatureConfigurationArgs.builder()\n .enabled(true)\n .signingKeyId(fusionauth_key.webhook_key().id())\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: fusionauth:FusionAuthWebhook\n properties:\n tenantIds:\n - 00000000-0000-0000-0000-000000000003\n - ${fusionauth_tenant.example.id}\n connectTimeout: 1000\n description: The standard game Webhook\n eventsEnabled:\n userCreate: true\n userDelete: false\n global: false\n headers:\n foo: bar\n bar: baz\n httpAuthenticationPassword: password\n httpAuthenticationUsername: username\n readTimeout: 2000\n sslCertificate: |2\n -----BEGIN CERTIFICATE-----\\nMIIDUjCCArugAwIBAgIJANZCTNN98L9ZMA0GCSqGSIb3DQEBBQUAMHoxCzAJBgNV\\nBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZz\\nZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkB\\nFhFzamZkZkBsc2tkamZjLmNvbTAeFw0xNDA0MDkyMTA2MDdaFw0xNDA1MDkyMTA2\\nMDdaMHoxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVy\\nMQ8wDQYDVQQKEwZzZXRoLXMxCjAIBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAw\\nHgYJKoZIhvcNAQkBFhFzamZkZkBsc2tkamZjLmNvbTCBnzANBgkqhkiG9w0BAQEF\\nAAOBjQAwgYkCgYEAxnQBqyuYvjUE4aFQ6vVZU5RqHmy3KiTg2NcxELIlZztUTK3a\\nVFbJoBB4ixHXCCYslujthILyBjgT3F+IhSpPAcrlu8O5LVPaPCysh/SNrGNwH4lq\\neiW9Z5WAhRO/nG7NZNa0USPHAei6b9Sv9PxuKCY+GJfAIwlO4/bltIH06/kCAwEA\\nAaOB3zCB3DAdBgNVHQ4EFgQUU4SqJEFm1zW+CcLxmLlARrqtMN0wgawGA1UdIwSB\\npDCBoYAUU4SqJEFm1zW+CcLxmLlARrqtMN2hfqR8MHoxCzAJBgNVBAYTAlVTMQsw\\nCQYDVQQIEwJDTzEPMA0GA1UEBxMGZGVudmVyMQ8wDQYDVQQKEwZzZXRoLXMxCjAI\\nBgNVBAsTAXMxDjAMBgNVBAMTBWludmVyMSAwHgYJKoZIhvcNAQkBFhFzamZkZkBs\\nc2tkamZjLmNvbYIJANZCTNN98L9ZMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEF\\nBQADgYEAY/cJsi3w6R4hF4PzAXLhGOg1tzTDYvol3w024WoehJur+qM0AY6UqtoJ\\nneCq9af32IKbbOKkoaok+t1+/tylQVF/0FXMTKepxaMbG22vr4TmN3idPUYYbPfW\\n5GkF7Hh96BjerrtiUPGuBZL50HoLZ5aR5oZUMAu7TXhOFp+vZp8=\\n-----END CERTIFICATE-----\n url: http://mygameserver.local:7001/fusionauth-webhook\n signatureConfiguration:\n enabled: true\n signingKeyId: ${fusionauth_key.webhook_key.id}\n```\n\n", "properties": { "connectTimeout": { "type": "integer", "description": "The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Webhook that should be persisted.\n" }, "description": { "type": "string", "description": "A description of the Webhook. This is used for display purposes only.\n" }, "eventsEnabled": { "$ref": "#/types/fusionauth:index%2FFusionAuthWebhookEventsEnabled:FusionAuthWebhookEventsEnabled", "description": "A mapping for the events that are enabled for this Webhook.\n" }, "global": { "type": "boolean", "description": "Whether or not this Webhook is used for all events or just for specific Applications.\n" }, "headers": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that contains headers that are sent as part of the HTTP request for the events.\n" }, "httpAuthenticationPassword": { "type": "string", "description": "The HTTP basic authentication password that is sent as part of the HTTP request for the events.\n", "secret": true }, "httpAuthenticationUsername": { "type": "string", "description": "The HTTP basic authentication username that is sent as part of the HTTP request for the events.\n", "secret": true }, "readTimeout": { "type": "integer", "description": "The read timeout in milliseconds used when FusionAuth sends events to the Webhook.\n" }, "signatureConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthWebhookSignatureConfiguration:FusionAuthWebhookSignatureConfiguration", "description": "Configuration for webhook signing\n" }, "sslCertificate": { "type": "string", "description": "An SSL certificate in PEM format that is used to establish the a SSL (TLS specifically) connection to the Webhook.\n" }, "sslCertificateKeyId": { "type": "string", "description": "The Id of an existing Key. The X.509 certificate is used for client certificate authentication in requests to the Webhook.\n" }, "tenantIds": { "type": "array", "items": { "type": "string" }, "description": "The Ids of the tenants that this Webhook should be associated with. If no Ids are specified and the global field is false, this Webhook will not be used.\n" }, "url": { "type": "string", "description": "The fully qualified URL of the Webhook’s endpoint that will accept the event requests from FusionAuth.\n" }, "webhookId": { "type": "string", "description": "The Id to use for the new Webhook. If not specified a secure random UUID will be generated.\n" } }, "type": "object", "required": [ "connectTimeout", "readTimeout", "url", "webhookId" ], "inputProperties": { "connectTimeout": { "type": "integer", "description": "The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Webhook that should be persisted.\n" }, "description": { "type": "string", "description": "A description of the Webhook. This is used for display purposes only.\n" }, "eventsEnabled": { "$ref": "#/types/fusionauth:index%2FFusionAuthWebhookEventsEnabled:FusionAuthWebhookEventsEnabled", "description": "A mapping for the events that are enabled for this Webhook.\n" }, "global": { "type": "boolean", "description": "Whether or not this Webhook is used for all events or just for specific Applications.\n" }, "headers": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that contains headers that are sent as part of the HTTP request for the events.\n" }, "httpAuthenticationPassword": { "type": "string", "description": "The HTTP basic authentication password that is sent as part of the HTTP request for the events.\n", "secret": true }, "httpAuthenticationUsername": { "type": "string", "description": "The HTTP basic authentication username that is sent as part of the HTTP request for the events.\n", "secret": true }, "readTimeout": { "type": "integer", "description": "The read timeout in milliseconds used when FusionAuth sends events to the Webhook.\n" }, "signatureConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthWebhookSignatureConfiguration:FusionAuthWebhookSignatureConfiguration", "description": "Configuration for webhook signing\n" }, "sslCertificate": { "type": "string", "description": "An SSL certificate in PEM format that is used to establish the a SSL (TLS specifically) connection to the Webhook.\n" }, "sslCertificateKeyId": { "type": "string", "description": "The Id of an existing Key. The X.509 certificate is used for client certificate authentication in requests to the Webhook.\n" }, "tenantIds": { "type": "array", "items": { "type": "string" }, "description": "The Ids of the tenants that this Webhook should be associated with. If no Ids are specified and the global field is false, this Webhook will not be used.\n" }, "url": { "type": "string", "description": "The fully qualified URL of the Webhook’s endpoint that will accept the event requests from FusionAuth.\n" }, "webhookId": { "type": "string", "description": "The Id to use for the new Webhook. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true } }, "requiredInputs": [ "connectTimeout", "readTimeout", "url" ], "stateInputs": { "description": "Input properties used for looking up and filtering FusionAuthWebhook resources.\n", "properties": { "connectTimeout": { "type": "integer", "description": "The connection timeout in milliseconds used when FusionAuth sends events to the Webhook.\n" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Webhook that should be persisted.\n" }, "description": { "type": "string", "description": "A description of the Webhook. This is used for display purposes only.\n" }, "eventsEnabled": { "$ref": "#/types/fusionauth:index%2FFusionAuthWebhookEventsEnabled:FusionAuthWebhookEventsEnabled", "description": "A mapping for the events that are enabled for this Webhook.\n" }, "global": { "type": "boolean", "description": "Whether or not this Webhook is used for all events or just for specific Applications.\n" }, "headers": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that contains headers that are sent as part of the HTTP request for the events.\n" }, "httpAuthenticationPassword": { "type": "string", "description": "The HTTP basic authentication password that is sent as part of the HTTP request for the events.\n", "secret": true }, "httpAuthenticationUsername": { "type": "string", "description": "The HTTP basic authentication username that is sent as part of the HTTP request for the events.\n", "secret": true }, "readTimeout": { "type": "integer", "description": "The read timeout in milliseconds used when FusionAuth sends events to the Webhook.\n" }, "signatureConfiguration": { "$ref": "#/types/fusionauth:index%2FFusionAuthWebhookSignatureConfiguration:FusionAuthWebhookSignatureConfiguration", "description": "Configuration for webhook signing\n" }, "sslCertificate": { "type": "string", "description": "An SSL certificate in PEM format that is used to establish the a SSL (TLS specifically) connection to the Webhook.\n" }, "sslCertificateKeyId": { "type": "string", "description": "The Id of an existing Key. The X.509 certificate is used for client certificate authentication in requests to the Webhook.\n" }, "tenantIds": { "type": "array", "items": { "type": "string" }, "description": "The Ids of the tenants that this Webhook should be associated with. If no Ids are specified and the global field is false, this Webhook will not be used.\n" }, "url": { "type": "string", "description": "The fully qualified URL of the Webhook’s endpoint that will accept the event requests from FusionAuth.\n" }, "webhookId": { "type": "string", "description": "The Id to use for the new Webhook. If not specified a secure random UUID will be generated.\n", "willReplaceOnChanges": true } }, "type": "object" } } }, "functions": { "fusionauth:index/getApplication:getApplication": { "description": "## # Application Resource\n\n[Applications API](https://fusionauth.io/docs/v1/tech/apis/applications)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"@pulumi/fusionauth\";\n\nconst fusionAuth = fusionauth.getApplication({\n name: \"FusionAuth\",\n});\n```\n```python\nimport pulumi\nimport pulumi_fusionauth as fusionauth\n\nfusion_auth = fusionauth.get_application(name=\"FusionAuth\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = Pulumi.Fusionauth;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fusionAuth = Fusionauth.GetApplication.Invoke(new()\n {\n Name = \"FusionAuth\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.GetApplication(ctx, \u0026fusionauth.GetApplicationArgs{\n\t\t\tName: \"FusionAuth\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionauthFunctions;\nimport com.pulumi.fusionauth.inputs.GetApplicationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var fusionAuth = FusionauthFunctions.getApplication(GetApplicationArgs.builder()\n .name(\"FusionAuth\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n fusionAuth:\n fn::invoke:\n function: fusionauth:getApplication\n arguments:\n name: FusionAuth\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getApplication.\n", "properties": { "name": { "type": "string", "description": "The name of the Application.\n", "willReplaceOnChanges": true } }, "type": "object", "required": [ "name" ] }, "outputs": { "description": "A collection of values returned by getApplication.\n", "properties": { "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "name": { "type": "string" }, "tenantId": { "type": "string" }, "webauthnConfigurations": { "items": { "$ref": "#/types/fusionauth:index%2FgetApplicationWebauthnConfiguration:getApplicationWebauthnConfiguration" }, "type": "array" } }, "required": [ "id", "name", "tenantId", "webauthnConfigurations" ], "type": "object" } }, "fusionauth:index/getApplicationOAuthScope:getApplicationOAuthScope": { "description": "## # Application OAuth Scope Resource\n\nThe Application OAuth Scope resource allows you to define the scopes that an application can request when using OAuth.\n\n[Application OAuth Scope API](https://fusionauth.io/docs/apis/scopes)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"@pulumi/fusionauth\";\n\nconst this = fusionauth.getApplicationOAuthScope({\n applicationId: data.fusionauth_application[\"this\"].id,\n name: \"data:read\",\n});\n```\n```python\nimport pulumi\nimport pulumi_fusionauth as fusionauth\n\nthis = fusionauth.get_application_o_auth_scope(application_id=data[\"fusionauth_application\"][\"this\"][\"id\"],\n name=\"data:read\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = Pulumi.Fusionauth;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @this = Fusionauth.GetApplicationOAuthScope.Invoke(new()\n {\n ApplicationId = data.Fusionauth_application.This.Id,\n Name = \"data:read\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.GetApplicationOAuthScope(ctx, \u0026fusionauth.GetApplicationOAuthScopeArgs{\n\t\t\tApplicationId: data.Fusionauth_application.This.Id,\n\t\t\tName: \"data:read\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionauthFunctions;\nimport com.pulumi.fusionauth.inputs.GetApplicationOAuthScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var this = FusionauthFunctions.getApplicationOAuthScope(GetApplicationOAuthScopeArgs.builder()\n .applicationId(data.fusionauth_application().this().id())\n .name(\"data:read\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n this:\n fn::invoke:\n function: fusionauth:getApplicationOAuthScope\n arguments:\n applicationId: ${data.fusionauth_application.this.id}\n name: data:read\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getApplicationOAuthScope.\n", "properties": { "applicationId": { "type": "string", "description": "ID of the application that this role is for.\n" }, "name": { "type": "string", "description": "The name of the Role.\n", "willReplaceOnChanges": true } }, "type": "object", "required": [ "applicationId", "name" ] }, "outputs": { "description": "A collection of values returned by getApplicationOAuthScope.\n", "properties": { "applicationId": { "type": "string" }, "data": { "additionalProperties": { "type": "string" }, "description": "(Optional) An object that can hold any information about the OAuth Scope that should be persisted.\n", "type": "object" }, "defaultConsentDetail": { "description": "(Optional) \"The default detail to display on the OAuth consent screen if one cannot be found in the theme.\n", "type": "string" }, "defaultConsentMessage": { "description": "(Optional) The default message to display on the OAuth consent screen if one cannot be found in the theme.\n", "type": "string" }, "description": { "description": "(Optional) A description of the OAuth Scope. This is used for display purposes only.\n", "type": "string" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "name": { "type": "string" }, "required": { "description": "(Optional) Determines if the OAuth Scope is required when requested in an OAuth workflow.\n", "type": "boolean" }, "scopeId": { "description": "(Optional) The Id to use for the new OAuth Scope. If not specified a secure random UUID will be generated.\n", "type": "string" } }, "required": [ "applicationId", "data", "defaultConsentDetail", "defaultConsentMessage", "description", "id", "name", "required", "scopeId" ], "type": "object" } }, "fusionauth:index/getApplicationRole:getApplicationRole": { "description": "## # Application Role Resource\n\nThis Resource is used to create a role for an Application.\n\n[Application Roles API](https://fusionauth.io/docs/v1/tech/apis/applications)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"@pulumi/fusionauth\";\n\nconst admin = fusionauth.getApplicationRole({\n applicationId: data.fusionauth_application.FusionAuth.id,\n name: \"admin\",\n});\n```\n```python\nimport pulumi\nimport pulumi_fusionauth as fusionauth\n\nadmin = fusionauth.get_application_role(application_id=data[\"fusionauth_application\"][\"FusionAuth\"][\"id\"],\n name=\"admin\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = Pulumi.Fusionauth;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Fusionauth.GetApplicationRole.Invoke(new()\n {\n ApplicationId = data.Fusionauth_application.FusionAuth.Id,\n Name = \"admin\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.GetApplicationRole(ctx, \u0026fusionauth.GetApplicationRoleArgs{\n\t\t\tApplicationId: data.Fusionauth_application.FusionAuth.Id,\n\t\t\tName: \"admin\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionauthFunctions;\nimport com.pulumi.fusionauth.inputs.GetApplicationRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = FusionauthFunctions.getApplicationRole(GetApplicationRoleArgs.builder()\n .applicationId(data.fusionauth_application().FusionAuth().id())\n .name(\"admin\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n admin:\n fn::invoke:\n function: fusionauth:getApplicationRole\n arguments:\n applicationId: ${data.fusionauth_application.FusionAuth.id}\n name: admin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getApplicationRole.\n", "properties": { "applicationId": { "type": "string", "description": "ID of the application that this role is for.\n", "willReplaceOnChanges": true }, "name": { "type": "string", "description": "The name of the Role.\n", "willReplaceOnChanges": true } }, "type": "object", "required": [ "applicationId", "name" ] }, "outputs": { "description": "A collection of values returned by getApplicationRole.\n", "properties": { "applicationId": { "type": "string" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "name": { "type": "string" } }, "required": [ "applicationId", "id", "name" ], "type": "object" } }, "fusionauth:index/getEMail:getEMail": { "description": "## # Email Resource\n\nThis data source is used to fetch information about a specific Email Template.\n\n[Emails API](https://fusionauth.io/docs/v1/tech/apis/emails)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"@pulumi/fusionauth\";\n\nconst defaultBreachedPassword = fusionauth.getEMail({\n name: \"[FusionAuth Default] Breached Password Notification\",\n});\n```\n```python\nimport pulumi\nimport pulumi_fusionauth as fusionauth\n\ndefault_breached_password = fusionauth.get_e_mail(name=\"[FusionAuth Default] Breached Password Notification\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = Pulumi.Fusionauth;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultBreachedPassword = Fusionauth.GetEMail.Invoke(new()\n {\n Name = \"[FusionAuth Default] Breached Password Notification\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.GetEMail(ctx, \u0026fusionauth.GetEMailArgs{\n\t\t\tName: \"[FusionAuth Default] Breached Password Notification\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionauthFunctions;\nimport com.pulumi.fusionauth.inputs.GetEMailArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var defaultBreachedPassword = FusionauthFunctions.getEMail(GetEMailArgs.builder()\n .name(\"[FusionAuth Default] Breached Password Notification\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n defaultBreachedPassword:\n fn::invoke:\n function: fusionauth:getEMail\n arguments:\n name: '[FusionAuth Default] Breached Password Notification'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getEMail.\n", "properties": { "fromEmail": { "type": "string", "description": "The email address that this email will be sent from.\n" }, "name": { "type": "string", "description": "The name of the Email Template.\n" } }, "type": "object", "required": [ "name" ] }, "outputs": { "description": "A collection of values returned by getEMail.\n", "properties": { "defaultFromName": { "description": "The default From Name used when sending emails.\n", "type": "string" }, "defaultHtmlTemplate": { "description": "The default HTML Email Template.\n", "type": "string" }, "defaultSubject": { "description": "The default Subject used when sending emails.\n", "type": "string" }, "defaultTextTemplate": { "description": "The default Text Email Template.\n", "type": "string" }, "fromEmail": { "description": "The email address that this email will be sent from.\n", "type": "string" }, "id": { "description": "The Id of the Email Template.\n", "type": "string" }, "localizedFromNames": { "additionalProperties": { "type": "string" }, "description": "The From Name used when sending emails to users who speak other languages.\n", "type": "object" }, "localizedHtmlTemplates": { "additionalProperties": { "type": "string" }, "description": "The HTML Email Template used when sending emails to users who speak other languages.\n", "type": "object" }, "localizedSubjects": { "additionalProperties": { "type": "string" }, "description": "The Subject used when sending emails to users who speak other languages.\n", "type": "object" }, "localizedTextTemplates": { "additionalProperties": { "type": "string" }, "description": "The Text Email Template used when sending emails to users who speak other languages.\n", "type": "object" }, "name": { "type": "string" } }, "required": [ "defaultFromName", "defaultHtmlTemplate", "defaultSubject", "defaultTextTemplate", "id", "localizedFromNames", "localizedHtmlTemplates", "localizedSubjects", "localizedTextTemplates", "name" ], "type": "object" } }, "fusionauth:index/getForm:getForm": { "description": "## # Form Resource\n\nA FusionAuth Form is a customizable object that contains one-to-many ordered steps. Each step is comprised of one or more Form Fields.\n\n[Forms API](https://fusionauth.io/docs/v1/tech/apis/forms)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"@pulumi/fusionauth\";\n\nconst default = fusionauth.getForm({\n name: \"Default User Self Service provided by FusionAuth\",\n});\n```\n```python\nimport pulumi\nimport pulumi_fusionauth as fusionauth\n\ndefault = fusionauth.get_form(name=\"Default User Self Service provided by FusionAuth\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = Pulumi.Fusionauth;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Fusionauth.GetForm.Invoke(new()\n {\n Name = \"Default User Self Service provided by FusionAuth\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.GetForm(ctx, \u0026fusionauth.GetFormArgs{\n\t\t\tName: pulumi.StringRef(\"Default User Self Service provided by FusionAuth\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionauthFunctions;\nimport com.pulumi.fusionauth.inputs.GetFormArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = FusionauthFunctions.getForm(GetFormArgs.builder()\n .name(\"Default User Self Service provided by FusionAuth\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: fusionauth:getForm\n arguments:\n name: Default User Self Service provided by FusionAuth\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getForm.\n", "properties": { "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Form that should be persisted.\n" }, "formId": { "type": "string", "description": "The unique id of the Form. Either `form_id` or `name` must be specified.\n" }, "name": { "type": "string", "description": "The name of the Form. Either `form_id` or `name` must be specified.\n" }, "steps": { "type": "array", "items": { "$ref": "#/types/fusionauth:index%2FgetFormStep:getFormStep" }, "description": "An ordered list of objects containing one or more Form Fields.\n" }, "type": { "type": "string", "description": "The form type. The possible values are:\n* `adminRegistration` - This form be used to customize the add and edit User Registration form in the FusionAuth UI.\n* `adminUser` - This form can be used to customize the add and edit User form in the FusionAuth UI.\n", "willReplaceOnChanges": true } }, "type": "object" }, "outputs": { "description": "A collection of values returned by getForm.\n", "properties": { "data": { "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Form that should be persisted.\n", "type": "object" }, "formId": { "type": "string" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "name": { "description": "The unique name of the Form.\n", "type": "string" }, "steps": { "description": "An ordered list of objects containing one or more Form Fields.\n", "items": { "$ref": "#/types/fusionauth:index%2FgetFormStep:getFormStep" }, "type": "array" }, "type": { "description": "The form type. The possible values are:\n* `adminRegistration` - This form be used to customize the add and edit User Registration form in the FusionAuth UI.\n* `adminUser` - This form can be used to customize the add and edit User form in the FusionAuth UI.\n", "type": "string" } }, "required": [ "formId", "id" ], "type": "object" } }, "fusionauth:index/getFormField:getFormField": { "description": "## # Form Field Resource\n\nA FusionAuth Form Field is an object that can be customized to receive input within a FusionAuth [Form](https://fusionauth.io/docs/v1/tech/apis/forms).\n\n[Form Field API](https://fusionauth.io/docs/v1/tech/apis/form-fields)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"@pulumi/fusionauth\";\n\nconst default = fusionauth.getFormField({\n name: \"Email\",\n});\n```\n```python\nimport pulumi\nimport pulumi_fusionauth as fusionauth\n\ndefault = fusionauth.get_form_field(name=\"Email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = Pulumi.Fusionauth;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Fusionauth.GetFormField.Invoke(new()\n {\n Name = \"Email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.GetFormField(ctx, \u0026fusionauth.GetFormFieldArgs{\n\t\t\tName: pulumi.StringRef(\"Email\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionauthFunctions;\nimport com.pulumi.fusionauth.inputs.GetFormFieldArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = FusionauthFunctions.getFormField(GetFormFieldArgs.builder()\n .name(\"Email\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: fusionauth:getFormField\n arguments:\n name: Email\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getFormField.\n", "properties": { "confirm": { "type": "boolean", "description": "Determines if the user input should be confirmed by requiring the value to be entered twice.\n- consent_id\n- control\n" }, "consentId": { "type": "string" }, "control": { "type": "string" }, "data": { "type": "object", "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Form Field that should be persisted.\n- description\n- key\n" }, "description": { "type": "string" }, "formFieldId": { "type": "string", "description": "The unique id of the Form Field. Either `form_field_id` or `name` must be specified.\n" }, "key": { "type": "string", "willReplaceOnChanges": true }, "name": { "type": "string", "description": "The name of the Form field. Either `form_field_id` or `name` must be specified.\n" }, "options": { "type": "array", "items": { "type": "string" }, "description": "A list of options that are applied to checkbox, radio, or select controls.\n" }, "required": { "type": "boolean", "description": "Determines if a value is required to complete the form.\n" }, "type": { "type": "string", "description": "The form field type. The possible values are:\n" }, "validator": { "$ref": "#/types/fusionauth:index%2FgetFormFieldValidator:getFormFieldValidator" } }, "type": "object" }, "outputs": { "description": "A collection of values returned by getFormField.\n", "properties": { "confirm": { "description": "Determines if the user input should be confirmed by requiring the value to be entered twice.\n- consent_id\n- control\n", "type": "boolean" }, "consentId": { "type": "string" }, "control": { "type": "string" }, "data": { "additionalProperties": { "type": "string" }, "description": "An object that can hold any information about the Form Field that should be persisted.\n- description\n- key\n", "type": "object" }, "description": { "type": "string" }, "formFieldId": { "type": "string" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "key": { "type": "string" }, "name": { "description": "The unique name of the Form Field.\n", "type": "string" }, "options": { "description": "A list of options that are applied to checkbox, radio, or select controls.\n", "items": { "type": "string" }, "type": "array" }, "required": { "description": "Determines if a value is required to complete the form.\n", "type": "boolean" }, "type": { "description": "The form field type. The possible values are:\n", "type": "string" }, "validator": { "$ref": "#/types/fusionauth:index%2FgetFormFieldValidator:getFormFieldValidator" } }, "required": [ "control", "formFieldId", "id", "validator" ], "type": "object" } }, "fusionauth:index/getIdp:getIdp": { "description": "## # Application Resource\n\n[Identity Providers API](https://fusionauth.io/docs/v1/tech/apis/identity-providers/)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"@pulumi/fusionauth\";\n\nconst fusionAuth = fusionauth.getIdp({\n name: \"Apple\",\n type: \"Apple\",\n});\n```\n```python\nimport pulumi\nimport pulumi_fusionauth as fusionauth\n\nfusion_auth = fusionauth.get_idp(name=\"Apple\",\n type=\"Apple\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = Pulumi.Fusionauth;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fusionAuth = Fusionauth.GetIdp.Invoke(new()\n {\n Name = \"Apple\",\n Type = \"Apple\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.GetIdp(ctx, \u0026fusionauth.GetIdpArgs{\n\t\t\tName: \"Apple\",\n\t\t\tType: \"Apple\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionauthFunctions;\nimport com.pulumi.fusionauth.inputs.GetIdpArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var fusionAuth = FusionauthFunctions.getIdp(GetIdpArgs.builder()\n .name(\"Apple\")\n .type(\"Apple\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n fusionAuth:\n fn::invoke:\n function: fusionauth:getIdp\n arguments:\n name: Apple\n type: Apple\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getIdp.\n", "properties": { "name": { "type": "string", "description": "The name of the identity provider. This is only used for display purposes. Will be the type for types: `Apple`, `Facebook`, `Google`, `HYPR`, `Twitter`\n", "willReplaceOnChanges": true }, "type": { "type": "string", "description": "The type of the identity provider.\n", "willReplaceOnChanges": true } }, "type": "object", "required": [ "name", "type" ] }, "outputs": { "description": "A collection of values returned by getIdp.\n", "properties": { "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "name": { "type": "string" }, "type": { "type": "string" } }, "required": [ "id", "name", "type" ], "type": "object" } }, "fusionauth:index/getLambda:getLambda": { "description": "## # Lambda Resource\n\nLambdas are user defined JavaScript functions that may be executed at runtime to perform various functions. Lambdas may be used to customize the claims returned in a JWT, reconcile a SAML v2 response or an OpenID Connect response when using these external identity providers.\n\n[Lambdas API](https://fusionauth.io/docs/v1/tech/apis/lambdas)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"@pulumi/fusionauth\";\n\nconst defaultGoogleReconcile = fusionauth.getLambda({\n name: \"Default Google Reconcile provided by FusionAuth\",\n type: \"GoogleReconcile\",\n});\n```\n```python\nimport pulumi\nimport pulumi_fusionauth as fusionauth\n\ndefault_google_reconcile = fusionauth.get_lambda(name=\"Default Google Reconcile provided by FusionAuth\",\n type=\"GoogleReconcile\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = Pulumi.Fusionauth;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var defaultGoogleReconcile = Fusionauth.GetLambda.Invoke(new()\n {\n Name = \"Default Google Reconcile provided by FusionAuth\",\n Type = \"GoogleReconcile\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.GetLambda(ctx, \u0026fusionauth.GetLambdaArgs{\n\t\t\tName: pulumi.StringRef(\"Default Google Reconcile provided by FusionAuth\"),\n\t\t\tType: \"GoogleReconcile\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionauthFunctions;\nimport com.pulumi.fusionauth.inputs.GetLambdaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var defaultGoogleReconcile = FusionauthFunctions.getLambda(GetLambdaArgs.builder()\n .name(\"Default Google Reconcile provided by FusionAuth\")\n .type(\"GoogleReconcile\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n defaultGoogleReconcile:\n fn::invoke:\n function: fusionauth:getLambda\n arguments:\n name: Default Google Reconcile provided by FusionAuth\n type: GoogleReconcile\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getLambda.\n", "properties": { "id": { "type": "string", "description": "The ID of the Lambda. At least one of `id` or `name` must be specified.\n", "willReplaceOnChanges": true }, "name": { "type": "string", "description": "The name of the Lambda. At least one of `id` or `name` must be specified.\n", "willReplaceOnChanges": true }, "type": { "type": "string", "description": "The Lambda type. The possible values are:\n* `AppleReconcile`\n* `ClientCredentialsJWTPopulate`\n* `EpicGamesReconcile`\n* `ExternalJWTReconcile`\n* `FacebookReconcile`\n* `GoogleReconcile`\n* `HYPRReconcile`\n* `JWTPopulate`\n* `LDAPConnectorReconcile`\n* `LinkedInReconcile`\n* `LoginValidation`\n* `NintendoReconcile`\n* `OpenIDReconcile`\n* `SAMLv2Populate`\n* `SAMLv2Reconcile`\n* `SCIMServerGroupRequestConverter`\n* `SCIMServerGroupResponseConverter`\n* `SCIMServerUserRequestConverter`\n* `SCIMServerUserResponseConverter`\n* `SelfServiceRegistrationValidation`\n* `SonyPSNReconcile`\n* `SteamReconcile`\n* `TwitchReconcile`\n* `TwitterReconcile`\n* `UserInfoPopulate`\n* `XboxReconcile`\n", "willReplaceOnChanges": true } }, "type": "object", "required": [ "type" ] }, "outputs": { "description": "A collection of values returned by getLambda.\n", "properties": { "body": { "description": "The lambda function body, a JavaScript function.\n", "type": "string" }, "debug": { "description": "Whether or not debug event logging is enabled for this Lambda.\n", "type": "boolean" }, "id": { "type": "string" }, "name": { "type": "string" }, "type": { "type": "string" } }, "required": [ "body", "debug", "id", "type" ], "type": "object" } }, "fusionauth:index/getTenant:getTenant": { "description": "## # Tenant Resource\n\nA FusionAuth Tenant is a named object that represents a discrete namespace for Users, Applications and Groups. A user is unique by email address or username within a tenant.\n\nTenants may be useful to support a multi-tenant application where you wish to use a single instance of FusionAuth but require the ability to have duplicate users across the tenants in your own application. In this scenario a user may exist multiple times with the same email address and different passwords across tenants.\n\nTenants may also be useful in a test or staging environment to allow multiple users to call APIs and create and modify users without possibility of collision.\n\n[Tenants API](https://fusionauth.io/docs/v1/tech/apis/tenants)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"@pulumi/fusionauth\";\n\nconst default = fusionauth.getTenant({\n name: \"Default\",\n});\n```\n```python\nimport pulumi\nimport pulumi_fusionauth as fusionauth\n\ndefault = fusionauth.get_tenant(name=\"Default\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = Pulumi.Fusionauth;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Fusionauth.GetTenant.Invoke(new()\n {\n Name = \"Default\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.GetTenant(ctx, \u0026fusionauth.GetTenantArgs{\n\t\t\tName: \"Default\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionauthFunctions;\nimport com.pulumi.fusionauth.inputs.GetTenantArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = FusionauthFunctions.getTenant(GetTenantArgs.builder()\n .name(\"Default\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n default:\n fn::invoke:\n function: fusionauth:getTenant\n arguments:\n name: Default\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getTenant.\n", "properties": { "name": { "type": "string", "description": "The name of the Tenant.\n", "willReplaceOnChanges": true } }, "type": "object", "required": [ "name" ] }, "outputs": { "description": "A collection of values returned by getTenant.\n", "properties": { "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "name": { "type": "string" } }, "required": [ "id", "name" ], "type": "object" } }, "fusionauth:index/getUser:getUser": { "description": "## # User Data Source\n\nThis data source can be used to fetch information about a specific user.\n\n[Users API](https://fusionauth.io/docs/v1/tech/apis/users)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"@pulumi/fusionauth\";\n\nconst example = fusionauth.getUser({\n username: \"foo@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_fusionauth as fusionauth\n\nexample = fusionauth.get_user(username=\"foo@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = Pulumi.Fusionauth;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = Fusionauth.GetUser.Invoke(new()\n {\n Username = \"foo@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.GetUser(ctx, \u0026fusionauth.GetUserArgs{\n\t\t\tUsername: pulumi.StringRef(\"foo@example.com\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionauthFunctions;\nimport com.pulumi.fusionauth.inputs.GetUserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var example = FusionauthFunctions.getUser(GetUserArgs.builder()\n .username(\"foo@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n example:\n fn::invoke:\n function: fusionauth:getUser\n arguments:\n username: foo@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getUser.\n", "properties": { "tenantId": { "type": "string", "description": "The Id of the tenant used to scope this API request.\n" }, "userId": { "type": "string", "description": "The Id of the user. Either `user_id` or `username` must be specified.\n" }, "username": { "type": "string", "description": "The username of the user. Either `user_id` or `username` must be specified.\n" } }, "type": "object" }, "outputs": { "description": "A collection of values returned by getUser.\n", "properties": { "active": { "description": "True if the user is active. False if the user has been deactivated. Deactivated users will not be able to login.\n", "type": "boolean" }, "birthDate": { "description": "An ISO-8601 formatted date of the user’s birthdate such as YYYY-MM-DD.\n", "type": "string" }, "data": { "description": "A JSON serialised string that can hold any information about the user.\n", "type": "string" }, "email": { "description": "The user’s email address.\n", "type": "string" }, "expiry": { "description": "The expiration instant of the user’s account. An expired user is not permitted to login.\n", "type": "integer" }, "firstName": { "description": "The first name of the user.\n", "type": "string" }, "fullName": { "description": "The user’s full name.\n", "type": "string" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "imageUrl": { "description": "The URL that points to an image file that is the user’s profile image.\n", "type": "string" }, "lastName": { "description": "The user’s last name.\n", "type": "string" }, "middleName": { "description": "The user’s middle name.\n", "type": "string" }, "mobilePhone": { "description": "The user’s mobile phone number.\n", "type": "string" }, "parentEmail": { "description": "The email address of the user’s parent or guardian.\n", "type": "string" }, "passwordChangeRequired": { "description": "Indicates that the user’s password needs to be changed during their next login attempt.\n", "type": "boolean" }, "preferredLanguages": { "description": "An array of locale strings that give, in order, the user’s preferred languages.\n", "items": { "type": "string" }, "type": "array" }, "tenantId": { "type": "string" }, "timezone": { "description": "The user’s preferred timezone.\n", "type": "string" }, "userId": { "type": "string" }, "username": { "type": "string" }, "usernameStatus": { "description": "The current status of the username. This is used if you are moderating usernames via CleanSpeak.\n", "type": "string" } }, "required": [ "active", "birthDate", "data", "email", "expiry", "firstName", "fullName", "id", "imageUrl", "lastName", "middleName", "mobilePhone", "parentEmail", "passwordChangeRequired", "preferredLanguages", "tenantId", "timezone", "userId", "username", "usernameStatus" ], "type": "object" } }, "fusionauth:index/getUserGroupMembership:getUserGroupMembership": { "description": "## # User Group Membership Resource\n\n[User Group Membership API](https://fusionauth.io/docs/apis/groups#request-5)\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fusionauth from \"@pulumi/fusionauth\";\n\nconst this = fusionauth.getUserGroupMembership({\n groupId: fusionauth_group[\"this\"].id,\n userId: fusionauth_user[\"this\"].id,\n});\n```\n```python\nimport pulumi\nimport pulumi_fusionauth as fusionauth\n\nthis = fusionauth.get_user_group_membership(group_id=fusionauth_group[\"this\"][\"id\"],\n user_id=fusionauth_user[\"this\"][\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Fusionauth = Pulumi.Fusionauth;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @this = Fusionauth.GetUserGroupMembership.Invoke(new()\n {\n GroupId = fusionauth_group.This.Id,\n UserId = fusionauth_user.This.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/theogravity/pulumi-fusionauth/sdk/go/fusionauth\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fusionauth.GetUserGroupMembership(ctx, \u0026fusionauth.GetUserGroupMembershipArgs{\n\t\t\tGroupId: fusionauth_group.This.Id,\n\t\t\tUserId: fusionauth_user.This.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.fusionauth.FusionauthFunctions;\nimport com.pulumi.fusionauth.inputs.GetUserGroupMembershipArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var this = FusionauthFunctions.getUserGroupMembership(GetUserGroupMembershipArgs.builder()\n .groupId(fusionauth_group.this().id())\n .userId(fusionauth_user.this().id())\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n this:\n fn::invoke:\n function: fusionauth:getUserGroupMembership\n arguments:\n groupId: ${fusionauth_group.this.id}\n userId: ${fusionauth_user.this.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getUserGroupMembership.\n", "properties": { "groupId": { "type": "string", "description": "The Id of the Group of this membership.\n" }, "userId": { "type": "string", "description": "\"The Id of the User of this membership.\n" } }, "type": "object", "required": [ "groupId", "userId" ] }, "outputs": { "description": "A collection of values returned by getUserGroupMembership.\n", "properties": { "data": { "additionalProperties": { "type": "string" }, "description": "(Optional) An object that can hold any information about the User for this membership that should be persisted.\n", "type": "object" }, "groupId": { "type": "string" }, "id": { "description": "The provider-assigned unique ID for this managed resource.\n", "type": "string" }, "membershipId": { "description": "(Optional) The Id of the User Group Membership. If not provided, a random UUID will be generated.\n", "type": "string" }, "userId": { "type": "string" } }, "required": [ "data", "groupId", "id", "membershipId", "userId" ], "type": "object" } } } }