Docs Home
Auth0 v3.16.0 published on Wednesday, Mar 12, 2025 by Pulumi
auth0.OrganizationClientGrant
Explore with Pulumi AI
With this resource, you can manage a client grant associated with an organization.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// Create an Organization
const myOrganization = new auth0.Organization("my_organization", {
name: "test-org-acceptance-testing",
displayName: "Test Org Acceptance Testing",
});
// Create a Resource Server
const newResourceServer = new auth0.ResourceServer("new_resource_server", {
name: "Example API",
identifier: "https://api.travel00123.com/",
});
// Create a Client by referencing the newly created organisation or by reference an existing one.
const myTestClient = new auth0.Client("my_test_client", {
name: "test_client",
organizationUsage: "allow",
defaultOrganization: {
organizationId: myOrganization.id,
flows: ["client_credentials"],
},
}, {
dependsOn: [
myOrganization,
newResourceServer,
],
});
// Create a client grant which is associated with the client and resource server.
const myClientGrant = new auth0.ClientGrant("my_client_grant", {
clientId: myTestClient.id,
audience: newResourceServer.identifier,
scopes: [
"create:organization_client_grants",
"create:resource",
],
allowAnyOrganization: true,
organizationUsage: "allow",
}, {
dependsOn: [
newResourceServer,
myTestClient,
],
});
// Create the organization and client grant association
const associateOrgClientGrant = new auth0.OrganizationClientGrant("associate_org_client_grant", {
organizationId: myOrganization.id,
grantId: myClientGrant.id,
}, {
dependsOn: [myClientGrant],
});
import pulumi
import pulumi_auth0 as auth0
# Create an Organization
my_organization = auth0.Organization("my_organization",
name="test-org-acceptance-testing",
display_name="Test Org Acceptance Testing")
# Create a Resource Server
new_resource_server = auth0.ResourceServer("new_resource_server",
name="Example API",
identifier="https://api.travel00123.com/")
# Create a Client by referencing the newly created organisation or by reference an existing one.
my_test_client = auth0.Client("my_test_client",
name="test_client",
organization_usage="allow",
default_organization={
"organization_id": my_organization.id,
"flows": ["client_credentials"],
},
opts = pulumi.ResourceOptions(depends_on=[
my_organization,
new_resource_server,
]))
# Create a client grant which is associated with the client and resource server.
my_client_grant = auth0.ClientGrant("my_client_grant",
client_id=my_test_client.id,
audience=new_resource_server.identifier,
scopes=[
"create:organization_client_grants",
"create:resource",
],
allow_any_organization=True,
organization_usage="allow",
opts = pulumi.ResourceOptions(depends_on=[
new_resource_server,
my_test_client,
]))
# Create the organization and client grant association
associate_org_client_grant = auth0.OrganizationClientGrant("associate_org_client_grant",
organization_id=my_organization.id,
grant_id=my_client_grant.id,
opts = pulumi.ResourceOptions(depends_on=[my_client_grant]))
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Create an Organization
myOrganization, err := auth0.NewOrganization(ctx, "my_organization", &auth0.OrganizationArgs{
Name: pulumi.String("test-org-acceptance-testing"),
DisplayName: pulumi.String("Test Org Acceptance Testing"),
})
if err != nil {
return err
}
// Create a Resource Server
newResourceServer, err := auth0.NewResourceServer(ctx, "new_resource_server", &auth0.ResourceServerArgs{
Name: pulumi.String("Example API"),
Identifier: pulumi.String("https://api.travel00123.com/"),
})
if err != nil {
return err
}
// Create a Client by referencing the newly created organisation or by reference an existing one.
myTestClient, err := auth0.NewClient(ctx, "my_test_client", &auth0.ClientArgs{
Name: pulumi.String("test_client"),
OrganizationUsage: pulumi.String("allow"),
DefaultOrganization: &auth0.ClientDefaultOrganizationArgs{
OrganizationId: myOrganization.ID(),
Flows: pulumi.StringArray{
pulumi.String("client_credentials"),
},
},
}, pulumi.DependsOn([]pulumi.Resource{
myOrganization,
newResourceServer,
}))
if err != nil {
return err
}
// Create a client grant which is associated with the client and resource server.
myClientGrant, err := auth0.NewClientGrant(ctx, "my_client_grant", &auth0.ClientGrantArgs{
ClientId: myTestClient.ID(),
Audience: newResourceServer.Identifier,
Scopes: pulumi.StringArray{
pulumi.String("create:organization_client_grants"),
pulumi.String("create:resource"),
},
AllowAnyOrganization: pulumi.Bool(true),
OrganizationUsage: pulumi.String("allow"),
}, pulumi.DependsOn([]pulumi.Resource{
newResourceServer,
myTestClient,
}))
if err != nil {
return err
}
// Create the organization and client grant association
_, err = auth0.NewOrganizationClientGrant(ctx, "associate_org_client_grant", &auth0.OrganizationClientGrantArgs{
OrganizationId: myOrganization.ID(),
GrantId: myClientGrant.ID(),
}, pulumi.DependsOn([]pulumi.Resource{
myClientGrant,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// Create an Organization
var myOrganization = new Auth0.Organization("my_organization", new()
{
Name = "test-org-acceptance-testing",
DisplayName = "Test Org Acceptance Testing",
});
// Create a Resource Server
var newResourceServer = new Auth0.ResourceServer("new_resource_server", new()
{
Name = "Example API",
Identifier = "https://api.travel00123.com/",
});
// Create a Client by referencing the newly created organisation or by reference an existing one.
var myTestClient = new Auth0.Client("my_test_client", new()
{
Name = "test_client",
OrganizationUsage = "allow",
DefaultOrganization = new Auth0.Inputs.ClientDefaultOrganizationArgs
{
OrganizationId = myOrganization.Id,
Flows = new[]
{
"client_credentials",
},
},
}, new CustomResourceOptions
{
DependsOn =
{
myOrganization,
newResourceServer,
},
});
// Create a client grant which is associated with the client and resource server.
var myClientGrant = new Auth0.ClientGrant("my_client_grant", new()
{
ClientId = myTestClient.Id,
Audience = newResourceServer.Identifier,
Scopes = new[]
{
"create:organization_client_grants",
"create:resource",
},
AllowAnyOrganization = true,
OrganizationUsage = "allow",
}, new CustomResourceOptions
{
DependsOn =
{
newResourceServer,
myTestClient,
},
});
// Create the organization and client grant association
var associateOrgClientGrant = new Auth0.OrganizationClientGrant("associate_org_client_grant", new()
{
OrganizationId = myOrganization.Id,
GrantId = myClientGrant.Id,
}, new CustomResourceOptions
{
DependsOn =
{
myClientGrant,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Organization;
import com.pulumi.auth0.OrganizationArgs;
import com.pulumi.auth0.ResourceServer;
import com.pulumi.auth0.ResourceServerArgs;
import com.pulumi.auth0.Client;
import com.pulumi.auth0.ClientArgs;
import com.pulumi.auth0.inputs.ClientDefaultOrganizationArgs;
import com.pulumi.auth0.ClientGrant;
import com.pulumi.auth0.ClientGrantArgs;
import com.pulumi.auth0.OrganizationClientGrant;
import com.pulumi.auth0.OrganizationClientGrantArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Create an Organization
var myOrganization = new Organization("myOrganization", OrganizationArgs.builder()
.name("test-org-acceptance-testing")
.displayName("Test Org Acceptance Testing")
.build());
// Create a Resource Server
var newResourceServer = new ResourceServer("newResourceServer", ResourceServerArgs.builder()
.name("Example API")
.identifier("https://api.travel00123.com/")
.build());
// Create a Client by referencing the newly created organisation or by reference an existing one.
var myTestClient = new Client("myTestClient", ClientArgs.builder()
.name("test_client")
.organizationUsage("allow")
.defaultOrganization(ClientDefaultOrganizationArgs.builder()
.organizationId(myOrganization.id())
.flows("client_credentials")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
myOrganization,
newResourceServer)
.build());
// Create a client grant which is associated with the client and resource server.
var myClientGrant = new ClientGrant("myClientGrant", ClientGrantArgs.builder()
.clientId(myTestClient.id())
.audience(newResourceServer.identifier())
.scopes(
"create:organization_client_grants",
"create:resource")
.allowAnyOrganization(true)
.organizationUsage("allow")
.build(), CustomResourceOptions.builder()
.dependsOn(
newResourceServer,
myTestClient)
.build());
// Create the organization and client grant association
var associateOrgClientGrant = new OrganizationClientGrant("associateOrgClientGrant", OrganizationClientGrantArgs.builder()
.organizationId(myOrganization.id())
.grantId(myClientGrant.id())
.build(), CustomResourceOptions.builder()
.dependsOn(myClientGrant)
.build());
}
}
resources:
# Create an Organization
myOrganization:
type: auth0:Organization
name: my_organization
properties:
name: test-org-acceptance-testing
displayName: Test Org Acceptance Testing
# Create a Resource Server
newResourceServer:
type: auth0:ResourceServer
name: new_resource_server
properties:
name: Example API
identifier: https://api.travel00123.com/
# Create a Client by referencing the newly created organisation or by reference an existing one.
myTestClient:
type: auth0:Client
name: my_test_client
properties:
name: test_client
organizationUsage: allow
defaultOrganization:
organizationId: ${myOrganization.id}
flows:
- client_credentials
options:
dependsOn:
- ${myOrganization}
- ${newResourceServer}
# Create a client grant which is associated with the client and resource server.
myClientGrant:
type: auth0:ClientGrant
name: my_client_grant
properties:
clientId: ${myTestClient.id}
audience: ${newResourceServer.identifier}
scopes:
- create:organization_client_grants
- create:resource
allowAnyOrganization: true
organizationUsage: allow
options:
dependsOn:
- ${newResourceServer}
- ${myTestClient}
# Create the organization and client grant association
associateOrgClientGrant:
type: auth0:OrganizationClientGrant
name: associate_org_client_grant
properties:
organizationId: ${myOrganization.id}
grantId: ${myClientGrant.id}
options:
dependsOn:
- ${myClientGrant}
Create OrganizationClientGrant Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new OrganizationClientGrant(name: string, args: OrganizationClientGrantArgs, opts?: CustomResourceOptions);@overload
def OrganizationClientGrant(resource_name: str,
args: OrganizationClientGrantArgs,
opts: Optional[ResourceOptions] = None)
@overload
def OrganizationClientGrant(resource_name: str,
opts: Optional[ResourceOptions] = None,
grant_id: Optional[str] = None,
organization_id: Optional[str] = None)func NewOrganizationClientGrant(ctx *Context, name string, args OrganizationClientGrantArgs, opts ...ResourceOption) (*OrganizationClientGrant, error)public OrganizationClientGrant(string name, OrganizationClientGrantArgs args, CustomResourceOptions? opts = null)
public OrganizationClientGrant(String name, OrganizationClientGrantArgs args)
public OrganizationClientGrant(String name, OrganizationClientGrantArgs args, CustomResourceOptions options)
type: auth0:OrganizationClientGrant
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args OrganizationClientGrantArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OrganizationClientGrantArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OrganizationClientGrantArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OrganizationClientGrantArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OrganizationClientGrantArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var organizationClientGrantResource = new Auth0.OrganizationClientGrant("organizationClientGrantResource", new()
{
GrantId = "string",
OrganizationId = "string",
});
example, err := auth0.NewOrganizationClientGrant(ctx, "organizationClientGrantResource", &auth0.OrganizationClientGrantArgs{
GrantId: pulumi.String("string"),
OrganizationId: pulumi.String("string"),
})
var organizationClientGrantResource = new OrganizationClientGrant("organizationClientGrantResource", OrganizationClientGrantArgs.builder()
.grantId("string")
.organizationId("string")
.build());
organization_client_grant_resource = auth0.OrganizationClientGrant("organizationClientGrantResource",
grant_id="string",
organization_id="string")
const organizationClientGrantResource = new auth0.OrganizationClientGrant("organizationClientGrantResource", {
grantId: "string",
organizationId: "string",
});
type: auth0:OrganizationClientGrant
properties:
grantId: string
organizationId: string
OrganizationClientGrant Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The OrganizationClientGrant resource accepts the following input properties:
- Grant
Id string - A Client Grant ID to add to the organization.
- Organization
Id string - The ID of the organization to associate the client grant.
- Grant
Id string - A Client Grant ID to add to the organization.
- Organization
Id string - The ID of the organization to associate the client grant.
- grant
Id String - A Client Grant ID to add to the organization.
- organization
Id String - The ID of the organization to associate the client grant.
- grant
Id string - A Client Grant ID to add to the organization.
- organization
Id string - The ID of the organization to associate the client grant.
- grant_
id str - A Client Grant ID to add to the organization.
- organization_
id str - The ID of the organization to associate the client grant.
- grant
Id String - A Client Grant ID to add to the organization.
- organization
Id String - The ID of the organization to associate the client grant.
Outputs
All input properties are implicitly available as output properties. Additionally, the OrganizationClientGrant resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing OrganizationClientGrant Resource
Get an existing OrganizationClientGrant resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OrganizationClientGrantState, opts?: CustomResourceOptions): OrganizationClientGrant@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
grant_id: Optional[str] = None,
organization_id: Optional[str] = None) -> OrganizationClientGrantfunc GetOrganizationClientGrant(ctx *Context, name string, id IDInput, state *OrganizationClientGrantState, opts ...ResourceOption) (*OrganizationClientGrant, error)public static OrganizationClientGrant Get(string name, Input<string> id, OrganizationClientGrantState? state, CustomResourceOptions? opts = null)public static OrganizationClientGrant get(String name, Output<String> id, OrganizationClientGrantState state, CustomResourceOptions options)resources: _: type: auth0:OrganizationClientGrant get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Grant
Id string - A Client Grant ID to add to the organization.
- Organization
Id string - The ID of the organization to associate the client grant.
- Grant
Id string - A Client Grant ID to add to the organization.
- Organization
Id string - The ID of the organization to associate the client grant.
- grant
Id String - A Client Grant ID to add to the organization.
- organization
Id String - The ID of the organization to associate the client grant.
- grant
Id string - A Client Grant ID to add to the organization.
- organization
Id string - The ID of the organization to associate the client grant.
- grant_
id str - A Client Grant ID to add to the organization.
- organization_
id str - The ID of the organization to associate the client grant.
- grant
Id String - A Client Grant ID to add to the organization.
- organization
Id String - The ID of the organization to associate the client grant.
Import
This resource can be imported by specifying the
organization ID and client grant ID separated by “::” (note the double colon)
Example:
$ pulumi import auth0:index/organizationClientGrant:OrganizationClientGrant my_org_client_grant "org_XXXXX::cgr_XXXXX"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Auth0 pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
auth0Terraform Provider.