Docs Home
authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik
authentik.ProviderProxy
Explore with Pulumi AI
authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as authentik from "@pulumi/authentik";
const default_authorization_flow = authentik.getFlow({
slug: "default-provider-authorization-implicit-consent",
});
const nameProviderProxy = new authentik.ProviderProxy("nameProviderProxy", {
internalHost: "http://foo.bar.baz",
externalHost: "http://internal.service",
authorizationFlow: default_authorization_flow.then(default_authorization_flow => default_authorization_flow.id),
});
const nameApplication = new authentik.Application("nameApplication", {
slug: "test-app",
protocolProvider: nameProviderProxy.providerProxyId,
});
import pulumi
import pulumi_authentik as authentik
default_authorization_flow = authentik.get_flow(slug="default-provider-authorization-implicit-consent")
name_provider_proxy = authentik.ProviderProxy("nameProviderProxy",
internal_host="http://foo.bar.baz",
external_host="http://internal.service",
authorization_flow=default_authorization_flow.id)
name_application = authentik.Application("nameApplication",
slug="test-app",
protocol_provider=name_provider_proxy.provider_proxy_id)
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/authentik/v2025/authentik"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
default_authorization_flow, err := authentik.LookupFlow(ctx, &authentik.LookupFlowArgs{
Slug: pulumi.StringRef("default-provider-authorization-implicit-consent"),
}, nil)
if err != nil {
return err
}
nameProviderProxy, err := authentik.NewProviderProxy(ctx, "nameProviderProxy", &authentik.ProviderProxyArgs{
InternalHost: pulumi.String("http://foo.bar.baz"),
ExternalHost: pulumi.String("http://internal.service"),
AuthorizationFlow: pulumi.String(default_authorization_flow.Id),
})
if err != nil {
return err
}
_, err = authentik.NewApplication(ctx, "nameApplication", &authentik.ApplicationArgs{
Slug: pulumi.String("test-app"),
ProtocolProvider: nameProviderProxy.ProviderProxyId,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Authentik = Pulumi.Authentik;
return await Deployment.RunAsync(() =>
{
var default_authorization_flow = Authentik.GetFlow.Invoke(new()
{
Slug = "default-provider-authorization-implicit-consent",
});
var nameProviderProxy = new Authentik.ProviderProxy("nameProviderProxy", new()
{
InternalHost = "http://foo.bar.baz",
ExternalHost = "http://internal.service",
AuthorizationFlow = default_authorization_flow.Apply(default_authorization_flow => default_authorization_flow.Apply(getFlowResult => getFlowResult.Id)),
});
var nameApplication = new Authentik.Application("nameApplication", new()
{
Slug = "test-app",
ProtocolProvider = nameProviderProxy.ProviderProxyId,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.authentik.AuthentikFunctions;
import com.pulumi.authentik.inputs.GetFlowArgs;
import com.pulumi.authentik.ProviderProxy;
import com.pulumi.authentik.ProviderProxyArgs;
import com.pulumi.authentik.Application;
import com.pulumi.authentik.ApplicationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var default-authorization-flow = AuthentikFunctions.getFlow(GetFlowArgs.builder()
.slug("default-provider-authorization-implicit-consent")
.build());
var nameProviderProxy = new ProviderProxy("nameProviderProxy", ProviderProxyArgs.builder()
.internalHost("http://foo.bar.baz")
.externalHost("http://internal.service")
.authorizationFlow(default_authorization_flow.id())
.build());
var nameApplication = new Application("nameApplication", ApplicationArgs.builder()
.slug("test-app")
.protocolProvider(nameProviderProxy.providerProxyId())
.build());
}
}
resources:
nameProviderProxy:
type: authentik:ProviderProxy
properties:
internalHost: http://foo.bar.baz
externalHost: http://internal.service
authorizationFlow: ${["default-authorization-flow"].id}
nameApplication:
type: authentik:Application
properties:
slug: test-app
protocolProvider: ${nameProviderProxy.providerProxyId}
variables:
default-authorization-flow:
fn::invoke:
function: authentik:getFlow
arguments:
slug: default-provider-authorization-implicit-consent
Create ProviderProxy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ProviderProxy(name: string, args: ProviderProxyArgs, opts?: CustomResourceOptions);@overload
def ProviderProxy(resource_name: str,
args: ProviderProxyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ProviderProxy(resource_name: str,
opts: Optional[ResourceOptions] = None,
external_host: Optional[str] = None,
invalidation_flow: Optional[str] = None,
authorization_flow: Optional[str] = None,
internal_host_ssl_validation: Optional[bool] = None,
jwks_sources: Optional[Sequence[str]] = None,
basic_auth_username_attribute: Optional[str] = None,
cookie_domain: Optional[str] = None,
basic_auth_enabled: Optional[bool] = None,
intercept_header_auth: Optional[bool] = None,
internal_host: Optional[str] = None,
access_token_validity: Optional[str] = None,
authentication_flow: Optional[str] = None,
basic_auth_password_attribute: Optional[str] = None,
jwt_federation_providers: Optional[Sequence[float]] = None,
jwt_federation_sources: Optional[Sequence[str]] = None,
mode: Optional[str] = None,
name: Optional[str] = None,
property_mappings: Optional[Sequence[str]] = None,
provider_proxy_id: Optional[str] = None,
refresh_token_validity: Optional[str] = None,
skip_path_regex: Optional[str] = None)func NewProviderProxy(ctx *Context, name string, args ProviderProxyArgs, opts ...ResourceOption) (*ProviderProxy, error)public ProviderProxy(string name, ProviderProxyArgs args, CustomResourceOptions? opts = null)
public ProviderProxy(String name, ProviderProxyArgs args)
public ProviderProxy(String name, ProviderProxyArgs args, CustomResourceOptions options)
type: authentik:ProviderProxy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ProviderProxyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ProviderProxyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ProviderProxyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ProviderProxyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ProviderProxyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var providerProxyResource = new Authentik.ProviderProxy("providerProxyResource", new()
{
ExternalHost = "string",
InvalidationFlow = "string",
AuthorizationFlow = "string",
InternalHostSslValidation = false,
JwksSources = new[]
{
"string",
},
BasicAuthUsernameAttribute = "string",
CookieDomain = "string",
BasicAuthEnabled = false,
InterceptHeaderAuth = false,
InternalHost = "string",
AccessTokenValidity = "string",
AuthenticationFlow = "string",
BasicAuthPasswordAttribute = "string",
JwtFederationProviders = new[]
{
0,
},
JwtFederationSources = new[]
{
"string",
},
Mode = "string",
Name = "string",
PropertyMappings = new[]
{
"string",
},
ProviderProxyId = "string",
RefreshTokenValidity = "string",
SkipPathRegex = "string",
});
example, err := authentik.NewProviderProxy(ctx, "providerProxyResource", &authentik.ProviderProxyArgs{
ExternalHost: pulumi.String("string"),
InvalidationFlow: pulumi.String("string"),
AuthorizationFlow: pulumi.String("string"),
InternalHostSslValidation: pulumi.Bool(false),
JwksSources: pulumi.StringArray{
pulumi.String("string"),
},
BasicAuthUsernameAttribute: pulumi.String("string"),
CookieDomain: pulumi.String("string"),
BasicAuthEnabled: pulumi.Bool(false),
InterceptHeaderAuth: pulumi.Bool(false),
InternalHost: pulumi.String("string"),
AccessTokenValidity: pulumi.String("string"),
AuthenticationFlow: pulumi.String("string"),
BasicAuthPasswordAttribute: pulumi.String("string"),
JwtFederationProviders: pulumi.Float64Array{
pulumi.Float64(0),
},
JwtFederationSources: pulumi.StringArray{
pulumi.String("string"),
},
Mode: pulumi.String("string"),
Name: pulumi.String("string"),
PropertyMappings: pulumi.StringArray{
pulumi.String("string"),
},
ProviderProxyId: pulumi.String("string"),
RefreshTokenValidity: pulumi.String("string"),
SkipPathRegex: pulumi.String("string"),
})
var providerProxyResource = new ProviderProxy("providerProxyResource", ProviderProxyArgs.builder()
.externalHost("string")
.invalidationFlow("string")
.authorizationFlow("string")
.internalHostSslValidation(false)
.jwksSources("string")
.basicAuthUsernameAttribute("string")
.cookieDomain("string")
.basicAuthEnabled(false)
.interceptHeaderAuth(false)
.internalHost("string")
.accessTokenValidity("string")
.authenticationFlow("string")
.basicAuthPasswordAttribute("string")
.jwtFederationProviders(0)
.jwtFederationSources("string")
.mode("string")
.name("string")
.propertyMappings("string")
.providerProxyId("string")
.refreshTokenValidity("string")
.skipPathRegex("string")
.build());
provider_proxy_resource = authentik.ProviderProxy("providerProxyResource",
external_host="string",
invalidation_flow="string",
authorization_flow="string",
internal_host_ssl_validation=False,
jwks_sources=["string"],
basic_auth_username_attribute="string",
cookie_domain="string",
basic_auth_enabled=False,
intercept_header_auth=False,
internal_host="string",
access_token_validity="string",
authentication_flow="string",
basic_auth_password_attribute="string",
jwt_federation_providers=[0],
jwt_federation_sources=["string"],
mode="string",
name="string",
property_mappings=["string"],
provider_proxy_id="string",
refresh_token_validity="string",
skip_path_regex="string")
const providerProxyResource = new authentik.ProviderProxy("providerProxyResource", {
externalHost: "string",
invalidationFlow: "string",
authorizationFlow: "string",
internalHostSslValidation: false,
jwksSources: ["string"],
basicAuthUsernameAttribute: "string",
cookieDomain: "string",
basicAuthEnabled: false,
interceptHeaderAuth: false,
internalHost: "string",
accessTokenValidity: "string",
authenticationFlow: "string",
basicAuthPasswordAttribute: "string",
jwtFederationProviders: [0],
jwtFederationSources: ["string"],
mode: "string",
name: "string",
propertyMappings: ["string"],
providerProxyId: "string",
refreshTokenValidity: "string",
skipPathRegex: "string",
});
type: authentik:ProviderProxy
properties:
accessTokenValidity: string
authenticationFlow: string
authorizationFlow: string
basicAuthEnabled: false
basicAuthPasswordAttribute: string
basicAuthUsernameAttribute: string
cookieDomain: string
externalHost: string
interceptHeaderAuth: false
internalHost: string
internalHostSslValidation: false
invalidationFlow: string
jwksSources:
- string
jwtFederationProviders:
- 0
jwtFederationSources:
- string
mode: string
name: string
propertyMappings:
- string
providerProxyId: string
refreshTokenValidity: string
skipPathRegex: string
ProviderProxy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ProviderProxy resource accepts the following input properties:
- string
- External
Host string - Invalidation
Flow string - Access
Token stringValidity - Defaults to
minutes=10. - Authentication
Flow string - Basic
Auth boolEnabled - Defaults to
false. - Basic
Auth stringPassword Attribute - Basic
Auth stringUsername Attribute - string
- Intercept
Header boolAuth - Defaults to
true. - Internal
Host string - Internal
Host boolSsl Validation - Defaults to
true. - Jwks
Sources List<string> - Deprecated. Use
jwt_federation_sourcesinstead. - Jwt
Federation List<double>Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- Jwt
Federation List<string>Sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- Mode string
- Allowed values: -
proxy-forward_single-forward_domainDefaults toproxy. - Name string
- Property
Mappings List<string> - Provider
Proxy stringId - Refresh
Token stringValidity - Defaults to
days=30. - Skip
Path stringRegex
- string
- External
Host string - Invalidation
Flow string - Access
Token stringValidity - Defaults to
minutes=10. - Authentication
Flow string - Basic
Auth boolEnabled - Defaults to
false. - Basic
Auth stringPassword Attribute - Basic
Auth stringUsername Attribute - string
- Intercept
Header boolAuth - Defaults to
true. - Internal
Host string - Internal
Host boolSsl Validation - Defaults to
true. - Jwks
Sources []string - Deprecated. Use
jwt_federation_sourcesinstead. - Jwt
Federation []float64Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- Jwt
Federation []stringSources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- Mode string
- Allowed values: -
proxy-forward_single-forward_domainDefaults toproxy. - Name string
- Property
Mappings []string - Provider
Proxy stringId - Refresh
Token stringValidity - Defaults to
days=30. - Skip
Path stringRegex
- String
- external
Host String - invalidation
Flow String - access
Token StringValidity - Defaults to
minutes=10. - authentication
Flow String - basic
Auth BooleanEnabled - Defaults to
false. - basic
Auth StringPassword Attribute - basic
Auth StringUsername Attribute - String
- intercept
Header BooleanAuth - Defaults to
true. - internal
Host String - internal
Host BooleanSsl Validation - Defaults to
true. - jwks
Sources List<String> - Deprecated. Use
jwt_federation_sourcesinstead. - jwt
Federation List<Double>Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- jwt
Federation List<String>Sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- mode String
- Allowed values: -
proxy-forward_single-forward_domainDefaults toproxy. - name String
- property
Mappings List<String> - provider
Proxy StringId - refresh
Token StringValidity - Defaults to
days=30. - skip
Path StringRegex
- string
- external
Host string - invalidation
Flow string - access
Token stringValidity - Defaults to
minutes=10. - authentication
Flow string - basic
Auth booleanEnabled - Defaults to
false. - basic
Auth stringPassword Attribute - basic
Auth stringUsername Attribute - string
- intercept
Header booleanAuth - Defaults to
true. - internal
Host string - internal
Host booleanSsl Validation - Defaults to
true. - jwks
Sources string[] - Deprecated. Use
jwt_federation_sourcesinstead. - jwt
Federation number[]Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- jwt
Federation string[]Sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- mode string
- Allowed values: -
proxy-forward_single-forward_domainDefaults toproxy. - name string
- property
Mappings string[] - provider
Proxy stringId - refresh
Token stringValidity - Defaults to
days=30. - skip
Path stringRegex
- str
- external_
host str - invalidation_
flow str - access_
token_ strvalidity - Defaults to
minutes=10. - authentication_
flow str - basic_
auth_ boolenabled - Defaults to
false. - basic_
auth_ strpassword_ attribute - basic_
auth_ strusername_ attribute - str
- intercept_
header_ boolauth - Defaults to
true. - internal_
host str - internal_
host_ boolssl_ validation - Defaults to
true. - jwks_
sources Sequence[str] - Deprecated. Use
jwt_federation_sourcesinstead. - jwt_
federation_ Sequence[float]providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- jwt_
federation_ Sequence[str]sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- mode str
- Allowed values: -
proxy-forward_single-forward_domainDefaults toproxy. - name str
- property_
mappings Sequence[str] - provider_
proxy_ strid - refresh_
token_ strvalidity - Defaults to
days=30. - skip_
path_ strregex
- String
- external
Host String - invalidation
Flow String - access
Token StringValidity - Defaults to
minutes=10. - authentication
Flow String - basic
Auth BooleanEnabled - Defaults to
false. - basic
Auth StringPassword Attribute - basic
Auth StringUsername Attribute - String
- intercept
Header BooleanAuth - Defaults to
true. - internal
Host String - internal
Host BooleanSsl Validation - Defaults to
true. - jwks
Sources List<String> - Deprecated. Use
jwt_federation_sourcesinstead. - jwt
Federation List<Number>Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- jwt
Federation List<String>Sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- mode String
- Allowed values: -
proxy-forward_single-forward_domainDefaults toproxy. - name String
- property
Mappings List<String> - provider
Proxy StringId - refresh
Token StringValidity - Defaults to
days=30. - skip
Path StringRegex
Outputs
All input properties are implicitly available as output properties. Additionally, the ProviderProxy resource produces the following output properties:
Look up Existing ProviderProxy Resource
Get an existing ProviderProxy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ProviderProxyState, opts?: CustomResourceOptions): ProviderProxy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_token_validity: Optional[str] = None,
authentication_flow: Optional[str] = None,
authorization_flow: Optional[str] = None,
basic_auth_enabled: Optional[bool] = None,
basic_auth_password_attribute: Optional[str] = None,
basic_auth_username_attribute: Optional[str] = None,
client_id: Optional[str] = None,
cookie_domain: Optional[str] = None,
external_host: Optional[str] = None,
intercept_header_auth: Optional[bool] = None,
internal_host: Optional[str] = None,
internal_host_ssl_validation: Optional[bool] = None,
invalidation_flow: Optional[str] = None,
jwks_sources: Optional[Sequence[str]] = None,
jwt_federation_providers: Optional[Sequence[float]] = None,
jwt_federation_sources: Optional[Sequence[str]] = None,
mode: Optional[str] = None,
name: Optional[str] = None,
property_mappings: Optional[Sequence[str]] = None,
provider_proxy_id: Optional[str] = None,
refresh_token_validity: Optional[str] = None,
skip_path_regex: Optional[str] = None) -> ProviderProxyfunc GetProviderProxy(ctx *Context, name string, id IDInput, state *ProviderProxyState, opts ...ResourceOption) (*ProviderProxy, error)public static ProviderProxy Get(string name, Input<string> id, ProviderProxyState? state, CustomResourceOptions? opts = null)public static ProviderProxy get(String name, Output<String> id, ProviderProxyState state, CustomResourceOptions options)resources: _: type: authentik:ProviderProxy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Token stringValidity - Defaults to
minutes=10. - Authentication
Flow string - string
- Basic
Auth boolEnabled - Defaults to
false. - Basic
Auth stringPassword Attribute - Basic
Auth stringUsername Attribute - Client
Id string - Generated.
- string
- External
Host string - Intercept
Header boolAuth - Defaults to
true. - Internal
Host string - Internal
Host boolSsl Validation - Defaults to
true. - Invalidation
Flow string - Jwks
Sources List<string> - Deprecated. Use
jwt_federation_sourcesinstead. - Jwt
Federation List<double>Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- Jwt
Federation List<string>Sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- Mode string
- Allowed values: -
proxy-forward_single-forward_domainDefaults toproxy. - Name string
- Property
Mappings List<string> - Provider
Proxy stringId - Refresh
Token stringValidity - Defaults to
days=30. - Skip
Path stringRegex
- Access
Token stringValidity - Defaults to
minutes=10. - Authentication
Flow string - string
- Basic
Auth boolEnabled - Defaults to
false. - Basic
Auth stringPassword Attribute - Basic
Auth stringUsername Attribute - Client
Id string - Generated.
- string
- External
Host string - Intercept
Header boolAuth - Defaults to
true. - Internal
Host string - Internal
Host boolSsl Validation - Defaults to
true. - Invalidation
Flow string - Jwks
Sources []string - Deprecated. Use
jwt_federation_sourcesinstead. - Jwt
Federation []float64Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- Jwt
Federation []stringSources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- Mode string
- Allowed values: -
proxy-forward_single-forward_domainDefaults toproxy. - Name string
- Property
Mappings []string - Provider
Proxy stringId - Refresh
Token stringValidity - Defaults to
days=30. - Skip
Path stringRegex
- access
Token StringValidity - Defaults to
minutes=10. - authentication
Flow String - String
- basic
Auth BooleanEnabled - Defaults to
false. - basic
Auth StringPassword Attribute - basic
Auth StringUsername Attribute - client
Id String - Generated.
- String
- external
Host String - intercept
Header BooleanAuth - Defaults to
true. - internal
Host String - internal
Host BooleanSsl Validation - Defaults to
true. - invalidation
Flow String - jwks
Sources List<String> - Deprecated. Use
jwt_federation_sourcesinstead. - jwt
Federation List<Double>Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- jwt
Federation List<String>Sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- mode String
- Allowed values: -
proxy-forward_single-forward_domainDefaults toproxy. - name String
- property
Mappings List<String> - provider
Proxy StringId - refresh
Token StringValidity - Defaults to
days=30. - skip
Path StringRegex
- access
Token stringValidity - Defaults to
minutes=10. - authentication
Flow string - string
- basic
Auth booleanEnabled - Defaults to
false. - basic
Auth stringPassword Attribute - basic
Auth stringUsername Attribute - client
Id string - Generated.
- string
- external
Host string - intercept
Header booleanAuth - Defaults to
true. - internal
Host string - internal
Host booleanSsl Validation - Defaults to
true. - invalidation
Flow string - jwks
Sources string[] - Deprecated. Use
jwt_federation_sourcesinstead. - jwt
Federation number[]Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- jwt
Federation string[]Sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- mode string
- Allowed values: -
proxy-forward_single-forward_domainDefaults toproxy. - name string
- property
Mappings string[] - provider
Proxy stringId - refresh
Token stringValidity - Defaults to
days=30. - skip
Path stringRegex
- access_
token_ strvalidity - Defaults to
minutes=10. - authentication_
flow str - str
- basic_
auth_ boolenabled - Defaults to
false. - basic_
auth_ strpassword_ attribute - basic_
auth_ strusername_ attribute - client_
id str - Generated.
- str
- external_
host str - intercept_
header_ boolauth - Defaults to
true. - internal_
host str - internal_
host_ boolssl_ validation - Defaults to
true. - invalidation_
flow str - jwks_
sources Sequence[str] - Deprecated. Use
jwt_federation_sourcesinstead. - jwt_
federation_ Sequence[float]providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- jwt_
federation_ Sequence[str]sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- mode str
- Allowed values: -
proxy-forward_single-forward_domainDefaults toproxy. - name str
- property_
mappings Sequence[str] - provider_
proxy_ strid - refresh_
token_ strvalidity - Defaults to
days=30. - skip_
path_ strregex
- access
Token StringValidity - Defaults to
minutes=10. - authentication
Flow String - String
- basic
Auth BooleanEnabled - Defaults to
false. - basic
Auth StringPassword Attribute - basic
Auth StringUsername Attribute - client
Id String - Generated.
- String
- external
Host String - intercept
Header BooleanAuth - Defaults to
true. - internal
Host String - internal
Host BooleanSsl Validation - Defaults to
true. - invalidation
Flow String - jwks
Sources List<String> - Deprecated. Use
jwt_federation_sourcesinstead. - jwt
Federation List<Number>Providers - JWTs issued by any of the configured providers can be used to authenticate on behalf of this provider.
- jwt
Federation List<String>Sources - JWTs issued by keys configured in any of the selected sources can be used to authenticate on behalf of this provider.
- mode String
- Allowed values: -
proxy-forward_single-forward_domainDefaults toproxy. - name String
- property
Mappings List<String> - provider
Proxy StringId - refresh
Token StringValidity - Defaults to
days=30. - skip
Path StringRegex
Package Details
- Repository
- authentik goauthentik/terraform-provider-authentik
- License
- Notes
- This Pulumi package is based on the
authentikTerraform Provider.
authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik