authentik 2025.2.0, Mar 24 25

authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik

goauthentik/terraform-provider-authentik

authentik.SourceOauth

Explore with Pulumi AI

authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik

goauthentik/terraform-provider-authentik

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as authentik from "@pulumi/authentik";

const default_source_authentication = authentik.getFlow({
    slug: "default-source-authentication",
});
const default_source_enrollment = authentik.getFlow({
    slug: "default-source-enrollment",
});
const name = new authentik.SourceOauth("name", {
    slug: "discord",
    authenticationFlow: default_source_authentication.then(default_source_authentication => default_source_authentication.id),
    enrollmentFlow: default_source_enrollment.then(default_source_enrollment => default_source_enrollment.id),
    providerType: "discord",
    consumerKey: "foo",
    consumerSecret: "bar",
});

import pulumi
import pulumi_authentik as authentik

default_source_authentication = authentik.get_flow(slug="default-source-authentication")
default_source_enrollment = authentik.get_flow(slug="default-source-enrollment")
name = authentik.SourceOauth("name",
    slug="discord",
    authentication_flow=default_source_authentication.id,
    enrollment_flow=default_source_enrollment.id,
    provider_type="discord",
    consumer_key="foo",
    consumer_secret="bar")

package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/authentik/v2025/authentik"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		default_source_authentication, err := authentik.LookupFlow(ctx, &authentik.LookupFlowArgs{
			Slug: pulumi.StringRef("default-source-authentication"),
		}, nil)
		if err != nil {
			return err
		}
		default_source_enrollment, err := authentik.LookupFlow(ctx, &authentik.LookupFlowArgs{
			Slug: pulumi.StringRef("default-source-enrollment"),
		}, nil)
		if err != nil {
			return err
		}
		_, err = authentik.NewSourceOauth(ctx, "name", &authentik.SourceOauthArgs{
			Slug:               pulumi.String("discord"),
			AuthenticationFlow: pulumi.String(default_source_authentication.Id),
			EnrollmentFlow:     pulumi.String(default_source_enrollment.Id),
			ProviderType:       pulumi.String("discord"),
			ConsumerKey:        pulumi.String("foo"),
			ConsumerSecret:     pulumi.String("bar"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Authentik = Pulumi.Authentik;

return await Deployment.RunAsync(() => 
{
    var default_source_authentication = Authentik.GetFlow.Invoke(new()
    {
        Slug = "default-source-authentication",
    });

    var default_source_enrollment = Authentik.GetFlow.Invoke(new()
    {
        Slug = "default-source-enrollment",
    });

    var name = new Authentik.SourceOauth("name", new()
    {
        Slug = "discord",
        AuthenticationFlow = default_source_authentication.Apply(default_source_authentication => default_source_authentication.Apply(getFlowResult => getFlowResult.Id)),
        EnrollmentFlow = default_source_enrollment.Apply(default_source_enrollment => default_source_enrollment.Apply(getFlowResult => getFlowResult.Id)),
        ProviderType = "discord",
        ConsumerKey = "foo",
        ConsumerSecret = "bar",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.authentik.AuthentikFunctions;
import com.pulumi.authentik.inputs.GetFlowArgs;
import com.pulumi.authentik.SourceOauth;
import com.pulumi.authentik.SourceOauthArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var default-source-authentication = AuthentikFunctions.getFlow(GetFlowArgs.builder()
            .slug("default-source-authentication")
            .build());

        final var default-source-enrollment = AuthentikFunctions.getFlow(GetFlowArgs.builder()
            .slug("default-source-enrollment")
            .build());

        var name = new SourceOauth("name", SourceOauthArgs.builder()
            .slug("discord")
            .authenticationFlow(default_source_authentication.id())
            .enrollmentFlow(default_source_enrollment.id())
            .providerType("discord")
            .consumerKey("foo")
            .consumerSecret("bar")
            .build());

    }
}

resources:
  name:
    type: authentik:SourceOauth
    properties:
      slug: discord
      authenticationFlow: ${["default-source-authentication"].id}
      enrollmentFlow: ${["default-source-enrollment"].id}
      providerType: discord
      consumerKey: foo
      consumerSecret: bar
variables:
  default-source-authentication:
    fn::invoke:
      function: authentik:getFlow
      arguments:
        slug: default-source-authentication
  default-source-enrollment:
    fn::invoke:
      function: authentik:getFlow
      arguments:
        slug: default-source-enrollment

Create SourceOauth Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SourceOauth(name: string, args: SourceOauthArgs, opts?: CustomResourceOptions);

@overload
def SourceOauth(resource_name: str,
                args: SourceOauthArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def SourceOauth(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                consumer_key: Optional[str] = None,
                slug: Optional[str] = None,
                provider_type: Optional[str] = None,
                consumer_secret: Optional[str] = None,
                oidc_well_known_url: Optional[str] = None,
                policy_engine_mode: Optional[str] = None,
                enabled: Optional[bool] = None,
                enrollment_flow: Optional[str] = None,
                group_matching_mode: Optional[str] = None,
                name: Optional[str] = None,
                oidc_jwks: Optional[str] = None,
                oidc_jwks_url: Optional[str] = None,
                access_token_url: Optional[str] = None,
                authorization_url: Optional[str] = None,
                profile_url: Optional[str] = None,
                property_mappings: Optional[Sequence[str]] = None,
                property_mappings_groups: Optional[Sequence[str]] = None,
                authentication_flow: Optional[str] = None,
                request_token_url: Optional[str] = None,
                additional_scopes: Optional[str] = None,
                source_oauth_id: Optional[str] = None,
                user_matching_mode: Optional[str] = None,
                user_path_template: Optional[str] = None,
                uuid: Optional[str] = None)

func NewSourceOauth(ctx *Context, name string, args SourceOauthArgs, opts ...ResourceOption) (*SourceOauth, error)

public SourceOauth(string name, SourceOauthArgs args, CustomResourceOptions? opts = null)

public SourceOauth(String name, SourceOauthArgs args)
public SourceOauth(String name, SourceOauthArgs args, CustomResourceOptions options)

type: authentik:SourceOauth
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args SourceOauthArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args SourceOauthArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args SourceOauthArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args SourceOauthArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args SourceOauthArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var sourceOauthResource = new Authentik.SourceOauth("sourceOauthResource", new()
{
    ConsumerKey = "string",
    Slug = "string",
    ProviderType = "string",
    ConsumerSecret = "string",
    OidcWellKnownUrl = "string",
    PolicyEngineMode = "string",
    Enabled = false,
    EnrollmentFlow = "string",
    GroupMatchingMode = "string",
    Name = "string",
    OidcJwks = "string",
    OidcJwksUrl = "string",
    AccessTokenUrl = "string",
    AuthorizationUrl = "string",
    ProfileUrl = "string",
    PropertyMappings = new[]
    {
        "string",
    },
    PropertyMappingsGroups = new[]
    {
        "string",
    },
    AuthenticationFlow = "string",
    RequestTokenUrl = "string",
    AdditionalScopes = "string",
    SourceOauthId = "string",
    UserMatchingMode = "string",
    UserPathTemplate = "string",
    Uuid = "string",
});

example, err := authentik.NewSourceOauth(ctx, "sourceOauthResource", &authentik.SourceOauthArgs{
	ConsumerKey:       pulumi.String("string"),
	Slug:              pulumi.String("string"),
	ProviderType:      pulumi.String("string"),
	ConsumerSecret:    pulumi.String("string"),
	OidcWellKnownUrl:  pulumi.String("string"),
	PolicyEngineMode:  pulumi.String("string"),
	Enabled:           pulumi.Bool(false),
	EnrollmentFlow:    pulumi.String("string"),
	GroupMatchingMode: pulumi.String("string"),
	Name:              pulumi.String("string"),
	OidcJwks:          pulumi.String("string"),
	OidcJwksUrl:       pulumi.String("string"),
	AccessTokenUrl:    pulumi.String("string"),
	AuthorizationUrl:  pulumi.String("string"),
	ProfileUrl:        pulumi.String("string"),
	PropertyMappings: pulumi.StringArray{
		pulumi.String("string"),
	},
	PropertyMappingsGroups: pulumi.StringArray{
		pulumi.String("string"),
	},
	AuthenticationFlow: pulumi.String("string"),
	RequestTokenUrl:    pulumi.String("string"),
	AdditionalScopes:   pulumi.String("string"),
	SourceOauthId:      pulumi.String("string"),
	UserMatchingMode:   pulumi.String("string"),
	UserPathTemplate:   pulumi.String("string"),
	Uuid:               pulumi.String("string"),
})

var sourceOauthResource = new SourceOauth("sourceOauthResource", SourceOauthArgs.builder()
    .consumerKey("string")
    .slug("string")
    .providerType("string")
    .consumerSecret("string")
    .oidcWellKnownUrl("string")
    .policyEngineMode("string")
    .enabled(false)
    .enrollmentFlow("string")
    .groupMatchingMode("string")
    .name("string")
    .oidcJwks("string")
    .oidcJwksUrl("string")
    .accessTokenUrl("string")
    .authorizationUrl("string")
    .profileUrl("string")
    .propertyMappings("string")
    .propertyMappingsGroups("string")
    .authenticationFlow("string")
    .requestTokenUrl("string")
    .additionalScopes("string")
    .sourceOauthId("string")
    .userMatchingMode("string")
    .userPathTemplate("string")
    .uuid("string")
    .build());

source_oauth_resource = authentik.SourceOauth("sourceOauthResource",
    consumer_key="string",
    slug="string",
    provider_type="string",
    consumer_secret="string",
    oidc_well_known_url="string",
    policy_engine_mode="string",
    enabled=False,
    enrollment_flow="string",
    group_matching_mode="string",
    name="string",
    oidc_jwks="string",
    oidc_jwks_url="string",
    access_token_url="string",
    authorization_url="string",
    profile_url="string",
    property_mappings=["string"],
    property_mappings_groups=["string"],
    authentication_flow="string",
    request_token_url="string",
    additional_scopes="string",
    source_oauth_id="string",
    user_matching_mode="string",
    user_path_template="string",
    uuid="string")

const sourceOauthResource = new authentik.SourceOauth("sourceOauthResource", {
    consumerKey: "string",
    slug: "string",
    providerType: "string",
    consumerSecret: "string",
    oidcWellKnownUrl: "string",
    policyEngineMode: "string",
    enabled: false,
    enrollmentFlow: "string",
    groupMatchingMode: "string",
    name: "string",
    oidcJwks: "string",
    oidcJwksUrl: "string",
    accessTokenUrl: "string",
    authorizationUrl: "string",
    profileUrl: "string",
    propertyMappings: ["string"],
    propertyMappingsGroups: ["string"],
    authenticationFlow: "string",
    requestTokenUrl: "string",
    additionalScopes: "string",
    sourceOauthId: "string",
    userMatchingMode: "string",
    userPathTemplate: "string",
    uuid: "string",
});

type: authentik:SourceOauth
properties:
    accessTokenUrl: string
    additionalScopes: string
    authenticationFlow: string
    authorizationUrl: string
    consumerKey: string
    consumerSecret: string
    enabled: false
    enrollmentFlow: string
    groupMatchingMode: string
    name: string
    oidcJwks: string
    oidcJwksUrl: string
    oidcWellKnownUrl: string
    policyEngineMode: string
    profileUrl: string
    propertyMappings:
        - string
    propertyMappingsGroups:
        - string
    providerType: string
    requestTokenUrl: string
    slug: string
    sourceOauthId: string
    userMatchingMode: string
    userPathTemplate: string
    uuid: string

SourceOauth Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SourceOauth resource accepts the following input properties:

ConsumerKey string
ConsumerSecret string
ProviderType string: Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
Slug string
AccessTokenUrl string: Only required for OAuth1.
AdditionalScopes string
AuthenticationFlow string
AuthorizationUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
Enabled bool: Defaults to true.
EnrollmentFlow string
GroupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
Name string
OidcJwks string: Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
OidcJwksUrl string: Automatically configure JWKS if not specified by oidc_well_known_url.
OidcWellKnownUrl string: Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
PolicyEngineMode string: Allowed values: - all - any Defaults to any.
ProfileUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
PropertyMappings List<string>
PropertyMappingsGroups List<string>
RequestTokenUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
SourceOauthId string
UserMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
UserPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
Uuid string: Generated.

ConsumerKey string
ConsumerSecret string
ProviderType string: Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
Slug string
AccessTokenUrl string: Only required for OAuth1.
AdditionalScopes string
AuthenticationFlow string
AuthorizationUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
Enabled bool: Defaults to true.
EnrollmentFlow string
GroupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
Name string
OidcJwks string: Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
OidcJwksUrl string: Automatically configure JWKS if not specified by oidc_well_known_url.
OidcWellKnownUrl string: Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
PolicyEngineMode string: Allowed values: - all - any Defaults to any.
ProfileUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
PropertyMappings []string
PropertyMappingsGroups []string
RequestTokenUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
SourceOauthId string
UserMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
UserPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
Uuid string: Generated.

consumerKey String
consumerSecret String
providerType String: Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
slug String
accessTokenUrl String: Only required for OAuth1.
additionalScopes String
authenticationFlow String
authorizationUrl String: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
enabled Boolean: Defaults to true.
enrollmentFlow String
groupMatchingMode String: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
name String
oidcJwks String: Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
oidcJwksUrl String: Automatically configure JWKS if not specified by oidc_well_known_url.
oidcWellKnownUrl String: Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
policyEngineMode String: Allowed values: - all - any Defaults to any.
profileUrl String: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
propertyMappings List<String>
propertyMappingsGroups List<String>
requestTokenUrl String: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
sourceOauthId String
userMatchingMode String: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate String: Defaults to goauthentik.io/sources/%(slug)s.
uuid String: Generated.

consumerKey string
consumerSecret string
providerType string: Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
slug string
accessTokenUrl string: Only required for OAuth1.
additionalScopes string
authenticationFlow string
authorizationUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
enabled boolean: Defaults to true.
enrollmentFlow string
groupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
name string
oidcJwks string: Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
oidcJwksUrl string: Automatically configure JWKS if not specified by oidc_well_known_url.
oidcWellKnownUrl string: Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
policyEngineMode string: Allowed values: - all - any Defaults to any.
profileUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
propertyMappings string[]
propertyMappingsGroups string[]
requestTokenUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
sourceOauthId string
userMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
uuid string: Generated.

consumer_key str
consumer_secret str
provider_type str: Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
slug str
access_token_url str: Only required for OAuth1.
additional_scopes str
authentication_flow str
authorization_url str: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
enabled bool: Defaults to true.
enrollment_flow str
group_matching_mode str: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
name str
oidc_jwks str: Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
oidc_jwks_url str: Automatically configure JWKS if not specified by oidc_well_known_url.
oidc_well_known_url str: Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
policy_engine_mode str: Allowed values: - all - any Defaults to any.
profile_url str: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
property_mappings Sequence[str]
property_mappings_groups Sequence[str]
request_token_url str: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
source_oauth_id str
user_matching_mode str: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
user_path_template str: Defaults to goauthentik.io/sources/%(slug)s.
uuid str: Generated.

consumerKey String
consumerSecret String
providerType String: Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
slug String
accessTokenUrl String: Only required for OAuth1.
additionalScopes String
authenticationFlow String
authorizationUrl String: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
enabled Boolean: Defaults to true.
enrollmentFlow String
groupMatchingMode String: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
name String
oidcJwks String: Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
oidcJwksUrl String: Automatically configure JWKS if not specified by oidc_well_known_url.
oidcWellKnownUrl String: Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
policyEngineMode String: Allowed values: - all - any Defaults to any.
profileUrl String: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
propertyMappings List<String>
propertyMappingsGroups List<String>
requestTokenUrl String: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
sourceOauthId String
userMatchingMode String: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate String: Defaults to goauthentik.io/sources/%(slug)s.
uuid String: Generated.

Outputs

All input properties are implicitly available as output properties. Additionally, the SourceOauth resource produces the following output properties:

CallbackUri string: Generated.
Id string: The provider-assigned unique ID for this managed resource.

CallbackUri string: Generated.
Id string: The provider-assigned unique ID for this managed resource.

callbackUri String: Generated.
id String: The provider-assigned unique ID for this managed resource.

callbackUri string: Generated.
id string: The provider-assigned unique ID for this managed resource.

callback_uri str: Generated.
id str: The provider-assigned unique ID for this managed resource.

callbackUri String: Generated.
id String: The provider-assigned unique ID for this managed resource.

Look up Existing SourceOauth Resource

Get an existing SourceOauth resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SourceOauthState, opts?: CustomResourceOptions): SourceOauth

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_token_url: Optional[str] = None,
        additional_scopes: Optional[str] = None,
        authentication_flow: Optional[str] = None,
        authorization_url: Optional[str] = None,
        callback_uri: Optional[str] = None,
        consumer_key: Optional[str] = None,
        consumer_secret: Optional[str] = None,
        enabled: Optional[bool] = None,
        enrollment_flow: Optional[str] = None,
        group_matching_mode: Optional[str] = None,
        name: Optional[str] = None,
        oidc_jwks: Optional[str] = None,
        oidc_jwks_url: Optional[str] = None,
        oidc_well_known_url: Optional[str] = None,
        policy_engine_mode: Optional[str] = None,
        profile_url: Optional[str] = None,
        property_mappings: Optional[Sequence[str]] = None,
        property_mappings_groups: Optional[Sequence[str]] = None,
        provider_type: Optional[str] = None,
        request_token_url: Optional[str] = None,
        slug: Optional[str] = None,
        source_oauth_id: Optional[str] = None,
        user_matching_mode: Optional[str] = None,
        user_path_template: Optional[str] = None,
        uuid: Optional[str] = None) -> SourceOauth

func GetSourceOauth(ctx *Context, name string, id IDInput, state *SourceOauthState, opts ...ResourceOption) (*SourceOauth, error)

public static SourceOauth Get(string name, Input<string> id, SourceOauthState? state, CustomResourceOptions? opts = null)

public static SourceOauth get(String name, Output<String> id, SourceOauthState state, CustomResourceOptions options)

resources:  _:    type: authentik:SourceOauth    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccessTokenUrl string: Only required for OAuth1.
AdditionalScopes string
AuthenticationFlow string
AuthorizationUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
CallbackUri string: Generated.
ConsumerKey string
ConsumerSecret string
Enabled bool: Defaults to true.
EnrollmentFlow string
GroupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
Name string
OidcJwks string: Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
OidcJwksUrl string: Automatically configure JWKS if not specified by oidc_well_known_url.
OidcWellKnownUrl string: Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
PolicyEngineMode string: Allowed values: - all - any Defaults to any.
ProfileUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
PropertyMappings List<string>
PropertyMappingsGroups List<string>
ProviderType string: Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
RequestTokenUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
Slug string
SourceOauthId string
UserMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
UserPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
Uuid string: Generated.

AccessTokenUrl string: Only required for OAuth1.
AdditionalScopes string
AuthenticationFlow string
AuthorizationUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
CallbackUri string: Generated.
ConsumerKey string
ConsumerSecret string
Enabled bool: Defaults to true.
EnrollmentFlow string
GroupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
Name string
OidcJwks string: Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
OidcJwksUrl string: Automatically configure JWKS if not specified by oidc_well_known_url.
OidcWellKnownUrl string: Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
PolicyEngineMode string: Allowed values: - all - any Defaults to any.
ProfileUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
PropertyMappings []string
PropertyMappingsGroups []string
ProviderType string: Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
RequestTokenUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
Slug string
SourceOauthId string
UserMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
UserPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
Uuid string: Generated.

accessTokenUrl String: Only required for OAuth1.
additionalScopes String
authenticationFlow String
authorizationUrl String: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
callbackUri String: Generated.
consumerKey String
consumerSecret String
enabled Boolean: Defaults to true.
enrollmentFlow String
groupMatchingMode String: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
name String
oidcJwks String: Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
oidcJwksUrl String: Automatically configure JWKS if not specified by oidc_well_known_url.
oidcWellKnownUrl String: Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
policyEngineMode String: Allowed values: - all - any Defaults to any.
profileUrl String: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
propertyMappings List<String>
propertyMappingsGroups List<String>
providerType String: Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
requestTokenUrl String: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
slug String
sourceOauthId String
userMatchingMode String: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate String: Defaults to goauthentik.io/sources/%(slug)s.
uuid String: Generated.

accessTokenUrl string: Only required for OAuth1.
additionalScopes string
authenticationFlow string
authorizationUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
callbackUri string: Generated.
consumerKey string
consumerSecret string
enabled boolean: Defaults to true.
enrollmentFlow string
groupMatchingMode string: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
name string
oidcJwks string: Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
oidcJwksUrl string: Automatically configure JWKS if not specified by oidc_well_known_url.
oidcWellKnownUrl string: Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
policyEngineMode string: Allowed values: - all - any Defaults to any.
profileUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
propertyMappings string[]
propertyMappingsGroups string[]
providerType string: Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
requestTokenUrl string: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
slug string
sourceOauthId string
userMatchingMode string: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate string: Defaults to goauthentik.io/sources/%(slug)s.
uuid string: Generated.

access_token_url str: Only required for OAuth1.
additional_scopes str
authentication_flow str
authorization_url str: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
callback_uri str: Generated.
consumer_key str
consumer_secret str
enabled bool: Defaults to true.
enrollment_flow str
group_matching_mode str: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
name str
oidc_jwks str: Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
oidc_jwks_url str: Automatically configure JWKS if not specified by oidc_well_known_url.
oidc_well_known_url str: Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
policy_engine_mode str: Allowed values: - all - any Defaults to any.
profile_url str: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
property_mappings Sequence[str]
property_mappings_groups Sequence[str]
provider_type str: Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
request_token_url str: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
slug str
source_oauth_id str
user_matching_mode str: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
user_path_template str: Defaults to goauthentik.io/sources/%(slug)s.
uuid str: Generated.

accessTokenUrl String: Only required for OAuth1.
additionalScopes String
authenticationFlow String
authorizationUrl String: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
callbackUri String: Generated.
consumerKey String
consumerSecret String
enabled Boolean: Defaults to true.
enrollmentFlow String
groupMatchingMode String: Allowed values: - identifier - name_link - name_deny Defaults to identifier.
name String
oidcJwks String: Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
oidcJwksUrl String: Automatically configure JWKS if not specified by oidc_well_known_url.
oidcWellKnownUrl String: Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
policyEngineMode String: Allowed values: - all - any Defaults to any.
profileUrl String: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
propertyMappings List<String>
propertyMappingsGroups List<String>
providerType String: Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
requestTokenUrl String: Manually configure OAuth2 URLs when oidc_well_known_url is not set.
slug String
sourceOauthId String
userMatchingMode String: Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate String: Defaults to goauthentik.io/sources/%(slug)s.
uuid String: Generated.

Package Details

Repository: authentik goauthentik/terraform-provider-authentik
License
Notes: This Pulumi package is based on the authentik Terraform Provider.

authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik

goauthentik/terraform-provider-authentik

authentik.SourceOauth

On this page

On this page

Example Usage

Create SourceOauth Resource

Constructor syntax

Parameters

Constructor example

SourceOauth Resource Properties

Inputs

Outputs

Look up Existing SourceOauth Resource

Package Details

On this page

On this page