Docs Home
Auth0 v3.17.1 published on Tuesday, Apr 15, 2025 by Pulumi
auth0.ResourceServer
Explore with Pulumi AI
With this resource, you can set up APIs that can be consumed from your authorized applications.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const myResourceServer = new auth0.ResourceServer("my_resource_server", {
name: "Example Resource Server (Managed by Terraform)",
identifier: "https://api.example.com",
signingAlg: "RS256",
allowOfflineAccess: true,
tokenLifetime: 8600,
skipConsentForVerifiableFirstPartyClients: true,
consentPolicy: "transactional-authorization-with-mfa",
tokenEncryption: {
format: "compact-nested-jwe",
encryptionKey: {
name: "keyname",
algorithm: "RSA-OAEP-256",
pem: `-----BEGIN CERTIFICATE-----
MIIFWDCCA0ACCQDXqpBo3R...G9w0BAQsFADBuMQswCQYDVQQGEwJl
-----END CERTIFICATE-----
`,
},
},
authorizationDetails: [
{
type: "payment",
},
{
type: "non-payment",
},
],
proofOfPossession: {
mechanism: "mtls",
required: true,
},
});
import pulumi
import pulumi_auth0 as auth0
my_resource_server = auth0.ResourceServer("my_resource_server",
name="Example Resource Server (Managed by Terraform)",
identifier="https://api.example.com",
signing_alg="RS256",
allow_offline_access=True,
token_lifetime=8600,
skip_consent_for_verifiable_first_party_clients=True,
consent_policy="transactional-authorization-with-mfa",
token_encryption={
"format": "compact-nested-jwe",
"encryption_key": {
"name": "keyname",
"algorithm": "RSA-OAEP-256",
"pem": """-----BEGIN CERTIFICATE-----
MIIFWDCCA0ACCQDXqpBo3R...G9w0BAQsFADBuMQswCQYDVQQGEwJl
-----END CERTIFICATE-----
""",
},
},
authorization_details=[
{
"type": "payment",
},
{
"type": "non-payment",
},
],
proof_of_possession={
"mechanism": "mtls",
"required": True,
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewResourceServer(ctx, "my_resource_server", &auth0.ResourceServerArgs{
Name: pulumi.String("Example Resource Server (Managed by Terraform)"),
Identifier: pulumi.String("https://api.example.com"),
SigningAlg: pulumi.String("RS256"),
AllowOfflineAccess: pulumi.Bool(true),
TokenLifetime: pulumi.Int(8600),
SkipConsentForVerifiableFirstPartyClients: pulumi.Bool(true),
ConsentPolicy: pulumi.String("transactional-authorization-with-mfa"),
TokenEncryption: &auth0.ResourceServerTokenEncryptionArgs{
Format: pulumi.String("compact-nested-jwe"),
EncryptionKey: &auth0.ResourceServerTokenEncryptionEncryptionKeyArgs{
Name: pulumi.String("keyname"),
Algorithm: pulumi.String("RSA-OAEP-256"),
Pem: pulumi.String("-----BEGIN CERTIFICATE-----\nMIIFWDCCA0ACCQDXqpBo3R...G9w0BAQsFADBuMQswCQYDVQQGEwJl\n-----END CERTIFICATE-----\n"),
},
},
AuthorizationDetails: auth0.ResourceServerAuthorizationDetailArray{
&auth0.ResourceServerAuthorizationDetailArgs{
Type: pulumi.String("payment"),
},
&auth0.ResourceServerAuthorizationDetailArgs{
Type: pulumi.String("non-payment"),
},
},
ProofOfPossession: &auth0.ResourceServerProofOfPossessionArgs{
Mechanism: pulumi.String("mtls"),
Required: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var myResourceServer = new Auth0.ResourceServer("my_resource_server", new()
{
Name = "Example Resource Server (Managed by Terraform)",
Identifier = "https://api.example.com",
SigningAlg = "RS256",
AllowOfflineAccess = true,
TokenLifetime = 8600,
SkipConsentForVerifiableFirstPartyClients = true,
ConsentPolicy = "transactional-authorization-with-mfa",
TokenEncryption = new Auth0.Inputs.ResourceServerTokenEncryptionArgs
{
Format = "compact-nested-jwe",
EncryptionKey = new Auth0.Inputs.ResourceServerTokenEncryptionEncryptionKeyArgs
{
Name = "keyname",
Algorithm = "RSA-OAEP-256",
Pem = @"-----BEGIN CERTIFICATE-----
MIIFWDCCA0ACCQDXqpBo3R...G9w0BAQsFADBuMQswCQYDVQQGEwJl
-----END CERTIFICATE-----
",
},
},
AuthorizationDetails = new[]
{
new Auth0.Inputs.ResourceServerAuthorizationDetailArgs
{
Type = "payment",
},
new Auth0.Inputs.ResourceServerAuthorizationDetailArgs
{
Type = "non-payment",
},
},
ProofOfPossession = new Auth0.Inputs.ResourceServerProofOfPossessionArgs
{
Mechanism = "mtls",
Required = true,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.ResourceServer;
import com.pulumi.auth0.ResourceServerArgs;
import com.pulumi.auth0.inputs.ResourceServerTokenEncryptionArgs;
import com.pulumi.auth0.inputs.ResourceServerTokenEncryptionEncryptionKeyArgs;
import com.pulumi.auth0.inputs.ResourceServerAuthorizationDetailArgs;
import com.pulumi.auth0.inputs.ResourceServerProofOfPossessionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myResourceServer = new ResourceServer("myResourceServer", ResourceServerArgs.builder()
.name("Example Resource Server (Managed by Terraform)")
.identifier("https://api.example.com")
.signingAlg("RS256")
.allowOfflineAccess(true)
.tokenLifetime(8600)
.skipConsentForVerifiableFirstPartyClients(true)
.consentPolicy("transactional-authorization-with-mfa")
.tokenEncryption(ResourceServerTokenEncryptionArgs.builder()
.format("compact-nested-jwe")
.encryptionKey(ResourceServerTokenEncryptionEncryptionKeyArgs.builder()
.name("keyname")
.algorithm("RSA-OAEP-256")
.pem("""
-----BEGIN CERTIFICATE-----
MIIFWDCCA0ACCQDXqpBo3R...G9w0BAQsFADBuMQswCQYDVQQGEwJl
-----END CERTIFICATE-----
""")
.build())
.build())
.authorizationDetails(
ResourceServerAuthorizationDetailArgs.builder()
.type("payment")
.build(),
ResourceServerAuthorizationDetailArgs.builder()
.type("non-payment")
.build())
.proofOfPossession(ResourceServerProofOfPossessionArgs.builder()
.mechanism("mtls")
.required(true)
.build())
.build());
}
}
resources:
myResourceServer:
type: auth0:ResourceServer
name: my_resource_server
properties:
name: Example Resource Server (Managed by Terraform)
identifier: https://api.example.com
signingAlg: RS256
allowOfflineAccess: true
tokenLifetime: 8600
skipConsentForVerifiableFirstPartyClients: true
consentPolicy: transactional-authorization-with-mfa
tokenEncryption:
format: compact-nested-jwe
encryptionKey:
name: keyname
algorithm: RSA-OAEP-256
pem: |
-----BEGIN CERTIFICATE-----
MIIFWDCCA0ACCQDXqpBo3R...G9w0BAQsFADBuMQswCQYDVQQGEwJl
-----END CERTIFICATE-----
authorizationDetails:
- type: payment
- type: non-payment
proofOfPossession:
mechanism: mtls
required: true
Create ResourceServer Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ResourceServer(name: string, args: ResourceServerArgs, opts?: CustomResourceOptions);@overload
def ResourceServer(resource_name: str,
args: ResourceServerArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ResourceServer(resource_name: str,
opts: Optional[ResourceOptions] = None,
identifier: Optional[str] = None,
proof_of_possession: Optional[ResourceServerProofOfPossessionArgs] = None,
signing_secret: Optional[str] = None,
enforce_policies: Optional[bool] = None,
authorization_details: Optional[Sequence[ResourceServerAuthorizationDetailArgs]] = None,
name: Optional[str] = None,
allow_offline_access: Optional[bool] = None,
signing_alg: Optional[str] = None,
consent_policy: Optional[str] = None,
skip_consent_for_verifiable_first_party_clients: Optional[bool] = None,
token_dialect: Optional[str] = None,
token_encryption: Optional[ResourceServerTokenEncryptionArgs] = None,
token_lifetime: Optional[int] = None,
token_lifetime_for_web: Optional[int] = None,
verification_location: Optional[str] = None)func NewResourceServer(ctx *Context, name string, args ResourceServerArgs, opts ...ResourceOption) (*ResourceServer, error)public ResourceServer(string name, ResourceServerArgs args, CustomResourceOptions? opts = null)public ResourceServer(String name, ResourceServerArgs args)
public ResourceServer(String name, ResourceServerArgs args, CustomResourceOptions options)
type: auth0:ResourceServer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ResourceServerArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name
This property is required. str - The unique name of the resource.
- args
This property is required. ResourceServerArgs - The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ResourceServerArgs - The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name
This property is required. string - The unique name of the resource.
- args
This property is required. ResourceServerArgs - The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name
This property is required. String - The unique name of the resource.
- args
This property is required. ResourceServerArgs - The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var resourceServerResource = new Auth0.ResourceServer("resourceServerResource", new()
{
Identifier = "string",
ProofOfPossession = new Auth0.Inputs.ResourceServerProofOfPossessionArgs
{
Disable = false,
Mechanism = "string",
Required = false,
},
SigningSecret = "string",
EnforcePolicies = false,
AuthorizationDetails = new[]
{
new Auth0.Inputs.ResourceServerAuthorizationDetailArgs
{
Disable = false,
Type = "string",
},
},
Name = "string",
AllowOfflineAccess = false,
SigningAlg = "string",
ConsentPolicy = "string",
SkipConsentForVerifiableFirstPartyClients = false,
TokenDialect = "string",
TokenEncryption = new Auth0.Inputs.ResourceServerTokenEncryptionArgs
{
Disable = false,
EncryptionKey = new Auth0.Inputs.ResourceServerTokenEncryptionEncryptionKeyArgs
{
Algorithm = "string",
Pem = "string",
Kid = "string",
Name = "string",
},
Format = "string",
},
TokenLifetime = 0,
TokenLifetimeForWeb = 0,
VerificationLocation = "string",
});
example, err := auth0.NewResourceServer(ctx, "resourceServerResource", &auth0.ResourceServerArgs{
Identifier: pulumi.String("string"),
ProofOfPossession: &auth0.ResourceServerProofOfPossessionArgs{
Disable: pulumi.Bool(false),
Mechanism: pulumi.String("string"),
Required: pulumi.Bool(false),
},
SigningSecret: pulumi.String("string"),
EnforcePolicies: pulumi.Bool(false),
AuthorizationDetails: auth0.ResourceServerAuthorizationDetailArray{
&auth0.ResourceServerAuthorizationDetailArgs{
Disable: pulumi.Bool(false),
Type: pulumi.String("string"),
},
},
Name: pulumi.String("string"),
AllowOfflineAccess: pulumi.Bool(false),
SigningAlg: pulumi.String("string"),
ConsentPolicy: pulumi.String("string"),
SkipConsentForVerifiableFirstPartyClients: pulumi.Bool(false),
TokenDialect: pulumi.String("string"),
TokenEncryption: &auth0.ResourceServerTokenEncryptionArgs{
Disable: pulumi.Bool(false),
EncryptionKey: &auth0.ResourceServerTokenEncryptionEncryptionKeyArgs{
Algorithm: pulumi.String("string"),
Pem: pulumi.String("string"),
Kid: pulumi.String("string"),
Name: pulumi.String("string"),
},
Format: pulumi.String("string"),
},
TokenLifetime: pulumi.Int(0),
TokenLifetimeForWeb: pulumi.Int(0),
VerificationLocation: pulumi.String("string"),
})
var resourceServerResource = new ResourceServer("resourceServerResource", ResourceServerArgs.builder()
.identifier("string")
.proofOfPossession(ResourceServerProofOfPossessionArgs.builder()
.disable(false)
.mechanism("string")
.required(false)
.build())
.signingSecret("string")
.enforcePolicies(false)
.authorizationDetails(ResourceServerAuthorizationDetailArgs.builder()
.disable(false)
.type("string")
.build())
.name("string")
.allowOfflineAccess(false)
.signingAlg("string")
.consentPolicy("string")
.skipConsentForVerifiableFirstPartyClients(false)
.tokenDialect("string")
.tokenEncryption(ResourceServerTokenEncryptionArgs.builder()
.disable(false)
.encryptionKey(ResourceServerTokenEncryptionEncryptionKeyArgs.builder()
.algorithm("string")
.pem("string")
.kid("string")
.name("string")
.build())
.format("string")
.build())
.tokenLifetime(0)
.tokenLifetimeForWeb(0)
.verificationLocation("string")
.build());
resource_server_resource = auth0.ResourceServer("resourceServerResource",
identifier="string",
proof_of_possession={
"disable": False,
"mechanism": "string",
"required": False,
},
signing_secret="string",
enforce_policies=False,
authorization_details=[{
"disable": False,
"type": "string",
}],
name="string",
allow_offline_access=False,
signing_alg="string",
consent_policy="string",
skip_consent_for_verifiable_first_party_clients=False,
token_dialect="string",
token_encryption={
"disable": False,
"encryption_key": {
"algorithm": "string",
"pem": "string",
"kid": "string",
"name": "string",
},
"format": "string",
},
token_lifetime=0,
token_lifetime_for_web=0,
verification_location="string")
const resourceServerResource = new auth0.ResourceServer("resourceServerResource", {
identifier: "string",
proofOfPossession: {
disable: false,
mechanism: "string",
required: false,
},
signingSecret: "string",
enforcePolicies: false,
authorizationDetails: [{
disable: false,
type: "string",
}],
name: "string",
allowOfflineAccess: false,
signingAlg: "string",
consentPolicy: "string",
skipConsentForVerifiableFirstPartyClients: false,
tokenDialect: "string",
tokenEncryption: {
disable: false,
encryptionKey: {
algorithm: "string",
pem: "string",
kid: "string",
name: "string",
},
format: "string",
},
tokenLifetime: 0,
tokenLifetimeForWeb: 0,
verificationLocation: "string",
});
type: auth0:ResourceServer
properties:
allowOfflineAccess: false
authorizationDetails:
- disable: false
type: string
consentPolicy: string
enforcePolicies: false
identifier: string
name: string
proofOfPossession:
disable: false
mechanism: string
required: false
signingAlg: string
signingSecret: string
skipConsentForVerifiableFirstPartyClients: false
tokenDialect: string
tokenEncryption:
disable: false
encryptionKey:
algorithm: string
kid: string
name: string
pem: string
format: string
tokenLifetime: 0
tokenLifetimeForWeb: 0
verificationLocation: string
ResourceServer Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ResourceServer resource accepts the following input properties:
- Identifier
string
This property is required. 
Changes to this property will trigger replacement. - Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set.
- Allow
Offline boolAccess - Indicates whether refresh tokens can be issued for this resource server.
-
List<Resource
Server Authorization Detail> - Authorization details for this resource server.
- Consent
Policy string - Consent policy for this resource server. Options include
transactional-authorization-with-mfa, ornullto disable. - Enforce
Policies bool - If this setting is enabled, RBAC authorization policies will be enforced for this API. Role and permission assignments will be evaluated during the login transaction.
- Name string
- Friendly name for the resource server. Cannot include
<or>characters. - Proof
Of ResourcePossession Server Proof Of Possession - Configuration settings for proof-of-possession for this resource server.
- Signing
Alg string - Algorithm used to sign JWTs. Options include
HS256,RS256, andPS256. - Signing
Secret string - Secret used to sign tokens when using symmetric algorithms (HS256).
- Skip
Consent boolFor Verifiable First Party Clients - Indicates whether to skip user consent for applications flagged as first party.
- Token
Dialect string - Dialect of access tokens that should be issued for this resource server. Options include
access_token,rfc9068_profile,access_token_authz, andrfc9068_profile_authz.access_tokenis a JWT containing standard Auth0 claims.rfc9068_profileis a JWT conforming to the IETF JWT Access Token Profile.access_token_authzis a JWT containing standard Auth0 claims, including RBAC permissions claims.rfc9068_profile_authzis a JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims. RBAC permissions claims are available if RBAC (enforce_policies) is enabled for this API. For more details, refer to Access Token Profiles. - Token
Encryption ResourceServer Token Encryption - Configuration for JSON Web Encryption(JWE) of tokens for this resource server.
- Token
Lifetime int - Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
- Token
Lifetime intFor Web - Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the
token_lifetimevalue. - Verification
Location string - URL from which to retrieve JWKs for this resource server. Used for verifying the JWT sent to Auth0 for token introspection.
- Identifier
string
This property is required. Changes to this property will trigger replacement. - Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set.
- Allow
Offline boolAccess - Indicates whether refresh tokens can be issued for this resource server.
-
[]Resource
Server Authorization Detail Args - Authorization details for this resource server.
- Consent
Policy string - Consent policy for this resource server. Options include
transactional-authorization-with-mfa, ornullto disable. - Enforce
Policies bool - If this setting is enabled, RBAC authorization policies will be enforced for this API. Role and permission assignments will be evaluated during the login transaction.
- Name string
- Friendly name for the resource server. Cannot include
<or>characters. - Proof
Of ResourcePossession Server Proof Of Possession Args - Configuration settings for proof-of-possession for this resource server.
- Signing
Alg string - Algorithm used to sign JWTs. Options include
HS256,RS256, andPS256. - Signing
Secret string - Secret used to sign tokens when using symmetric algorithms (HS256).
- Skip
Consent boolFor Verifiable First Party Clients - Indicates whether to skip user consent for applications flagged as first party.
- Token
Dialect string - Dialect of access tokens that should be issued for this resource server. Options include
access_token,rfc9068_profile,access_token_authz, andrfc9068_profile_authz.access_tokenis a JWT containing standard Auth0 claims.rfc9068_profileis a JWT conforming to the IETF JWT Access Token Profile.access_token_authzis a JWT containing standard Auth0 claims, including RBAC permissions claims.rfc9068_profile_authzis a JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims. RBAC permissions claims are available if RBAC (enforce_policies) is enabled for this API. For more details, refer to Access Token Profiles. - Token
Encryption ResourceServer Token Encryption Args - Configuration for JSON Web Encryption(JWE) of tokens for this resource server.
- Token
Lifetime int - Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
- Token
Lifetime intFor Web - Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the
token_lifetimevalue. - Verification
Location string - URL from which to retrieve JWKs for this resource server. Used for verifying the JWT sent to Auth0 for token introspection.
- identifier
String
This property is required. Changes to this property will trigger replacement. - Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set.
- allow
Offline BooleanAccess - Indicates whether refresh tokens can be issued for this resource server.
-
List<Resource
Server Authorization Detail> - Authorization details for this resource server.
- consent
Policy String - Consent policy for this resource server. Options include
transactional-authorization-with-mfa, ornullto disable. - enforce
Policies Boolean - If this setting is enabled, RBAC authorization policies will be enforced for this API. Role and permission assignments will be evaluated during the login transaction.
- name String
- Friendly name for the resource server. Cannot include
<or>characters. - proof
Of ResourcePossession Server Proof Of Possession - Configuration settings for proof-of-possession for this resource server.
- signing
Alg String - Algorithm used to sign JWTs. Options include
HS256,RS256, andPS256. - signing
Secret String - Secret used to sign tokens when using symmetric algorithms (HS256).
- skip
Consent BooleanFor Verifiable First Party Clients - Indicates whether to skip user consent for applications flagged as first party.
- token
Dialect String - Dialect of access tokens that should be issued for this resource server. Options include
access_token,rfc9068_profile,access_token_authz, andrfc9068_profile_authz.access_tokenis a JWT containing standard Auth0 claims.rfc9068_profileis a JWT conforming to the IETF JWT Access Token Profile.access_token_authzis a JWT containing standard Auth0 claims, including RBAC permissions claims.rfc9068_profile_authzis a JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims. RBAC permissions claims are available if RBAC (enforce_policies) is enabled for this API. For more details, refer to Access Token Profiles. - token
Encryption ResourceServer Token Encryption - Configuration for JSON Web Encryption(JWE) of tokens for this resource server.
- token
Lifetime Integer - Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
- token
Lifetime IntegerFor Web - Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the
token_lifetimevalue. - verification
Location String - URL from which to retrieve JWKs for this resource server. Used for verifying the JWT sent to Auth0 for token introspection.
- identifier
string
This property is required. Changes to this property will trigger replacement. - Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set.
- allow
Offline booleanAccess - Indicates whether refresh tokens can be issued for this resource server.
-
Resource
Server Authorization Detail[] - Authorization details for this resource server.
- consent
Policy string - Consent policy for this resource server. Options include
transactional-authorization-with-mfa, ornullto disable. - enforce
Policies boolean - If this setting is enabled, RBAC authorization policies will be enforced for this API. Role and permission assignments will be evaluated during the login transaction.
- name string
- Friendly name for the resource server. Cannot include
<or>characters. - proof
Of ResourcePossession Server Proof Of Possession - Configuration settings for proof-of-possession for this resource server.
- signing
Alg string - Algorithm used to sign JWTs. Options include
HS256,RS256, andPS256. - signing
Secret string - Secret used to sign tokens when using symmetric algorithms (HS256).
- skip
Consent booleanFor Verifiable First Party Clients - Indicates whether to skip user consent for applications flagged as first party.
- token
Dialect string - Dialect of access tokens that should be issued for this resource server. Options include
access_token,rfc9068_profile,access_token_authz, andrfc9068_profile_authz.access_tokenis a JWT containing standard Auth0 claims.rfc9068_profileis a JWT conforming to the IETF JWT Access Token Profile.access_token_authzis a JWT containing standard Auth0 claims, including RBAC permissions claims.rfc9068_profile_authzis a JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims. RBAC permissions claims are available if RBAC (enforce_policies) is enabled for this API. For more details, refer to Access Token Profiles. - token
Encryption ResourceServer Token Encryption - Configuration for JSON Web Encryption(JWE) of tokens for this resource server.
- token
Lifetime number - Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
- token
Lifetime numberFor Web - Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the
token_lifetimevalue. - verification
Location string - URL from which to retrieve JWKs for this resource server. Used for verifying the JWT sent to Auth0 for token introspection.
- identifier
str
This property is required. Changes to this property will trigger replacement. - Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set.
- allow_
offline_ boolaccess - Indicates whether refresh tokens can be issued for this resource server.
-
Sequence[Resource
Server Authorization Detail Args] - Authorization details for this resource server.
- consent_
policy str - Consent policy for this resource server. Options include
transactional-authorization-with-mfa, ornullto disable. - enforce_
policies bool - If this setting is enabled, RBAC authorization policies will be enforced for this API. Role and permission assignments will be evaluated during the login transaction.
- name str
- Friendly name for the resource server. Cannot include
<or>characters. - proof_
of_ Resourcepossession Server Proof Of Possession Args - Configuration settings for proof-of-possession for this resource server.
- signing_
alg str - Algorithm used to sign JWTs. Options include
HS256,RS256, andPS256. - signing_
secret str - Secret used to sign tokens when using symmetric algorithms (HS256).
- skip_
consent_ boolfor_ verifiable_ first_ party_ clients - Indicates whether to skip user consent for applications flagged as first party.
- token_
dialect str - Dialect of access tokens that should be issued for this resource server. Options include
access_token,rfc9068_profile,access_token_authz, andrfc9068_profile_authz.access_tokenis a JWT containing standard Auth0 claims.rfc9068_profileis a JWT conforming to the IETF JWT Access Token Profile.access_token_authzis a JWT containing standard Auth0 claims, including RBAC permissions claims.rfc9068_profile_authzis a JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims. RBAC permissions claims are available if RBAC (enforce_policies) is enabled for this API. For more details, refer to Access Token Profiles. - token_
encryption ResourceServer Token Encryption Args - Configuration for JSON Web Encryption(JWE) of tokens for this resource server.
- token_
lifetime int - Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
- token_
lifetime_ intfor_ web - Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the
token_lifetimevalue. - verification_
location str - URL from which to retrieve JWKs for this resource server. Used for verifying the JWT sent to Auth0 for token introspection.
- identifier
String
This property is required. Changes to this property will trigger replacement. - Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set.
- allow
Offline BooleanAccess - Indicates whether refresh tokens can be issued for this resource server.
- List<Property Map>
- Authorization details for this resource server.
- consent
Policy String - Consent policy for this resource server. Options include
transactional-authorization-with-mfa, ornullto disable. - enforce
Policies Boolean - If this setting is enabled, RBAC authorization policies will be enforced for this API. Role and permission assignments will be evaluated during the login transaction.
- name String
- Friendly name for the resource server. Cannot include
<or>characters. - proof
Of Property MapPossession - Configuration settings for proof-of-possession for this resource server.
- signing
Alg String - Algorithm used to sign JWTs. Options include
HS256,RS256, andPS256. - signing
Secret String - Secret used to sign tokens when using symmetric algorithms (HS256).
- skip
Consent BooleanFor Verifiable First Party Clients - Indicates whether to skip user consent for applications flagged as first party.
- token
Dialect String - Dialect of access tokens that should be issued for this resource server. Options include
access_token,rfc9068_profile,access_token_authz, andrfc9068_profile_authz.access_tokenis a JWT containing standard Auth0 claims.rfc9068_profileis a JWT conforming to the IETF JWT Access Token Profile.access_token_authzis a JWT containing standard Auth0 claims, including RBAC permissions claims.rfc9068_profile_authzis a JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims. RBAC permissions claims are available if RBAC (enforce_policies) is enabled for this API. For more details, refer to Access Token Profiles. - token
Encryption Property Map - Configuration for JSON Web Encryption(JWE) of tokens for this resource server.
- token
Lifetime Number - Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
- token
Lifetime NumberFor Web - Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the
token_lifetimevalue. - verification
Location String - URL from which to retrieve JWKs for this resource server. Used for verifying the JWT sent to Auth0 for token introspection.
Outputs
All input properties are implicitly available as output properties. Additionally, the ResourceServer resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ResourceServer Resource
Get an existing ResourceServer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ResourceServerState, opts?: CustomResourceOptions): ResourceServer@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
allow_offline_access: Optional[bool] = None,
authorization_details: Optional[Sequence[ResourceServerAuthorizationDetailArgs]] = None,
consent_policy: Optional[str] = None,
enforce_policies: Optional[bool] = None,
identifier: Optional[str] = None,
name: Optional[str] = None,
proof_of_possession: Optional[ResourceServerProofOfPossessionArgs] = None,
signing_alg: Optional[str] = None,
signing_secret: Optional[str] = None,
skip_consent_for_verifiable_first_party_clients: Optional[bool] = None,
token_dialect: Optional[str] = None,
token_encryption: Optional[ResourceServerTokenEncryptionArgs] = None,
token_lifetime: Optional[int] = None,
token_lifetime_for_web: Optional[int] = None,
verification_location: Optional[str] = None) -> ResourceServerfunc GetResourceServer(ctx *Context, name string, id IDInput, state *ResourceServerState, opts ...ResourceOption) (*ResourceServer, error)public static ResourceServer Get(string name, Input<string> id, ResourceServerState? state, CustomResourceOptions? opts = null)public static ResourceServer get(String name, Output<String> id, ResourceServerState state, CustomResourceOptions options)resources: _: type: auth0:ResourceServer get: id: ${id}- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
This property is required. - The unique name of the resulting resource.
- id
This property is required. - The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Allow
Offline boolAccess - Indicates whether refresh tokens can be issued for this resource server.
-
List<Resource
Server Authorization Detail> - Authorization details for this resource server.
- Consent
Policy string - Consent policy for this resource server. Options include
transactional-authorization-with-mfa, ornullto disable. - Enforce
Policies bool - If this setting is enabled, RBAC authorization policies will be enforced for this API. Role and permission assignments will be evaluated during the login transaction.
- Identifier
- Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set.
- Name string
- Friendly name for the resource server. Cannot include
<or>characters. - Proof
Of ResourcePossession Server Proof Of Possession - Configuration settings for proof-of-possession for this resource server.
- Signing
Alg string - Algorithm used to sign JWTs. Options include
HS256,RS256, andPS256. - Signing
Secret string - Secret used to sign tokens when using symmetric algorithms (HS256).
- Skip
Consent boolFor Verifiable First Party Clients - Indicates whether to skip user consent for applications flagged as first party.
- Token
Dialect string - Dialect of access tokens that should be issued for this resource server. Options include
access_token,rfc9068_profile,access_token_authz, andrfc9068_profile_authz.access_tokenis a JWT containing standard Auth0 claims.rfc9068_profileis a JWT conforming to the IETF JWT Access Token Profile.access_token_authzis a JWT containing standard Auth0 claims, including RBAC permissions claims.rfc9068_profile_authzis a JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims. RBAC permissions claims are available if RBAC (enforce_policies) is enabled for this API. For more details, refer to Access Token Profiles. - Token
Encryption ResourceServer Token Encryption - Configuration for JSON Web Encryption(JWE) of tokens for this resource server.
- Token
Lifetime int - Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
- Token
Lifetime intFor Web - Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the
token_lifetimevalue. - Verification
Location string - URL from which to retrieve JWKs for this resource server. Used for verifying the JWT sent to Auth0 for token introspection.
- Allow
Offline boolAccess - Indicates whether refresh tokens can be issued for this resource server.
-
[]Resource
Server Authorization Detail Args - Authorization details for this resource server.
- Consent
Policy string - Consent policy for this resource server. Options include
transactional-authorization-with-mfa, ornullto disable. - Enforce
Policies bool - If this setting is enabled, RBAC authorization policies will be enforced for this API. Role and permission assignments will be evaluated during the login transaction.
- Identifier
- Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set.
- Name string
- Friendly name for the resource server. Cannot include
<or>characters. - Proof
Of ResourcePossession Server Proof Of Possession Args - Configuration settings for proof-of-possession for this resource server.
- Signing
Alg string - Algorithm used to sign JWTs. Options include
HS256,RS256, andPS256. - Signing
Secret string - Secret used to sign tokens when using symmetric algorithms (HS256).
- Skip
Consent boolFor Verifiable First Party Clients - Indicates whether to skip user consent for applications flagged as first party.
- Token
Dialect string - Dialect of access tokens that should be issued for this resource server. Options include
access_token,rfc9068_profile,access_token_authz, andrfc9068_profile_authz.access_tokenis a JWT containing standard Auth0 claims.rfc9068_profileis a JWT conforming to the IETF JWT Access Token Profile.access_token_authzis a JWT containing standard Auth0 claims, including RBAC permissions claims.rfc9068_profile_authzis a JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims. RBAC permissions claims are available if RBAC (enforce_policies) is enabled for this API. For more details, refer to Access Token Profiles. - Token
Encryption ResourceServer Token Encryption Args - Configuration for JSON Web Encryption(JWE) of tokens for this resource server.
- Token
Lifetime int - Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
- Token
Lifetime intFor Web - Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the
token_lifetimevalue. - Verification
Location string - URL from which to retrieve JWKs for this resource server. Used for verifying the JWT sent to Auth0 for token introspection.
- allow
Offline BooleanAccess - Indicates whether refresh tokens can be issued for this resource server.
-
List<Resource
Server Authorization Detail> - Authorization details for this resource server.
- consent
Policy String - Consent policy for this resource server. Options include
transactional-authorization-with-mfa, ornullto disable. - enforce
Policies Boolean - If this setting is enabled, RBAC authorization policies will be enforced for this API. Role and permission assignments will be evaluated during the login transaction.
- identifier
- Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set.
- name String
- Friendly name for the resource server. Cannot include
<or>characters. - proof
Of ResourcePossession Server Proof Of Possession - Configuration settings for proof-of-possession for this resource server.
- signing
Alg String - Algorithm used to sign JWTs. Options include
HS256,RS256, andPS256. - signing
Secret String - Secret used to sign tokens when using symmetric algorithms (HS256).
- skip
Consent BooleanFor Verifiable First Party Clients - Indicates whether to skip user consent for applications flagged as first party.
- token
Dialect String - Dialect of access tokens that should be issued for this resource server. Options include
access_token,rfc9068_profile,access_token_authz, andrfc9068_profile_authz.access_tokenis a JWT containing standard Auth0 claims.rfc9068_profileis a JWT conforming to the IETF JWT Access Token Profile.access_token_authzis a JWT containing standard Auth0 claims, including RBAC permissions claims.rfc9068_profile_authzis a JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims. RBAC permissions claims are available if RBAC (enforce_policies) is enabled for this API. For more details, refer to Access Token Profiles. - token
Encryption ResourceServer Token Encryption - Configuration for JSON Web Encryption(JWE) of tokens for this resource server.
- token
Lifetime Integer - Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
- token
Lifetime IntegerFor Web - Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the
token_lifetimevalue. - verification
Location String - URL from which to retrieve JWKs for this resource server. Used for verifying the JWT sent to Auth0 for token introspection.
- allow
Offline booleanAccess - Indicates whether refresh tokens can be issued for this resource server.
-
Resource
Server Authorization Detail[] - Authorization details for this resource server.
- consent
Policy string - Consent policy for this resource server. Options include
transactional-authorization-with-mfa, ornullto disable. - enforce
Policies boolean - If this setting is enabled, RBAC authorization policies will be enforced for this API. Role and permission assignments will be evaluated during the login transaction.
- identifier
- Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set.
- name string
- Friendly name for the resource server. Cannot include
<or>characters. - proof
Of ResourcePossession Server Proof Of Possession - Configuration settings for proof-of-possession for this resource server.
- signing
Alg string - Algorithm used to sign JWTs. Options include
HS256,RS256, andPS256. - signing
Secret string - Secret used to sign tokens when using symmetric algorithms (HS256).
- skip
Consent booleanFor Verifiable First Party Clients - Indicates whether to skip user consent for applications flagged as first party.
- token
Dialect string - Dialect of access tokens that should be issued for this resource server. Options include
access_token,rfc9068_profile,access_token_authz, andrfc9068_profile_authz.access_tokenis a JWT containing standard Auth0 claims.rfc9068_profileis a JWT conforming to the IETF JWT Access Token Profile.access_token_authzis a JWT containing standard Auth0 claims, including RBAC permissions claims.rfc9068_profile_authzis a JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims. RBAC permissions claims are available if RBAC (enforce_policies) is enabled for this API. For more details, refer to Access Token Profiles. - token
Encryption ResourceServer Token Encryption - Configuration for JSON Web Encryption(JWE) of tokens for this resource server.
- token
Lifetime number - Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
- token
Lifetime numberFor Web - Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the
token_lifetimevalue. - verification
Location string - URL from which to retrieve JWKs for this resource server. Used for verifying the JWT sent to Auth0 for token introspection.
- allow_
offline_ boolaccess - Indicates whether refresh tokens can be issued for this resource server.
-
Sequence[Resource
Server Authorization Detail Args] - Authorization details for this resource server.
- consent_
policy str - Consent policy for this resource server. Options include
transactional-authorization-with-mfa, ornullto disable. - enforce_
policies bool - If this setting is enabled, RBAC authorization policies will be enforced for this API. Role and permission assignments will be evaluated during the login transaction.
- identifier
- Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set.
- name str
- Friendly name for the resource server. Cannot include
<or>characters. - proof_
of_ Resourcepossession Server Proof Of Possession Args - Configuration settings for proof-of-possession for this resource server.
- signing_
alg str - Algorithm used to sign JWTs. Options include
HS256,RS256, andPS256. - signing_
secret str - Secret used to sign tokens when using symmetric algorithms (HS256).
- skip_
consent_ boolfor_ verifiable_ first_ party_ clients - Indicates whether to skip user consent for applications flagged as first party.
- token_
dialect str - Dialect of access tokens that should be issued for this resource server. Options include
access_token,rfc9068_profile,access_token_authz, andrfc9068_profile_authz.access_tokenis a JWT containing standard Auth0 claims.rfc9068_profileis a JWT conforming to the IETF JWT Access Token Profile.access_token_authzis a JWT containing standard Auth0 claims, including RBAC permissions claims.rfc9068_profile_authzis a JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims. RBAC permissions claims are available if RBAC (enforce_policies) is enabled for this API. For more details, refer to Access Token Profiles. - token_
encryption ResourceServer Token Encryption Args - Configuration for JSON Web Encryption(JWE) of tokens for this resource server.
- token_
lifetime int - Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
- token_
lifetime_ intfor_ web - Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the
token_lifetimevalue. - verification_
location str - URL from which to retrieve JWKs for this resource server. Used for verifying the JWT sent to Auth0 for token introspection.
- allow
Offline BooleanAccess - Indicates whether refresh tokens can be issued for this resource server.
- List<Property Map>
- Authorization details for this resource server.
- consent
Policy String - Consent policy for this resource server. Options include
transactional-authorization-with-mfa, ornullto disable. - enforce
Policies Boolean - If this setting is enabled, RBAC authorization policies will be enforced for this API. Role and permission assignments will be evaluated during the login transaction.
- identifier
- Unique identifier for the resource server. Used as the audience parameter for authorization calls. Cannot be changed once set.
- name String
- Friendly name for the resource server. Cannot include
<or>characters. - proof
Of Property MapPossession - Configuration settings for proof-of-possession for this resource server.
- signing
Alg String - Algorithm used to sign JWTs. Options include
HS256,RS256, andPS256. - signing
Secret String - Secret used to sign tokens when using symmetric algorithms (HS256).
- skip
Consent BooleanFor Verifiable First Party Clients - Indicates whether to skip user consent for applications flagged as first party.
- token
Dialect String - Dialect of access tokens that should be issued for this resource server. Options include
access_token,rfc9068_profile,access_token_authz, andrfc9068_profile_authz.access_tokenis a JWT containing standard Auth0 claims.rfc9068_profileis a JWT conforming to the IETF JWT Access Token Profile.access_token_authzis a JWT containing standard Auth0 claims, including RBAC permissions claims.rfc9068_profile_authzis a JWT conforming to the IETF JWT Access Token Profile, including RBAC permissions claims. RBAC permissions claims are available if RBAC (enforce_policies) is enabled for this API. For more details, refer to Access Token Profiles. - token
Encryption Property Map - Configuration for JSON Web Encryption(JWE) of tokens for this resource server.
- token
Lifetime Number - Number of seconds during which access tokens issued for this resource server from the token endpoint remain valid.
- token
Lifetime NumberFor Web - Number of seconds during which access tokens issued for this resource server via implicit or hybrid flows remain valid. Cannot be greater than the
token_lifetimevalue. - verification
Location String - URL from which to retrieve JWKs for this resource server. Used for verifying the JWT sent to Auth0 for token introspection.
Supporting Types
ResourceServerAuthorizationDetail, ResourceServerAuthorizationDetailArgs
, ResourceServerAuthorizationDetailArgs
ResourceServerProofOfPossession, ResourceServerProofOfPossessionArgs
, ResourceServerProofOfPossessionArgs
ResourceServerTokenEncryption, ResourceServerTokenEncryptionArgs
, ResourceServerTokenEncryptionArgs
- Disable bool
- Disable token encryption.
- Encryption
Key ResourceServer Token Encryption Encryption Key - Authorization details for this resource server.
- Format string
- Format of the token encryption. Only
compact-nested-jweis supported.
- Disable bool
- Disable token encryption.
- Encryption
Key ResourceServer Token Encryption Encryption Key - Authorization details for this resource server.
- Format string
- Format of the token encryption. Only
compact-nested-jweis supported.
- disable Boolean
- Disable token encryption.
- encryption
Key ResourceServer Token Encryption Encryption Key - Authorization details for this resource server.
- format String
- Format of the token encryption. Only
compact-nested-jweis supported.
- disable boolean
- Disable token encryption.
- encryption
Key ResourceServer Token Encryption Encryption Key - Authorization details for this resource server.
- format string
- Format of the token encryption. Only
compact-nested-jweis supported.
- disable bool
- Disable token encryption.
- encryption_
key ResourceServer Token Encryption Encryption Key - Authorization details for this resource server.
- format str
- Format of the token encryption. Only
compact-nested-jweis supported.
- disable Boolean
- Disable token encryption.
- encryption
Key Property Map - Authorization details for this resource server.
- format String
- Format of the token encryption. Only
compact-nested-jweis supported.
ResourceServerTokenEncryptionEncryptionKey, ResourceServerTokenEncryptionEncryptionKeyArgs
, ResourceServerTokenEncryptionEncryptionKeyArgs
Import
Existing resource servers can be imported using their ID.
Example:
$ pulumi import auth0:index/resourceServer:ResourceServer my_resource_server "XXXXXXXXXXXXXXXXXXXXXXX"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Auth0 pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
auth0Terraform Provider.