@pulumi/azure-native

Version:

[![Slack](http://www.pulumi.com/images/docs/badges/slack.svg)](https://slack.pulumi.com) [![NPM version](https://badge.fury.io/js/%40pulumi%2Fazure-native.svg)](https://npmjs.com/package/@pulumi/azure-native) [![Python version](https://badge.fury.io/py/pu

pulumi.com

pulumi/pulumi-azure-native

479 lines (478 loc) • 23.7 kB

TypeScript

import * as pulumi from "@pulumi/pulumi"; import * as enums from "../types/enums"; /** * Configuration settings for the Azure App Service Authentication / Authorization feature. * * Uses Azure REST API version 2024-04-01. In version 2.x of the Azure Native provider, it used API version 2022-09-01. * * Other available API versions: 2016-08-01, 2018-02-01, 2018-11-01, 2019-08-01, 2020-06-01, 2020-09-01, 2020-10-01, 2020-12-01, 2021-01-01, 2021-01-15, 2021-02-01, 2021-03-01, 2022-03-01, 2022-09-01, 2023-01-01, 2023-12-01, 2024-11-01. These can be accessed by generating a local SDK package using the CLI command `pulumi package add azure-native web [ApiVersion]`. See the [version guide](../../../version-guide/#accessing-any-api-version-via-local-packages) for details. */ export declare class WebAppAuthSettingsSlot extends pulumi.CustomResource { /** * Get an existing WebAppAuthSettingsSlot resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, opts?: pulumi.CustomResourceOptions): WebAppAuthSettingsSlot; /** * Returns true if the given object is an instance of WebAppAuthSettingsSlot. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is WebAppAuthSettingsSlot; /** * Gets a JSON string containing the Azure AD Acl settings. */ readonly aadClaimsAuthorization: pulumi.Output<string | undefined>; /** * Login parameters to send to the OpenID Connect authorization endpoint when * a user logs in. Each parameter must be in the form "key=value". */ readonly additionalLoginParams: pulumi.Output<string[] | undefined>; /** * Allowed audience values to consider when validating JSON Web Tokens issued by * Azure Active Directory. Note that the <code>ClientID</code> value is always considered an * allowed audience, regardless of this setting. */ readonly allowedAudiences: pulumi.Output<string[] | undefined>; /** * External URLs that can be redirected to as part of logging in or logging out of the app. Note that the query string part of the URL is ignored. * This is an advanced setting typically only needed by Windows Store application backends. * Note that URLs within the current domain are always implicitly allowed. */ readonly allowedExternalRedirectUrls: pulumi.Output<string[] | undefined>; /** * The path of the config file containing auth settings. * If the path is relative, base will the site's root directory. */ readonly authFilePath: pulumi.Output<string | undefined>; /** * The Azure API version of the resource. */ readonly azureApiVersion: pulumi.Output<string>; /** * The Client ID of this relying party application, known as the client_id. * This setting is required for enabling OpenID Connection authentication with Azure Active Directory or * other 3rd party OpenID Connect providers. * More information on OpenID Connect: http://openid.net/specs/openid-connect-core-1_0.html */ readonly clientId: pulumi.Output<string | undefined>; /** * The Client Secret of this relying party application (in Azure Active Directory, this is also referred to as the Key). * This setting is optional. If no client secret is configured, the OpenID Connect implicit auth flow is used to authenticate end users. * Otherwise, the OpenID Connect Authorization Code Flow is used to authenticate end users. * More information on OpenID Connect: http://openid.net/specs/openid-connect-core-1_0.html */ readonly clientSecret: pulumi.Output<string | undefined>; /** * An alternative to the client secret, that is the thumbprint of a certificate used for signing purposes. This property acts as * a replacement for the Client Secret. It is also optional. */ readonly clientSecretCertificateThumbprint: pulumi.Output<string | undefined>; /** * The app setting name that contains the client secret of the relying party application. */ readonly clientSecretSettingName: pulumi.Output<string | undefined>; /** * The ConfigVersion of the Authentication / Authorization feature in use for the current app. * The setting in this value can control the behavior of the control plane for Authentication / Authorization. */ readonly configVersion: pulumi.Output<string | undefined>; /** * The default authentication provider to use when multiple providers are configured. * This setting is only needed if multiple providers are configured and the unauthenticated client * action is set to "RedirectToLoginPage". */ readonly defaultProvider: pulumi.Output<string | undefined>; /** * <code>true</code> if the Authentication / Authorization feature is enabled for the current app; otherwise, <code>false</code>. */ readonly enabled: pulumi.Output<boolean | undefined>; /** * The App ID of the Facebook app used for login. * This setting is required for enabling Facebook Login. * Facebook Login documentation: https://developers.facebook.com/docs/facebook-login */ readonly facebookAppId: pulumi.Output<string | undefined>; /** * The App Secret of the Facebook app used for Facebook Login. * This setting is required for enabling Facebook Login. * Facebook Login documentation: https://developers.facebook.com/docs/facebook-login */ readonly facebookAppSecret: pulumi.Output<string | undefined>; /** * The app setting name that contains the app secret used for Facebook Login. */ readonly facebookAppSecretSettingName: pulumi.Output<string | undefined>; /** * The OAuth 2.0 scopes that will be requested as part of Facebook Login authentication. * This setting is optional. * Facebook Login documentation: https://developers.facebook.com/docs/facebook-login */ readonly facebookOAuthScopes: pulumi.Output<string[] | undefined>; /** * The Client Id of the GitHub app used for login. * This setting is required for enabling Github login */ readonly gitHubClientId: pulumi.Output<string | undefined>; /** * The Client Secret of the GitHub app used for Github Login. * This setting is required for enabling Github login. */ readonly gitHubClientSecret: pulumi.Output<string | undefined>; /** * The app setting name that contains the client secret of the Github * app used for GitHub Login. */ readonly gitHubClientSecretSettingName: pulumi.Output<string | undefined>; /** * The OAuth 2.0 scopes that will be requested as part of GitHub Login authentication. * This setting is optional */ readonly gitHubOAuthScopes: pulumi.Output<string[] | undefined>; /** * The OpenID Connect Client ID for the Google web application. * This setting is required for enabling Google Sign-In. * Google Sign-In documentation: https://developers.google.com/identity/sign-in/web/ */ readonly googleClientId: pulumi.Output<string | undefined>; /** * The client secret associated with the Google web application. * This setting is required for enabling Google Sign-In. * Google Sign-In documentation: https://developers.google.com/identity/sign-in/web/ */ readonly googleClientSecret: pulumi.Output<string | undefined>; /** * The app setting name that contains the client secret associated with * the Google web application. */ readonly googleClientSecretSettingName: pulumi.Output<string | undefined>; /** * The OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. * This setting is optional. If not specified, "openid", "profile", and "email" are used as default scopes. * Google Sign-In documentation: https://developers.google.com/identity/sign-in/web/ */ readonly googleOAuthScopes: pulumi.Output<string[] | undefined>; /** * "true" if the auth config settings should be read from a file, * "false" otherwise */ readonly isAuthFromFile: pulumi.Output<string | undefined>; /** * The OpenID Connect Issuer URI that represents the entity which issues access tokens for this application. * When using Azure Active Directory, this value is the URI of the directory tenant, e.g. `https://sts.windows.net/{tenant-guid}/`. * This URI is a case-sensitive identifier for the token issuer. * More information on OpenID Connect Discovery: http://openid.net/specs/openid-connect-discovery-1_0.html */ readonly issuer: pulumi.Output<string | undefined>; /** * Kind of resource. */ readonly kind: pulumi.Output<string | undefined>; /** * The OAuth 2.0 client ID that was created for the app used for authentication. * This setting is required for enabling Microsoft Account authentication. * Microsoft Account OAuth documentation: https://dev.onedrive.com/auth/msa_oauth.htm */ readonly microsoftAccountClientId: pulumi.Output<string | undefined>; /** * The OAuth 2.0 client secret that was created for the app used for authentication. * This setting is required for enabling Microsoft Account authentication. * Microsoft Account OAuth documentation: https://dev.onedrive.com/auth/msa_oauth.htm */ readonly microsoftAccountClientSecret: pulumi.Output<string | undefined>; /** * The app setting name containing the OAuth 2.0 client secret that was created for the * app used for authentication. */ readonly microsoftAccountClientSecretSettingName: pulumi.Output<string | undefined>; /** * The OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. * This setting is optional. If not specified, "wl.basic" is used as the default scope. * Microsoft Account Scopes and permissions documentation: https://msdn.microsoft.com/en-us/library/dn631845.aspx */ readonly microsoftAccountOAuthScopes: pulumi.Output<string[] | undefined>; /** * Resource Name. */ readonly name: pulumi.Output<string>; /** * The RuntimeVersion of the Authentication / Authorization feature in use for the current app. * The setting in this value can control the behavior of certain features in the Authentication / Authorization module. */ readonly runtimeVersion: pulumi.Output<string | undefined>; /** * The number of hours after session token expiration that a session token can be used to * call the token refresh API. The default is 72 hours. */ readonly tokenRefreshExtensionHours: pulumi.Output<number | undefined>; /** * <code>true</code> to durably store platform-specific security tokens that are obtained during login flows; otherwise, <code>false</code>. * The default is <code>false</code>. */ readonly tokenStoreEnabled: pulumi.Output<boolean | undefined>; /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. * This setting is required for enabling Twitter Sign-In. * Twitter Sign-In documentation: https://dev.twitter.com/web/sign-in */ readonly twitterConsumerKey: pulumi.Output<string | undefined>; /** * The OAuth 1.0a consumer secret of the Twitter application used for sign-in. * This setting is required for enabling Twitter Sign-In. * Twitter Sign-In documentation: https://dev.twitter.com/web/sign-in */ readonly twitterConsumerSecret: pulumi.Output<string | undefined>; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter * application used for sign-in. */ readonly twitterConsumerSecretSettingName: pulumi.Output<string | undefined>; /** * Resource type. */ readonly type: pulumi.Output<string>; /** * The action to take when an unauthenticated client attempts to access the app. */ readonly unauthenticatedClientAction: pulumi.Output<string | undefined>; /** * Gets a value indicating whether the issuer should be a valid HTTPS url and be validated as such. */ readonly validateIssuer: pulumi.Output<boolean | undefined>; /** * Create a WebAppAuthSettingsSlot resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: WebAppAuthSettingsSlotArgs, opts?: pulumi.CustomResourceOptions); } /** * The set of arguments for constructing a WebAppAuthSettingsSlot resource. */ export interface WebAppAuthSettingsSlotArgs { /** * Gets a JSON string containing the Azure AD Acl settings. */ aadClaimsAuthorization?: pulumi.Input<string>; /** * Login parameters to send to the OpenID Connect authorization endpoint when * a user logs in. Each parameter must be in the form "key=value". */ additionalLoginParams?: pulumi.Input<pulumi.Input<string>[]>; /** * Allowed audience values to consider when validating JSON Web Tokens issued by * Azure Active Directory. Note that the <code>ClientID</code> value is always considered an * allowed audience, regardless of this setting. */ allowedAudiences?: pulumi.Input<pulumi.Input<string>[]>; /** * External URLs that can be redirected to as part of logging in or logging out of the app. Note that the query string part of the URL is ignored. * This is an advanced setting typically only needed by Windows Store application backends. * Note that URLs within the current domain are always implicitly allowed. */ allowedExternalRedirectUrls?: pulumi.Input<pulumi.Input<string>[]>; /** * The path of the config file containing auth settings. * If the path is relative, base will the site's root directory. */ authFilePath?: pulumi.Input<string>; /** * The Client ID of this relying party application, known as the client_id. * This setting is required for enabling OpenID Connection authentication with Azure Active Directory or * other 3rd party OpenID Connect providers. * More information on OpenID Connect: http://openid.net/specs/openid-connect-core-1_0.html */ clientId?: pulumi.Input<string>; /** * The Client Secret of this relying party application (in Azure Active Directory, this is also referred to as the Key). * This setting is optional. If no client secret is configured, the OpenID Connect implicit auth flow is used to authenticate end users. * Otherwise, the OpenID Connect Authorization Code Flow is used to authenticate end users. * More information on OpenID Connect: http://openid.net/specs/openid-connect-core-1_0.html */ clientSecret?: pulumi.Input<string>; /** * An alternative to the client secret, that is the thumbprint of a certificate used for signing purposes. This property acts as * a replacement for the Client Secret. It is also optional. */ clientSecretCertificateThumbprint?: pulumi.Input<string>; /** * The app setting name that contains the client secret of the relying party application. */ clientSecretSettingName?: pulumi.Input<string>; /** * The ConfigVersion of the Authentication / Authorization feature in use for the current app. * The setting in this value can control the behavior of the control plane for Authentication / Authorization. */ configVersion?: pulumi.Input<string>; /** * The default authentication provider to use when multiple providers are configured. * This setting is only needed if multiple providers are configured and the unauthenticated client * action is set to "RedirectToLoginPage". */ defaultProvider?: pulumi.Input<enums.web.BuiltInAuthenticationProvider>; /** * <code>true</code> if the Authentication / Authorization feature is enabled for the current app; otherwise, <code>false</code>. */ enabled?: pulumi.Input<boolean>; /** * The App ID of the Facebook app used for login. * This setting is required for enabling Facebook Login. * Facebook Login documentation: https://developers.facebook.com/docs/facebook-login */ facebookAppId?: pulumi.Input<string>; /** * The App Secret of the Facebook app used for Facebook Login. * This setting is required for enabling Facebook Login. * Facebook Login documentation: https://developers.facebook.com/docs/facebook-login */ facebookAppSecret?: pulumi.Input<string>; /** * The app setting name that contains the app secret used for Facebook Login. */ facebookAppSecretSettingName?: pulumi.Input<string>; /** * The OAuth 2.0 scopes that will be requested as part of Facebook Login authentication. * This setting is optional. * Facebook Login documentation: https://developers.facebook.com/docs/facebook-login */ facebookOAuthScopes?: pulumi.Input<pulumi.Input<string>[]>; /** * The Client Id of the GitHub app used for login. * This setting is required for enabling Github login */ gitHubClientId?: pulumi.Input<string>; /** * The Client Secret of the GitHub app used for Github Login. * This setting is required for enabling Github login. */ gitHubClientSecret?: pulumi.Input<string>; /** * The app setting name that contains the client secret of the Github * app used for GitHub Login. */ gitHubClientSecretSettingName?: pulumi.Input<string>; /** * The OAuth 2.0 scopes that will be requested as part of GitHub Login authentication. * This setting is optional */ gitHubOAuthScopes?: pulumi.Input<pulumi.Input<string>[]>; /** * The OpenID Connect Client ID for the Google web application. * This setting is required for enabling Google Sign-In. * Google Sign-In documentation: https://developers.google.com/identity/sign-in/web/ */ googleClientId?: pulumi.Input<string>; /** * The client secret associated with the Google web application. * This setting is required for enabling Google Sign-In. * Google Sign-In documentation: https://developers.google.com/identity/sign-in/web/ */ googleClientSecret?: pulumi.Input<string>; /** * The app setting name that contains the client secret associated with * the Google web application. */ googleClientSecretSettingName?: pulumi.Input<string>; /** * The OAuth 2.0 scopes that will be requested as part of Google Sign-In authentication. * This setting is optional. If not specified, "openid", "profile", and "email" are used as default scopes. * Google Sign-In documentation: https://developers.google.com/identity/sign-in/web/ */ googleOAuthScopes?: pulumi.Input<pulumi.Input<string>[]>; /** * "true" if the auth config settings should be read from a file, * "false" otherwise */ isAuthFromFile?: pulumi.Input<string>; /** * The OpenID Connect Issuer URI that represents the entity which issues access tokens for this application. * When using Azure Active Directory, this value is the URI of the directory tenant, e.g. `https://sts.windows.net/{tenant-guid}/`. * This URI is a case-sensitive identifier for the token issuer. * More information on OpenID Connect Discovery: http://openid.net/specs/openid-connect-discovery-1_0.html */ issuer?: pulumi.Input<string>; /** * Kind of resource. */ kind?: pulumi.Input<string>; /** * The OAuth 2.0 client ID that was created for the app used for authentication. * This setting is required for enabling Microsoft Account authentication. * Microsoft Account OAuth documentation: https://dev.onedrive.com/auth/msa_oauth.htm */ microsoftAccountClientId?: pulumi.Input<string>; /** * The OAuth 2.0 client secret that was created for the app used for authentication. * This setting is required for enabling Microsoft Account authentication. * Microsoft Account OAuth documentation: https://dev.onedrive.com/auth/msa_oauth.htm */ microsoftAccountClientSecret?: pulumi.Input<string>; /** * The app setting name containing the OAuth 2.0 client secret that was created for the * app used for authentication. */ microsoftAccountClientSecretSettingName?: pulumi.Input<string>; /** * The OAuth 2.0 scopes that will be requested as part of Microsoft Account authentication. * This setting is optional. If not specified, "wl.basic" is used as the default scope. * Microsoft Account Scopes and permissions documentation: https://msdn.microsoft.com/en-us/library/dn631845.aspx */ microsoftAccountOAuthScopes?: pulumi.Input<pulumi.Input<string>[]>; /** * Name of web app. */ name: pulumi.Input<string>; /** * Name of the resource group to which the resource belongs. */ resourceGroupName: pulumi.Input<string>; /** * The RuntimeVersion of the Authentication / Authorization feature in use for the current app. * The setting in this value can control the behavior of certain features in the Authentication / Authorization module. */ runtimeVersion?: pulumi.Input<string>; /** * Name of web app slot. If not specified then will default to production slot. */ slot: pulumi.Input<string>; /** * The number of hours after session token expiration that a session token can be used to * call the token refresh API. The default is 72 hours. */ tokenRefreshExtensionHours?: pulumi.Input<number>; /** * <code>true</code> to durably store platform-specific security tokens that are obtained during login flows; otherwise, <code>false</code>. * The default is <code>false</code>. */ tokenStoreEnabled?: pulumi.Input<boolean>; /** * The OAuth 1.0a consumer key of the Twitter application used for sign-in. * This setting is required for enabling Twitter Sign-In. * Twitter Sign-In documentation: https://dev.twitter.com/web/sign-in */ twitterConsumerKey?: pulumi.Input<string>; /** * The OAuth 1.0a consumer secret of the Twitter application used for sign-in. * This setting is required for enabling Twitter Sign-In. * Twitter Sign-In documentation: https://dev.twitter.com/web/sign-in */ twitterConsumerSecret?: pulumi.Input<string>; /** * The app setting name that contains the OAuth 1.0a consumer secret of the Twitter * application used for sign-in. */ twitterConsumerSecretSettingName?: pulumi.Input<string>; /** * The action to take when an unauthenticated client attempts to access the app. */ unauthenticatedClientAction?: pulumi.Input<enums.web.UnauthenticatedClientAction>; /** * Gets a value indicating whether the issuer should be a valid HTTPS url and be validated as such. */ validateIssuer?: pulumi.Input<boolean>; }