Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Authentik Provider
  3. API Docs
  4. SourceOauth
authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik
goauthentik/terraform-provider-authentik

authentik.SourceOauth

Explore with Pulumi AI

authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik
goauthentik/terraform-provider-authentik

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as authentik from "@pulumi/authentik";

const default_source_authentication = authentik.getFlow({
    slug: "default-source-authentication",
});
const default_source_enrollment = authentik.getFlow({
    slug: "default-source-enrollment",
});
const name = new authentik.SourceOauth("name", {
    slug: "discord",
    authenticationFlow: default_source_authentication.then(default_source_authentication => default_source_authentication.id),
    enrollmentFlow: default_source_enrollment.then(default_source_enrollment => default_source_enrollment.id),
    providerType: "discord",
    consumerKey: "foo",
    consumerSecret: "bar",
});
Copy
import pulumi
import pulumi_authentik as authentik

default_source_authentication = authentik.get_flow(slug="default-source-authentication")
default_source_enrollment = authentik.get_flow(slug="default-source-enrollment")
name = authentik.SourceOauth("name",
    slug="discord",
    authentication_flow=default_source_authentication.id,
    enrollment_flow=default_source_enrollment.id,
    provider_type="discord",
    consumer_key="foo",
    consumer_secret="bar")
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/authentik/v2025/authentik"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		default_source_authentication, err := authentik.LookupFlow(ctx, &authentik.LookupFlowArgs{
			Slug: pulumi.StringRef("default-source-authentication"),
		}, nil)
		if err != nil {
			return err
		}
		default_source_enrollment, err := authentik.LookupFlow(ctx, &authentik.LookupFlowArgs{
			Slug: pulumi.StringRef("default-source-enrollment"),
		}, nil)
		if err != nil {
			return err
		}
		_, err = authentik.NewSourceOauth(ctx, "name", &authentik.SourceOauthArgs{
			Slug:               pulumi.String("discord"),
			AuthenticationFlow: pulumi.String(default_source_authentication.Id),
			EnrollmentFlow:     pulumi.String(default_source_enrollment.Id),
			ProviderType:       pulumi.String("discord"),
			ConsumerKey:        pulumi.String("foo"),
			ConsumerSecret:     pulumi.String("bar"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Authentik = Pulumi.Authentik;

return await Deployment.RunAsync(() => 
{
    var default_source_authentication = Authentik.GetFlow.Invoke(new()
    {
        Slug = "default-source-authentication",
    });

    var default_source_enrollment = Authentik.GetFlow.Invoke(new()
    {
        Slug = "default-source-enrollment",
    });

    var name = new Authentik.SourceOauth("name", new()
    {
        Slug = "discord",
        AuthenticationFlow = default_source_authentication.Apply(default_source_authentication => default_source_authentication.Apply(getFlowResult => getFlowResult.Id)),
        EnrollmentFlow = default_source_enrollment.Apply(default_source_enrollment => default_source_enrollment.Apply(getFlowResult => getFlowResult.Id)),
        ProviderType = "discord",
        ConsumerKey = "foo",
        ConsumerSecret = "bar",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.authentik.AuthentikFunctions;
import com.pulumi.authentik.inputs.GetFlowArgs;
import com.pulumi.authentik.SourceOauth;
import com.pulumi.authentik.SourceOauthArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var default-source-authentication = AuthentikFunctions.getFlow(GetFlowArgs.builder()
            .slug("default-source-authentication")
            .build());

        final var default-source-enrollment = AuthentikFunctions.getFlow(GetFlowArgs.builder()
            .slug("default-source-enrollment")
            .build());

        var name = new SourceOauth("name", SourceOauthArgs.builder()
            .slug("discord")
            .authenticationFlow(default_source_authentication.id())
            .enrollmentFlow(default_source_enrollment.id())
            .providerType("discord")
            .consumerKey("foo")
            .consumerSecret("bar")
            .build());

    }
}
Copy
resources:
  name:
    type: authentik:SourceOauth
    properties:
      slug: discord
      authenticationFlow: ${["default-source-authentication"].id}
      enrollmentFlow: ${["default-source-enrollment"].id}
      providerType: discord
      consumerKey: foo
      consumerSecret: bar
variables:
  default-source-authentication:
    fn::invoke:
      function: authentik:getFlow
      arguments:
        slug: default-source-authentication
  default-source-enrollment:
    fn::invoke:
      function: authentik:getFlow
      arguments:
        slug: default-source-enrollment
Copy

Create SourceOauth Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new SourceOauth(name: string, args: SourceOauthArgs, opts?: CustomResourceOptions);
@overload
def SourceOauth(resource_name: str,
                args: SourceOauthArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def SourceOauth(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                consumer_key: Optional[str] = None,
                slug: Optional[str] = None,
                provider_type: Optional[str] = None,
                consumer_secret: Optional[str] = None,
                oidc_well_known_url: Optional[str] = None,
                policy_engine_mode: Optional[str] = None,
                enabled: Optional[bool] = None,
                enrollment_flow: Optional[str] = None,
                group_matching_mode: Optional[str] = None,
                name: Optional[str] = None,
                oidc_jwks: Optional[str] = None,
                oidc_jwks_url: Optional[str] = None,
                access_token_url: Optional[str] = None,
                authorization_url: Optional[str] = None,
                profile_url: Optional[str] = None,
                property_mappings: Optional[Sequence[str]] = None,
                property_mappings_groups: Optional[Sequence[str]] = None,
                authentication_flow: Optional[str] = None,
                request_token_url: Optional[str] = None,
                additional_scopes: Optional[str] = None,
                source_oauth_id: Optional[str] = None,
                user_matching_mode: Optional[str] = None,
                user_path_template: Optional[str] = None,
                uuid: Optional[str] = None)
func NewSourceOauth(ctx *Context, name string, args SourceOauthArgs, opts ...ResourceOption) (*SourceOauth, error)
public SourceOauth(string name, SourceOauthArgs args, CustomResourceOptions? opts = null)
public SourceOauth(String name, SourceOauthArgs args)
public SourceOauth(String name, SourceOauthArgs args, CustomResourceOptions options)

type: authentik:SourceOauth
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args This property is required. SourceOauthArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args This property is required. SourceOauthArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args This property is required. SourceOauthArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args This property is required. SourceOauthArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. SourceOauthArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var sourceOauthResource = new Authentik.SourceOauth("sourceOauthResource", new()
{
    ConsumerKey = "string",
    Slug = "string",
    ProviderType = "string",
    ConsumerSecret = "string",
    OidcWellKnownUrl = "string",
    PolicyEngineMode = "string",
    Enabled = false,
    EnrollmentFlow = "string",
    GroupMatchingMode = "string",
    Name = "string",
    OidcJwks = "string",
    OidcJwksUrl = "string",
    AccessTokenUrl = "string",
    AuthorizationUrl = "string",
    ProfileUrl = "string",
    PropertyMappings = new[]
    {
        "string",
    },
    PropertyMappingsGroups = new[]
    {
        "string",
    },
    AuthenticationFlow = "string",
    RequestTokenUrl = "string",
    AdditionalScopes = "string",
    SourceOauthId = "string",
    UserMatchingMode = "string",
    UserPathTemplate = "string",
    Uuid = "string",
});
Copy
example, err := authentik.NewSourceOauth(ctx, "sourceOauthResource", &authentik.SourceOauthArgs{
	ConsumerKey:       pulumi.String("string"),
	Slug:              pulumi.String("string"),
	ProviderType:      pulumi.String("string"),
	ConsumerSecret:    pulumi.String("string"),
	OidcWellKnownUrl:  pulumi.String("string"),
	PolicyEngineMode:  pulumi.String("string"),
	Enabled:           pulumi.Bool(false),
	EnrollmentFlow:    pulumi.String("string"),
	GroupMatchingMode: pulumi.String("string"),
	Name:              pulumi.String("string"),
	OidcJwks:          pulumi.String("string"),
	OidcJwksUrl:       pulumi.String("string"),
	AccessTokenUrl:    pulumi.String("string"),
	AuthorizationUrl:  pulumi.String("string"),
	ProfileUrl:        pulumi.String("string"),
	PropertyMappings: pulumi.StringArray{
		pulumi.String("string"),
	},
	PropertyMappingsGroups: pulumi.StringArray{
		pulumi.String("string"),
	},
	AuthenticationFlow: pulumi.String("string"),
	RequestTokenUrl:    pulumi.String("string"),
	AdditionalScopes:   pulumi.String("string"),
	SourceOauthId:      pulumi.String("string"),
	UserMatchingMode:   pulumi.String("string"),
	UserPathTemplate:   pulumi.String("string"),
	Uuid:               pulumi.String("string"),
})
Copy
var sourceOauthResource = new SourceOauth("sourceOauthResource", SourceOauthArgs.builder()
    .consumerKey("string")
    .slug("string")
    .providerType("string")
    .consumerSecret("string")
    .oidcWellKnownUrl("string")
    .policyEngineMode("string")
    .enabled(false)
    .enrollmentFlow("string")
    .groupMatchingMode("string")
    .name("string")
    .oidcJwks("string")
    .oidcJwksUrl("string")
    .accessTokenUrl("string")
    .authorizationUrl("string")
    .profileUrl("string")
    .propertyMappings("string")
    .propertyMappingsGroups("string")
    .authenticationFlow("string")
    .requestTokenUrl("string")
    .additionalScopes("string")
    .sourceOauthId("string")
    .userMatchingMode("string")
    .userPathTemplate("string")
    .uuid("string")
    .build());
Copy
source_oauth_resource = authentik.SourceOauth("sourceOauthResource",
    consumer_key="string",
    slug="string",
    provider_type="string",
    consumer_secret="string",
    oidc_well_known_url="string",
    policy_engine_mode="string",
    enabled=False,
    enrollment_flow="string",
    group_matching_mode="string",
    name="string",
    oidc_jwks="string",
    oidc_jwks_url="string",
    access_token_url="string",
    authorization_url="string",
    profile_url="string",
    property_mappings=["string"],
    property_mappings_groups=["string"],
    authentication_flow="string",
    request_token_url="string",
    additional_scopes="string",
    source_oauth_id="string",
    user_matching_mode="string",
    user_path_template="string",
    uuid="string")
Copy
const sourceOauthResource = new authentik.SourceOauth("sourceOauthResource", {
    consumerKey: "string",
    slug: "string",
    providerType: "string",
    consumerSecret: "string",
    oidcWellKnownUrl: "string",
    policyEngineMode: "string",
    enabled: false,
    enrollmentFlow: "string",
    groupMatchingMode: "string",
    name: "string",
    oidcJwks: "string",
    oidcJwksUrl: "string",
    accessTokenUrl: "string",
    authorizationUrl: "string",
    profileUrl: "string",
    propertyMappings: ["string"],
    propertyMappingsGroups: ["string"],
    authenticationFlow: "string",
    requestTokenUrl: "string",
    additionalScopes: "string",
    sourceOauthId: "string",
    userMatchingMode: "string",
    userPathTemplate: "string",
    uuid: "string",
});
Copy
type: authentik:SourceOauth
properties:
    accessTokenUrl: string
    additionalScopes: string
    authenticationFlow: string
    authorizationUrl: string
    consumerKey: string
    consumerSecret: string
    enabled: false
    enrollmentFlow: string
    groupMatchingMode: string
    name: string
    oidcJwks: string
    oidcJwksUrl: string
    oidcWellKnownUrl: string
    policyEngineMode: string
    profileUrl: string
    propertyMappings:
        - string
    propertyMappingsGroups:
        - string
    providerType: string
    requestTokenUrl: string
    slug: string
    sourceOauthId: string
    userMatchingMode: string
    userPathTemplate: string
    uuid: string
Copy

SourceOauth Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The SourceOauth resource accepts the following input properties:

ConsumerKey This property is required. string
ConsumerSecret This property is required. string
ProviderType This property is required. string
Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
Slug This property is required. string
AccessTokenUrl string
Only required for OAuth1.
AdditionalScopes string
AuthenticationFlow string
AuthorizationUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
Enabled bool
Defaults to true.
EnrollmentFlow string
GroupMatchingMode string
Allowed values: - identifier - name_link - name_deny Defaults to identifier.
Name string
OidcJwks string
Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
OidcJwksUrl string
Automatically configure JWKS if not specified by oidc_well_known_url.
OidcWellKnownUrl string
Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
PolicyEngineMode string
Allowed values: - all - any Defaults to any.
ProfileUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
PropertyMappings List<string>
PropertyMappingsGroups List<string>
RequestTokenUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
SourceOauthId string
UserMatchingMode string
Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
UserPathTemplate string
Defaults to goauthentik.io/sources/%(slug)s.
Uuid string
Generated.
ConsumerKey This property is required. string
ConsumerSecret This property is required. string
ProviderType This property is required. string
Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
Slug This property is required. string
AccessTokenUrl string
Only required for OAuth1.
AdditionalScopes string
AuthenticationFlow string
AuthorizationUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
Enabled bool
Defaults to true.
EnrollmentFlow string
GroupMatchingMode string
Allowed values: - identifier - name_link - name_deny Defaults to identifier.
Name string
OidcJwks string
Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
OidcJwksUrl string
Automatically configure JWKS if not specified by oidc_well_known_url.
OidcWellKnownUrl string
Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
PolicyEngineMode string
Allowed values: - all - any Defaults to any.
ProfileUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
PropertyMappings []string
PropertyMappingsGroups []string
RequestTokenUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
SourceOauthId string
UserMatchingMode string
Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
UserPathTemplate string
Defaults to goauthentik.io/sources/%(slug)s.
Uuid string
Generated.
consumerKey This property is required. String
consumerSecret This property is required. String
providerType This property is required. String
Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
slug This property is required. String
accessTokenUrl String
Only required for OAuth1.
additionalScopes String
authenticationFlow String
authorizationUrl String
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
enabled Boolean
Defaults to true.
enrollmentFlow String
groupMatchingMode String
Allowed values: - identifier - name_link - name_deny Defaults to identifier.
name String
oidcJwks String
Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
oidcJwksUrl String
Automatically configure JWKS if not specified by oidc_well_known_url.
oidcWellKnownUrl String
Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
policyEngineMode String
Allowed values: - all - any Defaults to any.
profileUrl String
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
propertyMappings List<String>
propertyMappingsGroups List<String>
requestTokenUrl String
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
sourceOauthId String
userMatchingMode String
Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate String
Defaults to goauthentik.io/sources/%(slug)s.
uuid String
Generated.
consumerKey This property is required. string
consumerSecret This property is required. string
providerType This property is required. string
Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
slug This property is required. string
accessTokenUrl string
Only required for OAuth1.
additionalScopes string
authenticationFlow string
authorizationUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
enabled boolean
Defaults to true.
enrollmentFlow string
groupMatchingMode string
Allowed values: - identifier - name_link - name_deny Defaults to identifier.
name string
oidcJwks string
Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
oidcJwksUrl string
Automatically configure JWKS if not specified by oidc_well_known_url.
oidcWellKnownUrl string
Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
policyEngineMode string
Allowed values: - all - any Defaults to any.
profileUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
propertyMappings string[]
propertyMappingsGroups string[]
requestTokenUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
sourceOauthId string
userMatchingMode string
Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate string
Defaults to goauthentik.io/sources/%(slug)s.
uuid string
Generated.
consumer_key This property is required. str
consumer_secret This property is required. str
provider_type This property is required. str
Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
slug This property is required. str
access_token_url str
Only required for OAuth1.
additional_scopes str
authentication_flow str
authorization_url str
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
enabled bool
Defaults to true.
enrollment_flow str
group_matching_mode str
Allowed values: - identifier - name_link - name_deny Defaults to identifier.
name str
oidc_jwks str
Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
oidc_jwks_url str
Automatically configure JWKS if not specified by oidc_well_known_url.
oidc_well_known_url str
Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
policy_engine_mode str
Allowed values: - all - any Defaults to any.
profile_url str
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
property_mappings Sequence[str]
property_mappings_groups Sequence[str]
request_token_url str
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
source_oauth_id str
user_matching_mode str
Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
user_path_template str
Defaults to goauthentik.io/sources/%(slug)s.
uuid str
Generated.
consumerKey This property is required. String
consumerSecret This property is required. String
providerType This property is required. String
Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
slug This property is required. String
accessTokenUrl String
Only required for OAuth1.
additionalScopes String
authenticationFlow String
authorizationUrl String
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
enabled Boolean
Defaults to true.
enrollmentFlow String
groupMatchingMode String
Allowed values: - identifier - name_link - name_deny Defaults to identifier.
name String
oidcJwks String
Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
oidcJwksUrl String
Automatically configure JWKS if not specified by oidc_well_known_url.
oidcWellKnownUrl String
Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
policyEngineMode String
Allowed values: - all - any Defaults to any.
profileUrl String
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
propertyMappings List<String>
propertyMappingsGroups List<String>
requestTokenUrl String
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
sourceOauthId String
userMatchingMode String
Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate String
Defaults to goauthentik.io/sources/%(slug)s.
uuid String
Generated.

Outputs

All input properties are implicitly available as output properties. Additionally, the SourceOauth resource produces the following output properties:

CallbackUri string
Generated.
Id string
The provider-assigned unique ID for this managed resource.
CallbackUri string
Generated.
Id string
The provider-assigned unique ID for this managed resource.
callbackUri String
Generated.
id String
The provider-assigned unique ID for this managed resource.
callbackUri string
Generated.
id string
The provider-assigned unique ID for this managed resource.
callback_uri str
Generated.
id str
The provider-assigned unique ID for this managed resource.
callbackUri String
Generated.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing SourceOauth Resource

Get an existing SourceOauth resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: SourceOauthState, opts?: CustomResourceOptions): SourceOauth
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        access_token_url: Optional[str] = None,
        additional_scopes: Optional[str] = None,
        authentication_flow: Optional[str] = None,
        authorization_url: Optional[str] = None,
        callback_uri: Optional[str] = None,
        consumer_key: Optional[str] = None,
        consumer_secret: Optional[str] = None,
        enabled: Optional[bool] = None,
        enrollment_flow: Optional[str] = None,
        group_matching_mode: Optional[str] = None,
        name: Optional[str] = None,
        oidc_jwks: Optional[str] = None,
        oidc_jwks_url: Optional[str] = None,
        oidc_well_known_url: Optional[str] = None,
        policy_engine_mode: Optional[str] = None,
        profile_url: Optional[str] = None,
        property_mappings: Optional[Sequence[str]] = None,
        property_mappings_groups: Optional[Sequence[str]] = None,
        provider_type: Optional[str] = None,
        request_token_url: Optional[str] = None,
        slug: Optional[str] = None,
        source_oauth_id: Optional[str] = None,
        user_matching_mode: Optional[str] = None,
        user_path_template: Optional[str] = None,
        uuid: Optional[str] = None) -> SourceOauth
func GetSourceOauth(ctx *Context, name string, id IDInput, state *SourceOauthState, opts ...ResourceOption) (*SourceOauth, error)
public static SourceOauth Get(string name, Input<string> id, SourceOauthState? state, CustomResourceOptions? opts = null)
public static SourceOauth get(String name, Output<String> id, SourceOauthState state, CustomResourceOptions options)
resources:  _:    type: authentik:SourceOauth    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AccessTokenUrl string
Only required for OAuth1.
AdditionalScopes string
AuthenticationFlow string
AuthorizationUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
CallbackUri string
Generated.
ConsumerKey string
ConsumerSecret string
Enabled bool
Defaults to true.
EnrollmentFlow string
GroupMatchingMode string
Allowed values: - identifier - name_link - name_deny Defaults to identifier.
Name string
OidcJwks string
Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
OidcJwksUrl string
Automatically configure JWKS if not specified by oidc_well_known_url.
OidcWellKnownUrl string
Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
PolicyEngineMode string
Allowed values: - all - any Defaults to any.
ProfileUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
PropertyMappings List<string>
PropertyMappingsGroups List<string>
ProviderType string
Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
RequestTokenUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
Slug string
SourceOauthId string
UserMatchingMode string
Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
UserPathTemplate string
Defaults to goauthentik.io/sources/%(slug)s.
Uuid string
Generated.
AccessTokenUrl string
Only required for OAuth1.
AdditionalScopes string
AuthenticationFlow string
AuthorizationUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
CallbackUri string
Generated.
ConsumerKey string
ConsumerSecret string
Enabled bool
Defaults to true.
EnrollmentFlow string
GroupMatchingMode string
Allowed values: - identifier - name_link - name_deny Defaults to identifier.
Name string
OidcJwks string
Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
OidcJwksUrl string
Automatically configure JWKS if not specified by oidc_well_known_url.
OidcWellKnownUrl string
Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
PolicyEngineMode string
Allowed values: - all - any Defaults to any.
ProfileUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
PropertyMappings []string
PropertyMappingsGroups []string
ProviderType string
Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
RequestTokenUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
Slug string
SourceOauthId string
UserMatchingMode string
Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
UserPathTemplate string
Defaults to goauthentik.io/sources/%(slug)s.
Uuid string
Generated.
accessTokenUrl String
Only required for OAuth1.
additionalScopes String
authenticationFlow String
authorizationUrl String
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
callbackUri String
Generated.
consumerKey String
consumerSecret String
enabled Boolean
Defaults to true.
enrollmentFlow String
groupMatchingMode String
Allowed values: - identifier - name_link - name_deny Defaults to identifier.
name String
oidcJwks String
Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
oidcJwksUrl String
Automatically configure JWKS if not specified by oidc_well_known_url.
oidcWellKnownUrl String
Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
policyEngineMode String
Allowed values: - all - any Defaults to any.
profileUrl String
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
propertyMappings List<String>
propertyMappingsGroups List<String>
providerType String
Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
requestTokenUrl String
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
slug String
sourceOauthId String
userMatchingMode String
Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate String
Defaults to goauthentik.io/sources/%(slug)s.
uuid String
Generated.
accessTokenUrl string
Only required for OAuth1.
additionalScopes string
authenticationFlow string
authorizationUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
callbackUri string
Generated.
consumerKey string
consumerSecret string
enabled boolean
Defaults to true.
enrollmentFlow string
groupMatchingMode string
Allowed values: - identifier - name_link - name_deny Defaults to identifier.
name string
oidcJwks string
Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
oidcJwksUrl string
Automatically configure JWKS if not specified by oidc_well_known_url.
oidcWellKnownUrl string
Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
policyEngineMode string
Allowed values: - all - any Defaults to any.
profileUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
propertyMappings string[]
propertyMappingsGroups string[]
providerType string
Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
requestTokenUrl string
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
slug string
sourceOauthId string
userMatchingMode string
Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate string
Defaults to goauthentik.io/sources/%(slug)s.
uuid string
Generated.
access_token_url str
Only required for OAuth1.
additional_scopes str
authentication_flow str
authorization_url str
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
callback_uri str
Generated.
consumer_key str
consumer_secret str
enabled bool
Defaults to true.
enrollment_flow str
group_matching_mode str
Allowed values: - identifier - name_link - name_deny Defaults to identifier.
name str
oidc_jwks str
Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
oidc_jwks_url str
Automatically configure JWKS if not specified by oidc_well_known_url.
oidc_well_known_url str
Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
policy_engine_mode str
Allowed values: - all - any Defaults to any.
profile_url str
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
property_mappings Sequence[str]
property_mappings_groups Sequence[str]
provider_type str
Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
request_token_url str
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
slug str
source_oauth_id str
user_matching_mode str
Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
user_path_template str
Defaults to goauthentik.io/sources/%(slug)s.
uuid str
Generated.
accessTokenUrl String
Only required for OAuth1.
additionalScopes String
authenticationFlow String
authorizationUrl String
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
callbackUri String
Generated.
consumerKey String
consumerSecret String
enabled Boolean
Defaults to true.
enrollmentFlow String
groupMatchingMode String
Allowed values: - identifier - name_link - name_deny Defaults to identifier.
name String
oidcJwks String
Manually configure JWKS keys for use with machine-to-machine authentication. JSON format expected. Use jsonencode() to pass objects. Generated.
oidcJwksUrl String
Automatically configure JWKS if not specified by oidc_well_known_url.
oidcWellKnownUrl String
Automatically configure source from OIDC well-known endpoint. URL is taken as is, and should end with .well-known/openid-configuration.
policyEngineMode String
Allowed values: - all - any Defaults to any.
profileUrl String
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
propertyMappings List<String>
propertyMappingsGroups List<String>
providerType String
Allowed values: - apple - openidconnect - azuread - discord - facebook - github - gitlab - google - mailcow - okta - patreon - reddit - twitch - twitter
requestTokenUrl String
Manually configure OAuth2 URLs when oidc_well_known_url is not set.
slug String
sourceOauthId String
userMatchingMode String
Allowed values: - identifier - email_link - email_deny - username_link - username_deny Defaults to identifier.
userPathTemplate String
Defaults to goauthentik.io/sources/%(slug)s.
uuid String
Generated.

Package Details

Repository
authentik goauthentik/terraform-provider-authentik
License
Notes
This Pulumi package is based on the authentik Terraform Provider.
authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik
goauthentik/terraform-provider-authentik