openid

ballj/openid/keycloak

Terraform Module HCL KEYCLOAK

OpenID module for apps on Kubernetes.

Install

module "openid" {

source = "ballj/openid/keycloak"

version = "1.2.0"

}

plain text: /constructs/tfmod-ballj-openid-keycloak/install.txt

⭐ Source on GitHub 📦 Registry page

README

Terraform Keycloak OpenID This terraform module creates an OpenID client on keycloak. Useage `` module "openid" { source = "ballj/openid/keycloak" version = "~> 1.0" realm = "example.com" client_id = "https://application.example.com" name = "myapp" access_type = "CONFIDENTIAL" } ` Variables | Variable | Required | Default | Description | | -------------------------------------------- | -------- | ------------ | --------------------------------------------------- | | name | Yes | N/A | Display name of this client | | realm_id | Yes | N/A | Realm this client is attached to | | client_id | Yes | N/A | Client ID for this client | | description | No | null | The description of this client in the GUI | | enabled | No | true | Allow clients to initiate a login | | roles | No | [] | Roles to add t

Inputs (38)

Name	Type	Description	Default
name	string	Display name of this client	required
realm	string	Realm this client is attached to	required
client_id	string	Client ID for this client	required
access_type	string	Specifies the type of client [CONFIDENTIAL, PUBLIC, BEARER-ONLY]	required
pkce_code_challenge_method	string	The challenge method to use for Proof Key for Code Exchange	`""`
client_offline_session_max_lifespan	number	Max time before a client offline session is expired	`null`
client_session_max_lifespan	number	Max time before a client session is expired	`null`
consent_required	bool	Users have to consent to client access	`false`
backchannel_logout_url	string	URL that will cause the client to log itself out	`null`
enabled	bool	Allow clients to initiate a login or obtain access tokens	`true`
full_scope_allowed	bool	Allow to include all roles mappings in the access token	`false`
direct_access_grants_enabled	bool	OAuth2 Resource Owner Password Grant will be enabled for this client	`true`
service_account_enabled	bool	OAuth2 Client Credentials grant will be enabled for this client	`false`
client_offline_session_idle_timeout	number	Time a client offline session is allowed to be idle	`null`
backchannel_logout_revoke_offline_sessions	bool	Specifying whether a revoke_offline_access event is included in the Logout Token	`false`
keys_filter_status	list(string)	Keys will be filtered by status	`[ "ACTIVE" ]`
secret_key	string	Kubernetes namespace to deploy into	`"client_secret"`
description	string	The description of this client in the GUI	`null`
root_url	string	URL is prepended to any relative URLs found	`null`
exclude_session_state_from_auth_response	bool	Parameter session_state will not be included in OpenID Connect Authentication Re	`false`
keys_filter_algorithm	list(string)	Keys will be filtered by algorithm	`[]`
valid_redirect_uris	list(string)	List of valid URIs a browser is permitted to redirect to after a successful logi	`null`
use_refresh_tokens	string	A refresh_token will be created and added to the token response	`true`
backchannel_logout_session_required	bool	A sid (session ID) claim will be included in the logout token	`true`

Outputs (5)

client_id

resource_id

client_secret

roles

realm_keys

Resources (8)

keycloak_group_roleskeycloak_openid_audience_protocol_mapperkeycloak_openid_clientkeycloak_openid_full_name_protocol_mapperkeycloak_openid_user_attribute_protocol_mapperkeycloak_openid_user_client_role_protocol_mapperkeycloak_openid_user_property_protocol_mapperkeycloak_role

Details

FrameworkTerraform Module

LanguageHCL

Version1.2.0

Cloud KEYCLOAK

★ Stars1

Forks0

Total downloads2.2k

Inputs38

Outputs5

Resources8

Namespaceballj

Updated

Tools

⚖ Compare with another construct → 📋 View data schema