client
bcgov/client/keycloak
Terraform Module
HCL
KEYCLOAK
Install
module "client" {
source = "bcgov/client/keycloak"
version = "0.2.0"
}
README
SSO Terraform Keycloak Client Terraform module which creates a Keycloak realm client with default values. - see https://registry.terraform.io/providers/mrparkers/keycloak/latest/docs/resources/openid_client Usage ``hcl module "client_test-client" { source = "github.com/bcgov/sso-terraform-keycloak-client?ref=dev" realm_id = "onestopauth" client_name = "test-client" valid_redirect_uris = [ "http://localhost:3000" ] } ` - remove ?ref=dev when referring main` branch. Authors Module is maintained by SSO Team. License Apache 2 Licensed. See license for full details.
Inputs (27)
| Name | Type | Description | Default |
|---|---|---|---|
| realm_id | string | The realm id to create openid client on | |
| client_name | string | The name of the openid client of the realm | |
| exclude_session_state_from_auth_response | bool | When true, the parameter session_state will not be included in OpenID Connect Au | false |
| direct_access_grants_enabled | bool | When true, the OAuth2 Resource Owner Password Grant will be enabled for this cli | false |
| service_accounts_enabled | bool | When true, the OAuth2 Client Credentials grant will be enabled for this client | false |
| base_url | string | Default URL to use when the auth server needs to redirect or link back to the cl | "" |
| valid_redirect_uris | list(string) | A list of valid URIs a browser is permitted to redirect to after a successful lo | [
"*"
] |
| client_session_max_lifespan | string | Max time before a client offline session is expired. Offline tokens are invalida | "" |
| client_id | string | The id of the openid client of the realm | "" |
| description | string | The description of the openid client of the realm | "" |
| client_session_idle_timeout | string | Time a client offline session is allowed to be idle before it expires. Offline t | "" |
| client_offline_session_idle_timeout | string | Time a client session is allowed to be idle before it expires. Tokens are invali | "" |
| login_theme | string | The client login theme. This will override the default theme for the realm | "" |
| client_secret | string | The secret of the client if the access_type is CONFIDENTIAL or BEARER-ONLY | "" |
| implicit_flow_enabled | bool | When true, the OAuth2 Implicit Grant will be enabled for this client | false |
| admin_url | string | URL to the admin interface of the client | "" |
| client_offline_session_max_lifespan | string | Max time before a client session is expired. Tokens are invalidated when a clien | "" |
| enabled | bool | Whether or not the client will initiate a login or obtain access tokens | true |
| access_type | string | The access type of the openid client of the realm | "CONFIDENTIAL" |
| pkce_code_challenge_method | string | The challenge method to use for Proof Key for Code Exchange. Can be either plain | "" |
| access_token_lifespan | string | The amount of time in seconds before an access token expires. This will override | "" |
| standard_flow_enabled | bool | When true, the OAuth2 Authorization Code Grant will be enabled for this client | true |
Resources (3)
keycloak_generic_client_protocol_mapperkeycloak_openid_clientkeycloak_role
Details
FrameworkTerraform Module
LanguageHCL
Version0.2.0
Cloud KEYCLOAK
★ Stars1
Forks1
Total downloads682
Inputs27
Resources3
LicenseApache-2.0
Namespacebcgov
Updated