64 lines
1.8 KiB
HCL
64 lines
1.8 KiB
HCL
terraform {
|
|
required_providers {
|
|
zitadel = {
|
|
source = "zitadel/zitadel"
|
|
version = "2.0.2"
|
|
}
|
|
}
|
|
}
|
|
|
|
resource "zitadel_application_oidc" "default" {
|
|
depends_on = [var.wait_on]
|
|
|
|
org_id = var.org_id
|
|
|
|
grant_types = ["OIDC_GRANT_TYPE_AUTHORIZATION_CODE"]
|
|
name = var.name
|
|
project_id = var.project_id
|
|
|
|
redirect_uris = var.redirect_uris
|
|
response_types = ["OIDC_RESPONSE_TYPE_CODE"]
|
|
|
|
# // If selected, the requested roles of the authenticated user are added to the access token.
|
|
access_token_type = "OIDC_TOKEN_TYPE_JWT"
|
|
access_token_role_assertion = true
|
|
|
|
# BEARER uses an Opaque token, which needs the introspection endpoint and `urn:zitadel:iam:org:project:id:<API_PROJECT_ID>:aud` scope
|
|
#access_token_type = "OIDC_TOKEN_TYPE_BEARER"
|
|
|
|
# // If you want to add additional Origins to your app which is not used as a redirect you can do that here.
|
|
#additional_origins = []
|
|
|
|
app_type = "OIDC_APP_TYPE_USER_AGENT"
|
|
auth_method_type = "OIDC_AUTH_METHOD_TYPE_NONE"
|
|
|
|
# // Redirect URIs must begin with https:// unless dev_mode is true
|
|
#dev_mode = false
|
|
|
|
# // If selected, the requested roles of the authenticated user are added to the ID token.
|
|
#id_token_role_assertion = false
|
|
# // Enables clients to retrieve profile, email, phone and address claims from ID token.
|
|
#id_token_userinfo_assertion = false
|
|
|
|
post_logout_redirect_uris = var.post_logout_redirect_uris
|
|
}
|
|
|
|
output "installed" {
|
|
value = true
|
|
depends_on = [zitadel_application_oidc.default]
|
|
}
|
|
|
|
output "application_id" {
|
|
value = zitadel_application_oidc.default.id
|
|
}
|
|
|
|
output "client_id" {
|
|
value = zitadel_application_oidc.default.client_id
|
|
sensitive = true
|
|
}
|
|
|
|
output "client_secret" {
|
|
value = zitadel_application_oidc.default.client_secret
|
|
sensitive = true
|
|
}
|