Docs Home Pulumi IaC Pulumi ESC Pulumi Insights Pulumi Cloud Packages Tutorials
  1. Packages
  2. Keycloak Provider
  3. API Docs
  4. openid
  5. getClient
Keycloak v6.4.0 published on Wednesday, Apr 16, 2025 by Pulumi
pulumi/pulumi-keycloak

keycloak.openid.getClient

Explore with Pulumi AI

keycloak logo
Keycloak v6.4.0 published on Wednesday, Apr 16, 2025 by Pulumi
pulumi/pulumi-keycloak

    This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realmManagement = keycloak.openid.getClient({
    realmId: "my-realm",
    clientId: "realm-management",
});
// use the data source
const admin = realmManagement.then(realmManagement => keycloak.getRole({
    realmId: "my-realm",
    clientId: realmManagement.id,
    name: "realm-admin",
}));

    import pulumi
import pulumi_keycloak as keycloak

realm_management = keycloak.openid.get_client(realm_id="my-realm",
    client_id="realm-management")
# use the data source
admin = keycloak.get_role(realm_id="my-realm",
    client_id=realm_management.id,
    name="realm-admin")

    package main

import (
	"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
	"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realmManagement, err := openid.LookupClient(ctx, &openid.LookupClientArgs{
			RealmId:  "my-realm",
			ClientId: "realm-management",
		}, nil)
		if err != nil {
			return err
		}
		// use the data source
		_, err = keycloak.LookupRole(ctx, &keycloak.LookupRoleArgs{
			RealmId:  "my-realm",
			ClientId: pulumi.StringRef(realmManagement.Id),
			Name:     "realm-admin",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

    using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;

return await Deployment.RunAsync(() => 
{
    var realmManagement = Keycloak.OpenId.GetClient.Invoke(new()
    {
        RealmId = "my-realm",
        ClientId = "realm-management",
    });

    // use the data source
    var admin = Keycloak.GetRole.Invoke(new()
    {
        RealmId = "my-realm",
        ClientId = realmManagement.Apply(getClientResult => getClientResult.Id),
        Name = "realm-admin",
    });

});

    package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.openid.OpenidFunctions;
import com.pulumi.keycloak.openid.inputs.GetClientArgs;
import com.pulumi.keycloak.KeycloakFunctions;
import com.pulumi.keycloak.inputs.GetRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()
            .realmId("my-realm")
            .clientId("realm-management")
            .build());

        // use the data source
        final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder()
            .realmId("my-realm")
            .clientId(realmManagement.id())
            .name("realm-admin")
            .build());

    }
}

    variables:
  realmManagement:
    fn::invoke:
      function: keycloak:openid:getClient
      arguments:
        realmId: my-realm
        clientId: realm-management
  # use the data source
  admin:
    fn::invoke:
      function: keycloak:getRole
      arguments:
        realmId: my-realm
        clientId: ${realmManagement.id}
        name: realm-admin

    Using getClient

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getClient(args: GetClientArgs, opts?: InvokeOptions): Promise<GetClientResult>
function getClientOutput(args: GetClientOutputArgs, opts?: InvokeOptions): Output<GetClientResult>
    def get_client(always_display_in_console: Optional[bool] = None,
               client_id: Optional[str] = None,
               consent_screen_text: Optional[str] = None,
               display_on_consent_screen: Optional[bool] = None,
               extra_config: Optional[Mapping[str, str]] = None,
               oauth2_device_authorization_grant_enabled: Optional[bool] = None,
               oauth2_device_code_lifespan: Optional[str] = None,
               oauth2_device_polling_interval: Optional[str] = None,
               realm_id: Optional[str] = None,
               opts: Optional[InvokeOptions] = None) -> GetClientResult
def get_client_output(always_display_in_console: Optional[pulumi.Input[bool]] = None,
               client_id: Optional[pulumi.Input[str]] = None,
               consent_screen_text: Optional[pulumi.Input[str]] = None,
               display_on_consent_screen: Optional[pulumi.Input[bool]] = None,
               extra_config: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
               oauth2_device_authorization_grant_enabled: Optional[pulumi.Input[bool]] = None,
               oauth2_device_code_lifespan: Optional[pulumi.Input[str]] = None,
               oauth2_device_polling_interval: Optional[pulumi.Input[str]] = None,
               realm_id: Optional[pulumi.Input[str]] = None,
               opts: Optional[InvokeOptions] = None) -> Output[GetClientResult]
    func LookupClient(ctx *Context, args *LookupClientArgs, opts ...InvokeOption) (*LookupClientResult, error)
func LookupClientOutput(ctx *Context, args *LookupClientOutputArgs, opts ...InvokeOption) LookupClientResultOutput

    > Note: This function is named LookupClient in the Go SDK.

    public static class GetClient 
{
    public static Task<GetClientResult> InvokeAsync(GetClientArgs args, InvokeOptions? opts = null)
    public static Output<GetClientResult> Invoke(GetClientInvokeArgs args, InvokeOptions? opts = null)
}
    public static CompletableFuture<GetClientResult> getClient(GetClientArgs args, InvokeOptions options)
public static Output<GetClientResult> getClient(GetClientArgs args, InvokeOptions options)

    fn::invoke:
  function: keycloak:openid/getClient:getClient
  arguments:
    # arguments dictionary

    The following arguments are supported:

    ClientId string
    The client id (not its unique ID).
    RealmId string
    The realm id.
    AlwaysDisplayInConsole bool
    ConsentScreenText string
    DisplayOnConsentScreen bool
    ExtraConfig Dictionary<string, string>
    Oauth2DeviceAuthorizationGrantEnabled bool
    Oauth2DeviceCodeLifespan string
    Oauth2DevicePollingInterval string
    clientId String
    The client id (not its unique ID).
    realmId String
    The realm id.
    alwaysDisplayInConsole Boolean
    consentScreenText String
    displayOnConsentScreen Boolean
    extraConfig Map<String,String>
    oauth2DeviceAuthorizationGrantEnabled Boolean
    oauth2DeviceCodeLifespan String
    oauth2DevicePollingInterval String
    clientId string
    The client id (not its unique ID).
    realmId string
    The realm id.
    alwaysDisplayInConsole boolean
    consentScreenText string
    displayOnConsentScreen boolean
    extraConfig {[key: string]: string}
    oauth2DeviceAuthorizationGrantEnabled boolean
    oauth2DeviceCodeLifespan string
    oauth2DevicePollingInterval string
    clientId String
    The client id (not its unique ID).
    realmId String
    The realm id.
    alwaysDisplayInConsole Boolean
    consentScreenText String
    displayOnConsentScreen Boolean
    extraConfig Map<String>
    oauth2DeviceAuthorizationGrantEnabled Boolean
    oauth2DeviceCodeLifespan String
    oauth2DevicePollingInterval String

    getClient Result

    The following output properties are available:

    AccessTokenLifespan string
    AccessType string
    AdminUrl string
    AuthenticationFlowBindingOverrides List<GetClientAuthenticationFlowBindingOverride>
    Authorizations List<GetClientAuthorization>
    BackchannelLogoutRevokeOfflineSessions bool
    BackchannelLogoutSessionRequired bool
    BackchannelLogoutUrl string
    BaseUrl string
    ClientAuthenticatorType string
    ClientId string
    ClientOfflineSessionIdleTimeout string
    ClientOfflineSessionMaxLifespan string
    ClientSecret string
    ClientSessionIdleTimeout string
    ClientSessionMaxLifespan string
    ConsentRequired bool
    Description string
    DirectAccessGrantsEnabled bool
    Enabled bool
    ExcludeIssuerFromAuthResponse bool
    ExcludeSessionStateFromAuthResponse bool
    ExtraConfig Dictionary<string, string>
    FrontchannelLogoutEnabled bool
    FrontchannelLogoutUrl string
    FullScopeAllowed bool
    Id string
    The provider-assigned unique ID for this managed resource.
    ImplicitFlowEnabled bool
    LoginTheme string
    Name string
    PkceCodeChallengeMethod string
    RealmId string
    ResourceServerId string
    RootUrl string
    ServiceAccountUserId string
    ServiceAccountsEnabled bool
    StandardFlowEnabled bool
    UseRefreshTokens bool
    UseRefreshTokensClientCredentials bool
    ValidPostLogoutRedirectUris List<string>
    ValidRedirectUris List<string>
    WebOrigins List<string>
    AlwaysDisplayInConsole bool
    ConsentScreenText string
    DisplayOnConsentScreen bool
    Oauth2DeviceAuthorizationGrantEnabled bool
    Oauth2DeviceCodeLifespan string
    Oauth2DevicePollingInterval string
    AccessTokenLifespan string
    AccessType string
    AdminUrl string
    AuthenticationFlowBindingOverrides []GetClientAuthenticationFlowBindingOverride
    Authorizations []GetClientAuthorization
    BackchannelLogoutRevokeOfflineSessions bool
    BackchannelLogoutSessionRequired bool
    BackchannelLogoutUrl string
    BaseUrl string
    ClientAuthenticatorType string
    ClientId string
    ClientOfflineSessionIdleTimeout string
    ClientOfflineSessionMaxLifespan string
    ClientSecret string
    ClientSessionIdleTimeout string
    ClientSessionMaxLifespan string
    ConsentRequired bool
    Description string
    DirectAccessGrantsEnabled bool
    Enabled bool
    ExcludeIssuerFromAuthResponse bool
    ExcludeSessionStateFromAuthResponse bool
    ExtraConfig map[string]string
    FrontchannelLogoutEnabled bool
    FrontchannelLogoutUrl string
    FullScopeAllowed bool
    Id string
    The provider-assigned unique ID for this managed resource.
    ImplicitFlowEnabled bool
    LoginTheme string
    Name string
    PkceCodeChallengeMethod string
    RealmId string
    ResourceServerId string
    RootUrl string
    ServiceAccountUserId string
    ServiceAccountsEnabled bool
    StandardFlowEnabled bool
    UseRefreshTokens bool
    UseRefreshTokensClientCredentials bool
    ValidPostLogoutRedirectUris []string
    ValidRedirectUris []string
    WebOrigins []string
    AlwaysDisplayInConsole bool
    ConsentScreenText string
    DisplayOnConsentScreen bool
    Oauth2DeviceAuthorizationGrantEnabled bool
    Oauth2DeviceCodeLifespan string
    Oauth2DevicePollingInterval string
    accessTokenLifespan String
    accessType String
    adminUrl String
    authenticationFlowBindingOverrides List<GetClientAuthenticationFlowBindingOverride>
    authorizations List<GetClientAuthorization>
    backchannelLogoutRevokeOfflineSessions Boolean
    backchannelLogoutSessionRequired Boolean
    backchannelLogoutUrl String
    baseUrl String
    clientAuthenticatorType String
    clientId String
    clientOfflineSessionIdleTimeout String
    clientOfflineSessionMaxLifespan String
    clientSecret String
    clientSessionIdleTimeout String
    clientSessionMaxLifespan String
    consentRequired Boolean
    description String
    directAccessGrantsEnabled Boolean
    enabled Boolean
    excludeIssuerFromAuthResponse Boolean
    excludeSessionStateFromAuthResponse Boolean
    extraConfig Map<String,String>
    frontchannelLogoutEnabled Boolean
    frontchannelLogoutUrl String
    fullScopeAllowed Boolean
    id String
    The provider-assigned unique ID for this managed resource.
    implicitFlowEnabled Boolean
    loginTheme String
    name String
    pkceCodeChallengeMethod String
    realmId String
    resourceServerId String
    rootUrl String
    serviceAccountUserId String
    serviceAccountsEnabled Boolean
    standardFlowEnabled Boolean
    useRefreshTokens Boolean
    useRefreshTokensClientCredentials Boolean
    validPostLogoutRedirectUris List<String>
    validRedirectUris List<String>
    webOrigins List<String>
    alwaysDisplayInConsole Boolean
    consentScreenText String
    displayOnConsentScreen Boolean
    oauth2DeviceAuthorizationGrantEnabled Boolean
    oauth2DeviceCodeLifespan String
    oauth2DevicePollingInterval String
    accessTokenLifespan string
    accessType string
    adminUrl string
    authenticationFlowBindingOverrides GetClientAuthenticationFlowBindingOverride[]
    authorizations GetClientAuthorization[]
    backchannelLogoutRevokeOfflineSessions boolean
    backchannelLogoutSessionRequired boolean
    backchannelLogoutUrl string
    baseUrl string
    clientAuthenticatorType string
    clientId string
    clientOfflineSessionIdleTimeout string
    clientOfflineSessionMaxLifespan string
    clientSecret string
    clientSessionIdleTimeout string
    clientSessionMaxLifespan string
    consentRequired boolean
    description string
    directAccessGrantsEnabled boolean
    enabled boolean
    excludeIssuerFromAuthResponse boolean
    excludeSessionStateFromAuthResponse boolean
    extraConfig {[key: string]: string}
    frontchannelLogoutEnabled boolean
    frontchannelLogoutUrl string
    fullScopeAllowed boolean
    id string
    The provider-assigned unique ID for this managed resource.
    implicitFlowEnabled boolean
    loginTheme string
    name string
    pkceCodeChallengeMethod string
    realmId string
    resourceServerId string
    rootUrl string
    serviceAccountUserId string
    serviceAccountsEnabled boolean
    standardFlowEnabled boolean
    useRefreshTokens boolean
    useRefreshTokensClientCredentials boolean
    validPostLogoutRedirectUris string[]
    validRedirectUris string[]
    webOrigins string[]
    alwaysDisplayInConsole boolean
    consentScreenText string
    displayOnConsentScreen boolean
    oauth2DeviceAuthorizationGrantEnabled boolean
    oauth2DeviceCodeLifespan string
    oauth2DevicePollingInterval string
    access_token_lifespan str
    access_type str
    admin_url str
    authentication_flow_binding_overrides Sequence[GetClientAuthenticationFlowBindingOverride]
    authorizations Sequence[GetClientAuthorization]
    backchannel_logout_revoke_offline_sessions bool
    backchannel_logout_session_required bool
    backchannel_logout_url str
    base_url str
    client_authenticator_type str
    client_id str
    client_offline_session_idle_timeout str
    client_offline_session_max_lifespan str
    client_secret str
    client_session_idle_timeout str
    client_session_max_lifespan str
    consent_required bool
    description str
    direct_access_grants_enabled bool
    enabled bool
    exclude_issuer_from_auth_response bool
    exclude_session_state_from_auth_response bool
    extra_config Mapping[str, str]
    frontchannel_logout_enabled bool
    frontchannel_logout_url str
    full_scope_allowed bool
    id str
    The provider-assigned unique ID for this managed resource.
    implicit_flow_enabled bool
    login_theme str
    name str
    pkce_code_challenge_method str
    realm_id str
    resource_server_id str
    root_url str
    service_account_user_id str
    service_accounts_enabled bool
    standard_flow_enabled bool
    use_refresh_tokens bool
    use_refresh_tokens_client_credentials bool
    valid_post_logout_redirect_uris Sequence[str]
    valid_redirect_uris Sequence[str]
    web_origins Sequence[str]
    always_display_in_console bool
    consent_screen_text str
    display_on_consent_screen bool
    oauth2_device_authorization_grant_enabled bool
    oauth2_device_code_lifespan str
    oauth2_device_polling_interval str
    accessTokenLifespan String
    accessType String
    adminUrl String
    authenticationFlowBindingOverrides List<Property Map>
    authorizations List<Property Map>
    backchannelLogoutRevokeOfflineSessions Boolean
    backchannelLogoutSessionRequired Boolean
    backchannelLogoutUrl String
    baseUrl String
    clientAuthenticatorType String
    clientId String
    clientOfflineSessionIdleTimeout String
    clientOfflineSessionMaxLifespan String
    clientSecret String
    clientSessionIdleTimeout String
    clientSessionMaxLifespan String
    consentRequired Boolean
    description String
    directAccessGrantsEnabled Boolean
    enabled Boolean
    excludeIssuerFromAuthResponse Boolean
    excludeSessionStateFromAuthResponse Boolean
    extraConfig Map<String>
    frontchannelLogoutEnabled Boolean
    frontchannelLogoutUrl String
    fullScopeAllowed Boolean
    id String
    The provider-assigned unique ID for this managed resource.
    implicitFlowEnabled Boolean
    loginTheme String
    name String
    pkceCodeChallengeMethod String
    realmId String
    resourceServerId String
    rootUrl String
    serviceAccountUserId String
    serviceAccountsEnabled Boolean
    standardFlowEnabled Boolean
    useRefreshTokens Boolean
    useRefreshTokensClientCredentials Boolean
    validPostLogoutRedirectUris List<String>
    validRedirectUris List<String>
    webOrigins List<String>
    alwaysDisplayInConsole Boolean
    consentScreenText String
    displayOnConsentScreen Boolean
    oauth2DeviceAuthorizationGrantEnabled Boolean
    oauth2DeviceCodeLifespan String
    oauth2DevicePollingInterval String

    Supporting Types

    GetClientAuthenticationFlowBindingOverride

    GetClientAuthorization

    Package Details

    Repository
    Keycloak pulumi/pulumi-keycloak
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the keycloak Terraform Provider.
    keycloak logo
    Keycloak v6.4.0 published on Wednesday, Apr 16, 2025 by Pulumi
    pulumi/pulumi-keycloak