azurermApiManagementAuthorizationServer
Manages an Authorization Server within an API Management Service.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as azurerm from "./.gen/providers/azurerm";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: azurerm.
For a more precise conversion please use the --provider flag in convert.*/
new azurerm.provider.AzurermProvider(this, "azurerm", {
features: [{}],
});
const dataAzurermApiManagementExample =
new azurerm.dataAzurermApiManagement.DataAzurermApiManagement(
this,
"example",
{
name: "search-api",
resource_group_name: "search-service",
}
);
const azurermApiManagementAuthorizationServerExample =
new azurerm.apiManagementAuthorizationServer.ApiManagementAuthorizationServer(
this,
"example_2",
{
api_management_name: dataAzurermApiManagementExample.name,
authorization_endpoint: "https://example.mydomain.com/client/authorize",
authorization_methods: ["GET"],
client_id: "42424242-4242-4242-4242-424242424242",
client_registration_endpoint:
"https://example.mydomain.com/client/register",
display_name: "Test Server",
grant_types: ["authorizationCode"],
name: "test-server",
resource_group_name: dataAzurermApiManagementExample.resourceGroupName,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
azurermApiManagementAuthorizationServerExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
-
apiManagementName
- (Required) The name of the API Management Service in which this Authorization Server should be created. Changing this forces a new resource to be created. -
authorizationMethods
- (Required) The HTTP Verbs supported by the Authorization Endpoint. Possible values aredelete
,get
,head
,options
,patch
,post
,put
andtrace
.
-> NOTE: get
must always be present.
-
authorizationEndpoint
- (Required) The OAUTH Authorization Endpoint. -
clientId
- (Required) The Client/App ID registered with this Authorization Server. -
clientRegistrationEndpoint
- (Required) The URI of page where Client/App Registration is performed for this Authorization Server. -
displayName
- (Required) The user-friendly name of this Authorization Server. -
grantTypes
- (Required) Form of Authorization Grants required when requesting an Access Token. Possible values areauthorizationCode
,clientCredentials
,implicit
andresourceOwnerPassword
. -
name
- (Required) The name of this Authorization Server. Changing this forces a new resource to be created. -
resourceGroupName
- (Required) The name of the Resource Group in which the API Management Service exists. Changing this forces a new resource to be created.
-
bearerTokenSendingMethods
- (Optional) The mechanism by which Access Tokens are passed to the API. Possible values areauthorizationHeader
andquery
. -
clientAuthenticationMethod
- (Optional) The Authentication Methods supported by the Token endpoint of this Authorization Server.. Possible values arebasic
andbody
. -
clientSecret
- (Optional) The Client/App Secret registered with this Authorization Server. -
defaultScope
- (Optional) The Default Scope used when requesting an Access Token, specified as a string containing space-delimited values. -
description
- (Optional) A description of the Authorization Server, which may contain HTML formatting tags. -
resourceOwnerPassword
- (Optional) The password associated with the Resource Owner.
-> NOTE: This can only be specified when grantType
includes resourceOwnerPassword
.
resourceOwnerUsername
- (Optional) The username associated with the Resource Owner.
-> NOTE: This can only be specified when grantType
includes resourceOwnerPassword
.
-
supportState
- (Optional) Does this Authorization Server support State? If this is set totrue
the client may use the state parameter to raise protocol security. -
tokenBodyParameter
- (Optional) AtokenBodyParameter
block as defined below. -
tokenEndpoint
- (Optional) The OAUTH Token Endpoint.
A tokenBodyParameter
block supports the following:
-
name
- (Required) The Name of the Parameter. -
value
- (Required) The Value of the Parameter.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The ID of the API Management Authorization Server.
Timeouts
The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 30 minutes) Used when creating the API Management Authorization Server.update
- (Defaults to 30 minutes) Used when updating the API Management Authorization Server.read
- (Defaults to 5 minutes) Used when retrieving the API Management Authorization Server.delete
- (Defaults to 30 minutes) Used when deleting the API Management Authorization Server.
Import
API Management Authorization Servers can be imported using the resourceId
, e.g.