Reads OpenID Configuration from an OIDC Provider provisioned in Vault.
resource "vault_identity_oidc_key" "key" {
name = "key"
allowed_client_ids = ["*"]
rotation_period = 3600
verification_ttl = 3600
}
resource "vault_identity_oidc_client" "app" {
name = "application"
key = vault_identity_oidc_key.key.name
redirect_uris = [
"http://127.0.0.1:9200/v1/auth-methods/oidc:authenticate:callback",
"http://127.0.0.1:8251/callback",
"http://127.0.0.1:8080/callback"
]
id_token_ttl = 2400
access_token_ttl = 7200
}
resource "vault_identity_oidc_provider" "provider" {
name = "provider"
allowed_client_ids = [
vault_identity_oidc_client.test.client_id
]
}
data "vault_identity_oidc_openid_config" "config" {
name = vault_identity_oidc_provider.provider.name
}
The following arguments are supported:
namespace
- (Optional) The namespace of the target resource.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
name
- (Required) The name of the OIDC Provider in Vault.
In addition to the arguments above, the following attributes are exported:
issuer
- The URL of the issuer for the provider.
jwks_uri
- The well known keys URI for the provider.
authorization_endpoint
- The Authorization Endpoint for the provider.
token_endpoint
- The Token Endpoint for the provider.
userinfo_endpoint
- The User Info Endpoint for the provider
request_uri_parameter_supported
- Specifies whether Request URI Parameter is
supported by the provider.
id_token_signing_alg_values_supported
- The signing algorithms supported by
the provider.
response_types_supported
- The response types supported by the provider.
scopes_supported
- The scopes supported by the provider.
grant_types_supported
- The grant types supported by the provider.
subject_types_supported
- The subject types supported by the provider.
token_endpoint_auth_methods_supported
- The token endpoint auth methods supported by the provider.