getClientGrants

Auth0 v3.38.0, Feb 20 26

Viewing docs for Auth0 v3.38.0
published on Friday, Feb 20, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-auth0

Viewing docs for Auth0 v3.38.0
published on Friday, Feb 20, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-auth0

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const myClient = new auth0.Client("my_client", {name: "Example Application (Managed by Terraform)"});
const myResourceServer = new auth0.ResourceServer("my_resource_server", {
    name: "Example Resource Server (Managed by Terraform)",
    identifier: "https://api.example.com/client-grant",
    authorizationDetails: [{
        type: "payment",
    }],
    subjectTypeAuthorization: {
        user: {
            policy: "allow_all",
        },
    },
});
const myScopes = new auth0.ResourceServerScopes("my_scopes", {
    resourceServerIdentifier: myResourceServer.identifier,
    scopes: [{
        name: "create:foo",
    }],
}, {
    dependsOn: [myResourceServer],
});
const myClientGrant = new auth0.ClientGrant("my_client_grant", {
    clientId: myClient.id,
    audience: myResourceServer.identifier,
    authorizationDetailsTypes: ["payment"],
    subjectType: "user",
    allowAllScopes: true,
});
const filterByClientId = auth0.getClientGrantsOutput({
    clientId: myClient.id,
});
const filterByAudience = auth0.getClientGrantsOutput({
    audience: myResourceServer.identifier,
});
const filterByClientIdAndAudience = auth0.getClientGrantsOutput({
    clientId: myClient.id,
    audience: myResourceServer.identifier,
});

import pulumi
import pulumi_auth0 as auth0

my_client = auth0.Client("my_client", name="Example Application (Managed by Terraform)")
my_resource_server = auth0.ResourceServer("my_resource_server",
    name="Example Resource Server (Managed by Terraform)",
    identifier="https://api.example.com/client-grant",
    authorization_details=[{
        "type": "payment",
    }],
    subject_type_authorization={
        "user": {
            "policy": "allow_all",
        },
    })
my_scopes = auth0.ResourceServerScopes("my_scopes",
    resource_server_identifier=my_resource_server.identifier,
    scopes=[{
        "name": "create:foo",
    }],
    opts = pulumi.ResourceOptions(depends_on=[my_resource_server]))
my_client_grant = auth0.ClientGrant("my_client_grant",
    client_id=my_client.id,
    audience=my_resource_server.identifier,
    authorization_details_types=["payment"],
    subject_type="user",
    allow_all_scopes=True)
filter_by_client_id = auth0.get_client_grants_output(client_id=my_client.id)
filter_by_audience = auth0.get_client_grants_output(audience=my_resource_server.identifier)
filter_by_client_id_and_audience = auth0.get_client_grants_output(client_id=my_client.id,
    audience=my_resource_server.identifier)

package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myClient, err := auth0.NewClient(ctx, "my_client", &auth0.ClientArgs{
			Name: pulumi.String("Example Application (Managed by Terraform)"),
		})
		if err != nil {
			return err
		}
		myResourceServer, err := auth0.NewResourceServer(ctx, "my_resource_server", &auth0.ResourceServerArgs{
			Name:       pulumi.String("Example Resource Server (Managed by Terraform)"),
			Identifier: pulumi.String("https://api.example.com/client-grant"),
			AuthorizationDetails: auth0.ResourceServerAuthorizationDetailArray{
				&auth0.ResourceServerAuthorizationDetailArgs{
					Type: pulumi.String("payment"),
				},
			},
			SubjectTypeAuthorization: &auth0.ResourceServerSubjectTypeAuthorizationArgs{
				User: &auth0.ResourceServerSubjectTypeAuthorizationUserArgs{
					Policy: pulumi.String("allow_all"),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = auth0.NewResourceServerScopes(ctx, "my_scopes", &auth0.ResourceServerScopesArgs{
			ResourceServerIdentifier: myResourceServer.Identifier,
			Scopes: auth0.ResourceServerScopesScopeArray{
				&auth0.ResourceServerScopesScopeArgs{
					Name: pulumi.String("create:foo"),
				},
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			myResourceServer,
		}))
		if err != nil {
			return err
		}
		_, err = auth0.NewClientGrant(ctx, "my_client_grant", &auth0.ClientGrantArgs{
			ClientId: myClient.ID(),
			Audience: myResourceServer.Identifier,
			AuthorizationDetailsTypes: pulumi.StringArray{
				pulumi.String("payment"),
			},
			SubjectType:    pulumi.String("user"),
			AllowAllScopes: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_ = auth0.GetClientGrantsOutput(ctx, auth0.GetClientGrantsOutputArgs{
			ClientId: myClient.ID(),
		}, nil)
		_ = auth0.GetClientGrantsOutput(ctx, auth0.GetClientGrantsOutputArgs{
			Audience: myResourceServer.Identifier,
		}, nil)
		_ = auth0.GetClientGrantsOutput(ctx, auth0.GetClientGrantsOutputArgs{
			ClientId: myClient.ID(),
			Audience: myResourceServer.Identifier,
		}, nil)
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var myClient = new Auth0.Client("my_client", new()
    {
        Name = "Example Application (Managed by Terraform)",
    });

    var myResourceServer = new Auth0.ResourceServer("my_resource_server", new()
    {
        Name = "Example Resource Server (Managed by Terraform)",
        Identifier = "https://api.example.com/client-grant",
        AuthorizationDetails = new[]
        {
            new Auth0.Inputs.ResourceServerAuthorizationDetailArgs
            {
                Type = "payment",
            },
        },
        SubjectTypeAuthorization = new Auth0.Inputs.ResourceServerSubjectTypeAuthorizationArgs
        {
            User = new Auth0.Inputs.ResourceServerSubjectTypeAuthorizationUserArgs
            {
                Policy = "allow_all",
            },
        },
    });

    var myScopes = new Auth0.ResourceServerScopes("my_scopes", new()
    {
        ResourceServerIdentifier = myResourceServer.Identifier,
        Scopes = new[]
        {
            new Auth0.Inputs.ResourceServerScopesScopeArgs
            {
                Name = "create:foo",
            },
        },
    }, new CustomResourceOptions
    {
        DependsOn =
        {
            myResourceServer,
        },
    });

    var myClientGrant = new Auth0.ClientGrant("my_client_grant", new()
    {
        ClientId = myClient.Id,
        Audience = myResourceServer.Identifier,
        AuthorizationDetailsTypes = new[]
        {
            "payment",
        },
        SubjectType = "user",
        AllowAllScopes = true,
    });

    var filterByClientId = Auth0.GetClientGrants.Invoke(new()
    {
        ClientId = myClient.Id,
    });

    var filterByAudience = Auth0.GetClientGrants.Invoke(new()
    {
        Audience = myResourceServer.Identifier,
    });

    var filterByClientIdAndAudience = Auth0.GetClientGrants.Invoke(new()
    {
        ClientId = myClient.Id,
        Audience = myResourceServer.Identifier,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Client;
import com.pulumi.auth0.ClientArgs;
import com.pulumi.auth0.ResourceServer;
import com.pulumi.auth0.ResourceServerArgs;
import com.pulumi.auth0.inputs.ResourceServerAuthorizationDetailArgs;
import com.pulumi.auth0.inputs.ResourceServerSubjectTypeAuthorizationArgs;
import com.pulumi.auth0.inputs.ResourceServerSubjectTypeAuthorizationUserArgs;
import com.pulumi.auth0.ResourceServerScopes;
import com.pulumi.auth0.ResourceServerScopesArgs;
import com.pulumi.auth0.inputs.ResourceServerScopesScopeArgs;
import com.pulumi.auth0.ClientGrant;
import com.pulumi.auth0.ClientGrantArgs;
import com.pulumi.auth0.Auth0Functions;
import com.pulumi.auth0.inputs.GetClientGrantsArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myClient = new Client("myClient", ClientArgs.builder()
            .name("Example Application (Managed by Terraform)")
            .build());

        var myResourceServer = new ResourceServer("myResourceServer", ResourceServerArgs.builder()
            .name("Example Resource Server (Managed by Terraform)")
            .identifier("https://api.example.com/client-grant")
            .authorizationDetails(ResourceServerAuthorizationDetailArgs.builder()
                .type("payment")
                .build())
            .subjectTypeAuthorization(ResourceServerSubjectTypeAuthorizationArgs.builder()
                .user(ResourceServerSubjectTypeAuthorizationUserArgs.builder()
                    .policy("allow_all")
                    .build())
                .build())
            .build());

        var myScopes = new ResourceServerScopes("myScopes", ResourceServerScopesArgs.builder()
            .resourceServerIdentifier(myResourceServer.identifier())
            .scopes(ResourceServerScopesScopeArgs.builder()
                .name("create:foo")
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(myResourceServer)
                .build());

        var myClientGrant = new ClientGrant("myClientGrant", ClientGrantArgs.builder()
            .clientId(myClient.id())
            .audience(myResourceServer.identifier())
            .authorizationDetailsTypes("payment")
            .subjectType("user")
            .allowAllScopes(true)
            .build());

        final var filterByClientId = Auth0Functions.getClientGrants(GetClientGrantsArgs.builder()
            .clientId(myClient.id())
            .build());

        final var filterByAudience = Auth0Functions.getClientGrants(GetClientGrantsArgs.builder()
            .audience(myResourceServer.identifier())
            .build());

        final var filterByClientIdAndAudience = Auth0Functions.getClientGrants(GetClientGrantsArgs.builder()
            .clientId(myClient.id())
            .audience(myResourceServer.identifier())
            .build());

    }
}

resources:
  myClient:
    type: auth0:Client
    name: my_client
    properties:
      name: Example Application (Managed by Terraform)
  myResourceServer:
    type: auth0:ResourceServer
    name: my_resource_server
    properties:
      name: Example Resource Server (Managed by Terraform)
      identifier: https://api.example.com/client-grant
      authorizationDetails:
        - type: payment
      subjectTypeAuthorization:
        user:
          policy: allow_all
  myScopes:
    type: auth0:ResourceServerScopes
    name: my_scopes
    properties:
      resourceServerIdentifier: ${myResourceServer.identifier}
      scopes:
        - name: create:foo
    options:
      dependsOn:
        - ${myResourceServer}
  myClientGrant:
    type: auth0:ClientGrant
    name: my_client_grant
    properties:
      clientId: ${myClient.id}
      audience: ${myResourceServer.identifier}
      authorizationDetailsTypes:
        - payment
      subjectType: user
      allowAllScopes: true
variables:
  filterByClientId:
    fn::invoke:
      function: auth0:getClientGrants
      arguments:
        clientId: ${myClient.id}
  filterByAudience:
    fn::invoke:
      function: auth0:getClientGrants
      arguments:
        audience: ${myResourceServer.identifier}
  filterByClientIdAndAudience:
    fn::invoke:
      function: auth0:getClientGrants
      arguments:
        clientId: ${myClient.id}
        audience: ${myResourceServer.identifier}

Using getClientGrants

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getClientGrants(args: GetClientGrantsArgs, opts?: InvokeOptions): Promise<GetClientGrantsResult>
function getClientGrantsOutput(args: GetClientGrantsOutputArgs, opts?: InvokeOptions): Output<GetClientGrantsResult>

def get_client_grants(audience: Optional[str] = None,
                      client_id: Optional[str] = None,
                      opts: Optional[InvokeOptions] = None) -> GetClientGrantsResult
def get_client_grants_output(audience: Optional[pulumi.Input[str]] = None,
                      client_id: Optional[pulumi.Input[str]] = None,
                      opts: Optional[InvokeOptions] = None) -> Output[GetClientGrantsResult]

func GetClientGrants(ctx *Context, args *GetClientGrantsArgs, opts ...InvokeOption) (*GetClientGrantsResult, error)
func GetClientGrantsOutput(ctx *Context, args *GetClientGrantsOutputArgs, opts ...InvokeOption) GetClientGrantsResultOutput

> Note: This function is named GetClientGrants in the Go SDK.

public static class GetClientGrants 
{
    public static Task<GetClientGrantsResult> InvokeAsync(GetClientGrantsArgs args, InvokeOptions? opts = null)
    public static Output<GetClientGrantsResult> Invoke(GetClientGrantsInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetClientGrantsResult> getClientGrants(GetClientGrantsArgs args, InvokeOptions options)
public static Output<GetClientGrantsResult> getClientGrants(GetClientGrantsArgs args, InvokeOptions options)

fn::invoke:
  function: auth0:index/getClientGrants:getClientGrants
  arguments:
    # arguments dictionary

The following arguments are supported:

Audience string: The audience to filter by.
ClientId string: The ID of the client to filter by.

Audience string: The audience to filter by.
ClientId string: The ID of the client to filter by.

audience String: The audience to filter by.
clientId String: The ID of the client to filter by.

audience string: The audience to filter by.
clientId string: The ID of the client to filter by.

audience str: The audience to filter by.
client_id str: The ID of the client to filter by.

audience String: The audience to filter by.
clientId String: The ID of the client to filter by.