import * as pulumi from "@pulumi/pulumi";
import * as inputs from "./types/input";
import * as outputs from "./types/output";
export declare class IdentityJwtAuth extends pulumi.CustomResource {
    /**
     * Get an existing IdentityJwtAuth resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: IdentityJwtAuthState, opts?: pulumi.CustomResourceOptions): IdentityJwtAuth;
    /**
     * Returns true if the given object is an instance of IdentityJwtAuth.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is IdentityJwtAuth;
    /**
     * The maximum lifetime for an access token in seconds. This value will be referenced at renewal time. Default: 2592000
     */
    readonly accessTokenMaxTtl: pulumi.Output<number>;
    /**
     * The maximum number of times that an access token can be used; a value of 0 implies infinite number of uses. Default: 0
     */
    readonly accessTokenNumUsesLimit: pulumi.Output<number>;
    /**
     * A list of IPs or CIDR ranges that access tokens can be used from. You can use 0.0.0.0/0, to allow usage from any network address.
     */
    readonly accessTokenTrustedIps: pulumi.Output<outputs.IdentityJwtAuthAccessTokenTrustedIp[]>;
    /**
     * The lifetime for an access token in seconds. This value will be referenced at renewal time. Default: 2592000
     */
    readonly accessTokenTtl: pulumi.Output<number>;
    /**
     * The list of intended recipients.
     */
    readonly boundAudiences: pulumi.Output<string[]>;
    /**
     * The attributes that should be present in the JWT for it to be valid.
     */
    readonly boundClaims: pulumi.Output<{
        [key: string]: string;
    }>;
    /**
     * The unique identifier of the identity provider issuing the JWTs.
     */
    readonly boundIssuer: pulumi.Output<string>;
    /**
     * The expected principal that is the subject of the JWT.
     */
    readonly boundSubject: pulumi.Output<string>;
    /**
     * The configuration type of the JWT auth. Must be 'jwks' or 'static'.
     */
    readonly configurationType: pulumi.Output<string>;
    /**
     * The ID of the identity to attach the configuration onto.
     */
    readonly identityId: pulumi.Output<string>;
    /**
     * The PEM-encoded CA certificate for validating the TLS connection to the JWKS URL.
     */
    readonly jwksCaCert: pulumi.Output<string>;
    /**
     * The URL used to retrieve the JSON Web Key Set (JWKS) for verifying JWTs. Required when<span pulumi-lang-nodejs=" configurationType " pulumi-lang-dotnet=" ConfigurationType " pulumi-lang-go=" configurationType " pulumi-lang-python=" configuration_type " pulumi-lang-yaml=" configurationType " pulumi-lang-java=" configurationType " pulumi-lang-hcl=" configuration_type "> configurationType </span>is 'jwks'.
     */
    readonly jwksUrl: pulumi.Output<string>;
    /**
     * A list of PEM-encoded public keys used to verify JWTs. Required when<span pulumi-lang-nodejs=" configurationType " pulumi-lang-dotnet=" ConfigurationType " pulumi-lang-go=" configurationType " pulumi-lang-python=" configuration_type " pulumi-lang-yaml=" configurationType " pulumi-lang-java=" configurationType " pulumi-lang-hcl=" configuration_type "> configurationType </span>is 'static'.
     */
    readonly publicKeys: pulumi.Output<string[]>;
    /**
     * Create a IdentityJwtAuth resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: IdentityJwtAuthArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering IdentityJwtAuth resources.
 */
export interface IdentityJwtAuthState {
    /**
     * The maximum lifetime for an access token in seconds. This value will be referenced at renewal time. Default: 2592000
     */
    accessTokenMaxTtl?: pulumi.Input<number | undefined>;
    /**
     * The maximum number of times that an access token can be used; a value of 0 implies infinite number of uses. Default: 0
     */
    accessTokenNumUsesLimit?: pulumi.Input<number | undefined>;
    /**
     * A list of IPs or CIDR ranges that access tokens can be used from. You can use 0.0.0.0/0, to allow usage from any network address.
     */
    accessTokenTrustedIps?: pulumi.Input<pulumi.Input<inputs.IdentityJwtAuthAccessTokenTrustedIp>[] | undefined>;
    /**
     * The lifetime for an access token in seconds. This value will be referenced at renewal time. Default: 2592000
     */
    accessTokenTtl?: pulumi.Input<number | undefined>;
    /**
     * The list of intended recipients.
     */
    boundAudiences?: pulumi.Input<pulumi.Input<string>[] | undefined>;
    /**
     * The attributes that should be present in the JWT for it to be valid.
     */
    boundClaims?: pulumi.Input<{
        [key: string]: pulumi.Input<string>;
    } | undefined>;
    /**
     * The unique identifier of the identity provider issuing the JWTs.
     */
    boundIssuer?: pulumi.Input<string | undefined>;
    /**
     * The expected principal that is the subject of the JWT.
     */
    boundSubject?: pulumi.Input<string | undefined>;
    /**
     * The configuration type of the JWT auth. Must be 'jwks' or 'static'.
     */
    configurationType?: pulumi.Input<string | undefined>;
    /**
     * The ID of the identity to attach the configuration onto.
     */
    identityId?: pulumi.Input<string | undefined>;
    /**
     * The PEM-encoded CA certificate for validating the TLS connection to the JWKS URL.
     */
    jwksCaCert?: pulumi.Input<string | undefined>;
    /**
     * The URL used to retrieve the JSON Web Key Set (JWKS) for verifying JWTs. Required when<span pulumi-lang-nodejs=" configurationType " pulumi-lang-dotnet=" ConfigurationType " pulumi-lang-go=" configurationType " pulumi-lang-python=" configuration_type " pulumi-lang-yaml=" configurationType " pulumi-lang-java=" configurationType " pulumi-lang-hcl=" configuration_type "> configurationType </span>is 'jwks'.
     */
    jwksUrl?: pulumi.Input<string | undefined>;
    /**
     * A list of PEM-encoded public keys used to verify JWTs. Required when<span pulumi-lang-nodejs=" configurationType " pulumi-lang-dotnet=" ConfigurationType " pulumi-lang-go=" configurationType " pulumi-lang-python=" configuration_type " pulumi-lang-yaml=" configurationType " pulumi-lang-java=" configurationType " pulumi-lang-hcl=" configuration_type "> configurationType </span>is 'static'.
     */
    publicKeys?: pulumi.Input<pulumi.Input<string>[] | undefined>;
}
/**
 * The set of arguments for constructing a IdentityJwtAuth resource.
 */
export interface IdentityJwtAuthArgs {
    /**
     * The maximum lifetime for an access token in seconds. This value will be referenced at renewal time. Default: 2592000
     */
    accessTokenMaxTtl?: pulumi.Input<number | undefined>;
    /**
     * The maximum number of times that an access token can be used; a value of 0 implies infinite number of uses. Default: 0
     */
    accessTokenNumUsesLimit?: pulumi.Input<number | undefined>;
    /**
     * A list of IPs or CIDR ranges that access tokens can be used from. You can use 0.0.0.0/0, to allow usage from any network address.
     */
    accessTokenTrustedIps?: pulumi.Input<pulumi.Input<inputs.IdentityJwtAuthAccessTokenTrustedIp>[] | undefined>;
    /**
     * The lifetime for an access token in seconds. This value will be referenced at renewal time. Default: 2592000
     */
    accessTokenTtl?: pulumi.Input<number | undefined>;
    /**
     * The list of intended recipients.
     */
    boundAudiences?: pulumi.Input<pulumi.Input<string>[] | undefined>;
    /**
     * The attributes that should be present in the JWT for it to be valid.
     */
    boundClaims?: pulumi.Input<{
        [key: string]: pulumi.Input<string>;
    } | undefined>;
    /**
     * The unique identifier of the identity provider issuing the JWTs.
     */
    boundIssuer?: pulumi.Input<string | undefined>;
    /**
     * The expected principal that is the subject of the JWT.
     */
    boundSubject?: pulumi.Input<string | undefined>;
    /**
     * The configuration type of the JWT auth. Must be 'jwks' or 'static'.
     */
    configurationType: pulumi.Input<string>;
    /**
     * The ID of the identity to attach the configuration onto.
     */
    identityId: pulumi.Input<string>;
    /**
     * The PEM-encoded CA certificate for validating the TLS connection to the JWKS URL.
     */
    jwksCaCert?: pulumi.Input<string | undefined>;
    /**
     * The URL used to retrieve the JSON Web Key Set (JWKS) for verifying JWTs. Required when<span pulumi-lang-nodejs=" configurationType " pulumi-lang-dotnet=" ConfigurationType " pulumi-lang-go=" configurationType " pulumi-lang-python=" configuration_type " pulumi-lang-yaml=" configurationType " pulumi-lang-java=" configurationType " pulumi-lang-hcl=" configuration_type "> configurationType </span>is 'jwks'.
     */
    jwksUrl?: pulumi.Input<string | undefined>;
    /**
     * A list of PEM-encoded public keys used to verify JWTs. Required when<span pulumi-lang-nodejs=" configurationType " pulumi-lang-dotnet=" ConfigurationType " pulumi-lang-go=" configurationType " pulumi-lang-python=" configuration_type " pulumi-lang-yaml=" configurationType " pulumi-lang-java=" configurationType " pulumi-lang-hcl=" configuration_type "> configurationType </span>is 'static'.
     */
    publicKeys?: pulumi.Input<pulumi.Input<string>[] | undefined>;
}
//# sourceMappingURL=identityJwtAuth.d.ts.map