1. Packages
  2. Authentik Provider
  3. API Docs
  4. StageAuthenticatorWebauthn
authentik 2025.2.0 published on Monday, Mar 24, 2025 by goauthentik

authentik.StageAuthenticatorWebauthn

Explore with Pulumi AI

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as authentik from "@pulumi/authentik";

// Create a WebAuthn setup stage
const nameStageAuthenticatorWebauthn = new authentik.StageAuthenticatorWebauthn("nameStageAuthenticatorWebauthn", {});
// Create a WebAuthn setup which allows limited WebAuthn device types
const yubikey = authentik.getWebauthnDeviceType({
    description: "YubiKey 5C",
});
const nameIndex_stageAuthenticatorWebauthnStageAuthenticatorWebauthn = new authentik.StageAuthenticatorWebauthn("nameIndex/stageAuthenticatorWebauthnStageAuthenticatorWebauthn", {deviceTypeRestrictions: [yubikey.then(yubikey => yubikey.aaguid)]});
Copy
import pulumi
import pulumi_authentik as authentik

# Create a WebAuthn setup stage
name_stage_authenticator_webauthn = authentik.StageAuthenticatorWebauthn("nameStageAuthenticatorWebauthn")
# Create a WebAuthn setup which allows limited WebAuthn device types
yubikey = authentik.get_webauthn_device_type(description="YubiKey 5C")
name_index_stage_authenticator_webauthn_stage_authenticator_webauthn = authentik.StageAuthenticatorWebauthn("nameIndex/stageAuthenticatorWebauthnStageAuthenticatorWebauthn", device_type_restrictions=[yubikey.aaguid])
Copy
package main

import (
	"github.com/pulumi/pulumi-terraform-provider/sdks/go/authentik/v2025/authentik"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// Create a WebAuthn setup stage
		_, err := authentik.NewStageAuthenticatorWebauthn(ctx, "nameStageAuthenticatorWebauthn", nil)
		if err != nil {
			return err
		}
		yubikey, err := authentik.GetWebauthnDeviceType(ctx, &authentik.GetWebauthnDeviceTypeArgs{
			Description: pulumi.StringRef("YubiKey 5C"),
		}, nil)
		if err != nil {
			return err
		}
		_, err = authentik.NewStageAuthenticatorWebauthn(ctx, "nameIndex/stageAuthenticatorWebauthnStageAuthenticatorWebauthn", &authentik.StageAuthenticatorWebauthnArgs{
			DeviceTypeRestrictions: pulumi.StringArray{
				pulumi.String(yubikey.Aaguid),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Authentik = Pulumi.Authentik;

return await Deployment.RunAsync(() => 
{
    // Create a WebAuthn setup stage
    var nameStageAuthenticatorWebauthn = new Authentik.StageAuthenticatorWebauthn("nameStageAuthenticatorWebauthn");

    // Create a WebAuthn setup which allows limited WebAuthn device types
    var yubikey = Authentik.GetWebauthnDeviceType.Invoke(new()
    {
        Description = "YubiKey 5C",
    });

    var nameIndex_stageAuthenticatorWebauthnStageAuthenticatorWebauthn = new Authentik.StageAuthenticatorWebauthn("nameIndex/stageAuthenticatorWebauthnStageAuthenticatorWebauthn", new()
    {
        DeviceTypeRestrictions = new[]
        {
            yubikey.Apply(getWebauthnDeviceTypeResult => getWebauthnDeviceTypeResult.Aaguid),
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.authentik.StageAuthenticatorWebauthn;
import com.pulumi.authentik.AuthentikFunctions;
import com.pulumi.authentik.inputs.GetWebauthnDeviceTypeArgs;
import com.pulumi.authentik.StageAuthenticatorWebauthnArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // Create a WebAuthn setup stage
        var nameStageAuthenticatorWebauthn = new StageAuthenticatorWebauthn("nameStageAuthenticatorWebauthn");

        // Create a WebAuthn setup which allows limited WebAuthn device types
        final var yubikey = AuthentikFunctions.getWebauthnDeviceType(GetWebauthnDeviceTypeArgs.builder()
            .description("YubiKey 5C")
            .build());

        var nameIndex_stageAuthenticatorWebauthnStageAuthenticatorWebauthn = new StageAuthenticatorWebauthn("nameIndex/stageAuthenticatorWebauthnStageAuthenticatorWebauthn", StageAuthenticatorWebauthnArgs.builder()
            .deviceTypeRestrictions(yubikey.applyValue(getWebauthnDeviceTypeResult -> getWebauthnDeviceTypeResult.aaguid()))
            .build());

    }
}
Copy
resources:
  # Create a WebAuthn setup stage
  nameStageAuthenticatorWebauthn: # Create a WebAuthn setup which allows limited WebAuthn device types
    type: authentik:StageAuthenticatorWebauthn
  nameIndex/stageAuthenticatorWebauthnStageAuthenticatorWebauthn:
    type: authentik:StageAuthenticatorWebauthn
    properties:
      deviceTypeRestrictions:
        - ${yubikey.aaguid}
variables:
  yubikey:
    fn::invoke:
      function: authentik:getWebauthnDeviceType
      arguments:
        description: YubiKey 5C
Copy

Create StageAuthenticatorWebauthn Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new StageAuthenticatorWebauthn(name: string, args?: StageAuthenticatorWebauthnArgs, opts?: CustomResourceOptions);
@overload
def StageAuthenticatorWebauthn(resource_name: str,
                               args: Optional[StageAuthenticatorWebauthnArgs] = None,
                               opts: Optional[ResourceOptions] = None)

@overload
def StageAuthenticatorWebauthn(resource_name: str,
                               opts: Optional[ResourceOptions] = None,
                               authenticator_attachment: Optional[str] = None,
                               configure_flow: Optional[str] = None,
                               device_type_restrictions: Optional[Sequence[str]] = None,
                               friendly_name: Optional[str] = None,
                               name: Optional[str] = None,
                               resident_key_requirement: Optional[str] = None,
                               stage_authenticator_webauthn_id: Optional[str] = None,
                               user_verification: Optional[str] = None)
func NewStageAuthenticatorWebauthn(ctx *Context, name string, args *StageAuthenticatorWebauthnArgs, opts ...ResourceOption) (*StageAuthenticatorWebauthn, error)
public StageAuthenticatorWebauthn(string name, StageAuthenticatorWebauthnArgs? args = null, CustomResourceOptions? opts = null)
public StageAuthenticatorWebauthn(String name, StageAuthenticatorWebauthnArgs args)
public StageAuthenticatorWebauthn(String name, StageAuthenticatorWebauthnArgs args, CustomResourceOptions options)
type: authentik:StageAuthenticatorWebauthn
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args StageAuthenticatorWebauthnArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args StageAuthenticatorWebauthnArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args StageAuthenticatorWebauthnArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args StageAuthenticatorWebauthnArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. StageAuthenticatorWebauthnArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var stageAuthenticatorWebauthnResource = new Authentik.StageAuthenticatorWebauthn("stageAuthenticatorWebauthnResource", new()
{
    AuthenticatorAttachment = "string",
    ConfigureFlow = "string",
    DeviceTypeRestrictions = new[]
    {
        "string",
    },
    FriendlyName = "string",
    Name = "string",
    ResidentKeyRequirement = "string",
    StageAuthenticatorWebauthnId = "string",
    UserVerification = "string",
});
Copy
example, err := authentik.NewStageAuthenticatorWebauthn(ctx, "stageAuthenticatorWebauthnResource", &authentik.StageAuthenticatorWebauthnArgs{
	AuthenticatorAttachment: pulumi.String("string"),
	ConfigureFlow:           pulumi.String("string"),
	DeviceTypeRestrictions: pulumi.StringArray{
		pulumi.String("string"),
	},
	FriendlyName:                 pulumi.String("string"),
	Name:                         pulumi.String("string"),
	ResidentKeyRequirement:       pulumi.String("string"),
	StageAuthenticatorWebauthnId: pulumi.String("string"),
	UserVerification:             pulumi.String("string"),
})
Copy
var stageAuthenticatorWebauthnResource = new StageAuthenticatorWebauthn("stageAuthenticatorWebauthnResource", StageAuthenticatorWebauthnArgs.builder()
    .authenticatorAttachment("string")
    .configureFlow("string")
    .deviceTypeRestrictions("string")
    .friendlyName("string")
    .name("string")
    .residentKeyRequirement("string")
    .stageAuthenticatorWebauthnId("string")
    .userVerification("string")
    .build());
Copy
stage_authenticator_webauthn_resource = authentik.StageAuthenticatorWebauthn("stageAuthenticatorWebauthnResource",
    authenticator_attachment="string",
    configure_flow="string",
    device_type_restrictions=["string"],
    friendly_name="string",
    name="string",
    resident_key_requirement="string",
    stage_authenticator_webauthn_id="string",
    user_verification="string")
Copy
const stageAuthenticatorWebauthnResource = new authentik.StageAuthenticatorWebauthn("stageAuthenticatorWebauthnResource", {
    authenticatorAttachment: "string",
    configureFlow: "string",
    deviceTypeRestrictions: ["string"],
    friendlyName: "string",
    name: "string",
    residentKeyRequirement: "string",
    stageAuthenticatorWebauthnId: "string",
    userVerification: "string",
});
Copy
type: authentik:StageAuthenticatorWebauthn
properties:
    authenticatorAttachment: string
    configureFlow: string
    deviceTypeRestrictions:
        - string
    friendlyName: string
    name: string
    residentKeyRequirement: string
    stageAuthenticatorWebauthnId: string
    userVerification: string
Copy

StageAuthenticatorWebauthn Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The StageAuthenticatorWebauthn resource accepts the following input properties:

AuthenticatorAttachment string
Allowed values: - platform - cross-platform
ConfigureFlow string
DeviceTypeRestrictions List<string>
FriendlyName string
Name string
ResidentKeyRequirement string
Allowed values: - discouraged - preferred - required Defaults to preferred.
StageAuthenticatorWebauthnId string
UserVerification string
Allowed values: - required - preferred - discouraged Defaults to preferred.
AuthenticatorAttachment string
Allowed values: - platform - cross-platform
ConfigureFlow string
DeviceTypeRestrictions []string
FriendlyName string
Name string
ResidentKeyRequirement string
Allowed values: - discouraged - preferred - required Defaults to preferred.
StageAuthenticatorWebauthnId string
UserVerification string
Allowed values: - required - preferred - discouraged Defaults to preferred.
authenticatorAttachment String
Allowed values: - platform - cross-platform
configureFlow String
deviceTypeRestrictions List<String>
friendlyName String
name String
residentKeyRequirement String
Allowed values: - discouraged - preferred - required Defaults to preferred.
stageAuthenticatorWebauthnId String
userVerification String
Allowed values: - required - preferred - discouraged Defaults to preferred.
authenticatorAttachment string
Allowed values: - platform - cross-platform
configureFlow string
deviceTypeRestrictions string[]
friendlyName string
name string
residentKeyRequirement string
Allowed values: - discouraged - preferred - required Defaults to preferred.
stageAuthenticatorWebauthnId string
userVerification string
Allowed values: - required - preferred - discouraged Defaults to preferred.
authenticator_attachment str
Allowed values: - platform - cross-platform
configure_flow str
device_type_restrictions Sequence[str]
friendly_name str
name str
resident_key_requirement str
Allowed values: - discouraged - preferred - required Defaults to preferred.
stage_authenticator_webauthn_id str
user_verification str
Allowed values: - required - preferred - discouraged Defaults to preferred.
authenticatorAttachment String
Allowed values: - platform - cross-platform
configureFlow String
deviceTypeRestrictions List<String>
friendlyName String
name String
residentKeyRequirement String
Allowed values: - discouraged - preferred - required Defaults to preferred.
stageAuthenticatorWebauthnId String
userVerification String
Allowed values: - required - preferred - discouraged Defaults to preferred.

Outputs

All input properties are implicitly available as output properties. Additionally, the StageAuthenticatorWebauthn resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.
id String
The provider-assigned unique ID for this managed resource.

Look up Existing StageAuthenticatorWebauthn Resource

Get an existing StageAuthenticatorWebauthn resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: StageAuthenticatorWebauthnState, opts?: CustomResourceOptions): StageAuthenticatorWebauthn
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        authenticator_attachment: Optional[str] = None,
        configure_flow: Optional[str] = None,
        device_type_restrictions: Optional[Sequence[str]] = None,
        friendly_name: Optional[str] = None,
        name: Optional[str] = None,
        resident_key_requirement: Optional[str] = None,
        stage_authenticator_webauthn_id: Optional[str] = None,
        user_verification: Optional[str] = None) -> StageAuthenticatorWebauthn
func GetStageAuthenticatorWebauthn(ctx *Context, name string, id IDInput, state *StageAuthenticatorWebauthnState, opts ...ResourceOption) (*StageAuthenticatorWebauthn, error)
public static StageAuthenticatorWebauthn Get(string name, Input<string> id, StageAuthenticatorWebauthnState? state, CustomResourceOptions? opts = null)
public static StageAuthenticatorWebauthn get(String name, Output<String> id, StageAuthenticatorWebauthnState state, CustomResourceOptions options)
resources:  _:    type: authentik:StageAuthenticatorWebauthn    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AuthenticatorAttachment string
Allowed values: - platform - cross-platform
ConfigureFlow string
DeviceTypeRestrictions List<string>
FriendlyName string
Name string
ResidentKeyRequirement string
Allowed values: - discouraged - preferred - required Defaults to preferred.
StageAuthenticatorWebauthnId string
UserVerification string
Allowed values: - required - preferred - discouraged Defaults to preferred.
AuthenticatorAttachment string
Allowed values: - platform - cross-platform
ConfigureFlow string
DeviceTypeRestrictions []string
FriendlyName string
Name string
ResidentKeyRequirement string
Allowed values: - discouraged - preferred - required Defaults to preferred.
StageAuthenticatorWebauthnId string
UserVerification string
Allowed values: - required - preferred - discouraged Defaults to preferred.
authenticatorAttachment String
Allowed values: - platform - cross-platform
configureFlow String
deviceTypeRestrictions List<String>
friendlyName String
name String
residentKeyRequirement String
Allowed values: - discouraged - preferred - required Defaults to preferred.
stageAuthenticatorWebauthnId String
userVerification String
Allowed values: - required - preferred - discouraged Defaults to preferred.
authenticatorAttachment string
Allowed values: - platform - cross-platform
configureFlow string
deviceTypeRestrictions string[]
friendlyName string
name string
residentKeyRequirement string
Allowed values: - discouraged - preferred - required Defaults to preferred.
stageAuthenticatorWebauthnId string
userVerification string
Allowed values: - required - preferred - discouraged Defaults to preferred.
authenticator_attachment str
Allowed values: - platform - cross-platform
configure_flow str
device_type_restrictions Sequence[str]
friendly_name str
name str
resident_key_requirement str
Allowed values: - discouraged - preferred - required Defaults to preferred.
stage_authenticator_webauthn_id str
user_verification str
Allowed values: - required - preferred - discouraged Defaults to preferred.
authenticatorAttachment String
Allowed values: - platform - cross-platform
configureFlow String
deviceTypeRestrictions List<String>
friendlyName String
name String
residentKeyRequirement String
Allowed values: - discouraged - preferred - required Defaults to preferred.
stageAuthenticatorWebauthnId String
userVerification String
Allowed values: - required - preferred - discouraged Defaults to preferred.

Package Details

Repository
authentik goauthentik/terraform-provider-authentik
License
Notes
This Pulumi package is based on the authentik Terraform Provider.