# Reference for the teleport\_app\_auth\_config Terraform data-source This page describes the supported values of the `teleport_app_auth_config` data source of the Teleport Terraform provider. ## Schema ### Required - `metadata` (Attributes) Metadata is the app auth config resource's metadata. (see [below for nested schema](#nested-schema-for-metadata)) - `spec` (Attributes) Spec is the app auth config specification. (see [below for nested schema](#nested-schema-for-spec)) - `version` (String) Version is the app auth config resource version. ### Optional - `sub_kind` (String) SubKind is the app auth config subkind. ### Nested Schema for `metadata` Required: - `name` (String) name is an object name. Optional: - `description` (String) description is object description. - `expires` (String) expires is a global expiry time header can be set on any resource in the system. - `labels` (Map of String) labels is a set of labels. ### Nested Schema for `spec` Optional: - `app_labels` (Attributes List) AppLabels is used to define the app\_labels matcher, which selects applications that can use this authentication conifg. An empty value means no application will use it. (see [below for nested schema](#nested-schema-for-specapp_labels)) - `jwt` (Attributes) Jwt is the JWT authentication config spec. (see [below for nested schema](#nested-schema-for-specjwt)) ### Nested Schema for `spec.app_labels` Optional: - `name` (String) The name of the label. - `values` (List of String) The values associated with the label. ### Nested Schema for `spec.jwt` Optional: - `audience` (String) Audience is the expected token audience. It will usually be a OAuth client\_id issued for Teleport use. - `issuer` (String) Issuer is the JWT token issuer name. This value is used to verify the token. - `jwks_url` (String) JwksUrl is the JSON Web Key Set (JWKS) URL used to fetch signing keys. - `static_jwks` (String) StaticJwks is the JSON Web Key Set (JWKS) formatted public keys of the token issuer in JSON format. - `username_claim` (String) UsernameClaim specifies which token claim name's value will be used as the username. Defaults to `email`.