### Example Usage of auth0_role_permissions Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/role_permissions.md This example demonstrates how to manage multiple permissions for a role using the `auth0_role_permissions` resource. It first defines a resource server and its scopes, then a role, and finally associates the role with the defined permissions. ```terraform resource "auth0_resource_server" "resource_server" { name = "test" identifier = "test.example.com" } resource "auth0_resource_server_scopes" "resource_server_scopes" { resource_server_identifier = auth0_resource_server.resource_server.identifier scopes { name = "store:create" } scopes { name = "store:read" } scopes { name = "store:update" } scopes { name = "store:delete" } } resource "auth0_role" "my_role" { name = "My Role" } resource "auth0_role_permissions" "my_role_perms" { role_id = auth0_role.my_role.id dynamic "permissions" { for_each = auth0_resource_server_scopes.resource_server_scopes.scopes content { name = permissions.value.name resource_server_identifier = auth0_resource_server.resource_server.identifier } } } ``` -------------------------------- ### Example Usage of Auth0 Action Module Version Data Source Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/data-sources/action_module_version.md This example demonstrates how to create an Auth0 action module, publish it, and then use the `auth0_action_module_version` data source to retrieve details about a specific published version. It then outputs the version number, code, and creation timestamp. ```terraform resource "auth0_action_module" "my_module" { name = "My Shared Module" publish = true code = <<-EOT module.exports = { greet: function(name) { return "Hello, " + name + "!"; } }; EOT } # Retrieve the latest published version using the module's version_id directly data "auth0_action_module_version" "my_module_version" { module_id = auth0_action_module.my_module.id version_id = auth0_action_module.my_module.version_id } # Output the version details output "version_number" { value = data.auth0_action_module_version.my_module_version.version_number } output "version_code" { value = data.auth0_action_module_version.my_module_version.code } output "version_created_at" { value = data.auth0_action_module_version.my_module_version.created_at } ``` -------------------------------- ### Install Provider Binary Source: https://github.com/auth0/terraform-provider-auth0/blob/main/CONTRIBUTING.md Installs the provider binary for direct use in Terraform. Specify the desired version using the VERSION argument. ```shell make install VERSION=0.2.0 ``` -------------------------------- ### Example Usage of auth0_trigger_action Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/trigger_action.md This example demonstrates how to create an Auth0 action and then bind it to the 'post-login' trigger using the `auth0_trigger_action` resource. The action is appended to the trigger's flow. ```terraform resource "auth0_action" "login_alert" { name = "Alert after login" code = <<-EOT exports.onContinuePostLogin = async (event, api) => { console.log("foo"); }; EOT deploy = true supported_triggers { id = "post-login" version = "v3" } } resource "auth0_trigger_action" "post_login_alert_action" { trigger = "post-login" action_id = auth0_action.login_alert.id } ``` -------------------------------- ### Example Usage of auth0_connection_clients Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/connection_clients.md This example demonstrates how to associate multiple clients with a single Auth0 connection using the auth0_connection_clients resource. It first defines a connection and two clients, then associates them. ```terraform resource "auth0_connection" "my_conn" { name = "My-Auth0-Connection" strategy = "auth0" } resource "auth0_client" "my_first_client" { name = "My-First-Auth0-Client" } resource "auth0_client" "my_second_client" { name = "My-Second-Auth0-Client" } # One connection to many clients association. # To prevent issues, avoid using this resource together with the `auth0_connection_client` resource. resource "auth0_connection_clients" "my_conn_clients_assoc" { connection_id = auth0_connection.my_conn.id enabled_clients = [ auth0_client.my_first_client.id, auth0_client.my_second_client.id ] } ``` -------------------------------- ### Google Apps Connection Example Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/connection.md Example of a Google Apps connection for domain-specific authentication. Includes domain aliases and API enablement. ```terraform resource "auth0_connection" "google_apps" { name = "connection-google-apps" is_domain_connection = false strategy = "google-apps" show_as_button = false options { client_id = "" client_secret = "" domain = "example.com" tenant_domain = "example.com" domain_aliases = ["example.com", "api.example.com"] api_enable_users = true scopes = ["ext_profile", "ext_groups"] icon_url = "https://example.com/assets/logo.png" upstream_params = jsonencode({ "screen_name" : { "alias" : "login_hint" } }) set_user_root_attributes = "on_each_login" non_persistent_attrs = ["ethnicity", "gender"] } } ``` -------------------------------- ### Importing Multi-ID Resources (v0.x) Source: https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md Example of importing a user role resource using the old separator format. ```sh terraform import auth0_user_role.user_role "auth0|111111111111111111111111:role_123" ``` -------------------------------- ### Auth0 Connection Example Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/connection.md Example of a default Auth0 connection with various security and customization options enabled. ```terraform resource "auth0_connection" "my_connection" { name = "Example-Connection" is_domain_connection = true strategy = "auth0" metadata = { key1 = "foo" key2 = "bar" } options { password_policy = "excellent" brute_force_protection = true strategy_version = 2 enabled_database_customization = true import_mode = false requires_username = true disable_signup = false custom_scripts = { get_user = < { console.log("foo"); }; EOT deploy = true supported_triggers { id = "post-login" version = "v3" } } resource "auth0_action" "action_bar" { name = "Test Trigger Binding Bar" code = <<-EOT exports.onContinuePostLogin = async (event, api) => { console.log("bar"); }; EOT deploy = true supported_triggers { id = "post-login" version = "v3" } } resource "auth0_trigger_actions" "login_flow" { trigger = "post-login" actions { id = auth0_action.action_foo.id display_name = auth0_action.action_foo.name } actions { id = auth0_action.action_bar.id display_name = auth0_action.action_bar.name } } ``` -------------------------------- ### Example Usage of auth0_user_role Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/user_role.md This example demonstrates how to assign a role to a user using the `auth0_user_role` resource. It first defines an `auth0_role` and an `auth0_user`, then associates them using `auth0_user_role`. Note the `lifecycle` block on the `auth0_user` to prevent diffing issues with roles. ```terraform resource "auth0_role" "admin" { name = "admin" description = "Administrator" } resource "auth0_user" "user" { connection_name = "Username-Password-Authentication" username = "unique_username" name = "Firstname Lastname" email = "test@test.com" password = "passpass$12$12" # Until we remove the ability to operate changes on # the roles field it is important to have this # block in the config, to avoid diffing issues. lifecycle { ignore_changes = [roles] } } resource "auth0_user_role" "user_roles" { user_id = auth0_user.user.id role_id = auth0_role.admin.id } ``` -------------------------------- ### Example Project Structure Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/guides/manage_forms.md Illustrates a typical Terraform module structure including a directory for exported JSON form definitions. ```plaintext actions/ ├── actions.tf ├── exported_forms/ │ ├── verify_email.json │ └── verify_phone.json ├── flows.tf ├── forms.tf ├── vaults.tf └── ... ``` -------------------------------- ### Auth0 Action Resource Example Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/action.md This example demonstrates how to define an auth0_action resource in Terraform. It includes the action's name, runtime, deployment status, code, supported triggers, dependencies, and secrets. Ensure that any sensitive values are handled appropriately. ```terraform resource "auth0_action" "my_action" { name = format("Test Action %s", timestamp()) runtime = "node22" deploy = true code = <<-EOT /** * Handler that will be called during the execution of a PostLogin flow. * * @param {Event} event - Details about the user and the context in which they are logging in. * @param {PostLoginAPI} api - Interface whose methods can be used to change the behavior of the login. */ exports.onExecutePostLogin = async (event, api) => { console.log(event); }; EOT supported_triggers { id = "post-login" version = "v3" } dependencies { name = "lodash" version = "latest" } dependencies { name = "request" version = "latest" } secrets { name = "FOO" value = "Foo" } secrets { name = "BAR" value = "Bar" } } ``` -------------------------------- ### Manage a User Permission Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/user_permission.md This example demonstrates how to create a user permission using the `auth0_user_permission` resource. It requires pre-defined `auth0_resource_server` and `auth0_user` resources to associate the permission with. ```terraform resource "auth0_resource_server" "resource_server" { name = "Example Resource Server (Managed by Terraform)" identifier = "https://api.example.com" scopes { value = "create:foo" description = "Create foos" } scopes { value = "create:bar" description = "Create bars" } } resource "auth0_user" "user" { connection_name = "Username-Password-Authentication" user_id = "12345" username = "unique_username" name = "Firstname Lastname" nickname = "some.nickname" email = "test@test.com" email_verified = true password = "passpass$12$12" picture = "https://www.example.com/a-valid-picture-url.jpg" } resource "auth0_user_permission" "user_permission_read" { user_id = auth0_user.user.id resource_server_identifier = auth0_resource_server.resource_server.identifier permission = tolist(auth0_resource_server.resource_server.scopes)[0] } ``` -------------------------------- ### Rekeying Encryption Key Manager Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/encryption_key_manager.md This example demonstrates how to rekey the encryption keys by modifying the `key_rotation_id`. ```terraform resource "auth0_encryption_key_manager" "my_key_manager_rekey" { key_rotation_id = "68feba2c-7768-40f3-9d71-4b91e0233abf" } ``` -------------------------------- ### Initial Encryption Key Manager Setup Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/encryption_key_manager.md Use this snippet to set up the initial encryption key manager. Changing the `key_rotation_id` will trigger a rekey operation. ```terraform resource "auth0_encryption_key_manager" "my_key_manager_initial" { key_rotation_id = "da9f2f3b-1c7e-4245-8982-9a25da8407c4" } ``` -------------------------------- ### Configure Twilio Phone Provider Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/phone_provider.md Example of setting up the phone provider using Twilio. Ensure sensitive credentials are managed securely. ```terraform resource "auth0_phone_provider" "twilio_phone_provider" { name = "twilio" disabled = false credentials { auth_token = "secretAuthToken" } configuration { delivery_methods = ["text", "voice"] default_from = "+1234567890" sid = "ACXXXXXXXXXXXXXXXX" mssid = "MSXXXXXXXXXXXXXXXX" } } ``` -------------------------------- ### Import auth0_connection_directory Resource Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/connection_directory.md This example shows the command to import an existing Auth0 directory provisioning configuration into your Terraform state. ```shell terraform import auth0_connection_directory.custom "con_XXXXXXXXXXXXXX" ``` -------------------------------- ### Default Branding Theme Configuration Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/branding_theme.md Example of configuring the auth0_branding_theme resource with default values for all attributes. Useful for initial setup or when minimal customization is needed. ```terraform # An example of the auth0_branding_theme using defaults for all the attributes. resource "auth0_branding_theme" "my_theme" { borders {} colors {} fonts { title {} subtitle {} links {} input_labels {} buttons_text {} body_text {} } page_background {} widget {} } ``` -------------------------------- ### Configure Email Provider and Email Template Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/email_template.md This example demonstrates how to configure an email provider (SES) and then set up a custom welcome email template. Ensure the email provider is configured before defining the email template. ```terraform resource "auth0_email_provider" "my_email_provider" { name = "ses" enabled = true default_from_address = "accounts@example.com" credentials { access_key_id = "AKIAXXXXXXXXXXXXXXXX" secret_access_key = "7e8c2148xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" region = "us-east-1" } } resource "auth0_email_template" "my_email_template" { depends_on = [auth0_email_provider.my_email_provider] template = "welcome_email" body = "

Welcome!

" from = "welcome@example.com" result_url = "https://example.com/welcome" subject = "Welcome" syntax = "liquid" url_lifetime_in_seconds = 3600 enabled = true } ``` -------------------------------- ### Create an Organization, Resource Server, Client, Client Grant, and Organization Client Grant Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/organization_client_grant.md This example demonstrates the full lifecycle of creating an organization, a resource server, a client, a client grant, and finally associating the client grant with the organization using the `auth0_organization_client_grant` resource. ```terraform resource "auth0_organization" "my_organization" { name = "test-org-acceptance-testing" display_name = "Test Org Acceptance Testing" } resource "auth0_resource_server" "new_resource_server" { name = "Example API" identifier = "https://api.travel00123.com/" } resource "auth0_client" "my_test_client" { depends_on = [auth0_organization.my_organization, auth0_resource_server.new_resource_server] name = "test_client" organization_usage = "allow" default_organization { organization_id = auth0_organization.my_organization.id flows = ["client_credentials"] } } resource "auth0_client_grant" "my_client_grant" { depends_on = [auth0_resource_server.new_resource_server, auth0_client.my_test_client] client_id = auth0_client.my_test_client.id audience = auth0_resource_server.new_resource_server.identifier scopes = ["create:organization_client_grants", "create:resource"] allow_any_organization = true organization_usage = "allow" } resource "auth0_organization_client_grant" "associate_org_client_grant" { depends_on = [auth0_client_grant.my_client_grant] organization_id = auth0_organization.my_organization.id grant_id = auth0_client_grant.my_client_grant.id } ``` -------------------------------- ### Facebook Connection Example Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/connection.md Example of a Facebook connection, requiring client ID and secret. Configurable scopes and user attribute mapping are supported. ```terraform resource "auth0_connection" "facebook" { name = "Facebook-Connection" strategy = "facebook" options { client_id = "" client_secret = "" scopes = [ "public_profile", "email", "groups_access_member_info", "user_birthday" ] set_user_root_attributes = "on_each_login" non_persistent_attrs = ["ethnicity", "gender"] } } ``` -------------------------------- ### Google OAuth2 Connection Example Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/connection.md Example of a Google OAuth2 connection, requiring client ID and secret. Supports custom scopes and user attribute mapping. ```terraform resource "auth0_connection" "google_oauth2" { name = "Google-OAuth2-Connection" strategy = "google-oauth2" options { client_id = "" client_secret = "" allowed_audiences = ["example.com", "api.example.com"] scopes = ["email", "profile", "gmail", "youtube"] set_user_root_attributes = "on_each_login" non_persistent_attrs = ["ethnicity", "gender"] } } ``` -------------------------------- ### Create and Use an Auth0 Action Module Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/action_module.md This example demonstrates how to define an auth0_action_module with code, dependencies, and secrets, and then how to use it within an auth0_action. Publishing the module creates a new version that can be referenced by actions. ```terraform resource "auth0_action_module" "my_module" { name = "My Shared Module" publish = true code = <<-EOT /** * A shared utility function that can be used across multiple actions. */ module.exports = { greet: function(name) { return "Hello, " + name + "!"; }, formatDate: function(date) { return date.toISOString(); } }; EOT dependencies { name = "lodash" version = "4.17.21" } secrets { name = "API_KEY" value = "my-secret-api-key" } } # Use the module in an action by referencing its id and version_id. resource "auth0_action" "my_action" { name = "My Action" runtime = "node22" deploy = true code = <<-EOT const myModule = require('My Shared Module'); exports.onExecutePostLogin = async (event, api) => { console.log(myModule.greet(event.user.name)); }; EOT modules { module_id = auth0_action_module.my_module.id module_version_id = auth0_action_module.my_module.version_id } supported_triggers { id = "post-login" version = "v3" } } ``` -------------------------------- ### Initialize Terraform Configuration Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/guides/quickstart.md Run this command to initialize your Terraform workspace, downloading the necessary provider plugins. ```shell terraform init ``` -------------------------------- ### Self Service Profile Example Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/self_service_profile.md This example shows how to configure a self-service profile with user attributes and branding. The `user_attribute_profile_id` field is only available for Early Access users. ```terraform resource "auth0_self_service_profile" "my_self_service_profile" { user_attributes { name = "sample-name" description = "sample-description" is_optional = true } branding { logo_url = "https://mycompany.org/v2/logo.png" colors { primary = "#0059d6" } } } ``` -------------------------------- ### Configure Salesforce Enterprise Connection Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/connection.md This example demonstrates setting up a Salesforce enterprise connection. You need to provide a client ID, client secret, and the community base URL for your Salesforce instance. ```terraform resource "auth0_connection" "salesforce" { name = "Salesforce-Connection" strategy = "salesforce" options { client_id = "" client_secret = "" community_base_url = "https://salesforce.example.com" scopes = ["openid", "email"] set_user_root_attributes = "on_first_login" non_persistent_attrs = ["ethnicity", "gender"] } } ``` -------------------------------- ### Basic Resource Server Configuration Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/resource_server.md Use this snippet to set up a standard resource server with common settings like name, identifier, signing algorithm, and token lifetime. It also demonstrates enabling offline and online access, skipping consent for first-party clients, and configuring token encryption with a PEM certificate. ```terraform resource "auth0_resource_server" "my_resource_server" { name = "Example Resource Server (Managed by Terraform)" identifier = "https://api.example.com" signing_alg = "RS256" allow_offline_access = true allow_online_access = true allow_online_access_with_ephemeral_sessions = false token_lifetime = 8600 skip_consent_for_verifiable_first_party_clients = true consent_policy = "transactional-authorization-with-mfa" token_encryption { format = "compact-nested-jwe" encryption_key { name = "keyname" algorithm = "RSA-OAEP-256" pem = < { console.log(myModule.greet(event.user.name)); }; EOT supported_triggers { id = "post-login" version = "v3" } modules { module_id = auth0_action_module.my_module.id module_version_id = auth0_action_module.my_module.version_id } } resource "auth0_action" "my_action_2" { name = "My Action Using Module 2" deploy = true code = <<-EOT const myModule = require('my-module'); exports.onExecutePostLogin = async (event, api) => { api.idToken.setCustomClaim("greeting", myModule.greet(event.user.name)); }; EOT supported_triggers { id = "post-login" version = "v3" } modules { module_id = auth0_action_module.my_module.id module_version_id = auth0_action_module.my_module.version_id } } data "auth0_action_module_actions" "my_module_actions" { depends_on = [auth0_action.my_action_1, auth0_action.my_action_2] module_id = auth0_action_module.my_module.id } output "actions_using_module" { value = data.auth0_action_module_actions.my_module_actions.total } output "action_names" { value = [for action in data.auth0_action_module_actions.my_module_actions.actions : action.action_name] } ``` -------------------------------- ### Create a Google Workspace Connection Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/connection_directory.md This snippet demonstrates how to set up a basic Google Workspace connection in Auth0, which is a prerequisite for configuring directory provisioning. ```terraform resource "auth0_connection" "google_workspace" { name = "google-workspace-connection" display_name = "Google Workspace" strategy = "google-apps" options { client_id = "your-google-client-id" client_secret = "your-google-client-secret" domain = "example.com" api_enable_users = true api_enable_groups = true } } ``` -------------------------------- ### Import Auth0 Prompt Screen Renderer Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/prompt_screen_renderer.md Import an existing Auth0 login prompt screen renderer using its prompt name and screen name. ```shell terraform import auth0_prompt_screen_renderer "login-id:login-id" ``` -------------------------------- ### Retrieve Wrapping Key and Algorithm Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/encryption_key_manager.md This output block shows how to access the `public_wrapping_key` and `wrapping_algorithm` after initializing the customer-provided root key provisioning. The customer should use these to wrap the new root key. ```terraform # The public_wrapping_key and wrapping_algorithm should be available to # be used to wrap the new key by the customer output "key_manager" { depends_on = [auth0_encryption_key_manager.my_key_manager] value = { public_wrapping_key = auth0_encryption_key_manager.my_key_manager.customer_provided_root_key.*.public_wrapping_key wrapping_algorithm = auth0_encryption_key_manager.my_key_manager.customer_provided_root_key.*.wrapping_algorithm } } ``` -------------------------------- ### User Management (Before v1.0) Source: https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md Example of managing user roles directly on the `auth0_user` resource before version 1.0. ```terraform # Example: resource "auth0_role" "admin" { name = "admin" description = "Administrator" } resource "auth0_user" "user" { connection_name = "Username-Password-Authentication" username = "unique_username" name = "Firstname Lastname" email = "test@test.com" password = "passpass$12$12" roles = [auth0_role.admin.id] } ``` -------------------------------- ### auth0_connection Data Source Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/data-sources/connection.md Example usage of the `auth0_connection` data source to retrieve connection details by name or ID. ```APIDOC ## Data Source: auth0_connection Data source to retrieve a specific Auth0 connection by `connection_id` or `name`. ### Example Usage ```terraform # An Auth0 Connection loaded using its name. data "auth0_connection" "some-connection-by-name" { name = "Acceptance-Test-Connection-{{.testName}}" } # An Auth0 Connection loaded using its ID. data "auth0_connection" "some-connection-by-id" { connection_id = "con_abcdefghkijklmnopqrstuvwxyz0123456789" } ``` ### Schema ### Optional - `connection_id` (String) The ID of the connection. If not provided, `name` must be set. - `name` (String) The name of the connection. If not provided, `connection_id` must be set. - `skip_enabled_clients` (Boolean) Whether to skip enabled clients for this connection. Setting this to `true` will skip additional paginated API calls to /api/v2/connections/{id}/clients. Default: `false`. ### Read-Only - `authentication` (List of Object) Configure the purpose of a connection to be used for authentication during login. (see [below for nested schema](#nestedatt--authentication)) - `connected_accounts` (List of Object) Configure the purpose of a connection to be used for connected accounts and Token Vault. (see [below for nested schema](#nestedatt--connected_accounts)) - `display_name` (String) Name used in login screen. - `enabled_clients` (Set of String) IDs of the clients for which the connection is enabled. Skips populating if `skip_enabled_clients` is `true`. - `id` (String) The ID of this resource. - `is_domain_connection` (Boolean) Indicates whether the connection is domain level. - `metadata` (Map of String) Metadata associated with the connection, in the form of a map of string values (max 255 chars). - `options` (List of Object) Configuration settings for connection options. (see [below for nested schema](#nestedatt--options)) - `realms` (List of String) Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm. - `show_as_button` (Boolean) Display connection as a button. Only available on enterprise connections. - `strategy` (String) Type of the connection, which indicates the identity provider. ### Nested Schema for `authentication` Read-Only: - `active` (Boolean) ### Nested Schema for `connected_accounts` Read-Only: - `active` (Boolean) ### Nested Schema for `options` Read-Only: - `access_token_url` (String) - `adfs_server` (String) - `allowed_audiences` (Set of String) - `api_enable_groups` (Boolean) - `api_enable_users` (Boolean) - `app_id` (String) - `attribute_map` (List of Object) (see [below for nested schema](#nestedobjatt--options--attribute_map)) - `attributes` (List of Object) (see [below for nested schema](#nestedobjatt--options--attributes)) - `auth_params` (Map of String) - `authentication_methods` (List of Object) (see [below for nested schema](#nestedobjatt--options--authentication_methods)) - `authorization_endpoint` (String) - `brute_force_protection` (Boolean) - `client_id` (String) - `client_secret` (String) - `community_base_url` (String) - `configuration` (Map of String) - `connection_settings` (List of Object) (see [below for nested schema](#nestedobjatt--options--connection_settings)) - `consumer_key` (String) - `consumer_secret` (String) - `custom_headers` (Set of Object) (see [below for nested schema](#nestedobjatt--options--custom_headers)) - `custom_password_hash` (List of Object) (see [below for nested schema](#nestedobjatt--options--custom_password_hash)) - `custom_scripts` (Map of String) - `debug` (Boolean) - `decryption_key` (List of Object) (see [below for nested schema](#nestedobjatt--options--decryption_key)) - `destination_url` (String) - `digest_algorithm` (String) - `disable_cache` (Boolean) - `disable_self_service_change_password` (Boolean) - `disable_sign_out` (Boolean) - `disable_signup` (Boolean) - `discovery_url` (String) - `domain` (String) - `domain_aliases` (Set of String) - `dpop_signing_alg` (String) - `email` (Boolean) - `enable_script_context` (Boolean) - `enabled_database_customization` (Boolean) - `entity_id` (String) - `fed_metadata_xml` (String) - `federated_connections_access_tokens` (List of Object) (see [below for nested schema](#nestedobjatt--options--federated_connections_access_tokens)) - `fields_map` (String) - `forward_request_info` (Boolean) - `from` (String) - `gateway_authentication` (List of Object) (see [below for nested schema](#nestedobjatt--options--gateway_authentication)) - `gateway_url` (String) - `global_token_revocation_jwt_iss` (String) - `global_token_revocation_jwt_sub` (String) - `icon_url` (String) - `id_token_session_expiry_supported` (Boolean) ``` -------------------------------- ### Example Usage of Custom Domain Verification Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/custom_domain_verification.md Demonstrates how to configure a custom domain and its verification using Auth0 and DigitalOcean DNS. It shows the creation of the custom domain resource, the verification resource, and the corresponding DNS record in DigitalOcean. Ensure the DNS record is created before verification. ```terraform resource "auth0_custom_domain" "my_custom_domain" { domain = "login.example.com" type = "auth0_managed_certs" } resource "auth0_custom_domain_verification" "my_custom_domain_verification" { depends_on = [digitalocean_record.my_domain_name_record] custom_domain_id = auth0_custom_domain.my_custom_domain.id timeouts { create = "15m" } } resource "digitalocean_record" "my_domain_name_record" { domain = "example.com" type = upper(auth0_custom_domain.my_custom_domain.verification[0].methods[0].name) name = trimsuffix(auth0_custom_domain.my_custom_domain.verification[0].methods[0].domain, ".example.com") value = auth0_custom_domain.my_custom_domain.verification[0].methods[0].record } # Note: The trimsuffix() function prevents DNS record duplication by removing # the base domain from the verification domain name. Without this, you would # end up with a record like _cf-custom-hostname.login.example.com.example.com ``` -------------------------------- ### Importing auth0_role_permissions Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/role_permissions.md This example shows how to import an existing `auth0_role_permissions` resource into your Terraform state by specifying the role ID. ```shell # This resource can be imported by specifying the role ID # # Example: terraform import auth0_role_permissions.all_role_permissions "rol_XXXXXXXXXXXX" ``` -------------------------------- ### Configure Custom Phone Provider Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/phone_provider.md Example of setting up a custom phone provider. This requires a pre-existing action with `custom-phone-provider` as a supported trigger. The `credentials` block can be empty for custom providers. ```terraform # Ensure the action is created first with `custom-phone-provider` as the supported_triggers resource "auth0_phone_provider" "custom_phone_provider" { depends_on = [auth0_action.send_custom_phone] name = "custom" disabled = false configuration { delivery_methods = ["text", "voice"] } credentials {} } ``` -------------------------------- ### Importing an auth0_flow Resource Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/flow.md This example shows the command to import an existing flow into Terraform management using its ID. ```shell terraform import auth0_flow.my_flow "af_4JwsAjokf6DpK8xJCkTRjK" ``` -------------------------------- ### Migrate Role Permissions (Before) Source: https://github.com/auth0/terraform-provider-auth0/blob/main/MIGRATION_GUIDE.md Example of managing role permissions directly within the auth0_role resource before version 0.47.0. ```terraform resource auth0_resource_server api { name = "Example API" identifier = "https://api.travel0.com/" scopes { value = "read:posts" description = "Can read posts" } scopes { value = "write:posts" description = "Can write posts" } } resource auth0_role content_editor { name = "Content Editor" description = "Elevated roles for editing content" permissions { name = "read:posts" resource_server_identifier = auth0_resource_server.api.identifier } permissions { name = "write:posts" resource_server_identifier = auth0_resource_server.api.identifier } } ``` -------------------------------- ### Initialize Customer Provided Root Key Provisioning Source: https://github.com/auth0/terraform-provider-auth0/blob/main/docs/resources/encryption_key_manager.md To start the process of providing your own root key, create an empty `customer_provided_root_key` block. After applying this configuration, you can retrieve the `public_wrapping_key` from the resource. ```terraform # To initialize the process of providing root key by the customer, create a # `customer_provided_root_key` block. resource "auth0_encryption_key_manager" "my_key_manager" { customer_provided_root_key { } } ```