1. Packages
  2. Auth0
  3. API Docs
  4. Connection
Auth0 v3.3.1 published on Thursday, Mar 14, 2024 by Pulumi

auth0.Connection

Explore with Pulumi AI

auth0 logo
Auth0 v3.3.1 published on Thursday, Mar 14, 2024 by Pulumi

    With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers (such as Google or LinkedIn), databases, or passwordless authentication methods. This resource allows you to configure and manage connections to be used with your clients and users.

    The Auth0 dashboard displays only one connection per social provider. Although the Auth0 Management API allows the creation of multiple connections per strategy, the additional connections may not be visible in the Auth0 dashboard.

    Example Usage

    Google OAuth2 Connection

    Your Auth0 account may be pre-configured with a google-oauth2 connection.

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    const googleOauth2 = new auth0.Connection("googleOauth2", {
        options: {
            allowedAudiences: [
                "example.com",
                "api.example.com",
            ],
            clientId: "<client-id>",
            clientSecret: "<client-secret>",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
            scopes: [
                "email",
                "profile",
                "gmail",
                "youtube",
            ],
            setUserRootAttributes: "on_each_login",
        },
        strategy: "google-oauth2",
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    google_oauth2 = auth0.Connection("googleOauth2",
        options=auth0.ConnectionOptionsArgs(
            allowed_audiences=[
                "example.com",
                "api.example.com",
            ],
            client_id="<client-id>",
            client_secret="<client-secret>",
            non_persistent_attrs=[
                "ethnicity",
                "gender",
            ],
            scopes=[
                "email",
                "profile",
                "gmail",
                "youtube",
            ],
            set_user_root_attributes="on_each_login",
        ),
        strategy="google-oauth2")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := auth0.NewConnection(ctx, "googleOauth2", &auth0.ConnectionArgs{
    			Options: &auth0.ConnectionOptionsArgs{
    				AllowedAudiences: pulumi.StringArray{
    					pulumi.String("example.com"),
    					pulumi.String("api.example.com"),
    				},
    				ClientId:     pulumi.String("<client-id>"),
    				ClientSecret: pulumi.String("<client-secret>"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    				Scopes: pulumi.StringArray{
    					pulumi.String("email"),
    					pulumi.String("profile"),
    					pulumi.String("gmail"),
    					pulumi.String("youtube"),
    				},
    				SetUserRootAttributes: pulumi.String("on_each_login"),
    			},
    			Strategy: pulumi.String("google-oauth2"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        var googleOauth2 = new Auth0.Connection("googleOauth2", new()
        {
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                AllowedAudiences = new[]
                {
                    "example.com",
                    "api.example.com",
                },
                ClientId = "<client-id>",
                ClientSecret = "<client-secret>",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
                Scopes = new[]
                {
                    "email",
                    "profile",
                    "gmail",
                    "youtube",
                },
                SetUserRootAttributes = "on_each_login",
            },
            Strategy = "google-oauth2",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var googleOauth2 = new Connection("googleOauth2", ConnectionArgs.builder()        
                .options(ConnectionOptionsArgs.builder()
                    .allowedAudiences(                
                        "example.com",
                        "api.example.com")
                    .clientId("<client-id>")
                    .clientSecret("<client-secret>")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .scopes(                
                        "email",
                        "profile",
                        "gmail",
                        "youtube")
                    .setUserRootAttributes("on_each_login")
                    .build())
                .strategy("google-oauth2")
                .build());
    
        }
    }
    
    resources:
      googleOauth2:
        type: auth0:Connection
        properties:
          options:
            allowedAudiences:
              - example.com
              - api.example.com
            clientId: <client-id>
            clientSecret: <client-secret>
            nonPersistentAttrs:
              - ethnicity
              - gender
            scopes:
              - email
              - profile
              - gmail
              - youtube
            setUserRootAttributes: on_each_login
          strategy: google-oauth2
    

    Facebook Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    const facebook = new auth0.Connection("facebook", {
        options: {
            clientId: "<client-id>",
            clientSecret: "<client-secret>",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
            scopes: [
                "public_profile",
                "email",
                "groups_access_member_info",
                "user_birthday",
            ],
            setUserRootAttributes: "on_each_login",
        },
        strategy: "facebook",
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    facebook = auth0.Connection("facebook",
        options=auth0.ConnectionOptionsArgs(
            client_id="<client-id>",
            client_secret="<client-secret>",
            non_persistent_attrs=[
                "ethnicity",
                "gender",
            ],
            scopes=[
                "public_profile",
                "email",
                "groups_access_member_info",
                "user_birthday",
            ],
            set_user_root_attributes="on_each_login",
        ),
        strategy="facebook")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := auth0.NewConnection(ctx, "facebook", &auth0.ConnectionArgs{
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:     pulumi.String("<client-id>"),
    				ClientSecret: pulumi.String("<client-secret>"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    				Scopes: pulumi.StringArray{
    					pulumi.String("public_profile"),
    					pulumi.String("email"),
    					pulumi.String("groups_access_member_info"),
    					pulumi.String("user_birthday"),
    				},
    				SetUserRootAttributes: pulumi.String("on_each_login"),
    			},
    			Strategy: pulumi.String("facebook"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        var facebook = new Auth0.Connection("facebook", new()
        {
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "<client-id>",
                ClientSecret = "<client-secret>",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
                Scopes = new[]
                {
                    "public_profile",
                    "email",
                    "groups_access_member_info",
                    "user_birthday",
                },
                SetUserRootAttributes = "on_each_login",
            },
            Strategy = "facebook",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var facebook = new Connection("facebook", ConnectionArgs.builder()        
                .options(ConnectionOptionsArgs.builder()
                    .clientId("<client-id>")
                    .clientSecret("<client-secret>")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .scopes(                
                        "public_profile",
                        "email",
                        "groups_access_member_info",
                        "user_birthday")
                    .setUserRootAttributes("on_each_login")
                    .build())
                .strategy("facebook")
                .build());
    
        }
    }
    
    resources:
      facebook:
        type: auth0:Connection
        properties:
          options:
            clientId: <client-id>
            clientSecret: <client-secret>
            nonPersistentAttrs:
              - ethnicity
              - gender
            scopes:
              - public_profile
              - email
              - groups_access_member_info
              - user_birthday
            setUserRootAttributes: on_each_login
          strategy: facebook
    

    Apple Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    const apple = new auth0.Connection("apple", {
        options: {
            clientId: "<client-id>",
            clientSecret: `-----BEGIN PRIVATE KEY-----
    MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
    -----END PRIVATE KEY-----
    `,
            keyId: "<key-id>",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
            scopes: [
                "email",
                "name",
            ],
            setUserRootAttributes: "on_first_login",
            teamId: "<team-id>",
        },
        strategy: "apple",
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    apple = auth0.Connection("apple",
        options=auth0.ConnectionOptionsArgs(
            client_id="<client-id>",
            client_secret="""-----BEGIN PRIVATE KEY-----
    MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
    -----END PRIVATE KEY-----
    """,
            key_id="<key-id>",
            non_persistent_attrs=[
                "ethnicity",
                "gender",
            ],
            scopes=[
                "email",
                "name",
            ],
            set_user_root_attributes="on_first_login",
            team_id="<team-id>",
        ),
        strategy="apple")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := auth0.NewConnection(ctx, "apple", &auth0.ConnectionArgs{
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:     pulumi.String("<client-id>"),
    				ClientSecret: pulumi.String("-----BEGIN PRIVATE KEY-----\nMIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA\n-----END PRIVATE KEY-----\n"),
    				KeyId:        pulumi.String("<key-id>"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    				Scopes: pulumi.StringArray{
    					pulumi.String("email"),
    					pulumi.String("name"),
    				},
    				SetUserRootAttributes: pulumi.String("on_first_login"),
    				TeamId:                pulumi.String("<team-id>"),
    			},
    			Strategy: pulumi.String("apple"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        var apple = new Auth0.Connection("apple", new()
        {
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "<client-id>",
                ClientSecret = @"-----BEGIN PRIVATE KEY-----
    MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
    -----END PRIVATE KEY-----
    ",
                KeyId = "<key-id>",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
                Scopes = new[]
                {
                    "email",
                    "name",
                },
                SetUserRootAttributes = "on_first_login",
                TeamId = "<team-id>",
            },
            Strategy = "apple",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var apple = new Connection("apple", ConnectionArgs.builder()        
                .options(ConnectionOptionsArgs.builder()
                    .clientId("<client-id>")
                    .clientSecret("""
    -----BEGIN PRIVATE KEY-----
    MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
    -----END PRIVATE KEY-----
                    """)
                    .keyId("<key-id>")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .scopes(                
                        "email",
                        "name")
                    .setUserRootAttributes("on_first_login")
                    .teamId("<team-id>")
                    .build())
                .strategy("apple")
                .build());
    
        }
    }
    
    resources:
      apple:
        type: auth0:Connection
        properties:
          options:
            clientId: <client-id>
            clientSecret: |
              -----BEGIN PRIVATE KEY-----
              MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
              -----END PRIVATE KEY-----          
            keyId: <key-id>
            nonPersistentAttrs:
              - ethnicity
              - gender
            scopes:
              - email
              - name
            setUserRootAttributes: on_first_login
            teamId: <team-id>
          strategy: apple
    

    LinkedIn Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    const linkedin = new auth0.Connection("linkedin", {
        options: {
            clientId: "<client-id>",
            clientSecret: "<client-secret>",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
            scopes: [
                "basic_profile",
                "profile",
                "email",
            ],
            setUserRootAttributes: "on_each_login",
            strategyVersion: 2,
        },
        strategy: "linkedin",
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    linkedin = auth0.Connection("linkedin",
        options=auth0.ConnectionOptionsArgs(
            client_id="<client-id>",
            client_secret="<client-secret>",
            non_persistent_attrs=[
                "ethnicity",
                "gender",
            ],
            scopes=[
                "basic_profile",
                "profile",
                "email",
            ],
            set_user_root_attributes="on_each_login",
            strategy_version=2,
        ),
        strategy="linkedin")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := auth0.NewConnection(ctx, "linkedin", &auth0.ConnectionArgs{
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:     pulumi.String("<client-id>"),
    				ClientSecret: pulumi.String("<client-secret>"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    				Scopes: pulumi.StringArray{
    					pulumi.String("basic_profile"),
    					pulumi.String("profile"),
    					pulumi.String("email"),
    				},
    				SetUserRootAttributes: pulumi.String("on_each_login"),
    				StrategyVersion:       pulumi.Int(2),
    			},
    			Strategy: pulumi.String("linkedin"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        var linkedin = new Auth0.Connection("linkedin", new()
        {
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "<client-id>",
                ClientSecret = "<client-secret>",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
                Scopes = new[]
                {
                    "basic_profile",
                    "profile",
                    "email",
                },
                SetUserRootAttributes = "on_each_login",
                StrategyVersion = 2,
            },
            Strategy = "linkedin",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var linkedin = new Connection("linkedin", ConnectionArgs.builder()        
                .options(ConnectionOptionsArgs.builder()
                    .clientId("<client-id>")
                    .clientSecret("<client-secret>")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .scopes(                
                        "basic_profile",
                        "profile",
                        "email")
                    .setUserRootAttributes("on_each_login")
                    .strategyVersion(2)
                    .build())
                .strategy("linkedin")
                .build());
    
        }
    }
    
    resources:
      linkedin:
        type: auth0:Connection
        properties:
          options:
            clientId: <client-id>
            clientSecret: <client-secret>
            nonPersistentAttrs:
              - ethnicity
              - gender
            scopes:
              - basic_profile
              - profile
              - email
            setUserRootAttributes: on_each_login
            strategyVersion: 2
          strategy: linkedin
    

    GitHub Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    const github = new auth0.Connection("github", {
        options: {
            clientId: "<client-id>",
            clientSecret: "<client-secret>",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
            scopes: [
                "email",
                "profile",
                "public_repo",
                "repo",
            ],
            setUserRootAttributes: "on_each_login",
        },
        strategy: "github",
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    github = auth0.Connection("github",
        options=auth0.ConnectionOptionsArgs(
            client_id="<client-id>",
            client_secret="<client-secret>",
            non_persistent_attrs=[
                "ethnicity",
                "gender",
            ],
            scopes=[
                "email",
                "profile",
                "public_repo",
                "repo",
            ],
            set_user_root_attributes="on_each_login",
        ),
        strategy="github")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := auth0.NewConnection(ctx, "github", &auth0.ConnectionArgs{
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:     pulumi.String("<client-id>"),
    				ClientSecret: pulumi.String("<client-secret>"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    				Scopes: pulumi.StringArray{
    					pulumi.String("email"),
    					pulumi.String("profile"),
    					pulumi.String("public_repo"),
    					pulumi.String("repo"),
    				},
    				SetUserRootAttributes: pulumi.String("on_each_login"),
    			},
    			Strategy: pulumi.String("github"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        var github = new Auth0.Connection("github", new()
        {
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "<client-id>",
                ClientSecret = "<client-secret>",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
                Scopes = new[]
                {
                    "email",
                    "profile",
                    "public_repo",
                    "repo",
                },
                SetUserRootAttributes = "on_each_login",
            },
            Strategy = "github",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var github = new Connection("github", ConnectionArgs.builder()        
                .options(ConnectionOptionsArgs.builder()
                    .clientId("<client-id>")
                    .clientSecret("<client-secret>")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .scopes(                
                        "email",
                        "profile",
                        "public_repo",
                        "repo")
                    .setUserRootAttributes("on_each_login")
                    .build())
                .strategy("github")
                .build());
    
        }
    }
    
    resources:
      github:
        type: auth0:Connection
        properties:
          options:
            clientId: <client-id>
            clientSecret: <client-secret>
            nonPersistentAttrs:
              - ethnicity
              - gender
            scopes:
              - email
              - profile
              - public_repo
              - repo
            setUserRootAttributes: on_each_login
          strategy: github
    

    SalesForce Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    const salesforce = new auth0.Connection("salesforce", {
        options: {
            clientId: "<client-id>",
            clientSecret: "<client-secret>",
            communityBaseUrl: "https://salesforce.example.com",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
            scopes: [
                "openid",
                "email",
            ],
            setUserRootAttributes: "on_first_login",
        },
        strategy: "salesforce",
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    salesforce = auth0.Connection("salesforce",
        options=auth0.ConnectionOptionsArgs(
            client_id="<client-id>",
            client_secret="<client-secret>",
            community_base_url="https://salesforce.example.com",
            non_persistent_attrs=[
                "ethnicity",
                "gender",
            ],
            scopes=[
                "openid",
                "email",
            ],
            set_user_root_attributes="on_first_login",
        ),
        strategy="salesforce")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := auth0.NewConnection(ctx, "salesforce", &auth0.ConnectionArgs{
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:         pulumi.String("<client-id>"),
    				ClientSecret:     pulumi.String("<client-secret>"),
    				CommunityBaseUrl: pulumi.String("https://salesforce.example.com"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    				Scopes: pulumi.StringArray{
    					pulumi.String("openid"),
    					pulumi.String("email"),
    				},
    				SetUserRootAttributes: pulumi.String("on_first_login"),
    			},
    			Strategy: pulumi.String("salesforce"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        var salesforce = new Auth0.Connection("salesforce", new()
        {
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "<client-id>",
                ClientSecret = "<client-secret>",
                CommunityBaseUrl = "https://salesforce.example.com",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
                Scopes = new[]
                {
                    "openid",
                    "email",
                },
                SetUserRootAttributes = "on_first_login",
            },
            Strategy = "salesforce",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var salesforce = new Connection("salesforce", ConnectionArgs.builder()        
                .options(ConnectionOptionsArgs.builder()
                    .clientId("<client-id>")
                    .clientSecret("<client-secret>")
                    .communityBaseUrl("https://salesforce.example.com")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .scopes(                
                        "openid",
                        "email")
                    .setUserRootAttributes("on_first_login")
                    .build())
                .strategy("salesforce")
                .build());
    
        }
    }
    
    resources:
      salesforce:
        type: auth0:Connection
        properties:
          options:
            clientId: <client-id>
            clientSecret: <client-secret>
            communityBaseUrl: https://salesforce.example.com
            nonPersistentAttrs:
              - ethnicity
              - gender
            scopes:
              - openid
              - email
            setUserRootAttributes: on_first_login
          strategy: salesforce
    

    OAuth2 Connection

    Also applies to following connection strategies: dropbox, bitbucket, paypal, twitter, amazon, yahoo, box, wordpress, shopify, custom

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    const oauth2 = new auth0.Connection("oauth2", {
        options: {
            authorizationEndpoint: "https://auth.example.com/oauth2/authorize",
            clientId: "<client-id>",
            clientSecret: "<client-secret>",
            iconUrl: "https://auth.example.com/assets/logo.png",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
            pkceEnabled: true,
            scopes: [
                "basic_profile",
                "profile",
                "email",
            ],
            scripts: {
                fetchUserProfile: `        function fetchUserProfile(accessToken, context, callback) {
              return callback(new Error("Whoops!"));
            }
          
    `,
            },
            setUserRootAttributes: "on_each_login",
            tokenEndpoint: "https://auth.example.com/oauth2/token",
        },
        strategy: "oauth2",
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    oauth2 = auth0.Connection("oauth2",
        options=auth0.ConnectionOptionsArgs(
            authorization_endpoint="https://auth.example.com/oauth2/authorize",
            client_id="<client-id>",
            client_secret="<client-secret>",
            icon_url="https://auth.example.com/assets/logo.png",
            non_persistent_attrs=[
                "ethnicity",
                "gender",
            ],
            pkce_enabled=True,
            scopes=[
                "basic_profile",
                "profile",
                "email",
            ],
            scripts={
                "fetchUserProfile": """        function fetchUserProfile(accessToken, context, callback) {
              return callback(new Error("Whoops!"));
            }
          
    """,
            },
            set_user_root_attributes="on_each_login",
            token_endpoint="https://auth.example.com/oauth2/token",
        ),
        strategy="oauth2")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := auth0.NewConnection(ctx, "oauth2", &auth0.ConnectionArgs{
    			Options: &auth0.ConnectionOptionsArgs{
    				AuthorizationEndpoint: pulumi.String("https://auth.example.com/oauth2/authorize"),
    				ClientId:              pulumi.String("<client-id>"),
    				ClientSecret:          pulumi.String("<client-secret>"),
    				IconUrl:               pulumi.String("https://auth.example.com/assets/logo.png"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    				PkceEnabled: pulumi.Bool(true),
    				Scopes: pulumi.StringArray{
    					pulumi.String("basic_profile"),
    					pulumi.String("profile"),
    					pulumi.String("email"),
    				},
    				Scripts: pulumi.StringMap{
    					"fetchUserProfile": pulumi.String("        function fetchUserProfile(accessToken, context, callback) {\n          return callback(new Error(\"Whoops!\"));\n        }\n      \n"),
    				},
    				SetUserRootAttributes: pulumi.String("on_each_login"),
    				TokenEndpoint:         pulumi.String("https://auth.example.com/oauth2/token"),
    			},
    			Strategy: pulumi.String("oauth2"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        var oauth2 = new Auth0.Connection("oauth2", new()
        {
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                AuthorizationEndpoint = "https://auth.example.com/oauth2/authorize",
                ClientId = "<client-id>",
                ClientSecret = "<client-secret>",
                IconUrl = "https://auth.example.com/assets/logo.png",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
                PkceEnabled = true,
                Scopes = new[]
                {
                    "basic_profile",
                    "profile",
                    "email",
                },
                Scripts = 
                {
                    { "fetchUserProfile", @"        function fetchUserProfile(accessToken, context, callback) {
              return callback(new Error(""Whoops!""));
            }
          
    " },
                },
                SetUserRootAttributes = "on_each_login",
                TokenEndpoint = "https://auth.example.com/oauth2/token",
            },
            Strategy = "oauth2",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var oauth2 = new Connection("oauth2", ConnectionArgs.builder()        
                .options(ConnectionOptionsArgs.builder()
                    .authorizationEndpoint("https://auth.example.com/oauth2/authorize")
                    .clientId("<client-id>")
                    .clientSecret("<client-secret>")
                    .iconUrl("https://auth.example.com/assets/logo.png")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .pkceEnabled(true)
                    .scopes(                
                        "basic_profile",
                        "profile",
                        "email")
                    .scripts(Map.of("fetchUserProfile", """
            function fetchUserProfile(accessToken, context, callback) {
              return callback(new Error("Whoops!"));
            }
          
                    """))
                    .setUserRootAttributes("on_each_login")
                    .tokenEndpoint("https://auth.example.com/oauth2/token")
                    .build())
                .strategy("oauth2")
                .build());
    
        }
    }
    
    resources:
      oauth2:
        type: auth0:Connection
        properties:
          options:
            authorizationEndpoint: https://auth.example.com/oauth2/authorize
            clientId: <client-id>
            clientSecret: <client-secret>
            iconUrl: https://auth.example.com/assets/logo.png
            nonPersistentAttrs:
              - ethnicity
              - gender
            pkceEnabled: true
            scopes:
              - basic_profile
              - profile
              - email
            scripts:
              fetchUserProfile: "        function fetchUserProfile(accessToken, context, callback) {\n          return callback(new Error(\"Whoops!\"));\n        }\n      \n"
            setUserRootAttributes: on_each_login
            tokenEndpoint: https://auth.example.com/oauth2/token
          strategy: oauth2
    

    SMS Connection

    To be able to see this in the management dashboard as well, the name of the connection must be set to “sms”.

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    const sms = new auth0.Connection("sms", {
        isDomainConnection: false,
        options: {
            bruteForceProtection: true,
            disableSignup: false,
            forwardRequestInfo: true,
            from: "+15555555555",
            gatewayAuthentication: {
                audience: "https://somewhere.com/sms-gateway",
                method: "bearer",
                secret: "4e2680bb74ec2ae24736476dd37ed6c2",
                secretBase64Encoded: false,
                subject: "test.us.auth0.com:sms",
            },
            gatewayUrl: "https://somewhere.com/sms-gateway",
            name: "sms",
            provider: "sms_gateway",
            syntax: "md_with_macros",
            template: "@@password@@",
            totp: {
                length: 6,
                timeStep: 300,
            },
        },
        strategy: "sms",
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    sms = auth0.Connection("sms",
        is_domain_connection=False,
        options=auth0.ConnectionOptionsArgs(
            brute_force_protection=True,
            disable_signup=False,
            forward_request_info=True,
            from_="+15555555555",
            gateway_authentication=auth0.ConnectionOptionsGatewayAuthenticationArgs(
                audience="https://somewhere.com/sms-gateway",
                method="bearer",
                secret="4e2680bb74ec2ae24736476dd37ed6c2",
                secret_base64_encoded=False,
                subject="test.us.auth0.com:sms",
            ),
            gateway_url="https://somewhere.com/sms-gateway",
            name="sms",
            provider="sms_gateway",
            syntax="md_with_macros",
            template="@@password@@",
            totp=auth0.ConnectionOptionsTotpArgs(
                length=6,
                time_step=300,
            ),
        ),
        strategy="sms")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := auth0.NewConnection(ctx, "sms", &auth0.ConnectionArgs{
    			IsDomainConnection: pulumi.Bool(false),
    			Options: &auth0.ConnectionOptionsArgs{
    				BruteForceProtection: pulumi.Bool(true),
    				DisableSignup:        pulumi.Bool(false),
    				ForwardRequestInfo:   pulumi.Bool(true),
    				From:                 pulumi.String("+15555555555"),
    				GatewayAuthentication: &auth0.ConnectionOptionsGatewayAuthenticationArgs{
    					Audience:            pulumi.String("https://somewhere.com/sms-gateway"),
    					Method:              pulumi.String("bearer"),
    					Secret:              pulumi.String("4e2680bb74ec2ae24736476dd37ed6c2"),
    					SecretBase64Encoded: pulumi.Bool(false),
    					Subject:             pulumi.String("test.us.auth0.com:sms"),
    				},
    				GatewayUrl: pulumi.String("https://somewhere.com/sms-gateway"),
    				Name:       pulumi.String("sms"),
    				Provider:   pulumi.String("sms_gateway"),
    				Syntax:     pulumi.String("md_with_macros"),
    				Template:   pulumi.String("@@password@@"),
    				Totp: &auth0.ConnectionOptionsTotpArgs{
    					Length:   pulumi.Int(6),
    					TimeStep: pulumi.Int(300),
    				},
    			},
    			Strategy: pulumi.String("sms"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        var sms = new Auth0.Connection("sms", new()
        {
            IsDomainConnection = false,
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                BruteForceProtection = true,
                DisableSignup = false,
                ForwardRequestInfo = true,
                From = "+15555555555",
                GatewayAuthentication = new Auth0.Inputs.ConnectionOptionsGatewayAuthenticationArgs
                {
                    Audience = "https://somewhere.com/sms-gateway",
                    Method = "bearer",
                    Secret = "4e2680bb74ec2ae24736476dd37ed6c2",
                    SecretBase64Encoded = false,
                    Subject = "test.us.auth0.com:sms",
                },
                GatewayUrl = "https://somewhere.com/sms-gateway",
                Name = "sms",
                Provider = "sms_gateway",
                Syntax = "md_with_macros",
                Template = "@@password@@",
                Totp = new Auth0.Inputs.ConnectionOptionsTotpArgs
                {
                    Length = 6,
                    TimeStep = 300,
                },
            },
            Strategy = "sms",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsGatewayAuthenticationArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsTotpArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var sms = new Connection("sms", ConnectionArgs.builder()        
                .isDomainConnection(false)
                .options(ConnectionOptionsArgs.builder()
                    .bruteForceProtection(true)
                    .disableSignup(false)
                    .forwardRequestInfo(true)
                    .from("+15555555555")
                    .gatewayAuthentication(ConnectionOptionsGatewayAuthenticationArgs.builder()
                        .audience("https://somewhere.com/sms-gateway")
                        .method("bearer")
                        .secret("4e2680bb74ec2ae24736476dd37ed6c2")
                        .secretBase64Encoded(false)
                        .subject("test.us.auth0.com:sms")
                        .build())
                    .gatewayUrl("https://somewhere.com/sms-gateway")
                    .name("sms")
                    .provider("sms_gateway")
                    .syntax("md_with_macros")
                    .template("@@password@@")
                    .totp(ConnectionOptionsTotpArgs.builder()
                        .length(6)
                        .timeStep(300)
                        .build())
                    .build())
                .strategy("sms")
                .build());
    
        }
    }
    
    resources:
      sms:
        type: auth0:Connection
        properties:
          isDomainConnection: false
          options:
            bruteForceProtection: true
            disableSignup: false
            forwardRequestInfo: true
            from: '+15555555555'
            gatewayAuthentication:
              audience: https://somewhere.com/sms-gateway
              method: bearer
              secret: 4e2680bb74ec2ae24736476dd37ed6c2
              secretBase64Encoded: false
              subject: test.us.auth0.com:sms
            gatewayUrl: https://somewhere.com/sms-gateway
            name: sms
            provider: sms_gateway
            syntax: md_with_macros
            template: '@@password@@'
            totp:
              length: 6
              timeStep: 300
          strategy: sms
    

    Email Connection

    To be able to see this in the management dashboard as well, the name of the connection must be set to “email”.

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    const passwordlessEmail = new auth0.Connection("passwordlessEmail", {
        options: {
            authParams: {
                responseType: "code",
                scope: "openid email profile offline_access",
            },
            bruteForceProtection: true,
            disableSignup: false,
            from: "{{ application.name }} <root@auth0.com>",
            name: "email",
            nonPersistentAttrs: [],
            setUserRootAttributes: "on_each_login",
            subject: "Welcome to {{ application.name }}",
            syntax: "liquid",
            template: "<html>This is the body of the email</html>",
            totp: {
                length: 6,
                timeStep: 300,
            },
        },
        strategy: "email",
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    passwordless_email = auth0.Connection("passwordlessEmail",
        options=auth0.ConnectionOptionsArgs(
            auth_params={
                "responseType": "code",
                "scope": "openid email profile offline_access",
            },
            brute_force_protection=True,
            disable_signup=False,
            from_="{{ application.name }} <root@auth0.com>",
            name="email",
            non_persistent_attrs=[],
            set_user_root_attributes="on_each_login",
            subject="Welcome to {{ application.name }}",
            syntax="liquid",
            template="<html>This is the body of the email</html>",
            totp=auth0.ConnectionOptionsTotpArgs(
                length=6,
                time_step=300,
            ),
        ),
        strategy="email")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := auth0.NewConnection(ctx, "passwordlessEmail", &auth0.ConnectionArgs{
    			Options: &auth0.ConnectionOptionsArgs{
    				AuthParams: pulumi.StringMap{
    					"responseType": pulumi.String("code"),
    					"scope":        pulumi.String("openid email profile offline_access"),
    				},
    				BruteForceProtection:  pulumi.Bool(true),
    				DisableSignup:         pulumi.Bool(false),
    				From:                  pulumi.String("{{ application.name }} <root@auth0.com>"),
    				Name:                  pulumi.String("email"),
    				NonPersistentAttrs:    pulumi.StringArray{},
    				SetUserRootAttributes: pulumi.String("on_each_login"),
    				Subject:               pulumi.String("Welcome to {{ application.name }}"),
    				Syntax:                pulumi.String("liquid"),
    				Template:              pulumi.String("<html>This is the body of the email</html>"),
    				Totp: &auth0.ConnectionOptionsTotpArgs{
    					Length:   pulumi.Int(6),
    					TimeStep: pulumi.Int(300),
    				},
    			},
    			Strategy: pulumi.String("email"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        var passwordlessEmail = new Auth0.Connection("passwordlessEmail", new()
        {
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                AuthParams = 
                {
                    { "responseType", "code" },
                    { "scope", "openid email profile offline_access" },
                },
                BruteForceProtection = true,
                DisableSignup = false,
                From = "{{ application.name }} <root@auth0.com>",
                Name = "email",
                NonPersistentAttrs = new() { },
                SetUserRootAttributes = "on_each_login",
                Subject = "Welcome to {{ application.name }}",
                Syntax = "liquid",
                Template = "<html>This is the body of the email</html>",
                Totp = new Auth0.Inputs.ConnectionOptionsTotpArgs
                {
                    Length = 6,
                    TimeStep = 300,
                },
            },
            Strategy = "email",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsTotpArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var passwordlessEmail = new Connection("passwordlessEmail", ConnectionArgs.builder()        
                .options(ConnectionOptionsArgs.builder()
                    .authParams(Map.ofEntries(
                        Map.entry("responseType", "code"),
                        Map.entry("scope", "openid email profile offline_access")
                    ))
                    .bruteForceProtection(true)
                    .disableSignup(false)
                    .from("{{ application.name }} <root@auth0.com>")
                    .name("email")
                    .nonPersistentAttrs()
                    .setUserRootAttributes("on_each_login")
                    .subject("Welcome to {{ application.name }}")
                    .syntax("liquid")
                    .template("<html>This is the body of the email</html>")
                    .totp(ConnectionOptionsTotpArgs.builder()
                        .length(6)
                        .timeStep(300)
                        .build())
                    .build())
                .strategy("email")
                .build());
    
        }
    }
    
    resources:
      passwordlessEmail:
        type: auth0:Connection
        properties:
          options:
            authParams:
              responseType: code
              scope: openid email profile offline_access
            bruteForceProtection: true
            disableSignup: false
            from: '{{ application.name }} <root@auth0.com>'
            name: email
            nonPersistentAttrs: []
            setUserRootAttributes: on_each_login
            subject: Welcome to {{ application.name }}
            syntax: liquid
            template: <html>This is the body of the email</html>
            totp:
              length: 6
              timeStep: 300
          strategy: email
    

    WindowsLive Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    const windowslive = new auth0.Connection("windowslive", {
        options: {
            clientId: "<client-id>",
            clientSecret: "<client-secret>",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
            scopes: [
                "signin",
                "graph_user",
            ],
            setUserRootAttributes: "on_first_login",
            strategyVersion: 2,
        },
        strategy: "windowslive",
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    windowslive = auth0.Connection("windowslive",
        options=auth0.ConnectionOptionsArgs(
            client_id="<client-id>",
            client_secret="<client-secret>",
            non_persistent_attrs=[
                "ethnicity",
                "gender",
            ],
            scopes=[
                "signin",
                "graph_user",
            ],
            set_user_root_attributes="on_first_login",
            strategy_version=2,
        ),
        strategy="windowslive")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := auth0.NewConnection(ctx, "windowslive", &auth0.ConnectionArgs{
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:     pulumi.String("<client-id>"),
    				ClientSecret: pulumi.String("<client-secret>"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    				Scopes: pulumi.StringArray{
    					pulumi.String("signin"),
    					pulumi.String("graph_user"),
    				},
    				SetUserRootAttributes: pulumi.String("on_first_login"),
    				StrategyVersion:       pulumi.Int(2),
    			},
    			Strategy: pulumi.String("windowslive"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        var windowslive = new Auth0.Connection("windowslive", new()
        {
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "<client-id>",
                ClientSecret = "<client-secret>",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
                Scopes = new[]
                {
                    "signin",
                    "graph_user",
                },
                SetUserRootAttributes = "on_first_login",
                StrategyVersion = 2,
            },
            Strategy = "windowslive",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var windowslive = new Connection("windowslive", ConnectionArgs.builder()        
                .options(ConnectionOptionsArgs.builder()
                    .clientId("<client-id>")
                    .clientSecret("<client-secret>")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .scopes(                
                        "signin",
                        "graph_user")
                    .setUserRootAttributes("on_first_login")
                    .strategyVersion(2)
                    .build())
                .strategy("windowslive")
                .build());
    
        }
    }
    
    resources:
      windowslive:
        type: auth0:Connection
        properties:
          options:
            clientId: <client-id>
            clientSecret: <client-secret>
            nonPersistentAttrs:
              - ethnicity
              - gender
            scopes:
              - signin
              - graph_user
            setUserRootAttributes: on_first_login
            strategyVersion: 2
          strategy: windowslive
    

    Create Connection Resource

    new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);
    @overload
    def Connection(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   display_name: Optional[str] = None,
                   is_domain_connection: Optional[bool] = None,
                   metadata: Optional[Mapping[str, str]] = None,
                   name: Optional[str] = None,
                   options: Optional[ConnectionOptionsArgs] = None,
                   realms: Optional[Sequence[str]] = None,
                   show_as_button: Optional[bool] = None,
                   strategy: Optional[str] = None)
    @overload
    def Connection(resource_name: str,
                   args: ConnectionArgs,
                   opts: Optional[ResourceOptions] = None)
    func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)
    public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)
    public Connection(String name, ConnectionArgs args)
    public Connection(String name, ConnectionArgs args, CustomResourceOptions options)
    
    type: auth0:Connection
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args ConnectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ConnectionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ConnectionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ConnectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ConnectionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Connection Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Connection resource accepts the following input properties:

    Strategy string
    Type of the connection, which indicates the identity provider.
    DisplayName string
    Name used in login screen.
    IsDomainConnection bool
    Indicates whether the connection is domain level.
    Metadata Dictionary<string, string>
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    Name string
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    Options ConnectionOptions
    Configuration settings for connection options.
    Realms List<string>
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    ShowAsButton bool
    Display connection as a button. Only available on enterprise connections.
    Strategy string
    Type of the connection, which indicates the identity provider.
    DisplayName string
    Name used in login screen.
    IsDomainConnection bool
    Indicates whether the connection is domain level.
    Metadata map[string]string
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    Name string
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    Options ConnectionOptionsArgs
    Configuration settings for connection options.
    Realms []string
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    ShowAsButton bool
    Display connection as a button. Only available on enterprise connections.
    strategy String
    Type of the connection, which indicates the identity provider.
    displayName String
    Name used in login screen.
    isDomainConnection Boolean
    Indicates whether the connection is domain level.
    metadata Map<String,String>
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    name String
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    options ConnectionOptions
    Configuration settings for connection options.
    realms List<String>
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    showAsButton Boolean
    Display connection as a button. Only available on enterprise connections.
    strategy string
    Type of the connection, which indicates the identity provider.
    displayName string
    Name used in login screen.
    isDomainConnection boolean
    Indicates whether the connection is domain level.
    metadata {[key: string]: string}
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    name string
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    options ConnectionOptions
    Configuration settings for connection options.
    realms string[]
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    showAsButton boolean
    Display connection as a button. Only available on enterprise connections.
    strategy str
    Type of the connection, which indicates the identity provider.
    display_name str
    Name used in login screen.
    is_domain_connection bool
    Indicates whether the connection is domain level.
    metadata Mapping[str, str]
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    name str
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    options ConnectionOptionsArgs
    Configuration settings for connection options.
    realms Sequence[str]
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    show_as_button bool
    Display connection as a button. Only available on enterprise connections.
    strategy String
    Type of the connection, which indicates the identity provider.
    displayName String
    Name used in login screen.
    isDomainConnection Boolean
    Indicates whether the connection is domain level.
    metadata Map<String>
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    name String
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    options Property Map
    Configuration settings for connection options.
    realms List<String>
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    showAsButton Boolean
    Display connection as a button. Only available on enterprise connections.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Connection Resource

    Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            display_name: Optional[str] = None,
            is_domain_connection: Optional[bool] = None,
            metadata: Optional[Mapping[str, str]] = None,
            name: Optional[str] = None,
            options: Optional[ConnectionOptionsArgs] = None,
            realms: Optional[Sequence[str]] = None,
            show_as_button: Optional[bool] = None,
            strategy: Optional[str] = None) -> Connection
    func GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)
    public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)
    public static Connection get(String name, Output<String> id, ConnectionState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    DisplayName string
    Name used in login screen.
    IsDomainConnection bool
    Indicates whether the connection is domain level.
    Metadata Dictionary<string, string>
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    Name string
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    Options ConnectionOptions
    Configuration settings for connection options.
    Realms List<string>
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    ShowAsButton bool
    Display connection as a button. Only available on enterprise connections.
    Strategy string
    Type of the connection, which indicates the identity provider.
    DisplayName string
    Name used in login screen.
    IsDomainConnection bool
    Indicates whether the connection is domain level.
    Metadata map[string]string
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    Name string
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    Options ConnectionOptionsArgs
    Configuration settings for connection options.
    Realms []string
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    ShowAsButton bool
    Display connection as a button. Only available on enterprise connections.
    Strategy string
    Type of the connection, which indicates the identity provider.
    displayName String
    Name used in login screen.
    isDomainConnection Boolean
    Indicates whether the connection is domain level.
    metadata Map<String,String>
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    name String
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    options ConnectionOptions
    Configuration settings for connection options.
    realms List<String>
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    showAsButton Boolean
    Display connection as a button. Only available on enterprise connections.
    strategy String
    Type of the connection, which indicates the identity provider.
    displayName string
    Name used in login screen.
    isDomainConnection boolean
    Indicates whether the connection is domain level.
    metadata {[key: string]: string}
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    name string
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    options ConnectionOptions
    Configuration settings for connection options.
    realms string[]
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    showAsButton boolean
    Display connection as a button. Only available on enterprise connections.
    strategy string
    Type of the connection, which indicates the identity provider.
    display_name str
    Name used in login screen.
    is_domain_connection bool
    Indicates whether the connection is domain level.
    metadata Mapping[str, str]
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    name str
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    options ConnectionOptionsArgs
    Configuration settings for connection options.
    realms Sequence[str]
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    show_as_button bool
    Display connection as a button. Only available on enterprise connections.
    strategy str
    Type of the connection, which indicates the identity provider.
    displayName String
    Name used in login screen.
    isDomainConnection Boolean
    Indicates whether the connection is domain level.
    metadata Map<String>
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    name String
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    options Property Map
    Configuration settings for connection options.
    realms List<String>
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    showAsButton Boolean
    Display connection as a button. Only available on enterprise connections.
    strategy String
    Type of the connection, which indicates the identity provider.

    Supporting Types

    ConnectionOptions, ConnectionOptionsArgs

    AdfsServer string
    ADFS URL where to fetch the metadata source.
    AllowedAudiences List<string>
    List of allowed audiences.
    ApiEnableUsers bool
    Enable API Access to users.
    AppId string
    App ID.
    AttributeMap ConnectionOptionsAttributeMap
    OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
    AuthParams Dictionary<string, string>
    Query string parameters to be included as part of the generated passwordless email link.
    AuthorizationEndpoint string
    Authorization endpoint.
    BruteForceProtection bool
    Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
    ClientId string
    The strategy's client ID.
    ClientSecret string
    The strategy's client secret.
    CommunityBaseUrl string
    Salesforce community base URL.
    Configuration Dictionary<string, object>
    A case-sensitive map of key value pairs used as configuration variables for the custom_script.
    ConnectionSettings ConnectionOptionsConnectionSettings
    Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
    CustomScripts Dictionary<string, string>
    A map of scripts used to integrate with a custom database.
    Debug bool
    When enabled, additional debug information will be generated.
    DecryptionKey ConnectionOptionsDecryptionKey
    The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
    DigestAlgorithm string
    Sign Request Algorithm Digest.
    DisableCache bool
    Indicates whether to disable the cache or not.
    DisableSelfServiceChangePassword bool
    Indicates whether to remove the forgot password link within the New Universal Login.
    DisableSignOut bool
    When enabled, will disable sign out.
    DisableSignup bool
    Indicates whether to allow user sign-ups to your application.
    DiscoveryUrl string
    OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
    Domain string
    Domain name.
    DomainAliases List<string>
    List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
    EnableScriptContext bool
    Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
    EnabledDatabaseCustomization bool
    Set to true to use a legacy user store.
    EntityId string
    Custom Entity ID for the connection.
    FedMetadataXml string
    Federation Metadata for the ADFS connection.
    FieldsMap string
    If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
    ForwardRequestInfo bool
    Specifies whether or not request info should be forwarded to sms gateway.
    From string
    Address to use as the sender.
    GatewayAuthentication ConnectionOptionsGatewayAuthentication
    Defines the parameters used to generate the auth token for the custom gateway.
    GatewayUrl string
    Defines a custom sms gateway to use instead of Twilio.
    IconUrl string
    Icon URL.
    IdentityApi string
    Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
    IdpInitiated ConnectionOptionsIdpInitiated
    Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
    ImportMode bool
    Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
    Ips List<string>
    A list of IPs.
    Issuer string
    Issuer URL, e.g. https://auth.example.com.
    JwksUri string
    JWKS URI.
    KeyId string
    Apple Key ID.
    MapUserIdToId bool
    By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
    MaxGroupsToRetrieve string
    Maximum number of groups to retrieve.
    MessagingServiceSid string
    SID for Copilot. Used when SMS Source is Copilot.
    MetadataUrl string
    The URL of the SAML metadata document.
    MetadataXml string
    The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
    Mfa ConnectionOptionsMfa
    Configuration options for multifactor authentication.
    Name string
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    NonPersistentAttrs List<string>
    If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
    PasswordComplexityOptions ConnectionOptionsPasswordComplexityOptions
    Configuration settings for password complexity.
    PasswordDictionary ConnectionOptionsPasswordDictionary
    Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
    PasswordHistories List<ConnectionOptionsPasswordHistory>
    Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
    PasswordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo
    Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
    PasswordPolicy string
    Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
    PingFederateBaseUrl string
    Ping Federate Server URL.
    PkceEnabled bool
    Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
    ProtocolBinding string
    The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
    Provider string
    Defines the custom sms_gateway provider.
    RequestTemplate string
    Template that formats the SAML request.
    RequiresUsername bool
    Indicates whether the user is required to provide a username in addition to an email address.
    Scopes List<string>
    Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
    Scripts Dictionary<string, string>
    A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
    SetUserRootAttributes string
    Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login. Default value: on_each_login.
    ShouldTrustEmailVerifiedConnection string
    Choose how Auth0 sets the email_verified field in the user profile.
    SignInEndpoint string
    SAML single login URL for the connection.
    SignOutEndpoint string
    SAML single logout URL for the connection.
    SignSamlRequest bool
    When enabled, the SAML authentication request will be signed.
    SignatureAlgorithm string
    Sign Request Algorithm.
    SigningCert string
    X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
    SigningKey ConnectionOptionsSigningKey
    The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
    StrategyVersion int
    Version 1 is deprecated, use version 2.
    Subject string
    Subject line of the email.
    Syntax string
    Syntax of the template body.
    TeamId string
    Apple Team ID.
    Template string
    Body of the template.
    TenantDomain string
    Tenant domain name.
    TokenEndpoint string
    Token endpoint.
    Totp ConnectionOptionsTotp
    Configuration options for one-time passwords.
    TwilioSid string
    SID for your Twilio account.
    TwilioToken string
    AuthToken for your Twilio account.
    Type string
    Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
    UpstreamParams string
    You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
    UseCertAuth bool
    Indicates whether to use cert auth or not.
    UseKerberos bool
    Indicates whether to use Kerberos or not.
    UseWsfed bool
    Whether to use WS-Fed.
    UserIdAttribute string
    Attribute in the SAML token that will be mapped to the user_id property in Auth0.
    UserinfoEndpoint string
    User info endpoint.
    Validation ConnectionOptionsValidation
    Validation of the minimum and maximum values allowed for a user to have as username.
    WaadCommonEndpoint bool
    Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
    WaadProtocol string
    Protocol to use.
    AdfsServer string
    ADFS URL where to fetch the metadata source.
    AllowedAudiences []string
    List of allowed audiences.
    ApiEnableUsers bool
    Enable API Access to users.
    AppId string
    App ID.
    AttributeMap ConnectionOptionsAttributeMap
    OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
    AuthParams map[string]string
    Query string parameters to be included as part of the generated passwordless email link.
    AuthorizationEndpoint string
    Authorization endpoint.
    BruteForceProtection bool
    Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
    ClientId string
    The strategy's client ID.
    ClientSecret string
    The strategy's client secret.
    CommunityBaseUrl string
    Salesforce community base URL.
    Configuration map[string]interface{}
    A case-sensitive map of key value pairs used as configuration variables for the custom_script.
    ConnectionSettings ConnectionOptionsConnectionSettings
    Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
    CustomScripts map[string]string
    A map of scripts used to integrate with a custom database.
    Debug bool
    When enabled, additional debug information will be generated.
    DecryptionKey ConnectionOptionsDecryptionKey
    The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
    DigestAlgorithm string
    Sign Request Algorithm Digest.
    DisableCache bool
    Indicates whether to disable the cache or not.
    DisableSelfServiceChangePassword bool
    Indicates whether to remove the forgot password link within the New Universal Login.
    DisableSignOut bool
    When enabled, will disable sign out.
    DisableSignup bool
    Indicates whether to allow user sign-ups to your application.
    DiscoveryUrl string
    OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
    Domain string
    Domain name.
    DomainAliases []string
    List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
    EnableScriptContext bool
    Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
    EnabledDatabaseCustomization bool
    Set to true to use a legacy user store.
    EntityId string
    Custom Entity ID for the connection.
    FedMetadataXml string
    Federation Metadata for the ADFS connection.
    FieldsMap string
    If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
    ForwardRequestInfo bool
    Specifies whether or not request info should be forwarded to sms gateway.
    From string
    Address to use as the sender.
    GatewayAuthentication ConnectionOptionsGatewayAuthentication
    Defines the parameters used to generate the auth token for the custom gateway.
    GatewayUrl string
    Defines a custom sms gateway to use instead of Twilio.
    IconUrl string
    Icon URL.
    IdentityApi string
    Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
    IdpInitiated ConnectionOptionsIdpInitiated
    Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
    ImportMode bool
    Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
    Ips []string
    A list of IPs.
    Issuer string
    Issuer URL, e.g. https://auth.example.com.
    JwksUri string
    JWKS URI.
    KeyId string
    Apple Key ID.
    MapUserIdToId bool
    By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
    MaxGroupsToRetrieve string
    Maximum number of groups to retrieve.
    MessagingServiceSid string
    SID for Copilot. Used when SMS Source is Copilot.
    MetadataUrl string
    The URL of the SAML metadata document.
    MetadataXml string
    The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
    Mfa ConnectionOptionsMfa
    Configuration options for multifactor authentication.
    Name string
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    NonPersistentAttrs []string
    If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
    PasswordComplexityOptions ConnectionOptionsPasswordComplexityOptions
    Configuration settings for password complexity.
    PasswordDictionary ConnectionOptionsPasswordDictionary
    Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
    PasswordHistories []ConnectionOptionsPasswordHistory
    Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
    PasswordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo
    Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
    PasswordPolicy string
    Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
    PingFederateBaseUrl string
    Ping Federate Server URL.
    PkceEnabled bool
    Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
    ProtocolBinding string
    The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
    Provider string
    Defines the custom sms_gateway provider.
    RequestTemplate string
    Template that formats the SAML request.
    RequiresUsername bool
    Indicates whether the user is required to provide a username in addition to an email address.
    Scopes []string
    Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
    Scripts map[string]string
    A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
    SetUserRootAttributes string
    Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login. Default value: on_each_login.
    ShouldTrustEmailVerifiedConnection string
    Choose how Auth0 sets the email_verified field in the user profile.
    SignInEndpoint string
    SAML single login URL for the connection.
    SignOutEndpoint string
    SAML single logout URL for the connection.
    SignSamlRequest bool
    When enabled, the SAML authentication request will be signed.
    SignatureAlgorithm string
    Sign Request Algorithm.
    SigningCert string
    X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
    SigningKey ConnectionOptionsSigningKey
    The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
    StrategyVersion int
    Version 1 is deprecated, use version 2.
    Subject string
    Subject line of the email.
    Syntax string
    Syntax of the template body.
    TeamId string
    Apple Team ID.
    Template string
    Body of the template.
    TenantDomain string
    Tenant domain name.
    TokenEndpoint string
    Token endpoint.
    Totp ConnectionOptionsTotp
    Configuration options for one-time passwords.
    TwilioSid string
    SID for your Twilio account.
    TwilioToken string
    AuthToken for your Twilio account.
    Type string
    Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
    UpstreamParams string
    You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
    UseCertAuth bool
    Indicates whether to use cert auth or not.
    UseKerberos bool
    Indicates whether to use Kerberos or not.
    UseWsfed bool
    Whether to use WS-Fed.
    UserIdAttribute string
    Attribute in the SAML token that will be mapped to the user_id property in Auth0.
    UserinfoEndpoint string
    User info endpoint.
    Validation ConnectionOptionsValidation
    Validation of the minimum and maximum values allowed for a user to have as username.
    WaadCommonEndpoint bool
    Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
    WaadProtocol string
    Protocol to use.
    adfsServer String
    ADFS URL where to fetch the metadata source.
    allowedAudiences List<String>
    List of allowed audiences.
    apiEnableUsers Boolean
    Enable API Access to users.
    appId String
    App ID.
    attributeMap ConnectionOptionsAttributeMap
    OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
    authParams Map<String,String>
    Query string parameters to be included as part of the generated passwordless email link.
    authorizationEndpoint String
    Authorization endpoint.
    bruteForceProtection Boolean
    Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
    clientId String
    The strategy's client ID.
    clientSecret String
    The strategy's client secret.
    communityBaseUrl String
    Salesforce community base URL.
    configuration Map<String,Object>
    A case-sensitive map of key value pairs used as configuration variables for the custom_script.
    connectionSettings ConnectionOptionsConnectionSettings
    Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
    customScripts Map<String,String>
    A map of scripts used to integrate with a custom database.
    debug Boolean
    When enabled, additional debug information will be generated.
    decryptionKey ConnectionOptionsDecryptionKey
    The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
    digestAlgorithm String
    Sign Request Algorithm Digest.
    disableCache Boolean
    Indicates whether to disable the cache or not.
    disableSelfServiceChangePassword Boolean
    Indicates whether to remove the forgot password link within the New Universal Login.
    disableSignOut Boolean
    When enabled, will disable sign out.
    disableSignup Boolean
    Indicates whether to allow user sign-ups to your application.
    discoveryUrl String
    OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
    domain String
    Domain name.
    domainAliases List<String>
    List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
    enableScriptContext Boolean
    Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
    enabledDatabaseCustomization Boolean
    Set to true to use a legacy user store.
    entityId String
    Custom Entity ID for the connection.
    fedMetadataXml String
    Federation Metadata for the ADFS connection.
    fieldsMap String
    If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
    forwardRequestInfo Boolean
    Specifies whether or not request info should be forwarded to sms gateway.
    from String
    Address to use as the sender.
    gatewayAuthentication ConnectionOptionsGatewayAuthentication
    Defines the parameters used to generate the auth token for the custom gateway.
    gatewayUrl String
    Defines a custom sms gateway to use instead of Twilio.
    iconUrl String
    Icon URL.
    identityApi String
    Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
    idpInitiated ConnectionOptionsIdpInitiated
    Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
    importMode Boolean
    Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
    ips List<String>
    A list of IPs.
    issuer String
    Issuer URL, e.g. https://auth.example.com.
    jwksUri String
    JWKS URI.
    keyId String
    Apple Key ID.
    mapUserIdToId Boolean
    By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
    maxGroupsToRetrieve String
    Maximum number of groups to retrieve.
    messagingServiceSid String
    SID for Copilot. Used when SMS Source is Copilot.
    metadataUrl String
    The URL of the SAML metadata document.
    metadataXml String
    The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
    mfa ConnectionOptionsMfa
    Configuration options for multifactor authentication.
    name String
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    nonPersistentAttrs List<String>
    If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
    passwordComplexityOptions ConnectionOptionsPasswordComplexityOptions
    Configuration settings for password complexity.
    passwordDictionary ConnectionOptionsPasswordDictionary
    Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
    passwordHistories List<ConnectionOptionsPasswordHistory>
    Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
    passwordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo
    Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
    passwordPolicy String
    Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
    pingFederateBaseUrl String
    Ping Federate Server URL.
    pkceEnabled Boolean
    Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
    protocolBinding String
    The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
    provider String
    Defines the custom sms_gateway provider.
    requestTemplate String
    Template that formats the SAML request.
    requiresUsername Boolean
    Indicates whether the user is required to provide a username in addition to an email address.
    scopes List<String>
    Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
    scripts Map<String,String>
    A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
    setUserRootAttributes String
    Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login. Default value: on_each_login.
    shouldTrustEmailVerifiedConnection String
    Choose how Auth0 sets the email_verified field in the user profile.
    signInEndpoint String
    SAML single login URL for the connection.
    signOutEndpoint String
    SAML single logout URL for the connection.
    signSamlRequest Boolean
    When enabled, the SAML authentication request will be signed.
    signatureAlgorithm String
    Sign Request Algorithm.
    signingCert String
    X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
    signingKey ConnectionOptionsSigningKey
    The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
    strategyVersion Integer
    Version 1 is deprecated, use version 2.
    subject String
    Subject line of the email.
    syntax String
    Syntax of the template body.
    teamId String
    Apple Team ID.
    template String
    Body of the template.
    tenantDomain String
    Tenant domain name.
    tokenEndpoint String
    Token endpoint.
    totp ConnectionOptionsTotp
    Configuration options for one-time passwords.
    twilioSid String
    SID for your Twilio account.
    twilioToken String
    AuthToken for your Twilio account.
    type String
    Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
    upstreamParams String
    You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
    useCertAuth Boolean
    Indicates whether to use cert auth or not.
    useKerberos Boolean
    Indicates whether to use Kerberos or not.
    useWsfed Boolean
    Whether to use WS-Fed.
    userIdAttribute String
    Attribute in the SAML token that will be mapped to the user_id property in Auth0.
    userinfoEndpoint String
    User info endpoint.
    validation ConnectionOptionsValidation
    Validation of the minimum and maximum values allowed for a user to have as username.
    waadCommonEndpoint Boolean
    Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
    waadProtocol String
    Protocol to use.
    adfsServer string
    ADFS URL where to fetch the metadata source.
    allowedAudiences string[]
    List of allowed audiences.
    apiEnableUsers boolean
    Enable API Access to users.
    appId string
    App ID.
    attributeMap ConnectionOptionsAttributeMap
    OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
    authParams {[key: string]: string}
    Query string parameters to be included as part of the generated passwordless email link.
    authorizationEndpoint string
    Authorization endpoint.
    bruteForceProtection boolean
    Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
    clientId string
    The strategy's client ID.
    clientSecret string
    The strategy's client secret.
    communityBaseUrl string
    Salesforce community base URL.
    configuration {[key: string]: any}
    A case-sensitive map of key value pairs used as configuration variables for the custom_script.
    connectionSettings ConnectionOptionsConnectionSettings
    Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
    customScripts {[key: string]: string}
    A map of scripts used to integrate with a custom database.
    debug boolean
    When enabled, additional debug information will be generated.
    decryptionKey ConnectionOptionsDecryptionKey
    The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
    digestAlgorithm string
    Sign Request Algorithm Digest.
    disableCache boolean
    Indicates whether to disable the cache or not.
    disableSelfServiceChangePassword boolean
    Indicates whether to remove the forgot password link within the New Universal Login.
    disableSignOut boolean
    When enabled, will disable sign out.
    disableSignup boolean
    Indicates whether to allow user sign-ups to your application.
    discoveryUrl string
    OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
    domain string
    Domain name.
    domainAliases string[]
    List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
    enableScriptContext boolean
    Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
    enabledDatabaseCustomization boolean
    Set to true to use a legacy user store.
    entityId string
    Custom Entity ID for the connection.
    fedMetadataXml string
    Federation Metadata for the ADFS connection.
    fieldsMap string
    If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
    forwardRequestInfo boolean
    Specifies whether or not request info should be forwarded to sms gateway.
    from string
    Address to use as the sender.
    gatewayAuthentication ConnectionOptionsGatewayAuthentication
    Defines the parameters used to generate the auth token for the custom gateway.
    gatewayUrl string
    Defines a custom sms gateway to use instead of Twilio.
    iconUrl string
    Icon URL.
    identityApi string
    Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
    idpInitiated ConnectionOptionsIdpInitiated
    Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
    importMode boolean
    Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
    ips string[]
    A list of IPs.
    issuer string
    Issuer URL, e.g. https://auth.example.com.
    jwksUri string
    JWKS URI.
    keyId string
    Apple Key ID.
    mapUserIdToId boolean
    By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
    maxGroupsToRetrieve string
    Maximum number of groups to retrieve.
    messagingServiceSid string
    SID for Copilot. Used when SMS Source is Copilot.
    metadataUrl string
    The URL of the SAML metadata document.
    metadataXml string
    The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
    mfa ConnectionOptionsMfa
    Configuration options for multifactor authentication.
    name string
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    nonPersistentAttrs string[]
    If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
    passwordComplexityOptions ConnectionOptionsPasswordComplexityOptions
    Configuration settings for password complexity.
    passwordDictionary ConnectionOptionsPasswordDictionary
    Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
    passwordHistories ConnectionOptionsPasswordHistory[]
    Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
    passwordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo
    Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
    passwordPolicy string
    Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
    pingFederateBaseUrl string
    Ping Federate Server URL.
    pkceEnabled boolean
    Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
    protocolBinding string
    The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
    provider string
    Defines the custom sms_gateway provider.
    requestTemplate string
    Template that formats the SAML request.
    requiresUsername boolean
    Indicates whether the user is required to provide a username in addition to an email address.
    scopes string[]
    Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
    scripts {[key: string]: string}
    A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
    setUserRootAttributes string
    Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login. Default value: on_each_login.
    shouldTrustEmailVerifiedConnection string
    Choose how Auth0 sets the email_verified field in the user profile.
    signInEndpoint string
    SAML single login URL for the connection.
    signOutEndpoint string
    SAML single logout URL for the connection.
    signSamlRequest boolean
    When enabled, the SAML authentication request will be signed.
    signatureAlgorithm string
    Sign Request Algorithm.
    signingCert string
    X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
    signingKey ConnectionOptionsSigningKey
    The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
    strategyVersion number
    Version 1 is deprecated, use version 2.
    subject string
    Subject line of the email.
    syntax string
    Syntax of the template body.
    teamId string
    Apple Team ID.
    template string
    Body of the template.
    tenantDomain string
    Tenant domain name.
    tokenEndpoint string
    Token endpoint.
    totp ConnectionOptionsTotp
    Configuration options for one-time passwords.
    twilioSid string
    SID for your Twilio account.
    twilioToken string
    AuthToken for your Twilio account.
    type string
    Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
    upstreamParams string
    You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
    useCertAuth boolean
    Indicates whether to use cert auth or not.
    useKerberos boolean
    Indicates whether to use Kerberos or not.
    useWsfed boolean
    Whether to use WS-Fed.
    userIdAttribute string
    Attribute in the SAML token that will be mapped to the user_id property in Auth0.
    userinfoEndpoint string
    User info endpoint.
    validation ConnectionOptionsValidation
    Validation of the minimum and maximum values allowed for a user to have as username.
    waadCommonEndpoint boolean
    Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
    waadProtocol string
    Protocol to use.
    adfs_server str
    ADFS URL where to fetch the metadata source.
    allowed_audiences Sequence[str]
    List of allowed audiences.
    api_enable_users bool
    Enable API Access to users.
    app_id str
    App ID.
    attribute_map ConnectionOptionsAttributeMap
    OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
    auth_params Mapping[str, str]
    Query string parameters to be included as part of the generated passwordless email link.
    authorization_endpoint str
    Authorization endpoint.
    brute_force_protection bool
    Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
    client_id str
    The strategy's client ID.
    client_secret str
    The strategy's client secret.
    community_base_url str
    Salesforce community base URL.
    configuration Mapping[str, Any]
    A case-sensitive map of key value pairs used as configuration variables for the custom_script.
    connection_settings ConnectionOptionsConnectionSettings
    Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
    custom_scripts Mapping[str, str]
    A map of scripts used to integrate with a custom database.
    debug bool
    When enabled, additional debug information will be generated.
    decryption_key ConnectionOptionsDecryptionKey
    The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
    digest_algorithm str
    Sign Request Algorithm Digest.
    disable_cache bool
    Indicates whether to disable the cache or not.
    disable_self_service_change_password bool
    Indicates whether to remove the forgot password link within the New Universal Login.
    disable_sign_out bool
    When enabled, will disable sign out.
    disable_signup bool
    Indicates whether to allow user sign-ups to your application.
    discovery_url str
    OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
    domain str
    Domain name.
    domain_aliases Sequence[str]
    List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
    enable_script_context bool
    Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
    enabled_database_customization bool
    Set to true to use a legacy user store.
    entity_id str
    Custom Entity ID for the connection.
    fed_metadata_xml str
    Federation Metadata for the ADFS connection.
    fields_map str
    If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
    forward_request_info bool
    Specifies whether or not request info should be forwarded to sms gateway.
    from_ str
    Address to use as the sender.
    gateway_authentication ConnectionOptionsGatewayAuthentication
    Defines the parameters used to generate the auth token for the custom gateway.
    gateway_url str
    Defines a custom sms gateway to use instead of Twilio.
    icon_url str
    Icon URL.
    identity_api str
    Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
    idp_initiated ConnectionOptionsIdpInitiated
    Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
    import_mode bool
    Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
    ips Sequence[str]
    A list of IPs.
    issuer str
    Issuer URL, e.g. https://auth.example.com.
    jwks_uri str
    JWKS URI.
    key_id str
    Apple Key ID.
    map_user_id_to_id bool
    By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
    max_groups_to_retrieve str
    Maximum number of groups to retrieve.
    messaging_service_sid str
    SID for Copilot. Used when SMS Source is Copilot.
    metadata_url str
    The URL of the SAML metadata document.
    metadata_xml str
    The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
    mfa ConnectionOptionsMfa
    Configuration options for multifactor authentication.
    name str
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    non_persistent_attrs Sequence[str]
    If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
    password_complexity_options ConnectionOptionsPasswordComplexityOptions
    Configuration settings for password complexity.
    password_dictionary ConnectionOptionsPasswordDictionary
    Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
    password_histories Sequence[ConnectionOptionsPasswordHistory]
    Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
    password_no_personal_info ConnectionOptionsPasswordNoPersonalInfo
    Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
    password_policy str
    Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
    ping_federate_base_url str
    Ping Federate Server URL.
    pkce_enabled bool
    Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
    protocol_binding str
    The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
    provider str
    Defines the custom sms_gateway provider.
    request_template str
    Template that formats the SAML request.
    requires_username bool
    Indicates whether the user is required to provide a username in addition to an email address.
    scopes Sequence[str]
    Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
    scripts Mapping[str, str]
    A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
    set_user_root_attributes str
    Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login. Default value: on_each_login.
    should_trust_email_verified_connection str
    Choose how Auth0 sets the email_verified field in the user profile.
    sign_in_endpoint str
    SAML single login URL for the connection.
    sign_out_endpoint str
    SAML single logout URL for the connection.
    sign_saml_request bool
    When enabled, the SAML authentication request will be signed.
    signature_algorithm str
    Sign Request Algorithm.
    signing_cert str
    X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
    signing_key ConnectionOptionsSigningKey
    The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
    strategy_version int
    Version 1 is deprecated, use version 2.
    subject str
    Subject line of the email.
    syntax str
    Syntax of the template body.
    team_id str
    Apple Team ID.
    template str
    Body of the template.
    tenant_domain str
    Tenant domain name.
    token_endpoint str
    Token endpoint.
    totp ConnectionOptionsTotp
    Configuration options for one-time passwords.
    twilio_sid str
    SID for your Twilio account.
    twilio_token str
    AuthToken for your Twilio account.
    type str
    Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
    upstream_params str
    You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
    use_cert_auth bool
    Indicates whether to use cert auth or not.
    use_kerberos bool
    Indicates whether to use Kerberos or not.
    use_wsfed bool
    Whether to use WS-Fed.
    user_id_attribute str
    Attribute in the SAML token that will be mapped to the user_id property in Auth0.
    userinfo_endpoint str
    User info endpoint.
    validation ConnectionOptionsValidation
    Validation of the minimum and maximum values allowed for a user to have as username.
    waad_common_endpoint bool
    Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
    waad_protocol str
    Protocol to use.
    adfsServer String
    ADFS URL where to fetch the metadata source.
    allowedAudiences List<String>
    List of allowed audiences.
    apiEnableUsers Boolean
    Enable API Access to users.
    appId String
    App ID.
    attributeMap Property Map
    OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
    authParams Map<String>
    Query string parameters to be included as part of the generated passwordless email link.
    authorizationEndpoint String
    Authorization endpoint.
    bruteForceProtection Boolean
    Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
    clientId String
    The strategy's client ID.
    clientSecret String
    The strategy's client secret.
    communityBaseUrl String
    Salesforce community base URL.
    configuration Map<Any>
    A case-sensitive map of key value pairs used as configuration variables for the custom_script.
    connectionSettings Property Map
    Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
    customScripts Map<String>
    A map of scripts used to integrate with a custom database.
    debug Boolean
    When enabled, additional debug information will be generated.
    decryptionKey Property Map
    The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
    digestAlgorithm String
    Sign Request Algorithm Digest.
    disableCache Boolean
    Indicates whether to disable the cache or not.
    disableSelfServiceChangePassword Boolean
    Indicates whether to remove the forgot password link within the New Universal Login.
    disableSignOut Boolean
    When enabled, will disable sign out.
    disableSignup Boolean
    Indicates whether to allow user sign-ups to your application.
    discoveryUrl String
    OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
    domain String
    Domain name.
    domainAliases List<String>
    List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
    enableScriptContext Boolean
    Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
    enabledDatabaseCustomization Boolean
    Set to true to use a legacy user store.
    entityId String
    Custom Entity ID for the connection.
    fedMetadataXml String
    Federation Metadata for the ADFS connection.
    fieldsMap String
    If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
    forwardRequestInfo Boolean
    Specifies whether or not request info should be forwarded to sms gateway.
    from String
    Address to use as the sender.
    gatewayAuthentication Property Map
    Defines the parameters used to generate the auth token for the custom gateway.
    gatewayUrl String
    Defines a custom sms gateway to use instead of Twilio.
    iconUrl String
    Icon URL.
    identityApi String
    Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
    idpInitiated Property Map
    Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
    importMode Boolean
    Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
    ips List<String>
    A list of IPs.
    issuer String
    Issuer URL, e.g. https://auth.example.com.
    jwksUri String
    JWKS URI.
    keyId String
    Apple Key ID.
    mapUserIdToId Boolean
    By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
    maxGroupsToRetrieve String
    Maximum number of groups to retrieve.
    messagingServiceSid String
    SID for Copilot. Used when SMS Source is Copilot.
    metadataUrl String
    The URL of the SAML metadata document.
    metadataXml String
    The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
    mfa Property Map
    Configuration options for multifactor authentication.
    name String
    The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
    nonPersistentAttrs List<String>
    If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
    passwordComplexityOptions Property Map
    Configuration settings for password complexity.
    passwordDictionary Property Map
    Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
    passwordHistories List<Property Map>
    Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
    passwordNoPersonalInfo Property Map
    Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
    passwordPolicy String
    Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
    pingFederateBaseUrl String
    Ping Federate Server URL.
    pkceEnabled Boolean
    Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
    protocolBinding String
    The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
    provider String
    Defines the custom sms_gateway provider.
    requestTemplate String
    Template that formats the SAML request.
    requiresUsername Boolean
    Indicates whether the user is required to provide a username in addition to an email address.
    scopes List<String>
    Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
    scripts Map<String>
    A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
    setUserRootAttributes String
    Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login. Default value: on_each_login.
    shouldTrustEmailVerifiedConnection String
    Choose how Auth0 sets the email_verified field in the user profile.
    signInEndpoint String
    SAML single login URL for the connection.
    signOutEndpoint String
    SAML single logout URL for the connection.
    signSamlRequest Boolean
    When enabled, the SAML authentication request will be signed.
    signatureAlgorithm String
    Sign Request Algorithm.
    signingCert String
    X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
    signingKey Property Map
    The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
    strategyVersion Number
    Version 1 is deprecated, use version 2.
    subject String
    Subject line of the email.
    syntax String
    Syntax of the template body.
    teamId String
    Apple Team ID.
    template String
    Body of the template.
    tenantDomain String
    Tenant domain name.
    tokenEndpoint String
    Token endpoint.
    totp Property Map
    Configuration options for one-time passwords.
    twilioSid String
    SID for your Twilio account.
    twilioToken String
    AuthToken for your Twilio account.
    type String
    Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
    upstreamParams String
    You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
    useCertAuth Boolean
    Indicates whether to use cert auth or not.
    useKerberos Boolean
    Indicates whether to use Kerberos or not.
    useWsfed Boolean
    Whether to use WS-Fed.
    userIdAttribute String
    Attribute in the SAML token that will be mapped to the user_id property in Auth0.
    userinfoEndpoint String
    User info endpoint.
    validation Property Map
    Validation of the minimum and maximum values allowed for a user to have as username.
    waadCommonEndpoint Boolean
    Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
    waadProtocol String
    Protocol to use.

    ConnectionOptionsAttributeMap, ConnectionOptionsAttributeMapArgs

    MappingMode string
    Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
    Attributes string
    This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
    UserinfoScope string
    This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
    MappingMode string
    Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
    Attributes string
    This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
    UserinfoScope string
    This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
    mappingMode String
    Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
    attributes String
    This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
    userinfoScope String
    This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
    mappingMode string
    Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
    attributes string
    This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
    userinfoScope string
    This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
    mapping_mode str
    Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
    attributes str
    This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
    userinfo_scope str
    This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
    mappingMode String
    Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
    attributes String
    This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
    userinfoScope String
    This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.

    ConnectionOptionsConnectionSettings, ConnectionOptionsConnectionSettingsArgs

    Pkce string
    PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).
    Pkce string
    PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).
    pkce String
    PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).
    pkce string
    PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).
    pkce str
    PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).
    pkce String
    PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).

    ConnectionOptionsDecryptionKey, ConnectionOptionsDecryptionKeyArgs

    Cert string
    Key string
    Cert string
    Key string
    cert String
    key String
    cert string
    key string
    cert str
    key str
    cert String
    key String

    ConnectionOptionsGatewayAuthentication, ConnectionOptionsGatewayAuthenticationArgs

    Audience string
    Audience claim for the HS256 token sent to gateway_url.
    Method string
    Authentication method (default is bearer token).
    Secret string
    Secret used to sign the HS256 token sent to gateway_url.
    SecretBase64Encoded bool
    Specifies whether or not the secret is Base64-encoded.
    Subject string
    Subject claim for the HS256 token sent to gateway_url.
    Audience string
    Audience claim for the HS256 token sent to gateway_url.
    Method string
    Authentication method (default is bearer token).
    Secret string
    Secret used to sign the HS256 token sent to gateway_url.
    SecretBase64Encoded bool
    Specifies whether or not the secret is Base64-encoded.
    Subject string
    Subject claim for the HS256 token sent to gateway_url.
    audience String
    Audience claim for the HS256 token sent to gateway_url.
    method String
    Authentication method (default is bearer token).
    secret String
    Secret used to sign the HS256 token sent to gateway_url.
    secretBase64Encoded Boolean
    Specifies whether or not the secret is Base64-encoded.
    subject String
    Subject claim for the HS256 token sent to gateway_url.
    audience string
    Audience claim for the HS256 token sent to gateway_url.
    method string
    Authentication method (default is bearer token).
    secret string
    Secret used to sign the HS256 token sent to gateway_url.
    secretBase64Encoded boolean
    Specifies whether or not the secret is Base64-encoded.
    subject string
    Subject claim for the HS256 token sent to gateway_url.
    audience str
    Audience claim for the HS256 token sent to gateway_url.
    method str
    Authentication method (default is bearer token).
    secret str
    Secret used to sign the HS256 token sent to gateway_url.
    secret_base64_encoded bool
    Specifies whether or not the secret is Base64-encoded.
    subject str
    Subject claim for the HS256 token sent to gateway_url.
    audience String
    Audience claim for the HS256 token sent to gateway_url.
    method String
    Authentication method (default is bearer token).
    secret String
    Secret used to sign the HS256 token sent to gateway_url.
    secretBase64Encoded Boolean
    Specifies whether or not the secret is Base64-encoded.
    subject String
    Subject claim for the HS256 token sent to gateway_url.

    ConnectionOptionsIdpInitiated, ConnectionOptionsIdpInitiatedArgs

    ClientAuthorizeQuery string
    ClientId string
    The strategy's client ID.
    ClientProtocol string
    ClientAuthorizeQuery string
    ClientId string
    The strategy's client ID.
    ClientProtocol string
    clientAuthorizeQuery String
    clientId String
    The strategy's client ID.
    clientProtocol String
    clientAuthorizeQuery string
    clientId string
    The strategy's client ID.
    clientProtocol string
    client_authorize_query str
    client_id str
    The strategy's client ID.
    client_protocol str
    clientAuthorizeQuery String
    clientId String
    The strategy's client ID.
    clientProtocol String

    ConnectionOptionsMfa, ConnectionOptionsMfaArgs

    Active bool
    Indicates whether multifactor authentication is enabled for this connection.
    ReturnEnrollSettings bool
    Indicates whether multifactor authentication enrollment settings will be returned.
    Active bool
    Indicates whether multifactor authentication is enabled for this connection.
    ReturnEnrollSettings bool
    Indicates whether multifactor authentication enrollment settings will be returned.
    active Boolean
    Indicates whether multifactor authentication is enabled for this connection.
    returnEnrollSettings Boolean
    Indicates whether multifactor authentication enrollment settings will be returned.
    active boolean
    Indicates whether multifactor authentication is enabled for this connection.
    returnEnrollSettings boolean
    Indicates whether multifactor authentication enrollment settings will be returned.
    active bool
    Indicates whether multifactor authentication is enabled for this connection.
    return_enroll_settings bool
    Indicates whether multifactor authentication enrollment settings will be returned.
    active Boolean
    Indicates whether multifactor authentication is enabled for this connection.
    returnEnrollSettings Boolean
    Indicates whether multifactor authentication enrollment settings will be returned.

    ConnectionOptionsPasswordComplexityOptions, ConnectionOptionsPasswordComplexityOptionsArgs

    MinLength int
    Minimum number of characters allowed in passwords.
    MinLength int
    Minimum number of characters allowed in passwords.
    minLength Integer
    Minimum number of characters allowed in passwords.
    minLength number
    Minimum number of characters allowed in passwords.
    min_length int
    Minimum number of characters allowed in passwords.
    minLength Number
    Minimum number of characters allowed in passwords.

    ConnectionOptionsPasswordDictionary, ConnectionOptionsPasswordDictionaryArgs

    Dictionaries List<string>
    Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
    Enable bool
    Indicates whether the password dictionary check is enabled for this connection.
    Dictionaries []string
    Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
    Enable bool
    Indicates whether the password dictionary check is enabled for this connection.
    dictionaries List<String>
    Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
    enable Boolean
    Indicates whether the password dictionary check is enabled for this connection.
    dictionaries string[]
    Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
    enable boolean
    Indicates whether the password dictionary check is enabled for this connection.
    dictionaries Sequence[str]
    Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
    enable bool
    Indicates whether the password dictionary check is enabled for this connection.
    dictionaries List<String>
    Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
    enable Boolean
    Indicates whether the password dictionary check is enabled for this connection.

    ConnectionOptionsPasswordHistory, ConnectionOptionsPasswordHistoryArgs

    Enable bool
    Indicates whether the password dictionary check is enabled for this connection.
    Size int
    Enable bool
    Indicates whether the password dictionary check is enabled for this connection.
    Size int
    enable Boolean
    Indicates whether the password dictionary check is enabled for this connection.
    size Integer
    enable boolean
    Indicates whether the password dictionary check is enabled for this connection.
    size number
    enable bool
    Indicates whether the password dictionary check is enabled for this connection.
    size int
    enable Boolean
    Indicates whether the password dictionary check is enabled for this connection.
    size Number

    ConnectionOptionsPasswordNoPersonalInfo, ConnectionOptionsPasswordNoPersonalInfoArgs

    Enable bool
    Indicates whether the password dictionary check is enabled for this connection.
    Enable bool
    Indicates whether the password dictionary check is enabled for this connection.
    enable Boolean
    Indicates whether the password dictionary check is enabled for this connection.
    enable boolean
    Indicates whether the password dictionary check is enabled for this connection.
    enable bool
    Indicates whether the password dictionary check is enabled for this connection.
    enable Boolean
    Indicates whether the password dictionary check is enabled for this connection.

    ConnectionOptionsSigningKey, ConnectionOptionsSigningKeyArgs

    Cert string
    Key string
    Cert string
    Key string
    cert String
    key String
    cert string
    key string
    cert str
    key str
    cert String
    key String

    ConnectionOptionsTotp, ConnectionOptionsTotpArgs

    Length int
    Length of the one-time password.
    TimeStep int
    Seconds between allowed generation of new passwords.
    Length int
    Length of the one-time password.
    TimeStep int
    Seconds between allowed generation of new passwords.
    length Integer
    Length of the one-time password.
    timeStep Integer
    Seconds between allowed generation of new passwords.
    length number
    Length of the one-time password.
    timeStep number
    Seconds between allowed generation of new passwords.
    length int
    Length of the one-time password.
    time_step int
    Seconds between allowed generation of new passwords.
    length Number
    Length of the one-time password.
    timeStep Number
    Seconds between allowed generation of new passwords.

    ConnectionOptionsValidation, ConnectionOptionsValidationArgs

    Username ConnectionOptionsValidationUsername
    Specifies the min and max values of username length.
    Username ConnectionOptionsValidationUsername
    Specifies the min and max values of username length.
    username ConnectionOptionsValidationUsername
    Specifies the min and max values of username length.
    username ConnectionOptionsValidationUsername
    Specifies the min and max values of username length.
    username ConnectionOptionsValidationUsername
    Specifies the min and max values of username length.
    username Property Map
    Specifies the min and max values of username length.

    ConnectionOptionsValidationUsername, ConnectionOptionsValidationUsernameArgs

    Max int
    Min int
    Max int
    Min int
    max Integer
    min Integer
    max number
    min number
    max int
    min int
    max Number
    min Number

    Import

    This resource can be imported by specifying the connection ID.

    Example:

    $ pulumi import auth0:index/connection:Connection google "con_a17f21fdb24d48a0"
    

    Package Details

    Repository
    Auth0 pulumi/pulumi-auth0
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the auth0 Terraform Provider.
    auth0 logo
    Auth0 v3.3.1 published on Thursday, Mar 14, 2024 by Pulumi