Auth0 v3.30.0 published on Tuesday, Oct 14, 2025 by Pulumi
auth0.Connection
With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers (such as Google or LinkedIn), databases, or passwordless authentication methods. This resource allows you to configure and manage connections to be used with your clients and users.
The Auth0 dashboard displays only one connection per social provider. Although the Auth0 Management API allows the creation of multiple connections per strategy, the additional connections may not be visible in the Auth0 dashboard.
When updating the
optionsparameter, ensure that all nested fields within theoptionsschema are explicitly defined. Failing to do so may result in the loss of existing configurations.
Example Usage
Auth0 Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an Auth0 connection.
const myConnection = new auth0.Connection("my_connection", {
name: "Example-Connection",
isDomainConnection: true,
strategy: "auth0",
metadata: {
key1: "foo",
key2: "bar",
},
options: {
passwordPolicy: "excellent",
bruteForceProtection: true,
strategyVersion: 2,
enabledDatabaseCustomization: true,
importMode: false,
requiresUsername: true,
disableSignup: false,
customScripts: {
get_user: ` function getByEmail(email, callback) {
return callback(new Error("Whoops!"));
}
`,
},
configuration: {
foo: "bar",
bar: "baz",
},
upstreamParams: JSON.stringify({
screen_name: {
alias: "login_hint",
},
}),
passwordHistories: [{
enable: true,
size: 3,
}],
passwordNoPersonalInfo: {
enable: true,
},
passwordDictionary: {
enable: true,
dictionaries: [
"password",
"admin",
"1234",
],
},
passwordComplexityOptions: {
minLength: 12,
},
validation: {
username: {
min: 10,
max: 40,
},
},
mfa: {
active: true,
returnEnrollSettings: true,
},
authenticationMethods: [{
passkey: {
enabled: true,
},
password: {
enabled: true,
},
}],
passkeyOptions: {
challengeUi: "both",
localEnrollmentEnabled: true,
progressiveEnrollmentEnabled: true,
},
},
});
import pulumi
import json
import pulumi_auth0 as auth0
# This is an example of an Auth0 connection.
my_connection = auth0.Connection("my_connection",
name="Example-Connection",
is_domain_connection=True,
strategy="auth0",
metadata={
"key1": "foo",
"key2": "bar",
},
options={
"password_policy": "excellent",
"brute_force_protection": True,
"strategy_version": 2,
"enabled_database_customization": True,
"import_mode": False,
"requires_username": True,
"disable_signup": False,
"custom_scripts": {
"get_user": """ function getByEmail(email, callback) {
return callback(new Error("Whoops!"));
}
""",
},
"configuration": {
"foo": "bar",
"bar": "baz",
},
"upstream_params": json.dumps({
"screen_name": {
"alias": "login_hint",
},
}),
"password_histories": [{
"enable": True,
"size": 3,
}],
"password_no_personal_info": {
"enable": True,
},
"password_dictionary": {
"enable": True,
"dictionaries": [
"password",
"admin",
"1234",
],
},
"password_complexity_options": {
"min_length": 12,
},
"validation": {
"username": {
"min": 10,
"max": 40,
},
},
"mfa": {
"active": True,
"return_enroll_settings": True,
},
"authentication_methods": [{
"passkey": {
"enabled": True,
},
"password": {
"enabled": True,
},
}],
"passkey_options": {
"challenge_ui": "both",
"local_enrollment_enabled": True,
"progressive_enrollment_enabled": True,
},
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"screen_name": map[string]interface{}{
"alias": "login_hint",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
// This is an example of an Auth0 connection.
_, err = auth0.NewConnection(ctx, "my_connection", &auth0.ConnectionArgs{
Name: pulumi.String("Example-Connection"),
IsDomainConnection: pulumi.Bool(true),
Strategy: pulumi.String("auth0"),
Metadata: pulumi.StringMap{
"key1": pulumi.String("foo"),
"key2": pulumi.String("bar"),
},
Options: &auth0.ConnectionOptionsArgs{
PasswordPolicy: pulumi.String("excellent"),
BruteForceProtection: pulumi.Bool(true),
StrategyVersion: pulumi.Int(2),
EnabledDatabaseCustomization: pulumi.Bool(true),
ImportMode: pulumi.Bool(false),
RequiresUsername: pulumi.Bool(true),
DisableSignup: pulumi.Bool(false),
CustomScripts: pulumi.StringMap{
"get_user": pulumi.String(" function getByEmail(email, callback) {\n return callback(new Error(\"Whoops!\"));\n }\n"),
},
Configuration: pulumi.StringMap{
"foo": pulumi.String("bar"),
"bar": pulumi.String("baz"),
},
UpstreamParams: pulumi.String(json0),
PasswordHistories: auth0.ConnectionOptionsPasswordHistoryArray{
&auth0.ConnectionOptionsPasswordHistoryArgs{
Enable: pulumi.Bool(true),
Size: pulumi.Int(3),
},
},
PasswordNoPersonalInfo: &auth0.ConnectionOptionsPasswordNoPersonalInfoArgs{
Enable: pulumi.Bool(true),
},
PasswordDictionary: &auth0.ConnectionOptionsPasswordDictionaryArgs{
Enable: pulumi.Bool(true),
Dictionaries: pulumi.StringArray{
pulumi.String("password"),
pulumi.String("admin"),
pulumi.String("1234"),
},
},
PasswordComplexityOptions: &auth0.ConnectionOptionsPasswordComplexityOptionsArgs{
MinLength: pulumi.Int(12),
},
Validation: &auth0.ConnectionOptionsValidationArgs{
Username: &auth0.ConnectionOptionsValidationUsernameArgs{
Min: pulumi.Int(10),
Max: pulumi.Int(40),
},
},
Mfa: &auth0.ConnectionOptionsMfaArgs{
Active: pulumi.Bool(true),
ReturnEnrollSettings: pulumi.Bool(true),
},
AuthenticationMethods: auth0.ConnectionOptionsAuthenticationMethodArray{
&auth0.ConnectionOptionsAuthenticationMethodArgs{
Passkey: &auth0.ConnectionOptionsAuthenticationMethodPasskeyArgs{
Enabled: pulumi.Bool(true),
},
Password: &auth0.ConnectionOptionsAuthenticationMethodPasswordArgs{
Enabled: pulumi.Bool(true),
},
},
},
PasskeyOptions: &auth0.ConnectionOptionsPasskeyOptionsArgs{
ChallengeUi: pulumi.String("both"),
LocalEnrollmentEnabled: pulumi.Bool(true),
ProgressiveEnrollmentEnabled: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an Auth0 connection.
var myConnection = new Auth0.Connection("my_connection", new()
{
Name = "Example-Connection",
IsDomainConnection = true,
Strategy = "auth0",
Metadata =
{
{ "key1", "foo" },
{ "key2", "bar" },
},
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
PasswordPolicy = "excellent",
BruteForceProtection = true,
StrategyVersion = 2,
EnabledDatabaseCustomization = true,
ImportMode = false,
RequiresUsername = true,
DisableSignup = false,
CustomScripts =
{
{ "get_user", @" function getByEmail(email, callback) {
return callback(new Error(""Whoops!""));
}
" },
},
Configuration =
{
{ "foo", "bar" },
{ "bar", "baz" },
},
UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["screen_name"] = new Dictionary<string, object?>
{
["alias"] = "login_hint",
},
}),
PasswordHistories = new[]
{
new Auth0.Inputs.ConnectionOptionsPasswordHistoryArgs
{
Enable = true,
Size = 3,
},
},
PasswordNoPersonalInfo = new Auth0.Inputs.ConnectionOptionsPasswordNoPersonalInfoArgs
{
Enable = true,
},
PasswordDictionary = new Auth0.Inputs.ConnectionOptionsPasswordDictionaryArgs
{
Enable = true,
Dictionaries = new[]
{
"password",
"admin",
"1234",
},
},
PasswordComplexityOptions = new Auth0.Inputs.ConnectionOptionsPasswordComplexityOptionsArgs
{
MinLength = 12,
},
Validation = new Auth0.Inputs.ConnectionOptionsValidationArgs
{
Username = new Auth0.Inputs.ConnectionOptionsValidationUsernameArgs
{
Min = 10,
Max = 40,
},
},
Mfa = new Auth0.Inputs.ConnectionOptionsMfaArgs
{
Active = true,
ReturnEnrollSettings = true,
},
AuthenticationMethods = new[]
{
new Auth0.Inputs.ConnectionOptionsAuthenticationMethodArgs
{
Passkey = new Auth0.Inputs.ConnectionOptionsAuthenticationMethodPasskeyArgs
{
Enabled = true,
},
Password = new Auth0.Inputs.ConnectionOptionsAuthenticationMethodPasswordArgs
{
Enabled = true,
},
},
},
PasskeyOptions = new Auth0.Inputs.ConnectionOptionsPasskeyOptionsArgs
{
ChallengeUi = "both",
LocalEnrollmentEnabled = true,
ProgressiveEnrollmentEnabled = true,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsPasswordNoPersonalInfoArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsPasswordDictionaryArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsPasswordComplexityOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsValidationArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsValidationUsernameArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsMfaArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsPasskeyOptionsArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an Auth0 connection.
var myConnection = new Connection("myConnection", ConnectionArgs.builder()
.name("Example-Connection")
.isDomainConnection(true)
.strategy("auth0")
.metadata(Map.ofEntries(
Map.entry("key1", "foo"),
Map.entry("key2", "bar")
))
.options(ConnectionOptionsArgs.builder()
.passwordPolicy("excellent")
.bruteForceProtection(true)
.strategyVersion(2)
.enabledDatabaseCustomization(true)
.importMode(false)
.requiresUsername(true)
.disableSignup(false)
.customScripts(Map.of("get_user", """
function getByEmail(email, callback) {
return callback(new Error("Whoops!"));
}
"""))
.configuration(Map.ofEntries(
Map.entry("foo", "bar"),
Map.entry("bar", "baz")
))
.upstreamParams(serializeJson(
jsonObject(
jsonProperty("screen_name", jsonObject(
jsonProperty("alias", "login_hint")
))
)))
.passwordHistories(ConnectionOptionsPasswordHistoryArgs.builder()
.enable(true)
.size(3)
.build())
.passwordNoPersonalInfo(ConnectionOptionsPasswordNoPersonalInfoArgs.builder()
.enable(true)
.build())
.passwordDictionary(ConnectionOptionsPasswordDictionaryArgs.builder()
.enable(true)
.dictionaries(
"password",
"admin",
"1234")
.build())
.passwordComplexityOptions(ConnectionOptionsPasswordComplexityOptionsArgs.builder()
.minLength(12)
.build())
.validation(ConnectionOptionsValidationArgs.builder()
.username(ConnectionOptionsValidationUsernameArgs.builder()
.min(10)
.max(40)
.build())
.build())
.mfa(ConnectionOptionsMfaArgs.builder()
.active(true)
.returnEnrollSettings(true)
.build())
.authenticationMethods(ConnectionOptionsAuthenticationMethodArgs.builder()
.passkey(ConnectionOptionsAuthenticationMethodPasskeyArgs.builder()
.enabled(true)
.build())
.password(ConnectionOptionsAuthenticationMethodPasswordArgs.builder()
.enabled(true)
.build())
.build())
.passkeyOptions(ConnectionOptionsPasskeyOptionsArgs.builder()
.challengeUi("both")
.localEnrollmentEnabled(true)
.progressiveEnrollmentEnabled(true)
.build())
.build())
.build());
}
}
resources:
# This is an example of an Auth0 connection.
myConnection:
type: auth0:Connection
name: my_connection
properties:
name: Example-Connection
isDomainConnection: true
strategy: auth0
metadata:
key1: foo
key2: bar
options:
passwordPolicy: excellent
bruteForceProtection: true
strategyVersion: 2
enabledDatabaseCustomization: true
importMode: false
requiresUsername: true
disableSignup: false
customScripts:
get_user: |2
function getByEmail(email, callback) {
return callback(new Error("Whoops!"));
}
configuration:
foo: bar
bar: baz
upstreamParams:
fn::toJSON:
screen_name:
alias: login_hint
passwordHistories:
- enable: true
size: 3
passwordNoPersonalInfo:
enable: true
passwordDictionary:
enable: true
dictionaries:
- password
- admin
- '1234'
passwordComplexityOptions:
minLength: 12
validation:
username:
min: 10
max: 40
mfa:
active: true
returnEnrollSettings: true
authenticationMethods:
- passkey:
enabled: true
password:
enabled: true
passkeyOptions:
challengeUi: both
localEnrollmentEnabled: true
progressiveEnrollmentEnabled: true
Google OAuth2 Connection
Your Auth0 account may be pre-configured with a
google-oauth2connection.
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of a Google OAuth2 connection.
const googleOauth2 = new auth0.Connection("google_oauth2", {
name: "Google-OAuth2-Connection",
strategy: "google-oauth2",
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
allowedAudiences: [
"example.com",
"api.example.com",
],
scopes: [
"email",
"profile",
"gmail",
"youtube",
],
setUserRootAttributes: "on_each_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of a Google OAuth2 connection.
google_oauth2 = auth0.Connection("google_oauth2",
name="Google-OAuth2-Connection",
strategy="google-oauth2",
options={
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"allowed_audiences": [
"example.com",
"api.example.com",
],
"scopes": [
"email",
"profile",
"gmail",
"youtube",
],
"set_user_root_attributes": "on_each_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of a Google OAuth2 connection.
_, err := auth0.NewConnection(ctx, "google_oauth2", &auth0.ConnectionArgs{
Name: pulumi.String("Google-OAuth2-Connection"),
Strategy: pulumi.String("google-oauth2"),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
AllowedAudiences: pulumi.StringArray{
pulumi.String("example.com"),
pulumi.String("api.example.com"),
},
Scopes: pulumi.StringArray{
pulumi.String("email"),
pulumi.String("profile"),
pulumi.String("gmail"),
pulumi.String("youtube"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of a Google OAuth2 connection.
var googleOauth2 = new Auth0.Connection("google_oauth2", new()
{
Name = "Google-OAuth2-Connection",
Strategy = "google-oauth2",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
AllowedAudiences = new[]
{
"example.com",
"api.example.com",
},
Scopes = new[]
{
"email",
"profile",
"gmail",
"youtube",
},
SetUserRootAttributes = "on_each_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of a Google OAuth2 connection.
var googleOauth2 = new Connection("googleOauth2", ConnectionArgs.builder()
.name("Google-OAuth2-Connection")
.strategy("google-oauth2")
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.allowedAudiences(
"example.com",
"api.example.com")
.scopes(
"email",
"profile",
"gmail",
"youtube")
.setUserRootAttributes("on_each_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
# This is an example of a Google OAuth2 connection.
googleOauth2:
type: auth0:Connection
name: google_oauth2
properties:
name: Google-OAuth2-Connection
strategy: google-oauth2
options:
clientId: <client-id>
clientSecret: <client-secret>
allowedAudiences:
- example.com
- api.example.com
scopes:
- email
- profile
- gmail
- youtube
setUserRootAttributes: on_each_login
nonPersistentAttrs:
- ethnicity
- gender
Google Apps
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const googleApps = new auth0.Connection("google_apps", {
name: "connection-google-apps",
isDomainConnection: false,
strategy: "google-apps",
showAsButton: false,
options: {
clientId: "",
clientSecret: "",
domain: "example.com",
tenantDomain: "example.com",
domainAliases: [
"example.com",
"api.example.com",
],
apiEnableUsers: true,
scopes: [
"ext_profile",
"ext_groups",
],
iconUrl: "https://example.com/assets/logo.png",
upstreamParams: JSON.stringify({
screen_name: {
alias: "login_hint",
},
}),
setUserRootAttributes: "on_each_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import json
import pulumi_auth0 as auth0
google_apps = auth0.Connection("google_apps",
name="connection-google-apps",
is_domain_connection=False,
strategy="google-apps",
show_as_button=False,
options={
"client_id": "",
"client_secret": "",
"domain": "example.com",
"tenant_domain": "example.com",
"domain_aliases": [
"example.com",
"api.example.com",
],
"api_enable_users": True,
"scopes": [
"ext_profile",
"ext_groups",
],
"icon_url": "https://example.com/assets/logo.png",
"upstream_params": json.dumps({
"screen_name": {
"alias": "login_hint",
},
}),
"set_user_root_attributes": "on_each_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"screen_name": map[string]interface{}{
"alias": "login_hint",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = auth0.NewConnection(ctx, "google_apps", &auth0.ConnectionArgs{
Name: pulumi.String("connection-google-apps"),
IsDomainConnection: pulumi.Bool(false),
Strategy: pulumi.String("google-apps"),
ShowAsButton: pulumi.Bool(false),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String(""),
ClientSecret: pulumi.String(""),
Domain: pulumi.String("example.com"),
TenantDomain: pulumi.String("example.com"),
DomainAliases: pulumi.StringArray{
pulumi.String("example.com"),
pulumi.String("api.example.com"),
},
ApiEnableUsers: pulumi.Bool(true),
Scopes: pulumi.StringArray{
pulumi.String("ext_profile"),
pulumi.String("ext_groups"),
},
IconUrl: pulumi.String("https://example.com/assets/logo.png"),
UpstreamParams: pulumi.String(json0),
SetUserRootAttributes: pulumi.String("on_each_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var googleApps = new Auth0.Connection("google_apps", new()
{
Name = "connection-google-apps",
IsDomainConnection = false,
Strategy = "google-apps",
ShowAsButton = false,
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "",
ClientSecret = "",
Domain = "example.com",
TenantDomain = "example.com",
DomainAliases = new[]
{
"example.com",
"api.example.com",
},
ApiEnableUsers = true,
Scopes = new[]
{
"ext_profile",
"ext_groups",
},
IconUrl = "https://example.com/assets/logo.png",
UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["screen_name"] = new Dictionary<string, object?>
{
["alias"] = "login_hint",
},
}),
SetUserRootAttributes = "on_each_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var googleApps = new Connection("googleApps", ConnectionArgs.builder()
.name("connection-google-apps")
.isDomainConnection(false)
.strategy("google-apps")
.showAsButton(false)
.options(ConnectionOptionsArgs.builder()
.clientId("")
.clientSecret("")
.domain("example.com")
.tenantDomain("example.com")
.domainAliases(
"example.com",
"api.example.com")
.apiEnableUsers(true)
.scopes(
"ext_profile",
"ext_groups")
.iconUrl("https://example.com/assets/logo.png")
.upstreamParams(serializeJson(
jsonObject(
jsonProperty("screen_name", jsonObject(
jsonProperty("alias", "login_hint")
))
)))
.setUserRootAttributes("on_each_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
googleApps:
type: auth0:Connection
name: google_apps
properties:
name: connection-google-apps
isDomainConnection: false
strategy: google-apps
showAsButton: false
options:
clientId: ""
clientSecret: ""
domain: example.com
tenantDomain: example.com
domainAliases:
- example.com
- api.example.com
apiEnableUsers: true
scopes:
- ext_profile
- ext_groups
iconUrl: https://example.com/assets/logo.png
upstreamParams:
fn::toJSON:
screen_name:
alias: login_hint
setUserRootAttributes: on_each_login
nonPersistentAttrs:
- ethnicity
- gender
Facebook Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of a Facebook connection.
const facebook = new auth0.Connection("facebook", {
name: "Facebook-Connection",
strategy: "facebook",
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
scopes: [
"public_profile",
"email",
"groups_access_member_info",
"user_birthday",
],
setUserRootAttributes: "on_each_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of a Facebook connection.
facebook = auth0.Connection("facebook",
name="Facebook-Connection",
strategy="facebook",
options={
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"scopes": [
"public_profile",
"email",
"groups_access_member_info",
"user_birthday",
],
"set_user_root_attributes": "on_each_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of a Facebook connection.
_, err := auth0.NewConnection(ctx, "facebook", &auth0.ConnectionArgs{
Name: pulumi.String("Facebook-Connection"),
Strategy: pulumi.String("facebook"),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
Scopes: pulumi.StringArray{
pulumi.String("public_profile"),
pulumi.String("email"),
pulumi.String("groups_access_member_info"),
pulumi.String("user_birthday"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of a Facebook connection.
var facebook = new Auth0.Connection("facebook", new()
{
Name = "Facebook-Connection",
Strategy = "facebook",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
Scopes = new[]
{
"public_profile",
"email",
"groups_access_member_info",
"user_birthday",
},
SetUserRootAttributes = "on_each_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of a Facebook connection.
var facebook = new Connection("facebook", ConnectionArgs.builder()
.name("Facebook-Connection")
.strategy("facebook")
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.scopes(
"public_profile",
"email",
"groups_access_member_info",
"user_birthday")
.setUserRootAttributes("on_each_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
# This is an example of a Facebook connection.
facebook:
type: auth0:Connection
properties:
name: Facebook-Connection
strategy: facebook
options:
clientId: <client-id>
clientSecret: <client-secret>
scopes:
- public_profile
- email
- groups_access_member_info
- user_birthday
setUserRootAttributes: on_each_login
nonPersistentAttrs:
- ethnicity
- gender
Apple Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an Apple connection.
const apple = new auth0.Connection("apple", {
name: "Apple-Connection",
strategy: "apple",
options: {
clientId: "<client-id>",
clientSecret: `-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----`,
teamId: "<team-id>",
keyId: "<key-id>",
scopes: [
"email",
"name",
],
setUserRootAttributes: "on_first_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of an Apple connection.
apple = auth0.Connection("apple",
name="Apple-Connection",
strategy="apple",
options={
"client_id": "<client-id>",
"client_secret": """-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----""",
"team_id": "<team-id>",
"key_id": "<key-id>",
"scopes": [
"email",
"name",
],
"set_user_root_attributes": "on_first_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of an Apple connection.
_, err := auth0.NewConnection(ctx, "apple", &auth0.ConnectionArgs{
Name: pulumi.String("Apple-Connection"),
Strategy: pulumi.String("apple"),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("-----BEGIN PRIVATE KEY-----\nMIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA\n-----END PRIVATE KEY-----"),
TeamId: pulumi.String("<team-id>"),
KeyId: pulumi.String("<key-id>"),
Scopes: pulumi.StringArray{
pulumi.String("email"),
pulumi.String("name"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an Apple connection.
var apple = new Auth0.Connection("apple", new()
{
Name = "Apple-Connection",
Strategy = "apple",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = @"-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----",
TeamId = "<team-id>",
KeyId = "<key-id>",
Scopes = new[]
{
"email",
"name",
},
SetUserRootAttributes = "on_first_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an Apple connection.
var apple = new Connection("apple", ConnectionArgs.builder()
.name("Apple-Connection")
.strategy("apple")
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("""
-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY----- """)
.teamId("<team-id>")
.keyId("<key-id>")
.scopes(
"email",
"name")
.setUserRootAttributes("on_first_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
# This is an example of an Apple connection.
apple:
type: auth0:Connection
properties:
name: Apple-Connection
strategy: apple
options:
clientId: <client-id>
clientSecret: |-
-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----
teamId: <team-id>
keyId: <key-id>
scopes:
- email
- name
setUserRootAttributes: on_first_login
nonPersistentAttrs:
- ethnicity
- gender
LinkedIn Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an LinkedIn connection.
const linkedin = new auth0.Connection("linkedin", {
name: "Linkedin-Connection",
strategy: "linkedin",
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
strategyVersion: 2,
scopes: [
"basic_profile",
"profile",
"email",
],
setUserRootAttributes: "on_each_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of an LinkedIn connection.
linkedin = auth0.Connection("linkedin",
name="Linkedin-Connection",
strategy="linkedin",
options={
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"strategy_version": 2,
"scopes": [
"basic_profile",
"profile",
"email",
],
"set_user_root_attributes": "on_each_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of an LinkedIn connection.
_, err := auth0.NewConnection(ctx, "linkedin", &auth0.ConnectionArgs{
Name: pulumi.String("Linkedin-Connection"),
Strategy: pulumi.String("linkedin"),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
StrategyVersion: pulumi.Int(2),
Scopes: pulumi.StringArray{
pulumi.String("basic_profile"),
pulumi.String("profile"),
pulumi.String("email"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an LinkedIn connection.
var linkedin = new Auth0.Connection("linkedin", new()
{
Name = "Linkedin-Connection",
Strategy = "linkedin",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
StrategyVersion = 2,
Scopes = new[]
{
"basic_profile",
"profile",
"email",
},
SetUserRootAttributes = "on_each_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an LinkedIn connection.
var linkedin = new Connection("linkedin", ConnectionArgs.builder()
.name("Linkedin-Connection")
.strategy("linkedin")
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.strategyVersion(2)
.scopes(
"basic_profile",
"profile",
"email")
.setUserRootAttributes("on_each_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
# This is an example of an LinkedIn connection.
linkedin:
type: auth0:Connection
properties:
name: Linkedin-Connection
strategy: linkedin
options:
clientId: <client-id>
clientSecret: <client-secret>
strategyVersion: 2
scopes:
- basic_profile
- profile
- email
setUserRootAttributes: on_each_login
nonPersistentAttrs:
- ethnicity
- gender
GitHub Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an GitHub connection.
const github = new auth0.Connection("github", {
name: "GitHub-Connection",
strategy: "github",
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
scopes: [
"email",
"profile",
"public_repo",
"repo",
],
setUserRootAttributes: "on_each_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of an GitHub connection.
github = auth0.Connection("github",
name="GitHub-Connection",
strategy="github",
options={
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"scopes": [
"email",
"profile",
"public_repo",
"repo",
],
"set_user_root_attributes": "on_each_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of an GitHub connection.
_, err := auth0.NewConnection(ctx, "github", &auth0.ConnectionArgs{
Name: pulumi.String("GitHub-Connection"),
Strategy: pulumi.String("github"),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
Scopes: pulumi.StringArray{
pulumi.String("email"),
pulumi.String("profile"),
pulumi.String("public_repo"),
pulumi.String("repo"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an GitHub connection.
var github = new Auth0.Connection("github", new()
{
Name = "GitHub-Connection",
Strategy = "github",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
Scopes = new[]
{
"email",
"profile",
"public_repo",
"repo",
},
SetUserRootAttributes = "on_each_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an GitHub connection.
var github = new Connection("github", ConnectionArgs.builder()
.name("GitHub-Connection")
.strategy("github")
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.scopes(
"email",
"profile",
"public_repo",
"repo")
.setUserRootAttributes("on_each_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
# This is an example of an GitHub connection.
github:
type: auth0:Connection
properties:
name: GitHub-Connection
strategy: github
options:
clientId: <client-id>
clientSecret: <client-secret>
scopes:
- email
- profile
- public_repo
- repo
setUserRootAttributes: on_each_login
nonPersistentAttrs:
- ethnicity
- gender
SalesForce Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an SalesForce connection.
const salesforce = new auth0.Connection("salesforce", {
name: "Salesforce-Connection",
strategy: "salesforce",
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
communityBaseUrl: "https://salesforce.example.com",
scopes: [
"openid",
"email",
],
setUserRootAttributes: "on_first_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of an SalesForce connection.
salesforce = auth0.Connection("salesforce",
name="Salesforce-Connection",
strategy="salesforce",
options={
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"community_base_url": "https://salesforce.example.com",
"scopes": [
"openid",
"email",
],
"set_user_root_attributes": "on_first_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of an SalesForce connection.
_, err := auth0.NewConnection(ctx, "salesforce", &auth0.ConnectionArgs{
Name: pulumi.String("Salesforce-Connection"),
Strategy: pulumi.String("salesforce"),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
CommunityBaseUrl: pulumi.String("https://salesforce.example.com"),
Scopes: pulumi.StringArray{
pulumi.String("openid"),
pulumi.String("email"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an SalesForce connection.
var salesforce = new Auth0.Connection("salesforce", new()
{
Name = "Salesforce-Connection",
Strategy = "salesforce",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
CommunityBaseUrl = "https://salesforce.example.com",
Scopes = new[]
{
"openid",
"email",
},
SetUserRootAttributes = "on_first_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an SalesForce connection.
var salesforce = new Connection("salesforce", ConnectionArgs.builder()
.name("Salesforce-Connection")
.strategy("salesforce")
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.communityBaseUrl("https://salesforce.example.com")
.scopes(
"openid",
"email")
.setUserRootAttributes("on_first_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
# This is an example of an SalesForce connection.
salesforce:
type: auth0:Connection
properties:
name: Salesforce-Connection
strategy: salesforce
options:
clientId: <client-id>
clientSecret: <client-secret>
communityBaseUrl: https://salesforce.example.com
scopes:
- openid
- email
setUserRootAttributes: on_first_login
nonPersistentAttrs:
- ethnicity
- gender
OAuth2 Connection
Also applies to following connection strategies: dropbox, bitbucket, paypal, twitter, amazon, yahoo, box, wordpress, shopify, custom
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an OAuth2 connection.
const oauth2 = new auth0.Connection("oauth2", {
name: "OAuth2-Connection",
strategy: "oauth2",
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
strategyVersion: 2,
scopes: [
"basic_profile",
"profile",
"email",
],
tokenEndpoint: "https://auth.example.com/oauth2/token",
authorizationEndpoint: "https://auth.example.com/oauth2/authorize",
pkceEnabled: true,
iconUrl: "https://auth.example.com/assets/logo.png",
customHeaders: [
{
header: "bar",
value: "foo",
},
{
header: "foo",
value: "bar",
},
],
scripts: {
fetchUserProfile: ` function fetchUserProfile(accessToken, context, callback) {
return callback(new Error("Whoops!"));
}
`,
},
setUserRootAttributes: "on_each_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of an OAuth2 connection.
oauth2 = auth0.Connection("oauth2",
name="OAuth2-Connection",
strategy="oauth2",
options={
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"strategy_version": 2,
"scopes": [
"basic_profile",
"profile",
"email",
],
"token_endpoint": "https://auth.example.com/oauth2/token",
"authorization_endpoint": "https://auth.example.com/oauth2/authorize",
"pkce_enabled": True,
"icon_url": "https://auth.example.com/assets/logo.png",
"custom_headers": [
{
"header": "bar",
"value": "foo",
},
{
"header": "foo",
"value": "bar",
},
],
"scripts": {
"fetchUserProfile": """ function fetchUserProfile(accessToken, context, callback) {
return callback(new Error("Whoops!"));
}
""",
},
"set_user_root_attributes": "on_each_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of an OAuth2 connection.
_, err := auth0.NewConnection(ctx, "oauth2", &auth0.ConnectionArgs{
Name: pulumi.String("OAuth2-Connection"),
Strategy: pulumi.String("oauth2"),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
StrategyVersion: pulumi.Int(2),
Scopes: pulumi.StringArray{
pulumi.String("basic_profile"),
pulumi.String("profile"),
pulumi.String("email"),
},
TokenEndpoint: pulumi.String("https://auth.example.com/oauth2/token"),
AuthorizationEndpoint: pulumi.String("https://auth.example.com/oauth2/authorize"),
PkceEnabled: pulumi.Bool(true),
IconUrl: pulumi.String("https://auth.example.com/assets/logo.png"),
CustomHeaders: auth0.ConnectionOptionsCustomHeaderArray{
&auth0.ConnectionOptionsCustomHeaderArgs{
Header: pulumi.String("bar"),
Value: pulumi.String("foo"),
},
&auth0.ConnectionOptionsCustomHeaderArgs{
Header: pulumi.String("foo"),
Value: pulumi.String("bar"),
},
},
Scripts: pulumi.StringMap{
"fetchUserProfile": pulumi.String(" function fetchUserProfile(accessToken, context, callback) {\n return callback(new Error(\"Whoops!\"));\n }\n"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an OAuth2 connection.
var oauth2 = new Auth0.Connection("oauth2", new()
{
Name = "OAuth2-Connection",
Strategy = "oauth2",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
StrategyVersion = 2,
Scopes = new[]
{
"basic_profile",
"profile",
"email",
},
TokenEndpoint = "https://auth.example.com/oauth2/token",
AuthorizationEndpoint = "https://auth.example.com/oauth2/authorize",
PkceEnabled = true,
IconUrl = "https://auth.example.com/assets/logo.png",
CustomHeaders = new[]
{
new Auth0.Inputs.ConnectionOptionsCustomHeaderArgs
{
Header = "bar",
Value = "foo",
},
new Auth0.Inputs.ConnectionOptionsCustomHeaderArgs
{
Header = "foo",
Value = "bar",
},
},
Scripts =
{
{ "fetchUserProfile", @" function fetchUserProfile(accessToken, context, callback) {
return callback(new Error(""Whoops!""));
}
" },
},
SetUserRootAttributes = "on_each_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an OAuth2 connection.
var oauth2 = new Connection("oauth2", ConnectionArgs.builder()
.name("OAuth2-Connection")
.strategy("oauth2")
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.strategyVersion(2)
.scopes(
"basic_profile",
"profile",
"email")
.tokenEndpoint("https://auth.example.com/oauth2/token")
.authorizationEndpoint("https://auth.example.com/oauth2/authorize")
.pkceEnabled(true)
.iconUrl("https://auth.example.com/assets/logo.png")
.customHeaders(
ConnectionOptionsCustomHeaderArgs.builder()
.header("bar")
.value("foo")
.build(),
ConnectionOptionsCustomHeaderArgs.builder()
.header("foo")
.value("bar")
.build())
.scripts(Map.of("fetchUserProfile", """
function fetchUserProfile(accessToken, context, callback) {
return callback(new Error("Whoops!"));
}
"""))
.setUserRootAttributes("on_each_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
# This is an example of an OAuth2 connection.
oauth2:
type: auth0:Connection
properties:
name: OAuth2-Connection
strategy: oauth2
options:
clientId: <client-id>
clientSecret: <client-secret>
strategyVersion: 2
scopes:
- basic_profile
- profile
- email
tokenEndpoint: https://auth.example.com/oauth2/token
authorizationEndpoint: https://auth.example.com/oauth2/authorize
pkceEnabled: true
iconUrl: https://auth.example.com/assets/logo.png
customHeaders:
- header: bar
value: foo
- header: foo
value: bar
scripts:
fetchUserProfile: |2
function fetchUserProfile(accessToken, context, callback) {
return callback(new Error("Whoops!"));
}
setUserRootAttributes: on_each_login
nonPersistentAttrs:
- ethnicity
- gender
Active Directory (AD)
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const ad = new auth0.Connection("ad", {
name: "connection-active-directory",
displayName: "Active Directory Connection",
strategy: "ad",
showAsButton: true,
options: {
disableSelfServiceChangePassword: true,
bruteForceProtection: true,
tenantDomain: "example.com",
strategyVersion: 2,
iconUrl: "https://example.com/assets/logo.png",
domainAliases: [
"example.com",
"api.example.com",
],
ips: [
"192.168.1.1",
"192.168.1.2",
],
setUserRootAttributes: "on_each_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
upstreamParams: JSON.stringify({
screen_name: {
alias: "login_hint",
},
}),
useCertAuth: false,
useKerberos: false,
disableCache: false,
},
});
import pulumi
import json
import pulumi_auth0 as auth0
ad = auth0.Connection("ad",
name="connection-active-directory",
display_name="Active Directory Connection",
strategy="ad",
show_as_button=True,
options={
"disable_self_service_change_password": True,
"brute_force_protection": True,
"tenant_domain": "example.com",
"strategy_version": 2,
"icon_url": "https://example.com/assets/logo.png",
"domain_aliases": [
"example.com",
"api.example.com",
],
"ips": [
"192.168.1.1",
"192.168.1.2",
],
"set_user_root_attributes": "on_each_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
"upstream_params": json.dumps({
"screen_name": {
"alias": "login_hint",
},
}),
"use_cert_auth": False,
"use_kerberos": False,
"disable_cache": False,
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"screen_name": map[string]interface{}{
"alias": "login_hint",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = auth0.NewConnection(ctx, "ad", &auth0.ConnectionArgs{
Name: pulumi.String("connection-active-directory"),
DisplayName: pulumi.String("Active Directory Connection"),
Strategy: pulumi.String("ad"),
ShowAsButton: pulumi.Bool(true),
Options: &auth0.ConnectionOptionsArgs{
DisableSelfServiceChangePassword: pulumi.Bool(true),
BruteForceProtection: pulumi.Bool(true),
TenantDomain: pulumi.String("example.com"),
StrategyVersion: pulumi.Int(2),
IconUrl: pulumi.String("https://example.com/assets/logo.png"),
DomainAliases: pulumi.StringArray{
pulumi.String("example.com"),
pulumi.String("api.example.com"),
},
Ips: pulumi.StringArray{
pulumi.String("192.168.1.1"),
pulumi.String("192.168.1.2"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
UpstreamParams: pulumi.String(json0),
UseCertAuth: pulumi.Bool(false),
UseKerberos: pulumi.Bool(false),
DisableCache: pulumi.Bool(false),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var ad = new Auth0.Connection("ad", new()
{
Name = "connection-active-directory",
DisplayName = "Active Directory Connection",
Strategy = "ad",
ShowAsButton = true,
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
DisableSelfServiceChangePassword = true,
BruteForceProtection = true,
TenantDomain = "example.com",
StrategyVersion = 2,
IconUrl = "https://example.com/assets/logo.png",
DomainAliases = new[]
{
"example.com",
"api.example.com",
},
Ips = new[]
{
"192.168.1.1",
"192.168.1.2",
},
SetUserRootAttributes = "on_each_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["screen_name"] = new Dictionary<string, object?>
{
["alias"] = "login_hint",
},
}),
UseCertAuth = false,
UseKerberos = false,
DisableCache = false,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var ad = new Connection("ad", ConnectionArgs.builder()
.name("connection-active-directory")
.displayName("Active Directory Connection")
.strategy("ad")
.showAsButton(true)
.options(ConnectionOptionsArgs.builder()
.disableSelfServiceChangePassword(true)
.bruteForceProtection(true)
.tenantDomain("example.com")
.strategyVersion(2)
.iconUrl("https://example.com/assets/logo.png")
.domainAliases(
"example.com",
"api.example.com")
.ips(
"192.168.1.1",
"192.168.1.2")
.setUserRootAttributes("on_each_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.upstreamParams(serializeJson(
jsonObject(
jsonProperty("screen_name", jsonObject(
jsonProperty("alias", "login_hint")
))
)))
.useCertAuth(false)
.useKerberos(false)
.disableCache(false)
.build())
.build());
}
}
resources:
ad:
type: auth0:Connection
properties:
name: connection-active-directory
displayName: Active Directory Connection
strategy: ad
showAsButton: true
options:
disableSelfServiceChangePassword: true
bruteForceProtection: true
tenantDomain: example.com
strategyVersion: 2
iconUrl: https://example.com/assets/logo.png
domainAliases:
- example.com
- api.example.com
ips:
- 192.168.1.1
- 192.168.1.2
setUserRootAttributes: on_each_login
nonPersistentAttrs:
- ethnicity
- gender
upstreamParams:
fn::toJSON:
screen_name:
alias: login_hint
useCertAuth: false
useKerberos: false
disableCache: false
Azure AD Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const azureAd = new auth0.Connection("azure_ad", {
name: "connection-azure-ad",
strategy: "waad",
showAsButton: true,
options: {
identityApi: "azure-active-directory-v1.0",
clientId: "123456",
clientSecret: "123456",
strategyVersion: 2,
userIdAttribute: "oid",
appId: "app-id-123",
tenantDomain: "example.onmicrosoft.com",
domain: "example.onmicrosoft.com",
domainAliases: [
"example.com",
"api.example.com",
],
iconUrl: "https://example.onmicrosoft.com/assets/logo.png",
useWsfed: false,
waadProtocol: "openid-connect",
waadCommonEndpoint: false,
maxGroupsToRetrieve: "250",
apiEnableUsers: true,
scopes: [
"basic_profile",
"ext_groups",
"ext_profile",
],
setUserRootAttributes: "on_each_login",
shouldTrustEmailVerifiedConnection: "never_set_emails_as_verified",
upstreamParams: JSON.stringify({
screen_name: {
alias: "login_hint",
},
}),
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import json
import pulumi_auth0 as auth0
azure_ad = auth0.Connection("azure_ad",
name="connection-azure-ad",
strategy="waad",
show_as_button=True,
options={
"identity_api": "azure-active-directory-v1.0",
"client_id": "123456",
"client_secret": "123456",
"strategy_version": 2,
"user_id_attribute": "oid",
"app_id": "app-id-123",
"tenant_domain": "example.onmicrosoft.com",
"domain": "example.onmicrosoft.com",
"domain_aliases": [
"example.com",
"api.example.com",
],
"icon_url": "https://example.onmicrosoft.com/assets/logo.png",
"use_wsfed": False,
"waad_protocol": "openid-connect",
"waad_common_endpoint": False,
"max_groups_to_retrieve": "250",
"api_enable_users": True,
"scopes": [
"basic_profile",
"ext_groups",
"ext_profile",
],
"set_user_root_attributes": "on_each_login",
"should_trust_email_verified_connection": "never_set_emails_as_verified",
"upstream_params": json.dumps({
"screen_name": {
"alias": "login_hint",
},
}),
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"screen_name": map[string]interface{}{
"alias": "login_hint",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = auth0.NewConnection(ctx, "azure_ad", &auth0.ConnectionArgs{
Name: pulumi.String("connection-azure-ad"),
Strategy: pulumi.String("waad"),
ShowAsButton: pulumi.Bool(true),
Options: &auth0.ConnectionOptionsArgs{
IdentityApi: pulumi.String("azure-active-directory-v1.0"),
ClientId: pulumi.String("123456"),
ClientSecret: pulumi.String("123456"),
StrategyVersion: pulumi.Int(2),
UserIdAttribute: pulumi.String("oid"),
AppId: pulumi.String("app-id-123"),
TenantDomain: pulumi.String("example.onmicrosoft.com"),
Domain: pulumi.String("example.onmicrosoft.com"),
DomainAliases: pulumi.StringArray{
pulumi.String("example.com"),
pulumi.String("api.example.com"),
},
IconUrl: pulumi.String("https://example.onmicrosoft.com/assets/logo.png"),
UseWsfed: pulumi.Bool(false),
WaadProtocol: pulumi.String("openid-connect"),
WaadCommonEndpoint: pulumi.Bool(false),
MaxGroupsToRetrieve: pulumi.String("250"),
ApiEnableUsers: pulumi.Bool(true),
Scopes: pulumi.StringArray{
pulumi.String("basic_profile"),
pulumi.String("ext_groups"),
pulumi.String("ext_profile"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
ShouldTrustEmailVerifiedConnection: pulumi.String("never_set_emails_as_verified"),
UpstreamParams: pulumi.String(json0),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var azureAd = new Auth0.Connection("azure_ad", new()
{
Name = "connection-azure-ad",
Strategy = "waad",
ShowAsButton = true,
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
IdentityApi = "azure-active-directory-v1.0",
ClientId = "123456",
ClientSecret = "123456",
StrategyVersion = 2,
UserIdAttribute = "oid",
AppId = "app-id-123",
TenantDomain = "example.onmicrosoft.com",
Domain = "example.onmicrosoft.com",
DomainAliases = new[]
{
"example.com",
"api.example.com",
},
IconUrl = "https://example.onmicrosoft.com/assets/logo.png",
UseWsfed = false,
WaadProtocol = "openid-connect",
WaadCommonEndpoint = false,
MaxGroupsToRetrieve = "250",
ApiEnableUsers = true,
Scopes = new[]
{
"basic_profile",
"ext_groups",
"ext_profile",
},
SetUserRootAttributes = "on_each_login",
ShouldTrustEmailVerifiedConnection = "never_set_emails_as_verified",
UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["screen_name"] = new Dictionary<string, object?>
{
["alias"] = "login_hint",
},
}),
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azureAd = new Connection("azureAd", ConnectionArgs.builder()
.name("connection-azure-ad")
.strategy("waad")
.showAsButton(true)
.options(ConnectionOptionsArgs.builder()
.identityApi("azure-active-directory-v1.0")
.clientId("123456")
.clientSecret("123456")
.strategyVersion(2)
.userIdAttribute("oid")
.appId("app-id-123")
.tenantDomain("example.onmicrosoft.com")
.domain("example.onmicrosoft.com")
.domainAliases(
"example.com",
"api.example.com")
.iconUrl("https://example.onmicrosoft.com/assets/logo.png")
.useWsfed(false)
.waadProtocol("openid-connect")
.waadCommonEndpoint(false)
.maxGroupsToRetrieve("250")
.apiEnableUsers(true)
.scopes(
"basic_profile",
"ext_groups",
"ext_profile")
.setUserRootAttributes("on_each_login")
.shouldTrustEmailVerifiedConnection("never_set_emails_as_verified")
.upstreamParams(serializeJson(
jsonObject(
jsonProperty("screen_name", jsonObject(
jsonProperty("alias", "login_hint")
))
)))
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
azureAd:
type: auth0:Connection
name: azure_ad
properties:
name: connection-azure-ad
strategy: waad
showAsButton: true
options:
identityApi: azure-active-directory-v1.0
clientId: '123456'
clientSecret: '123456'
strategyVersion: 2
userIdAttribute: oid
appId: app-id-123
tenantDomain: example.onmicrosoft.com
domain: example.onmicrosoft.com
domainAliases:
- example.com
- api.example.com
iconUrl: https://example.onmicrosoft.com/assets/logo.png
useWsfed: false
waadProtocol: openid-connect
waadCommonEndpoint: false
maxGroupsToRetrieve: 250
apiEnableUsers: true
scopes:
- basic_profile
- ext_groups
- ext_profile
setUserRootAttributes: on_each_login
shouldTrustEmailVerifiedConnection: never_set_emails_as_verified
upstreamParams:
fn::toJSON:
screen_name:
alias: login_hint
nonPersistentAttrs:
- ethnicity
- gender
Email Connection
To be able to see this in the management dashboard as well, the name of the connection must be set to “email”.
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an Email connection.
const passwordlessEmail = new auth0.Connection("passwordless_email", {
strategy: "email",
name: "email",
options: {
name: "email",
from: "{{ application.name }} <root@auth0.com>",
subject: "Welcome to {{ application.name }}",
syntax: "liquid",
template: "<html>This is the body of the email</html>",
disableSignup: false,
bruteForceProtection: true,
setUserRootAttributes: "on_each_login",
nonPersistentAttrs: [],
authParams: {
scope: "openid email profile offline_access",
response_type: "code",
},
totp: {
timeStep: 300,
length: 6,
},
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of an Email connection.
passwordless_email = auth0.Connection("passwordless_email",
strategy="email",
name="email",
options={
"name": "email",
"from_": "{{ application.name }} <root@auth0.com>",
"subject": "Welcome to {{ application.name }}",
"syntax": "liquid",
"template": "<html>This is the body of the email</html>",
"disable_signup": False,
"brute_force_protection": True,
"set_user_root_attributes": "on_each_login",
"non_persistent_attrs": [],
"auth_params": {
"scope": "openid email profile offline_access",
"response_type": "code",
},
"totp": {
"time_step": 300,
"length": 6,
},
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of an Email connection.
_, err := auth0.NewConnection(ctx, "passwordless_email", &auth0.ConnectionArgs{
Strategy: pulumi.String("email"),
Name: pulumi.String("email"),
Options: &auth0.ConnectionOptionsArgs{
Name: pulumi.String("email"),
From: pulumi.String("{{ application.name }} <root@auth0.com>"),
Subject: pulumi.String("Welcome to {{ application.name }}"),
Syntax: pulumi.String("liquid"),
Template: pulumi.String("<html>This is the body of the email</html>"),
DisableSignup: pulumi.Bool(false),
BruteForceProtection: pulumi.Bool(true),
SetUserRootAttributes: pulumi.String("on_each_login"),
NonPersistentAttrs: pulumi.StringArray{},
AuthParams: pulumi.StringMap{
"scope": pulumi.String("openid email profile offline_access"),
"response_type": pulumi.String("code"),
},
Totp: &auth0.ConnectionOptionsTotpArgs{
TimeStep: pulumi.Int(300),
Length: pulumi.Int(6),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an Email connection.
var passwordlessEmail = new Auth0.Connection("passwordless_email", new()
{
Strategy = "email",
Name = "email",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
Name = "email",
From = "{{ application.name }} <root@auth0.com>",
Subject = "Welcome to {{ application.name }}",
Syntax = "liquid",
Template = "<html>This is the body of the email</html>",
DisableSignup = false,
BruteForceProtection = true,
SetUserRootAttributes = "on_each_login",
NonPersistentAttrs = new() { },
AuthParams =
{
{ "scope", "openid email profile offline_access" },
{ "response_type", "code" },
},
Totp = new Auth0.Inputs.ConnectionOptionsTotpArgs
{
TimeStep = 300,
Length = 6,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsTotpArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an Email connection.
var passwordlessEmail = new Connection("passwordlessEmail", ConnectionArgs.builder()
.strategy("email")
.name("email")
.options(ConnectionOptionsArgs.builder()
.name("email")
.from("{{ application.name }} <root@auth0.com>")
.subject("Welcome to {{ application.name }}")
.syntax("liquid")
.template("<html>This is the body of the email</html>")
.disableSignup(false)
.bruteForceProtection(true)
.setUserRootAttributes("on_each_login")
.nonPersistentAttrs()
.authParams(Map.ofEntries(
Map.entry("scope", "openid email profile offline_access"),
Map.entry("response_type", "code")
))
.totp(ConnectionOptionsTotpArgs.builder()
.timeStep(300)
.length(6)
.build())
.build())
.build());
}
}
resources:
# This is an example of an Email connection.
passwordlessEmail:
type: auth0:Connection
name: passwordless_email
properties:
strategy: email
name: email
options:
name: email
from: '{{ application.name }} <root@auth0.com>'
subject: Welcome to {{ application.name }}
syntax: liquid
template: <html>This is the body of the email</html>
disableSignup: false
bruteForceProtection: true
setUserRootAttributes: on_each_login
nonPersistentAttrs: []
authParams:
scope: openid email profile offline_access
response_type: code
totp:
timeStep: 300
length: 6
SAML Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of a SAML connection.
const samlp = new auth0.Connection("samlp", {
name: "SAML-Connection",
strategy: "samlp",
options: {
debug: false,
signingCert: "<signing-certificate>",
signInEndpoint: "https://saml.provider/sign_in",
signOutEndpoint: "https://saml.provider/sign_out",
globalTokenRevocationJwtIss: "issuer.example.com",
globalTokenRevocationJwtSub: "user123",
disableSignOut: true,
strategyVersion: 2,
tenantDomain: "example.com",
domainAliases: [
"example.com",
"alias.example.com",
],
protocolBinding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
requestTemplate: `<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
ID="@@ID@@"
IssueInstant="@@IssueInstant@@"
ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>`,
userIdAttribute: "https://saml.provider/imi/ns/identity-200810",
signatureAlgorithm: "rsa-sha256",
digestAlgorithm: "sha256",
iconUrl: "https://saml.provider/assets/logo.png",
entityId: "<entity_id>",
metadataXml: ` <?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
`,
metadataUrl: "https://saml.provider/imi/ns/FederationMetadata.xml",
fieldsMap: JSON.stringify({
name: [
"name",
"nameidentifier",
],
email: [
"emailaddress",
"nameidentifier",
],
family_name: "surname",
}),
signingKey: {
key: `-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----`,
cert: `-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----`,
},
decryptionKey: {
key: `-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----`,
cert: `-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----`,
},
idpInitiated: {
clientId: "client_id",
clientProtocol: "samlp",
clientAuthorizeQuery: "type=code&timeout=30",
},
},
});
import pulumi
import json
import pulumi_auth0 as auth0
# This is an example of a SAML connection.
samlp = auth0.Connection("samlp",
name="SAML-Connection",
strategy="samlp",
options={
"debug": False,
"signing_cert": "<signing-certificate>",
"sign_in_endpoint": "https://saml.provider/sign_in",
"sign_out_endpoint": "https://saml.provider/sign_out",
"global_token_revocation_jwt_iss": "issuer.example.com",
"global_token_revocation_jwt_sub": "user123",
"disable_sign_out": True,
"strategy_version": 2,
"tenant_domain": "example.com",
"domain_aliases": [
"example.com",
"alias.example.com",
],
"protocol_binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"request_template": """<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
ID="@@ID@@"
IssueInstant="@@IssueInstant@@"
ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>""",
"user_id_attribute": "https://saml.provider/imi/ns/identity-200810",
"signature_algorithm": "rsa-sha256",
"digest_algorithm": "sha256",
"icon_url": "https://saml.provider/assets/logo.png",
"entity_id": "<entity_id>",
"metadata_xml": """ <?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
""",
"metadata_url": "https://saml.provider/imi/ns/FederationMetadata.xml",
"fields_map": json.dumps({
"name": [
"name",
"nameidentifier",
],
"email": [
"emailaddress",
"nameidentifier",
],
"family_name": "surname",
}),
"signing_key": {
"key": """-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----""",
"cert": """-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----""",
},
"decryption_key": {
"key": """-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----""",
"cert": """-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----""",
},
"idp_initiated": {
"client_id": "client_id",
"client_protocol": "samlp",
"client_authorize_query": "type=code&timeout=30",
},
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"name": []string{
"name",
"nameidentifier",
},
"email": []string{
"emailaddress",
"nameidentifier",
},
"family_name": "surname",
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
// This is an example of a SAML connection.
_, err = auth0.NewConnection(ctx, "samlp", &auth0.ConnectionArgs{
Name: pulumi.String("SAML-Connection"),
Strategy: pulumi.String("samlp"),
Options: &auth0.ConnectionOptionsArgs{
Debug: pulumi.Bool(false),
SigningCert: pulumi.String("<signing-certificate>"),
SignInEndpoint: pulumi.String("https://saml.provider/sign_in"),
SignOutEndpoint: pulumi.String("https://saml.provider/sign_out"),
GlobalTokenRevocationJwtIss: pulumi.String("issuer.example.com"),
GlobalTokenRevocationJwtSub: pulumi.String("user123"),
DisableSignOut: pulumi.Bool(true),
StrategyVersion: pulumi.Int(2),
TenantDomain: pulumi.String("example.com"),
DomainAliases: pulumi.StringArray{
pulumi.String("example.com"),
pulumi.String("alias.example.com"),
},
ProtocolBinding: pulumi.String("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"),
RequestTemplate: pulumi.String(`<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
ID="@@ID@@"
IssueInstant="@@IssueInstant@@"
ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>`),
UserIdAttribute: pulumi.String("https://saml.provider/imi/ns/identity-200810"),
SignatureAlgorithm: pulumi.String("rsa-sha256"),
DigestAlgorithm: pulumi.String("sha256"),
IconUrl: pulumi.String("https://saml.provider/assets/logo.png"),
EntityId: pulumi.String("<entity_id>"),
MetadataXml: pulumi.String(` <?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
`),
MetadataUrl: pulumi.String("https://saml.provider/imi/ns/FederationMetadata.xml"),
FieldsMap: pulumi.String(json0),
SigningKey: &auth0.ConnectionOptionsSigningKeyArgs{
Key: pulumi.String("-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"),
Cert: pulumi.String("-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"),
},
DecryptionKey: &auth0.ConnectionOptionsDecryptionKeyArgs{
Key: pulumi.String("-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"),
Cert: pulumi.String("-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"),
},
IdpInitiated: &auth0.ConnectionOptionsIdpInitiatedArgs{
ClientId: pulumi.String("client_id"),
ClientProtocol: pulumi.String("samlp"),
ClientAuthorizeQuery: pulumi.String("type=code&timeout=30"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of a SAML connection.
var samlp = new Auth0.Connection("samlp", new()
{
Name = "SAML-Connection",
Strategy = "samlp",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
Debug = false,
SigningCert = "<signing-certificate>",
SignInEndpoint = "https://saml.provider/sign_in",
SignOutEndpoint = "https://saml.provider/sign_out",
GlobalTokenRevocationJwtIss = "issuer.example.com",
GlobalTokenRevocationJwtSub = "user123",
DisableSignOut = true,
StrategyVersion = 2,
TenantDomain = "example.com",
DomainAliases = new[]
{
"example.com",
"alias.example.com",
},
ProtocolBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
RequestTemplate = @"<samlp:AuthnRequest xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol""
@@AssertServiceURLAndDestination@@
ID=""@@ID@@""
IssueInstant=""@@IssueInstant@@""
ProtocolBinding=""@@ProtocolBinding@@"" Version=""2.0"">
<saml:Issuer xmlns:saml=""urn:oasis:names:tc:SAML:2.0:assertion"">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>",
UserIdAttribute = "https://saml.provider/imi/ns/identity-200810",
SignatureAlgorithm = "rsa-sha256",
DigestAlgorithm = "sha256",
IconUrl = "https://saml.provider/assets/logo.png",
EntityId = "<entity_id>",
MetadataXml = @" <?xml version=""1.0""?>
<md:EntityDescriptor xmlns:md=""urn:oasis:names:tc:SAML:2.0:metadata"" xmlns:ds=""http://www.w3.org/2000/09/xmldsig#"" entityID=""https://example.com"">
<md:IDPSSODescriptor protocolSupportEnumeration=""urn:oasis:names:tc:SAML:2.0:protocol"">
<md:SingleLogoutService Binding=""urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"" Location=""https://saml.provider/sign_out""/>
<md:SingleSignOnService Binding=""urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"" Location=""https://saml.provider/sign_in""/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
",
MetadataUrl = "https://saml.provider/imi/ns/FederationMetadata.xml",
FieldsMap = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["name"] = new[]
{
"name",
"nameidentifier",
},
["email"] = new[]
{
"emailaddress",
"nameidentifier",
},
["family_name"] = "surname",
}),
SigningKey = new Auth0.Inputs.ConnectionOptionsSigningKeyArgs
{
Key = @"-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----",
Cert = @"-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----",
},
DecryptionKey = new Auth0.Inputs.ConnectionOptionsDecryptionKeyArgs
{
Key = @"-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----",
Cert = @"-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----",
},
IdpInitiated = new Auth0.Inputs.ConnectionOptionsIdpInitiatedArgs
{
ClientId = "client_id",
ClientProtocol = "samlp",
ClientAuthorizeQuery = "type=code&timeout=30",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsSigningKeyArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsDecryptionKeyArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsIdpInitiatedArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of a SAML connection.
var samlp = new Connection("samlp", ConnectionArgs.builder()
.name("SAML-Connection")
.strategy("samlp")
.options(ConnectionOptionsArgs.builder()
.debug(false)
.signingCert("<signing-certificate>")
.signInEndpoint("https://saml.provider/sign_in")
.signOutEndpoint("https://saml.provider/sign_out")
.globalTokenRevocationJwtIss("issuer.example.com")
.globalTokenRevocationJwtSub("user123")
.disableSignOut(true)
.strategyVersion(2)
.tenantDomain("example.com")
.domainAliases(
"example.com",
"alias.example.com")
.protocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")
.requestTemplate("""
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
ID="@@ID@@"
IssueInstant="@@IssueInstant@@"
ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest> """)
.userIdAttribute("https://saml.provider/imi/ns/identity-200810")
.signatureAlgorithm("rsa-sha256")
.digestAlgorithm("sha256")
.iconUrl("https://saml.provider/assets/logo.png")
.entityId("<entity_id>")
.metadataXml("""
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
""")
.metadataUrl("https://saml.provider/imi/ns/FederationMetadata.xml")
.fieldsMap(serializeJson(
jsonObject(
jsonProperty("name", jsonArray(
"name",
"nameidentifier"
)),
jsonProperty("email", jsonArray(
"emailaddress",
"nameidentifier"
)),
jsonProperty("family_name", "surname")
)))
.signingKey(ConnectionOptionsSigningKeyArgs.builder()
.key("""
-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY----- """)
.cert("""
-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE----- """)
.build())
.decryptionKey(ConnectionOptionsDecryptionKeyArgs.builder()
.key("""
-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY----- """)
.cert("""
-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE----- """)
.build())
.idpInitiated(ConnectionOptionsIdpInitiatedArgs.builder()
.clientId("client_id")
.clientProtocol("samlp")
.clientAuthorizeQuery("type=code&timeout=30")
.build())
.build())
.build());
}
}
resources:
# This is an example of a SAML connection.
samlp:
type: auth0:Connection
properties:
name: SAML-Connection
strategy: samlp
options:
debug: false
signingCert: <signing-certificate>
signInEndpoint: https://saml.provider/sign_in
signOutEndpoint: https://saml.provider/sign_out
globalTokenRevocationJwtIss: issuer.example.com
globalTokenRevocationJwtSub: user123
disableSignOut: true
strategyVersion: 2
tenantDomain: example.com
domainAliases:
- example.com
- alias.example.com
protocolBinding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
requestTemplate: |-
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
ID="@@ID@@"
IssueInstant="@@IssueInstant@@"
ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>
userIdAttribute: https://saml.provider/imi/ns/identity-200810
signatureAlgorithm: rsa-sha256
digestAlgorithm: sha256
iconUrl: https://saml.provider/assets/logo.png
entityId: <entity_id>
metadataXml: |2
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
metadataUrl: https://saml.provider/imi/ns/FederationMetadata.xml
fieldsMap:
fn::toJSON:
name:
- name
- nameidentifier
email:
- emailaddress
- nameidentifier
family_name: surname
signingKey:
key: |-
-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----
cert: |-
-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----
decryptionKey:
key: |-
-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----
cert: |-
-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----
idpInitiated:
clientId: client_id
clientProtocol: samlp
clientAuthorizeQuery: type=code&timeout=30
WindowsLive Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of a WindowsLive connection.
const windowslive = new auth0.Connection("windowslive", {
name: "Windowslive-Connection",
strategy: "windowslive",
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
strategyVersion: 2,
scopes: [
"signin",
"graph_user",
],
setUserRootAttributes: "on_first_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of a WindowsLive connection.
windowslive = auth0.Connection("windowslive",
name="Windowslive-Connection",
strategy="windowslive",
options={
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"strategy_version": 2,
"scopes": [
"signin",
"graph_user",
],
"set_user_root_attributes": "on_first_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of a WindowsLive connection.
_, err := auth0.NewConnection(ctx, "windowslive", &auth0.ConnectionArgs{
Name: pulumi.String("Windowslive-Connection"),
Strategy: pulumi.String("windowslive"),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
StrategyVersion: pulumi.Int(2),
Scopes: pulumi.StringArray{
pulumi.String("signin"),
pulumi.String("graph_user"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of a WindowsLive connection.
var windowslive = new Auth0.Connection("windowslive", new()
{
Name = "Windowslive-Connection",
Strategy = "windowslive",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
StrategyVersion = 2,
Scopes = new[]
{
"signin",
"graph_user",
},
SetUserRootAttributes = "on_first_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of a WindowsLive connection.
var windowslive = new Connection("windowslive", ConnectionArgs.builder()
.name("Windowslive-Connection")
.strategy("windowslive")
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.strategyVersion(2)
.scopes(
"signin",
"graph_user")
.setUserRootAttributes("on_first_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
# This is an example of a WindowsLive connection.
windowslive:
type: auth0:Connection
properties:
name: Windowslive-Connection
strategy: windowslive
options:
clientId: <client-id>
clientSecret: <client-secret>
strategyVersion: 2
scopes:
- signin
- graph_user
setUserRootAttributes: on_first_login
nonPersistentAttrs:
- ethnicity
- gender
OIDC Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an OIDC connection.
const oidc = new auth0.Connection("oidc", {
name: "oidc-connection",
displayName: "OIDC Connection",
strategy: "oidc",
showAsButton: false,
options: {
clientId: "1234567",
clientSecret: "1234567",
domainAliases: ["example.com"],
tenantDomain: "",
iconUrl: "https://example.com/assets/logo.png",
type: "back_channel",
issuer: "https://www.paypalobjects.com",
jwksUri: "https://api.paypal.com/v1/oauth2/certs",
discoveryUrl: "https://www.paypalobjects.com/.well-known/openid-configuration",
tokenEndpoint: "https://api.paypal.com/v1/oauth2/token",
userinfoEndpoint: "https://api.paypal.com/v1/oauth2/token/userinfo",
authorizationEndpoint: "https://www.paypal.com/signin/authorize",
scopes: [
"openid",
"email",
],
setUserRootAttributes: "on_first_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
connectionSettings: {
pkce: "auto",
},
attributeMap: {
mappingMode: "use_map",
userinfoScope: "openid email profile groups",
attributes: JSON.stringify({
name: "${context.tokenset.name}",
email: "${context.tokenset.email}",
email_verified: "${context.tokenset.email_verified}",
nickname: "${context.tokenset.nickname}",
picture: "${context.tokenset.picture}",
given_name: "${context.tokenset.given_name}",
family_name: "${context.tokenset.family_name}",
}),
},
},
});
import pulumi
import json
import pulumi_auth0 as auth0
# This is an example of an OIDC connection.
oidc = auth0.Connection("oidc",
name="oidc-connection",
display_name="OIDC Connection",
strategy="oidc",
show_as_button=False,
options={
"client_id": "1234567",
"client_secret": "1234567",
"domain_aliases": ["example.com"],
"tenant_domain": "",
"icon_url": "https://example.com/assets/logo.png",
"type": "back_channel",
"issuer": "https://www.paypalobjects.com",
"jwks_uri": "https://api.paypal.com/v1/oauth2/certs",
"discovery_url": "https://www.paypalobjects.com/.well-known/openid-configuration",
"token_endpoint": "https://api.paypal.com/v1/oauth2/token",
"userinfo_endpoint": "https://api.paypal.com/v1/oauth2/token/userinfo",
"authorization_endpoint": "https://www.paypal.com/signin/authorize",
"scopes": [
"openid",
"email",
],
"set_user_root_attributes": "on_first_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
"connection_settings": {
"pkce": "auto",
},
"attribute_map": {
"mapping_mode": "use_map",
"userinfo_scope": "openid email profile groups",
"attributes": json.dumps({
"name": "${context.tokenset.name}",
"email": "${context.tokenset.email}",
"email_verified": "${context.tokenset.email_verified}",
"nickname": "${context.tokenset.nickname}",
"picture": "${context.tokenset.picture}",
"given_name": "${context.tokenset.given_name}",
"family_name": "${context.tokenset.family_name}",
}),
},
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"name": "${context.tokenset.name}",
"email": "${context.tokenset.email}",
"email_verified": "${context.tokenset.email_verified}",
"nickname": "${context.tokenset.nickname}",
"picture": "${context.tokenset.picture}",
"given_name": "${context.tokenset.given_name}",
"family_name": "${context.tokenset.family_name}",
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
// This is an example of an OIDC connection.
_, err = auth0.NewConnection(ctx, "oidc", &auth0.ConnectionArgs{
Name: pulumi.String("oidc-connection"),
DisplayName: pulumi.String("OIDC Connection"),
Strategy: pulumi.String("oidc"),
ShowAsButton: pulumi.Bool(false),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("1234567"),
ClientSecret: pulumi.String("1234567"),
DomainAliases: pulumi.StringArray{
pulumi.String("example.com"),
},
TenantDomain: pulumi.String(""),
IconUrl: pulumi.String("https://example.com/assets/logo.png"),
Type: pulumi.String("back_channel"),
Issuer: pulumi.String("https://www.paypalobjects.com"),
JwksUri: pulumi.String("https://api.paypal.com/v1/oauth2/certs"),
DiscoveryUrl: pulumi.String("https://www.paypalobjects.com/.well-known/openid-configuration"),
TokenEndpoint: pulumi.String("https://api.paypal.com/v1/oauth2/token"),
UserinfoEndpoint: pulumi.String("https://api.paypal.com/v1/oauth2/token/userinfo"),
AuthorizationEndpoint: pulumi.String("https://www.paypal.com/signin/authorize"),
Scopes: pulumi.StringArray{
pulumi.String("openid"),
pulumi.String("email"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
ConnectionSettings: &auth0.ConnectionOptionsConnectionSettingsArgs{
Pkce: pulumi.String("auto"),
},
AttributeMap: &auth0.ConnectionOptionsAttributeMapArgs{
MappingMode: pulumi.String("use_map"),
UserinfoScope: pulumi.String("openid email profile groups"),
Attributes: pulumi.String(json0),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an OIDC connection.
var oidc = new Auth0.Connection("oidc", new()
{
Name = "oidc-connection",
DisplayName = "OIDC Connection",
Strategy = "oidc",
ShowAsButton = false,
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "1234567",
ClientSecret = "1234567",
DomainAliases = new[]
{
"example.com",
},
TenantDomain = "",
IconUrl = "https://example.com/assets/logo.png",
Type = "back_channel",
Issuer = "https://www.paypalobjects.com",
JwksUri = "https://api.paypal.com/v1/oauth2/certs",
DiscoveryUrl = "https://www.paypalobjects.com/.well-known/openid-configuration",
TokenEndpoint = "https://api.paypal.com/v1/oauth2/token",
UserinfoEndpoint = "https://api.paypal.com/v1/oauth2/token/userinfo",
AuthorizationEndpoint = "https://www.paypal.com/signin/authorize",
Scopes = new[]
{
"openid",
"email",
},
SetUserRootAttributes = "on_first_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
ConnectionSettings = new Auth0.Inputs.ConnectionOptionsConnectionSettingsArgs
{
Pkce = "auto",
},
AttributeMap = new Auth0.Inputs.ConnectionOptionsAttributeMapArgs
{
MappingMode = "use_map",
UserinfoScope = "openid email profile groups",
Attributes = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["name"] = "${context.tokenset.name}",
["email"] = "${context.tokenset.email}",
["email_verified"] = "${context.tokenset.email_verified}",
["nickname"] = "${context.tokenset.nickname}",
["picture"] = "${context.tokenset.picture}",
["given_name"] = "${context.tokenset.given_name}",
["family_name"] = "${context.tokenset.family_name}",
}),
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsConnectionSettingsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsAttributeMapArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an OIDC connection.
var oidc = new Connection("oidc", ConnectionArgs.builder()
.name("oidc-connection")
.displayName("OIDC Connection")
.strategy("oidc")
.showAsButton(false)
.options(ConnectionOptionsArgs.builder()
.clientId("1234567")
.clientSecret("1234567")
.domainAliases("example.com")
.tenantDomain("")
.iconUrl("https://example.com/assets/logo.png")
.type("back_channel")
.issuer("https://www.paypalobjects.com")
.jwksUri("https://api.paypal.com/v1/oauth2/certs")
.discoveryUrl("https://www.paypalobjects.com/.well-known/openid-configuration")
.tokenEndpoint("https://api.paypal.com/v1/oauth2/token")
.userinfoEndpoint("https://api.paypal.com/v1/oauth2/token/userinfo")
.authorizationEndpoint("https://www.paypal.com/signin/authorize")
.scopes(
"openid",
"email")
.setUserRootAttributes("on_first_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.connectionSettings(ConnectionOptionsConnectionSettingsArgs.builder()
.pkce("auto")
.build())
.attributeMap(ConnectionOptionsAttributeMapArgs.builder()
.mappingMode("use_map")
.userinfoScope("openid email profile groups")
.attributes(serializeJson(
jsonObject(
jsonProperty("name", "${context.tokenset.name}"),
jsonProperty("email", "${context.tokenset.email}"),
jsonProperty("email_verified", "${context.tokenset.email_verified}"),
jsonProperty("nickname", "${context.tokenset.nickname}"),
jsonProperty("picture", "${context.tokenset.picture}"),
jsonProperty("given_name", "${context.tokenset.given_name}"),
jsonProperty("family_name", "${context.tokenset.family_name}")
)))
.build())
.build())
.build());
}
}
resources:
# This is an example of an OIDC connection.
oidc:
type: auth0:Connection
properties:
name: oidc-connection
displayName: OIDC Connection
strategy: oidc
showAsButton: false
options:
clientId: '1234567'
clientSecret: '1234567'
domainAliases:
- example.com
tenantDomain: ""
iconUrl: https://example.com/assets/logo.png
type: back_channel
issuer: https://www.paypalobjects.com
jwksUri: https://api.paypal.com/v1/oauth2/certs
discoveryUrl: https://www.paypalobjects.com/.well-known/openid-configuration
tokenEndpoint: https://api.paypal.com/v1/oauth2/token
userinfoEndpoint: https://api.paypal.com/v1/oauth2/token/userinfo
authorizationEndpoint: https://www.paypal.com/signin/authorize
scopes:
- openid
- email
setUserRootAttributes: on_first_login
nonPersistentAttrs:
- ethnicity
- gender
connectionSettings:
pkce: auto
attributeMap:
mappingMode: use_map
userinfoScope: openid email profile groups
attributes:
fn::toJSON:
name: $${context.tokenset.name}
email: $${context.tokenset.email}
email_verified: $${context.tokenset.email_verified}
nickname: $${context.tokenset.nickname}
picture: $${context.tokenset.picture}
given_name: $${context.tokenset.given_name}
family_name: $${context.tokenset.family_name}
Okta Connection
!> When configuring an Okta Workforce connection, the scopes attribute must be explicitly set. If omitted, the connection may not function correctly.
To ensure proper behavior, always specify: scopes = ["openid", "profile", "email"]
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an Okta Workforce connection.
const okta = new auth0.Connection("okta", {
name: "okta-connection",
displayName: "Okta Workforce Connection",
strategy: "okta",
showAsButton: false,
options: {
clientId: "1234567",
clientSecret: "1234567",
domain: "example.okta.com",
domainAliases: ["example.com"],
issuer: "https://example.okta.com",
jwksUri: "https://example.okta.com/oauth2/v1/keys",
tokenEndpoint: "https://example.okta.com/oauth2/v1/token",
userinfoEndpoint: "https://example.okta.com/oauth2/v1/userinfo",
authorizationEndpoint: "https://example.okta.com/oauth2/v1/authorize",
scopes: [
"openid",
"profile",
"email",
],
setUserRootAttributes: "on_first_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
upstreamParams: JSON.stringify({
screen_name: {
alias: "login_hint",
},
}),
connectionSettings: {
pkce: "auto",
},
attributeMap: {
mappingMode: "basic_profile",
userinfoScope: "openid email profile groups",
attributes: JSON.stringify({
name: "${context.tokenset.name}",
email: "${context.tokenset.email}",
email_verified: "${context.tokenset.email_verified}",
nickname: "${context.tokenset.nickname}",
picture: "${context.tokenset.picture}",
given_name: "${context.tokenset.given_name}",
family_name: "${context.tokenset.family_name}",
}),
},
},
});
import pulumi
import json
import pulumi_auth0 as auth0
# This is an example of an Okta Workforce connection.
okta = auth0.Connection("okta",
name="okta-connection",
display_name="Okta Workforce Connection",
strategy="okta",
show_as_button=False,
options={
"client_id": "1234567",
"client_secret": "1234567",
"domain": "example.okta.com",
"domain_aliases": ["example.com"],
"issuer": "https://example.okta.com",
"jwks_uri": "https://example.okta.com/oauth2/v1/keys",
"token_endpoint": "https://example.okta.com/oauth2/v1/token",
"userinfo_endpoint": "https://example.okta.com/oauth2/v1/userinfo",
"authorization_endpoint": "https://example.okta.com/oauth2/v1/authorize",
"scopes": [
"openid",
"profile",
"email",
],
"set_user_root_attributes": "on_first_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
"upstream_params": json.dumps({
"screen_name": {
"alias": "login_hint",
},
}),
"connection_settings": {
"pkce": "auto",
},
"attribute_map": {
"mapping_mode": "basic_profile",
"userinfo_scope": "openid email profile groups",
"attributes": json.dumps({
"name": "${context.tokenset.name}",
"email": "${context.tokenset.email}",
"email_verified": "${context.tokenset.email_verified}",
"nickname": "${context.tokenset.nickname}",
"picture": "${context.tokenset.picture}",
"given_name": "${context.tokenset.given_name}",
"family_name": "${context.tokenset.family_name}",
}),
},
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"screen_name": map[string]interface{}{
"alias": "login_hint",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
tmpJSON1, err := json.Marshal(map[string]interface{}{
"name": "${context.tokenset.name}",
"email": "${context.tokenset.email}",
"email_verified": "${context.tokenset.email_verified}",
"nickname": "${context.tokenset.nickname}",
"picture": "${context.tokenset.picture}",
"given_name": "${context.tokenset.given_name}",
"family_name": "${context.tokenset.family_name}",
})
if err != nil {
return err
}
json1 := string(tmpJSON1)
// This is an example of an Okta Workforce connection.
_, err = auth0.NewConnection(ctx, "okta", &auth0.ConnectionArgs{
Name: pulumi.String("okta-connection"),
DisplayName: pulumi.String("Okta Workforce Connection"),
Strategy: pulumi.String("okta"),
ShowAsButton: pulumi.Bool(false),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("1234567"),
ClientSecret: pulumi.String("1234567"),
Domain: pulumi.String("example.okta.com"),
DomainAliases: pulumi.StringArray{
pulumi.String("example.com"),
},
Issuer: pulumi.String("https://example.okta.com"),
JwksUri: pulumi.String("https://example.okta.com/oauth2/v1/keys"),
TokenEndpoint: pulumi.String("https://example.okta.com/oauth2/v1/token"),
UserinfoEndpoint: pulumi.String("https://example.okta.com/oauth2/v1/userinfo"),
AuthorizationEndpoint: pulumi.String("https://example.okta.com/oauth2/v1/authorize"),
Scopes: pulumi.StringArray{
pulumi.String("openid"),
pulumi.String("profile"),
pulumi.String("email"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
UpstreamParams: pulumi.String(json0),
ConnectionSettings: &auth0.ConnectionOptionsConnectionSettingsArgs{
Pkce: pulumi.String("auto"),
},
AttributeMap: &auth0.ConnectionOptionsAttributeMapArgs{
MappingMode: pulumi.String("basic_profile"),
UserinfoScope: pulumi.String("openid email profile groups"),
Attributes: pulumi.String(json1),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an Okta Workforce connection.
var okta = new Auth0.Connection("okta", new()
{
Name = "okta-connection",
DisplayName = "Okta Workforce Connection",
Strategy = "okta",
ShowAsButton = false,
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "1234567",
ClientSecret = "1234567",
Domain = "example.okta.com",
DomainAliases = new[]
{
"example.com",
},
Issuer = "https://example.okta.com",
JwksUri = "https://example.okta.com/oauth2/v1/keys",
TokenEndpoint = "https://example.okta.com/oauth2/v1/token",
UserinfoEndpoint = "https://example.okta.com/oauth2/v1/userinfo",
AuthorizationEndpoint = "https://example.okta.com/oauth2/v1/authorize",
Scopes = new[]
{
"openid",
"profile",
"email",
},
SetUserRootAttributes = "on_first_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["screen_name"] = new Dictionary<string, object?>
{
["alias"] = "login_hint",
},
}),
ConnectionSettings = new Auth0.Inputs.ConnectionOptionsConnectionSettingsArgs
{
Pkce = "auto",
},
AttributeMap = new Auth0.Inputs.ConnectionOptionsAttributeMapArgs
{
MappingMode = "basic_profile",
UserinfoScope = "openid email profile groups",
Attributes = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["name"] = "${context.tokenset.name}",
["email"] = "${context.tokenset.email}",
["email_verified"] = "${context.tokenset.email_verified}",
["nickname"] = "${context.tokenset.nickname}",
["picture"] = "${context.tokenset.picture}",
["given_name"] = "${context.tokenset.given_name}",
["family_name"] = "${context.tokenset.family_name}",
}),
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsConnectionSettingsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsAttributeMapArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an Okta Workforce connection.
var okta = new Connection("okta", ConnectionArgs.builder()
.name("okta-connection")
.displayName("Okta Workforce Connection")
.strategy("okta")
.showAsButton(false)
.options(ConnectionOptionsArgs.builder()
.clientId("1234567")
.clientSecret("1234567")
.domain("example.okta.com")
.domainAliases("example.com")
.issuer("https://example.okta.com")
.jwksUri("https://example.okta.com/oauth2/v1/keys")
.tokenEndpoint("https://example.okta.com/oauth2/v1/token")
.userinfoEndpoint("https://example.okta.com/oauth2/v1/userinfo")
.authorizationEndpoint("https://example.okta.com/oauth2/v1/authorize")
.scopes(
"openid",
"profile",
"email")
.setUserRootAttributes("on_first_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.upstreamParams(serializeJson(
jsonObject(
jsonProperty("screen_name", jsonObject(
jsonProperty("alias", "login_hint")
))
)))
.connectionSettings(ConnectionOptionsConnectionSettingsArgs.builder()
.pkce("auto")
.build())
.attributeMap(ConnectionOptionsAttributeMapArgs.builder()
.mappingMode("basic_profile")
.userinfoScope("openid email profile groups")
.attributes(serializeJson(
jsonObject(
jsonProperty("name", "${context.tokenset.name}"),
jsonProperty("email", "${context.tokenset.email}"),
jsonProperty("email_verified", "${context.tokenset.email_verified}"),
jsonProperty("nickname", "${context.tokenset.nickname}"),
jsonProperty("picture", "${context.tokenset.picture}"),
jsonProperty("given_name", "${context.tokenset.given_name}"),
jsonProperty("family_name", "${context.tokenset.family_name}")
)))
.build())
.build())
.build());
}
}
resources:
# This is an example of an Okta Workforce connection.
okta:
type: auth0:Connection
properties:
name: okta-connection
displayName: Okta Workforce Connection
strategy: okta
showAsButton: false
options:
clientId: '1234567'
clientSecret: '1234567'
domain: example.okta.com
domainAliases:
- example.com
issuer: https://example.okta.com
jwksUri: https://example.okta.com/oauth2/v1/keys
tokenEndpoint: https://example.okta.com/oauth2/v1/token
userinfoEndpoint: https://example.okta.com/oauth2/v1/userinfo
authorizationEndpoint: https://example.okta.com/oauth2/v1/authorize
scopes:
- openid
- profile
- email
setUserRootAttributes: on_first_login
nonPersistentAttrs:
- ethnicity
- gender
upstreamParams:
fn::toJSON:
screen_name:
alias: login_hint
connectionSettings:
pkce: auto
attributeMap:
mappingMode: basic_profile
userinfoScope: openid email profile groups
attributes:
fn::toJSON:
name: $${context.tokenset.name}
email: $${context.tokenset.email}
email_verified: $${context.tokenset.email_verified}
nickname: $${context.tokenset.nickname}
picture: $${context.tokenset.picture}
given_name: $${context.tokenset.given_name}
family_name: $${context.tokenset.family_name}
Create Connection Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);@overload
def Connection(resource_name: str,
args: ConnectionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Connection(resource_name: str,
opts: Optional[ResourceOptions] = None,
strategy: Optional[str] = None,
authentication: Optional[ConnectionAuthenticationArgs] = None,
connected_accounts: Optional[ConnectionConnectedAccountsArgs] = None,
display_name: Optional[str] = None,
is_domain_connection: Optional[bool] = None,
metadata: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
options: Optional[ConnectionOptionsArgs] = None,
realms: Optional[Sequence[str]] = None,
show_as_button: Optional[bool] = None)func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)
public Connection(String name, ConnectionArgs args)
public Connection(String name, ConnectionArgs args, CustomResourceOptions options)
type: auth0:Connection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var connectionResource = new Auth0.Connection("connectionResource", new()
{
Strategy = "string",
Authentication = new Auth0.Inputs.ConnectionAuthenticationArgs
{
Active = false,
},
ConnectedAccounts = new Auth0.Inputs.ConnectionConnectedAccountsArgs
{
Active = false,
},
DisplayName = "string",
IsDomainConnection = false,
Metadata =
{
{ "string", "string" },
},
Name = "string",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
AdfsServer = "string",
AllowedAudiences = new[]
{
"string",
},
ApiEnableUsers = false,
AppId = "string",
AttributeMap = new Auth0.Inputs.ConnectionOptionsAttributeMapArgs
{
MappingMode = "string",
Attributes = "string",
UserinfoScope = "string",
},
Attributes = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeArgs
{
Emails = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeEmailArgs
{
Identifiers = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeEmailIdentifierArgs
{
Active = false,
},
},
ProfileRequired = false,
Signups = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeEmailSignupArgs
{
Status = "string",
Verifications = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeEmailSignupVerificationArgs
{
Active = false,
},
},
},
},
Unique = false,
VerificationMethod = "string",
},
},
PhoneNumbers = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributePhoneNumberArgs
{
Identifiers = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributePhoneNumberIdentifierArgs
{
Active = false,
},
},
ProfileRequired = false,
Signups = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributePhoneNumberSignupArgs
{
Status = "string",
Verifications = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributePhoneNumberSignupVerificationArgs
{
Active = false,
},
},
},
},
},
},
Usernames = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeUsernameArgs
{
Identifiers = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeUsernameIdentifierArgs
{
Active = false,
},
},
ProfileRequired = false,
Signups = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeUsernameSignupArgs
{
Status = "string",
},
},
Validations = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeUsernameValidationArgs
{
AllowedTypes = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeUsernameValidationAllowedTypeArgs
{
Email = false,
PhoneNumber = false,
},
},
MaxLength = 0,
MinLength = 0,
},
},
},
},
},
},
AuthParams =
{
{ "string", "string" },
},
AuthenticationMethods = new[]
{
new Auth0.Inputs.ConnectionOptionsAuthenticationMethodArgs
{
Passkey = new Auth0.Inputs.ConnectionOptionsAuthenticationMethodPasskeyArgs
{
Enabled = false,
},
Password = new Auth0.Inputs.ConnectionOptionsAuthenticationMethodPasswordArgs
{
Enabled = false,
},
},
},
AuthorizationEndpoint = "string",
BruteForceProtection = false,
ClientId = "string",
ClientSecret = "string",
CommunityBaseUrl = "string",
Configuration =
{
{ "string", "string" },
},
ConnectionSettings = new Auth0.Inputs.ConnectionOptionsConnectionSettingsArgs
{
Pkce = "string",
},
CustomHeaders = new[]
{
new Auth0.Inputs.ConnectionOptionsCustomHeaderArgs
{
Header = "string",
Value = "string",
},
},
CustomScripts =
{
{ "string", "string" },
},
Debug = false,
DecryptionKey = new Auth0.Inputs.ConnectionOptionsDecryptionKeyArgs
{
Cert = "string",
Key = "string",
},
DigestAlgorithm = "string",
DisableCache = false,
DisableSelfServiceChangePassword = false,
DisableSignOut = false,
DisableSignup = false,
DiscoveryUrl = "string",
Domain = "string",
DomainAliases = new[]
{
"string",
},
EnableScriptContext = false,
EnabledDatabaseCustomization = false,
EntityId = "string",
FedMetadataXml = "string",
FieldsMap = "string",
ForwardRequestInfo = false,
From = "string",
GatewayAuthentication = new Auth0.Inputs.ConnectionOptionsGatewayAuthenticationArgs
{
Audience = "string",
Method = "string",
Secret = "string",
SecretBase64Encoded = false,
Subject = "string",
},
GatewayUrl = "string",
GlobalTokenRevocationJwtIss = "string",
GlobalTokenRevocationJwtSub = "string",
IconUrl = "string",
IdentityApi = "string",
IdpInitiated = new Auth0.Inputs.ConnectionOptionsIdpInitiatedArgs
{
ClientAuthorizeQuery = "string",
ClientId = "string",
ClientProtocol = "string",
Enabled = false,
},
ImportMode = false,
Ips = new[]
{
"string",
},
Issuer = "string",
JwksUri = "string",
KeyId = "string",
MapUserIdToId = false,
MaxGroupsToRetrieve = "string",
MessagingServiceSid = "string",
MetadataUrl = "string",
MetadataXml = "string",
Mfa = new Auth0.Inputs.ConnectionOptionsMfaArgs
{
Active = false,
ReturnEnrollSettings = false,
},
Name = "string",
NonPersistentAttrs = new[]
{
"string",
},
PasskeyOptions = new Auth0.Inputs.ConnectionOptionsPasskeyOptionsArgs
{
ChallengeUi = "string",
LocalEnrollmentEnabled = false,
ProgressiveEnrollmentEnabled = false,
},
PasswordComplexityOptions = new Auth0.Inputs.ConnectionOptionsPasswordComplexityOptionsArgs
{
MinLength = 0,
},
PasswordDictionary = new Auth0.Inputs.ConnectionOptionsPasswordDictionaryArgs
{
Dictionaries = new[]
{
"string",
},
Enable = false,
},
PasswordHistories = new[]
{
new Auth0.Inputs.ConnectionOptionsPasswordHistoryArgs
{
Enable = false,
Size = 0,
},
},
PasswordNoPersonalInfo = new Auth0.Inputs.ConnectionOptionsPasswordNoPersonalInfoArgs
{
Enable = false,
},
PasswordPolicy = "string",
PingFederateBaseUrl = "string",
PkceEnabled = false,
Precedences = new[]
{
"string",
},
ProtocolBinding = "string",
Provider = "string",
RealmFallback = false,
RequestTemplate = "string",
RequiresUsername = false,
Scopes = new[]
{
"string",
},
Scripts =
{
{ "string", "string" },
},
SetUserRootAttributes = "string",
ShouldTrustEmailVerifiedConnection = "string",
SignInEndpoint = "string",
SignOutEndpoint = "string",
SignSamlRequest = false,
SignatureAlgorithm = "string",
SigningCert = "string",
SigningKey = new Auth0.Inputs.ConnectionOptionsSigningKeyArgs
{
Cert = "string",
Key = "string",
},
StrategyVersion = 0,
Subject = "string",
Syntax = "string",
TeamId = "string",
Template = "string",
TenantDomain = "string",
TokenEndpoint = "string",
TokenEndpointAuthMethod = "string",
TokenEndpointAuthSigningAlg = "string",
Totp = new Auth0.Inputs.ConnectionOptionsTotpArgs
{
Length = 0,
TimeStep = 0,
},
TwilioSid = "string",
TwilioToken = "string",
Type = "string",
UpstreamParams = "string",
UseCertAuth = false,
UseKerberos = false,
UseWsfed = false,
UserIdAttribute = "string",
UserinfoEndpoint = "string",
Validation = new Auth0.Inputs.ConnectionOptionsValidationArgs
{
Username = new Auth0.Inputs.ConnectionOptionsValidationUsernameArgs
{
Max = 0,
Min = 0,
},
},
WaadCommonEndpoint = false,
WaadProtocol = "string",
},
Realms = new[]
{
"string",
},
ShowAsButton = false,
});
example, err := auth0.NewConnection(ctx, "connectionResource", &auth0.ConnectionArgs{
Strategy: pulumi.String("string"),
Authentication: &auth0.ConnectionAuthenticationArgs{
Active: pulumi.Bool(false),
},
ConnectedAccounts: &auth0.ConnectionConnectedAccountsArgs{
Active: pulumi.Bool(false),
},
DisplayName: pulumi.String("string"),
IsDomainConnection: pulumi.Bool(false),
Metadata: pulumi.StringMap{
"string": pulumi.String("string"),
},
Name: pulumi.String("string"),
Options: &auth0.ConnectionOptionsArgs{
AdfsServer: pulumi.String("string"),
AllowedAudiences: pulumi.StringArray{
pulumi.String("string"),
},
ApiEnableUsers: pulumi.Bool(false),
AppId: pulumi.String("string"),
AttributeMap: &auth0.ConnectionOptionsAttributeMapArgs{
MappingMode: pulumi.String("string"),
Attributes: pulumi.String("string"),
UserinfoScope: pulumi.String("string"),
},
Attributes: auth0.ConnectionOptionsAttributeArray{
&auth0.ConnectionOptionsAttributeArgs{
Emails: auth0.ConnectionOptionsAttributeEmailArray{
&auth0.ConnectionOptionsAttributeEmailArgs{
Identifiers: auth0.ConnectionOptionsAttributeEmailIdentifierArray{
&auth0.ConnectionOptionsAttributeEmailIdentifierArgs{
Active: pulumi.Bool(false),
},
},
ProfileRequired: pulumi.Bool(false),
Signups: auth0.ConnectionOptionsAttributeEmailSignupArray{
&auth0.ConnectionOptionsAttributeEmailSignupArgs{
Status: pulumi.String("string"),
Verifications: auth0.ConnectionOptionsAttributeEmailSignupVerificationArray{
&auth0.ConnectionOptionsAttributeEmailSignupVerificationArgs{
Active: pulumi.Bool(false),
},
},
},
},
Unique: pulumi.Bool(false),
VerificationMethod: pulumi.String("string"),
},
},
PhoneNumbers: auth0.ConnectionOptionsAttributePhoneNumberArray{
&auth0.ConnectionOptionsAttributePhoneNumberArgs{
Identifiers: auth0.ConnectionOptionsAttributePhoneNumberIdentifierArray{
&auth0.ConnectionOptionsAttributePhoneNumberIdentifierArgs{
Active: pulumi.Bool(false),
},
},
ProfileRequired: pulumi.Bool(false),
Signups: auth0.ConnectionOptionsAttributePhoneNumberSignupArray{
&auth0.ConnectionOptionsAttributePhoneNumberSignupArgs{
Status: pulumi.String("string"),
Verifications: auth0.ConnectionOptionsAttributePhoneNumberSignupVerificationArray{
&auth0.ConnectionOptionsAttributePhoneNumberSignupVerificationArgs{
Active: pulumi.Bool(false),
},
},
},
},
},
},
Usernames: auth0.ConnectionOptionsAttributeUsernameArray{
&auth0.ConnectionOptionsAttributeUsernameArgs{
Identifiers: auth0.ConnectionOptionsAttributeUsernameIdentifierArray{
&auth0.ConnectionOptionsAttributeUsernameIdentifierArgs{
Active: pulumi.Bool(false),
},
},
ProfileRequired: pulumi.Bool(false),
Signups: auth0.ConnectionOptionsAttributeUsernameSignupArray{
&auth0.ConnectionOptionsAttributeUsernameSignupArgs{
Status: pulumi.String("string"),
},
},
Validations: auth0.ConnectionOptionsAttributeUsernameValidationArray{
&auth0.ConnectionOptionsAttributeUsernameValidationArgs{
AllowedTypes: auth0.ConnectionOptionsAttributeUsernameValidationAllowedTypeArray{
&auth0.ConnectionOptionsAttributeUsernameValidationAllowedTypeArgs{
Email: pulumi.Bool(false),
PhoneNumber: pulumi.Bool(false),
},
},
MaxLength: pulumi.Int(0),
MinLength: pulumi.Int(0),
},
},
},
},
},
},
AuthParams: pulumi.StringMap{
"string": pulumi.String("string"),
},
AuthenticationMethods: auth0.ConnectionOptionsAuthenticationMethodArray{
&auth0.ConnectionOptionsAuthenticationMethodArgs{
Passkey: &auth0.ConnectionOptionsAuthenticationMethodPasskeyArgs{
Enabled: pulumi.Bool(false),
},
Password: &auth0.ConnectionOptionsAuthenticationMethodPasswordArgs{
Enabled: pulumi.Bool(false),
},
},
},
AuthorizationEndpoint: pulumi.String("string"),
BruteForceProtection: pulumi.Bool(false),
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
CommunityBaseUrl: pulumi.String("string"),
Configuration: pulumi.StringMap{
"string": pulumi.String("string"),
},
ConnectionSettings: &auth0.ConnectionOptionsConnectionSettingsArgs{
Pkce: pulumi.String("string"),
},
CustomHeaders: auth0.ConnectionOptionsCustomHeaderArray{
&auth0.ConnectionOptionsCustomHeaderArgs{
Header: pulumi.String("string"),
Value: pulumi.String("string"),
},
},
CustomScripts: pulumi.StringMap{
"string": pulumi.String("string"),
},
Debug: pulumi.Bool(false),
DecryptionKey: &auth0.ConnectionOptionsDecryptionKeyArgs{
Cert: pulumi.String("string"),
Key: pulumi.String("string"),
},
DigestAlgorithm: pulumi.String("string"),
DisableCache: pulumi.Bool(false),
DisableSelfServiceChangePassword: pulumi.Bool(false),
DisableSignOut: pulumi.Bool(false),
DisableSignup: pulumi.Bool(false),
DiscoveryUrl: pulumi.String("string"),
Domain: pulumi.String("string"),
DomainAliases: pulumi.StringArray{
pulumi.String("string"),
},
EnableScriptContext: pulumi.Bool(false),
EnabledDatabaseCustomization: pulumi.Bool(false),
EntityId: pulumi.String("string"),
FedMetadataXml: pulumi.String("string"),
FieldsMap: pulumi.String("string"),
ForwardRequestInfo: pulumi.Bool(false),
From: pulumi.String("string"),
GatewayAuthentication: &auth0.ConnectionOptionsGatewayAuthenticationArgs{
Audience: pulumi.String("string"),
Method: pulumi.String("string"),
Secret: pulumi.String("string"),
SecretBase64Encoded: pulumi.Bool(false),
Subject: pulumi.String("string"),
},
GatewayUrl: pulumi.String("string"),
GlobalTokenRevocationJwtIss: pulumi.String("string"),
GlobalTokenRevocationJwtSub: pulumi.String("string"),
IconUrl: pulumi.String("string"),
IdentityApi: pulumi.String("string"),
IdpInitiated: &auth0.ConnectionOptionsIdpInitiatedArgs{
ClientAuthorizeQuery: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientProtocol: pulumi.String("string"),
Enabled: pulumi.Bool(false),
},
ImportMode: pulumi.Bool(false),
Ips: pulumi.StringArray{
pulumi.String("string"),
},
Issuer: pulumi.String("string"),
JwksUri: pulumi.String("string"),
KeyId: pulumi.String("string"),
MapUserIdToId: pulumi.Bool(false),
MaxGroupsToRetrieve: pulumi.String("string"),
MessagingServiceSid: pulumi.String("string"),
MetadataUrl: pulumi.String("string"),
MetadataXml: pulumi.String("string"),
Mfa: &auth0.ConnectionOptionsMfaArgs{
Active: pulumi.Bool(false),
ReturnEnrollSettings: pulumi.Bool(false),
},
Name: pulumi.String("string"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("string"),
},
PasskeyOptions: &auth0.ConnectionOptionsPasskeyOptionsArgs{
ChallengeUi: pulumi.String("string"),
LocalEnrollmentEnabled: pulumi.Bool(false),
ProgressiveEnrollmentEnabled: pulumi.Bool(false),
},
PasswordComplexityOptions: &auth0.ConnectionOptionsPasswordComplexityOptionsArgs{
MinLength: pulumi.Int(0),
},
PasswordDictionary: &auth0.ConnectionOptionsPasswordDictionaryArgs{
Dictionaries: pulumi.StringArray{
pulumi.String("string"),
},
Enable: pulumi.Bool(false),
},
PasswordHistories: auth0.ConnectionOptionsPasswordHistoryArray{
&auth0.ConnectionOptionsPasswordHistoryArgs{
Enable: pulumi.Bool(false),
Size: pulumi.Int(0),
},
},
PasswordNoPersonalInfo: &auth0.ConnectionOptionsPasswordNoPersonalInfoArgs{
Enable: pulumi.Bool(false),
},
PasswordPolicy: pulumi.String("string"),
PingFederateBaseUrl: pulumi.String("string"),
PkceEnabled: pulumi.Bool(false),
Precedences: pulumi.StringArray{
pulumi.String("string"),
},
ProtocolBinding: pulumi.String("string"),
Provider: pulumi.String("string"),
RealmFallback: pulumi.Bool(false),
RequestTemplate: pulumi.String("string"),
RequiresUsername: pulumi.Bool(false),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
Scripts: pulumi.StringMap{
"string": pulumi.String("string"),
},
SetUserRootAttributes: pulumi.String("string"),
ShouldTrustEmailVerifiedConnection: pulumi.String("string"),
SignInEndpoint: pulumi.String("string"),
SignOutEndpoint: pulumi.String("string"),
SignSamlRequest: pulumi.Bool(false),
SignatureAlgorithm: pulumi.String("string"),
SigningCert: pulumi.String("string"),
SigningKey: &auth0.ConnectionOptionsSigningKeyArgs{
Cert: pulumi.String("string"),
Key: pulumi.String("string"),
},
StrategyVersion: pulumi.Int(0),
Subject: pulumi.String("string"),
Syntax: pulumi.String("string"),
TeamId: pulumi.String("string"),
Template: pulumi.String("string"),
TenantDomain: pulumi.String("string"),
TokenEndpoint: pulumi.String("string"),
TokenEndpointAuthMethod: pulumi.String("string"),
TokenEndpointAuthSigningAlg: pulumi.String("string"),
Totp: &auth0.ConnectionOptionsTotpArgs{
Length: pulumi.Int(0),
TimeStep: pulumi.Int(0),
},
TwilioSid: pulumi.String("string"),
TwilioToken: pulumi.String("string"),
Type: pulumi.String("string"),
UpstreamParams: pulumi.String("string"),
UseCertAuth: pulumi.Bool(false),
UseKerberos: pulumi.Bool(false),
UseWsfed: pulumi.Bool(false),
UserIdAttribute: pulumi.String("string"),
UserinfoEndpoint: pulumi.String("string"),
Validation: &auth0.ConnectionOptionsValidationArgs{
Username: &auth0.ConnectionOptionsValidationUsernameArgs{
Max: pulumi.Int(0),
Min: pulumi.Int(0),
},
},
WaadCommonEndpoint: pulumi.Bool(false),
WaadProtocol: pulumi.String("string"),
},
Realms: pulumi.StringArray{
pulumi.String("string"),
},
ShowAsButton: pulumi.Bool(false),
})
var connectionResource = new Connection("connectionResource", ConnectionArgs.builder()
.strategy("string")
.authentication(ConnectionAuthenticationArgs.builder()
.active(false)
.build())
.connectedAccounts(ConnectionConnectedAccountsArgs.builder()
.active(false)
.build())
.displayName("string")
.isDomainConnection(false)
.metadata(Map.of("string", "string"))
.name("string")
.options(ConnectionOptionsArgs.builder()
.adfsServer("string")
.allowedAudiences("string")
.apiEnableUsers(false)
.appId("string")
.attributeMap(ConnectionOptionsAttributeMapArgs.builder()
.mappingMode("string")
.attributes("string")
.userinfoScope("string")
.build())
.attributes(ConnectionOptionsAttributeArgs.builder()
.emails(ConnectionOptionsAttributeEmailArgs.builder()
.identifiers(ConnectionOptionsAttributeEmailIdentifierArgs.builder()
.active(false)
.build())
.profileRequired(false)
.signups(ConnectionOptionsAttributeEmailSignupArgs.builder()
.status("string")
.verifications(ConnectionOptionsAttributeEmailSignupVerificationArgs.builder()
.active(false)
.build())
.build())
.unique(false)
.verificationMethod("string")
.build())
.phoneNumbers(ConnectionOptionsAttributePhoneNumberArgs.builder()
.identifiers(ConnectionOptionsAttributePhoneNumberIdentifierArgs.builder()
.active(false)
.build())
.profileRequired(false)
.signups(ConnectionOptionsAttributePhoneNumberSignupArgs.builder()
.status("string")
.verifications(ConnectionOptionsAttributePhoneNumberSignupVerificationArgs.builder()
.active(false)
.build())
.build())
.build())
.usernames(ConnectionOptionsAttributeUsernameArgs.builder()
.identifiers(ConnectionOptionsAttributeUsernameIdentifierArgs.builder()
.active(false)
.build())
.profileRequired(false)
.signups(ConnectionOptionsAttributeUsernameSignupArgs.builder()
.status("string")
.build())
.validations(ConnectionOptionsAttributeUsernameValidationArgs.builder()
.allowedTypes(ConnectionOptionsAttributeUsernameValidationAllowedTypeArgs.builder()
.email(false)
.phoneNumber(false)
.build())
.maxLength(0)
.minLength(0)
.build())
.build())
.build())
.authParams(Map.of("string", "string"))
.authenticationMethods(ConnectionOptionsAuthenticationMethodArgs.builder()
.passkey(ConnectionOptionsAuthenticationMethodPasskeyArgs.builder()
.enabled(false)
.build())
.password(ConnectionOptionsAuthenticationMethodPasswordArgs.builder()
.enabled(false)
.build())
.build())
.authorizationEndpoint("string")
.bruteForceProtection(false)
.clientId("string")
.clientSecret("string")
.communityBaseUrl("string")
.configuration(Map.of("string", "string"))
.connectionSettings(ConnectionOptionsConnectionSettingsArgs.builder()
.pkce("string")
.build())
.customHeaders(ConnectionOptionsCustomHeaderArgs.builder()
.header("string")
.value("string")
.build())
.customScripts(Map.of("string", "string"))
.debug(false)
.decryptionKey(ConnectionOptionsDecryptionKeyArgs.builder()
.cert("string")
.key("string")
.build())
.digestAlgorithm("string")
.disableCache(false)
.disableSelfServiceChangePassword(false)
.disableSignOut(false)
.disableSignup(false)
.discoveryUrl("string")
.domain("string")
.domainAliases("string")
.enableScriptContext(false)
.enabledDatabaseCustomization(false)
.entityId("string")
.fedMetadataXml("string")
.fieldsMap("string")
.forwardRequestInfo(false)
.from("string")
.gatewayAuthentication(ConnectionOptionsGatewayAuthenticationArgs.builder()
.audience("string")
.method("string")
.secret("string")
.secretBase64Encoded(false)
.subject("string")
.build())
.gatewayUrl("string")
.globalTokenRevocationJwtIss("string")
.globalTokenRevocationJwtSub("string")
.iconUrl("string")
.identityApi("string")
.idpInitiated(ConnectionOptionsIdpInitiatedArgs.builder()
.clientAuthorizeQuery("string")
.clientId("string")
.clientProtocol("string")
.enabled(false)
.build())
.importMode(false)
.ips("string")
.issuer("string")
.jwksUri("string")
.keyId("string")
.mapUserIdToId(false)
.maxGroupsToRetrieve("string")
.messagingServiceSid("string")
.metadataUrl("string")
.metadataXml("string")
.mfa(ConnectionOptionsMfaArgs.builder()
.active(false)
.returnEnrollSettings(false)
.build())
.name("string")
.nonPersistentAttrs("string")
.passkeyOptions(ConnectionOptionsPasskeyOptionsArgs.builder()
.challengeUi("string")
.localEnrollmentEnabled(false)
.progressiveEnrollmentEnabled(false)
.build())
.passwordComplexityOptions(ConnectionOptionsPasswordComplexityOptionsArgs.builder()
.minLength(0)
.build())
.passwordDictionary(ConnectionOptionsPasswordDictionaryArgs.builder()
.dictionaries("string")
.enable(false)
.build())
.passwordHistories(ConnectionOptionsPasswordHistoryArgs.builder()
.enable(false)
.size(0)
.build())
.passwordNoPersonalInfo(ConnectionOptionsPasswordNoPersonalInfoArgs.builder()
.enable(false)
.build())
.passwordPolicy("string")
.pingFederateBaseUrl("string")
.pkceEnabled(false)
.precedences("string")
.protocolBinding("string")
.provider("string")
.realmFallback(false)
.requestTemplate("string")
.requiresUsername(false)
.scopes("string")
.scripts(Map.of("string", "string"))
.setUserRootAttributes("string")
.shouldTrustEmailVerifiedConnection("string")
.signInEndpoint("string")
.signOutEndpoint("string")
.signSamlRequest(false)
.signatureAlgorithm("string")
.signingCert("string")
.signingKey(ConnectionOptionsSigningKeyArgs.builder()
.cert("string")
.key("string")
.build())
.strategyVersion(0)
.subject("string")
.syntax("string")
.teamId("string")
.template("string")
.tenantDomain("string")
.tokenEndpoint("string")
.tokenEndpointAuthMethod("string")
.tokenEndpointAuthSigningAlg("string")
.totp(ConnectionOptionsTotpArgs.builder()
.length(0)
.timeStep(0)
.build())
.twilioSid("string")
.twilioToken("string")
.type("string")
.upstreamParams("string")
.useCertAuth(false)
.useKerberos(false)
.useWsfed(false)
.userIdAttribute("string")
.userinfoEndpoint("string")
.validation(ConnectionOptionsValidationArgs.builder()
.username(ConnectionOptionsValidationUsernameArgs.builder()
.max(0)
.min(0)
.build())
.build())
.waadCommonEndpoint(false)
.waadProtocol("string")
.build())
.realms("string")
.showAsButton(false)
.build());
connection_resource = auth0.Connection("connectionResource",
strategy="string",
authentication={
"active": False,
},
connected_accounts={
"active": False,
},
display_name="string",
is_domain_connection=False,
metadata={
"string": "string",
},
name="string",
options={
"adfs_server": "string",
"allowed_audiences": ["string"],
"api_enable_users": False,
"app_id": "string",
"attribute_map": {
"mapping_mode": "string",
"attributes": "string",
"userinfo_scope": "string",
},
"attributes": [{
"emails": [{
"identifiers": [{
"active": False,
}],
"profile_required": False,
"signups": [{
"status": "string",
"verifications": [{
"active": False,
}],
}],
"unique": False,
"verification_method": "string",
}],
"phone_numbers": [{
"identifiers": [{
"active": False,
}],
"profile_required": False,
"signups": [{
"status": "string",
"verifications": [{
"active": False,
}],
}],
}],
"usernames": [{
"identifiers": [{
"active": False,
}],
"profile_required": False,
"signups": [{
"status": "string",
}],
"validations": [{
"allowed_types": [{
"email": False,
"phone_number": False,
}],
"max_length": 0,
"min_length": 0,
}],
}],
}],
"auth_params": {
"string": "string",
},
"authentication_methods": [{
"passkey": {
"enabled": False,
},
"password": {
"enabled": False,
},
}],
"authorization_endpoint": "string",
"brute_force_protection": False,
"client_id": "string",
"client_secret": "string",
"community_base_url": "string",
"configuration": {
"string": "string",
},
"connection_settings": {
"pkce": "string",
},
"custom_headers": [{
"header": "string",
"value": "string",
}],
"custom_scripts": {
"string": "string",
},
"debug": False,
"decryption_key": {
"cert": "string",
"key": "string",
},
"digest_algorithm": "string",
"disable_cache": False,
"disable_self_service_change_password": False,
"disable_sign_out": False,
"disable_signup": False,
"discovery_url": "string",
"domain": "string",
"domain_aliases": ["string"],
"enable_script_context": False,
"enabled_database_customization": False,
"entity_id": "string",
"fed_metadata_xml": "string",
"fields_map": "string",
"forward_request_info": False,
"from_": "string",
"gateway_authentication": {
"audience": "string",
"method": "string",
"secret": "string",
"secret_base64_encoded": False,
"subject": "string",
},
"gateway_url": "string",
"global_token_revocation_jwt_iss": "string",
"global_token_revocation_jwt_sub": "string",
"icon_url": "string",
"identity_api": "string",
"idp_initiated": {
"client_authorize_query": "string",
"client_id": "string",
"client_protocol": "string",
"enabled": False,
},
"import_mode": False,
"ips": ["string"],
"issuer": "string",
"jwks_uri": "string",
"key_id": "string",
"map_user_id_to_id": False,
"max_groups_to_retrieve": "string",
"messaging_service_sid": "string",
"metadata_url": "string",
"metadata_xml": "string",
"mfa": {
"active": False,
"return_enroll_settings": False,
},
"name": "string",
"non_persistent_attrs": ["string"],
"passkey_options": {
"challenge_ui": "string",
"local_enrollment_enabled": False,
"progressive_enrollment_enabled": False,
},
"password_complexity_options": {
"min_length": 0,
},
"password_dictionary": {
"dictionaries": ["string"],
"enable": False,
},
"password_histories": [{
"enable": False,
"size": 0,
}],
"password_no_personal_info": {
"enable": False,
},
"password_policy": "string",
"ping_federate_base_url": "string",
"pkce_enabled": False,
"precedences": ["string"],
"protocol_binding": "string",
"provider": "string",
"realm_fallback": False,
"request_template": "string",
"requires_username": False,
"scopes": ["string"],
"scripts": {
"string": "string",
},
"set_user_root_attributes": "string",
"should_trust_email_verified_connection": "string",
"sign_in_endpoint": "string",
"sign_out_endpoint": "string",
"sign_saml_request": False,
"signature_algorithm": "string",
"signing_cert": "string",
"signing_key": {
"cert": "string",
"key": "string",
},
"strategy_version": 0,
"subject": "string",
"syntax": "string",
"team_id": "string",
"template": "string",
"tenant_domain": "string",
"token_endpoint": "string",
"token_endpoint_auth_method": "string",
"token_endpoint_auth_signing_alg": "string",
"totp": {
"length": 0,
"time_step": 0,
},
"twilio_sid": "string",
"twilio_token": "string",
"type": "string",
"upstream_params": "string",
"use_cert_auth": False,
"use_kerberos": False,
"use_wsfed": False,
"user_id_attribute": "string",
"userinfo_endpoint": "string",
"validation": {
"username": {
"max": 0,
"min": 0,
},
},
"waad_common_endpoint": False,
"waad_protocol": "string",
},
realms=["string"],
show_as_button=False)
const connectionResource = new auth0.Connection("connectionResource", {
strategy: "string",
authentication: {
active: false,
},
connectedAccounts: {
active: false,
},
displayName: "string",
isDomainConnection: false,
metadata: {
string: "string",
},
name: "string",
options: {
adfsServer: "string",
allowedAudiences: ["string"],
apiEnableUsers: false,
appId: "string",
attributeMap: {
mappingMode: "string",
attributes: "string",
userinfoScope: "string",
},
attributes: [{
emails: [{
identifiers: [{
active: false,
}],
profileRequired: false,
signups: [{
status: "string",
verifications: [{
active: false,
}],
}],
unique: false,
verificationMethod: "string",
}],
phoneNumbers: [{
identifiers: [{
active: false,
}],
profileRequired: false,
signups: [{
status: "string",
verifications: [{
active: false,
}],
}],
}],
usernames: [{
identifiers: [{
active: false,
}],
profileRequired: false,
signups: [{
status: "string",
}],
validations: [{
allowedTypes: [{
email: false,
phoneNumber: false,
}],
maxLength: 0,
minLength: 0,
}],
}],
}],
authParams: {
string: "string",
},
authenticationMethods: [{
passkey: {
enabled: false,
},
password: {
enabled: false,
},
}],
authorizationEndpoint: "string",
bruteForceProtection: false,
clientId: "string",
clientSecret: "string",
communityBaseUrl: "string",
configuration: {
string: "string",
},
connectionSettings: {
pkce: "string",
},
customHeaders: [{
header: "string",
value: "string",
}],
customScripts: {
string: "string",
},
debug: false,
decryptionKey: {
cert: "string",
key: "string",
},
digestAlgorithm: "string",
disableCache: false,
disableSelfServiceChangePassword: false,
disableSignOut: false,
disableSignup: false,
discoveryUrl: "string",
domain: "string",
domainAliases: ["string"],
enableScriptContext: false,
enabledDatabaseCustomization: false,
entityId: "string",
fedMetadataXml: "string",
fieldsMap: "string",
forwardRequestInfo: false,
from: "string",
gatewayAuthentication: {
audience: "string",
method: "string",
secret: "string",
secretBase64Encoded: false,
subject: "string",
},
gatewayUrl: "string",
globalTokenRevocationJwtIss: "string",
globalTokenRevocationJwtSub: "string",
iconUrl: "string",
identityApi: "string",
idpInitiated: {
clientAuthorizeQuery: "string",
clientId: "string",
clientProtocol: "string",
enabled: false,
},
importMode: false,
ips: ["string"],
issuer: "string",
jwksUri: "string",
keyId: "string",
mapUserIdToId: false,
maxGroupsToRetrieve: "string",
messagingServiceSid: "string",
metadataUrl: "string",
metadataXml: "string",
mfa: {
active: false,
returnEnrollSettings: false,
},
name: "string",
nonPersistentAttrs: ["string"],
passkeyOptions: {
challengeUi: "string",
localEnrollmentEnabled: false,
progressiveEnrollmentEnabled: false,
},
passwordComplexityOptions: {
minLength: 0,
},
passwordDictionary: {
dictionaries: ["string"],
enable: false,
},
passwordHistories: [{
enable: false,
size: 0,
}],
passwordNoPersonalInfo: {
enable: false,
},
passwordPolicy: "string",
pingFederateBaseUrl: "string",
pkceEnabled: false,
precedences: ["string"],
protocolBinding: "string",
provider: "string",
realmFallback: false,
requestTemplate: "string",
requiresUsername: false,
scopes: ["string"],
scripts: {
string: "string",
},
setUserRootAttributes: "string",
shouldTrustEmailVerifiedConnection: "string",
signInEndpoint: "string",
signOutEndpoint: "string",
signSamlRequest: false,
signatureAlgorithm: "string",
signingCert: "string",
signingKey: {
cert: "string",
key: "string",
},
strategyVersion: 0,
subject: "string",
syntax: "string",
teamId: "string",
template: "string",
tenantDomain: "string",
tokenEndpoint: "string",
tokenEndpointAuthMethod: "string",
tokenEndpointAuthSigningAlg: "string",
totp: {
length: 0,
timeStep: 0,
},
twilioSid: "string",
twilioToken: "string",
type: "string",
upstreamParams: "string",
useCertAuth: false,
useKerberos: false,
useWsfed: false,
userIdAttribute: "string",
userinfoEndpoint: "string",
validation: {
username: {
max: 0,
min: 0,
},
},
waadCommonEndpoint: false,
waadProtocol: "string",
},
realms: ["string"],
showAsButton: false,
});
type: auth0:Connection
properties:
authentication:
active: false
connectedAccounts:
active: false
displayName: string
isDomainConnection: false
metadata:
string: string
name: string
options:
adfsServer: string
allowedAudiences:
- string
apiEnableUsers: false
appId: string
attributeMap:
attributes: string
mappingMode: string
userinfoScope: string
attributes:
- emails:
- identifiers:
- active: false
profileRequired: false
signups:
- status: string
verifications:
- active: false
unique: false
verificationMethod: string
phoneNumbers:
- identifiers:
- active: false
profileRequired: false
signups:
- status: string
verifications:
- active: false
usernames:
- identifiers:
- active: false
profileRequired: false
signups:
- status: string
validations:
- allowedTypes:
- email: false
phoneNumber: false
maxLength: 0
minLength: 0
authParams:
string: string
authenticationMethods:
- passkey:
enabled: false
password:
enabled: false
authorizationEndpoint: string
bruteForceProtection: false
clientId: string
clientSecret: string
communityBaseUrl: string
configuration:
string: string
connectionSettings:
pkce: string
customHeaders:
- header: string
value: string
customScripts:
string: string
debug: false
decryptionKey:
cert: string
key: string
digestAlgorithm: string
disableCache: false
disableSelfServiceChangePassword: false
disableSignOut: false
disableSignup: false
discoveryUrl: string
domain: string
domainAliases:
- string
enableScriptContext: false
enabledDatabaseCustomization: false
entityId: string
fedMetadataXml: string
fieldsMap: string
forwardRequestInfo: false
from: string
gatewayAuthentication:
audience: string
method: string
secret: string
secretBase64Encoded: false
subject: string
gatewayUrl: string
globalTokenRevocationJwtIss: string
globalTokenRevocationJwtSub: string
iconUrl: string
identityApi: string
idpInitiated:
clientAuthorizeQuery: string
clientId: string
clientProtocol: string
enabled: false
importMode: false
ips:
- string
issuer: string
jwksUri: string
keyId: string
mapUserIdToId: false
maxGroupsToRetrieve: string
messagingServiceSid: string
metadataUrl: string
metadataXml: string
mfa:
active: false
returnEnrollSettings: false
name: string
nonPersistentAttrs:
- string
passkeyOptions:
challengeUi: string
localEnrollmentEnabled: false
progressiveEnrollmentEnabled: false
passwordComplexityOptions:
minLength: 0
passwordDictionary:
dictionaries:
- string
enable: false
passwordHistories:
- enable: false
size: 0
passwordNoPersonalInfo:
enable: false
passwordPolicy: string
pingFederateBaseUrl: string
pkceEnabled: false
precedences:
- string
protocolBinding: string
provider: string
realmFallback: false
requestTemplate: string
requiresUsername: false
scopes:
- string
scripts:
string: string
setUserRootAttributes: string
shouldTrustEmailVerifiedConnection: string
signInEndpoint: string
signOutEndpoint: string
signSamlRequest: false
signatureAlgorithm: string
signingCert: string
signingKey:
cert: string
key: string
strategyVersion: 0
subject: string
syntax: string
teamId: string
template: string
tenantDomain: string
tokenEndpoint: string
tokenEndpointAuthMethod: string
tokenEndpointAuthSigningAlg: string
totp:
length: 0
timeStep: 0
twilioSid: string
twilioToken: string
type: string
upstreamParams: string
useCertAuth: false
useKerberos: false
useWsfed: false
userIdAttribute: string
userinfoEndpoint: string
validation:
username:
max: 0
min: 0
waadCommonEndpoint: false
waadProtocol: string
realms:
- string
showAsButton: false
strategy: string
Connection Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Connection resource accepts the following input properties:
- Strategy string
- Type of the connection, which indicates the identity provider.
- Authentication
Connection
Authentication - Configure the purpose of a connection to be used for authentication during login.
- Connected
Accounts ConnectionConnected Accounts - Configure the purpose of a connection to be used for connected accounts and Token Vault.
- Display
Name string - Name used in login screen.
- Is
Domain boolConnection - Indicates whether the connection is domain level.
- Metadata Dictionary<string, string>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Name string
- Name of the connection. This value is immutable and changing it requires the creation of a new resource.
- Options
Connection
Options - Configuration settings for connection options.
- Realms List<string>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- Strategy string
- Type of the connection, which indicates the identity provider.
- Authentication
Connection
Authentication Args - Configure the purpose of a connection to be used for authentication during login.
- Connected
Accounts ConnectionConnected Accounts Args - Configure the purpose of a connection to be used for connected accounts and Token Vault.
- Display
Name string - Name used in login screen.
- Is
Domain boolConnection - Indicates whether the connection is domain level.
- Metadata map[string]string
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Name string
- Name of the connection. This value is immutable and changing it requires the creation of a new resource.
- Options
Connection
Options Args - Configuration settings for connection options.
- Realms []string
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- strategy String
- Type of the connection, which indicates the identity provider.
- authentication
Connection
Authentication - Configure the purpose of a connection to be used for authentication during login.
- connected
Accounts ConnectionConnected Accounts - Configure the purpose of a connection to be used for connected accounts and Token Vault.
- display
Name String - Name used in login screen.
- is
Domain BooleanConnection - Indicates whether the connection is domain level.
- metadata Map<String,String>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name String
- Name of the connection. This value is immutable and changing it requires the creation of a new resource.
- options
Connection
Options - Configuration settings for connection options.
- realms List<String>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
- Display connection as a button. Only available on enterprise connections.
- strategy string
- Type of the connection, which indicates the identity provider.
- authentication
Connection
Authentication - Configure the purpose of a connection to be used for authentication during login.
- connected
Accounts ConnectionConnected Accounts - Configure the purpose of a connection to be used for connected accounts and Token Vault.
- display
Name string - Name used in login screen.
- is
Domain booleanConnection - Indicates whether the connection is domain level.
- metadata {[key: string]: string}
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name string
- Name of the connection. This value is immutable and changing it requires the creation of a new resource.
- options
Connection
Options - Configuration settings for connection options.
- realms string[]
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- boolean
- Display connection as a button. Only available on enterprise connections.
- strategy str
- Type of the connection, which indicates the identity provider.
- authentication
Connection
Authentication Args - Configure the purpose of a connection to be used for authentication during login.
- connected_
accounts ConnectionConnected Accounts Args - Configure the purpose of a connection to be used for connected accounts and Token Vault.
- display_
name str - Name used in login screen.
- is_
domain_ boolconnection - Indicates whether the connection is domain level.
- metadata Mapping[str, str]
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name str
- Name of the connection. This value is immutable and changing it requires the creation of a new resource.
- options
Connection
Options Args - Configuration settings for connection options.
- realms Sequence[str]
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- strategy String
- Type of the connection, which indicates the identity provider.
- authentication Property Map
- Configure the purpose of a connection to be used for authentication during login.
- connected
Accounts Property Map - Configure the purpose of a connection to be used for connected accounts and Token Vault.
- display
Name String - Name used in login screen.
- is
Domain BooleanConnection - Indicates whether the connection is domain level.
- metadata Map<String>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name String
- Name of the connection. This value is immutable and changing it requires the creation of a new resource.
- options Property Map
- Configuration settings for connection options.
- realms List<String>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
- Display connection as a button. Only available on enterprise connections.
Outputs
All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Connection Resource
Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
authentication: Optional[ConnectionAuthenticationArgs] = None,
connected_accounts: Optional[ConnectionConnectedAccountsArgs] = None,
display_name: Optional[str] = None,
is_domain_connection: Optional[bool] = None,
metadata: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
options: Optional[ConnectionOptionsArgs] = None,
realms: Optional[Sequence[str]] = None,
show_as_button: Optional[bool] = None,
strategy: Optional[str] = None) -> Connectionfunc GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)public static Connection get(String name, Output<String> id, ConnectionState state, CustomResourceOptions options)resources: _: type: auth0:Connection get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Authentication
Connection
Authentication - Configure the purpose of a connection to be used for authentication during login.
- Connected
Accounts ConnectionConnected Accounts - Configure the purpose of a connection to be used for connected accounts and Token Vault.
- Display
Name string - Name used in login screen.
- Is
Domain boolConnection - Indicates whether the connection is domain level.
- Metadata Dictionary<string, string>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Name string
- Name of the connection. This value is immutable and changing it requires the creation of a new resource.
- Options
Connection
Options - Configuration settings for connection options.
- Realms List<string>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- Strategy string
- Type of the connection, which indicates the identity provider.
- Authentication
Connection
Authentication Args - Configure the purpose of a connection to be used for authentication during login.
- Connected
Accounts ConnectionConnected Accounts Args - Configure the purpose of a connection to be used for connected accounts and Token Vault.
- Display
Name string - Name used in login screen.
- Is
Domain boolConnection - Indicates whether the connection is domain level.
- Metadata map[string]string
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Name string
- Name of the connection. This value is immutable and changing it requires the creation of a new resource.
- Options
Connection
Options Args - Configuration settings for connection options.
- Realms []string
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- Strategy string
- Type of the connection, which indicates the identity provider.
- authentication
Connection
Authentication - Configure the purpose of a connection to be used for authentication during login.
- connected
Accounts ConnectionConnected Accounts - Configure the purpose of a connection to be used for connected accounts and Token Vault.
- display
Name String - Name used in login screen.
- is
Domain BooleanConnection - Indicates whether the connection is domain level.
- metadata Map<String,String>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name String
- Name of the connection. This value is immutable and changing it requires the creation of a new resource.
- options
Connection
Options - Configuration settings for connection options.
- realms List<String>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
- Display connection as a button. Only available on enterprise connections.
- strategy String
- Type of the connection, which indicates the identity provider.
- authentication
Connection
Authentication - Configure the purpose of a connection to be used for authentication during login.
- connected
Accounts ConnectionConnected Accounts - Configure the purpose of a connection to be used for connected accounts and Token Vault.
- display
Name string - Name used in login screen.
- is
Domain booleanConnection - Indicates whether the connection is domain level.
- metadata {[key: string]: string}
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name string
- Name of the connection. This value is immutable and changing it requires the creation of a new resource.
- options
Connection
Options - Configuration settings for connection options.
- realms string[]
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- boolean
- Display connection as a button. Only available on enterprise connections.
- strategy string
- Type of the connection, which indicates the identity provider.
- authentication
Connection
Authentication Args - Configure the purpose of a connection to be used for authentication during login.
- connected_
accounts ConnectionConnected Accounts Args - Configure the purpose of a connection to be used for connected accounts and Token Vault.
- display_
name str - Name used in login screen.
- is_
domain_ boolconnection - Indicates whether the connection is domain level.
- metadata Mapping[str, str]
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name str
- Name of the connection. This value is immutable and changing it requires the creation of a new resource.
- options
Connection
Options Args - Configuration settings for connection options.
- realms Sequence[str]
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- strategy str
- Type of the connection, which indicates the identity provider.
- authentication Property Map
- Configure the purpose of a connection to be used for authentication during login.
- connected
Accounts Property Map - Configure the purpose of a connection to be used for connected accounts and Token Vault.
- display
Name String - Name used in login screen.
- is
Domain BooleanConnection - Indicates whether the connection is domain level.
- metadata Map<String>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name String
- Name of the connection. This value is immutable and changing it requires the creation of a new resource.
- options Property Map
- Configuration settings for connection options.
- realms List<String>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
- Display connection as a button. Only available on enterprise connections.
- strategy String
- Type of the connection, which indicates the identity provider.
Supporting Types
ConnectionAuthentication, ConnectionAuthenticationArgs
- Active bool
- Active bool
- active Boolean
- active boolean
- active bool
- active Boolean
ConnectionConnectedAccounts, ConnectionConnectedAccountsArgs
- Active bool
- Active bool
- active Boolean
- active boolean
- active bool
- active Boolean
ConnectionOptions, ConnectionOptionsArgs
- Adfs
Server string - ADFS URL where to fetch the metadata source.
- Allowed
Audiences List<string> - List of allowed audiences.
- Api
Enable boolUsers - Enable API Access to users.
- App
Id string - App ID.
- Attribute
Map ConnectionOptions Attribute Map - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- Attributes
List<Connection
Options Attribute> - Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
- Auth
Params Dictionary<string, string> - Query string parameters to be included as part of the generated passwordless email link.
- Authentication
Methods List<ConnectionOptions Authentication Method> - Specifies the authentication methods and their configuration (enabled or disabled)
- string
- Authorization endpoint.
- Brute
Force boolProtection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- Client
Id string - The strategy's client ID.
- Client
Secret string - The strategy's client secret.
- Community
Base stringUrl - Salesforce community base URL.
- Configuration Dictionary<string, string>
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script. - Connection
Settings ConnectionOptions Connection Settings - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- Custom
Headers List<ConnectionOptions Custom Header> - Configure extra headers to the Token endpoint of an OAuth 2.0 provider
- Custom
Scripts Dictionary<string, string> - A map of scripts used to integrate with a custom database.
- Debug bool
- When enabled, additional debug information will be generated.
- Decryption
Key ConnectionOptions Decryption Key - The key used to decrypt encrypted responses from the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively. - Digest
Algorithm string - Sign Request Algorithm Digest.
- Disable
Cache bool - Indicates whether to disable the cache or not.
- Disable
Self boolService Change Password - Indicates whether to remove the forgot password link within the New Universal Login.
- Disable
Sign boolOut - When enabled, will disable sign out.
- Disable
Signup bool - Indicates whether to allow user sign-ups to your application.
- Discovery
Url string - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration. - Domain string
- Domain name.
- Domain
Aliases List<string> - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- Enable
Script boolContext - Set to
trueto inject context into custom DB scripts (warning: cannot be disabled once enabled). - Enabled
Database boolCustomization - Set to
trueto use a legacy user store. - Entity
Id string - Custom Entity ID for the connection.
- Fed
Metadata stringXml - Federation Metadata for the ADFS connection.
- Fields
Map string - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- Forward
Request boolInfo - Specifies whether or not request info should be forwarded to sms gateway.
- From string
- Address to use as the sender.
- Gateway
Authentication ConnectionOptions Gateway Authentication - Defines the parameters used to generate the auth token for the custom gateway.
- Gateway
Url string - Defines a custom sms gateway to use instead of Twilio.
- Global
Token stringRevocation Jwt Iss - Specifies the issuer of the JWT used for global token revocation for the SAML connection.
- Global
Token stringRevocation Jwt Sub - Specifies the subject of the JWT used for global token revocation for the SAML connection.
- Icon
Url string - Icon URL.
- Identity
Api string - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0orazure-active-directory-v1.0. - Idp
Initiated ConnectionOptions Idp Initiated - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id,client_protocol, andclient_authorize_query. - Import
Mode bool - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- Ips List<string>
- A list of IPs.
- Issuer string
- Issuer URL, e.g.
https://auth.example.com. - Jwks
Uri string - JWKS URI.
- Key
Id string - Apple Key ID.
- Map
User boolId To Id - By default Auth0 maps
user_idtoemail. Enabling this setting changes the behavior to mapuser_idto 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - Max
Groups stringTo Retrieve - Maximum number of groups to retrieve.
- Messaging
Service stringSid - SID for Copilot. Used when SMS Source is Copilot.
- Metadata
Url string - The URL of the SAML metadata document.
- Metadata
Xml string - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- Mfa
Connection
Options Mfa - Configuration options for multifactor authentication.
- Name string
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- Non
Persistent List<string>Attrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- Passkey
Options ConnectionOptions Passkey Options - Defines options for the passkey authentication method
- Password
Complexity ConnectionOptions Options Password Complexity Options - Configuration settings for password complexity.
- Password
Dictionary ConnectionOptions Password Dictionary - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- Password
Histories List<ConnectionOptions Password History> - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- Password
No ConnectionPersonal Info Options Password No Personal Info - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name,username,nickname,user_metadata.name,user_metadata.first,user_metadata.last, user'semail, or first part of the user'semail. - Password
Policy string - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none,low,fair,good,excellent. - Ping
Federate stringBase Url - Ping Federate Server URL.
- Pkce
Enabled bool - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- Precedences List<string>
- Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
- Protocol
Binding string - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- Provider string
- Defines the custom
sms_gatewayprovider. - Realm
Fallback bool - Allows configuration if connectionsrealmfallback flag is enabled for the tenant
- Request
Template string - Template that formats the SAML request.
- Requires
Username bool - Indicates whether the user is required to provide a username in addition to an email address.
- Scopes List<string>
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile,ext_profile,ext_nested_groups, etc. - Scripts Dictionary<string, string>
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfilescript. - Set
User stringRoot Attributes - Determines whether to sync user profile attributes (
name,given_name,family_name,nickname,picture) at each login or only on the first login. Options include:on_each_login,on_first_login,never_on_login. Default value:on_each_login. - Should
Trust stringEmail Verified Connection - Choose how Auth0 sets the email_verified field in the user profile.
- Sign
In stringEndpoint - SAML single login URL for the connection.
- Sign
Out stringEndpoint - SAML single logout URL for the connection.
- Sign
Saml boolRequest - When enabled, the SAML authentication request will be signed.
- Signature
Algorithm string - Sign Request Algorithm.
- Signing
Cert string - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- Signing
Key ConnectionOptions Signing Key - The key used to sign requests in the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively. - Strategy
Version int - Version 1 is deprecated, use version 2.
- Subject string
- Subject line of the email.
- Syntax string
- Syntax of the template body.
- Team
Id string - Apple Team ID.
- Template string
- Body of the template.
- Tenant
Domain string - Tenant domain name.
- Token
Endpoint string - Token endpoint.
- Token
Endpoint stringAuth Method - Specifies the authentication method for the token endpoint. (Okta/OIDC Connections)
- Token
Endpoint stringAuth Signing Alg - Specifies the signing algorithm for the token endpoint. (Okta/OIDC Connections)
- Totp
Connection
Options Totp - Configuration options for one-time passwords.
- Twilio
Sid string - SID for your Twilio account.
- Twilio
Token string - AuthToken for your Twilio account.
- Type string
- Value can be
back_channelorfront_channel. Front Channel will use OIDC protocol withresponse_mode=form_postandresponse_type=id_token. Back Channel will useresponse_type=code. - Upstream
Params string - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- Use
Cert boolAuth - Indicates whether to use cert auth or not.
- Use
Kerberos bool - Indicates whether to use Kerberos or not.
- Use
Wsfed bool - Whether to use WS-Fed.
- User
Id stringAttribute - Attribute in the token that will be mapped to the user_id property in Auth0.
- Userinfo
Endpoint string - User info endpoint.
- Validation
Connection
Options Validation - Validation of the minimum and maximum values allowed for a user to have as username.
- Waad
Common boolEndpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- Waad
Protocol string - Protocol to use.
- Adfs
Server string - ADFS URL where to fetch the metadata source.
- Allowed
Audiences []string - List of allowed audiences.
- Api
Enable boolUsers - Enable API Access to users.
- App
Id string - App ID.
- Attribute
Map ConnectionOptions Attribute Map - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- Attributes
[]Connection
Options Attribute - Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
- Auth
Params map[string]string - Query string parameters to be included as part of the generated passwordless email link.
- Authentication
Methods []ConnectionOptions Authentication Method - Specifies the authentication methods and their configuration (enabled or disabled)
- string
- Authorization endpoint.
- Brute
Force boolProtection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- Client
Id string - The strategy's client ID.
- Client
Secret string - The strategy's client secret.
- Community
Base stringUrl - Salesforce community base URL.
- Configuration map[string]string
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script. - Connection
Settings ConnectionOptions Connection Settings - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- Custom
Headers []ConnectionOptions Custom Header - Configure extra headers to the Token endpoint of an OAuth 2.0 provider
- Custom
Scripts map[string]string - A map of scripts used to integrate with a custom database.
- Debug bool
- When enabled, additional debug information will be generated.
- Decryption
Key ConnectionOptions Decryption Key - The key used to decrypt encrypted responses from the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively. - Digest
Algorithm string - Sign Request Algorithm Digest.
- Disable
Cache bool - Indicates whether to disable the cache or not.
- Disable
Self boolService Change Password - Indicates whether to remove the forgot password link within the New Universal Login.
- Disable
Sign boolOut - When enabled, will disable sign out.
- Disable
Signup bool - Indicates whether to allow user sign-ups to your application.
- Discovery
Url string - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration. - Domain string
- Domain name.
- Domain
Aliases []string - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- Enable
Script boolContext - Set to
trueto inject context into custom DB scripts (warning: cannot be disabled once enabled). - Enabled
Database boolCustomization - Set to
trueto use a legacy user store. - Entity
Id string - Custom Entity ID for the connection.
- Fed
Metadata stringXml - Federation Metadata for the ADFS connection.
- Fields
Map string - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- Forward
Request boolInfo - Specifies whether or not request info should be forwarded to sms gateway.
- From string
- Address to use as the sender.
- Gateway
Authentication ConnectionOptions Gateway Authentication - Defines the parameters used to generate the auth token for the custom gateway.
- Gateway
Url string - Defines a custom sms gateway to use instead of Twilio.
- Global
Token stringRevocation Jwt Iss - Specifies the issuer of the JWT used for global token revocation for the SAML connection.
- Global
Token stringRevocation Jwt Sub - Specifies the subject of the JWT used for global token revocation for the SAML connection.
- Icon
Url string - Icon URL.
- Identity
Api string - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0orazure-active-directory-v1.0. - Idp
Initiated ConnectionOptions Idp Initiated - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id,client_protocol, andclient_authorize_query. - Import
Mode bool - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- Ips []string
- A list of IPs.
- Issuer string
- Issuer URL, e.g.
https://auth.example.com. - Jwks
Uri string - JWKS URI.
- Key
Id string - Apple Key ID.
- Map
User boolId To Id - By default Auth0 maps
user_idtoemail. Enabling this setting changes the behavior to mapuser_idto 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - Max
Groups stringTo Retrieve - Maximum number of groups to retrieve.
- Messaging
Service stringSid - SID for Copilot. Used when SMS Source is Copilot.
- Metadata
Url string - The URL of the SAML metadata document.
- Metadata
Xml string - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- Mfa
Connection
Options Mfa - Configuration options for multifactor authentication.
- Name string
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- Non
Persistent []stringAttrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- Passkey
Options ConnectionOptions Passkey Options - Defines options for the passkey authentication method
- Password
Complexity ConnectionOptions Options Password Complexity Options - Configuration settings for password complexity.
- Password
Dictionary ConnectionOptions Password Dictionary - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- Password
Histories []ConnectionOptions Password History - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- Password
No ConnectionPersonal Info Options Password No Personal Info - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name,username,nickname,user_metadata.name,user_metadata.first,user_metadata.last, user'semail, or first part of the user'semail. - Password
Policy string - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none,low,fair,good,excellent. - Ping
Federate stringBase Url - Ping Federate Server URL.
- Pkce
Enabled bool - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- Precedences []string
- Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
- Protocol
Binding string - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- Provider string
- Defines the custom
sms_gatewayprovider. - Realm
Fallback bool - Allows configuration if connectionsrealmfallback flag is enabled for the tenant
- Request
Template string - Template that formats the SAML request.
- Requires
Username bool - Indicates whether the user is required to provide a username in addition to an email address.
- Scopes []string
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile,ext_profile,ext_nested_groups, etc. - Scripts map[string]string
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfilescript. - Set
User stringRoot Attributes - Determines whether to sync user profile attributes (
name,given_name,family_name,nickname,picture) at each login or only on the first login. Options include:on_each_login,on_first_login,never_on_login. Default value:on_each_login. - Should
Trust stringEmail Verified Connection - Choose how Auth0 sets the email_verified field in the user profile.
- Sign
In stringEndpoint - SAML single login URL for the connection.
- Sign
Out stringEndpoint - SAML single logout URL for the connection.
- Sign
Saml boolRequest - When enabled, the SAML authentication request will be signed.
- Signature
Algorithm string - Sign Request Algorithm.
- Signing
Cert string - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- Signing
Key ConnectionOptions Signing Key - The key used to sign requests in the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively. - Strategy
Version int - Version 1 is deprecated, use version 2.
- Subject string
- Subject line of the email.
- Syntax string
- Syntax of the template body.
- Team
Id string - Apple Team ID.
- Template string
- Body of the template.
- Tenant
Domain string - Tenant domain name.
- Token
Endpoint string - Token endpoint.
- Token
Endpoint stringAuth Method - Specifies the authentication method for the token endpoint. (Okta/OIDC Connections)
- Token
Endpoint stringAuth Signing Alg - Specifies the signing algorithm for the token endpoint. (Okta/OIDC Connections)
- Totp
Connection
Options Totp - Configuration options for one-time passwords.
- Twilio
Sid string - SID for your Twilio account.
- Twilio
Token string - AuthToken for your Twilio account.
- Type string
- Value can be
back_channelorfront_channel. Front Channel will use OIDC protocol withresponse_mode=form_postandresponse_type=id_token. Back Channel will useresponse_type=code. - Upstream
Params string - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- Use
Cert boolAuth - Indicates whether to use cert auth or not.
- Use
Kerberos bool - Indicates whether to use Kerberos or not.
- Use
Wsfed bool - Whether to use WS-Fed.
- User
Id stringAttribute - Attribute in the token that will be mapped to the user_id property in Auth0.
- Userinfo
Endpoint string - User info endpoint.
- Validation
Connection
Options Validation - Validation of the minimum and maximum values allowed for a user to have as username.
- Waad
Common boolEndpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- Waad
Protocol string - Protocol to use.
- adfs
Server String - ADFS URL where to fetch the metadata source.
- allowed
Audiences List<String> - List of allowed audiences.
- api
Enable BooleanUsers - Enable API Access to users.
- app
Id String - App ID.
- attribute
Map ConnectionOptions Attribute Map - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- attributes
List<Connection
Options Attribute> - Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
- auth
Params Map<String,String> - Query string parameters to be included as part of the generated passwordless email link.
- authentication
Methods List<ConnectionOptions Authentication Method> - Specifies the authentication methods and their configuration (enabled or disabled)
- String
- Authorization endpoint.
- brute
Force BooleanProtection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client
Id String - The strategy's client ID.
- client
Secret String - The strategy's client secret.
- community
Base StringUrl - Salesforce community base URL.
- configuration Map<String,String>
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script. - connection
Settings ConnectionOptions Connection Settings - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- custom
Headers List<ConnectionOptions Custom Header> - Configure extra headers to the Token endpoint of an OAuth 2.0 provider
- custom
Scripts Map<String,String> - A map of scripts used to integrate with a custom database.
- debug Boolean
- When enabled, additional debug information will be generated.
- decryption
Key ConnectionOptions Decryption Key - The key used to decrypt encrypted responses from the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively. - digest
Algorithm String - Sign Request Algorithm Digest.
- disable
Cache Boolean - Indicates whether to disable the cache or not.
- disable
Self BooleanService Change Password - Indicates whether to remove the forgot password link within the New Universal Login.
- disable
Sign BooleanOut - When enabled, will disable sign out.
- disable
Signup Boolean - Indicates whether to allow user sign-ups to your application.
- discovery
Url String - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration. - domain String
- Domain name.
- domain
Aliases List<String> - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- enable
Script BooleanContext - Set to
trueto inject context into custom DB scripts (warning: cannot be disabled once enabled). - enabled
Database BooleanCustomization - Set to
trueto use a legacy user store. - entity
Id String - Custom Entity ID for the connection.
- fed
Metadata StringXml - Federation Metadata for the ADFS connection.
- fields
Map String - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward
Request BooleanInfo - Specifies whether or not request info should be forwarded to sms gateway.
- from String
- Address to use as the sender.
- gateway
Authentication ConnectionOptions Gateway Authentication - Defines the parameters used to generate the auth token for the custom gateway.
- gateway
Url String - Defines a custom sms gateway to use instead of Twilio.
- global
Token StringRevocation Jwt Iss - Specifies the issuer of the JWT used for global token revocation for the SAML connection.
- global
Token StringRevocation Jwt Sub - Specifies the subject of the JWT used for global token revocation for the SAML connection.
- icon
Url String - Icon URL.
- identity
Api String - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0orazure-active-directory-v1.0. - idp
Initiated ConnectionOptions Idp Initiated - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id,client_protocol, andclient_authorize_query. - import
Mode Boolean - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- ips List<String>
- A list of IPs.
- issuer String
- Issuer URL, e.g.
https://auth.example.com. - jwks
Uri String - JWKS URI.
- key
Id String - Apple Key ID.
- map
User BooleanId To Id - By default Auth0 maps
user_idtoemail. Enabling this setting changes the behavior to mapuser_idto 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - max
Groups StringTo Retrieve - Maximum number of groups to retrieve.
- messaging
Service StringSid - SID for Copilot. Used when SMS Source is Copilot.
- metadata
Url String - The URL of the SAML metadata document.
- metadata
Xml String - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- mfa
Connection
Options Mfa - Configuration options for multifactor authentication.
- name String
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- non
Persistent List<String>Attrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- passkey
Options ConnectionOptions Passkey Options - Defines options for the passkey authentication method
- password
Complexity ConnectionOptions Options Password Complexity Options - Configuration settings for password complexity.
- password
Dictionary ConnectionOptions Password Dictionary - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- password
Histories List<ConnectionOptions Password History> - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- password
No ConnectionPersonal Info Options Password No Personal Info - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name,username,nickname,user_metadata.name,user_metadata.first,user_metadata.last, user'semail, or first part of the user'semail. - password
Policy String - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none,low,fair,good,excellent. - ping
Federate StringBase Url - Ping Federate Server URL.
- pkce
Enabled Boolean - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- precedences List<String>
- Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
- protocol
Binding String - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- provider String
- Defines the custom
sms_gatewayprovider. - realm
Fallback Boolean - Allows configuration if connectionsrealmfallback flag is enabled for the tenant
- request
Template String - Template that formats the SAML request.
- requires
Username Boolean - Indicates whether the user is required to provide a username in addition to an email address.
- scopes List<String>
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile,ext_profile,ext_nested_groups, etc. - scripts Map<String,String>
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfilescript. - set
User StringRoot Attributes - Determines whether to sync user profile attributes (
name,given_name,family_name,nickname,picture) at each login or only on the first login. Options include:on_each_login,on_first_login,never_on_login. Default value:on_each_login. - should
Trust StringEmail Verified Connection - Choose how Auth0 sets the email_verified field in the user profile.
- sign
In StringEndpoint - SAML single login URL for the connection.
- sign
Out StringEndpoint - SAML single logout URL for the connection.
- sign
Saml BooleanRequest - When enabled, the SAML authentication request will be signed.
- signature
Algorithm String - Sign Request Algorithm.
- signing
Cert String - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- signing
Key ConnectionOptions Signing Key - The key used to sign requests in the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively. - strategy
Version Integer - Version 1 is deprecated, use version 2.
- subject String
- Subject line of the email.
- syntax String
- Syntax of the template body.
- team
Id String - Apple Team ID.
- template String
- Body of the template.
- tenant
Domain String - Tenant domain name.
- token
Endpoint String - Token endpoint.
- token
Endpoint StringAuth Method - Specifies the authentication method for the token endpoint. (Okta/OIDC Connections)
- token
Endpoint StringAuth Signing Alg - Specifies the signing algorithm for the token endpoint. (Okta/OIDC Connections)
- totp
Connection
Options Totp - Configuration options for one-time passwords.
- twilio
Sid String - SID for your Twilio account.
- twilio
Token String - AuthToken for your Twilio account.
- type String
- Value can be
back_channelorfront_channel. Front Channel will use OIDC protocol withresponse_mode=form_postandresponse_type=id_token. Back Channel will useresponse_type=code. - upstream
Params String - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- use
Cert BooleanAuth - Indicates whether to use cert auth or not.
- use
Kerberos Boolean - Indicates whether to use Kerberos or not.
- use
Wsfed Boolean - Whether to use WS-Fed.
- user
Id StringAttribute - Attribute in the token that will be mapped to the user_id property in Auth0.
- userinfo
Endpoint String - User info endpoint.
- validation
Connection
Options Validation - Validation of the minimum and maximum values allowed for a user to have as username.
- waad
Common BooleanEndpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad
Protocol String - Protocol to use.
- adfs
Server string - ADFS URL where to fetch the metadata source.
- allowed
Audiences string[] - List of allowed audiences.
- api
Enable booleanUsers - Enable API Access to users.
- app
Id string - App ID.
- attribute
Map ConnectionOptions Attribute Map - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- attributes
Connection
Options Attribute[] - Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
- auth
Params {[key: string]: string} - Query string parameters to be included as part of the generated passwordless email link.
- authentication
Methods ConnectionOptions Authentication Method[] - Specifies the authentication methods and their configuration (enabled or disabled)
- string
- Authorization endpoint.
- brute
Force booleanProtection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client
Id string - The strategy's client ID.
- client
Secret string - The strategy's client secret.
- community
Base stringUrl - Salesforce community base URL.
- configuration {[key: string]: string}
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script. - connection
Settings ConnectionOptions Connection Settings - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- custom
Headers ConnectionOptions Custom Header[] - Configure extra headers to the Token endpoint of an OAuth 2.0 provider
- custom
Scripts {[key: string]: string} - A map of scripts used to integrate with a custom database.
- debug boolean
- When enabled, additional debug information will be generated.
- decryption
Key ConnectionOptions Decryption Key - The key used to decrypt encrypted responses from the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively. - digest
Algorithm string - Sign Request Algorithm Digest.
- disable
Cache boolean - Indicates whether to disable the cache or not.
- disable
Self booleanService Change Password - Indicates whether to remove the forgot password link within the New Universal Login.
- disable
Sign booleanOut - When enabled, will disable sign out.
- disable
Signup boolean - Indicates whether to allow user sign-ups to your application.
- discovery
Url string - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration. - domain string
- Domain name.
- domain
Aliases string[] - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- enable
Script booleanContext - Set to
trueto inject context into custom DB scripts (warning: cannot be disabled once enabled). - enabled
Database booleanCustomization - Set to
trueto use a legacy user store. - entity
Id string - Custom Entity ID for the connection.
- fed
Metadata stringXml - Federation Metadata for the ADFS connection.
- fields
Map string - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward
Request booleanInfo - Specifies whether or not request info should be forwarded to sms gateway.
- from string
- Address to use as the sender.
- gateway
Authentication ConnectionOptions Gateway Authentication - Defines the parameters used to generate the auth token for the custom gateway.
- gateway
Url string - Defines a custom sms gateway to use instead of Twilio.
- global
Token stringRevocation Jwt Iss - Specifies the issuer of the JWT used for global token revocation for the SAML connection.
- global
Token stringRevocation Jwt Sub - Specifies the subject of the JWT used for global token revocation for the SAML connection.
- icon
Url string - Icon URL.
- identity
Api string - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0orazure-active-directory-v1.0. - idp
Initiated ConnectionOptions Idp Initiated - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id,client_protocol, andclient_authorize_query. - import
Mode boolean - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- ips string[]
- A list of IPs.
- issuer string
- Issuer URL, e.g.
https://auth.example.com. - jwks
Uri string - JWKS URI.
- key
Id string - Apple Key ID.
- map
User booleanId To Id - By default Auth0 maps
user_idtoemail. Enabling this setting changes the behavior to mapuser_idto 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - max
Groups stringTo Retrieve - Maximum number of groups to retrieve.
- messaging
Service stringSid - SID for Copilot. Used when SMS Source is Copilot.
- metadata
Url string - The URL of the SAML metadata document.
- metadata
Xml string - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- mfa
Connection
Options Mfa - Configuration options for multifactor authentication.
- name string
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- non
Persistent string[]Attrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- passkey
Options ConnectionOptions Passkey Options - Defines options for the passkey authentication method
- password
Complexity ConnectionOptions Options Password Complexity Options - Configuration settings for password complexity.
- password
Dictionary ConnectionOptions Password Dictionary - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- password
Histories ConnectionOptions Password History[] - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- password
No ConnectionPersonal Info Options Password No Personal Info - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name,username,nickname,user_metadata.name,user_metadata.first,user_metadata.last, user'semail, or first part of the user'semail. - password
Policy string - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none,low,fair,good,excellent. - ping
Federate stringBase Url - Ping Federate Server URL.
- pkce
Enabled boolean - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- precedences string[]
- Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
- protocol
Binding string - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- provider string
- Defines the custom
sms_gatewayprovider. - realm
Fallback boolean - Allows configuration if connectionsrealmfallback flag is enabled for the tenant
- request
Template string - Template that formats the SAML request.
- requires
Username boolean - Indicates whether the user is required to provide a username in addition to an email address.
- scopes string[]
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile,ext_profile,ext_nested_groups, etc. - scripts {[key: string]: string}
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfilescript. - set
User stringRoot Attributes - Determines whether to sync user profile attributes (
name,given_name,family_name,nickname,picture) at each login or only on the first login. Options include:on_each_login,on_first_login,never_on_login. Default value:on_each_login. - should
Trust stringEmail Verified Connection - Choose how Auth0 sets the email_verified field in the user profile.
- sign
In stringEndpoint - SAML single login URL for the connection.
- sign
Out stringEndpoint - SAML single logout URL for the connection.
- sign
Saml booleanRequest - When enabled, the SAML authentication request will be signed.
- signature
Algorithm string - Sign Request Algorithm.
- signing
Cert string - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- signing
Key ConnectionOptions Signing Key - The key used to sign requests in the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively. - strategy
Version number - Version 1 is deprecated, use version 2.
- subject string
- Subject line of the email.
- syntax string
- Syntax of the template body.
- team
Id string - Apple Team ID.
- template string
- Body of the template.
- tenant
Domain string - Tenant domain name.
- token
Endpoint string - Token endpoint.
- token
Endpoint stringAuth Method - Specifies the authentication method for the token endpoint. (Okta/OIDC Connections)
- token
Endpoint stringAuth Signing Alg - Specifies the signing algorithm for the token endpoint. (Okta/OIDC Connections)
- totp
Connection
Options Totp - Configuration options for one-time passwords.
- twilio
Sid string - SID for your Twilio account.
- twilio
Token string - AuthToken for your Twilio account.
- type string
- Value can be
back_channelorfront_channel. Front Channel will use OIDC protocol withresponse_mode=form_postandresponse_type=id_token. Back Channel will useresponse_type=code. - upstream
Params string - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- use
Cert booleanAuth - Indicates whether to use cert auth or not.
- use
Kerberos boolean - Indicates whether to use Kerberos or not.
- use
Wsfed boolean - Whether to use WS-Fed.
- user
Id stringAttribute - Attribute in the token that will be mapped to the user_id property in Auth0.
- userinfo
Endpoint string - User info endpoint.
- validation
Connection
Options Validation - Validation of the minimum and maximum values allowed for a user to have as username.
- waad
Common booleanEndpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad
Protocol string - Protocol to use.
- adfs_
server str - ADFS URL where to fetch the metadata source.
- allowed_
audiences Sequence[str] - List of allowed audiences.
- api_
enable_ boolusers - Enable API Access to users.
- app_
id str - App ID.
- attribute_
map ConnectionOptions Attribute Map - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- attributes
Sequence[Connection
Options Attribute] - Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
- auth_
params Mapping[str, str] - Query string parameters to be included as part of the generated passwordless email link.
- authentication_
methods Sequence[ConnectionOptions Authentication Method] - Specifies the authentication methods and their configuration (enabled or disabled)
- str
- Authorization endpoint.
- brute_
force_ boolprotection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client_
id str - The strategy's client ID.
- client_
secret str - The strategy's client secret.
- community_
base_ strurl - Salesforce community base URL.
- configuration Mapping[str, str]
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script. - connection_
settings ConnectionOptions Connection Settings - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- custom_
headers Sequence[ConnectionOptions Custom Header] - Configure extra headers to the Token endpoint of an OAuth 2.0 provider
- custom_
scripts Mapping[str, str] - A map of scripts used to integrate with a custom database.
- debug bool
- When enabled, additional debug information will be generated.
- decryption_
key ConnectionOptions Decryption Key - The key used to decrypt encrypted responses from the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively. - digest_
algorithm str - Sign Request Algorithm Digest.
- disable_
cache bool - Indicates whether to disable the cache or not.
- disable_
self_ boolservice_ change_ password - Indicates whether to remove the forgot password link within the New Universal Login.
- disable_
sign_ boolout - When enabled, will disable sign out.
- disable_
signup bool - Indicates whether to allow user sign-ups to your application.
- discovery_
url str - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration. - domain str
- Domain name.
- domain_
aliases Sequence[str] - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- enable_
script_ boolcontext - Set to
trueto inject context into custom DB scripts (warning: cannot be disabled once enabled). - enabled_
database_ boolcustomization - Set to
trueto use a legacy user store. - entity_
id str - Custom Entity ID for the connection.
- fed_
metadata_ strxml - Federation Metadata for the ADFS connection.
- fields_
map str - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward_
request_ boolinfo - Specifies whether or not request info should be forwarded to sms gateway.
- from_ str
- Address to use as the sender.
- gateway_
authentication ConnectionOptions Gateway Authentication - Defines the parameters used to generate the auth token for the custom gateway.
- gateway_
url str - Defines a custom sms gateway to use instead of Twilio.
- global_
token_ strrevocation_ jwt_ iss - Specifies the issuer of the JWT used for global token revocation for the SAML connection.
- global_
token_ strrevocation_ jwt_ sub - Specifies the subject of the JWT used for global token revocation for the SAML connection.
- icon_
url str - Icon URL.
- identity_
api str - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0orazure-active-directory-v1.0. - idp_
initiated ConnectionOptions Idp Initiated - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id,client_protocol, andclient_authorize_query. - import_
mode bool - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- ips Sequence[str]
- A list of IPs.
- issuer str
- Issuer URL, e.g.
https://auth.example.com. - jwks_
uri str - JWKS URI.
- key_
id str - Apple Key ID.
- map_
user_ boolid_ to_ id - By default Auth0 maps
user_idtoemail. Enabling this setting changes the behavior to mapuser_idto 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - max_
groups_ strto_ retrieve - Maximum number of groups to retrieve.
- messaging_
service_ strsid - SID for Copilot. Used when SMS Source is Copilot.
- metadata_
url str - The URL of the SAML metadata document.
- metadata_
xml str - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- mfa
Connection
Options Mfa - Configuration options for multifactor authentication.
- name str
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- non_
persistent_ Sequence[str]attrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- passkey_
options ConnectionOptions Passkey Options - Defines options for the passkey authentication method
- password_
complexity_ Connectionoptions Options Password Complexity Options - Configuration settings for password complexity.
- password_
dictionary ConnectionOptions Password Dictionary - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- password_
histories Sequence[ConnectionOptions Password History] - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- password_
no_ Connectionpersonal_ info Options Password No Personal Info - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name,username,nickname,user_metadata.name,user_metadata.first,user_metadata.last, user'semail, or first part of the user'semail. - password_
policy str - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none,low,fair,good,excellent. - ping_
federate_ strbase_ url - Ping Federate Server URL.
- pkce_
enabled bool - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- precedences Sequence[str]
- Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
- protocol_
binding str - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- provider str
- Defines the custom
sms_gatewayprovider. - realm_
fallback bool - Allows configuration if connectionsrealmfallback flag is enabled for the tenant
- request_
template str - Template that formats the SAML request.
- requires_
username bool - Indicates whether the user is required to provide a username in addition to an email address.
- scopes Sequence[str]
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile,ext_profile,ext_nested_groups, etc. - scripts Mapping[str, str]
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfilescript. - set_
user_ strroot_ attributes - Determines whether to sync user profile attributes (
name,given_name,family_name,nickname,picture) at each login or only on the first login. Options include:on_each_login,on_first_login,never_on_login. Default value:on_each_login. - should_
trust_ stremail_ verified_ connection - Choose how Auth0 sets the email_verified field in the user profile.
- sign_
in_ strendpoint - SAML single login URL for the connection.
- sign_
out_ strendpoint - SAML single logout URL for the connection.
- sign_
saml_ boolrequest - When enabled, the SAML authentication request will be signed.
- signature_
algorithm str - Sign Request Algorithm.
- signing_
cert str - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- signing_
key ConnectionOptions Signing Key - The key used to sign requests in the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively. - strategy_
version int - Version 1 is deprecated, use version 2.
- subject str
- Subject line of the email.
- syntax str
- Syntax of the template body.
- team_
id str - Apple Team ID.
- template str
- Body of the template.
- tenant_
domain str - Tenant domain name.
- token_
endpoint str - Token endpoint.
- token_
endpoint_ strauth_ method - Specifies the authentication method for the token endpoint. (Okta/OIDC Connections)
- token_
endpoint_ strauth_ signing_ alg - Specifies the signing algorithm for the token endpoint. (Okta/OIDC Connections)
- totp
Connection
Options Totp - Configuration options for one-time passwords.
- twilio_
sid str - SID for your Twilio account.
- twilio_
token str - AuthToken for your Twilio account.
- type str
- Value can be
back_channelorfront_channel. Front Channel will use OIDC protocol withresponse_mode=form_postandresponse_type=id_token. Back Channel will useresponse_type=code. - upstream_
params str - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- use_
cert_ boolauth - Indicates whether to use cert auth or not.
- use_
kerberos bool - Indicates whether to use Kerberos or not.
- use_
wsfed bool - Whether to use WS-Fed.
- user_
id_ strattribute - Attribute in the token that will be mapped to the user_id property in Auth0.
- userinfo_
endpoint str - User info endpoint.
- validation
Connection
Options Validation - Validation of the minimum and maximum values allowed for a user to have as username.
- waad_
common_ boolendpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad_
protocol str - Protocol to use.
- adfs
Server String - ADFS URL where to fetch the metadata source.
- allowed
Audiences List<String> - List of allowed audiences.
- api
Enable BooleanUsers - Enable API Access to users.
- app
Id String - App ID.
- attribute
Map Property Map - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- attributes List<Property Map>
- Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
- auth
Params Map<String> - Query string parameters to be included as part of the generated passwordless email link.
- authentication
Methods List<Property Map> - Specifies the authentication methods and their configuration (enabled or disabled)
- String
- Authorization endpoint.
- brute
Force BooleanProtection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client
Id String - The strategy's client ID.
- client
Secret String - The strategy's client secret.
- community
Base StringUrl - Salesforce community base URL.
- configuration Map<String>
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script. - connection
Settings Property Map - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- custom
Headers List<Property Map> - Configure extra headers to the Token endpoint of an OAuth 2.0 provider
- custom
Scripts Map<String> - A map of scripts used to integrate with a custom database.
- debug Boolean
- When enabled, additional debug information will be generated.
- decryption
Key Property Map - The key used to decrypt encrypted responses from the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively. - digest
Algorithm String - Sign Request Algorithm Digest.
- disable
Cache Boolean - Indicates whether to disable the cache or not.
- disable
Self BooleanService Change Password - Indicates whether to remove the forgot password link within the New Universal Login.
- disable
Sign BooleanOut - When enabled, will disable sign out.
- disable
Signup Boolean - Indicates whether to allow user sign-ups to your application.
- discovery
Url String - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration. - domain String
- Domain name.
- domain
Aliases List<String> - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- enable
Script BooleanContext - Set to
trueto inject context into custom DB scripts (warning: cannot be disabled once enabled). - enabled
Database BooleanCustomization - Set to
trueto use a legacy user store. - entity
Id String - Custom Entity ID for the connection.
- fed
Metadata StringXml - Federation Metadata for the ADFS connection.
- fields
Map String - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward
Request BooleanInfo - Specifies whether or not request info should be forwarded to sms gateway.
- from String
- Address to use as the sender.
- gateway
Authentication Property Map - Defines the parameters used to generate the auth token for the custom gateway.
- gateway
Url String - Defines a custom sms gateway to use instead of Twilio.
- global
Token StringRevocation Jwt Iss - Specifies the issuer of the JWT used for global token revocation for the SAML connection.
- global
Token StringRevocation Jwt Sub - Specifies the subject of the JWT used for global token revocation for the SAML connection.
- icon
Url String - Icon URL.
- identity
Api String - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0orazure-active-directory-v1.0. - idp
Initiated Property Map - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id,client_protocol, andclient_authorize_query. - import
Mode Boolean - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- ips List<String>
- A list of IPs.
- issuer String
- Issuer URL, e.g.
https://auth.example.com. - jwks
Uri String - JWKS URI.
- key
Id String - Apple Key ID.
- map
User BooleanId To Id - By default Auth0 maps
user_idtoemail. Enabling this setting changes the behavior to mapuser_idto 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - max
Groups StringTo Retrieve - Maximum number of groups to retrieve.
- messaging
Service StringSid - SID for Copilot. Used when SMS Source is Copilot.
- metadata
Url String - The URL of the SAML metadata document.
- metadata
Xml String - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- mfa Property Map
- Configuration options for multifactor authentication.
- name String
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- non
Persistent List<String>Attrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- passkey
Options Property Map - Defines options for the passkey authentication method
- password
Complexity Property MapOptions - Configuration settings for password complexity.
- password
Dictionary Property Map - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- password
Histories List<Property Map> - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- password
No Property MapPersonal Info - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name,username,nickname,user_metadata.name,user_metadata.first,user_metadata.last, user'semail, or first part of the user'semail. - password
Policy String - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none,low,fair,good,excellent. - ping
Federate StringBase Url - Ping Federate Server URL.
- pkce
Enabled Boolean - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- precedences List<String>
- Order of attributes for precedence in identification.Valid values: email, phonenumber, username. If Precedence is set, it must contain all values (email, phonenumber, username) in specific order
- protocol
Binding String - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- provider String
- Defines the custom
sms_gatewayprovider. - realm
Fallback Boolean - Allows configuration if connectionsrealmfallback flag is enabled for the tenant
- request
Template String - Template that formats the SAML request.
- requires
Username Boolean - Indicates whether the user is required to provide a username in addition to an email address.
- scopes List<String>
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile,ext_profile,ext_nested_groups, etc. - scripts Map<String>
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfilescript. - set
User StringRoot Attributes - Determines whether to sync user profile attributes (
name,given_name,family_name,nickname,picture) at each login or only on the first login. Options include:on_each_login,on_first_login,never_on_login. Default value:on_each_login. - should
Trust StringEmail Verified Connection - Choose how Auth0 sets the email_verified field in the user profile.
- sign
In StringEndpoint - SAML single login URL for the connection.
- sign
Out StringEndpoint - SAML single logout URL for the connection.
- sign
Saml BooleanRequest - When enabled, the SAML authentication request will be signed.
- signature
Algorithm String - Sign Request Algorithm.
- signing
Cert String - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- signing
Key Property Map - The key used to sign requests in the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively. - strategy
Version Number - Version 1 is deprecated, use version 2.
- subject String
- Subject line of the email.
- syntax String
- Syntax of the template body.
- team
Id String - Apple Team ID.
- template String
- Body of the template.
- tenant
Domain String - Tenant domain name.
- token
Endpoint String - Token endpoint.
- token
Endpoint StringAuth Method - Specifies the authentication method for the token endpoint. (Okta/OIDC Connections)
- token
Endpoint StringAuth Signing Alg - Specifies the signing algorithm for the token endpoint. (Okta/OIDC Connections)
- totp Property Map
- Configuration options for one-time passwords.
- twilio
Sid String - SID for your Twilio account.
- twilio
Token String - AuthToken for your Twilio account.
- type String
- Value can be
back_channelorfront_channel. Front Channel will use OIDC protocol withresponse_mode=form_postandresponse_type=id_token. Back Channel will useresponse_type=code. - upstream
Params String - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- use
Cert BooleanAuth - Indicates whether to use cert auth or not.
- use
Kerberos Boolean - Indicates whether to use Kerberos or not.
- use
Wsfed Boolean - Whether to use WS-Fed.
- user
Id StringAttribute - Attribute in the token that will be mapped to the user_id property in Auth0.
- userinfo
Endpoint String - User info endpoint.
- validation Property Map
- Validation of the minimum and maximum values allowed for a user to have as username.
- waad
Common BooleanEndpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad
Protocol String - Protocol to use.
ConnectionOptionsAttribute, ConnectionOptionsAttributeArgs
- Emails
List<Connection
Options Attribute Email> - Connection Options for Email Attribute
- Phone
Numbers List<ConnectionOptions Attribute Phone Number> - Connection Options for Phone Number Attribute
- Usernames
List<Connection
Options Attribute Username> - Connection Options for User Name Attribute
- Emails
[]Connection
Options Attribute Email - Connection Options for Email Attribute
- Phone
Numbers []ConnectionOptions Attribute Phone Number - Connection Options for Phone Number Attribute
- Usernames
[]Connection
Options Attribute Username - Connection Options for User Name Attribute
- emails
List<Connection
Options Attribute Email> - Connection Options for Email Attribute
- phone
Numbers List<ConnectionOptions Attribute Phone Number> - Connection Options for Phone Number Attribute
- usernames
List<Connection
Options Attribute Username> - Connection Options for User Name Attribute
- emails
Connection
Options Attribute Email[] - Connection Options for Email Attribute
- phone
Numbers ConnectionOptions Attribute Phone Number[] - Connection Options for Phone Number Attribute
- usernames
Connection
Options Attribute Username[] - Connection Options for User Name Attribute
- emails
Sequence[Connection
Options Attribute Email] - Connection Options for Email Attribute
- phone_
numbers Sequence[ConnectionOptions Attribute Phone Number] - Connection Options for Phone Number Attribute
- usernames
Sequence[Connection
Options Attribute Username] - Connection Options for User Name Attribute
- emails List<Property Map>
- Connection Options for Email Attribute
- phone
Numbers List<Property Map> - Connection Options for Phone Number Attribute
- usernames List<Property Map>
- Connection Options for User Name Attribute
ConnectionOptionsAttributeEmail, ConnectionOptionsAttributeEmailArgs
- Identifiers
List<Connection
Options Attribute Email Identifier> - Connection Options Email Attribute Identifier
- Profile
Required bool - Defines whether Profile is required
- Signups
List<Connection
Options Attribute Email Signup> - Defines signup settings for Email attribute
- Unique bool
- If set to false, it allow multiple accounts with the same email address
- Verification
Method string - Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification
- Identifiers
[]Connection
Options Attribute Email Identifier - Connection Options Email Attribute Identifier
- Profile
Required bool - Defines whether Profile is required
- Signups
[]Connection
Options Attribute Email Signup - Defines signup settings for Email attribute
- Unique bool
- If set to false, it allow multiple accounts with the same email address
- Verification
Method string - Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification
- identifiers
List<Connection
Options Attribute Email Identifier> - Connection Options Email Attribute Identifier
- profile
Required Boolean - Defines whether Profile is required
- signups
List<Connection
Options Attribute Email Signup> - Defines signup settings for Email attribute
- unique Boolean
- If set to false, it allow multiple accounts with the same email address
- verification
Method String - Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification
- identifiers
Connection
Options Attribute Email Identifier[] - Connection Options Email Attribute Identifier
- profile
Required boolean - Defines whether Profile is required
- signups
Connection
Options Attribute Email Signup[] - Defines signup settings for Email attribute
- unique boolean
- If set to false, it allow multiple accounts with the same email address
- verification
Method string - Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification
- identifiers
Sequence[Connection
Options Attribute Email Identifier] - Connection Options Email Attribute Identifier
- profile_
required bool - Defines whether Profile is required
- signups
Sequence[Connection
Options Attribute Email Signup] - Defines signup settings for Email attribute
- unique bool
- If set to false, it allow multiple accounts with the same email address
- verification_
method str - Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification
- identifiers List<Property Map>
- Connection Options Email Attribute Identifier
- profile
Required Boolean - Defines whether Profile is required
- signups List<Property Map>
- Defines signup settings for Email attribute
- unique Boolean
- If set to false, it allow multiple accounts with the same email address
- verification
Method String - Defines whether whether user will receive a link or an OTP during user signup for email verification and password reset for email verification
ConnectionOptionsAttributeEmailIdentifier, ConnectionOptionsAttributeEmailIdentifierArgs
- Active bool
- Defines whether email attribute is active as an identifier
- Active bool
- Defines whether email attribute is active as an identifier
- active Boolean
- Defines whether email attribute is active as an identifier
- active boolean
- Defines whether email attribute is active as an identifier
- active bool
- Defines whether email attribute is active as an identifier
- active Boolean
- Defines whether email attribute is active as an identifier
ConnectionOptionsAttributeEmailSignup, ConnectionOptionsAttributeEmailSignupArgs
- Status string
- Defines signup status for Email Attribute
- Verifications
List<Connection
Options Attribute Email Signup Verification> - Defines settings for Verification under Email attribute
- Status string
- Defines signup status for Email Attribute
- Verifications
[]Connection
Options Attribute Email Signup Verification - Defines settings for Verification under Email attribute
- status String
- Defines signup status for Email Attribute
- verifications
List<Connection
Options Attribute Email Signup Verification> - Defines settings for Verification under Email attribute
- status string
- Defines signup status for Email Attribute
- verifications
Connection
Options Attribute Email Signup Verification[] - Defines settings for Verification under Email attribute
- status str
- Defines signup status for Email Attribute
- verifications
Sequence[Connection
Options Attribute Email Signup Verification] - Defines settings for Verification under Email attribute
- status String
- Defines signup status for Email Attribute
- verifications List<Property Map>
- Defines settings for Verification under Email attribute
ConnectionOptionsAttributeEmailSignupVerification, ConnectionOptionsAttributeEmailSignupVerificationArgs
- Active bool
- Defines verification settings for signup attribute
- Active bool
- Defines verification settings for signup attribute
- active Boolean
- Defines verification settings for signup attribute
- active boolean
- Defines verification settings for signup attribute
- active bool
- Defines verification settings for signup attribute
- active Boolean
- Defines verification settings for signup attribute
ConnectionOptionsAttributeMap, ConnectionOptionsAttributeMapArgs
- Mapping
Mode string - Method used to map incoming claims. Possible values:
use_map(Okta or OIDC),bind_all(OIDC) orbasic_profile(Okta). - Attributes string
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- Userinfo
Scope string - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
- Mapping
Mode string - Method used to map incoming claims. Possible values:
use_map(Okta or OIDC),bind_all(OIDC) orbasic_profile(Okta). - Attributes string
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- Userinfo
Scope string - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
- mapping
Mode String - Method used to map incoming claims. Possible values:
use_map(Okta or OIDC),bind_all(OIDC) orbasic_profile(Okta). - attributes String
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- userinfo
Scope String - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
- mapping
Mode string - Method used to map incoming claims. Possible values:
use_map(Okta or OIDC),bind_all(OIDC) orbasic_profile(Okta). - attributes string
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- userinfo
Scope string - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
- mapping_
mode str - Method used to map incoming claims. Possible values:
use_map(Okta or OIDC),bind_all(OIDC) orbasic_profile(Okta). - attributes str
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- userinfo_
scope str - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
- mapping
Mode String - Method used to map incoming claims. Possible values:
use_map(Okta or OIDC),bind_all(OIDC) orbasic_profile(Okta). - attributes String
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- userinfo
Scope String - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
ConnectionOptionsAttributePhoneNumber, ConnectionOptionsAttributePhoneNumberArgs
- Identifiers
List<Connection
Options Attribute Phone Number Identifier> - Connection Options Phone Number Attribute Identifier
- Profile
Required bool - Defines whether Profile is required
- Signups
List<Connection
Options Attribute Phone Number Signup> - Defines signup settings for Phone Number attribute
- Identifiers
[]Connection
Options Attribute Phone Number Identifier - Connection Options Phone Number Attribute Identifier
- Profile
Required bool - Defines whether Profile is required
- Signups
[]Connection
Options Attribute Phone Number Signup - Defines signup settings for Phone Number attribute
- identifiers
List<Connection
Options Attribute Phone Number Identifier> - Connection Options Phone Number Attribute Identifier
- profile
Required Boolean - Defines whether Profile is required
- signups
List<Connection
Options Attribute Phone Number Signup> - Defines signup settings for Phone Number attribute
- identifiers
Connection
Options Attribute Phone Number Identifier[] - Connection Options Phone Number Attribute Identifier
- profile
Required boolean - Defines whether Profile is required
- signups
Connection
Options Attribute Phone Number Signup[] - Defines signup settings for Phone Number attribute
- identifiers
Sequence[Connection
Options Attribute Phone Number Identifier] - Connection Options Phone Number Attribute Identifier
- profile_
required bool - Defines whether Profile is required
- signups
Sequence[Connection
Options Attribute Phone Number Signup] - Defines signup settings for Phone Number attribute
- identifiers List<Property Map>
- Connection Options Phone Number Attribute Identifier
- profile
Required Boolean - Defines whether Profile is required
- signups List<Property Map>
- Defines signup settings for Phone Number attribute
ConnectionOptionsAttributePhoneNumberIdentifier, ConnectionOptionsAttributePhoneNumberIdentifierArgs
- Active bool
- Defines whether Phone Number attribute is active as an identifier
- Active bool
- Defines whether Phone Number attribute is active as an identifier
- active Boolean
- Defines whether Phone Number attribute is active as an identifier
- active boolean
- Defines whether Phone Number attribute is active as an identifier
- active bool
- Defines whether Phone Number attribute is active as an identifier
- active Boolean
- Defines whether Phone Number attribute is active as an identifier
ConnectionOptionsAttributePhoneNumberSignup, ConnectionOptionsAttributePhoneNumberSignupArgs
- Status string
- Defines status of signup for Phone Number attribute
- Verifications
List<Connection
Options Attribute Phone Number Signup Verification> - Defines verification settings for Phone Number attribute
- Status string
- Defines status of signup for Phone Number attribute
- Verifications
[]Connection
Options Attribute Phone Number Signup Verification - Defines verification settings for Phone Number attribute
- status String
- Defines status of signup for Phone Number attribute
- verifications
List<Connection
Options Attribute Phone Number Signup Verification> - Defines verification settings for Phone Number attribute
- status string
- Defines status of signup for Phone Number attribute
- verifications
Connection
Options Attribute Phone Number Signup Verification[] - Defines verification settings for Phone Number attribute
- status str
- Defines status of signup for Phone Number attribute
- verifications
Sequence[Connection
Options Attribute Phone Number Signup Verification] - Defines verification settings for Phone Number attribute
- status String
- Defines status of signup for Phone Number attribute
- verifications List<Property Map>
- Defines verification settings for Phone Number attribute
ConnectionOptionsAttributePhoneNumberSignupVerification, ConnectionOptionsAttributePhoneNumberSignupVerificationArgs
- Active bool
- Defines verification settings for Phone Number attribute
- Active bool
- Defines verification settings for Phone Number attribute
- active Boolean
- Defines verification settings for Phone Number attribute
- active boolean
- Defines verification settings for Phone Number attribute
- active bool
- Defines verification settings for Phone Number attribute
- active Boolean
- Defines verification settings for Phone Number attribute
ConnectionOptionsAttributeUsername, ConnectionOptionsAttributeUsernameArgs
- Identifiers
List<Connection
Options Attribute Username Identifier> - Connection options for User Name Attribute Identifier
- Profile
Required bool - Defines whether Profile is required
- Signups
List<Connection
Options Attribute Username Signup> - Defines signup settings for User Name attribute
- Validations
List<Connection
Options Attribute Username Validation> - Defines validation settings for User Name attribute
- Identifiers
[]Connection
Options Attribute Username Identifier - Connection options for User Name Attribute Identifier
- Profile
Required bool - Defines whether Profile is required
- Signups
[]Connection
Options Attribute Username Signup - Defines signup settings for User Name attribute
- Validations
[]Connection
Options Attribute Username Validation - Defines validation settings for User Name attribute
- identifiers
List<Connection
Options Attribute Username Identifier> - Connection options for User Name Attribute Identifier
- profile
Required Boolean - Defines whether Profile is required
- signups
List<Connection
Options Attribute Username Signup> - Defines signup settings for User Name attribute
- validations
List<Connection
Options Attribute Username Validation> - Defines validation settings for User Name attribute
- identifiers
Connection
Options Attribute Username Identifier[] - Connection options for User Name Attribute Identifier
- profile
Required boolean - Defines whether Profile is required
- signups
Connection
Options Attribute Username Signup[] - Defines signup settings for User Name attribute
- validations
Connection
Options Attribute Username Validation[] - Defines validation settings for User Name attribute
- identifiers
Sequence[Connection
Options Attribute Username Identifier] - Connection options for User Name Attribute Identifier
- profile_
required bool - Defines whether Profile is required
- signups
Sequence[Connection
Options Attribute Username Signup] - Defines signup settings for User Name attribute
- validations
Sequence[Connection
Options Attribute Username Validation] - Defines validation settings for User Name attribute
- identifiers List<Property Map>
- Connection options for User Name Attribute Identifier
- profile
Required Boolean - Defines whether Profile is required
- signups List<Property Map>
- Defines signup settings for User Name attribute
- validations List<Property Map>
- Defines validation settings for User Name attribute
ConnectionOptionsAttributeUsernameIdentifier, ConnectionOptionsAttributeUsernameIdentifierArgs
- Active bool
- Defines whether UserName attribute is active as an identifier
- Active bool
- Defines whether UserName attribute is active as an identifier
- active Boolean
- Defines whether UserName attribute is active as an identifier
- active boolean
- Defines whether UserName attribute is active as an identifier
- active bool
- Defines whether UserName attribute is active as an identifier
- active Boolean
- Defines whether UserName attribute is active as an identifier
ConnectionOptionsAttributeUsernameSignup, ConnectionOptionsAttributeUsernameSignupArgs
- Status string
- Defines whether User Name attribute is active as an identifier
- Status string
- Defines whether User Name attribute is active as an identifier
- status String
- Defines whether User Name attribute is active as an identifier
- status string
- Defines whether User Name attribute is active as an identifier
- status str
- Defines whether User Name attribute is active as an identifier
- status String
- Defines whether User Name attribute is active as an identifier
ConnectionOptionsAttributeUsernameValidation, ConnectionOptionsAttributeUsernameValidationArgs
- Allowed
Types List<ConnectionOptions Attribute Username Validation Allowed Type> - Defines allowed types for for UserName attribute
- Max
Length int - Defines Max Length for User Name attribute
- Min
Length int - Defines Min Length for User Name attribute
- Allowed
Types []ConnectionOptions Attribute Username Validation Allowed Type - Defines allowed types for for UserName attribute
- Max
Length int - Defines Max Length for User Name attribute
- Min
Length int - Defines Min Length for User Name attribute
- allowed
Types List<ConnectionOptions Attribute Username Validation Allowed Type> - Defines allowed types for for UserName attribute
- max
Length Integer - Defines Max Length for User Name attribute
- min
Length Integer - Defines Min Length for User Name attribute
- allowed
Types ConnectionOptions Attribute Username Validation Allowed Type[] - Defines allowed types for for UserName attribute
- max
Length number - Defines Max Length for User Name attribute
- min
Length number - Defines Min Length for User Name attribute
- allowed_
types Sequence[ConnectionOptions Attribute Username Validation Allowed Type] - Defines allowed types for for UserName attribute
- max_
length int - Defines Max Length for User Name attribute
- min_
length int - Defines Min Length for User Name attribute
- allowed
Types List<Property Map> - Defines allowed types for for UserName attribute
- max
Length Number - Defines Max Length for User Name attribute
- min
Length Number - Defines Min Length for User Name attribute
ConnectionOptionsAttributeUsernameValidationAllowedType, ConnectionOptionsAttributeUsernameValidationAllowedTypeArgs
- Email bool
- One of the allowed types for UserName signup attribute
- Phone
Number bool - One of the allowed types for UserName signup attribute
- Email bool
- One of the allowed types for UserName signup attribute
- Phone
Number bool - One of the allowed types for UserName signup attribute
- email Boolean
- One of the allowed types for UserName signup attribute
- phone
Number Boolean - One of the allowed types for UserName signup attribute
- email boolean
- One of the allowed types for UserName signup attribute
- phone
Number boolean - One of the allowed types for UserName signup attribute
- email bool
- One of the allowed types for UserName signup attribute
- phone_
number bool - One of the allowed types for UserName signup attribute
- email Boolean
- One of the allowed types for UserName signup attribute
- phone
Number Boolean - One of the allowed types for UserName signup attribute
ConnectionOptionsAuthenticationMethod, ConnectionOptionsAuthenticationMethodArgs
- Passkey
Connection
Options Authentication Method Passkey - Configures passkey authentication
- Password
Connection
Options Authentication Method Password - Configures password authentication
- Passkey
Connection
Options Authentication Method Passkey - Configures passkey authentication
- Password
Connection
Options Authentication Method Password - Configures password authentication
- passkey
Connection
Options Authentication Method Passkey - Configures passkey authentication
- password
Connection
Options Authentication Method Password - Configures password authentication
- passkey
Connection
Options Authentication Method Passkey - Configures passkey authentication
- password
Connection
Options Authentication Method Password - Configures password authentication
- passkey
Connection
Options Authentication Method Passkey - Configures passkey authentication
- password
Connection
Options Authentication Method Password - Configures password authentication
- passkey Property Map
- Configures passkey authentication
- password Property Map
- Configures password authentication
ConnectionOptionsAuthenticationMethodPasskey, ConnectionOptionsAuthenticationMethodPasskeyArgs
- Enabled bool
- Enables passkey authentication
- Enabled bool
- Enables passkey authentication
- enabled Boolean
- Enables passkey authentication
- enabled boolean
- Enables passkey authentication
- enabled bool
- Enables passkey authentication
- enabled Boolean
- Enables passkey authentication
ConnectionOptionsAuthenticationMethodPassword, ConnectionOptionsAuthenticationMethodPasswordArgs
- Enabled bool
- Enables password authentication
- Enabled bool
- Enables password authentication
- enabled Boolean
- Enables password authentication
- enabled boolean
- Enables password authentication
- enabled bool
- Enables password authentication
- enabled Boolean
- Enables password authentication
ConnectionOptionsConnectionSettings, ConnectionOptionsConnectionSettingsArgs
- Pkce string
- PKCE configuration. Possible values:
auto(uses the strongest algorithm available),S256(uses the SHA-256 algorithm),plain(uses plaintext as described in the PKCE specification) ordisabled(disables support for PKCE).
- Pkce string
- PKCE configuration. Possible values:
auto(uses the strongest algorithm available),S256(uses the SHA-256 algorithm),plain(uses plaintext as described in the PKCE specification) ordisabled(disables support for PKCE).
- pkce String
- PKCE configuration. Possible values:
auto(uses the strongest algorithm available),S256(uses the SHA-256 algorithm),plain(uses plaintext as described in the PKCE specification) ordisabled(disables support for PKCE).
- pkce string
- PKCE configuration. Possible values:
auto(uses the strongest algorithm available),S256(uses the SHA-256 algorithm),plain(uses plaintext as described in the PKCE specification) ordisabled(disables support for PKCE).
- pkce str
- PKCE configuration. Possible values:
auto(uses the strongest algorithm available),S256(uses the SHA-256 algorithm),plain(uses plaintext as described in the PKCE specification) ordisabled(disables support for PKCE).
- pkce String
- PKCE configuration. Possible values:
auto(uses the strongest algorithm available),S256(uses the SHA-256 algorithm),plain(uses plaintext as described in the PKCE specification) ordisabled(disables support for PKCE).
ConnectionOptionsCustomHeader, ConnectionOptionsCustomHeaderArgs
ConnectionOptionsDecryptionKey, ConnectionOptionsDecryptionKeyArgs
ConnectionOptionsGatewayAuthentication, ConnectionOptionsGatewayAuthenticationArgs
- Audience string
- Audience claim for the HS256 token sent to
gateway_url. - Method string
- Authentication method (default is
bearertoken). - Secret string
- Secret used to sign the HS256 token sent to
gateway_url. - Secret
Base64Encoded bool - Specifies whether or not the secret is Base64-encoded.
- Subject string
- Subject claim for the HS256 token sent to
gateway_url.
- Audience string
- Audience claim for the HS256 token sent to
gateway_url. - Method string
- Authentication method (default is
bearertoken). - Secret string
- Secret used to sign the HS256 token sent to
gateway_url. - Secret
Base64Encoded bool - Specifies whether or not the secret is Base64-encoded.
- Subject string
- Subject claim for the HS256 token sent to
gateway_url.
- audience String
- Audience claim for the HS256 token sent to
gateway_url. - method String
- Authentication method (default is
bearertoken). - secret String
- Secret used to sign the HS256 token sent to
gateway_url. - secret
Base64Encoded Boolean - Specifies whether or not the secret is Base64-encoded.
- subject String
- Subject claim for the HS256 token sent to
gateway_url.
- audience string
- Audience claim for the HS256 token sent to
gateway_url. - method string
- Authentication method (default is
bearertoken). - secret string
- Secret used to sign the HS256 token sent to
gateway_url. - secret
Base64Encoded boolean - Specifies whether or not the secret is Base64-encoded.
- subject string
- Subject claim for the HS256 token sent to
gateway_url.
- audience str
- Audience claim for the HS256 token sent to
gateway_url. - method str
- Authentication method (default is
bearertoken). - secret str
- Secret used to sign the HS256 token sent to
gateway_url. - secret_
base64_ boolencoded - Specifies whether or not the secret is Base64-encoded.
- subject str
- Subject claim for the HS256 token sent to
gateway_url.
- audience String
- Audience claim for the HS256 token sent to
gateway_url. - method String
- Authentication method (default is
bearertoken). - secret String
- Secret used to sign the HS256 token sent to
gateway_url. - secret
Base64Encoded Boolean - Specifies whether or not the secret is Base64-encoded.
- subject String
- Subject claim for the HS256 token sent to
gateway_url.
ConnectionOptionsIdpInitiated, ConnectionOptionsIdpInitiatedArgs
- string
- Client
Id string - Client
Protocol string - Enabled bool
- string
- Client
Id string - Client
Protocol string - Enabled bool
- String
- client
Id String - client
Protocol String - enabled Boolean
- string
- client
Id string - client
Protocol string - enabled boolean
- str
- client_
id str - client_
protocol str - enabled bool
- String
- client
Id String - client
Protocol String - enabled Boolean
ConnectionOptionsMfa, ConnectionOptionsMfaArgs
- Active bool
- Indicates whether multifactor authentication is enabled for this connection.
- Return
Enroll boolSettings - Indicates whether multifactor authentication enrollment settings will be returned.
- Active bool
- Indicates whether multifactor authentication is enabled for this connection.
- Return
Enroll boolSettings - Indicates whether multifactor authentication enrollment settings will be returned.
- active Boolean
- Indicates whether multifactor authentication is enabled for this connection.
- return
Enroll BooleanSettings - Indicates whether multifactor authentication enrollment settings will be returned.
- active boolean
- Indicates whether multifactor authentication is enabled for this connection.
- return
Enroll booleanSettings - Indicates whether multifactor authentication enrollment settings will be returned.
- active bool
- Indicates whether multifactor authentication is enabled for this connection.
- return_
enroll_ boolsettings - Indicates whether multifactor authentication enrollment settings will be returned.
- active Boolean
- Indicates whether multifactor authentication is enabled for this connection.
- return
Enroll BooleanSettings - Indicates whether multifactor authentication enrollment settings will be returned.
ConnectionOptionsPasskeyOptions, ConnectionOptionsPasskeyOptionsArgs
- Challenge
Ui string - Controls the UI used to challenge the user for their passkey
- Local
Enrollment boolEnabled - Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
- Progressive
Enrollment boolEnabled - Enables or disables progressive enrollment of passkeys for the connection
- Challenge
Ui string - Controls the UI used to challenge the user for their passkey
- Local
Enrollment boolEnabled - Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
- Progressive
Enrollment boolEnabled - Enables or disables progressive enrollment of passkeys for the connection
- challenge
Ui String - Controls the UI used to challenge the user for their passkey
- local
Enrollment BooleanEnabled - Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
- progressive
Enrollment BooleanEnabled - Enables or disables progressive enrollment of passkeys for the connection
- challenge
Ui string - Controls the UI used to challenge the user for their passkey
- local
Enrollment booleanEnabled - Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
- progressive
Enrollment booleanEnabled - Enables or disables progressive enrollment of passkeys for the connection
- challenge_
ui str - Controls the UI used to challenge the user for their passkey
- local_
enrollment_ boolenabled - Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
- progressive_
enrollment_ boolenabled - Enables or disables progressive enrollment of passkeys for the connection
- challenge
Ui String - Controls the UI used to challenge the user for their passkey
- local
Enrollment BooleanEnabled - Enables or disables enrollment prompt for local passkey when user authenticates using a cross-device passkey for the connection
- progressive
Enrollment BooleanEnabled - Enables or disables progressive enrollment of passkeys for the connection
ConnectionOptionsPasswordComplexityOptions, ConnectionOptionsPasswordComplexityOptionsArgs
- Min
Length int - Minimum number of characters allowed in passwords.
- Min
Length int - Minimum number of characters allowed in passwords.
- min
Length Integer - Minimum number of characters allowed in passwords.
- min
Length number - Minimum number of characters allowed in passwords.
- min_
length int - Minimum number of characters allowed in passwords.
- min
Length Number - Minimum number of characters allowed in passwords.
ConnectionOptionsPasswordDictionary, ConnectionOptionsPasswordDictionaryArgs
- Dictionaries List<string>
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- Enable bool
- Indicates whether the password dictionary check is enabled for this connection.
- Dictionaries []string
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- Enable bool
- Indicates whether the password dictionary check is enabled for this connection.
- dictionaries List<String>
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- enable Boolean
- Indicates whether the password dictionary check is enabled for this connection.
- dictionaries string[]
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- enable boolean
- Indicates whether the password dictionary check is enabled for this connection.
- dictionaries Sequence[str]
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- enable bool
- Indicates whether the password dictionary check is enabled for this connection.
- dictionaries List<String>
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- enable Boolean
- Indicates whether the password dictionary check is enabled for this connection.
ConnectionOptionsPasswordHistory, ConnectionOptionsPasswordHistoryArgs
ConnectionOptionsPasswordNoPersonalInfo, ConnectionOptionsPasswordNoPersonalInfoArgs
- Enable bool
- Enable bool
- enable Boolean
- enable boolean
- enable bool
- enable Boolean
ConnectionOptionsSigningKey, ConnectionOptionsSigningKeyArgs
ConnectionOptionsTotp, ConnectionOptionsTotpArgs
ConnectionOptionsValidation, ConnectionOptionsValidationArgs
- Username
Connection
Options Validation Username - Specifies the
minandmaxvalues of username length.
- Username
Connection
Options Validation Username - Specifies the
minandmaxvalues of username length.
- username
Connection
Options Validation Username - Specifies the
minandmaxvalues of username length.
- username
Connection
Options Validation Username - Specifies the
minandmaxvalues of username length.
- username
Connection
Options Validation Username - Specifies the
minandmaxvalues of username length.
- username Property Map
- Specifies the
minandmaxvalues of username length.
ConnectionOptionsValidationUsername, ConnectionOptionsValidationUsernameArgs
Import
This resource can be imported by specifying the connection ID.
Example:
$ pulumi import auth0:index/connection:Connection google "con_a17f21fdb24d48a0"
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Auth0 pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
auth0Terraform Provider.
