Docs
Packagesauth0.Connection
Explore with Pulumi AI
With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers (such as Google or LinkedIn), databases, or passwordless authentication methods. This resource allows you to configure and manage connections to be used with your clients and users.
The Auth0 dashboard displays only one connection per social provider. Although the Auth0 Management API allows the creation of multiple connections per strategy, the additional connections may not be visible in the Auth0 dashboard.
Example Usage
Google OAuth2 Connection
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var googleOauth2 = new Auth0.Connection("googleOauth2", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
AllowedAudiences = new[]
{
"example.com",
"api.example.com",
},
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
Scopes = new[]
{
"email",
"profile",
"gmail",
"youtube",
},
SetUserRootAttributes = "on_each_login",
},
Strategy = "google-oauth2",
});
});
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "googleOauth2", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
AllowedAudiences: pulumi.StringArray{
pulumi.String("example.com"),
pulumi.String("api.example.com"),
},
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
Scopes: pulumi.StringArray{
pulumi.String("email"),
pulumi.String("profile"),
pulumi.String("gmail"),
pulumi.String("youtube"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
},
Strategy: pulumi.String("google-oauth2"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var googleOauth2 = new Connection("googleOauth2", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.allowedAudiences(
"example.com",
"api.example.com")
.clientId("<client-id>")
.clientSecret("<client-secret>")
.nonPersistentAttrs(
"ethnicity",
"gender")
.scopes(
"email",
"profile",
"gmail",
"youtube")
.setUserRootAttributes("on_each_login")
.build())
.strategy("google-oauth2")
.build());
}
}
import pulumi
import pulumi_auth0 as auth0
google_oauth2 = auth0.Connection("googleOauth2",
options=auth0.ConnectionOptionsArgs(
allowed_audiences=[
"example.com",
"api.example.com",
],
client_id="<client-id>",
client_secret="<client-secret>",
non_persistent_attrs=[
"ethnicity",
"gender",
],
scopes=[
"email",
"profile",
"gmail",
"youtube",
],
set_user_root_attributes="on_each_login",
),
strategy="google-oauth2")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const googleOauth2 = new auth0.Connection("googleOauth2", {
options: {
allowedAudiences: [
"example.com",
"api.example.com",
],
clientId: "<client-id>",
clientSecret: "<client-secret>",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
scopes: [
"email",
"profile",
"gmail",
"youtube",
],
setUserRootAttributes: "on_each_login",
},
strategy: "google-oauth2",
});
resources:
googleOauth2:
type: auth0:Connection
properties:
options:
allowedAudiences:
- example.com
- api.example.com
clientId: <client-id>
clientSecret: <client-secret>
nonPersistentAttrs:
- ethnicity
- gender
scopes:
- email
- profile
- gmail
- youtube
setUserRootAttributes: on_each_login
strategy: google-oauth2
Facebook Connection
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var facebook = new Auth0.Connection("facebook", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
Scopes = new[]
{
"public_profile",
"email",
"groups_access_member_info",
"user_birthday",
},
SetUserRootAttributes = "on_each_login",
},
Strategy = "facebook",
});
});
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "facebook", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
Scopes: pulumi.StringArray{
pulumi.String("public_profile"),
pulumi.String("email"),
pulumi.String("groups_access_member_info"),
pulumi.String("user_birthday"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
},
Strategy: pulumi.String("facebook"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var facebook = new Connection("facebook", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.nonPersistentAttrs(
"ethnicity",
"gender")
.scopes(
"public_profile",
"email",
"groups_access_member_info",
"user_birthday")
.setUserRootAttributes("on_each_login")
.build())
.strategy("facebook")
.build());
}
}
import pulumi
import pulumi_auth0 as auth0
facebook = auth0.Connection("facebook",
options=auth0.ConnectionOptionsArgs(
client_id="<client-id>",
client_secret="<client-secret>",
non_persistent_attrs=[
"ethnicity",
"gender",
],
scopes=[
"public_profile",
"email",
"groups_access_member_info",
"user_birthday",
],
set_user_root_attributes="on_each_login",
),
strategy="facebook")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const facebook = new auth0.Connection("facebook", {
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
scopes: [
"public_profile",
"email",
"groups_access_member_info",
"user_birthday",
],
setUserRootAttributes: "on_each_login",
},
strategy: "facebook",
});
resources:
facebook:
type: auth0:Connection
properties:
options:
clientId: <client-id>
clientSecret: <client-secret>
nonPersistentAttrs:
- ethnicity
- gender
scopes:
- public_profile
- email
- groups_access_member_info
- user_birthday
setUserRootAttributes: on_each_login
strategy: facebook
Apple Connection
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var apple = new Auth0.Connection("apple", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = @"-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----
",
KeyId = "<key-id>",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
Scopes = new[]
{
"email",
"name",
},
SetUserRootAttributes = "on_first_login",
TeamId = "<team-id>",
},
Strategy = "apple",
});
});
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "apple", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("-----BEGIN PRIVATE KEY-----\nMIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA\n-----END PRIVATE KEY-----\n"),
KeyId: pulumi.String("<key-id>"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
Scopes: pulumi.StringArray{
pulumi.String("email"),
pulumi.String("name"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
TeamId: pulumi.String("<team-id>"),
},
Strategy: pulumi.String("apple"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var apple = new Connection("apple", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("""
-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----
""")
.keyId("<key-id>")
.nonPersistentAttrs(
"ethnicity",
"gender")
.scopes(
"email",
"name")
.setUserRootAttributes("on_first_login")
.teamId("<team-id>")
.build())
.strategy("apple")
.build());
}
}
import pulumi
import pulumi_auth0 as auth0
apple = auth0.Connection("apple",
options=auth0.ConnectionOptionsArgs(
client_id="<client-id>",
client_secret="""-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----
""",
key_id="<key-id>",
non_persistent_attrs=[
"ethnicity",
"gender",
],
scopes=[
"email",
"name",
],
set_user_root_attributes="on_first_login",
team_id="<team-id>",
),
strategy="apple")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const apple = new auth0.Connection("apple", {
options: {
clientId: "<client-id>",
clientSecret: `-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----
`,
keyId: "<key-id>",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
scopes: [
"email",
"name",
],
setUserRootAttributes: "on_first_login",
teamId: "<team-id>",
},
strategy: "apple",
});
resources:
apple:
type: auth0:Connection
properties:
options:
clientId: <client-id>
clientSecret: |
-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----
keyId: <key-id>
nonPersistentAttrs:
- ethnicity
- gender
scopes:
- email
- name
setUserRootAttributes: on_first_login
teamId: <team-id>
strategy: apple
LinkedIn Connection
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var linkedin = new Auth0.Connection("linkedin", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
Scopes = new[]
{
"basic_profile",
"profile",
"email",
},
SetUserRootAttributes = "on_each_login",
StrategyVersion = 2,
},
Strategy = "linkedin",
});
});
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "linkedin", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
Scopes: pulumi.StringArray{
pulumi.String("basic_profile"),
pulumi.String("profile"),
pulumi.String("email"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
StrategyVersion: pulumi.Int(2),
},
Strategy: pulumi.String("linkedin"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var linkedin = new Connection("linkedin", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.nonPersistentAttrs(
"ethnicity",
"gender")
.scopes(
"basic_profile",
"profile",
"email")
.setUserRootAttributes("on_each_login")
.strategyVersion(2)
.build())
.strategy("linkedin")
.build());
}
}
import pulumi
import pulumi_auth0 as auth0
linkedin = auth0.Connection("linkedin",
options=auth0.ConnectionOptionsArgs(
client_id="<client-id>",
client_secret="<client-secret>",
non_persistent_attrs=[
"ethnicity",
"gender",
],
scopes=[
"basic_profile",
"profile",
"email",
],
set_user_root_attributes="on_each_login",
strategy_version=2,
),
strategy="linkedin")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const linkedin = new auth0.Connection("linkedin", {
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
scopes: [
"basic_profile",
"profile",
"email",
],
setUserRootAttributes: "on_each_login",
strategyVersion: 2,
},
strategy: "linkedin",
});
resources:
linkedin:
type: auth0:Connection
properties:
options:
clientId: <client-id>
clientSecret: <client-secret>
nonPersistentAttrs:
- ethnicity
- gender
scopes:
- basic_profile
- profile
- email
setUserRootAttributes: on_each_login
strategyVersion: 2
strategy: linkedin
GitHub Connection
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var github = new Auth0.Connection("github", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
Scopes = new[]
{
"email",
"profile",
"public_repo",
"repo",
},
SetUserRootAttributes = "on_each_login",
},
Strategy = "github",
});
});
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "github", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
Scopes: pulumi.StringArray{
pulumi.String("email"),
pulumi.String("profile"),
pulumi.String("public_repo"),
pulumi.String("repo"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
},
Strategy: pulumi.String("github"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var github = new Connection("github", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.nonPersistentAttrs(
"ethnicity",
"gender")
.scopes(
"email",
"profile",
"public_repo",
"repo")
.setUserRootAttributes("on_each_login")
.build())
.strategy("github")
.build());
}
}
import pulumi
import pulumi_auth0 as auth0
github = auth0.Connection("github",
options=auth0.ConnectionOptionsArgs(
client_id="<client-id>",
client_secret="<client-secret>",
non_persistent_attrs=[
"ethnicity",
"gender",
],
scopes=[
"email",
"profile",
"public_repo",
"repo",
],
set_user_root_attributes="on_each_login",
),
strategy="github")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const github = new auth0.Connection("github", {
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
scopes: [
"email",
"profile",
"public_repo",
"repo",
],
setUserRootAttributes: "on_each_login",
},
strategy: "github",
});
resources:
github:
type: auth0:Connection
properties:
options:
clientId: <client-id>
clientSecret: <client-secret>
nonPersistentAttrs:
- ethnicity
- gender
scopes:
- email
- profile
- public_repo
- repo
setUserRootAttributes: on_each_login
strategy: github
SalesForce Connection
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var salesforce = new Auth0.Connection("salesforce", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
CommunityBaseUrl = "https://salesforce.example.com",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
Scopes = new[]
{
"openid",
"email",
},
SetUserRootAttributes = "on_first_login",
},
Strategy = "salesforce",
});
});
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "salesforce", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
CommunityBaseUrl: pulumi.String("https://salesforce.example.com"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
Scopes: pulumi.StringArray{
pulumi.String("openid"),
pulumi.String("email"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
},
Strategy: pulumi.String("salesforce"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var salesforce = new Connection("salesforce", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.communityBaseUrl("https://salesforce.example.com")
.nonPersistentAttrs(
"ethnicity",
"gender")
.scopes(
"openid",
"email")
.setUserRootAttributes("on_first_login")
.build())
.strategy("salesforce")
.build());
}
}
import pulumi
import pulumi_auth0 as auth0
salesforce = auth0.Connection("salesforce",
options=auth0.ConnectionOptionsArgs(
client_id="<client-id>",
client_secret="<client-secret>",
community_base_url="https://salesforce.example.com",
non_persistent_attrs=[
"ethnicity",
"gender",
],
scopes=[
"openid",
"email",
],
set_user_root_attributes="on_first_login",
),
strategy="salesforce")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const salesforce = new auth0.Connection("salesforce", {
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
communityBaseUrl: "https://salesforce.example.com",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
scopes: [
"openid",
"email",
],
setUserRootAttributes: "on_first_login",
},
strategy: "salesforce",
});
resources:
salesforce:
type: auth0:Connection
properties:
options:
clientId: <client-id>
clientSecret: <client-secret>
communityBaseUrl: https://salesforce.example.com
nonPersistentAttrs:
- ethnicity
- gender
scopes:
- openid
- email
setUserRootAttributes: on_first_login
strategy: salesforce
OAuth2 Connection
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var oauth2 = new Auth0.Connection("oauth2", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
AuthorizationEndpoint = "https://auth.example.com/oauth2/authorize",
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
IconUrl = "https://auth.example.com/assets/logo.png",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
PkceEnabled = true,
Scopes = new[]
{
"basic_profile",
"profile",
"email",
},
Scripts =
{
{ "fetchUserProfile", @" function fetchUserProfile(accessToken, context, callback) {
return callback(new Error(""Whoops!""));
}
" },
},
SetUserRootAttributes = "on_each_login",
TokenEndpoint = "https://auth.example.com/oauth2/token",
},
Strategy = "oauth2",
});
});
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "oauth2", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
AuthorizationEndpoint: pulumi.String("https://auth.example.com/oauth2/authorize"),
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
IconUrl: pulumi.String("https://auth.example.com/assets/logo.png"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
PkceEnabled: pulumi.Bool(true),
Scopes: pulumi.StringArray{
pulumi.String("basic_profile"),
pulumi.String("profile"),
pulumi.String("email"),
},
Scripts: pulumi.StringMap{
"fetchUserProfile": pulumi.String(" function fetchUserProfile(accessToken, context, callback) {\n return callback(new Error(\"Whoops!\"));\n }\n \n"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
TokenEndpoint: pulumi.String("https://auth.example.com/oauth2/token"),
},
Strategy: pulumi.String("oauth2"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var oauth2 = new Connection("oauth2", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.authorizationEndpoint("https://auth.example.com/oauth2/authorize")
.clientId("<client-id>")
.clientSecret("<client-secret>")
.iconUrl("https://auth.example.com/assets/logo.png")
.nonPersistentAttrs(
"ethnicity",
"gender")
.pkceEnabled(true)
.scopes(
"basic_profile",
"profile",
"email")
.scripts(Map.of("fetchUserProfile", """
function fetchUserProfile(accessToken, context, callback) {
return callback(new Error("Whoops!"));
}
"""))
.setUserRootAttributes("on_each_login")
.tokenEndpoint("https://auth.example.com/oauth2/token")
.build())
.strategy("oauth2")
.build());
}
}
import pulumi
import pulumi_auth0 as auth0
oauth2 = auth0.Connection("oauth2",
options=auth0.ConnectionOptionsArgs(
authorization_endpoint="https://auth.example.com/oauth2/authorize",
client_id="<client-id>",
client_secret="<client-secret>",
icon_url="https://auth.example.com/assets/logo.png",
non_persistent_attrs=[
"ethnicity",
"gender",
],
pkce_enabled=True,
scopes=[
"basic_profile",
"profile",
"email",
],
scripts={
"fetchUserProfile": """ function fetchUserProfile(accessToken, context, callback) {
return callback(new Error("Whoops!"));
}
""",
},
set_user_root_attributes="on_each_login",
token_endpoint="https://auth.example.com/oauth2/token",
),
strategy="oauth2")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const oauth2 = new auth0.Connection("oauth2", {
options: {
authorizationEndpoint: "https://auth.example.com/oauth2/authorize",
clientId: "<client-id>",
clientSecret: "<client-secret>",
iconUrl: "https://auth.example.com/assets/logo.png",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
pkceEnabled: true,
scopes: [
"basic_profile",
"profile",
"email",
],
scripts: {
fetchUserProfile: ` function fetchUserProfile(accessToken, context, callback) {
return callback(new Error("Whoops!"));
}
`,
},
setUserRootAttributes: "on_each_login",
tokenEndpoint: "https://auth.example.com/oauth2/token",
},
strategy: "oauth2",
});
resources:
oauth2:
type: auth0:Connection
properties:
options:
authorizationEndpoint: https://auth.example.com/oauth2/authorize
clientId: <client-id>
clientSecret: <client-secret>
iconUrl: https://auth.example.com/assets/logo.png
nonPersistentAttrs:
- ethnicity
- gender
pkceEnabled: true
scopes:
- basic_profile
- profile
- email
scripts:
fetchUserProfile: " function fetchUserProfile(accessToken, context, callback) {\n return callback(new Error(\"Whoops!\"));\n }\n \n"
setUserRootAttributes: on_each_login
tokenEndpoint: https://auth.example.com/oauth2/token
strategy: oauth2
SMS Connection
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var sms = new Auth0.Connection("sms", new()
{
IsDomainConnection = false,
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
BruteForceProtection = true,
DisableSignup = false,
ForwardRequestInfo = true,
From = "+15555555555",
GatewayAuthentication = new Auth0.Inputs.ConnectionOptionsGatewayAuthenticationArgs
{
Audience = "https://somewhere.com/sms-gateway",
Method = "bearer",
Secret = "4e2680bb74ec2ae24736476dd37ed6c2",
SecretBase64Encoded = false,
Subject = "test.us.auth0.com:sms",
},
GatewayUrl = "https://somewhere.com/sms-gateway",
Name = "sms",
Provider = "sms_gateway",
Syntax = "md_with_macros",
Template = "@@password@@",
Totp = new Auth0.Inputs.ConnectionOptionsTotpArgs
{
Length = 6,
TimeStep = 300,
},
},
Strategy = "sms",
});
});
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "sms", &auth0.ConnectionArgs{
IsDomainConnection: pulumi.Bool(false),
Options: &auth0.ConnectionOptionsArgs{
BruteForceProtection: pulumi.Bool(true),
DisableSignup: pulumi.Bool(false),
ForwardRequestInfo: pulumi.Bool(true),
From: pulumi.String("+15555555555"),
GatewayAuthentication: &auth0.ConnectionOptionsGatewayAuthenticationArgs{
Audience: pulumi.String("https://somewhere.com/sms-gateway"),
Method: pulumi.String("bearer"),
Secret: pulumi.String("4e2680bb74ec2ae24736476dd37ed6c2"),
SecretBase64Encoded: pulumi.Bool(false),
Subject: pulumi.String("test.us.auth0.com:sms"),
},
GatewayUrl: pulumi.String("https://somewhere.com/sms-gateway"),
Name: pulumi.String("sms"),
Provider: pulumi.String("sms_gateway"),
Syntax: pulumi.String("md_with_macros"),
Template: pulumi.String("@@password@@"),
Totp: &auth0.ConnectionOptionsTotpArgs{
Length: pulumi.Int(6),
TimeStep: pulumi.Int(300),
},
},
Strategy: pulumi.String("sms"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsGatewayAuthenticationArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsTotpArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var sms = new Connection("sms", ConnectionArgs.builder()
.isDomainConnection(false)
.options(ConnectionOptionsArgs.builder()
.bruteForceProtection(true)
.disableSignup(false)
.forwardRequestInfo(true)
.from("+15555555555")
.gatewayAuthentication(ConnectionOptionsGatewayAuthenticationArgs.builder()
.audience("https://somewhere.com/sms-gateway")
.method("bearer")
.secret("4e2680bb74ec2ae24736476dd37ed6c2")
.secretBase64Encoded(false)
.subject("test.us.auth0.com:sms")
.build())
.gatewayUrl("https://somewhere.com/sms-gateway")
.name("sms")
.provider("sms_gateway")
.syntax("md_with_macros")
.template("@@password@@")
.totp(ConnectionOptionsTotpArgs.builder()
.length(6)
.timeStep(300)
.build())
.build())
.strategy("sms")
.build());
}
}
import pulumi
import pulumi_auth0 as auth0
sms = auth0.Connection("sms",
is_domain_connection=False,
options=auth0.ConnectionOptionsArgs(
brute_force_protection=True,
disable_signup=False,
forward_request_info=True,
from_="+15555555555",
gateway_authentication=auth0.ConnectionOptionsGatewayAuthenticationArgs(
audience="https://somewhere.com/sms-gateway",
method="bearer",
secret="4e2680bb74ec2ae24736476dd37ed6c2",
secret_base64_encoded=False,
subject="test.us.auth0.com:sms",
),
gateway_url="https://somewhere.com/sms-gateway",
name="sms",
provider="sms_gateway",
syntax="md_with_macros",
template="@@password@@",
totp=auth0.ConnectionOptionsTotpArgs(
length=6,
time_step=300,
),
),
strategy="sms")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const sms = new auth0.Connection("sms", {
isDomainConnection: false,
options: {
bruteForceProtection: true,
disableSignup: false,
forwardRequestInfo: true,
from: "+15555555555",
gatewayAuthentication: {
audience: "https://somewhere.com/sms-gateway",
method: "bearer",
secret: "4e2680bb74ec2ae24736476dd37ed6c2",
secretBase64Encoded: false,
subject: "test.us.auth0.com:sms",
},
gatewayUrl: "https://somewhere.com/sms-gateway",
name: "sms",
provider: "sms_gateway",
syntax: "md_with_macros",
template: "@@password@@",
totp: {
length: 6,
timeStep: 300,
},
},
strategy: "sms",
});
resources:
sms:
type: auth0:Connection
properties:
isDomainConnection: false
options:
bruteForceProtection: true
disableSignup: false
forwardRequestInfo: true
from: '+15555555555'
gatewayAuthentication:
audience: https://somewhere.com/sms-gateway
method: bearer
secret: 4e2680bb74ec2ae24736476dd37ed6c2
secretBase64Encoded: false
subject: test.us.auth0.com:sms
gatewayUrl: https://somewhere.com/sms-gateway
name: sms
provider: sms_gateway
syntax: md_with_macros
template: '@@password@@'
totp:
length: 6
timeStep: 300
strategy: sms
Email Connection
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var passwordlessEmail = new Auth0.Connection("passwordlessEmail", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
AuthParams =
{
{ "responseType", "code" },
{ "scope", "openid email profile offline_access" },
},
BruteForceProtection = true,
DisableSignup = false,
From = "{{ application.name }} <root@auth0.com>",
Name = "email",
NonPersistentAttrs = new[] {},
SetUserRootAttributes = "on_each_login",
Subject = "Welcome to {{ application.name }}",
Syntax = "liquid",
Template = "<html>This is the body of the email</html>",
Totp = new Auth0.Inputs.ConnectionOptionsTotpArgs
{
Length = 6,
TimeStep = 300,
},
},
Strategy = "email",
});
});
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "passwordlessEmail", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
AuthParams: pulumi.StringMap{
"responseType": pulumi.String("code"),
"scope": pulumi.String("openid email profile offline_access"),
},
BruteForceProtection: pulumi.Bool(true),
DisableSignup: pulumi.Bool(false),
From: pulumi.String("{{ application.name }} <root@auth0.com>"),
Name: pulumi.String("email"),
NonPersistentAttrs: pulumi.StringArray{},
SetUserRootAttributes: pulumi.String("on_each_login"),
Subject: pulumi.String("Welcome to {{ application.name }}"),
Syntax: pulumi.String("liquid"),
Template: pulumi.String("<html>This is the body of the email</html>"),
Totp: &auth0.ConnectionOptionsTotpArgs{
Length: pulumi.Int(6),
TimeStep: pulumi.Int(300),
},
},
Strategy: pulumi.String("email"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsTotpArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var passwordlessEmail = new Connection("passwordlessEmail", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.authParams(Map.ofEntries(
Map.entry("responseType", "code"),
Map.entry("scope", "openid email profile offline_access")
))
.bruteForceProtection(true)
.disableSignup(false)
.from("{{ application.name }} <root@auth0.com>")
.name("email")
.nonPersistentAttrs()
.setUserRootAttributes("on_each_login")
.subject("Welcome to {{ application.name }}")
.syntax("liquid")
.template("<html>This is the body of the email</html>")
.totp(ConnectionOptionsTotpArgs.builder()
.length(6)
.timeStep(300)
.build())
.build())
.strategy("email")
.build());
}
}
import pulumi
import pulumi_auth0 as auth0
passwordless_email = auth0.Connection("passwordlessEmail",
options=auth0.ConnectionOptionsArgs(
auth_params={
"responseType": "code",
"scope": "openid email profile offline_access",
},
brute_force_protection=True,
disable_signup=False,
from_="{{ application.name }} <root@auth0.com>",
name="email",
non_persistent_attrs=[],
set_user_root_attributes="on_each_login",
subject="Welcome to {{ application.name }}",
syntax="liquid",
template="<html>This is the body of the email</html>",
totp=auth0.ConnectionOptionsTotpArgs(
length=6,
time_step=300,
),
),
strategy="email")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const passwordlessEmail = new auth0.Connection("passwordlessEmail", {
options: {
authParams: {
responseType: "code",
scope: "openid email profile offline_access",
},
bruteForceProtection: true,
disableSignup: false,
from: "{{ application.name }} <root@auth0.com>",
name: "email",
nonPersistentAttrs: [],
setUserRootAttributes: "on_each_login",
subject: "Welcome to {{ application.name }}",
syntax: "liquid",
template: "<html>This is the body of the email</html>",
totp: {
length: 6,
timeStep: 300,
},
},
strategy: "email",
});
resources:
passwordlessEmail:
type: auth0:Connection
properties:
options:
authParams:
responseType: code
scope: openid email profile offline_access
bruteForceProtection: true
disableSignup: false
from: '{{ application.name }} <root@auth0.com>'
name: email
nonPersistentAttrs: []
setUserRootAttributes: on_each_login
subject: Welcome to {{ application.name }}
syntax: liquid
template: <html>This is the body of the email</html>
totp:
length: 6
timeStep: 300
strategy: email
WindowsLive Connection
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var windowslive = new Auth0.Connection("windowslive", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
Scopes = new[]
{
"signin",
"graph_user",
},
SetUserRootAttributes = "on_first_login",
StrategyVersion = 2,
},
Strategy = "windowslive",
});
});
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "windowslive", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
Scopes: pulumi.StringArray{
pulumi.String("signin"),
pulumi.String("graph_user"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
StrategyVersion: pulumi.Int(2),
},
Strategy: pulumi.String("windowslive"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var windowslive = new Connection("windowslive", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.nonPersistentAttrs(
"ethnicity",
"gender")
.scopes(
"signin",
"graph_user")
.setUserRootAttributes("on_first_login")
.strategyVersion(2)
.build())
.strategy("windowslive")
.build());
}
}
import pulumi
import pulumi_auth0 as auth0
windowslive = auth0.Connection("windowslive",
options=auth0.ConnectionOptionsArgs(
client_id="<client-id>",
client_secret="<client-secret>",
non_persistent_attrs=[
"ethnicity",
"gender",
],
scopes=[
"signin",
"graph_user",
],
set_user_root_attributes="on_first_login",
strategy_version=2,
),
strategy="windowslive")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const windowslive = new auth0.Connection("windowslive", {
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
scopes: [
"signin",
"graph_user",
],
setUserRootAttributes: "on_first_login",
strategyVersion: 2,
},
strategy: "windowslive",
});
resources:
windowslive:
type: auth0:Connection
properties:
options:
clientId: <client-id>
clientSecret: <client-secret>
nonPersistentAttrs:
- ethnicity
- gender
scopes:
- signin
- graph_user
setUserRootAttributes: on_first_login
strategyVersion: 2
strategy: windowslive
OIDC Connection
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var oidc = new Auth0.Connection("oidc", new()
{
DisplayName = "OIDC Connection",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
AuthorizationEndpoint = "https://www.paypal.com/signin/authorize",
ClientId = "1234567",
ClientSecret = "1234567",
DiscoveryUrl = "https://www.paypalobjects.com/.well-known/openid-configuration",
DomainAliases = new[]
{
"example.com",
},
IconUrl = "https://example.com/assets/logo.png",
Issuer = "https://www.paypalobjects.com",
JwksUri = "https://api.paypal.com/v1/oauth2/certs",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
Scopes = new[]
{
"openid",
"email",
},
SetUserRootAttributes = "on_first_login",
TenantDomain = "",
TokenEndpoint = "https://api.paypal.com/v1/oauth2/token",
Type = "front_channel",
UserinfoEndpoint = "https://api.paypal.com/v1/oauth2/token/userinfo",
},
ShowAsButton = false,
Strategy = "oidc",
});
});
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "oidc", &auth0.ConnectionArgs{
DisplayName: pulumi.String("OIDC Connection"),
Options: &auth0.ConnectionOptionsArgs{
AuthorizationEndpoint: pulumi.String("https://www.paypal.com/signin/authorize"),
ClientId: pulumi.String("1234567"),
ClientSecret: pulumi.String("1234567"),
DiscoveryUrl: pulumi.String("https://www.paypalobjects.com/.well-known/openid-configuration"),
DomainAliases: pulumi.StringArray{
pulumi.String("example.com"),
},
IconUrl: pulumi.String("https://example.com/assets/logo.png"),
Issuer: pulumi.String("https://www.paypalobjects.com"),
JwksUri: pulumi.String("https://api.paypal.com/v1/oauth2/certs"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
Scopes: pulumi.StringArray{
pulumi.String("openid"),
pulumi.String("email"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
TenantDomain: pulumi.String(""),
TokenEndpoint: pulumi.String("https://api.paypal.com/v1/oauth2/token"),
Type: pulumi.String("front_channel"),
UserinfoEndpoint: pulumi.String("https://api.paypal.com/v1/oauth2/token/userinfo"),
},
ShowAsButton: pulumi.Bool(false),
Strategy: pulumi.String("oidc"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var oidc = new Connection("oidc", ConnectionArgs.builder()
.displayName("OIDC Connection")
.options(ConnectionOptionsArgs.builder()
.authorizationEndpoint("https://www.paypal.com/signin/authorize")
.clientId("1234567")
.clientSecret("1234567")
.discoveryUrl("https://www.paypalobjects.com/.well-known/openid-configuration")
.domainAliases("example.com")
.iconUrl("https://example.com/assets/logo.png")
.issuer("https://www.paypalobjects.com")
.jwksUri("https://api.paypal.com/v1/oauth2/certs")
.nonPersistentAttrs(
"ethnicity",
"gender")
.scopes(
"openid",
"email")
.setUserRootAttributes("on_first_login")
.tenantDomain("")
.tokenEndpoint("https://api.paypal.com/v1/oauth2/token")
.type("front_channel")
.userinfoEndpoint("https://api.paypal.com/v1/oauth2/token/userinfo")
.build())
.showAsButton(false)
.strategy("oidc")
.build());
}
}
import pulumi
import pulumi_auth0 as auth0
oidc = auth0.Connection("oidc",
display_name="OIDC Connection",
options=auth0.ConnectionOptionsArgs(
authorization_endpoint="https://www.paypal.com/signin/authorize",
client_id="1234567",
client_secret="1234567",
discovery_url="https://www.paypalobjects.com/.well-known/openid-configuration",
domain_aliases=["example.com"],
icon_url="https://example.com/assets/logo.png",
issuer="https://www.paypalobjects.com",
jwks_uri="https://api.paypal.com/v1/oauth2/certs",
non_persistent_attrs=[
"ethnicity",
"gender",
],
scopes=[
"openid",
"email",
],
set_user_root_attributes="on_first_login",
tenant_domain="",
token_endpoint="https://api.paypal.com/v1/oauth2/token",
type="front_channel",
userinfo_endpoint="https://api.paypal.com/v1/oauth2/token/userinfo",
),
show_as_button=False,
strategy="oidc")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const oidc = new auth0.Connection("oidc", {
displayName: "OIDC Connection",
options: {
authorizationEndpoint: "https://www.paypal.com/signin/authorize",
clientId: "1234567",
clientSecret: "1234567",
discoveryUrl: "https://www.paypalobjects.com/.well-known/openid-configuration",
domainAliases: ["example.com"],
iconUrl: "https://example.com/assets/logo.png",
issuer: "https://www.paypalobjects.com",
jwksUri: "https://api.paypal.com/v1/oauth2/certs",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
scopes: [
"openid",
"email",
],
setUserRootAttributes: "on_first_login",
tenantDomain: "",
tokenEndpoint: "https://api.paypal.com/v1/oauth2/token",
type: "front_channel",
userinfoEndpoint: "https://api.paypal.com/v1/oauth2/token/userinfo",
},
showAsButton: false,
strategy: "oidc",
});
resources:
oidc:
type: auth0:Connection
properties:
displayName: OIDC Connection
options:
authorizationEndpoint: https://www.paypal.com/signin/authorize
clientId: '1234567'
clientSecret: '1234567'
discoveryUrl: https://www.paypalobjects.com/.well-known/openid-configuration
domainAliases:
- example.com
iconUrl: https://example.com/assets/logo.png
issuer: https://www.paypalobjects.com
jwksUri: https://api.paypal.com/v1/oauth2/certs
nonPersistentAttrs:
- ethnicity
- gender
scopes:
- openid
- email
setUserRootAttributes: on_first_login
tenantDomain:
tokenEndpoint: https://api.paypal.com/v1/oauth2/token
type: front_channel
userinfoEndpoint: https://api.paypal.com/v1/oauth2/token/userinfo
showAsButton: false
strategy: oidc
Create Connection Resource
new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);@overload
def Connection(resource_name: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
is_domain_connection: Optional[bool] = None,
metadata: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
options: Optional[ConnectionOptionsArgs] = None,
realms: Optional[Sequence[str]] = None,
show_as_button: Optional[bool] = None,
strategy: Optional[str] = None)
@overload
def Connection(resource_name: str,
args: ConnectionArgs,
opts: Optional[ResourceOptions] = None)func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)
public Connection(String name, ConnectionArgs args)
public Connection(String name, ConnectionArgs args, CustomResourceOptions options)
type: auth0:Connection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Connection Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Connection resource accepts the following input properties:
- Strategy string
Type of the connection, which indicates the identity provider.
- Display
Name string Name used in login screen.
- Is
Domain boolConnection Indicates whether the connection is domain level.
- Metadata Dictionary<string, string>
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Name string
Name of the connection.
- Options
Connection
Options Configuration settings for connection options.
- Realms List<string>
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
Display connection as a button. Only available on enterprise connections.
- Strategy string
Type of the connection, which indicates the identity provider.
- Display
Name string Name used in login screen.
- Is
Domain boolConnection Indicates whether the connection is domain level.
- Metadata map[string]string
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Name string
Name of the connection.
- Options
Connection
Options Args Configuration settings for connection options.
- Realms []string
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
Display connection as a button. Only available on enterprise connections.
- strategy String
Type of the connection, which indicates the identity provider.
- display
Name String Name used in login screen.
- is
Domain BooleanConnection Indicates whether the connection is domain level.
- metadata Map<String,String>
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name String
Name of the connection.
- options
Connection
Options Configuration settings for connection options.
- realms List<String>
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
Display connection as a button. Only available on enterprise connections.
- strategy string
Type of the connection, which indicates the identity provider.
- display
Name string Name used in login screen.
- is
Domain booleanConnection Indicates whether the connection is domain level.
- metadata {[key: string]: string}
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name string
Name of the connection.
- options
Connection
Options Configuration settings for connection options.
- realms string[]
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- boolean
Display connection as a button. Only available on enterprise connections.
- strategy str
Type of the connection, which indicates the identity provider.
- display_
name str Name used in login screen.
- is_
domain_ boolconnection Indicates whether the connection is domain level.
- metadata Mapping[str, str]
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name str
Name of the connection.
- options
Connection
Options Args Configuration settings for connection options.
- realms Sequence[str]
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
Display connection as a button. Only available on enterprise connections.
- strategy String
Type of the connection, which indicates the identity provider.
- display
Name String Name used in login screen.
- is
Domain BooleanConnection Indicates whether the connection is domain level.
- metadata Map<String>
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name String
Name of the connection.
- options Property Map
Configuration settings for connection options.
- realms List<String>
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
Display connection as a button. Only available on enterprise connections.
Outputs
All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:
- Enabled
Clients List<string> IDs of the clients for which the connection is enabled. Reading the enabled clients through this attribute is deprecated and it will be removed in a future major version. Use the
auth0.Connectiondata source instead.- Id string
The provider-assigned unique ID for this managed resource.
- Enabled
Clients []string IDs of the clients for which the connection is enabled. Reading the enabled clients through this attribute is deprecated and it will be removed in a future major version. Use the
auth0.Connectiondata source instead.- Id string
The provider-assigned unique ID for this managed resource.
- enabled
Clients List<String> IDs of the clients for which the connection is enabled. Reading the enabled clients through this attribute is deprecated and it will be removed in a future major version. Use the
auth0.Connectiondata source instead.- id String
The provider-assigned unique ID for this managed resource.
- enabled
Clients string[] IDs of the clients for which the connection is enabled. Reading the enabled clients through this attribute is deprecated and it will be removed in a future major version. Use the
auth0.Connectiondata source instead.- id string
The provider-assigned unique ID for this managed resource.
- enabled_
clients Sequence[str] IDs of the clients for which the connection is enabled. Reading the enabled clients through this attribute is deprecated and it will be removed in a future major version. Use the
auth0.Connectiondata source instead.- id str
The provider-assigned unique ID for this managed resource.
- enabled
Clients List<String> IDs of the clients for which the connection is enabled. Reading the enabled clients through this attribute is deprecated and it will be removed in a future major version. Use the
auth0.Connectiondata source instead.- id String
The provider-assigned unique ID for this managed resource.
Look up Existing Connection Resource
Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
enabled_clients: Optional[Sequence[str]] = None,
is_domain_connection: Optional[bool] = None,
metadata: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
options: Optional[ConnectionOptionsArgs] = None,
realms: Optional[Sequence[str]] = None,
show_as_button: Optional[bool] = None,
strategy: Optional[str] = None) -> Connectionfunc GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)public static Connection get(String name, Output<String> id, ConnectionState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Display
Name string Name used in login screen.
- Enabled
Clients List<string> IDs of the clients for which the connection is enabled. Reading the enabled clients through this attribute is deprecated and it will be removed in a future major version. Use the
auth0.Connectiondata source instead.- Is
Domain boolConnection Indicates whether the connection is domain level.
- Metadata Dictionary<string, string>
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Name string
Name of the connection.
- Options
Connection
Options Configuration settings for connection options.
- Realms List<string>
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
Display connection as a button. Only available on enterprise connections.
- Strategy string
Type of the connection, which indicates the identity provider.
- Display
Name string Name used in login screen.
- Enabled
Clients []string IDs of the clients for which the connection is enabled. Reading the enabled clients through this attribute is deprecated and it will be removed in a future major version. Use the
auth0.Connectiondata source instead.- Is
Domain boolConnection Indicates whether the connection is domain level.
- Metadata map[string]string
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Name string
Name of the connection.
- Options
Connection
Options Args Configuration settings for connection options.
- Realms []string
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
Display connection as a button. Only available on enterprise connections.
- Strategy string
Type of the connection, which indicates the identity provider.
- display
Name String Name used in login screen.
- enabled
Clients List<String> IDs of the clients for which the connection is enabled. Reading the enabled clients through this attribute is deprecated and it will be removed in a future major version. Use the
auth0.Connectiondata source instead.- is
Domain BooleanConnection Indicates whether the connection is domain level.
- metadata Map<String,String>
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name String
Name of the connection.
- options
Connection
Options Configuration settings for connection options.
- realms List<String>
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
Display connection as a button. Only available on enterprise connections.
- strategy String
Type of the connection, which indicates the identity provider.
- display
Name string Name used in login screen.
- enabled
Clients string[] IDs of the clients for which the connection is enabled. Reading the enabled clients through this attribute is deprecated and it will be removed in a future major version. Use the
auth0.Connectiondata source instead.- is
Domain booleanConnection Indicates whether the connection is domain level.
- metadata {[key: string]: string}
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name string
Name of the connection.
- options
Connection
Options Configuration settings for connection options.
- realms string[]
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- boolean
Display connection as a button. Only available on enterprise connections.
- strategy string
Type of the connection, which indicates the identity provider.
- display_
name str Name used in login screen.
- enabled_
clients Sequence[str] IDs of the clients for which the connection is enabled. Reading the enabled clients through this attribute is deprecated and it will be removed in a future major version. Use the
auth0.Connectiondata source instead.- is_
domain_ boolconnection Indicates whether the connection is domain level.
- metadata Mapping[str, str]
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name str
Name of the connection.
- options
Connection
Options Args Configuration settings for connection options.
- realms Sequence[str]
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
Display connection as a button. Only available on enterprise connections.
- strategy str
Type of the connection, which indicates the identity provider.
- display
Name String Name used in login screen.
- enabled
Clients List<String> IDs of the clients for which the connection is enabled. Reading the enabled clients through this attribute is deprecated and it will be removed in a future major version. Use the
auth0.Connectiondata source instead.- is
Domain BooleanConnection Indicates whether the connection is domain level.
- metadata Map<String>
Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name String
Name of the connection.
- options Property Map
Configuration settings for connection options.
- realms List<String>
Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
Display connection as a button. Only available on enterprise connections.
- strategy String
Type of the connection, which indicates the identity provider.
Supporting Types
ConnectionOptions, ConnectionOptionsArgs
- Adfs
Server string ADFS URL where to fetch the metadata source.
- Allowed
Audiences List<string> List of allowed audiences.
- Api
Enable boolUsers Enable API Access to users.
- App
Id string App ID.
- Auth
Params Dictionary<string, string> Query string parameters to be included as part of the generated passwordless email link.
- string
Authorization endpoint.
- Brute
Force boolProtection Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- Client
Id string The strategy's client ID.
- Client
Secret string The strategy's client secret.
- Community
Base stringUrl Salesforce community base URL.
- Configuration Dictionary<string, object>
A case-sensitive map of key value pairs used as configuration variables for the
custom_script.- Custom
Scripts Dictionary<string, string> A map of scripts used to integrate with a custom database.
- Debug bool
When enabled, additional debug information will be generated.
- Digest
Algorithm string Sign Request Algorithm Digest.
- Disable
Cache bool Indicates whether to disable the cache or not.
- Disable
Self boolService Change Password Indicates whether to remove the forgot password link within the New Universal Login.
- Disable
Sign boolOut When enabled, will disable sign out.
- Disable
Signup bool Indicates whether to allow user sign-ups to your application.
- Discovery
Url string OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration.- Domain string
Domain name.
- Domain
Aliases List<string> List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- Enable
Script boolContext Set to
trueto inject context into custom DB scripts (warning: cannot be disabled once enabled).- Enabled
Database boolCustomization Set to
trueto use a legacy user store.- Entity
Id string Custom Entity ID for the connection.
- Fed
Metadata stringXml Federation Metadata for the ADFS connection.
- Fields
Map string If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- Forward
Request boolInfo Specifies whether or not request info should be forwarded to sms gateway.
- From string
Address to use as the sender.
- Gateway
Authentication ConnectionOptions Gateway Authentication Defines the parameters used to generate the auth token for the custom gateway.
- Gateway
Url string Defines a custom sms gateway to use instead of Twilio.
- Icon
Url string Icon URL.
- Identity
Api string Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0orazure-active-directory-v1.0.- Idp
Initiated ConnectionOptions Idp Initiated Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id,client_protocol, andclient_authorize_query.- Import
Mode bool Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- Ips List<string>
A list of IPs.
- Issuer string
Issuer URL, e.g.
https://auth.example.com.- Jwks
Uri string JWKS URI.
- Key
Id string Apple Key ID.
- Max
Groups stringTo Retrieve Maximum number of groups to retrieve.
- Messaging
Service stringSid SID for Copilot. Used when SMS Source is Copilot.
- Metadata
Url string The URL of the SAML metadata document.
- Metadata
Xml string The XML content for the SAML metadata document.
- Mfa
Connection
Options Mfa Configuration options for multifactor authentication.
- Name string
The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- Non
Persistent List<string>Attrs If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- Password
Complexity ConnectionOptions Options Password Complexity Options Configuration settings for password complexity.
- Password
Dictionary ConnectionOptions Password Dictionary Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- Password
Histories List<ConnectionOptions Password History> Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- Password
No ConnectionPersonal Info Options Password No Personal Info Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name,username,nickname,user_metadata.name,user_metadata.first,user_metadata.last, user'semail, or first part of the user'semail.- Password
Policy string Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none,low,fair,good,excellent.- Ping
Federate stringBase Url Ping Federate Server URL.
- Pkce
Enabled bool Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- Protocol
Binding string The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- Provider string
Defines the custom
sms_gatewayprovider.- Request
Template string Template that formats the SAML request.
- Requires
Username bool Indicates whether the user is required to provide a username in addition to an email address.
- Scopes List<string>
Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile,ext_profile,ext_nested_groups, etc.- Scripts Dictionary<string, string>
A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfilescript.- Set
User stringRoot Attributes Determines whether to sync user profile attributes (
name,given_name,family_name,nickname,picture) at each login or only on the first login. Options include:on_each_login,on_first_login. Default value:on_each_login.- Should
Trust stringEmail Verified Connection Choose how Auth0 sets the email_verified field in the user profile.
- Sign
In stringEndpoint SAML single login URL for the connection.
- Sign
Out stringEndpoint SAML single logout URL for the connection.
- Sign
Saml boolRequest When enabled, the SAML authentication request will be signed.
- Signature
Algorithm string Sign Request Algorithm.
- Signing
Cert string X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- Signing
Key ConnectionOptions Signing Key The key used to sign requests in the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively.- Strategy
Version int Version 1 is deprecated, use version 2.
- Subject string
Subject line of the email.
- Syntax string
Syntax of the template body.
- Team
Id string Apple Team ID.
- Template string
Body of the template.
- Tenant
Domain string Tenant domain name.
- Token
Endpoint string Token endpoint.
- Totp
Connection
Options Totp Configuration options for one-time passwords.
- Twilio
Sid string SID for your Twilio account.
- Twilio
Token string AuthToken for your Twilio account.
- Type string
Value can be
back_channelorfront_channel. Front Channel will use OIDC protocol withresponse_mode=form_postandresponse_type=id_token. Back Channel will useresponse_type=code.- Upstream
Params string You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- Use
Cert boolAuth Indicates whether to use cert auth or not.
- Use
Kerberos bool Indicates whether to use Kerberos or not.
- Use
Wsfed bool Whether to use WS-Fed.
- User
Id stringAttribute Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- Userinfo
Endpoint string User info endpoint.
- Validation
Connection
Options Validation Validation of the minimum and maximum values allowed for a user to have as username.
- Waad
Common boolEndpoint Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- Waad
Protocol string Protocol to use.
- Adfs
Server string ADFS URL where to fetch the metadata source.
- Allowed
Audiences []string List of allowed audiences.
- Api
Enable boolUsers Enable API Access to users.
- App
Id string App ID.
- Auth
Params map[string]string Query string parameters to be included as part of the generated passwordless email link.
- string
Authorization endpoint.
- Brute
Force boolProtection Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- Client
Id string The strategy's client ID.
- Client
Secret string The strategy's client secret.
- Community
Base stringUrl Salesforce community base URL.
- Configuration map[string]interface{}
A case-sensitive map of key value pairs used as configuration variables for the
custom_script.- Custom
Scripts map[string]string A map of scripts used to integrate with a custom database.
- Debug bool
When enabled, additional debug information will be generated.
- Digest
Algorithm string Sign Request Algorithm Digest.
- Disable
Cache bool Indicates whether to disable the cache or not.
- Disable
Self boolService Change Password Indicates whether to remove the forgot password link within the New Universal Login.
- Disable
Sign boolOut When enabled, will disable sign out.
- Disable
Signup bool Indicates whether to allow user sign-ups to your application.
- Discovery
Url string OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration.- Domain string
Domain name.
- Domain
Aliases []string List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- Enable
Script boolContext Set to
trueto inject context into custom DB scripts (warning: cannot be disabled once enabled).- Enabled
Database boolCustomization Set to
trueto use a legacy user store.- Entity
Id string Custom Entity ID for the connection.
- Fed
Metadata stringXml Federation Metadata for the ADFS connection.
- Fields
Map string If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- Forward
Request boolInfo Specifies whether or not request info should be forwarded to sms gateway.
- From string
Address to use as the sender.
- Gateway
Authentication ConnectionOptions Gateway Authentication Defines the parameters used to generate the auth token for the custom gateway.
- Gateway
Url string Defines a custom sms gateway to use instead of Twilio.
- Icon
Url string Icon URL.
- Identity
Api string Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0orazure-active-directory-v1.0.- Idp
Initiated ConnectionOptions Idp Initiated Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id,client_protocol, andclient_authorize_query.- Import
Mode bool Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- Ips []string
A list of IPs.
- Issuer string
Issuer URL, e.g.
https://auth.example.com.- Jwks
Uri string JWKS URI.
- Key
Id string Apple Key ID.
- Max
Groups stringTo Retrieve Maximum number of groups to retrieve.
- Messaging
Service stringSid SID for Copilot. Used when SMS Source is Copilot.
- Metadata
Url string The URL of the SAML metadata document.
- Metadata
Xml string The XML content for the SAML metadata document.
- Mfa
Connection
Options Mfa Configuration options for multifactor authentication.
- Name string
The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- Non
Persistent []stringAttrs If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- Password
Complexity ConnectionOptions Options Password Complexity Options Configuration settings for password complexity.
- Password
Dictionary ConnectionOptions Password Dictionary Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- Password
Histories []ConnectionOptions Password History Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- Password
No ConnectionPersonal Info Options Password No Personal Info Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name,username,nickname,user_metadata.name,user_metadata.first,user_metadata.last, user'semail, or first part of the user'semail.- Password
Policy string Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none,low,fair,good,excellent.- Ping
Federate stringBase Url Ping Federate Server URL.
- Pkce
Enabled bool Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- Protocol
Binding string The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- Provider string
Defines the custom
sms_gatewayprovider.- Request
Template string Template that formats the SAML request.
- Requires
Username bool Indicates whether the user is required to provide a username in addition to an email address.
- Scopes []string
Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile,ext_profile,ext_nested_groups, etc.- Scripts map[string]string
A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfilescript.- Set
User stringRoot Attributes Determines whether to sync user profile attributes (
name,given_name,family_name,nickname,picture) at each login or only on the first login. Options include:on_each_login,on_first_login. Default value:on_each_login.- Should
Trust stringEmail Verified Connection Choose how Auth0 sets the email_verified field in the user profile.
- Sign
In stringEndpoint SAML single login URL for the connection.
- Sign
Out stringEndpoint SAML single logout URL for the connection.
- Sign
Saml boolRequest When enabled, the SAML authentication request will be signed.
- Signature
Algorithm string Sign Request Algorithm.
- Signing
Cert string X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- Signing
Key ConnectionOptions Signing Key The key used to sign requests in the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively.- Strategy
Version int Version 1 is deprecated, use version 2.
- Subject string
Subject line of the email.
- Syntax string
Syntax of the template body.
- Team
Id string Apple Team ID.
- Template string
Body of the template.
- Tenant
Domain string Tenant domain name.
- Token
Endpoint string Token endpoint.
- Totp
Connection
Options Totp Configuration options for one-time passwords.
- Twilio
Sid string SID for your Twilio account.
- Twilio
Token string AuthToken for your Twilio account.
- Type string
Value can be
back_channelorfront_channel. Front Channel will use OIDC protocol withresponse_mode=form_postandresponse_type=id_token. Back Channel will useresponse_type=code.- Upstream
Params string You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- Use
Cert boolAuth Indicates whether to use cert auth or not.
- Use
Kerberos bool Indicates whether to use Kerberos or not.
- Use
Wsfed bool Whether to use WS-Fed.
- User
Id stringAttribute Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- Userinfo
Endpoint string User info endpoint.
- Validation
Connection
Options Validation Validation of the minimum and maximum values allowed for a user to have as username.
- Waad
Common boolEndpoint Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- Waad
Protocol string Protocol to use.
- adfs
Server String ADFS URL where to fetch the metadata source.
- allowed
Audiences List<String> List of allowed audiences.
- api
Enable BooleanUsers Enable API Access to users.
- app
Id String App ID.
- auth
Params Map<String,String> Query string parameters to be included as part of the generated passwordless email link.
- String
Authorization endpoint.
- brute
Force BooleanProtection Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client
Id String The strategy's client ID.
- client
Secret String The strategy's client secret.
- community
Base StringUrl Salesforce community base URL.
- configuration Map<String,Object>
A case-sensitive map of key value pairs used as configuration variables for the
custom_script.- custom
Scripts Map<String,String> A map of scripts used to integrate with a custom database.
- debug Boolean
When enabled, additional debug information will be generated.
- digest
Algorithm String Sign Request Algorithm Digest.
- disable
Cache Boolean Indicates whether to disable the cache or not.
- disable
Self BooleanService Change Password Indicates whether to remove the forgot password link within the New Universal Login.
- disable
Sign BooleanOut When enabled, will disable sign out.
- disable
Signup Boolean Indicates whether to allow user sign-ups to your application.
- discovery
Url String OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration.- domain String
Domain name.
- domain
Aliases List<String> List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- enable
Script BooleanContext Set to
trueto inject context into custom DB scripts (warning: cannot be disabled once enabled).- enabled
Database BooleanCustomization Set to
trueto use a legacy user store.- entity
Id String Custom Entity ID for the connection.
- fed
Metadata StringXml Federation Metadata for the ADFS connection.
- fields
Map String If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward
Request BooleanInfo Specifies whether or not request info should be forwarded to sms gateway.
- from String
Address to use as the sender.
- gateway
Authentication ConnectionOptions Gateway Authentication Defines the parameters used to generate the auth token for the custom gateway.
- gateway
Url String Defines a custom sms gateway to use instead of Twilio.
- icon
Url String Icon URL.
- identity
Api String Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0orazure-active-directory-v1.0.- idp
Initiated ConnectionOptions Idp Initiated Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id,client_protocol, andclient_authorize_query.- import
Mode Boolean Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- ips List<String>
A list of IPs.
- issuer String
Issuer URL, e.g.
https://auth.example.com.- jwks
Uri String JWKS URI.
- key
Id String Apple Key ID.
- max
Groups StringTo Retrieve Maximum number of groups to retrieve.
- messaging
Service StringSid SID for Copilot. Used when SMS Source is Copilot.
- metadata
Url String The URL of the SAML metadata document.
- metadata
Xml String The XML content for the SAML metadata document.
- mfa
Connection
Options Mfa Configuration options for multifactor authentication.
- name String
The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- non
Persistent List<String>Attrs If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- password
Complexity ConnectionOptions Options Password Complexity Options Configuration settings for password complexity.
- password
Dictionary ConnectionOptions Password Dictionary Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- password
Histories List<ConnectionOptions Password History> Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- password
No ConnectionPersonal Info Options Password No Personal Info Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name,username,nickname,user_metadata.name,user_metadata.first,user_metadata.last, user'semail, or first part of the user'semail.- password
Policy String Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none,low,fair,good,excellent.- ping
Federate StringBase Url Ping Federate Server URL.
- pkce
Enabled Boolean Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- protocol
Binding String The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- provider String
Defines the custom
sms_gatewayprovider.- request
Template String Template that formats the SAML request.
- requires
Username Boolean Indicates whether the user is required to provide a username in addition to an email address.
- scopes List<String>
Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile,ext_profile,ext_nested_groups, etc.- scripts Map<String,String>
A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfilescript.- set
User StringRoot Attributes Determines whether to sync user profile attributes (
name,given_name,family_name,nickname,picture) at each login or only on the first login. Options include:on_each_login,on_first_login. Default value:on_each_login.- should
Trust StringEmail Verified Connection Choose how Auth0 sets the email_verified field in the user profile.
- sign
In StringEndpoint SAML single login URL for the connection.
- sign
Out StringEndpoint SAML single logout URL for the connection.
- sign
Saml BooleanRequest When enabled, the SAML authentication request will be signed.
- signature
Algorithm String Sign Request Algorithm.
- signing
Cert String X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- signing
Key ConnectionOptions Signing Key The key used to sign requests in the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively.- strategy
Version Integer Version 1 is deprecated, use version 2.
- subject String
Subject line of the email.
- syntax String
Syntax of the template body.
- team
Id String Apple Team ID.
- template String
Body of the template.
- tenant
Domain String Tenant domain name.
- token
Endpoint String Token endpoint.
- totp
Connection
Options Totp Configuration options for one-time passwords.
- twilio
Sid String SID for your Twilio account.
- twilio
Token String AuthToken for your Twilio account.
- type String
Value can be
back_channelorfront_channel. Front Channel will use OIDC protocol withresponse_mode=form_postandresponse_type=id_token. Back Channel will useresponse_type=code.- upstream
Params String You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- use
Cert BooleanAuth Indicates whether to use cert auth or not.
- use
Kerberos Boolean Indicates whether to use Kerberos or not.
- use
Wsfed Boolean Whether to use WS-Fed.
- user
Id StringAttribute Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- userinfo
Endpoint String User info endpoint.
- validation
Connection
Options Validation Validation of the minimum and maximum values allowed for a user to have as username.
- waad
Common BooleanEndpoint Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad
Protocol String Protocol to use.
- adfs
Server string ADFS URL where to fetch the metadata source.
- allowed
Audiences string[] List of allowed audiences.
- api
Enable booleanUsers Enable API Access to users.
- app
Id string App ID.
- auth
Params {[key: string]: string} Query string parameters to be included as part of the generated passwordless email link.
- string
Authorization endpoint.
- brute
Force booleanProtection Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client
Id string The strategy's client ID.
- client
Secret string The strategy's client secret.
- community
Base stringUrl Salesforce community base URL.
- configuration {[key: string]: any}
A case-sensitive map of key value pairs used as configuration variables for the
custom_script.- custom
Scripts {[key: string]: string} A map of scripts used to integrate with a custom database.
- debug boolean
When enabled, additional debug information will be generated.
- digest
Algorithm string Sign Request Algorithm Digest.
- disable
Cache boolean Indicates whether to disable the cache or not.
- disable
Self booleanService Change Password Indicates whether to remove the forgot password link within the New Universal Login.
- disable
Sign booleanOut When enabled, will disable sign out.
- disable
Signup boolean Indicates whether to allow user sign-ups to your application.
- discovery
Url string OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration.- domain string
Domain name.
- domain
Aliases string[] List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- enable
Script booleanContext Set to
trueto inject context into custom DB scripts (warning: cannot be disabled once enabled).- enabled
Database booleanCustomization Set to
trueto use a legacy user store.- entity
Id string Custom Entity ID for the connection.
- fed
Metadata stringXml Federation Metadata for the ADFS connection.
- fields
Map string If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward
Request booleanInfo Specifies whether or not request info should be forwarded to sms gateway.
- from string
Address to use as the sender.
- gateway
Authentication ConnectionOptions Gateway Authentication Defines the parameters used to generate the auth token for the custom gateway.
- gateway
Url string Defines a custom sms gateway to use instead of Twilio.
- icon
Url string Icon URL.
- identity
Api string Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0orazure-active-directory-v1.0.- idp
Initiated ConnectionOptions Idp Initiated Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id,client_protocol, andclient_authorize_query.- import
Mode boolean Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- ips string[]
A list of IPs.
- issuer string
Issuer URL, e.g.
https://auth.example.com.- jwks
Uri string JWKS URI.
- key
Id string Apple Key ID.
- max
Groups stringTo Retrieve Maximum number of groups to retrieve.
- messaging
Service stringSid SID for Copilot. Used when SMS Source is Copilot.
- metadata
Url string The URL of the SAML metadata document.
- metadata
Xml string The XML content for the SAML metadata document.
- mfa
Connection
Options Mfa Configuration options for multifactor authentication.
- name string
The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- non
Persistent string[]Attrs If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- password
Complexity ConnectionOptions Options Password Complexity Options Configuration settings for password complexity.
- password
Dictionary ConnectionOptions Password Dictionary Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- password
Histories ConnectionOptions Password History[] Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- password
No ConnectionPersonal Info Options Password No Personal Info Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name,username,nickname,user_metadata.name,user_metadata.first,user_metadata.last, user'semail, or first part of the user'semail.- password
Policy string Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none,low,fair,good,excellent.- ping
Federate stringBase Url Ping Federate Server URL.
- pkce
Enabled boolean Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- protocol
Binding string The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- provider string
Defines the custom
sms_gatewayprovider.- request
Template string Template that formats the SAML request.
- requires
Username boolean Indicates whether the user is required to provide a username in addition to an email address.
- scopes string[]
Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile,ext_profile,ext_nested_groups, etc.- scripts {[key: string]: string}
A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfilescript.- set
User stringRoot Attributes Determines whether to sync user profile attributes (
name,given_name,family_name,nickname,picture) at each login or only on the first login. Options include:on_each_login,on_first_login. Default value:on_each_login.- should
Trust stringEmail Verified Connection Choose how Auth0 sets the email_verified field in the user profile.
- sign
In stringEndpoint SAML single login URL for the connection.
- sign
Out stringEndpoint SAML single logout URL for the connection.
- sign
Saml booleanRequest When enabled, the SAML authentication request will be signed.
- signature
Algorithm string Sign Request Algorithm.
- signing
Cert string X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- signing
Key ConnectionOptions Signing Key The key used to sign requests in the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively.- strategy
Version number Version 1 is deprecated, use version 2.
- subject string
Subject line of the email.
- syntax string
Syntax of the template body.
- team
Id string Apple Team ID.
- template string
Body of the template.
- tenant
Domain string Tenant domain name.
- token
Endpoint string Token endpoint.
- totp
Connection
Options Totp Configuration options for one-time passwords.
- twilio
Sid string SID for your Twilio account.
- twilio
Token string AuthToken for your Twilio account.
- type string
Value can be
back_channelorfront_channel. Front Channel will use OIDC protocol withresponse_mode=form_postandresponse_type=id_token. Back Channel will useresponse_type=code.- upstream
Params string You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- use
Cert booleanAuth Indicates whether to use cert auth or not.
- use
Kerberos boolean Indicates whether to use Kerberos or not.
- use
Wsfed boolean Whether to use WS-Fed.
- user
Id stringAttribute Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- userinfo
Endpoint string User info endpoint.
- validation
Connection
Options Validation Validation of the minimum and maximum values allowed for a user to have as username.
- waad
Common booleanEndpoint Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad
Protocol string Protocol to use.
- adfs_
server str ADFS URL where to fetch the metadata source.
- allowed_
audiences Sequence[str] List of allowed audiences.
- api_
enable_ boolusers Enable API Access to users.
- app_
id str App ID.
- auth_
params Mapping[str, str] Query string parameters to be included as part of the generated passwordless email link.
- str
Authorization endpoint.
- brute_
force_ boolprotection Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client_
id str The strategy's client ID.
- client_
secret str The strategy's client secret.
- community_
base_ strurl Salesforce community base URL.
- configuration Mapping[str, Any]
A case-sensitive map of key value pairs used as configuration variables for the
custom_script.- custom_
scripts Mapping[str, str] A map of scripts used to integrate with a custom database.
- debug bool
When enabled, additional debug information will be generated.
- digest_
algorithm str Sign Request Algorithm Digest.
- disable_
cache bool Indicates whether to disable the cache or not.
- disable_
self_ boolservice_ change_ password Indicates whether to remove the forgot password link within the New Universal Login.
- disable_
sign_ boolout When enabled, will disable sign out.
- disable_
signup bool Indicates whether to allow user sign-ups to your application.
- discovery_
url str OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration.- domain str
Domain name.
- domain_
aliases Sequence[str] List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- enable_
script_ boolcontext Set to
trueto inject context into custom DB scripts (warning: cannot be disabled once enabled).- enabled_
database_ boolcustomization Set to
trueto use a legacy user store.- entity_
id str Custom Entity ID for the connection.
- fed_
metadata_ strxml Federation Metadata for the ADFS connection.
- fields_
map str If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward_
request_ boolinfo Specifies whether or not request info should be forwarded to sms gateway.
- from_ str
Address to use as the sender.
- gateway_
authentication ConnectionOptions Gateway Authentication Defines the parameters used to generate the auth token for the custom gateway.
- gateway_
url str Defines a custom sms gateway to use instead of Twilio.
- icon_
url str Icon URL.
- identity_
api str Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0orazure-active-directory-v1.0.- idp_
initiated ConnectionOptions Idp Initiated Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id,client_protocol, andclient_authorize_query.- import_
mode bool Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- ips Sequence[str]
A list of IPs.
- issuer str
Issuer URL, e.g.
https://auth.example.com.- jwks_
uri str JWKS URI.
- key_
id str Apple Key ID.
- max_
groups_ strto_ retrieve Maximum number of groups to retrieve.
- messaging_
service_ strsid SID for Copilot. Used when SMS Source is Copilot.
- metadata_
url str The URL of the SAML metadata document.
- metadata_
xml str The XML content for the SAML metadata document.
- mfa
Connection
Options Mfa Configuration options for multifactor authentication.
- name str
The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- non_
persistent_ Sequence[str]attrs If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- password_
complexity_ Connectionoptions Options Password Complexity Options Configuration settings for password complexity.
- password_
dictionary ConnectionOptions Password Dictionary Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- password_
histories Sequence[ConnectionOptions Password History] Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- password_
no_ Connectionpersonal_ info Options Password No Personal Info Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name,username,nickname,user_metadata.name,user_metadata.first,user_metadata.last, user'semail, or first part of the user'semail.- password_
policy str Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none,low,fair,good,excellent.- ping_
federate_ strbase_ url Ping Federate Server URL.
- pkce_
enabled bool Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- protocol_
binding str The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- provider str
Defines the custom
sms_gatewayprovider.- request_
template str Template that formats the SAML request.
- requires_
username bool Indicates whether the user is required to provide a username in addition to an email address.
- scopes Sequence[str]
Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile,ext_profile,ext_nested_groups, etc.- scripts Mapping[str, str]
A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfilescript.- set_
user_ strroot_ attributes Determines whether to sync user profile attributes (
name,given_name,family_name,nickname,picture) at each login or only on the first login. Options include:on_each_login,on_first_login. Default value:on_each_login.- should_
trust_ stremail_ verified_ connection Choose how Auth0 sets the email_verified field in the user profile.
- sign_
in_ strendpoint SAML single login URL for the connection.
- sign_
out_ strendpoint SAML single logout URL for the connection.
- sign_
saml_ boolrequest When enabled, the SAML authentication request will be signed.
- signature_
algorithm str Sign Request Algorithm.
- signing_
cert str X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- signing_
key ConnectionOptions Signing Key The key used to sign requests in the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively.- strategy_
version int Version 1 is deprecated, use version 2.
- subject str
Subject line of the email.
- syntax str
Syntax of the template body.
- team_
id str Apple Team ID.
- template str
Body of the template.
- tenant_
domain str Tenant domain name.
- token_
endpoint str Token endpoint.
- totp
Connection
Options Totp Configuration options for one-time passwords.
- twilio_
sid str SID for your Twilio account.
- twilio_
token str AuthToken for your Twilio account.
- type str
Value can be
back_channelorfront_channel. Front Channel will use OIDC protocol withresponse_mode=form_postandresponse_type=id_token. Back Channel will useresponse_type=code.- upstream_
params str You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- use_
cert_ boolauth Indicates whether to use cert auth or not.
- use_
kerberos bool Indicates whether to use Kerberos or not.
- use_
wsfed bool Whether to use WS-Fed.
- user_
id_ strattribute Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- userinfo_
endpoint str User info endpoint.
- validation
Connection
Options Validation Validation of the minimum and maximum values allowed for a user to have as username.
- waad_
common_ boolendpoint Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad_
protocol str Protocol to use.
- adfs
Server String ADFS URL where to fetch the metadata source.
- allowed
Audiences List<String> List of allowed audiences.
- api
Enable BooleanUsers Enable API Access to users.
- app
Id String App ID.
- auth
Params Map<String> Query string parameters to be included as part of the generated passwordless email link.
- String
Authorization endpoint.
- brute
Force BooleanProtection Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client
Id String The strategy's client ID.
- client
Secret String The strategy's client secret.
- community
Base StringUrl Salesforce community base URL.
- configuration Map<Any>
A case-sensitive map of key value pairs used as configuration variables for the
custom_script.- custom
Scripts Map<String> A map of scripts used to integrate with a custom database.
- debug Boolean
When enabled, additional debug information will be generated.
- digest
Algorithm String Sign Request Algorithm Digest.
- disable
Cache Boolean Indicates whether to disable the cache or not.
- disable
Self BooleanService Change Password Indicates whether to remove the forgot password link within the New Universal Login.
- disable
Sign BooleanOut When enabled, will disable sign out.
- disable
Signup Boolean Indicates whether to allow user sign-ups to your application.
- discovery
Url String OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration.- domain String
Domain name.
- domain
Aliases List<String> List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- enable
Script BooleanContext Set to
trueto inject context into custom DB scripts (warning: cannot be disabled once enabled).- enabled
Database BooleanCustomization Set to
trueto use a legacy user store.- entity
Id String Custom Entity ID for the connection.
- fed
Metadata StringXml Federation Metadata for the ADFS connection.
- fields
Map String If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward
Request BooleanInfo Specifies whether or not request info should be forwarded to sms gateway.
- from String
Address to use as the sender.
- gateway
Authentication Property Map Defines the parameters used to generate the auth token for the custom gateway.
- gateway
Url String Defines a custom sms gateway to use instead of Twilio.
- icon
Url String Icon URL.
- identity
Api String Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0orazure-active-directory-v1.0.- idp
Initiated Property Map Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id,client_protocol, andclient_authorize_query.- import
Mode Boolean Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- ips List<String>
A list of IPs.
- issuer String
Issuer URL, e.g.
https://auth.example.com.- jwks
Uri String JWKS URI.
- key
Id String Apple Key ID.
- max
Groups StringTo Retrieve Maximum number of groups to retrieve.
- messaging
Service StringSid SID for Copilot. Used when SMS Source is Copilot.
- metadata
Url String The URL of the SAML metadata document.
- metadata
Xml String The XML content for the SAML metadata document.
- mfa Property Map
Configuration options for multifactor authentication.
- name String
The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- non
Persistent List<String>Attrs If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- password
Complexity Property MapOptions Configuration settings for password complexity.
- password
Dictionary Property Map Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- password
Histories List<Property Map> Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- password
No Property MapPersonal Info Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name,username,nickname,user_metadata.name,user_metadata.first,user_metadata.last, user'semail, or first part of the user'semail.- password
Policy String Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none,low,fair,good,excellent.- ping
Federate StringBase Url Ping Federate Server URL.
- pkce
Enabled Boolean Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- protocol
Binding String The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- provider String
Defines the custom
sms_gatewayprovider.- request
Template String Template that formats the SAML request.
- requires
Username Boolean Indicates whether the user is required to provide a username in addition to an email address.
- scopes List<String>
Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile,ext_profile,ext_nested_groups, etc.- scripts Map<String>
A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfilescript.- set
User StringRoot Attributes Determines whether to sync user profile attributes (
name,given_name,family_name,nickname,picture) at each login or only on the first login. Options include:on_each_login,on_first_login. Default value:on_each_login.- should
Trust StringEmail Verified Connection Choose how Auth0 sets the email_verified field in the user profile.
- sign
In StringEndpoint SAML single login URL for the connection.
- sign
Out StringEndpoint SAML single logout URL for the connection.
- sign
Saml BooleanRequest When enabled, the SAML authentication request will be signed.
- signature
Algorithm String Sign Request Algorithm.
- signing
Cert String X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- signing
Key Property Map The key used to sign requests in the connection. Uses the
keyandcertproperties to provide the private key and certificate respectively.- strategy
Version Number Version 1 is deprecated, use version 2.
- subject String
Subject line of the email.
- syntax String
Syntax of the template body.
- team
Id String Apple Team ID.
- template String
Body of the template.
- tenant
Domain String Tenant domain name.
- token
Endpoint String Token endpoint.
- totp Property Map
Configuration options for one-time passwords.
- twilio
Sid String SID for your Twilio account.
- twilio
Token String AuthToken for your Twilio account.
- type String
Value can be
back_channelorfront_channel. Front Channel will use OIDC protocol withresponse_mode=form_postandresponse_type=id_token. Back Channel will useresponse_type=code.- upstream
Params String You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- use
Cert BooleanAuth Indicates whether to use cert auth or not.
- use
Kerberos Boolean Indicates whether to use Kerberos or not.
- use
Wsfed Boolean Whether to use WS-Fed.
- user
Id StringAttribute Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- userinfo
Endpoint String User info endpoint.
- validation Property Map
Validation of the minimum and maximum values allowed for a user to have as username.
- waad
Common BooleanEndpoint Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad
Protocol String Protocol to use.
ConnectionOptionsGatewayAuthentication, ConnectionOptionsGatewayAuthenticationArgs
- Audience string
- Method string
- Secret string
- Secret
Base64Encoded bool - Subject string
- Audience string
- Method string
- Secret string
- Secret
Base64Encoded bool - Subject string
- audience String
- method String
- secret String
- secret
Base64Encoded Boolean - subject String
- audience string
- method string
- secret string
- secret
Base64Encoded boolean - subject string
- audience str
- method str
- secret str
- secret_
base64_ boolencoded - subject str
- audience String
- method String
- secret String
- secret
Base64Encoded Boolean - subject String
ConnectionOptionsIdpInitiated, ConnectionOptionsIdpInitiatedArgs
- string
- Client
Id string - Client
Protocol string
- string
- Client
Id string - Client
Protocol string
- String
- client
Id String - client
Protocol String
- string
- client
Id string - client
Protocol string
- str
- client_
id str - client_
protocol str
- String
- client
Id String - client
Protocol String
ConnectionOptionsMfa, ConnectionOptionsMfaArgs
- Active bool
- Return
Enroll boolSettings
- Active bool
- Return
Enroll boolSettings
- active Boolean
- return
Enroll BooleanSettings
- active boolean
- return
Enroll booleanSettings
- active bool
- return_
enroll_ boolsettings
- active Boolean
- return
Enroll BooleanSettings
ConnectionOptionsPasswordComplexityOptions, ConnectionOptionsPasswordComplexityOptionsArgs
- Min
Length int
- Min
Length int
- min
Length Integer
- min
Length number
- min_
length int
- min
Length Number
ConnectionOptionsPasswordDictionary, ConnectionOptionsPasswordDictionaryArgs
- Dictionaries List<string>
- Enable bool
- Dictionaries []string
- Enable bool
- dictionaries List<String>
- enable Boolean
- dictionaries string[]
- enable boolean
- dictionaries Sequence[str]
- enable bool
- dictionaries List<String>
- enable Boolean
ConnectionOptionsPasswordHistory, ConnectionOptionsPasswordHistoryArgs
ConnectionOptionsPasswordNoPersonalInfo, ConnectionOptionsPasswordNoPersonalInfoArgs
- Enable bool
- Enable bool
- enable Boolean
- enable boolean
- enable bool
- enable Boolean
ConnectionOptionsSigningKey, ConnectionOptionsSigningKeyArgs
ConnectionOptionsTotp, ConnectionOptionsTotpArgs
ConnectionOptionsValidation, ConnectionOptionsValidationArgs
ConnectionOptionsValidationUsername, ConnectionOptionsValidationUsernameArgs
Import
Connections can be imported using their ID. # Example
$ pulumi import auth0:index/connection:Connection google con_a17f21fdb24d48a0
Package Details
- Repository
- Auth0 pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
auth0Terraform Provider.