auth0.Connection
Explore with Pulumi AI
With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers (such as Google or LinkedIn), databases, or passwordless authentication methods. This resource allows you to configure and manage connections to be used with your clients and users.
The Auth0 dashboard displays only one connection per social provider. Although the Auth0 Management API allows the creation of multiple connections per strategy, the additional connections may not be visible in the Auth0 dashboard.
Example Usage
Google OAuth2 Connection
Your Auth0 account may be pre-configured with a
google-oauth2
connection.
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const googleOauth2 = new auth0.Connection("googleOauth2", {
options: {
allowedAudiences: [
"example.com",
"api.example.com",
],
clientId: "<client-id>",
clientSecret: "<client-secret>",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
scopes: [
"email",
"profile",
"gmail",
"youtube",
],
setUserRootAttributes: "on_each_login",
},
strategy: "google-oauth2",
});
import pulumi
import pulumi_auth0 as auth0
google_oauth2 = auth0.Connection("googleOauth2",
options=auth0.ConnectionOptionsArgs(
allowed_audiences=[
"example.com",
"api.example.com",
],
client_id="<client-id>",
client_secret="<client-secret>",
non_persistent_attrs=[
"ethnicity",
"gender",
],
scopes=[
"email",
"profile",
"gmail",
"youtube",
],
set_user_root_attributes="on_each_login",
),
strategy="google-oauth2")
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "googleOauth2", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
AllowedAudiences: pulumi.StringArray{
pulumi.String("example.com"),
pulumi.String("api.example.com"),
},
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
Scopes: pulumi.StringArray{
pulumi.String("email"),
pulumi.String("profile"),
pulumi.String("gmail"),
pulumi.String("youtube"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
},
Strategy: pulumi.String("google-oauth2"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var googleOauth2 = new Auth0.Connection("googleOauth2", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
AllowedAudiences = new[]
{
"example.com",
"api.example.com",
},
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
Scopes = new[]
{
"email",
"profile",
"gmail",
"youtube",
},
SetUserRootAttributes = "on_each_login",
},
Strategy = "google-oauth2",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var googleOauth2 = new Connection("googleOauth2", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.allowedAudiences(
"example.com",
"api.example.com")
.clientId("<client-id>")
.clientSecret("<client-secret>")
.nonPersistentAttrs(
"ethnicity",
"gender")
.scopes(
"email",
"profile",
"gmail",
"youtube")
.setUserRootAttributes("on_each_login")
.build())
.strategy("google-oauth2")
.build());
}
}
resources:
googleOauth2:
type: auth0:Connection
properties:
options:
allowedAudiences:
- example.com
- api.example.com
clientId: <client-id>
clientSecret: <client-secret>
nonPersistentAttrs:
- ethnicity
- gender
scopes:
- email
- profile
- gmail
- youtube
setUserRootAttributes: on_each_login
strategy: google-oauth2
Facebook Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const facebook = new auth0.Connection("facebook", {
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
scopes: [
"public_profile",
"email",
"groups_access_member_info",
"user_birthday",
],
setUserRootAttributes: "on_each_login",
},
strategy: "facebook",
});
import pulumi
import pulumi_auth0 as auth0
facebook = auth0.Connection("facebook",
options=auth0.ConnectionOptionsArgs(
client_id="<client-id>",
client_secret="<client-secret>",
non_persistent_attrs=[
"ethnicity",
"gender",
],
scopes=[
"public_profile",
"email",
"groups_access_member_info",
"user_birthday",
],
set_user_root_attributes="on_each_login",
),
strategy="facebook")
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "facebook", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
Scopes: pulumi.StringArray{
pulumi.String("public_profile"),
pulumi.String("email"),
pulumi.String("groups_access_member_info"),
pulumi.String("user_birthday"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
},
Strategy: pulumi.String("facebook"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var facebook = new Auth0.Connection("facebook", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
Scopes = new[]
{
"public_profile",
"email",
"groups_access_member_info",
"user_birthday",
},
SetUserRootAttributes = "on_each_login",
},
Strategy = "facebook",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var facebook = new Connection("facebook", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.nonPersistentAttrs(
"ethnicity",
"gender")
.scopes(
"public_profile",
"email",
"groups_access_member_info",
"user_birthday")
.setUserRootAttributes("on_each_login")
.build())
.strategy("facebook")
.build());
}
}
resources:
facebook:
type: auth0:Connection
properties:
options:
clientId: <client-id>
clientSecret: <client-secret>
nonPersistentAttrs:
- ethnicity
- gender
scopes:
- public_profile
- email
- groups_access_member_info
- user_birthday
setUserRootAttributes: on_each_login
strategy: facebook
Apple Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const apple = new auth0.Connection("apple", {
options: {
clientId: "<client-id>",
clientSecret: `-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----
`,
keyId: "<key-id>",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
scopes: [
"email",
"name",
],
setUserRootAttributes: "on_first_login",
teamId: "<team-id>",
},
strategy: "apple",
});
import pulumi
import pulumi_auth0 as auth0
apple = auth0.Connection("apple",
options=auth0.ConnectionOptionsArgs(
client_id="<client-id>",
client_secret="""-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----
""",
key_id="<key-id>",
non_persistent_attrs=[
"ethnicity",
"gender",
],
scopes=[
"email",
"name",
],
set_user_root_attributes="on_first_login",
team_id="<team-id>",
),
strategy="apple")
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "apple", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("-----BEGIN PRIVATE KEY-----\nMIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA\n-----END PRIVATE KEY-----\n"),
KeyId: pulumi.String("<key-id>"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
Scopes: pulumi.StringArray{
pulumi.String("email"),
pulumi.String("name"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
TeamId: pulumi.String("<team-id>"),
},
Strategy: pulumi.String("apple"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var apple = new Auth0.Connection("apple", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = @"-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----
",
KeyId = "<key-id>",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
Scopes = new[]
{
"email",
"name",
},
SetUserRootAttributes = "on_first_login",
TeamId = "<team-id>",
},
Strategy = "apple",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var apple = new Connection("apple", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("""
-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----
""")
.keyId("<key-id>")
.nonPersistentAttrs(
"ethnicity",
"gender")
.scopes(
"email",
"name")
.setUserRootAttributes("on_first_login")
.teamId("<team-id>")
.build())
.strategy("apple")
.build());
}
}
resources:
apple:
type: auth0:Connection
properties:
options:
clientId: <client-id>
clientSecret: |
-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----
keyId: <key-id>
nonPersistentAttrs:
- ethnicity
- gender
scopes:
- email
- name
setUserRootAttributes: on_first_login
teamId: <team-id>
strategy: apple
LinkedIn Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const linkedin = new auth0.Connection("linkedin", {
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
scopes: [
"basic_profile",
"profile",
"email",
],
setUserRootAttributes: "on_each_login",
strategyVersion: 2,
},
strategy: "linkedin",
});
import pulumi
import pulumi_auth0 as auth0
linkedin = auth0.Connection("linkedin",
options=auth0.ConnectionOptionsArgs(
client_id="<client-id>",
client_secret="<client-secret>",
non_persistent_attrs=[
"ethnicity",
"gender",
],
scopes=[
"basic_profile",
"profile",
"email",
],
set_user_root_attributes="on_each_login",
strategy_version=2,
),
strategy="linkedin")
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "linkedin", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
Scopes: pulumi.StringArray{
pulumi.String("basic_profile"),
pulumi.String("profile"),
pulumi.String("email"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
StrategyVersion: pulumi.Int(2),
},
Strategy: pulumi.String("linkedin"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var linkedin = new Auth0.Connection("linkedin", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
Scopes = new[]
{
"basic_profile",
"profile",
"email",
},
SetUserRootAttributes = "on_each_login",
StrategyVersion = 2,
},
Strategy = "linkedin",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var linkedin = new Connection("linkedin", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.nonPersistentAttrs(
"ethnicity",
"gender")
.scopes(
"basic_profile",
"profile",
"email")
.setUserRootAttributes("on_each_login")
.strategyVersion(2)
.build())
.strategy("linkedin")
.build());
}
}
resources:
linkedin:
type: auth0:Connection
properties:
options:
clientId: <client-id>
clientSecret: <client-secret>
nonPersistentAttrs:
- ethnicity
- gender
scopes:
- basic_profile
- profile
- email
setUserRootAttributes: on_each_login
strategyVersion: 2
strategy: linkedin
GitHub Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const github = new auth0.Connection("github", {
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
scopes: [
"email",
"profile",
"public_repo",
"repo",
],
setUserRootAttributes: "on_each_login",
},
strategy: "github",
});
import pulumi
import pulumi_auth0 as auth0
github = auth0.Connection("github",
options=auth0.ConnectionOptionsArgs(
client_id="<client-id>",
client_secret="<client-secret>",
non_persistent_attrs=[
"ethnicity",
"gender",
],
scopes=[
"email",
"profile",
"public_repo",
"repo",
],
set_user_root_attributes="on_each_login",
),
strategy="github")
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "github", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
Scopes: pulumi.StringArray{
pulumi.String("email"),
pulumi.String("profile"),
pulumi.String("public_repo"),
pulumi.String("repo"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
},
Strategy: pulumi.String("github"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var github = new Auth0.Connection("github", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
Scopes = new[]
{
"email",
"profile",
"public_repo",
"repo",
},
SetUserRootAttributes = "on_each_login",
},
Strategy = "github",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var github = new Connection("github", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.nonPersistentAttrs(
"ethnicity",
"gender")
.scopes(
"email",
"profile",
"public_repo",
"repo")
.setUserRootAttributes("on_each_login")
.build())
.strategy("github")
.build());
}
}
resources:
github:
type: auth0:Connection
properties:
options:
clientId: <client-id>
clientSecret: <client-secret>
nonPersistentAttrs:
- ethnicity
- gender
scopes:
- email
- profile
- public_repo
- repo
setUserRootAttributes: on_each_login
strategy: github
SalesForce Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const salesforce = new auth0.Connection("salesforce", {
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
communityBaseUrl: "https://salesforce.example.com",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
scopes: [
"openid",
"email",
],
setUserRootAttributes: "on_first_login",
},
strategy: "salesforce",
});
import pulumi
import pulumi_auth0 as auth0
salesforce = auth0.Connection("salesforce",
options=auth0.ConnectionOptionsArgs(
client_id="<client-id>",
client_secret="<client-secret>",
community_base_url="https://salesforce.example.com",
non_persistent_attrs=[
"ethnicity",
"gender",
],
scopes=[
"openid",
"email",
],
set_user_root_attributes="on_first_login",
),
strategy="salesforce")
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "salesforce", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
CommunityBaseUrl: pulumi.String("https://salesforce.example.com"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
Scopes: pulumi.StringArray{
pulumi.String("openid"),
pulumi.String("email"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
},
Strategy: pulumi.String("salesforce"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var salesforce = new Auth0.Connection("salesforce", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
CommunityBaseUrl = "https://salesforce.example.com",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
Scopes = new[]
{
"openid",
"email",
},
SetUserRootAttributes = "on_first_login",
},
Strategy = "salesforce",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var salesforce = new Connection("salesforce", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.communityBaseUrl("https://salesforce.example.com")
.nonPersistentAttrs(
"ethnicity",
"gender")
.scopes(
"openid",
"email")
.setUserRootAttributes("on_first_login")
.build())
.strategy("salesforce")
.build());
}
}
resources:
salesforce:
type: auth0:Connection
properties:
options:
clientId: <client-id>
clientSecret: <client-secret>
communityBaseUrl: https://salesforce.example.com
nonPersistentAttrs:
- ethnicity
- gender
scopes:
- openid
- email
setUserRootAttributes: on_first_login
strategy: salesforce
OAuth2 Connection
Also applies to following connection strategies: dropbox
, bitbucket
, paypal
, twitter
, amazon
, yahoo
, box
, wordpress
, shopify
, custom
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const oauth2 = new auth0.Connection("oauth2", {
options: {
authorizationEndpoint: "https://auth.example.com/oauth2/authorize",
clientId: "<client-id>",
clientSecret: "<client-secret>",
iconUrl: "https://auth.example.com/assets/logo.png",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
pkceEnabled: true,
scopes: [
"basic_profile",
"profile",
"email",
],
scripts: {
fetchUserProfile: ` function fetchUserProfile(accessToken, context, callback) {
return callback(new Error("Whoops!"));
}
`,
},
setUserRootAttributes: "on_each_login",
tokenEndpoint: "https://auth.example.com/oauth2/token",
},
strategy: "oauth2",
});
import pulumi
import pulumi_auth0 as auth0
oauth2 = auth0.Connection("oauth2",
options=auth0.ConnectionOptionsArgs(
authorization_endpoint="https://auth.example.com/oauth2/authorize",
client_id="<client-id>",
client_secret="<client-secret>",
icon_url="https://auth.example.com/assets/logo.png",
non_persistent_attrs=[
"ethnicity",
"gender",
],
pkce_enabled=True,
scopes=[
"basic_profile",
"profile",
"email",
],
scripts={
"fetchUserProfile": """ function fetchUserProfile(accessToken, context, callback) {
return callback(new Error("Whoops!"));
}
""",
},
set_user_root_attributes="on_each_login",
token_endpoint="https://auth.example.com/oauth2/token",
),
strategy="oauth2")
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "oauth2", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
AuthorizationEndpoint: pulumi.String("https://auth.example.com/oauth2/authorize"),
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
IconUrl: pulumi.String("https://auth.example.com/assets/logo.png"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
PkceEnabled: pulumi.Bool(true),
Scopes: pulumi.StringArray{
pulumi.String("basic_profile"),
pulumi.String("profile"),
pulumi.String("email"),
},
Scripts: pulumi.StringMap{
"fetchUserProfile": pulumi.String(" function fetchUserProfile(accessToken, context, callback) {\n return callback(new Error(\"Whoops!\"));\n }\n \n"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
TokenEndpoint: pulumi.String("https://auth.example.com/oauth2/token"),
},
Strategy: pulumi.String("oauth2"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var oauth2 = new Auth0.Connection("oauth2", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
AuthorizationEndpoint = "https://auth.example.com/oauth2/authorize",
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
IconUrl = "https://auth.example.com/assets/logo.png",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
PkceEnabled = true,
Scopes = new[]
{
"basic_profile",
"profile",
"email",
},
Scripts =
{
{ "fetchUserProfile", @" function fetchUserProfile(accessToken, context, callback) {
return callback(new Error(""Whoops!""));
}
" },
},
SetUserRootAttributes = "on_each_login",
TokenEndpoint = "https://auth.example.com/oauth2/token",
},
Strategy = "oauth2",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var oauth2 = new Connection("oauth2", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.authorizationEndpoint("https://auth.example.com/oauth2/authorize")
.clientId("<client-id>")
.clientSecret("<client-secret>")
.iconUrl("https://auth.example.com/assets/logo.png")
.nonPersistentAttrs(
"ethnicity",
"gender")
.pkceEnabled(true)
.scopes(
"basic_profile",
"profile",
"email")
.scripts(Map.of("fetchUserProfile", """
function fetchUserProfile(accessToken, context, callback) {
return callback(new Error("Whoops!"));
}
"""))
.setUserRootAttributes("on_each_login")
.tokenEndpoint("https://auth.example.com/oauth2/token")
.build())
.strategy("oauth2")
.build());
}
}
resources:
oauth2:
type: auth0:Connection
properties:
options:
authorizationEndpoint: https://auth.example.com/oauth2/authorize
clientId: <client-id>
clientSecret: <client-secret>
iconUrl: https://auth.example.com/assets/logo.png
nonPersistentAttrs:
- ethnicity
- gender
pkceEnabled: true
scopes:
- basic_profile
- profile
- email
scripts:
fetchUserProfile: " function fetchUserProfile(accessToken, context, callback) {\n return callback(new Error(\"Whoops!\"));\n }\n \n"
setUserRootAttributes: on_each_login
tokenEndpoint: https://auth.example.com/oauth2/token
strategy: oauth2
SMS Connection
To be able to see this in the management dashboard as well, the name of the connection must be set to “sms”.
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const sms = new auth0.Connection("sms", {
isDomainConnection: false,
options: {
bruteForceProtection: true,
disableSignup: false,
forwardRequestInfo: true,
from: "+15555555555",
gatewayAuthentication: {
audience: "https://somewhere.com/sms-gateway",
method: "bearer",
secret: "4e2680bb74ec2ae24736476dd37ed6c2",
secretBase64Encoded: false,
subject: "test.us.auth0.com:sms",
},
gatewayUrl: "https://somewhere.com/sms-gateway",
name: "sms",
provider: "sms_gateway",
syntax: "md_with_macros",
template: "@@password@@",
totp: {
length: 6,
timeStep: 300,
},
},
strategy: "sms",
});
import pulumi
import pulumi_auth0 as auth0
sms = auth0.Connection("sms",
is_domain_connection=False,
options=auth0.ConnectionOptionsArgs(
brute_force_protection=True,
disable_signup=False,
forward_request_info=True,
from_="+15555555555",
gateway_authentication=auth0.ConnectionOptionsGatewayAuthenticationArgs(
audience="https://somewhere.com/sms-gateway",
method="bearer",
secret="4e2680bb74ec2ae24736476dd37ed6c2",
secret_base64_encoded=False,
subject="test.us.auth0.com:sms",
),
gateway_url="https://somewhere.com/sms-gateway",
name="sms",
provider="sms_gateway",
syntax="md_with_macros",
template="@@password@@",
totp=auth0.ConnectionOptionsTotpArgs(
length=6,
time_step=300,
),
),
strategy="sms")
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "sms", &auth0.ConnectionArgs{
IsDomainConnection: pulumi.Bool(false),
Options: &auth0.ConnectionOptionsArgs{
BruteForceProtection: pulumi.Bool(true),
DisableSignup: pulumi.Bool(false),
ForwardRequestInfo: pulumi.Bool(true),
From: pulumi.String("+15555555555"),
GatewayAuthentication: &auth0.ConnectionOptionsGatewayAuthenticationArgs{
Audience: pulumi.String("https://somewhere.com/sms-gateway"),
Method: pulumi.String("bearer"),
Secret: pulumi.String("4e2680bb74ec2ae24736476dd37ed6c2"),
SecretBase64Encoded: pulumi.Bool(false),
Subject: pulumi.String("test.us.auth0.com:sms"),
},
GatewayUrl: pulumi.String("https://somewhere.com/sms-gateway"),
Name: pulumi.String("sms"),
Provider: pulumi.String("sms_gateway"),
Syntax: pulumi.String("md_with_macros"),
Template: pulumi.String("@@password@@"),
Totp: &auth0.ConnectionOptionsTotpArgs{
Length: pulumi.Int(6),
TimeStep: pulumi.Int(300),
},
},
Strategy: pulumi.String("sms"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var sms = new Auth0.Connection("sms", new()
{
IsDomainConnection = false,
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
BruteForceProtection = true,
DisableSignup = false,
ForwardRequestInfo = true,
From = "+15555555555",
GatewayAuthentication = new Auth0.Inputs.ConnectionOptionsGatewayAuthenticationArgs
{
Audience = "https://somewhere.com/sms-gateway",
Method = "bearer",
Secret = "4e2680bb74ec2ae24736476dd37ed6c2",
SecretBase64Encoded = false,
Subject = "test.us.auth0.com:sms",
},
GatewayUrl = "https://somewhere.com/sms-gateway",
Name = "sms",
Provider = "sms_gateway",
Syntax = "md_with_macros",
Template = "@@password@@",
Totp = new Auth0.Inputs.ConnectionOptionsTotpArgs
{
Length = 6,
TimeStep = 300,
},
},
Strategy = "sms",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsGatewayAuthenticationArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsTotpArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var sms = new Connection("sms", ConnectionArgs.builder()
.isDomainConnection(false)
.options(ConnectionOptionsArgs.builder()
.bruteForceProtection(true)
.disableSignup(false)
.forwardRequestInfo(true)
.from("+15555555555")
.gatewayAuthentication(ConnectionOptionsGatewayAuthenticationArgs.builder()
.audience("https://somewhere.com/sms-gateway")
.method("bearer")
.secret("4e2680bb74ec2ae24736476dd37ed6c2")
.secretBase64Encoded(false)
.subject("test.us.auth0.com:sms")
.build())
.gatewayUrl("https://somewhere.com/sms-gateway")
.name("sms")
.provider("sms_gateway")
.syntax("md_with_macros")
.template("@@password@@")
.totp(ConnectionOptionsTotpArgs.builder()
.length(6)
.timeStep(300)
.build())
.build())
.strategy("sms")
.build());
}
}
resources:
sms:
type: auth0:Connection
properties:
isDomainConnection: false
options:
bruteForceProtection: true
disableSignup: false
forwardRequestInfo: true
from: '+15555555555'
gatewayAuthentication:
audience: https://somewhere.com/sms-gateway
method: bearer
secret: 4e2680bb74ec2ae24736476dd37ed6c2
secretBase64Encoded: false
subject: test.us.auth0.com:sms
gatewayUrl: https://somewhere.com/sms-gateway
name: sms
provider: sms_gateway
syntax: md_with_macros
template: '@@password@@'
totp:
length: 6
timeStep: 300
strategy: sms
Email Connection
To be able to see this in the management dashboard as well, the name of the connection must be set to “email”.
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const passwordlessEmail = new auth0.Connection("passwordlessEmail", {
options: {
authParams: {
responseType: "code",
scope: "openid email profile offline_access",
},
bruteForceProtection: true,
disableSignup: false,
from: "{{ application.name }} <root@auth0.com>",
name: "email",
nonPersistentAttrs: [],
setUserRootAttributes: "on_each_login",
subject: "Welcome to {{ application.name }}",
syntax: "liquid",
template: "<html>This is the body of the email</html>",
totp: {
length: 6,
timeStep: 300,
},
},
strategy: "email",
});
import pulumi
import pulumi_auth0 as auth0
passwordless_email = auth0.Connection("passwordlessEmail",
options=auth0.ConnectionOptionsArgs(
auth_params={
"responseType": "code",
"scope": "openid email profile offline_access",
},
brute_force_protection=True,
disable_signup=False,
from_="{{ application.name }} <root@auth0.com>",
name="email",
non_persistent_attrs=[],
set_user_root_attributes="on_each_login",
subject="Welcome to {{ application.name }}",
syntax="liquid",
template="<html>This is the body of the email</html>",
totp=auth0.ConnectionOptionsTotpArgs(
length=6,
time_step=300,
),
),
strategy="email")
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "passwordlessEmail", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
AuthParams: pulumi.StringMap{
"responseType": pulumi.String("code"),
"scope": pulumi.String("openid email profile offline_access"),
},
BruteForceProtection: pulumi.Bool(true),
DisableSignup: pulumi.Bool(false),
From: pulumi.String("{{ application.name }} <root@auth0.com>"),
Name: pulumi.String("email"),
NonPersistentAttrs: pulumi.StringArray{},
SetUserRootAttributes: pulumi.String("on_each_login"),
Subject: pulumi.String("Welcome to {{ application.name }}"),
Syntax: pulumi.String("liquid"),
Template: pulumi.String("<html>This is the body of the email</html>"),
Totp: &auth0.ConnectionOptionsTotpArgs{
Length: pulumi.Int(6),
TimeStep: pulumi.Int(300),
},
},
Strategy: pulumi.String("email"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var passwordlessEmail = new Auth0.Connection("passwordlessEmail", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
AuthParams =
{
{ "responseType", "code" },
{ "scope", "openid email profile offline_access" },
},
BruteForceProtection = true,
DisableSignup = false,
From = "{{ application.name }} <root@auth0.com>",
Name = "email",
NonPersistentAttrs = new() { },
SetUserRootAttributes = "on_each_login",
Subject = "Welcome to {{ application.name }}",
Syntax = "liquid",
Template = "<html>This is the body of the email</html>",
Totp = new Auth0.Inputs.ConnectionOptionsTotpArgs
{
Length = 6,
TimeStep = 300,
},
},
Strategy = "email",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsTotpArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var passwordlessEmail = new Connection("passwordlessEmail", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.authParams(Map.ofEntries(
Map.entry("responseType", "code"),
Map.entry("scope", "openid email profile offline_access")
))
.bruteForceProtection(true)
.disableSignup(false)
.from("{{ application.name }} <root@auth0.com>")
.name("email")
.nonPersistentAttrs()
.setUserRootAttributes("on_each_login")
.subject("Welcome to {{ application.name }}")
.syntax("liquid")
.template("<html>This is the body of the email</html>")
.totp(ConnectionOptionsTotpArgs.builder()
.length(6)
.timeStep(300)
.build())
.build())
.strategy("email")
.build());
}
}
resources:
passwordlessEmail:
type: auth0:Connection
properties:
options:
authParams:
responseType: code
scope: openid email profile offline_access
bruteForceProtection: true
disableSignup: false
from: '{{ application.name }} <root@auth0.com>'
name: email
nonPersistentAttrs: []
setUserRootAttributes: on_each_login
subject: Welcome to {{ application.name }}
syntax: liquid
template: <html>This is the body of the email</html>
totp:
length: 6
timeStep: 300
strategy: email
WindowsLive Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const windowslive = new auth0.Connection("windowslive", {
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
scopes: [
"signin",
"graph_user",
],
setUserRootAttributes: "on_first_login",
strategyVersion: 2,
},
strategy: "windowslive",
});
import pulumi
import pulumi_auth0 as auth0
windowslive = auth0.Connection("windowslive",
options=auth0.ConnectionOptionsArgs(
client_id="<client-id>",
client_secret="<client-secret>",
non_persistent_attrs=[
"ethnicity",
"gender",
],
scopes=[
"signin",
"graph_user",
],
set_user_root_attributes="on_first_login",
strategy_version=2,
),
strategy="windowslive")
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := auth0.NewConnection(ctx, "windowslive", &auth0.ConnectionArgs{
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
Scopes: pulumi.StringArray{
pulumi.String("signin"),
pulumi.String("graph_user"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
StrategyVersion: pulumi.Int(2),
},
Strategy: pulumi.String("windowslive"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var windowslive = new Auth0.Connection("windowslive", new()
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
Scopes = new[]
{
"signin",
"graph_user",
},
SetUserRootAttributes = "on_first_login",
StrategyVersion = 2,
},
Strategy = "windowslive",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var windowslive = new Connection("windowslive", ConnectionArgs.builder()
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.nonPersistentAttrs(
"ethnicity",
"gender")
.scopes(
"signin",
"graph_user")
.setUserRootAttributes("on_first_login")
.strategyVersion(2)
.build())
.strategy("windowslive")
.build());
}
}
resources:
windowslive:
type: auth0:Connection
properties:
options:
clientId: <client-id>
clientSecret: <client-secret>
nonPersistentAttrs:
- ethnicity
- gender
scopes:
- signin
- graph_user
setUserRootAttributes: on_first_login
strategyVersion: 2
strategy: windowslive
Create Connection Resource
new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);
@overload
def Connection(resource_name: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
is_domain_connection: Optional[bool] = None,
metadata: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
options: Optional[ConnectionOptionsArgs] = None,
realms: Optional[Sequence[str]] = None,
show_as_button: Optional[bool] = None,
strategy: Optional[str] = None)
@overload
def Connection(resource_name: str,
args: ConnectionArgs,
opts: Optional[ResourceOptions] = None)
func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)
public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)
public Connection(String name, ConnectionArgs args)
public Connection(String name, ConnectionArgs args, CustomResourceOptions options)
type: auth0:Connection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Connection Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Connection resource accepts the following input properties:
- Strategy string
- Type of the connection, which indicates the identity provider.
- Display
Name string - Name used in login screen.
- Is
Domain boolConnection - Indicates whether the connection is domain level.
- Metadata Dictionary<string, string>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Name string
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- Options
Connection
Options - Configuration settings for connection options.
- Realms List<string>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- Strategy string
- Type of the connection, which indicates the identity provider.
- Display
Name string - Name used in login screen.
- Is
Domain boolConnection - Indicates whether the connection is domain level.
- Metadata map[string]string
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Name string
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- Options
Connection
Options Args - Configuration settings for connection options.
- Realms []string
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- strategy String
- Type of the connection, which indicates the identity provider.
- display
Name String - Name used in login screen.
- is
Domain BooleanConnection - Indicates whether the connection is domain level.
- metadata Map<String,String>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name String
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- options
Connection
Options - Configuration settings for connection options.
- realms List<String>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
- Display connection as a button. Only available on enterprise connections.
- strategy string
- Type of the connection, which indicates the identity provider.
- display
Name string - Name used in login screen.
- is
Domain booleanConnection - Indicates whether the connection is domain level.
- metadata {[key: string]: string}
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name string
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- options
Connection
Options - Configuration settings for connection options.
- realms string[]
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- boolean
- Display connection as a button. Only available on enterprise connections.
- strategy str
- Type of the connection, which indicates the identity provider.
- display_
name str - Name used in login screen.
- is_
domain_ boolconnection - Indicates whether the connection is domain level.
- metadata Mapping[str, str]
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name str
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- options
Connection
Options Args - Configuration settings for connection options.
- realms Sequence[str]
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- strategy String
- Type of the connection, which indicates the identity provider.
- display
Name String - Name used in login screen.
- is
Domain BooleanConnection - Indicates whether the connection is domain level.
- metadata Map<String>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name String
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- options Property Map
- Configuration settings for connection options.
- realms List<String>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
- Display connection as a button. Only available on enterprise connections.
Outputs
All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Connection Resource
Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
is_domain_connection: Optional[bool] = None,
metadata: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
options: Optional[ConnectionOptionsArgs] = None,
realms: Optional[Sequence[str]] = None,
show_as_button: Optional[bool] = None,
strategy: Optional[str] = None) -> Connection
func GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)
public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)
public static Connection get(String name, Output<String> id, ConnectionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Display
Name string - Name used in login screen.
- Is
Domain boolConnection - Indicates whether the connection is domain level.
- Metadata Dictionary<string, string>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Name string
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- Options
Connection
Options - Configuration settings for connection options.
- Realms List<string>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- Strategy string
- Type of the connection, which indicates the identity provider.
- Display
Name string - Name used in login screen.
- Is
Domain boolConnection - Indicates whether the connection is domain level.
- Metadata map[string]string
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Name string
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- Options
Connection
Options Args - Configuration settings for connection options.
- Realms []string
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- Strategy string
- Type of the connection, which indicates the identity provider.
- display
Name String - Name used in login screen.
- is
Domain BooleanConnection - Indicates whether the connection is domain level.
- metadata Map<String,String>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name String
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- options
Connection
Options - Configuration settings for connection options.
- realms List<String>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
- Display connection as a button. Only available on enterprise connections.
- strategy String
- Type of the connection, which indicates the identity provider.
- display
Name string - Name used in login screen.
- is
Domain booleanConnection - Indicates whether the connection is domain level.
- metadata {[key: string]: string}
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name string
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- options
Connection
Options - Configuration settings for connection options.
- realms string[]
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- boolean
- Display connection as a button. Only available on enterprise connections.
- strategy string
- Type of the connection, which indicates the identity provider.
- display_
name str - Name used in login screen.
- is_
domain_ boolconnection - Indicates whether the connection is domain level.
- metadata Mapping[str, str]
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name str
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- options
Connection
Options Args - Configuration settings for connection options.
- realms Sequence[str]
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- strategy str
- Type of the connection, which indicates the identity provider.
- display
Name String - Name used in login screen.
- is
Domain BooleanConnection - Indicates whether the connection is domain level.
- metadata Map<String>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name String
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- options Property Map
- Configuration settings for connection options.
- realms List<String>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
- Display connection as a button. Only available on enterprise connections.
- strategy String
- Type of the connection, which indicates the identity provider.
Supporting Types
ConnectionOptions, ConnectionOptionsArgs
- Adfs
Server string - ADFS URL where to fetch the metadata source.
- Allowed
Audiences List<string> - List of allowed audiences.
- Api
Enable boolUsers - Enable API Access to users.
- App
Id string - App ID.
- Attribute
Map ConnectionOptions Attribute Map - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- Auth
Params Dictionary<string, string> - Query string parameters to be included as part of the generated passwordless email link.
- string
- Authorization endpoint.
- Brute
Force boolProtection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- Client
Id string - The strategy's client ID.
- Client
Secret string - The strategy's client secret.
- Community
Base stringUrl - Salesforce community base URL.
- Configuration Dictionary<string, object>
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script
. - Connection
Settings ConnectionOptions Connection Settings - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- Custom
Scripts Dictionary<string, string> - A map of scripts used to integrate with a custom database.
- Debug bool
- When enabled, additional debug information will be generated.
- Decryption
Key ConnectionOptions Decryption Key - The key used to decrypt encrypted responses from the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - Digest
Algorithm string - Sign Request Algorithm Digest.
- Disable
Cache bool - Indicates whether to disable the cache or not.
- Disable
Self boolService Change Password - Indicates whether to remove the forgot password link within the New Universal Login.
- Disable
Sign boolOut - When enabled, will disable sign out.
- Disable
Signup bool - Indicates whether to allow user sign-ups to your application.
- Discovery
Url string - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration
. - Domain string
- Domain name.
- Domain
Aliases List<string> - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- Enable
Script boolContext - Set to
true
to inject context into custom DB scripts (warning: cannot be disabled once enabled). - Enabled
Database boolCustomization - Set to
true
to use a legacy user store. - Entity
Id string - Custom Entity ID for the connection.
- Fed
Metadata stringXml - Federation Metadata for the ADFS connection.
- Fields
Map string - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- Forward
Request boolInfo - Specifies whether or not request info should be forwarded to sms gateway.
- From string
- Address to use as the sender.
- Gateway
Authentication ConnectionOptions Gateway Authentication - Defines the parameters used to generate the auth token for the custom gateway.
- Gateway
Url string - Defines a custom sms gateway to use instead of Twilio.
- Icon
Url string - Icon URL.
- Identity
Api string - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0
orazure-active-directory-v1.0
. - Idp
Initiated ConnectionOptions Idp Initiated - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
. - Import
Mode bool - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- Ips List<string>
- A list of IPs.
- Issuer string
- Issuer URL, e.g.
https://auth.example.com
. - Jwks
Uri string - JWKS URI.
- Key
Id string - Apple Key ID.
- Map
User boolId To Id - By default Auth0 maps
user_id
toemail
. Enabling this setting changes the behavior to mapuser_id
to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - Max
Groups stringTo Retrieve - Maximum number of groups to retrieve.
- Messaging
Service stringSid - SID for Copilot. Used when SMS Source is Copilot.
- Metadata
Url string - The URL of the SAML metadata document.
- Metadata
Xml string - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- Mfa
Connection
Options Mfa - Configuration options for multifactor authentication.
- Name string
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- Non
Persistent List<string>Attrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- Password
Complexity ConnectionOptions Options Password Complexity Options - Configuration settings for password complexity.
- Password
Dictionary ConnectionOptions Password Dictionary - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- Password
Histories List<ConnectionOptions Password History> - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- Password
No ConnectionPersonal Info Options Password No Personal Info - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name
,username
,nickname
,user_metadata.name
,user_metadata.first
,user_metadata.last
, user'semail
, or first part of the user'semail
. - Password
Policy string - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
. - Ping
Federate stringBase Url - Ping Federate Server URL.
- Pkce
Enabled bool - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- Protocol
Binding string - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- Provider string
- Defines the custom
sms_gateway
provider. - Request
Template string - Template that formats the SAML request.
- Requires
Username bool - Indicates whether the user is required to provide a username in addition to an email address.
- Scopes List<string>
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile
,ext_profile
,ext_nested_groups
, etc. - Scripts Dictionary<string, string>
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfile
script. - Set
User stringRoot Attributes - Determines whether to sync user profile attributes (
name
,given_name
,family_name
,nickname
,picture
) at each login or only on the first login. Options include:on_each_login
,on_first_login
. Default value:on_each_login
. - Should
Trust stringEmail Verified Connection - Choose how Auth0 sets the email_verified field in the user profile.
- Sign
In stringEndpoint - SAML single login URL for the connection.
- Sign
Out stringEndpoint - SAML single logout URL for the connection.
- Sign
Saml boolRequest - When enabled, the SAML authentication request will be signed.
- Signature
Algorithm string - Sign Request Algorithm.
- Signing
Cert string - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- Signing
Key ConnectionOptions Signing Key - The key used to sign requests in the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - Strategy
Version int - Version 1 is deprecated, use version 2.
- Subject string
- Subject line of the email.
- Syntax string
- Syntax of the template body.
- Team
Id string - Apple Team ID.
- Template string
- Body of the template.
- Tenant
Domain string - Tenant domain name.
- Token
Endpoint string - Token endpoint.
- Totp
Connection
Options Totp - Configuration options for one-time passwords.
- Twilio
Sid string - SID for your Twilio account.
- Twilio
Token string - AuthToken for your Twilio account.
- Type string
- Value can be
back_channel
orfront_channel
. Front Channel will use OIDC protocol withresponse_mode=form_post
andresponse_type=id_token
. Back Channel will useresponse_type=code
. - Upstream
Params string - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- Use
Cert boolAuth - Indicates whether to use cert auth or not.
- Use
Kerberos bool - Indicates whether to use Kerberos or not.
- Use
Wsfed bool - Whether to use WS-Fed.
- User
Id stringAttribute - Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- Userinfo
Endpoint string - User info endpoint.
- Validation
Connection
Options Validation - Validation of the minimum and maximum values allowed for a user to have as username.
- Waad
Common boolEndpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- Waad
Protocol string - Protocol to use.
- Adfs
Server string - ADFS URL where to fetch the metadata source.
- Allowed
Audiences []string - List of allowed audiences.
- Api
Enable boolUsers - Enable API Access to users.
- App
Id string - App ID.
- Attribute
Map ConnectionOptions Attribute Map - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- Auth
Params map[string]string - Query string parameters to be included as part of the generated passwordless email link.
- string
- Authorization endpoint.
- Brute
Force boolProtection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- Client
Id string - The strategy's client ID.
- Client
Secret string - The strategy's client secret.
- Community
Base stringUrl - Salesforce community base URL.
- Configuration map[string]interface{}
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script
. - Connection
Settings ConnectionOptions Connection Settings - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- Custom
Scripts map[string]string - A map of scripts used to integrate with a custom database.
- Debug bool
- When enabled, additional debug information will be generated.
- Decryption
Key ConnectionOptions Decryption Key - The key used to decrypt encrypted responses from the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - Digest
Algorithm string - Sign Request Algorithm Digest.
- Disable
Cache bool - Indicates whether to disable the cache or not.
- Disable
Self boolService Change Password - Indicates whether to remove the forgot password link within the New Universal Login.
- Disable
Sign boolOut - When enabled, will disable sign out.
- Disable
Signup bool - Indicates whether to allow user sign-ups to your application.
- Discovery
Url string - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration
. - Domain string
- Domain name.
- Domain
Aliases []string - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- Enable
Script boolContext - Set to
true
to inject context into custom DB scripts (warning: cannot be disabled once enabled). - Enabled
Database boolCustomization - Set to
true
to use a legacy user store. - Entity
Id string - Custom Entity ID for the connection.
- Fed
Metadata stringXml - Federation Metadata for the ADFS connection.
- Fields
Map string - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- Forward
Request boolInfo - Specifies whether or not request info should be forwarded to sms gateway.
- From string
- Address to use as the sender.
- Gateway
Authentication ConnectionOptions Gateway Authentication - Defines the parameters used to generate the auth token for the custom gateway.
- Gateway
Url string - Defines a custom sms gateway to use instead of Twilio.
- Icon
Url string - Icon URL.
- Identity
Api string - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0
orazure-active-directory-v1.0
. - Idp
Initiated ConnectionOptions Idp Initiated - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
. - Import
Mode bool - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- Ips []string
- A list of IPs.
- Issuer string
- Issuer URL, e.g.
https://auth.example.com
. - Jwks
Uri string - JWKS URI.
- Key
Id string - Apple Key ID.
- Map
User boolId To Id - By default Auth0 maps
user_id
toemail
. Enabling this setting changes the behavior to mapuser_id
to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - Max
Groups stringTo Retrieve - Maximum number of groups to retrieve.
- Messaging
Service stringSid - SID for Copilot. Used when SMS Source is Copilot.
- Metadata
Url string - The URL of the SAML metadata document.
- Metadata
Xml string - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- Mfa
Connection
Options Mfa - Configuration options for multifactor authentication.
- Name string
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- Non
Persistent []stringAttrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- Password
Complexity ConnectionOptions Options Password Complexity Options - Configuration settings for password complexity.
- Password
Dictionary ConnectionOptions Password Dictionary - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- Password
Histories []ConnectionOptions Password History - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- Password
No ConnectionPersonal Info Options Password No Personal Info - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name
,username
,nickname
,user_metadata.name
,user_metadata.first
,user_metadata.last
, user'semail
, or first part of the user'semail
. - Password
Policy string - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
. - Ping
Federate stringBase Url - Ping Federate Server URL.
- Pkce
Enabled bool - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- Protocol
Binding string - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- Provider string
- Defines the custom
sms_gateway
provider. - Request
Template string - Template that formats the SAML request.
- Requires
Username bool - Indicates whether the user is required to provide a username in addition to an email address.
- Scopes []string
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile
,ext_profile
,ext_nested_groups
, etc. - Scripts map[string]string
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfile
script. - Set
User stringRoot Attributes - Determines whether to sync user profile attributes (
name
,given_name
,family_name
,nickname
,picture
) at each login or only on the first login. Options include:on_each_login
,on_first_login
. Default value:on_each_login
. - Should
Trust stringEmail Verified Connection - Choose how Auth0 sets the email_verified field in the user profile.
- Sign
In stringEndpoint - SAML single login URL for the connection.
- Sign
Out stringEndpoint - SAML single logout URL for the connection.
- Sign
Saml boolRequest - When enabled, the SAML authentication request will be signed.
- Signature
Algorithm string - Sign Request Algorithm.
- Signing
Cert string - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- Signing
Key ConnectionOptions Signing Key - The key used to sign requests in the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - Strategy
Version int - Version 1 is deprecated, use version 2.
- Subject string
- Subject line of the email.
- Syntax string
- Syntax of the template body.
- Team
Id string - Apple Team ID.
- Template string
- Body of the template.
- Tenant
Domain string - Tenant domain name.
- Token
Endpoint string - Token endpoint.
- Totp
Connection
Options Totp - Configuration options for one-time passwords.
- Twilio
Sid string - SID for your Twilio account.
- Twilio
Token string - AuthToken for your Twilio account.
- Type string
- Value can be
back_channel
orfront_channel
. Front Channel will use OIDC protocol withresponse_mode=form_post
andresponse_type=id_token
. Back Channel will useresponse_type=code
. - Upstream
Params string - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- Use
Cert boolAuth - Indicates whether to use cert auth or not.
- Use
Kerberos bool - Indicates whether to use Kerberos or not.
- Use
Wsfed bool - Whether to use WS-Fed.
- User
Id stringAttribute - Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- Userinfo
Endpoint string - User info endpoint.
- Validation
Connection
Options Validation - Validation of the minimum and maximum values allowed for a user to have as username.
- Waad
Common boolEndpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- Waad
Protocol string - Protocol to use.
- adfs
Server String - ADFS URL where to fetch the metadata source.
- allowed
Audiences List<String> - List of allowed audiences.
- api
Enable BooleanUsers - Enable API Access to users.
- app
Id String - App ID.
- attribute
Map ConnectionOptions Attribute Map - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- auth
Params Map<String,String> - Query string parameters to be included as part of the generated passwordless email link.
- String
- Authorization endpoint.
- brute
Force BooleanProtection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client
Id String - The strategy's client ID.
- client
Secret String - The strategy's client secret.
- community
Base StringUrl - Salesforce community base URL.
- configuration Map<String,Object>
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script
. - connection
Settings ConnectionOptions Connection Settings - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- custom
Scripts Map<String,String> - A map of scripts used to integrate with a custom database.
- debug Boolean
- When enabled, additional debug information will be generated.
- decryption
Key ConnectionOptions Decryption Key - The key used to decrypt encrypted responses from the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - digest
Algorithm String - Sign Request Algorithm Digest.
- disable
Cache Boolean - Indicates whether to disable the cache or not.
- disable
Self BooleanService Change Password - Indicates whether to remove the forgot password link within the New Universal Login.
- disable
Sign BooleanOut - When enabled, will disable sign out.
- disable
Signup Boolean - Indicates whether to allow user sign-ups to your application.
- discovery
Url String - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration
. - domain String
- Domain name.
- domain
Aliases List<String> - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- enable
Script BooleanContext - Set to
true
to inject context into custom DB scripts (warning: cannot be disabled once enabled). - enabled
Database BooleanCustomization - Set to
true
to use a legacy user store. - entity
Id String - Custom Entity ID for the connection.
- fed
Metadata StringXml - Federation Metadata for the ADFS connection.
- fields
Map String - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward
Request BooleanInfo - Specifies whether or not request info should be forwarded to sms gateway.
- from String
- Address to use as the sender.
- gateway
Authentication ConnectionOptions Gateway Authentication - Defines the parameters used to generate the auth token for the custom gateway.
- gateway
Url String - Defines a custom sms gateway to use instead of Twilio.
- icon
Url String - Icon URL.
- identity
Api String - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0
orazure-active-directory-v1.0
. - idp
Initiated ConnectionOptions Idp Initiated - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
. - import
Mode Boolean - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- ips List<String>
- A list of IPs.
- issuer String
- Issuer URL, e.g.
https://auth.example.com
. - jwks
Uri String - JWKS URI.
- key
Id String - Apple Key ID.
- map
User BooleanId To Id - By default Auth0 maps
user_id
toemail
. Enabling this setting changes the behavior to mapuser_id
to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - max
Groups StringTo Retrieve - Maximum number of groups to retrieve.
- messaging
Service StringSid - SID for Copilot. Used when SMS Source is Copilot.
- metadata
Url String - The URL of the SAML metadata document.
- metadata
Xml String - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- mfa
Connection
Options Mfa - Configuration options for multifactor authentication.
- name String
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- non
Persistent List<String>Attrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- password
Complexity ConnectionOptions Options Password Complexity Options - Configuration settings for password complexity.
- password
Dictionary ConnectionOptions Password Dictionary - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- password
Histories List<ConnectionOptions Password History> - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- password
No ConnectionPersonal Info Options Password No Personal Info - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name
,username
,nickname
,user_metadata.name
,user_metadata.first
,user_metadata.last
, user'semail
, or first part of the user'semail
. - password
Policy String - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
. - ping
Federate StringBase Url - Ping Federate Server URL.
- pkce
Enabled Boolean - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- protocol
Binding String - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- provider String
- Defines the custom
sms_gateway
provider. - request
Template String - Template that formats the SAML request.
- requires
Username Boolean - Indicates whether the user is required to provide a username in addition to an email address.
- scopes List<String>
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile
,ext_profile
,ext_nested_groups
, etc. - scripts Map<String,String>
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfile
script. - set
User StringRoot Attributes - Determines whether to sync user profile attributes (
name
,given_name
,family_name
,nickname
,picture
) at each login or only on the first login. Options include:on_each_login
,on_first_login
. Default value:on_each_login
. - should
Trust StringEmail Verified Connection - Choose how Auth0 sets the email_verified field in the user profile.
- sign
In StringEndpoint - SAML single login URL for the connection.
- sign
Out StringEndpoint - SAML single logout URL for the connection.
- sign
Saml BooleanRequest - When enabled, the SAML authentication request will be signed.
- signature
Algorithm String - Sign Request Algorithm.
- signing
Cert String - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- signing
Key ConnectionOptions Signing Key - The key used to sign requests in the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - strategy
Version Integer - Version 1 is deprecated, use version 2.
- subject String
- Subject line of the email.
- syntax String
- Syntax of the template body.
- team
Id String - Apple Team ID.
- template String
- Body of the template.
- tenant
Domain String - Tenant domain name.
- token
Endpoint String - Token endpoint.
- totp
Connection
Options Totp - Configuration options for one-time passwords.
- twilio
Sid String - SID for your Twilio account.
- twilio
Token String - AuthToken for your Twilio account.
- type String
- Value can be
back_channel
orfront_channel
. Front Channel will use OIDC protocol withresponse_mode=form_post
andresponse_type=id_token
. Back Channel will useresponse_type=code
. - upstream
Params String - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- use
Cert BooleanAuth - Indicates whether to use cert auth or not.
- use
Kerberos Boolean - Indicates whether to use Kerberos or not.
- use
Wsfed Boolean - Whether to use WS-Fed.
- user
Id StringAttribute - Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- userinfo
Endpoint String - User info endpoint.
- validation
Connection
Options Validation - Validation of the minimum and maximum values allowed for a user to have as username.
- waad
Common BooleanEndpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad
Protocol String - Protocol to use.
- adfs
Server string - ADFS URL where to fetch the metadata source.
- allowed
Audiences string[] - List of allowed audiences.
- api
Enable booleanUsers - Enable API Access to users.
- app
Id string - App ID.
- attribute
Map ConnectionOptions Attribute Map - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- auth
Params {[key: string]: string} - Query string parameters to be included as part of the generated passwordless email link.
- string
- Authorization endpoint.
- brute
Force booleanProtection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client
Id string - The strategy's client ID.
- client
Secret string - The strategy's client secret.
- community
Base stringUrl - Salesforce community base URL.
- configuration {[key: string]: any}
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script
. - connection
Settings ConnectionOptions Connection Settings - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- custom
Scripts {[key: string]: string} - A map of scripts used to integrate with a custom database.
- debug boolean
- When enabled, additional debug information will be generated.
- decryption
Key ConnectionOptions Decryption Key - The key used to decrypt encrypted responses from the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - digest
Algorithm string - Sign Request Algorithm Digest.
- disable
Cache boolean - Indicates whether to disable the cache or not.
- disable
Self booleanService Change Password - Indicates whether to remove the forgot password link within the New Universal Login.
- disable
Sign booleanOut - When enabled, will disable sign out.
- disable
Signup boolean - Indicates whether to allow user sign-ups to your application.
- discovery
Url string - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration
. - domain string
- Domain name.
- domain
Aliases string[] - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- enable
Script booleanContext - Set to
true
to inject context into custom DB scripts (warning: cannot be disabled once enabled). - enabled
Database booleanCustomization - Set to
true
to use a legacy user store. - entity
Id string - Custom Entity ID for the connection.
- fed
Metadata stringXml - Federation Metadata for the ADFS connection.
- fields
Map string - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward
Request booleanInfo - Specifies whether or not request info should be forwarded to sms gateway.
- from string
- Address to use as the sender.
- gateway
Authentication ConnectionOptions Gateway Authentication - Defines the parameters used to generate the auth token for the custom gateway.
- gateway
Url string - Defines a custom sms gateway to use instead of Twilio.
- icon
Url string - Icon URL.
- identity
Api string - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0
orazure-active-directory-v1.0
. - idp
Initiated ConnectionOptions Idp Initiated - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
. - import
Mode boolean - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- ips string[]
- A list of IPs.
- issuer string
- Issuer URL, e.g.
https://auth.example.com
. - jwks
Uri string - JWKS URI.
- key
Id string - Apple Key ID.
- map
User booleanId To Id - By default Auth0 maps
user_id
toemail
. Enabling this setting changes the behavior to mapuser_id
to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - max
Groups stringTo Retrieve - Maximum number of groups to retrieve.
- messaging
Service stringSid - SID for Copilot. Used when SMS Source is Copilot.
- metadata
Url string - The URL of the SAML metadata document.
- metadata
Xml string - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- mfa
Connection
Options Mfa - Configuration options for multifactor authentication.
- name string
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- non
Persistent string[]Attrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- password
Complexity ConnectionOptions Options Password Complexity Options - Configuration settings for password complexity.
- password
Dictionary ConnectionOptions Password Dictionary - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- password
Histories ConnectionOptions Password History[] - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- password
No ConnectionPersonal Info Options Password No Personal Info - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name
,username
,nickname
,user_metadata.name
,user_metadata.first
,user_metadata.last
, user'semail
, or first part of the user'semail
. - password
Policy string - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
. - ping
Federate stringBase Url - Ping Federate Server URL.
- pkce
Enabled boolean - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- protocol
Binding string - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- provider string
- Defines the custom
sms_gateway
provider. - request
Template string - Template that formats the SAML request.
- requires
Username boolean - Indicates whether the user is required to provide a username in addition to an email address.
- scopes string[]
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile
,ext_profile
,ext_nested_groups
, etc. - scripts {[key: string]: string}
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfile
script. - set
User stringRoot Attributes - Determines whether to sync user profile attributes (
name
,given_name
,family_name
,nickname
,picture
) at each login or only on the first login. Options include:on_each_login
,on_first_login
. Default value:on_each_login
. - should
Trust stringEmail Verified Connection - Choose how Auth0 sets the email_verified field in the user profile.
- sign
In stringEndpoint - SAML single login URL for the connection.
- sign
Out stringEndpoint - SAML single logout URL for the connection.
- sign
Saml booleanRequest - When enabled, the SAML authentication request will be signed.
- signature
Algorithm string - Sign Request Algorithm.
- signing
Cert string - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- signing
Key ConnectionOptions Signing Key - The key used to sign requests in the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - strategy
Version number - Version 1 is deprecated, use version 2.
- subject string
- Subject line of the email.
- syntax string
- Syntax of the template body.
- team
Id string - Apple Team ID.
- template string
- Body of the template.
- tenant
Domain string - Tenant domain name.
- token
Endpoint string - Token endpoint.
- totp
Connection
Options Totp - Configuration options for one-time passwords.
- twilio
Sid string - SID for your Twilio account.
- twilio
Token string - AuthToken for your Twilio account.
- type string
- Value can be
back_channel
orfront_channel
. Front Channel will use OIDC protocol withresponse_mode=form_post
andresponse_type=id_token
. Back Channel will useresponse_type=code
. - upstream
Params string - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- use
Cert booleanAuth - Indicates whether to use cert auth or not.
- use
Kerberos boolean - Indicates whether to use Kerberos or not.
- use
Wsfed boolean - Whether to use WS-Fed.
- user
Id stringAttribute - Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- userinfo
Endpoint string - User info endpoint.
- validation
Connection
Options Validation - Validation of the minimum and maximum values allowed for a user to have as username.
- waad
Common booleanEndpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad
Protocol string - Protocol to use.
- adfs_
server str - ADFS URL where to fetch the metadata source.
- allowed_
audiences Sequence[str] - List of allowed audiences.
- api_
enable_ boolusers - Enable API Access to users.
- app_
id str - App ID.
- attribute_
map ConnectionOptions Attribute Map - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- auth_
params Mapping[str, str] - Query string parameters to be included as part of the generated passwordless email link.
- str
- Authorization endpoint.
- brute_
force_ boolprotection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client_
id str - The strategy's client ID.
- client_
secret str - The strategy's client secret.
- community_
base_ strurl - Salesforce community base URL.
- configuration Mapping[str, Any]
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script
. - connection_
settings ConnectionOptions Connection Settings - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- custom_
scripts Mapping[str, str] - A map of scripts used to integrate with a custom database.
- debug bool
- When enabled, additional debug information will be generated.
- decryption_
key ConnectionOptions Decryption Key - The key used to decrypt encrypted responses from the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - digest_
algorithm str - Sign Request Algorithm Digest.
- disable_
cache bool - Indicates whether to disable the cache or not.
- disable_
self_ boolservice_ change_ password - Indicates whether to remove the forgot password link within the New Universal Login.
- disable_
sign_ boolout - When enabled, will disable sign out.
- disable_
signup bool - Indicates whether to allow user sign-ups to your application.
- discovery_
url str - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration
. - domain str
- Domain name.
- domain_
aliases Sequence[str] - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- enable_
script_ boolcontext - Set to
true
to inject context into custom DB scripts (warning: cannot be disabled once enabled). - enabled_
database_ boolcustomization - Set to
true
to use a legacy user store. - entity_
id str - Custom Entity ID for the connection.
- fed_
metadata_ strxml - Federation Metadata for the ADFS connection.
- fields_
map str - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward_
request_ boolinfo - Specifies whether or not request info should be forwarded to sms gateway.
- from_ str
- Address to use as the sender.
- gateway_
authentication ConnectionOptions Gateway Authentication - Defines the parameters used to generate the auth token for the custom gateway.
- gateway_
url str - Defines a custom sms gateway to use instead of Twilio.
- icon_
url str - Icon URL.
- identity_
api str - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0
orazure-active-directory-v1.0
. - idp_
initiated ConnectionOptions Idp Initiated - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
. - import_
mode bool - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- ips Sequence[str]
- A list of IPs.
- issuer str
- Issuer URL, e.g.
https://auth.example.com
. - jwks_
uri str - JWKS URI.
- key_
id str - Apple Key ID.
- map_
user_ boolid_ to_ id - By default Auth0 maps
user_id
toemail
. Enabling this setting changes the behavior to mapuser_id
to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - max_
groups_ strto_ retrieve - Maximum number of groups to retrieve.
- messaging_
service_ strsid - SID for Copilot. Used when SMS Source is Copilot.
- metadata_
url str - The URL of the SAML metadata document.
- metadata_
xml str - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- mfa
Connection
Options Mfa - Configuration options for multifactor authentication.
- name str
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- non_
persistent_ Sequence[str]attrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- password_
complexity_ Connectionoptions Options Password Complexity Options - Configuration settings for password complexity.
- password_
dictionary ConnectionOptions Password Dictionary - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- password_
histories Sequence[ConnectionOptions Password History] - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- password_
no_ Connectionpersonal_ info Options Password No Personal Info - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name
,username
,nickname
,user_metadata.name
,user_metadata.first
,user_metadata.last
, user'semail
, or first part of the user'semail
. - password_
policy str - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
. - ping_
federate_ strbase_ url - Ping Federate Server URL.
- pkce_
enabled bool - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- protocol_
binding str - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- provider str
- Defines the custom
sms_gateway
provider. - request_
template str - Template that formats the SAML request.
- requires_
username bool - Indicates whether the user is required to provide a username in addition to an email address.
- scopes Sequence[str]
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile
,ext_profile
,ext_nested_groups
, etc. - scripts Mapping[str, str]
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfile
script. - set_
user_ strroot_ attributes - Determines whether to sync user profile attributes (
name
,given_name
,family_name
,nickname
,picture
) at each login or only on the first login. Options include:on_each_login
,on_first_login
. Default value:on_each_login
. - should_
trust_ stremail_ verified_ connection - Choose how Auth0 sets the email_verified field in the user profile.
- sign_
in_ strendpoint - SAML single login URL for the connection.
- sign_
out_ strendpoint - SAML single logout URL for the connection.
- sign_
saml_ boolrequest - When enabled, the SAML authentication request will be signed.
- signature_
algorithm str - Sign Request Algorithm.
- signing_
cert str - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- signing_
key ConnectionOptions Signing Key - The key used to sign requests in the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - strategy_
version int - Version 1 is deprecated, use version 2.
- subject str
- Subject line of the email.
- syntax str
- Syntax of the template body.
- team_
id str - Apple Team ID.
- template str
- Body of the template.
- tenant_
domain str - Tenant domain name.
- token_
endpoint str - Token endpoint.
- totp
Connection
Options Totp - Configuration options for one-time passwords.
- twilio_
sid str - SID for your Twilio account.
- twilio_
token str - AuthToken for your Twilio account.
- type str
- Value can be
back_channel
orfront_channel
. Front Channel will use OIDC protocol withresponse_mode=form_post
andresponse_type=id_token
. Back Channel will useresponse_type=code
. - upstream_
params str - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- use_
cert_ boolauth - Indicates whether to use cert auth or not.
- use_
kerberos bool - Indicates whether to use Kerberos or not.
- use_
wsfed bool - Whether to use WS-Fed.
- user_
id_ strattribute - Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- userinfo_
endpoint str - User info endpoint.
- validation
Connection
Options Validation - Validation of the minimum and maximum values allowed for a user to have as username.
- waad_
common_ boolendpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad_
protocol str - Protocol to use.
- adfs
Server String - ADFS URL where to fetch the metadata source.
- allowed
Audiences List<String> - List of allowed audiences.
- api
Enable BooleanUsers - Enable API Access to users.
- app
Id String - App ID.
- attribute
Map Property Map - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- auth
Params Map<String> - Query string parameters to be included as part of the generated passwordless email link.
- String
- Authorization endpoint.
- brute
Force BooleanProtection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client
Id String - The strategy's client ID.
- client
Secret String - The strategy's client secret.
- community
Base StringUrl - Salesforce community base URL.
- configuration Map<Any>
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script
. - connection
Settings Property Map - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- custom
Scripts Map<String> - A map of scripts used to integrate with a custom database.
- debug Boolean
- When enabled, additional debug information will be generated.
- decryption
Key Property Map - The key used to decrypt encrypted responses from the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - digest
Algorithm String - Sign Request Algorithm Digest.
- disable
Cache Boolean - Indicates whether to disable the cache or not.
- disable
Self BooleanService Change Password - Indicates whether to remove the forgot password link within the New Universal Login.
- disable
Sign BooleanOut - When enabled, will disable sign out.
- disable
Signup Boolean - Indicates whether to allow user sign-ups to your application.
- discovery
Url String - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration
. - domain String
- Domain name.
- domain
Aliases List<String> - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- enable
Script BooleanContext - Set to
true
to inject context into custom DB scripts (warning: cannot be disabled once enabled). - enabled
Database BooleanCustomization - Set to
true
to use a legacy user store. - entity
Id String - Custom Entity ID for the connection.
- fed
Metadata StringXml - Federation Metadata for the ADFS connection.
- fields
Map String - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward
Request BooleanInfo - Specifies whether or not request info should be forwarded to sms gateway.
- from String
- Address to use as the sender.
- gateway
Authentication Property Map - Defines the parameters used to generate the auth token for the custom gateway.
- gateway
Url String - Defines a custom sms gateway to use instead of Twilio.
- icon
Url String - Icon URL.
- identity
Api String - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0
orazure-active-directory-v1.0
. - idp
Initiated Property Map - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
. - import
Mode Boolean - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- ips List<String>
- A list of IPs.
- issuer String
- Issuer URL, e.g.
https://auth.example.com
. - jwks
Uri String - JWKS URI.
- key
Id String - Apple Key ID.
- map
User BooleanId To Id - By default Auth0 maps
user_id
toemail
. Enabling this setting changes the behavior to mapuser_id
to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - max
Groups StringTo Retrieve - Maximum number of groups to retrieve.
- messaging
Service StringSid - SID for Copilot. Used when SMS Source is Copilot.
- metadata
Url String - The URL of the SAML metadata document.
- metadata
Xml String - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- mfa Property Map
- Configuration options for multifactor authentication.
- name String
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- non
Persistent List<String>Attrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- password
Complexity Property MapOptions - Configuration settings for password complexity.
- password
Dictionary Property Map - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- password
Histories List<Property Map> - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- password
No Property MapPersonal Info - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name
,username
,nickname
,user_metadata.name
,user_metadata.first
,user_metadata.last
, user'semail
, or first part of the user'semail
. - password
Policy String - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
. - ping
Federate StringBase Url - Ping Federate Server URL.
- pkce
Enabled Boolean - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- protocol
Binding String - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- provider String
- Defines the custom
sms_gateway
provider. - request
Template String - Template that formats the SAML request.
- requires
Username Boolean - Indicates whether the user is required to provide a username in addition to an email address.
- scopes List<String>
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile
,ext_profile
,ext_nested_groups
, etc. - scripts Map<String>
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfile
script. - set
User StringRoot Attributes - Determines whether to sync user profile attributes (
name
,given_name
,family_name
,nickname
,picture
) at each login or only on the first login. Options include:on_each_login
,on_first_login
. Default value:on_each_login
. - should
Trust StringEmail Verified Connection - Choose how Auth0 sets the email_verified field in the user profile.
- sign
In StringEndpoint - SAML single login URL for the connection.
- sign
Out StringEndpoint - SAML single logout URL for the connection.
- sign
Saml BooleanRequest - When enabled, the SAML authentication request will be signed.
- signature
Algorithm String - Sign Request Algorithm.
- signing
Cert String - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- signing
Key Property Map - The key used to sign requests in the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - strategy
Version Number - Version 1 is deprecated, use version 2.
- subject String
- Subject line of the email.
- syntax String
- Syntax of the template body.
- team
Id String - Apple Team ID.
- template String
- Body of the template.
- tenant
Domain String - Tenant domain name.
- token
Endpoint String - Token endpoint.
- totp Property Map
- Configuration options for one-time passwords.
- twilio
Sid String - SID for your Twilio account.
- twilio
Token String - AuthToken for your Twilio account.
- type String
- Value can be
back_channel
orfront_channel
. Front Channel will use OIDC protocol withresponse_mode=form_post
andresponse_type=id_token
. Back Channel will useresponse_type=code
. - upstream
Params String - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- use
Cert BooleanAuth - Indicates whether to use cert auth or not.
- use
Kerberos Boolean - Indicates whether to use Kerberos or not.
- use
Wsfed Boolean - Whether to use WS-Fed.
- user
Id StringAttribute - Attribute in the SAML token that will be mapped to the user_id property in Auth0.
- userinfo
Endpoint String - User info endpoint.
- validation Property Map
- Validation of the minimum and maximum values allowed for a user to have as username.
- waad
Common BooleanEndpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad
Protocol String - Protocol to use.
ConnectionOptionsAttributeMap, ConnectionOptionsAttributeMapArgs
- Mapping
Mode string - Method used to map incoming claims. Possible values:
use_map
(Okta or OIDC),bind_all
(OIDC) orbasic_profile
(Okta). - Attributes string
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- Userinfo
Scope string - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
- Mapping
Mode string - Method used to map incoming claims. Possible values:
use_map
(Okta or OIDC),bind_all
(OIDC) orbasic_profile
(Okta). - Attributes string
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- Userinfo
Scope string - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
- mapping
Mode String - Method used to map incoming claims. Possible values:
use_map
(Okta or OIDC),bind_all
(OIDC) orbasic_profile
(Okta). - attributes String
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- userinfo
Scope String - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
- mapping
Mode string - Method used to map incoming claims. Possible values:
use_map
(Okta or OIDC),bind_all
(OIDC) orbasic_profile
(Okta). - attributes string
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- userinfo
Scope string - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
- mapping_
mode str - Method used to map incoming claims. Possible values:
use_map
(Okta or OIDC),bind_all
(OIDC) orbasic_profile
(Okta). - attributes str
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- userinfo_
scope str - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
- mapping
Mode String - Method used to map incoming claims. Possible values:
use_map
(Okta or OIDC),bind_all
(OIDC) orbasic_profile
(Okta). - attributes String
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- userinfo
Scope String - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
ConnectionOptionsConnectionSettings, ConnectionOptionsConnectionSettingsArgs
- Pkce string
- PKCE configuration. Possible values:
auto
(uses the strongest algorithm available),S256
(uses the SHA-256 algorithm),plain
(uses plaintext as described in the PKCE specification) ordisabled
(disables support for PKCE).
- Pkce string
- PKCE configuration. Possible values:
auto
(uses the strongest algorithm available),S256
(uses the SHA-256 algorithm),plain
(uses plaintext as described in the PKCE specification) ordisabled
(disables support for PKCE).
- pkce String
- PKCE configuration. Possible values:
auto
(uses the strongest algorithm available),S256
(uses the SHA-256 algorithm),plain
(uses plaintext as described in the PKCE specification) ordisabled
(disables support for PKCE).
- pkce string
- PKCE configuration. Possible values:
auto
(uses the strongest algorithm available),S256
(uses the SHA-256 algorithm),plain
(uses plaintext as described in the PKCE specification) ordisabled
(disables support for PKCE).
- pkce str
- PKCE configuration. Possible values:
auto
(uses the strongest algorithm available),S256
(uses the SHA-256 algorithm),plain
(uses plaintext as described in the PKCE specification) ordisabled
(disables support for PKCE).
- pkce String
- PKCE configuration. Possible values:
auto
(uses the strongest algorithm available),S256
(uses the SHA-256 algorithm),plain
(uses plaintext as described in the PKCE specification) ordisabled
(disables support for PKCE).
ConnectionOptionsDecryptionKey, ConnectionOptionsDecryptionKeyArgs
ConnectionOptionsGatewayAuthentication, ConnectionOptionsGatewayAuthenticationArgs
- Audience string
- Audience claim for the HS256 token sent to
gateway_url
. - Method string
- Authentication method (default is
bearer
token). - Secret string
- Secret used to sign the HS256 token sent to
gateway_url
. - Secret
Base64Encoded bool - Specifies whether or not the secret is Base64-encoded.
- Subject string
- Subject claim for the HS256 token sent to
gateway_url
.
- Audience string
- Audience claim for the HS256 token sent to
gateway_url
. - Method string
- Authentication method (default is
bearer
token). - Secret string
- Secret used to sign the HS256 token sent to
gateway_url
. - Secret
Base64Encoded bool - Specifies whether or not the secret is Base64-encoded.
- Subject string
- Subject claim for the HS256 token sent to
gateway_url
.
- audience String
- Audience claim for the HS256 token sent to
gateway_url
. - method String
- Authentication method (default is
bearer
token). - secret String
- Secret used to sign the HS256 token sent to
gateway_url
. - secret
Base64Encoded Boolean - Specifies whether or not the secret is Base64-encoded.
- subject String
- Subject claim for the HS256 token sent to
gateway_url
.
- audience string
- Audience claim for the HS256 token sent to
gateway_url
. - method string
- Authentication method (default is
bearer
token). - secret string
- Secret used to sign the HS256 token sent to
gateway_url
. - secret
Base64Encoded boolean - Specifies whether or not the secret is Base64-encoded.
- subject string
- Subject claim for the HS256 token sent to
gateway_url
.
- audience str
- Audience claim for the HS256 token sent to
gateway_url
. - method str
- Authentication method (default is
bearer
token). - secret str
- Secret used to sign the HS256 token sent to
gateway_url
. - secret_
base64_ boolencoded - Specifies whether or not the secret is Base64-encoded.
- subject str
- Subject claim for the HS256 token sent to
gateway_url
.
- audience String
- Audience claim for the HS256 token sent to
gateway_url
. - method String
- Authentication method (default is
bearer
token). - secret String
- Secret used to sign the HS256 token sent to
gateway_url
. - secret
Base64Encoded Boolean - Specifies whether or not the secret is Base64-encoded.
- subject String
- Subject claim for the HS256 token sent to
gateway_url
.
ConnectionOptionsIdpInitiated, ConnectionOptionsIdpInitiatedArgs
- string
- Client
Id string - The strategy's client ID.
- Client
Protocol string
- string
- Client
Id string - The strategy's client ID.
- Client
Protocol string
- String
- client
Id String - The strategy's client ID.
- client
Protocol String
- string
- client
Id string - The strategy's client ID.
- client
Protocol string
- str
- client_
id str - The strategy's client ID.
- client_
protocol str
- String
- client
Id String - The strategy's client ID.
- client
Protocol String
ConnectionOptionsMfa, ConnectionOptionsMfaArgs
- Active bool
- Indicates whether multifactor authentication is enabled for this connection.
- Return
Enroll boolSettings - Indicates whether multifactor authentication enrollment settings will be returned.
- Active bool
- Indicates whether multifactor authentication is enabled for this connection.
- Return
Enroll boolSettings - Indicates whether multifactor authentication enrollment settings will be returned.
- active Boolean
- Indicates whether multifactor authentication is enabled for this connection.
- return
Enroll BooleanSettings - Indicates whether multifactor authentication enrollment settings will be returned.
- active boolean
- Indicates whether multifactor authentication is enabled for this connection.
- return
Enroll booleanSettings - Indicates whether multifactor authentication enrollment settings will be returned.
- active bool
- Indicates whether multifactor authentication is enabled for this connection.
- return_
enroll_ boolsettings - Indicates whether multifactor authentication enrollment settings will be returned.
- active Boolean
- Indicates whether multifactor authentication is enabled for this connection.
- return
Enroll BooleanSettings - Indicates whether multifactor authentication enrollment settings will be returned.
ConnectionOptionsPasswordComplexityOptions, ConnectionOptionsPasswordComplexityOptionsArgs
- Min
Length int - Minimum number of characters allowed in passwords.
- Min
Length int - Minimum number of characters allowed in passwords.
- min
Length Integer - Minimum number of characters allowed in passwords.
- min
Length number - Minimum number of characters allowed in passwords.
- min_
length int - Minimum number of characters allowed in passwords.
- min
Length Number - Minimum number of characters allowed in passwords.
ConnectionOptionsPasswordDictionary, ConnectionOptionsPasswordDictionaryArgs
- Dictionaries List<string>
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- Enable bool
- Indicates whether the password dictionary check is enabled for this connection.
- Dictionaries []string
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- Enable bool
- Indicates whether the password dictionary check is enabled for this connection.
- dictionaries List<String>
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- enable Boolean
- Indicates whether the password dictionary check is enabled for this connection.
- dictionaries string[]
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- enable boolean
- Indicates whether the password dictionary check is enabled for this connection.
- dictionaries Sequence[str]
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- enable bool
- Indicates whether the password dictionary check is enabled for this connection.
- dictionaries List<String>
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- enable Boolean
- Indicates whether the password dictionary check is enabled for this connection.
ConnectionOptionsPasswordHistory, ConnectionOptionsPasswordHistoryArgs
ConnectionOptionsPasswordNoPersonalInfo, ConnectionOptionsPasswordNoPersonalInfoArgs
- Enable bool
- Indicates whether the password dictionary check is enabled for this connection.
- Enable bool
- Indicates whether the password dictionary check is enabled for this connection.
- enable Boolean
- Indicates whether the password dictionary check is enabled for this connection.
- enable boolean
- Indicates whether the password dictionary check is enabled for this connection.
- enable bool
- Indicates whether the password dictionary check is enabled for this connection.
- enable Boolean
- Indicates whether the password dictionary check is enabled for this connection.
ConnectionOptionsSigningKey, ConnectionOptionsSigningKeyArgs
ConnectionOptionsTotp, ConnectionOptionsTotpArgs
ConnectionOptionsValidation, ConnectionOptionsValidationArgs
- Username
Connection
Options Validation Username - Specifies the
min
andmax
values of username length.
- Username
Connection
Options Validation Username - Specifies the
min
andmax
values of username length.
- username
Connection
Options Validation Username - Specifies the
min
andmax
values of username length.
- username
Connection
Options Validation Username - Specifies the
min
andmax
values of username length.
- username
Connection
Options Validation Username - Specifies the
min
andmax
values of username length.
- username Property Map
- Specifies the
min
andmax
values of username length.
ConnectionOptionsValidationUsername, ConnectionOptionsValidationUsernameArgs
Import
This resource can be imported by specifying the connection ID.
Example:
$ pulumi import auth0:index/connection:Connection google "con_a17f21fdb24d48a0"
Package Details
- Repository
- Auth0 pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
auth0
Terraform Provider.