1. Packages
  2. Auth0 Provider
  3. API Docs
  4. Connection
Auth0 v3.10.1 published on Friday, Dec 13, 2024 by Pulumi

auth0.Connection

Explore with Pulumi AI

auth0 logo
Auth0 v3.10.1 published on Friday, Dec 13, 2024 by Pulumi

    With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers (such as Google or LinkedIn), databases, or passwordless authentication methods. This resource allows you to configure and manage connections to be used with your clients and users.

    The Auth0 dashboard displays only one connection per social provider. Although the Auth0 Management API allows the creation of multiple connections per strategy, the additional connections may not be visible in the Auth0 dashboard.

    Example Usage

    Auth0 Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    // This is an example of an Auth0 connection.
    const myConnection = new auth0.Connection("my_connection", {
        name: "Example-Connection",
        isDomainConnection: true,
        strategy: "auth0",
        metadata: {
            key1: "foo",
            key2: "bar",
        },
        options: {
            passwordPolicy: "excellent",
            bruteForceProtection: true,
            strategyVersion: 2,
            enabledDatabaseCustomization: true,
            importMode: false,
            requiresUsername: true,
            disableSignup: false,
            customScripts: {
                get_user: `        function getByEmail(email, callback) {
              return callback(new Error("Whoops!"));
            }
    `,
            },
            configuration: {
                foo: "bar",
                bar: "baz",
            },
            upstreamParams: JSON.stringify({
                screen_name: {
                    alias: "login_hint",
                },
            }),
            passwordHistories: [{
                enable: true,
                size: 3,
            }],
            passwordNoPersonalInfo: {
                enable: true,
            },
            passwordDictionary: {
                enable: true,
                dictionaries: [
                    "password",
                    "admin",
                    "1234",
                ],
            },
            passwordComplexityOptions: {
                minLength: 12,
            },
            validation: {
                username: {
                    min: 10,
                    max: 40,
                },
            },
            mfa: {
                active: true,
                returnEnrollSettings: true,
            },
        },
    });
    
    import pulumi
    import json
    import pulumi_auth0 as auth0
    
    # This is an example of an Auth0 connection.
    my_connection = auth0.Connection("my_connection",
        name="Example-Connection",
        is_domain_connection=True,
        strategy="auth0",
        metadata={
            "key1": "foo",
            "key2": "bar",
        },
        options={
            "password_policy": "excellent",
            "brute_force_protection": True,
            "strategy_version": 2,
            "enabled_database_customization": True,
            "import_mode": False,
            "requires_username": True,
            "disable_signup": False,
            "custom_scripts": {
                "get_user": """        function getByEmail(email, callback) {
              return callback(new Error("Whoops!"));
            }
    """,
            },
            "configuration": {
                "foo": "bar",
                "bar": "baz",
            },
            "upstream_params": json.dumps({
                "screen_name": {
                    "alias": "login_hint",
                },
            }),
            "password_histories": [{
                "enable": True,
                "size": 3,
            }],
            "password_no_personal_info": {
                "enable": True,
            },
            "password_dictionary": {
                "enable": True,
                "dictionaries": [
                    "password",
                    "admin",
                    "1234",
                ],
            },
            "password_complexity_options": {
                "min_length": 12,
            },
            "validation": {
                "username": {
                    "min": 10,
                    "max": 40,
                },
            },
            "mfa": {
                "active": True,
                "return_enroll_settings": True,
            },
        })
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"screen_name": map[string]interface{}{
    				"alias": "login_hint",
    			},
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		// This is an example of an Auth0 connection.
    		_, err = auth0.NewConnection(ctx, "my_connection", &auth0.ConnectionArgs{
    			Name:               pulumi.String("Example-Connection"),
    			IsDomainConnection: pulumi.Bool(true),
    			Strategy:           pulumi.String("auth0"),
    			Metadata: pulumi.StringMap{
    				"key1": pulumi.String("foo"),
    				"key2": pulumi.String("bar"),
    			},
    			Options: &auth0.ConnectionOptionsArgs{
    				PasswordPolicy:               pulumi.String("excellent"),
    				BruteForceProtection:         pulumi.Bool(true),
    				StrategyVersion:              pulumi.Int(2),
    				EnabledDatabaseCustomization: pulumi.Bool(true),
    				ImportMode:                   pulumi.Bool(false),
    				RequiresUsername:             pulumi.Bool(true),
    				DisableSignup:                pulumi.Bool(false),
    				CustomScripts: pulumi.StringMap{
    					"get_user": pulumi.String("        function getByEmail(email, callback) {\n          return callback(new Error(\"Whoops!\"));\n        }\n"),
    				},
    				Configuration: pulumi.StringMap{
    					"foo": pulumi.String("bar"),
    					"bar": pulumi.String("baz"),
    				},
    				UpstreamParams: pulumi.String(json0),
    				PasswordHistories: auth0.ConnectionOptionsPasswordHistoryArray{
    					&auth0.ConnectionOptionsPasswordHistoryArgs{
    						Enable: pulumi.Bool(true),
    						Size:   pulumi.Int(3),
    					},
    				},
    				PasswordNoPersonalInfo: &auth0.ConnectionOptionsPasswordNoPersonalInfoArgs{
    					Enable: pulumi.Bool(true),
    				},
    				PasswordDictionary: &auth0.ConnectionOptionsPasswordDictionaryArgs{
    					Enable: pulumi.Bool(true),
    					Dictionaries: pulumi.StringArray{
    						pulumi.String("password"),
    						pulumi.String("admin"),
    						pulumi.String("1234"),
    					},
    				},
    				PasswordComplexityOptions: &auth0.ConnectionOptionsPasswordComplexityOptionsArgs{
    					MinLength: pulumi.Int(12),
    				},
    				Validation: &auth0.ConnectionOptionsValidationArgs{
    					Username: &auth0.ConnectionOptionsValidationUsernameArgs{
    						Min: pulumi.Int(10),
    						Max: pulumi.Int(40),
    					},
    				},
    				Mfa: &auth0.ConnectionOptionsMfaArgs{
    					Active:               pulumi.Bool(true),
    					ReturnEnrollSettings: pulumi.Bool(true),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        // This is an example of an Auth0 connection.
        var myConnection = new Auth0.Connection("my_connection", new()
        {
            Name = "Example-Connection",
            IsDomainConnection = true,
            Strategy = "auth0",
            Metadata = 
            {
                { "key1", "foo" },
                { "key2", "bar" },
            },
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                PasswordPolicy = "excellent",
                BruteForceProtection = true,
                StrategyVersion = 2,
                EnabledDatabaseCustomization = true,
                ImportMode = false,
                RequiresUsername = true,
                DisableSignup = false,
                CustomScripts = 
                {
                    { "get_user", @"        function getByEmail(email, callback) {
              return callback(new Error(""Whoops!""));
            }
    " },
                },
                Configuration = 
                {
                    { "foo", "bar" },
                    { "bar", "baz" },
                },
                UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
                {
                    ["screen_name"] = new Dictionary<string, object?>
                    {
                        ["alias"] = "login_hint",
                    },
                }),
                PasswordHistories = new[]
                {
                    new Auth0.Inputs.ConnectionOptionsPasswordHistoryArgs
                    {
                        Enable = true,
                        Size = 3,
                    },
                },
                PasswordNoPersonalInfo = new Auth0.Inputs.ConnectionOptionsPasswordNoPersonalInfoArgs
                {
                    Enable = true,
                },
                PasswordDictionary = new Auth0.Inputs.ConnectionOptionsPasswordDictionaryArgs
                {
                    Enable = true,
                    Dictionaries = new[]
                    {
                        "password",
                        "admin",
                        "1234",
                    },
                },
                PasswordComplexityOptions = new Auth0.Inputs.ConnectionOptionsPasswordComplexityOptionsArgs
                {
                    MinLength = 12,
                },
                Validation = new Auth0.Inputs.ConnectionOptionsValidationArgs
                {
                    Username = new Auth0.Inputs.ConnectionOptionsValidationUsernameArgs
                    {
                        Min = 10,
                        Max = 40,
                    },
                },
                Mfa = new Auth0.Inputs.ConnectionOptionsMfaArgs
                {
                    Active = true,
                    ReturnEnrollSettings = true,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsPasswordNoPersonalInfoArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsPasswordDictionaryArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsPasswordComplexityOptionsArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsValidationArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsValidationUsernameArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsMfaArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // This is an example of an Auth0 connection.
            var myConnection = new Connection("myConnection", ConnectionArgs.builder()
                .name("Example-Connection")
                .isDomainConnection(true)
                .strategy("auth0")
                .metadata(Map.ofEntries(
                    Map.entry("key1", "foo"),
                    Map.entry("key2", "bar")
                ))
                .options(ConnectionOptionsArgs.builder()
                    .passwordPolicy("excellent")
                    .bruteForceProtection(true)
                    .strategyVersion(2)
                    .enabledDatabaseCustomization(true)
                    .importMode(false)
                    .requiresUsername(true)
                    .disableSignup(false)
                    .customScripts(Map.of("get_user", """
            function getByEmail(email, callback) {
              return callback(new Error("Whoops!"));
            }
                    """))
                    .configuration(Map.ofEntries(
                        Map.entry("foo", "bar"),
                        Map.entry("bar", "baz")
                    ))
                    .upstreamParams(serializeJson(
                        jsonObject(
                            jsonProperty("screen_name", jsonObject(
                                jsonProperty("alias", "login_hint")
                            ))
                        )))
                    .passwordHistories(ConnectionOptionsPasswordHistoryArgs.builder()
                        .enable(true)
                        .size(3)
                        .build())
                    .passwordNoPersonalInfo(ConnectionOptionsPasswordNoPersonalInfoArgs.builder()
                        .enable(true)
                        .build())
                    .passwordDictionary(ConnectionOptionsPasswordDictionaryArgs.builder()
                        .enable(true)
                        .dictionaries(                    
                            "password",
                            "admin",
                            "1234")
                        .build())
                    .passwordComplexityOptions(ConnectionOptionsPasswordComplexityOptionsArgs.builder()
                        .minLength(12)
                        .build())
                    .validation(ConnectionOptionsValidationArgs.builder()
                        .username(ConnectionOptionsValidationUsernameArgs.builder()
                            .min(10)
                            .max(40)
                            .build())
                        .build())
                    .mfa(ConnectionOptionsMfaArgs.builder()
                        .active(true)
                        .returnEnrollSettings(true)
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      # This is an example of an Auth0 connection.
      myConnection:
        type: auth0:Connection
        name: my_connection
        properties:
          name: Example-Connection
          isDomainConnection: true
          strategy: auth0
          metadata:
            key1: foo
            key2: bar
          options:
            passwordPolicy: excellent
            bruteForceProtection: true
            strategyVersion: 2
            enabledDatabaseCustomization: true
            importMode: false
            requiresUsername: true
            disableSignup: false
            customScripts:
              get_user: |2
                        function getByEmail(email, callback) {
                          return callback(new Error("Whoops!"));
                        }
            configuration:
              foo: bar
              bar: baz
            upstreamParams:
              fn::toJSON:
                screen_name:
                  alias: login_hint
            passwordHistories:
              - enable: true
                size: 3
            passwordNoPersonalInfo:
              enable: true
            passwordDictionary:
              enable: true
              dictionaries:
                - password
                - admin
                - '1234'
            passwordComplexityOptions:
              minLength: 12
            validation:
              username:
                min: 10
                max: 40
            mfa:
              active: true
              returnEnrollSettings: true
    

    Google OAuth2 Connection

    Your Auth0 account may be pre-configured with a google-oauth2 connection.

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    // This is an example of a Google OAuth2 connection.
    const googleOauth2 = new auth0.Connection("google_oauth2", {
        name: "Google-OAuth2-Connection",
        strategy: "google-oauth2",
        options: {
            clientId: "<client-id>",
            clientSecret: "<client-secret>",
            allowedAudiences: [
                "example.com",
                "api.example.com",
            ],
            scopes: [
                "email",
                "profile",
                "gmail",
                "youtube",
            ],
            setUserRootAttributes: "on_each_login",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
        },
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    # This is an example of a Google OAuth2 connection.
    google_oauth2 = auth0.Connection("google_oauth2",
        name="Google-OAuth2-Connection",
        strategy="google-oauth2",
        options={
            "client_id": "<client-id>",
            "client_secret": "<client-secret>",
            "allowed_audiences": [
                "example.com",
                "api.example.com",
            ],
            "scopes": [
                "email",
                "profile",
                "gmail",
                "youtube",
            ],
            "set_user_root_attributes": "on_each_login",
            "non_persistent_attrs": [
                "ethnicity",
                "gender",
            ],
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// This is an example of a Google OAuth2 connection.
    		_, err := auth0.NewConnection(ctx, "google_oauth2", &auth0.ConnectionArgs{
    			Name:     pulumi.String("Google-OAuth2-Connection"),
    			Strategy: pulumi.String("google-oauth2"),
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:     pulumi.String("<client-id>"),
    				ClientSecret: pulumi.String("<client-secret>"),
    				AllowedAudiences: pulumi.StringArray{
    					pulumi.String("example.com"),
    					pulumi.String("api.example.com"),
    				},
    				Scopes: pulumi.StringArray{
    					pulumi.String("email"),
    					pulumi.String("profile"),
    					pulumi.String("gmail"),
    					pulumi.String("youtube"),
    				},
    				SetUserRootAttributes: pulumi.String("on_each_login"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        // This is an example of a Google OAuth2 connection.
        var googleOauth2 = new Auth0.Connection("google_oauth2", new()
        {
            Name = "Google-OAuth2-Connection",
            Strategy = "google-oauth2",
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "<client-id>",
                ClientSecret = "<client-secret>",
                AllowedAudiences = new[]
                {
                    "example.com",
                    "api.example.com",
                },
                Scopes = new[]
                {
                    "email",
                    "profile",
                    "gmail",
                    "youtube",
                },
                SetUserRootAttributes = "on_each_login",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // This is an example of a Google OAuth2 connection.
            var googleOauth2 = new Connection("googleOauth2", ConnectionArgs.builder()
                .name("Google-OAuth2-Connection")
                .strategy("google-oauth2")
                .options(ConnectionOptionsArgs.builder()
                    .clientId("<client-id>")
                    .clientSecret("<client-secret>")
                    .allowedAudiences(                
                        "example.com",
                        "api.example.com")
                    .scopes(                
                        "email",
                        "profile",
                        "gmail",
                        "youtube")
                    .setUserRootAttributes("on_each_login")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .build())
                .build());
    
        }
    }
    
    resources:
      # This is an example of a Google OAuth2 connection.
      googleOauth2:
        type: auth0:Connection
        name: google_oauth2
        properties:
          name: Google-OAuth2-Connection
          strategy: google-oauth2
          options:
            clientId: <client-id>
            clientSecret: <client-secret>
            allowedAudiences:
              - example.com
              - api.example.com
            scopes:
              - email
              - profile
              - gmail
              - youtube
            setUserRootAttributes: on_each_login
            nonPersistentAttrs:
              - ethnicity
              - gender
    

    Google Apps

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    const googleApps = new auth0.Connection("google_apps", {
        name: "connection-google-apps",
        isDomainConnection: false,
        strategy: "google-apps",
        showAsButton: false,
        options: {
            clientId: "",
            clientSecret: "",
            domain: "example.com",
            tenantDomain: "example.com",
            domainAliases: [
                "example.com",
                "api.example.com",
            ],
            apiEnableUsers: true,
            scopes: [
                "ext_profile",
                "ext_groups",
            ],
            iconUrl: "https://example.com/assets/logo.png",
            upstreamParams: JSON.stringify({
                screen_name: {
                    alias: "login_hint",
                },
            }),
            setUserRootAttributes: "on_each_login",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
        },
    });
    
    import pulumi
    import json
    import pulumi_auth0 as auth0
    
    google_apps = auth0.Connection("google_apps",
        name="connection-google-apps",
        is_domain_connection=False,
        strategy="google-apps",
        show_as_button=False,
        options={
            "client_id": "",
            "client_secret": "",
            "domain": "example.com",
            "tenant_domain": "example.com",
            "domain_aliases": [
                "example.com",
                "api.example.com",
            ],
            "api_enable_users": True,
            "scopes": [
                "ext_profile",
                "ext_groups",
            ],
            "icon_url": "https://example.com/assets/logo.png",
            "upstream_params": json.dumps({
                "screen_name": {
                    "alias": "login_hint",
                },
            }),
            "set_user_root_attributes": "on_each_login",
            "non_persistent_attrs": [
                "ethnicity",
                "gender",
            ],
        })
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"screen_name": map[string]interface{}{
    				"alias": "login_hint",
    			},
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		_, err = auth0.NewConnection(ctx, "google_apps", &auth0.ConnectionArgs{
    			Name:               pulumi.String("connection-google-apps"),
    			IsDomainConnection: pulumi.Bool(false),
    			Strategy:           pulumi.String("google-apps"),
    			ShowAsButton:       pulumi.Bool(false),
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:     pulumi.String(""),
    				ClientSecret: pulumi.String(""),
    				Domain:       pulumi.String("example.com"),
    				TenantDomain: pulumi.String("example.com"),
    				DomainAliases: pulumi.StringArray{
    					pulumi.String("example.com"),
    					pulumi.String("api.example.com"),
    				},
    				ApiEnableUsers: pulumi.Bool(true),
    				Scopes: pulumi.StringArray{
    					pulumi.String("ext_profile"),
    					pulumi.String("ext_groups"),
    				},
    				IconUrl:               pulumi.String("https://example.com/assets/logo.png"),
    				UpstreamParams:        pulumi.String(json0),
    				SetUserRootAttributes: pulumi.String("on_each_login"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        var googleApps = new Auth0.Connection("google_apps", new()
        {
            Name = "connection-google-apps",
            IsDomainConnection = false,
            Strategy = "google-apps",
            ShowAsButton = false,
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "",
                ClientSecret = "",
                Domain = "example.com",
                TenantDomain = "example.com",
                DomainAliases = new[]
                {
                    "example.com",
                    "api.example.com",
                },
                ApiEnableUsers = true,
                Scopes = new[]
                {
                    "ext_profile",
                    "ext_groups",
                },
                IconUrl = "https://example.com/assets/logo.png",
                UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
                {
                    ["screen_name"] = new Dictionary<string, object?>
                    {
                        ["alias"] = "login_hint",
                    },
                }),
                SetUserRootAttributes = "on_each_login",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var googleApps = new Connection("googleApps", ConnectionArgs.builder()
                .name("connection-google-apps")
                .isDomainConnection(false)
                .strategy("google-apps")
                .showAsButton(false)
                .options(ConnectionOptionsArgs.builder()
                    .clientId("")
                    .clientSecret("")
                    .domain("example.com")
                    .tenantDomain("example.com")
                    .domainAliases(                
                        "example.com",
                        "api.example.com")
                    .apiEnableUsers(true)
                    .scopes(                
                        "ext_profile",
                        "ext_groups")
                    .iconUrl("https://example.com/assets/logo.png")
                    .upstreamParams(serializeJson(
                        jsonObject(
                            jsonProperty("screen_name", jsonObject(
                                jsonProperty("alias", "login_hint")
                            ))
                        )))
                    .setUserRootAttributes("on_each_login")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .build())
                .build());
    
        }
    }
    
    resources:
      googleApps:
        type: auth0:Connection
        name: google_apps
        properties:
          name: connection-google-apps
          isDomainConnection: false
          strategy: google-apps
          showAsButton: false
          options:
            clientId: ""
            clientSecret: ""
            domain: example.com
            tenantDomain: example.com
            domainAliases:
              - example.com
              - api.example.com
            apiEnableUsers: true
            scopes:
              - ext_profile
              - ext_groups
            iconUrl: https://example.com/assets/logo.png
            upstreamParams:
              fn::toJSON:
                screen_name:
                  alias: login_hint
            setUserRootAttributes: on_each_login
            nonPersistentAttrs:
              - ethnicity
              - gender
    

    Facebook Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    // This is an example of a Facebook connection.
    const facebook = new auth0.Connection("facebook", {
        name: "Facebook-Connection",
        strategy: "facebook",
        options: {
            clientId: "<client-id>",
            clientSecret: "<client-secret>",
            scopes: [
                "public_profile",
                "email",
                "groups_access_member_info",
                "user_birthday",
            ],
            setUserRootAttributes: "on_each_login",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
        },
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    # This is an example of a Facebook connection.
    facebook = auth0.Connection("facebook",
        name="Facebook-Connection",
        strategy="facebook",
        options={
            "client_id": "<client-id>",
            "client_secret": "<client-secret>",
            "scopes": [
                "public_profile",
                "email",
                "groups_access_member_info",
                "user_birthday",
            ],
            "set_user_root_attributes": "on_each_login",
            "non_persistent_attrs": [
                "ethnicity",
                "gender",
            ],
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// This is an example of a Facebook connection.
    		_, err := auth0.NewConnection(ctx, "facebook", &auth0.ConnectionArgs{
    			Name:     pulumi.String("Facebook-Connection"),
    			Strategy: pulumi.String("facebook"),
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:     pulumi.String("<client-id>"),
    				ClientSecret: pulumi.String("<client-secret>"),
    				Scopes: pulumi.StringArray{
    					pulumi.String("public_profile"),
    					pulumi.String("email"),
    					pulumi.String("groups_access_member_info"),
    					pulumi.String("user_birthday"),
    				},
    				SetUserRootAttributes: pulumi.String("on_each_login"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        // This is an example of a Facebook connection.
        var facebook = new Auth0.Connection("facebook", new()
        {
            Name = "Facebook-Connection",
            Strategy = "facebook",
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "<client-id>",
                ClientSecret = "<client-secret>",
                Scopes = new[]
                {
                    "public_profile",
                    "email",
                    "groups_access_member_info",
                    "user_birthday",
                },
                SetUserRootAttributes = "on_each_login",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // This is an example of a Facebook connection.
            var facebook = new Connection("facebook", ConnectionArgs.builder()
                .name("Facebook-Connection")
                .strategy("facebook")
                .options(ConnectionOptionsArgs.builder()
                    .clientId("<client-id>")
                    .clientSecret("<client-secret>")
                    .scopes(                
                        "public_profile",
                        "email",
                        "groups_access_member_info",
                        "user_birthday")
                    .setUserRootAttributes("on_each_login")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .build())
                .build());
    
        }
    }
    
    resources:
      # This is an example of a Facebook connection.
      facebook:
        type: auth0:Connection
        properties:
          name: Facebook-Connection
          strategy: facebook
          options:
            clientId: <client-id>
            clientSecret: <client-secret>
            scopes:
              - public_profile
              - email
              - groups_access_member_info
              - user_birthday
            setUserRootAttributes: on_each_login
            nonPersistentAttrs:
              - ethnicity
              - gender
    

    Apple Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    // This is an example of an Apple connection.
    const apple = new auth0.Connection("apple", {
        name: "Apple-Connection",
        strategy: "apple",
        options: {
            clientId: "<client-id>",
            clientSecret: `-----BEGIN PRIVATE KEY-----
    MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
    -----END PRIVATE KEY-----`,
            teamId: "<team-id>",
            keyId: "<key-id>",
            scopes: [
                "email",
                "name",
            ],
            setUserRootAttributes: "on_first_login",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
        },
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    # This is an example of an Apple connection.
    apple = auth0.Connection("apple",
        name="Apple-Connection",
        strategy="apple",
        options={
            "client_id": "<client-id>",
            "client_secret": """-----BEGIN PRIVATE KEY-----
    MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
    -----END PRIVATE KEY-----""",
            "team_id": "<team-id>",
            "key_id": "<key-id>",
            "scopes": [
                "email",
                "name",
            ],
            "set_user_root_attributes": "on_first_login",
            "non_persistent_attrs": [
                "ethnicity",
                "gender",
            ],
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// This is an example of an Apple connection.
    		_, err := auth0.NewConnection(ctx, "apple", &auth0.ConnectionArgs{
    			Name:     pulumi.String("Apple-Connection"),
    			Strategy: pulumi.String("apple"),
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:     pulumi.String("<client-id>"),
    				ClientSecret: pulumi.String("-----BEGIN PRIVATE KEY-----\nMIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA\n-----END PRIVATE KEY-----"),
    				TeamId:       pulumi.String("<team-id>"),
    				KeyId:        pulumi.String("<key-id>"),
    				Scopes: pulumi.StringArray{
    					pulumi.String("email"),
    					pulumi.String("name"),
    				},
    				SetUserRootAttributes: pulumi.String("on_first_login"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        // This is an example of an Apple connection.
        var apple = new Auth0.Connection("apple", new()
        {
            Name = "Apple-Connection",
            Strategy = "apple",
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "<client-id>",
                ClientSecret = @"-----BEGIN PRIVATE KEY-----
    MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
    -----END PRIVATE KEY-----",
                TeamId = "<team-id>",
                KeyId = "<key-id>",
                Scopes = new[]
                {
                    "email",
                    "name",
                },
                SetUserRootAttributes = "on_first_login",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // This is an example of an Apple connection.
            var apple = new Connection("apple", ConnectionArgs.builder()
                .name("Apple-Connection")
                .strategy("apple")
                .options(ConnectionOptionsArgs.builder()
                    .clientId("<client-id>")
                    .clientSecret("""
    -----BEGIN PRIVATE KEY-----
    MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
    -----END PRIVATE KEY-----                """)
                    .teamId("<team-id>")
                    .keyId("<key-id>")
                    .scopes(                
                        "email",
                        "name")
                    .setUserRootAttributes("on_first_login")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .build())
                .build());
    
        }
    }
    
    resources:
      # This is an example of an Apple connection.
      apple:
        type: auth0:Connection
        properties:
          name: Apple-Connection
          strategy: apple
          options:
            clientId: <client-id>
            clientSecret: |-
              -----BEGIN PRIVATE KEY-----
              MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
              -----END PRIVATE KEY-----          
            teamId: <team-id>
            keyId: <key-id>
            scopes:
              - email
              - name
            setUserRootAttributes: on_first_login
            nonPersistentAttrs:
              - ethnicity
              - gender
    

    LinkedIn Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    // This is an example of an LinkedIn connection.
    const linkedin = new auth0.Connection("linkedin", {
        name: "Linkedin-Connection",
        strategy: "linkedin",
        options: {
            clientId: "<client-id>",
            clientSecret: "<client-secret>",
            strategyVersion: 2,
            scopes: [
                "basic_profile",
                "profile",
                "email",
            ],
            setUserRootAttributes: "on_each_login",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
        },
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    # This is an example of an LinkedIn connection.
    linkedin = auth0.Connection("linkedin",
        name="Linkedin-Connection",
        strategy="linkedin",
        options={
            "client_id": "<client-id>",
            "client_secret": "<client-secret>",
            "strategy_version": 2,
            "scopes": [
                "basic_profile",
                "profile",
                "email",
            ],
            "set_user_root_attributes": "on_each_login",
            "non_persistent_attrs": [
                "ethnicity",
                "gender",
            ],
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// This is an example of an LinkedIn connection.
    		_, err := auth0.NewConnection(ctx, "linkedin", &auth0.ConnectionArgs{
    			Name:     pulumi.String("Linkedin-Connection"),
    			Strategy: pulumi.String("linkedin"),
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:        pulumi.String("<client-id>"),
    				ClientSecret:    pulumi.String("<client-secret>"),
    				StrategyVersion: pulumi.Int(2),
    				Scopes: pulumi.StringArray{
    					pulumi.String("basic_profile"),
    					pulumi.String("profile"),
    					pulumi.String("email"),
    				},
    				SetUserRootAttributes: pulumi.String("on_each_login"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        // This is an example of an LinkedIn connection.
        var linkedin = new Auth0.Connection("linkedin", new()
        {
            Name = "Linkedin-Connection",
            Strategy = "linkedin",
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "<client-id>",
                ClientSecret = "<client-secret>",
                StrategyVersion = 2,
                Scopes = new[]
                {
                    "basic_profile",
                    "profile",
                    "email",
                },
                SetUserRootAttributes = "on_each_login",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // This is an example of an LinkedIn connection.
            var linkedin = new Connection("linkedin", ConnectionArgs.builder()
                .name("Linkedin-Connection")
                .strategy("linkedin")
                .options(ConnectionOptionsArgs.builder()
                    .clientId("<client-id>")
                    .clientSecret("<client-secret>")
                    .strategyVersion(2)
                    .scopes(                
                        "basic_profile",
                        "profile",
                        "email")
                    .setUserRootAttributes("on_each_login")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .build())
                .build());
    
        }
    }
    
    resources:
      # This is an example of an LinkedIn connection.
      linkedin:
        type: auth0:Connection
        properties:
          name: Linkedin-Connection
          strategy: linkedin
          options:
            clientId: <client-id>
            clientSecret: <client-secret>
            strategyVersion: 2
            scopes:
              - basic_profile
              - profile
              - email
            setUserRootAttributes: on_each_login
            nonPersistentAttrs:
              - ethnicity
              - gender
    

    GitHub Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    // This is an example of an GitHub connection.
    const github = new auth0.Connection("github", {
        name: "GitHub-Connection",
        strategy: "github",
        options: {
            clientId: "<client-id>",
            clientSecret: "<client-secret>",
            scopes: [
                "email",
                "profile",
                "public_repo",
                "repo",
            ],
            setUserRootAttributes: "on_each_login",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
        },
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    # This is an example of an GitHub connection.
    github = auth0.Connection("github",
        name="GitHub-Connection",
        strategy="github",
        options={
            "client_id": "<client-id>",
            "client_secret": "<client-secret>",
            "scopes": [
                "email",
                "profile",
                "public_repo",
                "repo",
            ],
            "set_user_root_attributes": "on_each_login",
            "non_persistent_attrs": [
                "ethnicity",
                "gender",
            ],
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// This is an example of an GitHub connection.
    		_, err := auth0.NewConnection(ctx, "github", &auth0.ConnectionArgs{
    			Name:     pulumi.String("GitHub-Connection"),
    			Strategy: pulumi.String("github"),
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:     pulumi.String("<client-id>"),
    				ClientSecret: pulumi.String("<client-secret>"),
    				Scopes: pulumi.StringArray{
    					pulumi.String("email"),
    					pulumi.String("profile"),
    					pulumi.String("public_repo"),
    					pulumi.String("repo"),
    				},
    				SetUserRootAttributes: pulumi.String("on_each_login"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        // This is an example of an GitHub connection.
        var github = new Auth0.Connection("github", new()
        {
            Name = "GitHub-Connection",
            Strategy = "github",
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "<client-id>",
                ClientSecret = "<client-secret>",
                Scopes = new[]
                {
                    "email",
                    "profile",
                    "public_repo",
                    "repo",
                },
                SetUserRootAttributes = "on_each_login",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // This is an example of an GitHub connection.
            var github = new Connection("github", ConnectionArgs.builder()
                .name("GitHub-Connection")
                .strategy("github")
                .options(ConnectionOptionsArgs.builder()
                    .clientId("<client-id>")
                    .clientSecret("<client-secret>")
                    .scopes(                
                        "email",
                        "profile",
                        "public_repo",
                        "repo")
                    .setUserRootAttributes("on_each_login")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .build())
                .build());
    
        }
    }
    
    resources:
      # This is an example of an GitHub connection.
      github:
        type: auth0:Connection
        properties:
          name: GitHub-Connection
          strategy: github
          options:
            clientId: <client-id>
            clientSecret: <client-secret>
            scopes:
              - email
              - profile
              - public_repo
              - repo
            setUserRootAttributes: on_each_login
            nonPersistentAttrs:
              - ethnicity
              - gender
    

    SalesForce Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    // This is an example of an SalesForce connection.
    const salesforce = new auth0.Connection("salesforce", {
        name: "Salesforce-Connection",
        strategy: "salesforce",
        options: {
            clientId: "<client-id>",
            clientSecret: "<client-secret>",
            communityBaseUrl: "https://salesforce.example.com",
            scopes: [
                "openid",
                "email",
            ],
            setUserRootAttributes: "on_first_login",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
        },
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    # This is an example of an SalesForce connection.
    salesforce = auth0.Connection("salesforce",
        name="Salesforce-Connection",
        strategy="salesforce",
        options={
            "client_id": "<client-id>",
            "client_secret": "<client-secret>",
            "community_base_url": "https://salesforce.example.com",
            "scopes": [
                "openid",
                "email",
            ],
            "set_user_root_attributes": "on_first_login",
            "non_persistent_attrs": [
                "ethnicity",
                "gender",
            ],
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// This is an example of an SalesForce connection.
    		_, err := auth0.NewConnection(ctx, "salesforce", &auth0.ConnectionArgs{
    			Name:     pulumi.String("Salesforce-Connection"),
    			Strategy: pulumi.String("salesforce"),
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:         pulumi.String("<client-id>"),
    				ClientSecret:     pulumi.String("<client-secret>"),
    				CommunityBaseUrl: pulumi.String("https://salesforce.example.com"),
    				Scopes: pulumi.StringArray{
    					pulumi.String("openid"),
    					pulumi.String("email"),
    				},
    				SetUserRootAttributes: pulumi.String("on_first_login"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        // This is an example of an SalesForce connection.
        var salesforce = new Auth0.Connection("salesforce", new()
        {
            Name = "Salesforce-Connection",
            Strategy = "salesforce",
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "<client-id>",
                ClientSecret = "<client-secret>",
                CommunityBaseUrl = "https://salesforce.example.com",
                Scopes = new[]
                {
                    "openid",
                    "email",
                },
                SetUserRootAttributes = "on_first_login",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // This is an example of an SalesForce connection.
            var salesforce = new Connection("salesforce", ConnectionArgs.builder()
                .name("Salesforce-Connection")
                .strategy("salesforce")
                .options(ConnectionOptionsArgs.builder()
                    .clientId("<client-id>")
                    .clientSecret("<client-secret>")
                    .communityBaseUrl("https://salesforce.example.com")
                    .scopes(                
                        "openid",
                        "email")
                    .setUserRootAttributes("on_first_login")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .build())
                .build());
    
        }
    }
    
    resources:
      # This is an example of an SalesForce connection.
      salesforce:
        type: auth0:Connection
        properties:
          name: Salesforce-Connection
          strategy: salesforce
          options:
            clientId: <client-id>
            clientSecret: <client-secret>
            communityBaseUrl: https://salesforce.example.com
            scopes:
              - openid
              - email
            setUserRootAttributes: on_first_login
            nonPersistentAttrs:
              - ethnicity
              - gender
    

    OAuth2 Connection

    Also applies to following connection strategies: dropbox, bitbucket, paypal, twitter, amazon, yahoo, box, wordpress, shopify, custom

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    // This is an example of an OAuth2 connection.
    const oauth2 = new auth0.Connection("oauth2", {
        name: "OAuth2-Connection",
        strategy: "oauth2",
        options: {
            clientId: "<client-id>",
            clientSecret: "<client-secret>",
            strategyVersion: 2,
            scopes: [
                "basic_profile",
                "profile",
                "email",
            ],
            tokenEndpoint: "https://auth.example.com/oauth2/token",
            authorizationEndpoint: "https://auth.example.com/oauth2/authorize",
            pkceEnabled: true,
            iconUrl: "https://auth.example.com/assets/logo.png",
            scripts: {
                fetchUserProfile: `        function fetchUserProfile(accessToken, context, callback) {
              return callback(new Error("Whoops!"));
            }
    `,
            },
            setUserRootAttributes: "on_each_login",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
        },
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    # This is an example of an OAuth2 connection.
    oauth2 = auth0.Connection("oauth2",
        name="OAuth2-Connection",
        strategy="oauth2",
        options={
            "client_id": "<client-id>",
            "client_secret": "<client-secret>",
            "strategy_version": 2,
            "scopes": [
                "basic_profile",
                "profile",
                "email",
            ],
            "token_endpoint": "https://auth.example.com/oauth2/token",
            "authorization_endpoint": "https://auth.example.com/oauth2/authorize",
            "pkce_enabled": True,
            "icon_url": "https://auth.example.com/assets/logo.png",
            "scripts": {
                "fetchUserProfile": """        function fetchUserProfile(accessToken, context, callback) {
              return callback(new Error("Whoops!"));
            }
    """,
            },
            "set_user_root_attributes": "on_each_login",
            "non_persistent_attrs": [
                "ethnicity",
                "gender",
            ],
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// This is an example of an OAuth2 connection.
    		_, err := auth0.NewConnection(ctx, "oauth2", &auth0.ConnectionArgs{
    			Name:     pulumi.String("OAuth2-Connection"),
    			Strategy: pulumi.String("oauth2"),
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:        pulumi.String("<client-id>"),
    				ClientSecret:    pulumi.String("<client-secret>"),
    				StrategyVersion: pulumi.Int(2),
    				Scopes: pulumi.StringArray{
    					pulumi.String("basic_profile"),
    					pulumi.String("profile"),
    					pulumi.String("email"),
    				},
    				TokenEndpoint:         pulumi.String("https://auth.example.com/oauth2/token"),
    				AuthorizationEndpoint: pulumi.String("https://auth.example.com/oauth2/authorize"),
    				PkceEnabled:           pulumi.Bool(true),
    				IconUrl:               pulumi.String("https://auth.example.com/assets/logo.png"),
    				Scripts: pulumi.StringMap{
    					"fetchUserProfile": pulumi.String("        function fetchUserProfile(accessToken, context, callback) {\n          return callback(new Error(\"Whoops!\"));\n        }\n"),
    				},
    				SetUserRootAttributes: pulumi.String("on_each_login"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        // This is an example of an OAuth2 connection.
        var oauth2 = new Auth0.Connection("oauth2", new()
        {
            Name = "OAuth2-Connection",
            Strategy = "oauth2",
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "<client-id>",
                ClientSecret = "<client-secret>",
                StrategyVersion = 2,
                Scopes = new[]
                {
                    "basic_profile",
                    "profile",
                    "email",
                },
                TokenEndpoint = "https://auth.example.com/oauth2/token",
                AuthorizationEndpoint = "https://auth.example.com/oauth2/authorize",
                PkceEnabled = true,
                IconUrl = "https://auth.example.com/assets/logo.png",
                Scripts = 
                {
                    { "fetchUserProfile", @"        function fetchUserProfile(accessToken, context, callback) {
              return callback(new Error(""Whoops!""));
            }
    " },
                },
                SetUserRootAttributes = "on_each_login",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // This is an example of an OAuth2 connection.
            var oauth2 = new Connection("oauth2", ConnectionArgs.builder()
                .name("OAuth2-Connection")
                .strategy("oauth2")
                .options(ConnectionOptionsArgs.builder()
                    .clientId("<client-id>")
                    .clientSecret("<client-secret>")
                    .strategyVersion(2)
                    .scopes(                
                        "basic_profile",
                        "profile",
                        "email")
                    .tokenEndpoint("https://auth.example.com/oauth2/token")
                    .authorizationEndpoint("https://auth.example.com/oauth2/authorize")
                    .pkceEnabled(true)
                    .iconUrl("https://auth.example.com/assets/logo.png")
                    .scripts(Map.of("fetchUserProfile", """
            function fetchUserProfile(accessToken, context, callback) {
              return callback(new Error("Whoops!"));
            }
                    """))
                    .setUserRootAttributes("on_each_login")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .build())
                .build());
    
        }
    }
    
    resources:
      # This is an example of an OAuth2 connection.
      oauth2:
        type: auth0:Connection
        properties:
          name: OAuth2-Connection
          strategy: oauth2
          options:
            clientId: <client-id>
            clientSecret: <client-secret>
            strategyVersion: 2
            scopes:
              - basic_profile
              - profile
              - email
            tokenEndpoint: https://auth.example.com/oauth2/token
            authorizationEndpoint: https://auth.example.com/oauth2/authorize
            pkceEnabled: true
            iconUrl: https://auth.example.com/assets/logo.png
            scripts:
              fetchUserProfile: |2
                        function fetchUserProfile(accessToken, context, callback) {
                          return callback(new Error("Whoops!"));
                        }
            setUserRootAttributes: on_each_login
            nonPersistentAttrs:
              - ethnicity
              - gender
    

    Active Directory (AD)

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    const ad = new auth0.Connection("ad", {
        name: "connection-active-directory",
        displayName: "Active Directory Connection",
        strategy: "ad",
        showAsButton: true,
        options: {
            disableSelfServiceChangePassword: true,
            bruteForceProtection: true,
            tenantDomain: "example.com",
            strategyVersion: 2,
            iconUrl: "https://example.com/assets/logo.png",
            domainAliases: [
                "example.com",
                "api.example.com",
            ],
            ips: [
                "192.168.1.1",
                "192.168.1.2",
            ],
            setUserRootAttributes: "on_each_login",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
            upstreamParams: JSON.stringify({
                screen_name: {
                    alias: "login_hint",
                },
            }),
            useCertAuth: false,
            useKerberos: false,
            disableCache: false,
        },
    });
    
    import pulumi
    import json
    import pulumi_auth0 as auth0
    
    ad = auth0.Connection("ad",
        name="connection-active-directory",
        display_name="Active Directory Connection",
        strategy="ad",
        show_as_button=True,
        options={
            "disable_self_service_change_password": True,
            "brute_force_protection": True,
            "tenant_domain": "example.com",
            "strategy_version": 2,
            "icon_url": "https://example.com/assets/logo.png",
            "domain_aliases": [
                "example.com",
                "api.example.com",
            ],
            "ips": [
                "192.168.1.1",
                "192.168.1.2",
            ],
            "set_user_root_attributes": "on_each_login",
            "non_persistent_attrs": [
                "ethnicity",
                "gender",
            ],
            "upstream_params": json.dumps({
                "screen_name": {
                    "alias": "login_hint",
                },
            }),
            "use_cert_auth": False,
            "use_kerberos": False,
            "disable_cache": False,
        })
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"screen_name": map[string]interface{}{
    				"alias": "login_hint",
    			},
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		_, err = auth0.NewConnection(ctx, "ad", &auth0.ConnectionArgs{
    			Name:         pulumi.String("connection-active-directory"),
    			DisplayName:  pulumi.String("Active Directory Connection"),
    			Strategy:     pulumi.String("ad"),
    			ShowAsButton: pulumi.Bool(true),
    			Options: &auth0.ConnectionOptionsArgs{
    				DisableSelfServiceChangePassword: pulumi.Bool(true),
    				BruteForceProtection:             pulumi.Bool(true),
    				TenantDomain:                     pulumi.String("example.com"),
    				StrategyVersion:                  pulumi.Int(2),
    				IconUrl:                          pulumi.String("https://example.com/assets/logo.png"),
    				DomainAliases: pulumi.StringArray{
    					pulumi.String("example.com"),
    					pulumi.String("api.example.com"),
    				},
    				Ips: pulumi.StringArray{
    					pulumi.String("192.168.1.1"),
    					pulumi.String("192.168.1.2"),
    				},
    				SetUserRootAttributes: pulumi.String("on_each_login"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    				UpstreamParams: pulumi.String(json0),
    				UseCertAuth:    pulumi.Bool(false),
    				UseKerberos:    pulumi.Bool(false),
    				DisableCache:   pulumi.Bool(false),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        var ad = new Auth0.Connection("ad", new()
        {
            Name = "connection-active-directory",
            DisplayName = "Active Directory Connection",
            Strategy = "ad",
            ShowAsButton = true,
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                DisableSelfServiceChangePassword = true,
                BruteForceProtection = true,
                TenantDomain = "example.com",
                StrategyVersion = 2,
                IconUrl = "https://example.com/assets/logo.png",
                DomainAliases = new[]
                {
                    "example.com",
                    "api.example.com",
                },
                Ips = new[]
                {
                    "192.168.1.1",
                    "192.168.1.2",
                },
                SetUserRootAttributes = "on_each_login",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
                UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
                {
                    ["screen_name"] = new Dictionary<string, object?>
                    {
                        ["alias"] = "login_hint",
                    },
                }),
                UseCertAuth = false,
                UseKerberos = false,
                DisableCache = false,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var ad = new Connection("ad", ConnectionArgs.builder()
                .name("connection-active-directory")
                .displayName("Active Directory Connection")
                .strategy("ad")
                .showAsButton(true)
                .options(ConnectionOptionsArgs.builder()
                    .disableSelfServiceChangePassword(true)
                    .bruteForceProtection(true)
                    .tenantDomain("example.com")
                    .strategyVersion(2)
                    .iconUrl("https://example.com/assets/logo.png")
                    .domainAliases(                
                        "example.com",
                        "api.example.com")
                    .ips(                
                        "192.168.1.1",
                        "192.168.1.2")
                    .setUserRootAttributes("on_each_login")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .upstreamParams(serializeJson(
                        jsonObject(
                            jsonProperty("screen_name", jsonObject(
                                jsonProperty("alias", "login_hint")
                            ))
                        )))
                    .useCertAuth(false)
                    .useKerberos(false)
                    .disableCache(false)
                    .build())
                .build());
    
        }
    }
    
    resources:
      ad:
        type: auth0:Connection
        properties:
          name: connection-active-directory
          displayName: Active Directory Connection
          strategy: ad
          showAsButton: true
          options:
            disableSelfServiceChangePassword: true
            bruteForceProtection: true
            tenantDomain: example.com
            strategyVersion: 2
            iconUrl: https://example.com/assets/logo.png
            domainAliases:
              - example.com
              - api.example.com
            ips:
              - 192.168.1.1
              - 192.168.1.2
            setUserRootAttributes: on_each_login
            nonPersistentAttrs:
              - ethnicity
              - gender
            upstreamParams:
              fn::toJSON:
                screen_name:
                  alias: login_hint
            useCertAuth: false
            useKerberos: false
            disableCache: false
    

    Azure AD Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    const azureAd = new auth0.Connection("azure_ad", {
        name: "connection-azure-ad",
        strategy: "waad",
        showAsButton: true,
        options: {
            identityApi: "azure-active-directory-v1.0",
            clientId: "123456",
            clientSecret: "123456",
            strategyVersion: 2,
            userIdAttribute: "oid",
            appId: "app-id-123",
            tenantDomain: "example.onmicrosoft.com",
            domain: "example.onmicrosoft.com",
            domainAliases: [
                "example.com",
                "api.example.com",
            ],
            iconUrl: "https://example.onmicrosoft.com/assets/logo.png",
            useWsfed: false,
            waadProtocol: "openid-connect",
            waadCommonEndpoint: false,
            maxGroupsToRetrieve: "250",
            apiEnableUsers: true,
            scopes: [
                "basic_profile",
                "ext_groups",
                "ext_profile",
            ],
            setUserRootAttributes: "on_each_login",
            shouldTrustEmailVerifiedConnection: "never_set_emails_as_verified",
            upstreamParams: JSON.stringify({
                screen_name: {
                    alias: "login_hint",
                },
            }),
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
        },
    });
    
    import pulumi
    import json
    import pulumi_auth0 as auth0
    
    azure_ad = auth0.Connection("azure_ad",
        name="connection-azure-ad",
        strategy="waad",
        show_as_button=True,
        options={
            "identity_api": "azure-active-directory-v1.0",
            "client_id": "123456",
            "client_secret": "123456",
            "strategy_version": 2,
            "user_id_attribute": "oid",
            "app_id": "app-id-123",
            "tenant_domain": "example.onmicrosoft.com",
            "domain": "example.onmicrosoft.com",
            "domain_aliases": [
                "example.com",
                "api.example.com",
            ],
            "icon_url": "https://example.onmicrosoft.com/assets/logo.png",
            "use_wsfed": False,
            "waad_protocol": "openid-connect",
            "waad_common_endpoint": False,
            "max_groups_to_retrieve": "250",
            "api_enable_users": True,
            "scopes": [
                "basic_profile",
                "ext_groups",
                "ext_profile",
            ],
            "set_user_root_attributes": "on_each_login",
            "should_trust_email_verified_connection": "never_set_emails_as_verified",
            "upstream_params": json.dumps({
                "screen_name": {
                    "alias": "login_hint",
                },
            }),
            "non_persistent_attrs": [
                "ethnicity",
                "gender",
            ],
        })
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"screen_name": map[string]interface{}{
    				"alias": "login_hint",
    			},
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		_, err = auth0.NewConnection(ctx, "azure_ad", &auth0.ConnectionArgs{
    			Name:         pulumi.String("connection-azure-ad"),
    			Strategy:     pulumi.String("waad"),
    			ShowAsButton: pulumi.Bool(true),
    			Options: &auth0.ConnectionOptionsArgs{
    				IdentityApi:     pulumi.String("azure-active-directory-v1.0"),
    				ClientId:        pulumi.String("123456"),
    				ClientSecret:    pulumi.String("123456"),
    				StrategyVersion: pulumi.Int(2),
    				UserIdAttribute: pulumi.String("oid"),
    				AppId:           pulumi.String("app-id-123"),
    				TenantDomain:    pulumi.String("example.onmicrosoft.com"),
    				Domain:          pulumi.String("example.onmicrosoft.com"),
    				DomainAliases: pulumi.StringArray{
    					pulumi.String("example.com"),
    					pulumi.String("api.example.com"),
    				},
    				IconUrl:             pulumi.String("https://example.onmicrosoft.com/assets/logo.png"),
    				UseWsfed:            pulumi.Bool(false),
    				WaadProtocol:        pulumi.String("openid-connect"),
    				WaadCommonEndpoint:  pulumi.Bool(false),
    				MaxGroupsToRetrieve: pulumi.String("250"),
    				ApiEnableUsers:      pulumi.Bool(true),
    				Scopes: pulumi.StringArray{
    					pulumi.String("basic_profile"),
    					pulumi.String("ext_groups"),
    					pulumi.String("ext_profile"),
    				},
    				SetUserRootAttributes:              pulumi.String("on_each_login"),
    				ShouldTrustEmailVerifiedConnection: pulumi.String("never_set_emails_as_verified"),
    				UpstreamParams:                     pulumi.String(json0),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        var azureAd = new Auth0.Connection("azure_ad", new()
        {
            Name = "connection-azure-ad",
            Strategy = "waad",
            ShowAsButton = true,
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                IdentityApi = "azure-active-directory-v1.0",
                ClientId = "123456",
                ClientSecret = "123456",
                StrategyVersion = 2,
                UserIdAttribute = "oid",
                AppId = "app-id-123",
                TenantDomain = "example.onmicrosoft.com",
                Domain = "example.onmicrosoft.com",
                DomainAliases = new[]
                {
                    "example.com",
                    "api.example.com",
                },
                IconUrl = "https://example.onmicrosoft.com/assets/logo.png",
                UseWsfed = false,
                WaadProtocol = "openid-connect",
                WaadCommonEndpoint = false,
                MaxGroupsToRetrieve = "250",
                ApiEnableUsers = true,
                Scopes = new[]
                {
                    "basic_profile",
                    "ext_groups",
                    "ext_profile",
                },
                SetUserRootAttributes = "on_each_login",
                ShouldTrustEmailVerifiedConnection = "never_set_emails_as_verified",
                UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
                {
                    ["screen_name"] = new Dictionary<string, object?>
                    {
                        ["alias"] = "login_hint",
                    },
                }),
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureAd = new Connection("azureAd", ConnectionArgs.builder()
                .name("connection-azure-ad")
                .strategy("waad")
                .showAsButton(true)
                .options(ConnectionOptionsArgs.builder()
                    .identityApi("azure-active-directory-v1.0")
                    .clientId("123456")
                    .clientSecret("123456")
                    .strategyVersion(2)
                    .userIdAttribute("oid")
                    .appId("app-id-123")
                    .tenantDomain("example.onmicrosoft.com")
                    .domain("example.onmicrosoft.com")
                    .domainAliases(                
                        "example.com",
                        "api.example.com")
                    .iconUrl("https://example.onmicrosoft.com/assets/logo.png")
                    .useWsfed(false)
                    .waadProtocol("openid-connect")
                    .waadCommonEndpoint(false)
                    .maxGroupsToRetrieve(250)
                    .apiEnableUsers(true)
                    .scopes(                
                        "basic_profile",
                        "ext_groups",
                        "ext_profile")
                    .setUserRootAttributes("on_each_login")
                    .shouldTrustEmailVerifiedConnection("never_set_emails_as_verified")
                    .upstreamParams(serializeJson(
                        jsonObject(
                            jsonProperty("screen_name", jsonObject(
                                jsonProperty("alias", "login_hint")
                            ))
                        )))
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .build())
                .build());
    
        }
    }
    
    resources:
      azureAd:
        type: auth0:Connection
        name: azure_ad
        properties:
          name: connection-azure-ad
          strategy: waad
          showAsButton: true
          options:
            identityApi: azure-active-directory-v1.0
            clientId: '123456'
            clientSecret: '123456'
            strategyVersion: 2
            userIdAttribute: oid
            appId: app-id-123
            tenantDomain: example.onmicrosoft.com
            domain: example.onmicrosoft.com
            domainAliases:
              - example.com
              - api.example.com
            iconUrl: https://example.onmicrosoft.com/assets/logo.png
            useWsfed: false
            waadProtocol: openid-connect
            waadCommonEndpoint: false
            maxGroupsToRetrieve: 250
            apiEnableUsers: true
            scopes:
              - basic_profile
              - ext_groups
              - ext_profile
            setUserRootAttributes: on_each_login
            shouldTrustEmailVerifiedConnection: never_set_emails_as_verified
            upstreamParams:
              fn::toJSON:
                screen_name:
                  alias: login_hint
            nonPersistentAttrs:
              - ethnicity
              - gender
    

    Email Connection

    To be able to see this in the management dashboard as well, the name of the connection must be set to “email”.

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    // This is an example of an Email connection.
    const passwordlessEmail = new auth0.Connection("passwordless_email", {
        strategy: "email",
        name: "email",
        options: {
            name: "email",
            from: "{{ application.name }} <root@auth0.com>",
            subject: "Welcome to {{ application.name }}",
            syntax: "liquid",
            template: "<html>This is the body of the email</html>",
            disableSignup: false,
            bruteForceProtection: true,
            setUserRootAttributes: "on_each_login",
            nonPersistentAttrs: [],
            authParams: {
                scope: "openid email profile offline_access",
                response_type: "code",
            },
            totp: {
                timeStep: 300,
                length: 6,
            },
        },
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    # This is an example of an Email connection.
    passwordless_email = auth0.Connection("passwordless_email",
        strategy="email",
        name="email",
        options={
            "name": "email",
            "from_": "{{ application.name }} <root@auth0.com>",
            "subject": "Welcome to {{ application.name }}",
            "syntax": "liquid",
            "template": "<html>This is the body of the email</html>",
            "disable_signup": False,
            "brute_force_protection": True,
            "set_user_root_attributes": "on_each_login",
            "non_persistent_attrs": [],
            "auth_params": {
                "scope": "openid email profile offline_access",
                "response_type": "code",
            },
            "totp": {
                "time_step": 300,
                "length": 6,
            },
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// This is an example of an Email connection.
    		_, err := auth0.NewConnection(ctx, "passwordless_email", &auth0.ConnectionArgs{
    			Strategy: pulumi.String("email"),
    			Name:     pulumi.String("email"),
    			Options: &auth0.ConnectionOptionsArgs{
    				Name:                  pulumi.String("email"),
    				From:                  pulumi.String("{{ application.name }} <root@auth0.com>"),
    				Subject:               pulumi.String("Welcome to {{ application.name }}"),
    				Syntax:                pulumi.String("liquid"),
    				Template:              pulumi.String("<html>This is the body of the email</html>"),
    				DisableSignup:         pulumi.Bool(false),
    				BruteForceProtection:  pulumi.Bool(true),
    				SetUserRootAttributes: pulumi.String("on_each_login"),
    				NonPersistentAttrs:    pulumi.StringArray{},
    				AuthParams: pulumi.StringMap{
    					"scope":         pulumi.String("openid email profile offline_access"),
    					"response_type": pulumi.String("code"),
    				},
    				Totp: &auth0.ConnectionOptionsTotpArgs{
    					TimeStep: pulumi.Int(300),
    					Length:   pulumi.Int(6),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        // This is an example of an Email connection.
        var passwordlessEmail = new Auth0.Connection("passwordless_email", new()
        {
            Strategy = "email",
            Name = "email",
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                Name = "email",
                From = "{{ application.name }} <root@auth0.com>",
                Subject = "Welcome to {{ application.name }}",
                Syntax = "liquid",
                Template = "<html>This is the body of the email</html>",
                DisableSignup = false,
                BruteForceProtection = true,
                SetUserRootAttributes = "on_each_login",
                NonPersistentAttrs = new() { },
                AuthParams = 
                {
                    { "scope", "openid email profile offline_access" },
                    { "response_type", "code" },
                },
                Totp = new Auth0.Inputs.ConnectionOptionsTotpArgs
                {
                    TimeStep = 300,
                    Length = 6,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsTotpArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // This is an example of an Email connection.
            var passwordlessEmail = new Connection("passwordlessEmail", ConnectionArgs.builder()
                .strategy("email")
                .name("email")
                .options(ConnectionOptionsArgs.builder()
                    .name("email")
                    .from("{{ application.name }} <root@auth0.com>")
                    .subject("Welcome to {{ application.name }}")
                    .syntax("liquid")
                    .template("<html>This is the body of the email</html>")
                    .disableSignup(false)
                    .bruteForceProtection(true)
                    .setUserRootAttributes("on_each_login")
                    .nonPersistentAttrs()
                    .authParams(Map.ofEntries(
                        Map.entry("scope", "openid email profile offline_access"),
                        Map.entry("response_type", "code")
                    ))
                    .totp(ConnectionOptionsTotpArgs.builder()
                        .timeStep(300)
                        .length(6)
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      # This is an example of an Email connection.
      passwordlessEmail:
        type: auth0:Connection
        name: passwordless_email
        properties:
          strategy: email
          name: email
          options:
            name: email
            from: '{{ application.name }} <root@auth0.com>'
            subject: Welcome to {{ application.name }}
            syntax: liquid
            template: <html>This is the body of the email</html>
            disableSignup: false
            bruteForceProtection: true
            setUserRootAttributes: on_each_login
            nonPersistentAttrs: []
            authParams:
              scope: openid email profile offline_access
              response_type: code
            totp:
              timeStep: 300
              length: 6
    

    SAML Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    // This is an example of a SAML connection.
    const samlp = new auth0.Connection("samlp", {
        name: "SAML-Connection",
        strategy: "samlp",
        options: {
            debug: false,
            signingCert: "<signing-certificate>",
            signInEndpoint: "https://saml.provider/sign_in",
            signOutEndpoint: "https://saml.provider/sign_out",
            disableSignOut: true,
            strategyVersion: 2,
            tenantDomain: "example.com",
            domainAliases: [
                "example.com",
                "alias.example.com",
            ],
            protocolBinding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
            requestTemplate: `<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    @@AssertServiceURLAndDestination@@
        ID="@@ID@@"
        IssueInstant="@@IssueInstant@@"
        ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
        <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
    </samlp:AuthnRequest>`,
            userIdAttribute: "https://saml.provider/imi/ns/identity-200810",
            signatureAlgorithm: "rsa-sha256",
            digestAlgorithm: "sha256",
            iconUrl: "https://saml.provider/assets/logo.png",
            entityId: "<entity_id>",
            metadataXml: `    <?xml version="1.0"?>
        <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
          <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
            <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
            <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
          </md:IDPSSODescriptor>
        </md:EntityDescriptor>
    `,
            metadataUrl: "https://saml.provider/imi/ns/FederationMetadata.xml",
            fieldsMap: JSON.stringify({
                name: [
                    "name",
                    "nameidentifier",
                ],
                email: [
                    "emailaddress",
                    "nameidentifier",
                ],
                family_name: "surname",
            }),
            signingKey: {
                key: `-----BEGIN PRIVATE KEY-----
    ...{your private key here}...
    -----END PRIVATE KEY-----`,
                cert: `-----BEGIN CERTIFICATE-----
    ...{your public key cert here}...
    -----END CERTIFICATE-----`,
            },
            decryptionKey: {
                key: `-----BEGIN PRIVATE KEY-----
    ...{your private key here}...
    -----END PRIVATE KEY-----`,
                cert: `-----BEGIN CERTIFICATE-----
    ...{your public key cert here}...
    -----END CERTIFICATE-----`,
            },
            idpInitiated: {
                clientId: "client_id",
                clientProtocol: "samlp",
                clientAuthorizeQuery: "type=code&timeout=30",
            },
        },
    });
    
    import pulumi
    import json
    import pulumi_auth0 as auth0
    
    # This is an example of a SAML connection.
    samlp = auth0.Connection("samlp",
        name="SAML-Connection",
        strategy="samlp",
        options={
            "debug": False,
            "signing_cert": "<signing-certificate>",
            "sign_in_endpoint": "https://saml.provider/sign_in",
            "sign_out_endpoint": "https://saml.provider/sign_out",
            "disable_sign_out": True,
            "strategy_version": 2,
            "tenant_domain": "example.com",
            "domain_aliases": [
                "example.com",
                "alias.example.com",
            ],
            "protocol_binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
            "request_template": """<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    @@AssertServiceURLAndDestination@@
        ID="@@ID@@"
        IssueInstant="@@IssueInstant@@"
        ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
        <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
    </samlp:AuthnRequest>""",
            "user_id_attribute": "https://saml.provider/imi/ns/identity-200810",
            "signature_algorithm": "rsa-sha256",
            "digest_algorithm": "sha256",
            "icon_url": "https://saml.provider/assets/logo.png",
            "entity_id": "<entity_id>",
            "metadata_xml": """    <?xml version="1.0"?>
        <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
          <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
            <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
            <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
          </md:IDPSSODescriptor>
        </md:EntityDescriptor>
    """,
            "metadata_url": "https://saml.provider/imi/ns/FederationMetadata.xml",
            "fields_map": json.dumps({
                "name": [
                    "name",
                    "nameidentifier",
                ],
                "email": [
                    "emailaddress",
                    "nameidentifier",
                ],
                "family_name": "surname",
            }),
            "signing_key": {
                "key": """-----BEGIN PRIVATE KEY-----
    ...{your private key here}...
    -----END PRIVATE KEY-----""",
                "cert": """-----BEGIN CERTIFICATE-----
    ...{your public key cert here}...
    -----END CERTIFICATE-----""",
            },
            "decryption_key": {
                "key": """-----BEGIN PRIVATE KEY-----
    ...{your private key here}...
    -----END PRIVATE KEY-----""",
                "cert": """-----BEGIN CERTIFICATE-----
    ...{your public key cert here}...
    -----END CERTIFICATE-----""",
            },
            "idp_initiated": {
                "client_id": "client_id",
                "client_protocol": "samlp",
                "client_authorize_query": "type=code&timeout=30",
            },
        })
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"name": []string{
    				"name",
    				"nameidentifier",
    			},
    			"email": []string{
    				"emailaddress",
    				"nameidentifier",
    			},
    			"family_name": "surname",
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		// This is an example of a SAML connection.
    		_, err = auth0.NewConnection(ctx, "samlp", &auth0.ConnectionArgs{
    			Name:     pulumi.String("SAML-Connection"),
    			Strategy: pulumi.String("samlp"),
    			Options: &auth0.ConnectionOptionsArgs{
    				Debug:           pulumi.Bool(false),
    				SigningCert:     pulumi.String("<signing-certificate>"),
    				SignInEndpoint:  pulumi.String("https://saml.provider/sign_in"),
    				SignOutEndpoint: pulumi.String("https://saml.provider/sign_out"),
    				DisableSignOut:  pulumi.Bool(true),
    				StrategyVersion: pulumi.Int(2),
    				TenantDomain:    pulumi.String("example.com"),
    				DomainAliases: pulumi.StringArray{
    					pulumi.String("example.com"),
    					pulumi.String("alias.example.com"),
    				},
    				ProtocolBinding: pulumi.String("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"),
    				RequestTemplate: pulumi.String(`<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    @@AssertServiceURLAndDestination@@
        ID="@@ID@@"
        IssueInstant="@@IssueInstant@@"
        ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
        <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
    </samlp:AuthnRequest>`),
    				UserIdAttribute:    pulumi.String("https://saml.provider/imi/ns/identity-200810"),
    				SignatureAlgorithm: pulumi.String("rsa-sha256"),
    				DigestAlgorithm:    pulumi.String("sha256"),
    				IconUrl:            pulumi.String("https://saml.provider/assets/logo.png"),
    				EntityId:           pulumi.String("<entity_id>"),
    				MetadataXml: pulumi.String(`    <?xml version="1.0"?>
        <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
          <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
            <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
            <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
          </md:IDPSSODescriptor>
        </md:EntityDescriptor>
    `),
    				MetadataUrl: pulumi.String("https://saml.provider/imi/ns/FederationMetadata.xml"),
    				FieldsMap:   pulumi.String(json0),
    				SigningKey: &auth0.ConnectionOptionsSigningKeyArgs{
    					Key:  pulumi.String("-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"),
    					Cert: pulumi.String("-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"),
    				},
    				DecryptionKey: &auth0.ConnectionOptionsDecryptionKeyArgs{
    					Key:  pulumi.String("-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"),
    					Cert: pulumi.String("-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"),
    				},
    				IdpInitiated: &auth0.ConnectionOptionsIdpInitiatedArgs{
    					ClientId:             pulumi.String("client_id"),
    					ClientProtocol:       pulumi.String("samlp"),
    					ClientAuthorizeQuery: pulumi.String("type=code&timeout=30"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        // This is an example of a SAML connection.
        var samlp = new Auth0.Connection("samlp", new()
        {
            Name = "SAML-Connection",
            Strategy = "samlp",
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                Debug = false,
                SigningCert = "<signing-certificate>",
                SignInEndpoint = "https://saml.provider/sign_in",
                SignOutEndpoint = "https://saml.provider/sign_out",
                DisableSignOut = true,
                StrategyVersion = 2,
                TenantDomain = "example.com",
                DomainAliases = new[]
                {
                    "example.com",
                    "alias.example.com",
                },
                ProtocolBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
                RequestTemplate = @"<samlp:AuthnRequest xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol""
    @@AssertServiceURLAndDestination@@
        ID=""@@ID@@""
        IssueInstant=""@@IssueInstant@@""
        ProtocolBinding=""@@ProtocolBinding@@"" Version=""2.0"">
        <saml:Issuer xmlns:saml=""urn:oasis:names:tc:SAML:2.0:assertion"">@@Issuer@@</saml:Issuer>
    </samlp:AuthnRequest>",
                UserIdAttribute = "https://saml.provider/imi/ns/identity-200810",
                SignatureAlgorithm = "rsa-sha256",
                DigestAlgorithm = "sha256",
                IconUrl = "https://saml.provider/assets/logo.png",
                EntityId = "<entity_id>",
                MetadataXml = @"    <?xml version=""1.0""?>
        <md:EntityDescriptor xmlns:md=""urn:oasis:names:tc:SAML:2.0:metadata"" xmlns:ds=""http://www.w3.org/2000/09/xmldsig#"" entityID=""https://example.com"">
          <md:IDPSSODescriptor protocolSupportEnumeration=""urn:oasis:names:tc:SAML:2.0:protocol"">
            <md:SingleLogoutService Binding=""urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"" Location=""https://saml.provider/sign_out""/>
            <md:SingleSignOnService Binding=""urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"" Location=""https://saml.provider/sign_in""/>
          </md:IDPSSODescriptor>
        </md:EntityDescriptor>
    ",
                MetadataUrl = "https://saml.provider/imi/ns/FederationMetadata.xml",
                FieldsMap = JsonSerializer.Serialize(new Dictionary<string, object?>
                {
                    ["name"] = new[]
                    {
                        "name",
                        "nameidentifier",
                    },
                    ["email"] = new[]
                    {
                        "emailaddress",
                        "nameidentifier",
                    },
                    ["family_name"] = "surname",
                }),
                SigningKey = new Auth0.Inputs.ConnectionOptionsSigningKeyArgs
                {
                    Key = @"-----BEGIN PRIVATE KEY-----
    ...{your private key here}...
    -----END PRIVATE KEY-----",
                    Cert = @"-----BEGIN CERTIFICATE-----
    ...{your public key cert here}...
    -----END CERTIFICATE-----",
                },
                DecryptionKey = new Auth0.Inputs.ConnectionOptionsDecryptionKeyArgs
                {
                    Key = @"-----BEGIN PRIVATE KEY-----
    ...{your private key here}...
    -----END PRIVATE KEY-----",
                    Cert = @"-----BEGIN CERTIFICATE-----
    ...{your public key cert here}...
    -----END CERTIFICATE-----",
                },
                IdpInitiated = new Auth0.Inputs.ConnectionOptionsIdpInitiatedArgs
                {
                    ClientId = "client_id",
                    ClientProtocol = "samlp",
                    ClientAuthorizeQuery = "type=code&timeout=30",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsSigningKeyArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsDecryptionKeyArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsIdpInitiatedArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // This is an example of a SAML connection.
            var samlp = new Connection("samlp", ConnectionArgs.builder()
                .name("SAML-Connection")
                .strategy("samlp")
                .options(ConnectionOptionsArgs.builder()
                    .debug(false)
                    .signingCert("<signing-certificate>")
                    .signInEndpoint("https://saml.provider/sign_in")
                    .signOutEndpoint("https://saml.provider/sign_out")
                    .disableSignOut(true)
                    .strategyVersion(2)
                    .tenantDomain("example.com")
                    .domainAliases(                
                        "example.com",
                        "alias.example.com")
                    .protocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")
                    .requestTemplate("""
    <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
    @@AssertServiceURLAndDestination@@
        ID="@@ID@@"
        IssueInstant="@@IssueInstant@@"
        ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
        <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
    </samlp:AuthnRequest>                """)
                    .userIdAttribute("https://saml.provider/imi/ns/identity-200810")
                    .signatureAlgorithm("rsa-sha256")
                    .digestAlgorithm("sha256")
                    .iconUrl("https://saml.provider/assets/logo.png")
                    .entityId("<entity_id>")
                    .metadataXml("""
        <?xml version="1.0"?>
        <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
          <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
            <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
            <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
          </md:IDPSSODescriptor>
        </md:EntityDescriptor>
                    """)
                    .metadataUrl("https://saml.provider/imi/ns/FederationMetadata.xml")
                    .fieldsMap(serializeJson(
                        jsonObject(
                            jsonProperty("name", jsonArray(
                                "name", 
                                "nameidentifier"
                            )),
                            jsonProperty("email", jsonArray(
                                "emailaddress", 
                                "nameidentifier"
                            )),
                            jsonProperty("family_name", "surname")
                        )))
                    .signingKey(ConnectionOptionsSigningKeyArgs.builder()
                        .key("""
    -----BEGIN PRIVATE KEY-----
    ...{your private key here}...
    -----END PRIVATE KEY-----                    """)
                        .cert("""
    -----BEGIN CERTIFICATE-----
    ...{your public key cert here}...
    -----END CERTIFICATE-----                    """)
                        .build())
                    .decryptionKey(ConnectionOptionsDecryptionKeyArgs.builder()
                        .key("""
    -----BEGIN PRIVATE KEY-----
    ...{your private key here}...
    -----END PRIVATE KEY-----                    """)
                        .cert("""
    -----BEGIN CERTIFICATE-----
    ...{your public key cert here}...
    -----END CERTIFICATE-----                    """)
                        .build())
                    .idpInitiated(ConnectionOptionsIdpInitiatedArgs.builder()
                        .clientId("client_id")
                        .clientProtocol("samlp")
                        .clientAuthorizeQuery("type=code&timeout=30")
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      # This is an example of a SAML connection.
      samlp:
        type: auth0:Connection
        properties:
          name: SAML-Connection
          strategy: samlp
          options:
            debug: false
            signingCert: <signing-certificate>
            signInEndpoint: https://saml.provider/sign_in
            signOutEndpoint: https://saml.provider/sign_out
            disableSignOut: true
            strategyVersion: 2
            tenantDomain: example.com
            domainAliases:
              - example.com
              - alias.example.com
            protocolBinding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
            requestTemplate: |-
              <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
              @@AssertServiceURLAndDestination@@
                  ID="@@ID@@"
                  IssueInstant="@@IssueInstant@@"
                  ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
                  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
              </samlp:AuthnRequest>          
            userIdAttribute: https://saml.provider/imi/ns/identity-200810
            signatureAlgorithm: rsa-sha256
            digestAlgorithm: sha256
            iconUrl: https://saml.provider/assets/logo.png
            entityId: <entity_id>
            metadataXml: |2
                  <?xml version="1.0"?>
                  <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
                    <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
                      <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
                      <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
                    </md:IDPSSODescriptor>
                  </md:EntityDescriptor>
            metadataUrl: https://saml.provider/imi/ns/FederationMetadata.xml
            fieldsMap:
              fn::toJSON:
                name:
                  - name
                  - nameidentifier
                email:
                  - emailaddress
                  - nameidentifier
                family_name: surname
            signingKey:
              key: |-
                -----BEGIN PRIVATE KEY-----
                ...{your private key here}...
                -----END PRIVATE KEY-----            
              cert: |-
                -----BEGIN CERTIFICATE-----
                ...{your public key cert here}...
                -----END CERTIFICATE-----            
            decryptionKey:
              key: |-
                -----BEGIN PRIVATE KEY-----
                ...{your private key here}...
                -----END PRIVATE KEY-----            
              cert: |-
                -----BEGIN CERTIFICATE-----
                ...{your public key cert here}...
                -----END CERTIFICATE-----            
            idpInitiated:
              clientId: client_id
              clientProtocol: samlp
              clientAuthorizeQuery: type=code&timeout=30
    

    WindowsLive Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    // This is an example of a WindowsLive connection.
    const windowslive = new auth0.Connection("windowslive", {
        name: "Windowslive-Connection",
        strategy: "windowslive",
        options: {
            clientId: "<client-id>",
            clientSecret: "<client-secret>",
            strategyVersion: 2,
            scopes: [
                "signin",
                "graph_user",
            ],
            setUserRootAttributes: "on_first_login",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
        },
    });
    
    import pulumi
    import pulumi_auth0 as auth0
    
    # This is an example of a WindowsLive connection.
    windowslive = auth0.Connection("windowslive",
        name="Windowslive-Connection",
        strategy="windowslive",
        options={
            "client_id": "<client-id>",
            "client_secret": "<client-secret>",
            "strategy_version": 2,
            "scopes": [
                "signin",
                "graph_user",
            ],
            "set_user_root_attributes": "on_first_login",
            "non_persistent_attrs": [
                "ethnicity",
                "gender",
            ],
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// This is an example of a WindowsLive connection.
    		_, err := auth0.NewConnection(ctx, "windowslive", &auth0.ConnectionArgs{
    			Name:     pulumi.String("Windowslive-Connection"),
    			Strategy: pulumi.String("windowslive"),
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:        pulumi.String("<client-id>"),
    				ClientSecret:    pulumi.String("<client-secret>"),
    				StrategyVersion: pulumi.Int(2),
    				Scopes: pulumi.StringArray{
    					pulumi.String("signin"),
    					pulumi.String("graph_user"),
    				},
    				SetUserRootAttributes: pulumi.String("on_first_login"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        // This is an example of a WindowsLive connection.
        var windowslive = new Auth0.Connection("windowslive", new()
        {
            Name = "Windowslive-Connection",
            Strategy = "windowslive",
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "<client-id>",
                ClientSecret = "<client-secret>",
                StrategyVersion = 2,
                Scopes = new[]
                {
                    "signin",
                    "graph_user",
                },
                SetUserRootAttributes = "on_first_login",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // This is an example of a WindowsLive connection.
            var windowslive = new Connection("windowslive", ConnectionArgs.builder()
                .name("Windowslive-Connection")
                .strategy("windowslive")
                .options(ConnectionOptionsArgs.builder()
                    .clientId("<client-id>")
                    .clientSecret("<client-secret>")
                    .strategyVersion(2)
                    .scopes(                
                        "signin",
                        "graph_user")
                    .setUserRootAttributes("on_first_login")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .build())
                .build());
    
        }
    }
    
    resources:
      # This is an example of a WindowsLive connection.
      windowslive:
        type: auth0:Connection
        properties:
          name: Windowslive-Connection
          strategy: windowslive
          options:
            clientId: <client-id>
            clientSecret: <client-secret>
            strategyVersion: 2
            scopes:
              - signin
              - graph_user
            setUserRootAttributes: on_first_login
            nonPersistentAttrs:
              - ethnicity
              - gender
    

    OIDC Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    // This is an example of an OIDC connection.
    const oidc = new auth0.Connection("oidc", {
        name: "oidc-connection",
        displayName: "OIDC Connection",
        strategy: "oidc",
        showAsButton: false,
        options: {
            clientId: "1234567",
            clientSecret: "1234567",
            domainAliases: ["example.com"],
            tenantDomain: "",
            iconUrl: "https://example.com/assets/logo.png",
            type: "back_channel",
            issuer: "https://www.paypalobjects.com",
            jwksUri: "https://api.paypal.com/v1/oauth2/certs",
            discoveryUrl: "https://www.paypalobjects.com/.well-known/openid-configuration",
            tokenEndpoint: "https://api.paypal.com/v1/oauth2/token",
            userinfoEndpoint: "https://api.paypal.com/v1/oauth2/token/userinfo",
            authorizationEndpoint: "https://www.paypal.com/signin/authorize",
            scopes: [
                "openid",
                "email",
            ],
            setUserRootAttributes: "on_first_login",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
            connectionSettings: {
                pkce: "auto",
            },
            attributeMap: {
                mappingMode: "use_map",
                userinfoScope: "openid email profile groups",
                attributes: JSON.stringify({
                    name: "${context.tokenset.name}",
                    email: "${context.tokenset.email}",
                    email_verified: "${context.tokenset.email_verified}",
                    nickname: "${context.tokenset.nickname}",
                    picture: "${context.tokenset.picture}",
                    given_name: "${context.tokenset.given_name}",
                    family_name: "${context.tokenset.family_name}",
                }),
            },
        },
    });
    
    import pulumi
    import json
    import pulumi_auth0 as auth0
    
    # This is an example of an OIDC connection.
    oidc = auth0.Connection("oidc",
        name="oidc-connection",
        display_name="OIDC Connection",
        strategy="oidc",
        show_as_button=False,
        options={
            "client_id": "1234567",
            "client_secret": "1234567",
            "domain_aliases": ["example.com"],
            "tenant_domain": "",
            "icon_url": "https://example.com/assets/logo.png",
            "type": "back_channel",
            "issuer": "https://www.paypalobjects.com",
            "jwks_uri": "https://api.paypal.com/v1/oauth2/certs",
            "discovery_url": "https://www.paypalobjects.com/.well-known/openid-configuration",
            "token_endpoint": "https://api.paypal.com/v1/oauth2/token",
            "userinfo_endpoint": "https://api.paypal.com/v1/oauth2/token/userinfo",
            "authorization_endpoint": "https://www.paypal.com/signin/authorize",
            "scopes": [
                "openid",
                "email",
            ],
            "set_user_root_attributes": "on_first_login",
            "non_persistent_attrs": [
                "ethnicity",
                "gender",
            ],
            "connection_settings": {
                "pkce": "auto",
            },
            "attribute_map": {
                "mapping_mode": "use_map",
                "userinfo_scope": "openid email profile groups",
                "attributes": json.dumps({
                    "name": "${context.tokenset.name}",
                    "email": "${context.tokenset.email}",
                    "email_verified": "${context.tokenset.email_verified}",
                    "nickname": "${context.tokenset.nickname}",
                    "picture": "${context.tokenset.picture}",
                    "given_name": "${context.tokenset.given_name}",
                    "family_name": "${context.tokenset.family_name}",
                }),
            },
        })
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"name":           "${context.tokenset.name}",
    			"email":          "${context.tokenset.email}",
    			"email_verified": "${context.tokenset.email_verified}",
    			"nickname":       "${context.tokenset.nickname}",
    			"picture":        "${context.tokenset.picture}",
    			"given_name":     "${context.tokenset.given_name}",
    			"family_name":    "${context.tokenset.family_name}",
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		// This is an example of an OIDC connection.
    		_, err = auth0.NewConnection(ctx, "oidc", &auth0.ConnectionArgs{
    			Name:         pulumi.String("oidc-connection"),
    			DisplayName:  pulumi.String("OIDC Connection"),
    			Strategy:     pulumi.String("oidc"),
    			ShowAsButton: pulumi.Bool(false),
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:     pulumi.String("1234567"),
    				ClientSecret: pulumi.String("1234567"),
    				DomainAliases: pulumi.StringArray{
    					pulumi.String("example.com"),
    				},
    				TenantDomain:          pulumi.String(""),
    				IconUrl:               pulumi.String("https://example.com/assets/logo.png"),
    				Type:                  pulumi.String("back_channel"),
    				Issuer:                pulumi.String("https://www.paypalobjects.com"),
    				JwksUri:               pulumi.String("https://api.paypal.com/v1/oauth2/certs"),
    				DiscoveryUrl:          pulumi.String("https://www.paypalobjects.com/.well-known/openid-configuration"),
    				TokenEndpoint:         pulumi.String("https://api.paypal.com/v1/oauth2/token"),
    				UserinfoEndpoint:      pulumi.String("https://api.paypal.com/v1/oauth2/token/userinfo"),
    				AuthorizationEndpoint: pulumi.String("https://www.paypal.com/signin/authorize"),
    				Scopes: pulumi.StringArray{
    					pulumi.String("openid"),
    					pulumi.String("email"),
    				},
    				SetUserRootAttributes: pulumi.String("on_first_login"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    				ConnectionSettings: &auth0.ConnectionOptionsConnectionSettingsArgs{
    					Pkce: pulumi.String("auto"),
    				},
    				AttributeMap: &auth0.ConnectionOptionsAttributeMapArgs{
    					MappingMode:   pulumi.String("use_map"),
    					UserinfoScope: pulumi.String("openid email profile groups"),
    					Attributes:    pulumi.String(json0),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        // This is an example of an OIDC connection.
        var oidc = new Auth0.Connection("oidc", new()
        {
            Name = "oidc-connection",
            DisplayName = "OIDC Connection",
            Strategy = "oidc",
            ShowAsButton = false,
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "1234567",
                ClientSecret = "1234567",
                DomainAliases = new[]
                {
                    "example.com",
                },
                TenantDomain = "",
                IconUrl = "https://example.com/assets/logo.png",
                Type = "back_channel",
                Issuer = "https://www.paypalobjects.com",
                JwksUri = "https://api.paypal.com/v1/oauth2/certs",
                DiscoveryUrl = "https://www.paypalobjects.com/.well-known/openid-configuration",
                TokenEndpoint = "https://api.paypal.com/v1/oauth2/token",
                UserinfoEndpoint = "https://api.paypal.com/v1/oauth2/token/userinfo",
                AuthorizationEndpoint = "https://www.paypal.com/signin/authorize",
                Scopes = new[]
                {
                    "openid",
                    "email",
                },
                SetUserRootAttributes = "on_first_login",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
                ConnectionSettings = new Auth0.Inputs.ConnectionOptionsConnectionSettingsArgs
                {
                    Pkce = "auto",
                },
                AttributeMap = new Auth0.Inputs.ConnectionOptionsAttributeMapArgs
                {
                    MappingMode = "use_map",
                    UserinfoScope = "openid email profile groups",
                    Attributes = JsonSerializer.Serialize(new Dictionary<string, object?>
                    {
                        ["name"] = "${context.tokenset.name}",
                        ["email"] = "${context.tokenset.email}",
                        ["email_verified"] = "${context.tokenset.email_verified}",
                        ["nickname"] = "${context.tokenset.nickname}",
                        ["picture"] = "${context.tokenset.picture}",
                        ["given_name"] = "${context.tokenset.given_name}",
                        ["family_name"] = "${context.tokenset.family_name}",
                    }),
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsConnectionSettingsArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsAttributeMapArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // This is an example of an OIDC connection.
            var oidc = new Connection("oidc", ConnectionArgs.builder()
                .name("oidc-connection")
                .displayName("OIDC Connection")
                .strategy("oidc")
                .showAsButton(false)
                .options(ConnectionOptionsArgs.builder()
                    .clientId("1234567")
                    .clientSecret("1234567")
                    .domainAliases("example.com")
                    .tenantDomain("")
                    .iconUrl("https://example.com/assets/logo.png")
                    .type("back_channel")
                    .issuer("https://www.paypalobjects.com")
                    .jwksUri("https://api.paypal.com/v1/oauth2/certs")
                    .discoveryUrl("https://www.paypalobjects.com/.well-known/openid-configuration")
                    .tokenEndpoint("https://api.paypal.com/v1/oauth2/token")
                    .userinfoEndpoint("https://api.paypal.com/v1/oauth2/token/userinfo")
                    .authorizationEndpoint("https://www.paypal.com/signin/authorize")
                    .scopes(                
                        "openid",
                        "email")
                    .setUserRootAttributes("on_first_login")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .connectionSettings(ConnectionOptionsConnectionSettingsArgs.builder()
                        .pkce("auto")
                        .build())
                    .attributeMap(ConnectionOptionsAttributeMapArgs.builder()
                        .mappingMode("use_map")
                        .userinfoScope("openid email profile groups")
                        .attributes(serializeJson(
                            jsonObject(
                                jsonProperty("name", "${context.tokenset.name}"),
                                jsonProperty("email", "${context.tokenset.email}"),
                                jsonProperty("email_verified", "${context.tokenset.email_verified}"),
                                jsonProperty("nickname", "${context.tokenset.nickname}"),
                                jsonProperty("picture", "${context.tokenset.picture}"),
                                jsonProperty("given_name", "${context.tokenset.given_name}"),
                                jsonProperty("family_name", "${context.tokenset.family_name}")
                            )))
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      # This is an example of an OIDC connection.
      oidc:
        type: auth0:Connection
        properties:
          name: oidc-connection
          displayName: OIDC Connection
          strategy: oidc
          showAsButton: false
          options:
            clientId: '1234567'
            clientSecret: '1234567'
            domainAliases:
              - example.com
            tenantDomain: ""
            iconUrl: https://example.com/assets/logo.png
            type: back_channel
            issuer: https://www.paypalobjects.com
            jwksUri: https://api.paypal.com/v1/oauth2/certs
            discoveryUrl: https://www.paypalobjects.com/.well-known/openid-configuration
            tokenEndpoint: https://api.paypal.com/v1/oauth2/token
            userinfoEndpoint: https://api.paypal.com/v1/oauth2/token/userinfo
            authorizationEndpoint: https://www.paypal.com/signin/authorize
            scopes:
              - openid
              - email
            setUserRootAttributes: on_first_login
            nonPersistentAttrs:
              - ethnicity
              - gender
            connectionSettings:
              pkce: auto
            attributeMap:
              mappingMode: use_map
              userinfoScope: openid email profile groups
              attributes:
                fn::toJSON:
                  name: $${context.tokenset.name}
                  email: $${context.tokenset.email}
                  email_verified: $${context.tokenset.email_verified}
                  nickname: $${context.tokenset.nickname}
                  picture: $${context.tokenset.picture}
                  given_name: $${context.tokenset.given_name}
                  family_name: $${context.tokenset.family_name}
    

    Okta Connection

    import * as pulumi from "@pulumi/pulumi";
    import * as auth0 from "@pulumi/auth0";
    
    // This is an example of an Okta Workforce connection.
    const okta = new auth0.Connection("okta", {
        name: "okta-connection",
        displayName: "Okta Workforce Connection",
        strategy: "okta",
        showAsButton: false,
        options: {
            clientId: "1234567",
            clientSecret: "1234567",
            domain: "example.okta.com",
            domainAliases: ["example.com"],
            issuer: "https://example.okta.com",
            jwksUri: "https://example.okta.com/oauth2/v1/keys",
            tokenEndpoint: "https://example.okta.com/oauth2/v1/token",
            userinfoEndpoint: "https://example.okta.com/oauth2/v1/userinfo",
            authorizationEndpoint: "https://example.okta.com/oauth2/v1/authorize",
            scopes: [
                "openid",
                "email",
            ],
            setUserRootAttributes: "on_first_login",
            nonPersistentAttrs: [
                "ethnicity",
                "gender",
            ],
            upstreamParams: JSON.stringify({
                screen_name: {
                    alias: "login_hint",
                },
            }),
            connectionSettings: {
                pkce: "auto",
            },
            attributeMap: {
                mappingMode: "basic_profile",
                userinfoScope: "openid email profile groups",
                attributes: JSON.stringify({
                    name: "${context.tokenset.name}",
                    email: "${context.tokenset.email}",
                    email_verified: "${context.tokenset.email_verified}",
                    nickname: "${context.tokenset.nickname}",
                    picture: "${context.tokenset.picture}",
                    given_name: "${context.tokenset.given_name}",
                    family_name: "${context.tokenset.family_name}",
                }),
            },
        },
    });
    
    import pulumi
    import json
    import pulumi_auth0 as auth0
    
    # This is an example of an Okta Workforce connection.
    okta = auth0.Connection("okta",
        name="okta-connection",
        display_name="Okta Workforce Connection",
        strategy="okta",
        show_as_button=False,
        options={
            "client_id": "1234567",
            "client_secret": "1234567",
            "domain": "example.okta.com",
            "domain_aliases": ["example.com"],
            "issuer": "https://example.okta.com",
            "jwks_uri": "https://example.okta.com/oauth2/v1/keys",
            "token_endpoint": "https://example.okta.com/oauth2/v1/token",
            "userinfo_endpoint": "https://example.okta.com/oauth2/v1/userinfo",
            "authorization_endpoint": "https://example.okta.com/oauth2/v1/authorize",
            "scopes": [
                "openid",
                "email",
            ],
            "set_user_root_attributes": "on_first_login",
            "non_persistent_attrs": [
                "ethnicity",
                "gender",
            ],
            "upstream_params": json.dumps({
                "screen_name": {
                    "alias": "login_hint",
                },
            }),
            "connection_settings": {
                "pkce": "auto",
            },
            "attribute_map": {
                "mapping_mode": "basic_profile",
                "userinfo_scope": "openid email profile groups",
                "attributes": json.dumps({
                    "name": "${context.tokenset.name}",
                    "email": "${context.tokenset.email}",
                    "email_verified": "${context.tokenset.email_verified}",
                    "nickname": "${context.tokenset.nickname}",
                    "picture": "${context.tokenset.picture}",
                    "given_name": "${context.tokenset.given_name}",
                    "family_name": "${context.tokenset.family_name}",
                }),
            },
        })
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"screen_name": map[string]interface{}{
    				"alias": "login_hint",
    			},
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		tmpJSON1, err := json.Marshal(map[string]interface{}{
    			"name":           "${context.tokenset.name}",
    			"email":          "${context.tokenset.email}",
    			"email_verified": "${context.tokenset.email_verified}",
    			"nickname":       "${context.tokenset.nickname}",
    			"picture":        "${context.tokenset.picture}",
    			"given_name":     "${context.tokenset.given_name}",
    			"family_name":    "${context.tokenset.family_name}",
    		})
    		if err != nil {
    			return err
    		}
    		json1 := string(tmpJSON1)
    		// This is an example of an Okta Workforce connection.
    		_, err = auth0.NewConnection(ctx, "okta", &auth0.ConnectionArgs{
    			Name:         pulumi.String("okta-connection"),
    			DisplayName:  pulumi.String("Okta Workforce Connection"),
    			Strategy:     pulumi.String("okta"),
    			ShowAsButton: pulumi.Bool(false),
    			Options: &auth0.ConnectionOptionsArgs{
    				ClientId:     pulumi.String("1234567"),
    				ClientSecret: pulumi.String("1234567"),
    				Domain:       pulumi.String("example.okta.com"),
    				DomainAliases: pulumi.StringArray{
    					pulumi.String("example.com"),
    				},
    				Issuer:                pulumi.String("https://example.okta.com"),
    				JwksUri:               pulumi.String("https://example.okta.com/oauth2/v1/keys"),
    				TokenEndpoint:         pulumi.String("https://example.okta.com/oauth2/v1/token"),
    				UserinfoEndpoint:      pulumi.String("https://example.okta.com/oauth2/v1/userinfo"),
    				AuthorizationEndpoint: pulumi.String("https://example.okta.com/oauth2/v1/authorize"),
    				Scopes: pulumi.StringArray{
    					pulumi.String("openid"),
    					pulumi.String("email"),
    				},
    				SetUserRootAttributes: pulumi.String("on_first_login"),
    				NonPersistentAttrs: pulumi.StringArray{
    					pulumi.String("ethnicity"),
    					pulumi.String("gender"),
    				},
    				UpstreamParams: pulumi.String(json0),
    				ConnectionSettings: &auth0.ConnectionOptionsConnectionSettingsArgs{
    					Pkce: pulumi.String("auto"),
    				},
    				AttributeMap: &auth0.ConnectionOptionsAttributeMapArgs{
    					MappingMode:   pulumi.String("basic_profile"),
    					UserinfoScope: pulumi.String("openid email profile groups"),
    					Attributes:    pulumi.String(json1),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Auth0 = Pulumi.Auth0;
    
    return await Deployment.RunAsync(() => 
    {
        // This is an example of an Okta Workforce connection.
        var okta = new Auth0.Connection("okta", new()
        {
            Name = "okta-connection",
            DisplayName = "Okta Workforce Connection",
            Strategy = "okta",
            ShowAsButton = false,
            Options = new Auth0.Inputs.ConnectionOptionsArgs
            {
                ClientId = "1234567",
                ClientSecret = "1234567",
                Domain = "example.okta.com",
                DomainAliases = new[]
                {
                    "example.com",
                },
                Issuer = "https://example.okta.com",
                JwksUri = "https://example.okta.com/oauth2/v1/keys",
                TokenEndpoint = "https://example.okta.com/oauth2/v1/token",
                UserinfoEndpoint = "https://example.okta.com/oauth2/v1/userinfo",
                AuthorizationEndpoint = "https://example.okta.com/oauth2/v1/authorize",
                Scopes = new[]
                {
                    "openid",
                    "email",
                },
                SetUserRootAttributes = "on_first_login",
                NonPersistentAttrs = new[]
                {
                    "ethnicity",
                    "gender",
                },
                UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
                {
                    ["screen_name"] = new Dictionary<string, object?>
                    {
                        ["alias"] = "login_hint",
                    },
                }),
                ConnectionSettings = new Auth0.Inputs.ConnectionOptionsConnectionSettingsArgs
                {
                    Pkce = "auto",
                },
                AttributeMap = new Auth0.Inputs.ConnectionOptionsAttributeMapArgs
                {
                    MappingMode = "basic_profile",
                    UserinfoScope = "openid email profile groups",
                    Attributes = JsonSerializer.Serialize(new Dictionary<string, object?>
                    {
                        ["name"] = "${context.tokenset.name}",
                        ["email"] = "${context.tokenset.email}",
                        ["email_verified"] = "${context.tokenset.email_verified}",
                        ["nickname"] = "${context.tokenset.nickname}",
                        ["picture"] = "${context.tokenset.picture}",
                        ["given_name"] = "${context.tokenset.given_name}",
                        ["family_name"] = "${context.tokenset.family_name}",
                    }),
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.auth0.Connection;
    import com.pulumi.auth0.ConnectionArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsConnectionSettingsArgs;
    import com.pulumi.auth0.inputs.ConnectionOptionsAttributeMapArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // This is an example of an Okta Workforce connection.
            var okta = new Connection("okta", ConnectionArgs.builder()
                .name("okta-connection")
                .displayName("Okta Workforce Connection")
                .strategy("okta")
                .showAsButton(false)
                .options(ConnectionOptionsArgs.builder()
                    .clientId("1234567")
                    .clientSecret("1234567")
                    .domain("example.okta.com")
                    .domainAliases("example.com")
                    .issuer("https://example.okta.com")
                    .jwksUri("https://example.okta.com/oauth2/v1/keys")
                    .tokenEndpoint("https://example.okta.com/oauth2/v1/token")
                    .userinfoEndpoint("https://example.okta.com/oauth2/v1/userinfo")
                    .authorizationEndpoint("https://example.okta.com/oauth2/v1/authorize")
                    .scopes(                
                        "openid",
                        "email")
                    .setUserRootAttributes("on_first_login")
                    .nonPersistentAttrs(                
                        "ethnicity",
                        "gender")
                    .upstreamParams(serializeJson(
                        jsonObject(
                            jsonProperty("screen_name", jsonObject(
                                jsonProperty("alias", "login_hint")
                            ))
                        )))
                    .connectionSettings(ConnectionOptionsConnectionSettingsArgs.builder()
                        .pkce("auto")
                        .build())
                    .attributeMap(ConnectionOptionsAttributeMapArgs.builder()
                        .mappingMode("basic_profile")
                        .userinfoScope("openid email profile groups")
                        .attributes(serializeJson(
                            jsonObject(
                                jsonProperty("name", "${context.tokenset.name}"),
                                jsonProperty("email", "${context.tokenset.email}"),
                                jsonProperty("email_verified", "${context.tokenset.email_verified}"),
                                jsonProperty("nickname", "${context.tokenset.nickname}"),
                                jsonProperty("picture", "${context.tokenset.picture}"),
                                jsonProperty("given_name", "${context.tokenset.given_name}"),
                                jsonProperty("family_name", "${context.tokenset.family_name}")
                            )))
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      # This is an example of an Okta Workforce connection.
      okta:
        type: auth0:Connection
        properties:
          name: okta-connection
          displayName: Okta Workforce Connection
          strategy: okta
          showAsButton: false
          options:
            clientId: '1234567'
            clientSecret: '1234567'
            domain: example.okta.com
            domainAliases:
              - example.com
            issuer: https://example.okta.com
            jwksUri: https://example.okta.com/oauth2/v1/keys
            tokenEndpoint: https://example.okta.com/oauth2/v1/token
            userinfoEndpoint: https://example.okta.com/oauth2/v1/userinfo
            authorizationEndpoint: https://example.okta.com/oauth2/v1/authorize
            scopes:
              - openid
              - email
            setUserRootAttributes: on_first_login
            nonPersistentAttrs:
              - ethnicity
              - gender
            upstreamParams:
              fn::toJSON:
                screen_name:
                  alias: login_hint
            connectionSettings:
              pkce: auto
            attributeMap:
              mappingMode: basic_profile
              userinfoScope: openid email profile groups
              attributes:
                fn::toJSON:
                  name: $${context.tokenset.name}
                  email: $${context.tokenset.email}
                  email_verified: $${context.tokenset.email_verified}
                  nickname: $${context.tokenset.nickname}
                  picture: $${context.tokenset.picture}
                  given_name: $${context.tokenset.given_name}
                  family_name: $${context.tokenset.family_name}
    

    Create Connection Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);
    @overload
    def Connection(resource_name: str,
                   args: ConnectionArgs,
                   opts: Optional[ResourceOptions] = None)
    
    @overload
    def Connection(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   strategy: Optional[str] = None,
                   display_name: Optional[str] = None,
                   is_domain_connection: Optional[bool] = None,
                   metadata: Optional[Mapping[str, str]] = None,
                   name: Optional[str] = None,
                   options: Optional[ConnectionOptionsArgs] = None,
                   realms: Optional[Sequence[str]] = None,
                   show_as_button: Optional[bool] = None)
    func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)
    public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)
    public Connection(String name, ConnectionArgs args)
    public Connection(String name, ConnectionArgs args, CustomResourceOptions options)
    
    type: auth0:Connection
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ConnectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ConnectionArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ConnectionArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ConnectionArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ConnectionArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var connectionResource = new Auth0.Connection("connectionResource", new()
    {
        Strategy = "string",
        DisplayName = "string",
        IsDomainConnection = false,
        Metadata = 
        {
            { "string", "string" },
        },
        Name = "string",
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            AdfsServer = "string",
            AllowedAudiences = new[]
            {
                "string",
            },
            ApiEnableUsers = false,
            AppId = "string",
            AttributeMap = new Auth0.Inputs.ConnectionOptionsAttributeMapArgs
            {
                MappingMode = "string",
                Attributes = "string",
                UserinfoScope = "string",
            },
            Attributes = new[]
            {
                new Auth0.Inputs.ConnectionOptionsAttributeArgs
                {
                    Emails = new[]
                    {
                        new Auth0.Inputs.ConnectionOptionsAttributeEmailArgs
                        {
                            Identifiers = new[]
                            {
                                new Auth0.Inputs.ConnectionOptionsAttributeEmailIdentifierArgs
                                {
                                    Active = false,
                                },
                            },
                            ProfileRequired = false,
                            Signups = new[]
                            {
                                new Auth0.Inputs.ConnectionOptionsAttributeEmailSignupArgs
                                {
                                    Status = "string",
                                    Verifications = new[]
                                    {
                                        new Auth0.Inputs.ConnectionOptionsAttributeEmailSignupVerificationArgs
                                        {
                                            Active = false,
                                        },
                                    },
                                },
                            },
                        },
                    },
                    PhoneNumbers = new[]
                    {
                        new Auth0.Inputs.ConnectionOptionsAttributePhoneNumberArgs
                        {
                            Identifiers = new[]
                            {
                                new Auth0.Inputs.ConnectionOptionsAttributePhoneNumberIdentifierArgs
                                {
                                    Active = false,
                                },
                            },
                            ProfileRequired = false,
                            Signups = new[]
                            {
                                new Auth0.Inputs.ConnectionOptionsAttributePhoneNumberSignupArgs
                                {
                                    Status = "string",
                                    Verifications = new[]
                                    {
                                        new Auth0.Inputs.ConnectionOptionsAttributePhoneNumberSignupVerificationArgs
                                        {
                                            Active = false,
                                        },
                                    },
                                },
                            },
                        },
                    },
                    Usernames = new[]
                    {
                        new Auth0.Inputs.ConnectionOptionsAttributeUsernameArgs
                        {
                            Identifiers = new[]
                            {
                                new Auth0.Inputs.ConnectionOptionsAttributeUsernameIdentifierArgs
                                {
                                    Active = false,
                                },
                            },
                            ProfileRequired = false,
                            Signups = new[]
                            {
                                new Auth0.Inputs.ConnectionOptionsAttributeUsernameSignupArgs
                                {
                                    Status = "string",
                                },
                            },
                            Validations = new[]
                            {
                                new Auth0.Inputs.ConnectionOptionsAttributeUsernameValidationArgs
                                {
                                    AllowedTypes = new[]
                                    {
                                        new Auth0.Inputs.ConnectionOptionsAttributeUsernameValidationAllowedTypeArgs
                                        {
                                            Email = false,
                                            PhoneNumber = false,
                                        },
                                    },
                                    MaxLength = 0,
                                    MinLength = 0,
                                },
                            },
                        },
                    },
                },
            },
            AuthParams = 
            {
                { "string", "string" },
            },
            AuthorizationEndpoint = "string",
            BruteForceProtection = false,
            ClientId = "string",
            ClientSecret = "string",
            CommunityBaseUrl = "string",
            Configuration = 
            {
                { "string", "string" },
            },
            ConnectionSettings = new Auth0.Inputs.ConnectionOptionsConnectionSettingsArgs
            {
                Pkce = "string",
            },
            CustomScripts = 
            {
                { "string", "string" },
            },
            Debug = false,
            DecryptionKey = new Auth0.Inputs.ConnectionOptionsDecryptionKeyArgs
            {
                Cert = "string",
                Key = "string",
            },
            DigestAlgorithm = "string",
            DisableCache = false,
            DisableSelfServiceChangePassword = false,
            DisableSignOut = false,
            DisableSignup = false,
            DiscoveryUrl = "string",
            Domain = "string",
            DomainAliases = new[]
            {
                "string",
            },
            EnableScriptContext = false,
            EnabledDatabaseCustomization = false,
            EntityId = "string",
            FedMetadataXml = "string",
            FieldsMap = "string",
            ForwardRequestInfo = false,
            From = "string",
            GatewayAuthentication = new Auth0.Inputs.ConnectionOptionsGatewayAuthenticationArgs
            {
                Audience = "string",
                Method = "string",
                Secret = "string",
                SecretBase64Encoded = false,
                Subject = "string",
            },
            GatewayUrl = "string",
            IconUrl = "string",
            IdentityApi = "string",
            IdpInitiated = new Auth0.Inputs.ConnectionOptionsIdpInitiatedArgs
            {
                ClientAuthorizeQuery = "string",
                ClientId = "string",
                ClientProtocol = "string",
            },
            ImportMode = false,
            Ips = new[]
            {
                "string",
            },
            Issuer = "string",
            JwksUri = "string",
            KeyId = "string",
            MapUserIdToId = false,
            MaxGroupsToRetrieve = "string",
            MessagingServiceSid = "string",
            MetadataUrl = "string",
            MetadataXml = "string",
            Mfa = new Auth0.Inputs.ConnectionOptionsMfaArgs
            {
                Active = false,
                ReturnEnrollSettings = false,
            },
            Name = "string",
            NonPersistentAttrs = new[]
            {
                "string",
            },
            PasswordComplexityOptions = new Auth0.Inputs.ConnectionOptionsPasswordComplexityOptionsArgs
            {
                MinLength = 0,
            },
            PasswordDictionary = new Auth0.Inputs.ConnectionOptionsPasswordDictionaryArgs
            {
                Dictionaries = new[]
                {
                    "string",
                },
                Enable = false,
            },
            PasswordHistories = new[]
            {
                new Auth0.Inputs.ConnectionOptionsPasswordHistoryArgs
                {
                    Enable = false,
                    Size = 0,
                },
            },
            PasswordNoPersonalInfo = new Auth0.Inputs.ConnectionOptionsPasswordNoPersonalInfoArgs
            {
                Enable = false,
            },
            PasswordPolicy = "string",
            PingFederateBaseUrl = "string",
            PkceEnabled = false,
            Precedences = new[]
            {
                "string",
            },
            ProtocolBinding = "string",
            Provider = "string",
            RequestTemplate = "string",
            RequiresUsername = false,
            Scopes = new[]
            {
                "string",
            },
            Scripts = 
            {
                { "string", "string" },
            },
            SetUserRootAttributes = "string",
            ShouldTrustEmailVerifiedConnection = "string",
            SignInEndpoint = "string",
            SignOutEndpoint = "string",
            SignSamlRequest = false,
            SignatureAlgorithm = "string",
            SigningCert = "string",
            SigningKey = new Auth0.Inputs.ConnectionOptionsSigningKeyArgs
            {
                Cert = "string",
                Key = "string",
            },
            StrategyVersion = 0,
            Subject = "string",
            Syntax = "string",
            TeamId = "string",
            Template = "string",
            TenantDomain = "string",
            TokenEndpoint = "string",
            Totp = new Auth0.Inputs.ConnectionOptionsTotpArgs
            {
                Length = 0,
                TimeStep = 0,
            },
            TwilioSid = "string",
            TwilioToken = "string",
            Type = "string",
            UpstreamParams = "string",
            UseCertAuth = false,
            UseKerberos = false,
            UseWsfed = false,
            UserIdAttribute = "string",
            UserinfoEndpoint = "string",
            Validation = new Auth0.Inputs.ConnectionOptionsValidationArgs
            {
                Username = new Auth0.Inputs.ConnectionOptionsValidationUsernameArgs
                {
                    Max = 0,
                    Min = 0,
                },
            },
            WaadCommonEndpoint = false,
            WaadProtocol = "string",
        },
        Realms = new[]
        {
            "string",
        },
        ShowAsButton = false,
    });
    
    example, err := auth0.NewConnection(ctx, "connectionResource", &auth0.ConnectionArgs{
    	Strategy:           pulumi.String("string"),
    	DisplayName:        pulumi.String("string"),
    	IsDomainConnection: pulumi.Bool(false),
    	Metadata: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	Name: pulumi.String("string"),
    	Options: &auth0.ConnectionOptionsArgs{
    		AdfsServer: pulumi.String("string"),
    		AllowedAudiences: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ApiEnableUsers: pulumi.Bool(false),
    		AppId:          pulumi.String("string"),
    		AttributeMap: &auth0.ConnectionOptionsAttributeMapArgs{
    			MappingMode:   pulumi.String("string"),
    			Attributes:    pulumi.String("string"),
    			UserinfoScope: pulumi.String("string"),
    		},
    		Attributes: auth0.ConnectionOptionsAttributeArray{
    			&auth0.ConnectionOptionsAttributeArgs{
    				Emails: auth0.ConnectionOptionsAttributeEmailArray{
    					&auth0.ConnectionOptionsAttributeEmailArgs{
    						Identifiers: auth0.ConnectionOptionsAttributeEmailIdentifierArray{
    							&auth0.ConnectionOptionsAttributeEmailIdentifierArgs{
    								Active: pulumi.Bool(false),
    							},
    						},
    						ProfileRequired: pulumi.Bool(false),
    						Signups: auth0.ConnectionOptionsAttributeEmailSignupArray{
    							&auth0.ConnectionOptionsAttributeEmailSignupArgs{
    								Status: pulumi.String("string"),
    								Verifications: auth0.ConnectionOptionsAttributeEmailSignupVerificationArray{
    									&auth0.ConnectionOptionsAttributeEmailSignupVerificationArgs{
    										Active: pulumi.Bool(false),
    									},
    								},
    							},
    						},
    					},
    				},
    				PhoneNumbers: auth0.ConnectionOptionsAttributePhoneNumberArray{
    					&auth0.ConnectionOptionsAttributePhoneNumberArgs{
    						Identifiers: auth0.ConnectionOptionsAttributePhoneNumberIdentifierArray{
    							&auth0.ConnectionOptionsAttributePhoneNumberIdentifierArgs{
    								Active: pulumi.Bool(false),
    							},
    						},
    						ProfileRequired: pulumi.Bool(false),
    						Signups: auth0.ConnectionOptionsAttributePhoneNumberSignupArray{
    							&auth0.ConnectionOptionsAttributePhoneNumberSignupArgs{
    								Status: pulumi.String("string"),
    								Verifications: auth0.ConnectionOptionsAttributePhoneNumberSignupVerificationArray{
    									&auth0.ConnectionOptionsAttributePhoneNumberSignupVerificationArgs{
    										Active: pulumi.Bool(false),
    									},
    								},
    							},
    						},
    					},
    				},
    				Usernames: auth0.ConnectionOptionsAttributeUsernameArray{
    					&auth0.ConnectionOptionsAttributeUsernameArgs{
    						Identifiers: auth0.ConnectionOptionsAttributeUsernameIdentifierArray{
    							&auth0.ConnectionOptionsAttributeUsernameIdentifierArgs{
    								Active: pulumi.Bool(false),
    							},
    						},
    						ProfileRequired: pulumi.Bool(false),
    						Signups: auth0.ConnectionOptionsAttributeUsernameSignupArray{
    							&auth0.ConnectionOptionsAttributeUsernameSignupArgs{
    								Status: pulumi.String("string"),
    							},
    						},
    						Validations: auth0.ConnectionOptionsAttributeUsernameValidationArray{
    							&auth0.ConnectionOptionsAttributeUsernameValidationArgs{
    								AllowedTypes: auth0.ConnectionOptionsAttributeUsernameValidationAllowedTypeArray{
    									&auth0.ConnectionOptionsAttributeUsernameValidationAllowedTypeArgs{
    										Email:       pulumi.Bool(false),
    										PhoneNumber: pulumi.Bool(false),
    									},
    								},
    								MaxLength: pulumi.Int(0),
    								MinLength: pulumi.Int(0),
    							},
    						},
    					},
    				},
    			},
    		},
    		AuthParams: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    		AuthorizationEndpoint: pulumi.String("string"),
    		BruteForceProtection:  pulumi.Bool(false),
    		ClientId:              pulumi.String("string"),
    		ClientSecret:          pulumi.String("string"),
    		CommunityBaseUrl:      pulumi.String("string"),
    		Configuration: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    		ConnectionSettings: &auth0.ConnectionOptionsConnectionSettingsArgs{
    			Pkce: pulumi.String("string"),
    		},
    		CustomScripts: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    		Debug: pulumi.Bool(false),
    		DecryptionKey: &auth0.ConnectionOptionsDecryptionKeyArgs{
    			Cert: pulumi.String("string"),
    			Key:  pulumi.String("string"),
    		},
    		DigestAlgorithm:                  pulumi.String("string"),
    		DisableCache:                     pulumi.Bool(false),
    		DisableSelfServiceChangePassword: pulumi.Bool(false),
    		DisableSignOut:                   pulumi.Bool(false),
    		DisableSignup:                    pulumi.Bool(false),
    		DiscoveryUrl:                     pulumi.String("string"),
    		Domain:                           pulumi.String("string"),
    		DomainAliases: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		EnableScriptContext:          pulumi.Bool(false),
    		EnabledDatabaseCustomization: pulumi.Bool(false),
    		EntityId:                     pulumi.String("string"),
    		FedMetadataXml:               pulumi.String("string"),
    		FieldsMap:                    pulumi.String("string"),
    		ForwardRequestInfo:           pulumi.Bool(false),
    		From:                         pulumi.String("string"),
    		GatewayAuthentication: &auth0.ConnectionOptionsGatewayAuthenticationArgs{
    			Audience:            pulumi.String("string"),
    			Method:              pulumi.String("string"),
    			Secret:              pulumi.String("string"),
    			SecretBase64Encoded: pulumi.Bool(false),
    			Subject:             pulumi.String("string"),
    		},
    		GatewayUrl:  pulumi.String("string"),
    		IconUrl:     pulumi.String("string"),
    		IdentityApi: pulumi.String("string"),
    		IdpInitiated: &auth0.ConnectionOptionsIdpInitiatedArgs{
    			ClientAuthorizeQuery: pulumi.String("string"),
    			ClientId:             pulumi.String("string"),
    			ClientProtocol:       pulumi.String("string"),
    		},
    		ImportMode: pulumi.Bool(false),
    		Ips: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Issuer:              pulumi.String("string"),
    		JwksUri:             pulumi.String("string"),
    		KeyId:               pulumi.String("string"),
    		MapUserIdToId:       pulumi.Bool(false),
    		MaxGroupsToRetrieve: pulumi.String("string"),
    		MessagingServiceSid: pulumi.String("string"),
    		MetadataUrl:         pulumi.String("string"),
    		MetadataXml:         pulumi.String("string"),
    		Mfa: &auth0.ConnectionOptionsMfaArgs{
    			Active:               pulumi.Bool(false),
    			ReturnEnrollSettings: pulumi.Bool(false),
    		},
    		Name: pulumi.String("string"),
    		NonPersistentAttrs: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		PasswordComplexityOptions: &auth0.ConnectionOptionsPasswordComplexityOptionsArgs{
    			MinLength: pulumi.Int(0),
    		},
    		PasswordDictionary: &auth0.ConnectionOptionsPasswordDictionaryArgs{
    			Dictionaries: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			Enable: pulumi.Bool(false),
    		},
    		PasswordHistories: auth0.ConnectionOptionsPasswordHistoryArray{
    			&auth0.ConnectionOptionsPasswordHistoryArgs{
    				Enable: pulumi.Bool(false),
    				Size:   pulumi.Int(0),
    			},
    		},
    		PasswordNoPersonalInfo: &auth0.ConnectionOptionsPasswordNoPersonalInfoArgs{
    			Enable: pulumi.Bool(false),
    		},
    		PasswordPolicy:      pulumi.String("string"),
    		PingFederateBaseUrl: pulumi.String("string"),
    		PkceEnabled:         pulumi.Bool(false),
    		Precedences: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		ProtocolBinding:  pulumi.String("string"),
    		Provider:         pulumi.String("string"),
    		RequestTemplate:  pulumi.String("string"),
    		RequiresUsername: pulumi.Bool(false),
    		Scopes: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		Scripts: pulumi.StringMap{
    			"string": pulumi.String("string"),
    		},
    		SetUserRootAttributes:              pulumi.String("string"),
    		ShouldTrustEmailVerifiedConnection: pulumi.String("string"),
    		SignInEndpoint:                     pulumi.String("string"),
    		SignOutEndpoint:                    pulumi.String("string"),
    		SignSamlRequest:                    pulumi.Bool(false),
    		SignatureAlgorithm:                 pulumi.String("string"),
    		SigningCert:                        pulumi.String("string"),
    		SigningKey: &auth0.ConnectionOptionsSigningKeyArgs{
    			Cert: pulumi.String("string"),
    			Key:  pulumi.String("string"),
    		},
    		StrategyVersion: pulumi.Int(0),
    		Subject:         pulumi.String("string"),
    		Syntax:          pulumi.String("string"),
    		TeamId:          pulumi.String("string"),
    		Template:        pulumi.String("string"),
    		TenantDomain:    pulumi.String("string"),
    		TokenEndpoint:   pulumi.String("string"),
    		Totp: &auth0.ConnectionOptionsTotpArgs{
    			Length:   pulumi.Int(0),
    			TimeStep: pulumi.Int(0),
    		},
    		TwilioSid:        pulumi.String("string"),
    		TwilioToken:      pulumi.String("string"),
    		Type:             pulumi.String("string"),
    		UpstreamParams:   pulumi.String("string"),
    		UseCertAuth:      pulumi.Bool(false),
    		UseKerberos:      pulumi.Bool(false),
    		UseWsfed:         pulumi.Bool(false),
    		UserIdAttribute:  pulumi.String("string"),
    		UserinfoEndpoint: pulumi.String("string"),
    		Validation: &auth0.ConnectionOptionsValidationArgs{
    			Username: &auth0.ConnectionOptionsValidationUsernameArgs{
    				Max: pulumi.Int(0),
    				Min: pulumi.Int(0),
    			},
    		},
    		WaadCommonEndpoint: pulumi.Bool(false),
    		WaadProtocol:       pulumi.String("string"),
    	},
    	Realms: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	ShowAsButton: pulumi.Bool(false),
    })
    
    var connectionResource = new Connection("connectionResource", ConnectionArgs.builder()
        .strategy("string")
        .displayName("string")
        .isDomainConnection(false)
        .metadata(Map.of("string", "string"))
        .name("string")
        .options(ConnectionOptionsArgs.builder()
            .adfsServer("string")
            .allowedAudiences("string")
            .apiEnableUsers(false)
            .appId("string")
            .attributeMap(ConnectionOptionsAttributeMapArgs.builder()
                .mappingMode("string")
                .attributes("string")
                .userinfoScope("string")
                .build())
            .attributes(ConnectionOptionsAttributeArgs.builder()
                .emails(ConnectionOptionsAttributeEmailArgs.builder()
                    .identifiers(ConnectionOptionsAttributeEmailIdentifierArgs.builder()
                        .active(false)
                        .build())
                    .profileRequired(false)
                    .signups(ConnectionOptionsAttributeEmailSignupArgs.builder()
                        .status("string")
                        .verifications(ConnectionOptionsAttributeEmailSignupVerificationArgs.builder()
                            .active(false)
                            .build())
                        .build())
                    .build())
                .phoneNumbers(ConnectionOptionsAttributePhoneNumberArgs.builder()
                    .identifiers(ConnectionOptionsAttributePhoneNumberIdentifierArgs.builder()
                        .active(false)
                        .build())
                    .profileRequired(false)
                    .signups(ConnectionOptionsAttributePhoneNumberSignupArgs.builder()
                        .status("string")
                        .verifications(ConnectionOptionsAttributePhoneNumberSignupVerificationArgs.builder()
                            .active(false)
                            .build())
                        .build())
                    .build())
                .usernames(ConnectionOptionsAttributeUsernameArgs.builder()
                    .identifiers(ConnectionOptionsAttributeUsernameIdentifierArgs.builder()
                        .active(false)
                        .build())
                    .profileRequired(false)
                    .signups(ConnectionOptionsAttributeUsernameSignupArgs.builder()
                        .status("string")
                        .build())
                    .validations(ConnectionOptionsAttributeUsernameValidationArgs.builder()
                        .allowedTypes(ConnectionOptionsAttributeUsernameValidationAllowedTypeArgs.builder()
                            .email(false)
                            .phoneNumber(false)
                            .build())
                        .maxLength(0)
                        .minLength(0)
                        .build())
                    .build())
                .build())
            .authParams(Map.of("string", "string"))
            .authorizationEndpoint("string")
            .bruteForceProtection(false)
            .clientId("string")
            .clientSecret("string")
            .communityBaseUrl("string")
            .configuration(Map.of("string", "string"))
            .connectionSettings(ConnectionOptionsConnectionSettingsArgs.builder()
                .pkce("string")
                .build())
            .customScripts(Map.of("string", "string"))
            .debug(false)
            .decryptionKey(ConnectionOptionsDecryptionKeyArgs.builder()
                .cert("string")
                .key("string")
                .build())
            .digestAlgorithm("string")
            .disableCache(false)
            .disableSelfServiceChangePassword(false)
            .disableSignOut(false)
            .disableSignup(false)
            .discoveryUrl("string")
            .domain("string")
            .domainAliases("string")
            .enableScriptContext(false)
            .enabledDatabaseCustomization(false)
            .entityId("string")
            .fedMetadataXml("string")
            .fieldsMap("string")
            .forwardRequestInfo(false)
            .from("string")
            .gatewayAuthentication(ConnectionOptionsGatewayAuthenticationArgs.builder()
                .audience("string")
                .method("string")
                .secret("string")
                .secretBase64Encoded(false)
                .subject("string")
                .build())
            .gatewayUrl("string")
            .iconUrl("string")
            .identityApi("string")
            .idpInitiated(ConnectionOptionsIdpInitiatedArgs.builder()
                .clientAuthorizeQuery("string")
                .clientId("string")
                .clientProtocol("string")
                .build())
            .importMode(false)
            .ips("string")
            .issuer("string")
            .jwksUri("string")
            .keyId("string")
            .mapUserIdToId(false)
            .maxGroupsToRetrieve("string")
            .messagingServiceSid("string")
            .metadataUrl("string")
            .metadataXml("string")
            .mfa(ConnectionOptionsMfaArgs.builder()
                .active(false)
                .returnEnrollSettings(false)
                .build())
            .name("string")
            .nonPersistentAttrs("string")
            .passwordComplexityOptions(ConnectionOptionsPasswordComplexityOptionsArgs.builder()
                .minLength(0)
                .build())
            .passwordDictionary(ConnectionOptionsPasswordDictionaryArgs.builder()
                .dictionaries("string")
                .enable(false)
                .build())
            .passwordHistories(ConnectionOptionsPasswordHistoryArgs.builder()
                .enable(false)
                .size(0)
                .build())
            .passwordNoPersonalInfo(ConnectionOptionsPasswordNoPersonalInfoArgs.builder()
                .enable(false)
                .build())
            .passwordPolicy("string")
            .pingFederateBaseUrl("string")
            .pkceEnabled(false)
            .precedences("string")
            .protocolBinding("string")
            .provider("string")
            .requestTemplate("string")
            .requiresUsername(false)
            .scopes("string")
            .scripts(Map.of("string", "string"))
            .setUserRootAttributes("string")
            .shouldTrustEmailVerifiedConnection("string")
            .signInEndpoint("string")
            .signOutEndpoint("string")
            .signSamlRequest(false)
            .signatureAlgorithm("string")
            .signingCert("string")
            .signingKey(ConnectionOptionsSigningKeyArgs.builder()
                .cert("string")
                .key("string")
                .build())
            .strategyVersion(0)
            .subject("string")
            .syntax("string")
            .teamId("string")
            .template("string")
            .tenantDomain("string")
            .tokenEndpoint("string")
            .totp(ConnectionOptionsTotpArgs.builder()
                .length(0)
                .timeStep(0)
                .build())
            .twilioSid("string")
            .twilioToken("string")
            .type("string")
            .upstreamParams("string")
            .useCertAuth(false)
            .useKerberos(false)
            .useWsfed(false)
            .userIdAttribute("string")
            .userinfoEndpoint("string")
            .validation(ConnectionOptionsValidationArgs.builder()
                .username(ConnectionOptionsValidationUsernameArgs.builder()
                    .max(0)
                    .min(0)
                    .build())
                .build())
            .waadCommonEndpoint(false)
            .waadProtocol("string")
            .build())
        .realms("string")
        .showAsButton(false)
        .build());
    
    connection_resource = auth0.Connection("connectionResource",
        strategy="string",
        display_name="string",
        is_domain_connection=False,
        metadata={
            "string": "string",
        },
        name="string",
        options={
            "adfs_server": "string",
            "allowed_audiences": ["string"],
            "api_enable_users": False,
            "app_id": "string",
            "attribute_map": {
                "mapping_mode": "string",
                "attributes": "string",
                "userinfo_scope": "string",
            },
            "attributes": [{
                "emails": [{
                    "identifiers": [{
                        "active": False,
                    }],
                    "profile_required": False,
                    "signups": [{
                        "status": "string",
                        "verifications": [{
                            "active": False,
                        }],
                    }],
                }],
                "phone_numbers": [{
                    "identifiers": [{
                        "active": False,
                    }],
                    "profile_required": False,
                    "signups": [{
                        "status": "string",
                        "verifications": [{
                            "active": False,
                        }],
                    }],
                }],
                "usernames": [{
                    "identifiers": [{
                        "active": False,
                    }],
                    "profile_required": False,
                    "signups": [{
                        "status": "string",
                    }],
                    "validations": [{
                        "allowed_types": [{
                            "email": False,
                            "phone_number": False,
                        }],
                        "max_length": 0,
                        "min_length": 0,
                    }],
                }],
            }],
            "auth_params": {
                "string": "string",
            },
            "authorization_endpoint": "string",
            "brute_force_protection": False,
            "client_id": "string",
            "client_secret": "string",
            "community_base_url": "string",
            "configuration": {
                "string": "string",
            },
            "connection_settings": {
                "pkce": "string",
            },
            "custom_scripts": {
                "string": "string",
            },
            "debug": False,
            "decryption_key": {
                "cert": "string",
                "key": "string",
            },
            "digest_algorithm": "string",
            "disable_cache": False,
            "disable_self_service_change_password": False,
            "disable_sign_out": False,
            "disable_signup": False,
            "discovery_url": "string",
            "domain": "string",
            "domain_aliases": ["string"],
            "enable_script_context": False,
            "enabled_database_customization": False,
            "entity_id": "string",
            "fed_metadata_xml": "string",
            "fields_map": "string",
            "forward_request_info": False,
            "from_": "string",
            "gateway_authentication": {
                "audience": "string",
                "method": "string",
                "secret": "string",
                "secret_base64_encoded": False,
                "subject": "string",
            },
            "gateway_url": "string",
            "icon_url": "string",
            "identity_api": "string",
            "idp_initiated": {
                "client_authorize_query": "string",
                "client_id": "string",
                "client_protocol": "string",
            },
            "import_mode": False,
            "ips": ["string"],
            "issuer": "string",
            "jwks_uri": "string",
            "key_id": "string",
            "map_user_id_to_id": False,
            "max_groups_to_retrieve": "string",
            "messaging_service_sid": "string",
            "metadata_url": "string",
            "metadata_xml": "string",
            "mfa": {
                "active": False,
                "return_enroll_settings": False,
            },
            "name": "string",
            "non_persistent_attrs": ["string"],
            "password_complexity_options": {
                "min_length": 0,
            },
            "password_dictionary": {
                "dictionaries": ["string"],
                "enable": False,
            },
            "password_histories": [{
                "enable": False,
                "size": 0,
            }],
            "password_no_personal_info": {
                "enable": False,
            },
            "password_policy": "string",
            "ping_federate_base_url": "string",
            "pkce_enabled": False,
            "precedences": ["string"],
            "protocol_binding": "string",
            "provider": "string",
            "request_template": "string",
            "requires_username": False,
            "scopes": ["string"],
            "scripts": {
                "string": "string",
            },
            "set_user_root_attributes": "string",
            "should_trust_email_verified_connection": "string",
            "sign_in_endpoint": "string",
            "sign_out_endpoint": "string",
            "sign_saml_request": False,
            "signature_algorithm": "string",
            "signing_cert": "string",
            "signing_key": {
                "cert": "string",
                "key": "string",
            },
            "strategy_version": 0,
            "subject": "string",
            "syntax": "string",
            "team_id": "string",
            "template": "string",
            "tenant_domain": "string",
            "token_endpoint": "string",
            "totp": {
                "length": 0,
                "time_step": 0,
            },
            "twilio_sid": "string",
            "twilio_token": "string",
            "type": "string",
            "upstream_params": "string",
            "use_cert_auth": False,
            "use_kerberos": False,
            "use_wsfed": False,
            "user_id_attribute": "string",
            "userinfo_endpoint": "string",
            "validation": {
                "username": {
                    "max": 0,
                    "min": 0,
                },
            },
            "waad_common_endpoint": False,
            "waad_protocol": "string",
        },
        realms=["string"],
        show_as_button=False)
    
    const connectionResource = new auth0.Connection("connectionResource", {
        strategy: "string",
        displayName: "string",
        isDomainConnection: false,
        metadata: {
            string: "string",
        },
        name: "string",
        options: {
            adfsServer: "string",
            allowedAudiences: ["string"],
            apiEnableUsers: false,
            appId: "string",
            attributeMap: {
                mappingMode: "string",
                attributes: "string",
                userinfoScope: "string",
            },
            attributes: [{
                emails: [{
                    identifiers: [{
                        active: false,
                    }],
                    profileRequired: false,
                    signups: [{
                        status: "string",
                        verifications: [{
                            active: false,
                        }],
                    }],
                }],
                phoneNumbers: [{
                    identifiers: [{
                        active: false,
                    }],
                    profileRequired: false,
                    signups: [{
                        status: "string",
                        verifications: [{
                            active: false,
                        }],
                    }],
                }],
                usernames: [{
                    identifiers: [{
                        active: false,
                    }],
                    profileRequired: false,
                    signups: [{
                        status: "string",
                    }],
                    validations: [{
                        allowedTypes: [{
                            email: false,
                            phoneNumber: false,
                        }],
                        maxLength: 0,
                        minLength: 0,
                    }],
                }],
            }],
            authParams: {
                string: "string",
            },
            authorizationEndpoint: "string",
            bruteForceProtection: false,
            clientId: "string",
            clientSecret: "string",
            communityBaseUrl: "string",
            configuration: {
                string: "string",
            },
            connectionSettings: {
                pkce: "string",
            },
            customScripts: {
                string: "string",
            },
            debug: false,
            decryptionKey: {
                cert: "string",
                key: "string",
            },
            digestAlgorithm: "string",
            disableCache: false,
            disableSelfServiceChangePassword: false,
            disableSignOut: false,
            disableSignup: false,
            discoveryUrl: "string",
            domain: "string",
            domainAliases: ["string"],
            enableScriptContext: false,
            enabledDatabaseCustomization: false,
            entityId: "string",
            fedMetadataXml: "string",
            fieldsMap: "string",
            forwardRequestInfo: false,
            from: "string",
            gatewayAuthentication: {
                audience: "string",
                method: "string",
                secret: "string",
                secretBase64Encoded: false,
                subject: "string",
            },
            gatewayUrl: "string",
            iconUrl: "string",
            identityApi: "string",
            idpInitiated: {
                clientAuthorizeQuery: "string",
                clientId: "string",
                clientProtocol: "string",
            },
            importMode: false,
            ips: ["string"],
            issuer: "string",
            jwksUri: "string",
            keyId: "string",
            mapUserIdToId: false,
            maxGroupsToRetrieve: "string",
            messagingServiceSid: "string",
            metadataUrl: "string",
            metadataXml: "string",
            mfa: {
                active: false,
                returnEnrollSettings: false,
            },
            name: "string",
            nonPersistentAttrs: ["string"],
            passwordComplexityOptions: {
                minLength: 0,
            },
            passwordDictionary: {
                dictionaries: ["string"],
                enable: false,
            },
            passwordHistories: [{
                enable: false,
                size: 0,
            }],
            passwordNoPersonalInfo: {
                enable: false,
            },
            passwordPolicy: "string",
            pingFederateBaseUrl: "string",
            pkceEnabled: false,
            precedences: ["string"],
            protocolBinding: "string",
            provider: "string",
            requestTemplate: "string",
            requiresUsername: false,
            scopes: ["string"],
            scripts: {
                string: "string",
            },
            setUserRootAttributes: "string",
            shouldTrustEmailVerifiedConnection: "string",
            signInEndpoint: "string",
            signOutEndpoint: "string",
            signSamlRequest: false,
            signatureAlgorithm: "string",
            signingCert: "string",
            signingKey: {
                cert: "string",
                key: "string",
            },
            strategyVersion: 0,
            subject: "string",
            syntax: "string",
            teamId: "string",
            template: "string",
            tenantDomain: "string",
            tokenEndpoint: "string",
            totp: {
                length: 0,
                timeStep: 0,
            },
            twilioSid: "string",
            twilioToken: "string",
            type: "string",
            upstreamParams: "string",
            useCertAuth: false,
            useKerberos: false,
            useWsfed: false,
            userIdAttribute: "string",
            userinfoEndpoint: "string",
            validation: {
                username: {
                    max: 0,
                    min: 0,
                },
            },
            waadCommonEndpoint: false,
            waadProtocol: "string",
        },
        realms: ["string"],
        showAsButton: false,
    });
    
    type: auth0:Connection
    properties:
        displayName: string
        isDomainConnection: false
        metadata:
            string: string
        name: string
        options:
            adfsServer: string
            allowedAudiences:
                - string
            apiEnableUsers: false
            appId: string
            attributeMap:
                attributes: string
                mappingMode: string
                userinfoScope: string
            attributes:
                - emails:
                    - identifiers:
                        - active: false
                      profileRequired: false
                      signups:
                        - status: string
                          verifications:
                            - active: false
                  phoneNumbers:
                    - identifiers:
                        - active: false
                      profileRequired: false
                      signups:
                        - status: string
                          verifications:
                            - active: false
                  usernames:
                    - identifiers:
                        - active: false
                      profileRequired: false
                      signups:
                        - status: string
                      validations:
                        - allowedTypes:
                            - email: false
                              phoneNumber: false
                          maxLength: 0
                          minLength: 0
            authParams:
                string: string
            authorizationEndpoint: string
            bruteForceProtection: false
            clientId: string
            clientSecret: string
            communityBaseUrl: string
            configuration:
                string: string
            connectionSettings:
                pkce: string
            customScripts:
                string: string
            debug: false
            decryptionKey:
                cert: string
                key: string
            digestAlgorithm: string
            disableCache: false
            disableSelfServiceChangePassword: false
            disableSignOut: false
            disableSignup: false
            discoveryUrl: string
            domain: string
            domainAliases:
                - string
            enableScriptContext: false
            enabledDatabaseCustomization: false
            entityId: string
            fedMetadataXml: string
            fieldsMap: string
            forwardRequestInfo: false
            from: string
            gatewayAuthentication:
                audience: string
                method: string
                secret: string
                secretBase64Encoded: false
                subject: string
            gatewayUrl: string
            iconUrl: string
            identityApi: string
            idpInitiated:
                clientAuthorizeQuery: string
                clientId: string
                clientProtocol: string
            importMode: false
            ips:
                - string
            issuer: string
            jwksUri: string
            keyId: string
            mapUserIdToId: false
            maxGroupsToRetrieve: string
            messagingServiceSid: string
            metadataUrl: string
            metadataXml: string
            mfa:
                active: false
                returnEnrollSettings: false
            name: string
            nonPersistentAttrs:
                - string
            passwordComplexityOptions:
                minLength: 0
            passwordDictionary:
                dictionaries:
                    - string
                enable: false
            passwordHistories:
                - enable: false
                  size: 0
            passwordNoPersonalInfo:
                enable: false
            passwordPolicy: string
            pingFederateBaseUrl: string
            pkceEnabled: false
            precedences:
                - string
            protocolBinding: string
            provider: string
            requestTemplate: string
            requiresUsername: false
            scopes:
                - string
            scripts:
                string: string
            setUserRootAttributes: string
            shouldTrustEmailVerifiedConnection: string
            signInEndpoint: string
            signOutEndpoint: string
            signSamlRequest: false
            signatureAlgorithm: string
            signingCert: string
            signingKey:
                cert: string
                key: string
            strategyVersion: 0
            subject: string
            syntax: string
            teamId: string
            template: string
            tenantDomain: string
            tokenEndpoint: string
            totp:
                length: 0
                timeStep: 0
            twilioSid: string
            twilioToken: string
            type: string
            upstreamParams: string
            useCertAuth: false
            useKerberos: false
            useWsfed: false
            userIdAttribute: string
            userinfoEndpoint: string
            validation:
                username:
                    max: 0
                    min: 0
            waadCommonEndpoint: false
            waadProtocol: string
        realms:
            - string
        showAsButton: false
        strategy: string
    

    Connection Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Connection resource accepts the following input properties:

    Strategy string
    Type of the connection, which indicates the identity provider.
    DisplayName string
    Name used in login screen.
    IsDomainConnection bool
    Indicates whether the connection is domain level.
    Metadata Dictionary<string, string>
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    Name string
    Name of the connection.
    Options ConnectionOptions
    Configuration settings for connection options.
    Realms List<string>
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    ShowAsButton bool
    Display connection as a button. Only available on enterprise connections.
    Strategy string
    Type of the connection, which indicates the identity provider.
    DisplayName string
    Name used in login screen.
    IsDomainConnection bool
    Indicates whether the connection is domain level.
    Metadata map[string]string
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    Name string
    Name of the connection.
    Options ConnectionOptionsArgs
    Configuration settings for connection options.
    Realms []string
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    ShowAsButton bool
    Display connection as a button. Only available on enterprise connections.
    strategy String
    Type of the connection, which indicates the identity provider.
    displayName String
    Name used in login screen.
    isDomainConnection Boolean
    Indicates whether the connection is domain level.
    metadata Map<String,String>
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    name String
    Name of the connection.
    options ConnectionOptions
    Configuration settings for connection options.
    realms List<String>
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    showAsButton Boolean
    Display connection as a button. Only available on enterprise connections.
    strategy string
    Type of the connection, which indicates the identity provider.
    displayName string
    Name used in login screen.
    isDomainConnection boolean
    Indicates whether the connection is domain level.
    metadata {[key: string]: string}
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    name string
    Name of the connection.
    options ConnectionOptions
    Configuration settings for connection options.
    realms string[]
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    showAsButton boolean
    Display connection as a button. Only available on enterprise connections.
    strategy str
    Type of the connection, which indicates the identity provider.
    display_name str
    Name used in login screen.
    is_domain_connection bool
    Indicates whether the connection is domain level.
    metadata Mapping[str, str]
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    name str
    Name of the connection.
    options ConnectionOptionsArgs
    Configuration settings for connection options.
    realms Sequence[str]
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    show_as_button bool
    Display connection as a button. Only available on enterprise connections.
    strategy String
    Type of the connection, which indicates the identity provider.
    displayName String
    Name used in login screen.
    isDomainConnection Boolean
    Indicates whether the connection is domain level.
    metadata Map<String>
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    name String
    Name of the connection.
    options Property Map
    Configuration settings for connection options.
    realms List<String>
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    showAsButton Boolean
    Display connection as a button. Only available on enterprise connections.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Connection Resource

    Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            display_name: Optional[str] = None,
            is_domain_connection: Optional[bool] = None,
            metadata: Optional[Mapping[str, str]] = None,
            name: Optional[str] = None,
            options: Optional[ConnectionOptionsArgs] = None,
            realms: Optional[Sequence[str]] = None,
            show_as_button: Optional[bool] = None,
            strategy: Optional[str] = None) -> Connection
    func GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)
    public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)
    public static Connection get(String name, Output<String> id, ConnectionState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    DisplayName string
    Name used in login screen.
    IsDomainConnection bool
    Indicates whether the connection is domain level.
    Metadata Dictionary<string, string>
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    Name string
    Name of the connection.
    Options ConnectionOptions
    Configuration settings for connection options.
    Realms List<string>
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    ShowAsButton bool
    Display connection as a button. Only available on enterprise connections.
    Strategy string
    Type of the connection, which indicates the identity provider.
    DisplayName string
    Name used in login screen.
    IsDomainConnection bool
    Indicates whether the connection is domain level.
    Metadata map[string]string
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    Name string
    Name of the connection.
    Options ConnectionOptionsArgs
    Configuration settings for connection options.
    Realms []string
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    ShowAsButton bool
    Display connection as a button. Only available on enterprise connections.
    Strategy string
    Type of the connection, which indicates the identity provider.
    displayName String
    Name used in login screen.
    isDomainConnection Boolean
    Indicates whether the connection is domain level.
    metadata Map<String,String>
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    name String
    Name of the connection.
    options ConnectionOptions
    Configuration settings for connection options.
    realms List<String>
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    showAsButton Boolean
    Display connection as a button. Only available on enterprise connections.
    strategy String
    Type of the connection, which indicates the identity provider.
    displayName string
    Name used in login screen.
    isDomainConnection boolean
    Indicates whether the connection is domain level.
    metadata {[key: string]: string}
    Metadata associated with the connection, in the form of a map of string values (max 255 chars).
    name string
    Name of the connection.
    options ConnectionOptions
    Configuration settings for connection options.
    realms string[]
    Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
    showAsButton boolean
    Display connection as a button. Only available on enterprise connections.
    strategy string
    Type of the connection, which indicates the identity provider.