auth0 logo
Auth0 v2.18.0, Mar 20 23

auth0.Connection

With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers (such as Google or LinkedIn), databases, or passwordless authentication methods. This resource allows you to configure and manage connections to be used with your clients and users.

The Auth0 dashboard displays only one connection per social provider. Although the Auth0 Management API allows the creation of multiple connections per strategy, the additional connections may not be visible in the Auth0 dashboard.

Example Usage

Google OAuth2 Connection

using System.Collections.Generic;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var googleOauth2 = new Auth0.Connection("googleOauth2", new()
    {
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            AllowedAudiences = new[]
            {
                "example.com",
                "api.example.com",
            },
            ClientId = "<client-id>",
            ClientSecret = "<client-secret>",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
            Scopes = new[]
            {
                "email",
                "profile",
                "gmail",
                "youtube",
            },
            SetUserRootAttributes = "on_each_login",
        },
        Strategy = "google-oauth2",
    });

});
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewConnection(ctx, "googleOauth2", &auth0.ConnectionArgs{
			Options: &auth0.ConnectionOptionsArgs{
				AllowedAudiences: pulumi.StringArray{
					pulumi.String("example.com"),
					pulumi.String("api.example.com"),
				},
				ClientId:     pulumi.String("<client-id>"),
				ClientSecret: pulumi.String("<client-secret>"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
				Scopes: pulumi.StringArray{
					pulumi.String("email"),
					pulumi.String("profile"),
					pulumi.String("gmail"),
					pulumi.String("youtube"),
				},
				SetUserRootAttributes: pulumi.String("on_each_login"),
			},
			Strategy: pulumi.String("google-oauth2"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var googleOauth2 = new Connection("googleOauth2", ConnectionArgs.builder()        
            .options(ConnectionOptionsArgs.builder()
                .allowedAudiences(                
                    "example.com",
                    "api.example.com")
                .clientId("<client-id>")
                .clientSecret("<client-secret>")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .scopes(                
                    "email",
                    "profile",
                    "gmail",
                    "youtube")
                .setUserRootAttributes("on_each_login")
                .build())
            .strategy("google-oauth2")
            .build());

    }
}
import pulumi
import pulumi_auth0 as auth0

google_oauth2 = auth0.Connection("googleOauth2",
    options=auth0.ConnectionOptionsArgs(
        allowed_audiences=[
            "example.com",
            "api.example.com",
        ],
        client_id="<client-id>",
        client_secret="<client-secret>",
        non_persistent_attrs=[
            "ethnicity",
            "gender",
        ],
        scopes=[
            "email",
            "profile",
            "gmail",
            "youtube",
        ],
        set_user_root_attributes="on_each_login",
    ),
    strategy="google-oauth2")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const googleOauth2 = new auth0.Connection("googleOauth2", {
    options: {
        allowedAudiences: [
            "example.com",
            "api.example.com",
        ],
        clientId: "<client-id>",
        clientSecret: "<client-secret>",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
        scopes: [
            "email",
            "profile",
            "gmail",
            "youtube",
        ],
        setUserRootAttributes: "on_each_login",
    },
    strategy: "google-oauth2",
});
resources:
  googleOauth2:
    type: auth0:Connection
    properties:
      options:
        allowedAudiences:
          - example.com
          - api.example.com
        clientId: <client-id>
        clientSecret: <client-secret>
        nonPersistentAttrs:
          - ethnicity
          - gender
        scopes:
          - email
          - profile
          - gmail
          - youtube
        setUserRootAttributes: on_each_login
      strategy: google-oauth2

Facebook Connection

using System.Collections.Generic;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var facebook = new Auth0.Connection("facebook", new()
    {
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "<client-id>",
            ClientSecret = "<client-secret>",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
            Scopes = new[]
            {
                "public_profile",
                "email",
                "groups_access_member_info",
                "user_birthday",
            },
            SetUserRootAttributes = "on_each_login",
        },
        Strategy = "facebook",
    });

});
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewConnection(ctx, "facebook", &auth0.ConnectionArgs{
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:     pulumi.String("<client-id>"),
				ClientSecret: pulumi.String("<client-secret>"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
				Scopes: pulumi.StringArray{
					pulumi.String("public_profile"),
					pulumi.String("email"),
					pulumi.String("groups_access_member_info"),
					pulumi.String("user_birthday"),
				},
				SetUserRootAttributes: pulumi.String("on_each_login"),
			},
			Strategy: pulumi.String("facebook"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var facebook = new Connection("facebook", ConnectionArgs.builder()        
            .options(ConnectionOptionsArgs.builder()
                .clientId("<client-id>")
                .clientSecret("<client-secret>")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .scopes(                
                    "public_profile",
                    "email",
                    "groups_access_member_info",
                    "user_birthday")
                .setUserRootAttributes("on_each_login")
                .build())
            .strategy("facebook")
            .build());

    }
}
import pulumi
import pulumi_auth0 as auth0

facebook = auth0.Connection("facebook",
    options=auth0.ConnectionOptionsArgs(
        client_id="<client-id>",
        client_secret="<client-secret>",
        non_persistent_attrs=[
            "ethnicity",
            "gender",
        ],
        scopes=[
            "public_profile",
            "email",
            "groups_access_member_info",
            "user_birthday",
        ],
        set_user_root_attributes="on_each_login",
    ),
    strategy="facebook")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const facebook = new auth0.Connection("facebook", {
    options: {
        clientId: "<client-id>",
        clientSecret: "<client-secret>",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
        scopes: [
            "public_profile",
            "email",
            "groups_access_member_info",
            "user_birthday",
        ],
        setUserRootAttributes: "on_each_login",
    },
    strategy: "facebook",
});
resources:
  facebook:
    type: auth0:Connection
    properties:
      options:
        clientId: <client-id>
        clientSecret: <client-secret>
        nonPersistentAttrs:
          - ethnicity
          - gender
        scopes:
          - public_profile
          - email
          - groups_access_member_info
          - user_birthday
        setUserRootAttributes: on_each_login
      strategy: facebook

Apple Connection

using System.Collections.Generic;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var apple = new Auth0.Connection("apple", new()
    {
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "<client-id>",
            ClientSecret = @"-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----
",
            KeyId = "<key-id>",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
            Scopes = new[]
            {
                "email",
                "name",
            },
            SetUserRootAttributes = "on_first_login",
            TeamId = "<team-id>",
        },
        Strategy = "apple",
    });

});
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewConnection(ctx, "apple", &auth0.ConnectionArgs{
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:     pulumi.String("<client-id>"),
				ClientSecret: pulumi.String("-----BEGIN PRIVATE KEY-----\nMIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA\n-----END PRIVATE KEY-----\n"),
				KeyId:        pulumi.String("<key-id>"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
				Scopes: pulumi.StringArray{
					pulumi.String("email"),
					pulumi.String("name"),
				},
				SetUserRootAttributes: pulumi.String("on_first_login"),
				TeamId:                pulumi.String("<team-id>"),
			},
			Strategy: pulumi.String("apple"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var apple = new Connection("apple", ConnectionArgs.builder()        
            .options(ConnectionOptionsArgs.builder()
                .clientId("<client-id>")
                .clientSecret("""
-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----
                """)
                .keyId("<key-id>")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .scopes(                
                    "email",
                    "name")
                .setUserRootAttributes("on_first_login")
                .teamId("<team-id>")
                .build())
            .strategy("apple")
            .build());

    }
}
import pulumi
import pulumi_auth0 as auth0

apple = auth0.Connection("apple",
    options=auth0.ConnectionOptionsArgs(
        client_id="<client-id>",
        client_secret="""-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----
""",
        key_id="<key-id>",
        non_persistent_attrs=[
            "ethnicity",
            "gender",
        ],
        scopes=[
            "email",
            "name",
        ],
        set_user_root_attributes="on_first_login",
        team_id="<team-id>",
    ),
    strategy="apple")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const apple = new auth0.Connection("apple", {
    options: {
        clientId: "<client-id>",
        clientSecret: `-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----
`,
        keyId: "<key-id>",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
        scopes: [
            "email",
            "name",
        ],
        setUserRootAttributes: "on_first_login",
        teamId: "<team-id>",
    },
    strategy: "apple",
});
resources:
  apple:
    type: auth0:Connection
    properties:
      options:
        clientId: <client-id>
        clientSecret: |
          -----BEGIN PRIVATE KEY-----
          MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
          -----END PRIVATE KEY-----          
        keyId: <key-id>
        nonPersistentAttrs:
          - ethnicity
          - gender
        scopes:
          - email
          - name
        setUserRootAttributes: on_first_login
        teamId: <team-id>
      strategy: apple

LinkedIn Connection

using System.Collections.Generic;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var linkedin = new Auth0.Connection("linkedin", new()
    {
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "<client-id>",
            ClientSecret = "<client-secret>",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
            Scopes = new[]
            {
                "basic_profile",
                "profile",
                "email",
            },
            SetUserRootAttributes = "on_each_login",
            StrategyVersion = 2,
        },
        Strategy = "linkedin",
    });

});
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewConnection(ctx, "linkedin", &auth0.ConnectionArgs{
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:     pulumi.String("<client-id>"),
				ClientSecret: pulumi.String("<client-secret>"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
				Scopes: pulumi.StringArray{
					pulumi.String("basic_profile"),
					pulumi.String("profile"),
					pulumi.String("email"),
				},
				SetUserRootAttributes: pulumi.String("on_each_login"),
				StrategyVersion:       pulumi.Int(2),
			},
			Strategy: pulumi.String("linkedin"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var linkedin = new Connection("linkedin", ConnectionArgs.builder()        
            .options(ConnectionOptionsArgs.builder()
                .clientId("<client-id>")
                .clientSecret("<client-secret>")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .scopes(                
                    "basic_profile",
                    "profile",
                    "email")
                .setUserRootAttributes("on_each_login")
                .strategyVersion(2)
                .build())
            .strategy("linkedin")
            .build());

    }
}
import pulumi
import pulumi_auth0 as auth0

linkedin = auth0.Connection("linkedin",
    options=auth0.ConnectionOptionsArgs(
        client_id="<client-id>",
        client_secret="<client-secret>",
        non_persistent_attrs=[
            "ethnicity",
            "gender",
        ],
        scopes=[
            "basic_profile",
            "profile",
            "email",
        ],
        set_user_root_attributes="on_each_login",
        strategy_version=2,
    ),
    strategy="linkedin")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const linkedin = new auth0.Connection("linkedin", {
    options: {
        clientId: "<client-id>",
        clientSecret: "<client-secret>",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
        scopes: [
            "basic_profile",
            "profile",
            "email",
        ],
        setUserRootAttributes: "on_each_login",
        strategyVersion: 2,
    },
    strategy: "linkedin",
});
resources:
  linkedin:
    type: auth0:Connection
    properties:
      options:
        clientId: <client-id>
        clientSecret: <client-secret>
        nonPersistentAttrs:
          - ethnicity
          - gender
        scopes:
          - basic_profile
          - profile
          - email
        setUserRootAttributes: on_each_login
        strategyVersion: 2
      strategy: linkedin

GitHub Connection

using System.Collections.Generic;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var github = new Auth0.Connection("github", new()
    {
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "<client-id>",
            ClientSecret = "<client-secret>",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
            Scopes = new[]
            {
                "email",
                "profile",
                "public_repo",
                "repo",
            },
            SetUserRootAttributes = "on_each_login",
        },
        Strategy = "github",
    });

});
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewConnection(ctx, "github", &auth0.ConnectionArgs{
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:     pulumi.String("<client-id>"),
				ClientSecret: pulumi.String("<client-secret>"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
				Scopes: pulumi.StringArray{
					pulumi.String("email"),
					pulumi.String("profile"),
					pulumi.String("public_repo"),
					pulumi.String("repo"),
				},
				SetUserRootAttributes: pulumi.String("on_each_login"),
			},
			Strategy: pulumi.String("github"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var github = new Connection("github", ConnectionArgs.builder()        
            .options(ConnectionOptionsArgs.builder()
                .clientId("<client-id>")
                .clientSecret("<client-secret>")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .scopes(                
                    "email",
                    "profile",
                    "public_repo",
                    "repo")
                .setUserRootAttributes("on_each_login")
                .build())
            .strategy("github")
            .build());

    }
}
import pulumi
import pulumi_auth0 as auth0

github = auth0.Connection("github",
    options=auth0.ConnectionOptionsArgs(
        client_id="<client-id>",
        client_secret="<client-secret>",
        non_persistent_attrs=[
            "ethnicity",
            "gender",
        ],
        scopes=[
            "email",
            "profile",
            "public_repo",
            "repo",
        ],
        set_user_root_attributes="on_each_login",
    ),
    strategy="github")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const github = new auth0.Connection("github", {
    options: {
        clientId: "<client-id>",
        clientSecret: "<client-secret>",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
        scopes: [
            "email",
            "profile",
            "public_repo",
            "repo",
        ],
        setUserRootAttributes: "on_each_login",
    },
    strategy: "github",
});
resources:
  github:
    type: auth0:Connection
    properties:
      options:
        clientId: <client-id>
        clientSecret: <client-secret>
        nonPersistentAttrs:
          - ethnicity
          - gender
        scopes:
          - email
          - profile
          - public_repo
          - repo
        setUserRootAttributes: on_each_login
      strategy: github

SalesForce Connection

using System.Collections.Generic;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var salesforce = new Auth0.Connection("salesforce", new()
    {
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "<client-id>",
            ClientSecret = "<client-secret>",
            CommunityBaseUrl = "https://salesforce.example.com",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
            Scopes = new[]
            {
                "openid",
                "email",
            },
            SetUserRootAttributes = "on_first_login",
        },
        Strategy = "salesforce",
    });

});
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewConnection(ctx, "salesforce", &auth0.ConnectionArgs{
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:         pulumi.String("<client-id>"),
				ClientSecret:     pulumi.String("<client-secret>"),
				CommunityBaseUrl: pulumi.String("https://salesforce.example.com"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
				Scopes: pulumi.StringArray{
					pulumi.String("openid"),
					pulumi.String("email"),
				},
				SetUserRootAttributes: pulumi.String("on_first_login"),
			},
			Strategy: pulumi.String("salesforce"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var salesforce = new Connection("salesforce", ConnectionArgs.builder()        
            .options(ConnectionOptionsArgs.builder()
                .clientId("<client-id>")
                .clientSecret("<client-secret>")
                .communityBaseUrl("https://salesforce.example.com")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .scopes(                
                    "openid",
                    "email")
                .setUserRootAttributes("on_first_login")
                .build())
            .strategy("salesforce")
            .build());

    }
}
import pulumi
import pulumi_auth0 as auth0

salesforce = auth0.Connection("salesforce",
    options=auth0.ConnectionOptionsArgs(
        client_id="<client-id>",
        client_secret="<client-secret>",
        community_base_url="https://salesforce.example.com",
        non_persistent_attrs=[
            "ethnicity",
            "gender",
        ],
        scopes=[
            "openid",
            "email",
        ],
        set_user_root_attributes="on_first_login",
    ),
    strategy="salesforce")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const salesforce = new auth0.Connection("salesforce", {
    options: {
        clientId: "<client-id>",
        clientSecret: "<client-secret>",
        communityBaseUrl: "https://salesforce.example.com",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
        scopes: [
            "openid",
            "email",
        ],
        setUserRootAttributes: "on_first_login",
    },
    strategy: "salesforce",
});
resources:
  salesforce:
    type: auth0:Connection
    properties:
      options:
        clientId: <client-id>
        clientSecret: <client-secret>
        communityBaseUrl: https://salesforce.example.com
        nonPersistentAttrs:
          - ethnicity
          - gender
        scopes:
          - openid
          - email
        setUserRootAttributes: on_first_login
      strategy: salesforce

OAuth2 Connection

using System.Collections.Generic;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var oauth2 = new Auth0.Connection("oauth2", new()
    {
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            AuthorizationEndpoint = "https://auth.example.com/oauth2/authorize",
            ClientId = "<client-id>",
            ClientSecret = "<client-secret>",
            IconUrl = "https://auth.example.com/assets/logo.png",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
            PkceEnabled = true,
            Scopes = new[]
            {
                "basic_profile",
                "profile",
                "email",
            },
            Scripts = 
            {
                { "fetchUserProfile", @"        function fetchUserProfile(accessToken, context, callback) {
          return callback(new Error(""Whoops!""));
        }
      
" },
            },
            SetUserRootAttributes = "on_each_login",
            TokenEndpoint = "https://auth.example.com/oauth2/token",
        },
        Strategy = "oauth2",
    });

});
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewConnection(ctx, "oauth2", &auth0.ConnectionArgs{
			Options: &auth0.ConnectionOptionsArgs{
				AuthorizationEndpoint: pulumi.String("https://auth.example.com/oauth2/authorize"),
				ClientId:              pulumi.String("<client-id>"),
				ClientSecret:          pulumi.String("<client-secret>"),
				IconUrl:               pulumi.String("https://auth.example.com/assets/logo.png"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
				PkceEnabled: pulumi.Bool(true),
				Scopes: pulumi.StringArray{
					pulumi.String("basic_profile"),
					pulumi.String("profile"),
					pulumi.String("email"),
				},
				Scripts: pulumi.StringMap{
					"fetchUserProfile": pulumi.String("        function fetchUserProfile(accessToken, context, callback) {\n          return callback(new Error(\"Whoops!\"));\n        }\n      \n"),
				},
				SetUserRootAttributes: pulumi.String("on_each_login"),
				TokenEndpoint:         pulumi.String("https://auth.example.com/oauth2/token"),
			},
			Strategy: pulumi.String("oauth2"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var oauth2 = new Connection("oauth2", ConnectionArgs.builder()        
            .options(ConnectionOptionsArgs.builder()
                .authorizationEndpoint("https://auth.example.com/oauth2/authorize")
                .clientId("<client-id>")
                .clientSecret("<client-secret>")
                .iconUrl("https://auth.example.com/assets/logo.png")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .pkceEnabled(true)
                .scopes(                
                    "basic_profile",
                    "profile",
                    "email")
                .scripts(Map.of("fetchUserProfile", """
        function fetchUserProfile(accessToken, context, callback) {
          return callback(new Error("Whoops!"));
        }
      
                """))
                .setUserRootAttributes("on_each_login")
                .tokenEndpoint("https://auth.example.com/oauth2/token")
                .build())
            .strategy("oauth2")
            .build());

    }
}
import pulumi
import pulumi_auth0 as auth0

oauth2 = auth0.Connection("oauth2",
    options=auth0.ConnectionOptionsArgs(
        authorization_endpoint="https://auth.example.com/oauth2/authorize",
        client_id="<client-id>",
        client_secret="<client-secret>",
        icon_url="https://auth.example.com/assets/logo.png",
        non_persistent_attrs=[
            "ethnicity",
            "gender",
        ],
        pkce_enabled=True,
        scopes=[
            "basic_profile",
            "profile",
            "email",
        ],
        scripts={
            "fetchUserProfile": """        function fetchUserProfile(accessToken, context, callback) {
          return callback(new Error("Whoops!"));
        }
      
""",
        },
        set_user_root_attributes="on_each_login",
        token_endpoint="https://auth.example.com/oauth2/token",
    ),
    strategy="oauth2")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const oauth2 = new auth0.Connection("oauth2", {
    options: {
        authorizationEndpoint: "https://auth.example.com/oauth2/authorize",
        clientId: "<client-id>",
        clientSecret: "<client-secret>",
        iconUrl: "https://auth.example.com/assets/logo.png",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
        pkceEnabled: true,
        scopes: [
            "basic_profile",
            "profile",
            "email",
        ],
        scripts: {
            fetchUserProfile: `        function fetchUserProfile(accessToken, context, callback) {
          return callback(new Error("Whoops!"));
        }
      
`,
        },
        setUserRootAttributes: "on_each_login",
        tokenEndpoint: "https://auth.example.com/oauth2/token",
    },
    strategy: "oauth2",
});
resources:
  oauth2:
    type: auth0:Connection
    properties:
      options:
        authorizationEndpoint: https://auth.example.com/oauth2/authorize
        clientId: <client-id>
        clientSecret: <client-secret>
        iconUrl: https://auth.example.com/assets/logo.png
        nonPersistentAttrs:
          - ethnicity
          - gender
        pkceEnabled: true
        scopes:
          - basic_profile
          - profile
          - email
        scripts:
          fetchUserProfile: "        function fetchUserProfile(accessToken, context, callback) {\n          return callback(new Error(\"Whoops!\"));\n        }\n      \n"
        setUserRootAttributes: on_each_login
        tokenEndpoint: https://auth.example.com/oauth2/token
      strategy: oauth2

SMS Connection

using System.Collections.Generic;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var sms = new Auth0.Connection("sms", new()
    {
        IsDomainConnection = false,
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            BruteForceProtection = true,
            DisableSignup = false,
            ForwardRequestInfo = true,
            From = "+15555555555",
            GatewayAuthentication = new Auth0.Inputs.ConnectionOptionsGatewayAuthenticationArgs
            {
                Audience = "https://somewhere.com/sms-gateway",
                Method = "bearer",
                Secret = "4e2680bb74ec2ae24736476dd37ed6c2",
                SecretBase64Encoded = false,
                Subject = "test.us.auth0.com:sms",
            },
            GatewayUrl = "https://somewhere.com/sms-gateway",
            Name = "sms",
            Provider = "sms_gateway",
            Syntax = "md_with_macros",
            Template = "@@password@@",
            Totp = new Auth0.Inputs.ConnectionOptionsTotpArgs
            {
                Length = 6,
                TimeStep = 300,
            },
        },
        Strategy = "sms",
    });

});
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewConnection(ctx, "sms", &auth0.ConnectionArgs{
			IsDomainConnection: pulumi.Bool(false),
			Options: &auth0.ConnectionOptionsArgs{
				BruteForceProtection: pulumi.Bool(true),
				DisableSignup:        pulumi.Bool(false),
				ForwardRequestInfo:   pulumi.Bool(true),
				From:                 pulumi.String("+15555555555"),
				GatewayAuthentication: &auth0.ConnectionOptionsGatewayAuthenticationArgs{
					Audience:            pulumi.String("https://somewhere.com/sms-gateway"),
					Method:              pulumi.String("bearer"),
					Secret:              pulumi.String("4e2680bb74ec2ae24736476dd37ed6c2"),
					SecretBase64Encoded: pulumi.Bool(false),
					Subject:             pulumi.String("test.us.auth0.com:sms"),
				},
				GatewayUrl: pulumi.String("https://somewhere.com/sms-gateway"),
				Name:       pulumi.String("sms"),
				Provider:   pulumi.String("sms_gateway"),
				Syntax:     pulumi.String("md_with_macros"),
				Template:   pulumi.String("@@password@@"),
				Totp: &auth0.ConnectionOptionsTotpArgs{
					Length:   pulumi.Int(6),
					TimeStep: pulumi.Int(300),
				},
			},
			Strategy: pulumi.String("sms"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsGatewayAuthenticationArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsTotpArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var sms = new Connection("sms", ConnectionArgs.builder()        
            .isDomainConnection(false)
            .options(ConnectionOptionsArgs.builder()
                .bruteForceProtection(true)
                .disableSignup(false)
                .forwardRequestInfo(true)
                .from("+15555555555")
                .gatewayAuthentication(ConnectionOptionsGatewayAuthenticationArgs.builder()
                    .audience("https://somewhere.com/sms-gateway")
                    .method("bearer")
                    .secret("4e2680bb74ec2ae24736476dd37ed6c2")
                    .secretBase64Encoded(false)
                    .subject("test.us.auth0.com:sms")
                    .build())
                .gatewayUrl("https://somewhere.com/sms-gateway")
                .name("sms")
                .provider("sms_gateway")
                .syntax("md_with_macros")
                .template("@@password@@")
                .totp(ConnectionOptionsTotpArgs.builder()
                    .length(6)
                    .timeStep(300)
                    .build())
                .build())
            .strategy("sms")
            .build());

    }
}
import pulumi
import pulumi_auth0 as auth0

sms = auth0.Connection("sms",
    is_domain_connection=False,
    options=auth0.ConnectionOptionsArgs(
        brute_force_protection=True,
        disable_signup=False,
        forward_request_info=True,
        from_="+15555555555",
        gateway_authentication=auth0.ConnectionOptionsGatewayAuthenticationArgs(
            audience="https://somewhere.com/sms-gateway",
            method="bearer",
            secret="4e2680bb74ec2ae24736476dd37ed6c2",
            secret_base64_encoded=False,
            subject="test.us.auth0.com:sms",
        ),
        gateway_url="https://somewhere.com/sms-gateway",
        name="sms",
        provider="sms_gateway",
        syntax="md_with_macros",
        template="@@password@@",
        totp=auth0.ConnectionOptionsTotpArgs(
            length=6,
            time_step=300,
        ),
    ),
    strategy="sms")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const sms = new auth0.Connection("sms", {
    isDomainConnection: false,
    options: {
        bruteForceProtection: true,
        disableSignup: false,
        forwardRequestInfo: true,
        from: "+15555555555",
        gatewayAuthentication: {
            audience: "https://somewhere.com/sms-gateway",
            method: "bearer",
            secret: "4e2680bb74ec2ae24736476dd37ed6c2",
            secretBase64Encoded: false,
            subject: "test.us.auth0.com:sms",
        },
        gatewayUrl: "https://somewhere.com/sms-gateway",
        name: "sms",
        provider: "sms_gateway",
        syntax: "md_with_macros",
        template: "@@password@@",
        totp: {
            length: 6,
            timeStep: 300,
        },
    },
    strategy: "sms",
});
resources:
  sms:
    type: auth0:Connection
    properties:
      isDomainConnection: false
      options:
        bruteForceProtection: true
        disableSignup: false
        forwardRequestInfo: true
        from: '+15555555555'
        gatewayAuthentication:
          audience: https://somewhere.com/sms-gateway
          method: bearer
          secret: 4e2680bb74ec2ae24736476dd37ed6c2
          secretBase64Encoded: false
          subject: test.us.auth0.com:sms
        gatewayUrl: https://somewhere.com/sms-gateway
        name: sms
        provider: sms_gateway
        syntax: md_with_macros
        template: '@@password@@'
        totp:
          length: 6
          timeStep: 300
      strategy: sms

Email Connection

using System.Collections.Generic;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var passwordlessEmail = new Auth0.Connection("passwordlessEmail", new()
    {
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            AuthParams = 
            {
                { "responseType", "code" },
                { "scope", "openid email profile offline_access" },
            },
            BruteForceProtection = true,
            DisableSignup = false,
            From = "{{ application.name }} <root@auth0.com>",
            Name = "email",
            NonPersistentAttrs = new[] {},
            SetUserRootAttributes = "on_each_login",
            Subject = "Welcome to {{ application.name }}",
            Syntax = "liquid",
            Template = "<html>This is the body of the email</html>",
            Totp = new Auth0.Inputs.ConnectionOptionsTotpArgs
            {
                Length = 6,
                TimeStep = 300,
            },
        },
        Strategy = "email",
    });

});
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewConnection(ctx, "passwordlessEmail", &auth0.ConnectionArgs{
			Options: &auth0.ConnectionOptionsArgs{
				AuthParams: pulumi.StringMap{
					"responseType": pulumi.String("code"),
					"scope":        pulumi.String("openid email profile offline_access"),
				},
				BruteForceProtection:  pulumi.Bool(true),
				DisableSignup:         pulumi.Bool(false),
				From:                  pulumi.String("{{ application.name }} <root@auth0.com>"),
				Name:                  pulumi.String("email"),
				NonPersistentAttrs:    pulumi.StringArray{},
				SetUserRootAttributes: pulumi.String("on_each_login"),
				Subject:               pulumi.String("Welcome to {{ application.name }}"),
				Syntax:                pulumi.String("liquid"),
				Template:              pulumi.String("<html>This is the body of the email</html>"),
				Totp: &auth0.ConnectionOptionsTotpArgs{
					Length:   pulumi.Int(6),
					TimeStep: pulumi.Int(300),
				},
			},
			Strategy: pulumi.String("email"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsTotpArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var passwordlessEmail = new Connection("passwordlessEmail", ConnectionArgs.builder()        
            .options(ConnectionOptionsArgs.builder()
                .authParams(Map.ofEntries(
                    Map.entry("responseType", "code"),
                    Map.entry("scope", "openid email profile offline_access")
                ))
                .bruteForceProtection(true)
                .disableSignup(false)
                .from("{{ application.name }} <root@auth0.com>")
                .name("email")
                .nonPersistentAttrs()
                .setUserRootAttributes("on_each_login")
                .subject("Welcome to {{ application.name }}")
                .syntax("liquid")
                .template("<html>This is the body of the email</html>")
                .totp(ConnectionOptionsTotpArgs.builder()
                    .length(6)
                    .timeStep(300)
                    .build())
                .build())
            .strategy("email")
            .build());

    }
}
import pulumi
import pulumi_auth0 as auth0

passwordless_email = auth0.Connection("passwordlessEmail",
    options=auth0.ConnectionOptionsArgs(
        auth_params={
            "responseType": "code",
            "scope": "openid email profile offline_access",
        },
        brute_force_protection=True,
        disable_signup=False,
        from_="{{ application.name }} <root@auth0.com>",
        name="email",
        non_persistent_attrs=[],
        set_user_root_attributes="on_each_login",
        subject="Welcome to {{ application.name }}",
        syntax="liquid",
        template="<html>This is the body of the email</html>",
        totp=auth0.ConnectionOptionsTotpArgs(
            length=6,
            time_step=300,
        ),
    ),
    strategy="email")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const passwordlessEmail = new auth0.Connection("passwordlessEmail", {
    options: {
        authParams: {
            responseType: "code",
            scope: "openid email profile offline_access",
        },
        bruteForceProtection: true,
        disableSignup: false,
        from: "{{ application.name }} <root@auth0.com>",
        name: "email",
        nonPersistentAttrs: [],
        setUserRootAttributes: "on_each_login",
        subject: "Welcome to {{ application.name }}",
        syntax: "liquid",
        template: "<html>This is the body of the email</html>",
        totp: {
            length: 6,
            timeStep: 300,
        },
    },
    strategy: "email",
});
resources:
  passwordlessEmail:
    type: auth0:Connection
    properties:
      options:
        authParams:
          responseType: code
          scope: openid email profile offline_access
        bruteForceProtection: true
        disableSignup: false
        from: '{{ application.name }} <root@auth0.com>'
        name: email
        nonPersistentAttrs: []
        setUserRootAttributes: on_each_login
        subject: Welcome to {{ application.name }}
        syntax: liquid
        template: <html>This is the body of the email</html>
        totp:
          length: 6
          timeStep: 300
      strategy: email

WindowsLive Connection

using System.Collections.Generic;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var windowslive = new Auth0.Connection("windowslive", new()
    {
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            ClientId = "<client-id>",
            ClientSecret = "<client-secret>",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
            Scopes = new[]
            {
                "signin",
                "graph_user",
            },
            SetUserRootAttributes = "on_first_login",
            StrategyVersion = 2,
        },
        Strategy = "windowslive",
    });

});
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewConnection(ctx, "windowslive", &auth0.ConnectionArgs{
			Options: &auth0.ConnectionOptionsArgs{
				ClientId:     pulumi.String("<client-id>"),
				ClientSecret: pulumi.String("<client-secret>"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
				Scopes: pulumi.StringArray{
					pulumi.String("signin"),
					pulumi.String("graph_user"),
				},
				SetUserRootAttributes: pulumi.String("on_first_login"),
				StrategyVersion:       pulumi.Int(2),
			},
			Strategy: pulumi.String("windowslive"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var windowslive = new Connection("windowslive", ConnectionArgs.builder()        
            .options(ConnectionOptionsArgs.builder()
                .clientId("<client-id>")
                .clientSecret("<client-secret>")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .scopes(                
                    "signin",
                    "graph_user")
                .setUserRootAttributes("on_first_login")
                .strategyVersion(2)
                .build())
            .strategy("windowslive")
            .build());

    }
}
import pulumi
import pulumi_auth0 as auth0

windowslive = auth0.Connection("windowslive",
    options=auth0.ConnectionOptionsArgs(
        client_id="<client-id>",
        client_secret="<client-secret>",
        non_persistent_attrs=[
            "ethnicity",
            "gender",
        ],
        scopes=[
            "signin",
            "graph_user",
        ],
        set_user_root_attributes="on_first_login",
        strategy_version=2,
    ),
    strategy="windowslive")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const windowslive = new auth0.Connection("windowslive", {
    options: {
        clientId: "<client-id>",
        clientSecret: "<client-secret>",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
        scopes: [
            "signin",
            "graph_user",
        ],
        setUserRootAttributes: "on_first_login",
        strategyVersion: 2,
    },
    strategy: "windowslive",
});
resources:
  windowslive:
    type: auth0:Connection
    properties:
      options:
        clientId: <client-id>
        clientSecret: <client-secret>
        nonPersistentAttrs:
          - ethnicity
          - gender
        scopes:
          - signin
          - graph_user
        setUserRootAttributes: on_first_login
        strategyVersion: 2
      strategy: windowslive

OIDC Connection

using System.Collections.Generic;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    var oidc = new Auth0.Connection("oidc", new()
    {
        DisplayName = "OIDC Connection",
        Options = new Auth0.Inputs.ConnectionOptionsArgs
        {
            AuthorizationEndpoint = "https://www.paypal.com/signin/authorize",
            ClientId = "1234567",
            ClientSecret = "1234567",
            DiscoveryUrl = "https://www.paypalobjects.com/.well-known/openid-configuration",
            DomainAliases = new[]
            {
                "example.com",
            },
            IconUrl = "https://example.com/assets/logo.png",
            Issuer = "https://www.paypalobjects.com",
            JwksUri = "https://api.paypal.com/v1/oauth2/certs",
            NonPersistentAttrs = new[]
            {
                "ethnicity",
                "gender",
            },
            Scopes = new[]
            {
                "openid",
                "email",
            },
            SetUserRootAttributes = "on_first_login",
            TenantDomain = "",
            TokenEndpoint = "https://api.paypal.com/v1/oauth2/token",
            Type = "front_channel",
            UserinfoEndpoint = "https://api.paypal.com/v1/oauth2/token/userinfo",
        },
        ShowAsButton = false,
        Strategy = "oidc",
    });

});
package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v2/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := auth0.NewConnection(ctx, "oidc", &auth0.ConnectionArgs{
			DisplayName: pulumi.String("OIDC Connection"),
			Options: &auth0.ConnectionOptionsArgs{
				AuthorizationEndpoint: pulumi.String("https://www.paypal.com/signin/authorize"),
				ClientId:              pulumi.String("1234567"),
				ClientSecret:          pulumi.String("1234567"),
				DiscoveryUrl:          pulumi.String("https://www.paypalobjects.com/.well-known/openid-configuration"),
				DomainAliases: pulumi.StringArray{
					pulumi.String("example.com"),
				},
				IconUrl: pulumi.String("https://example.com/assets/logo.png"),
				Issuer:  pulumi.String("https://www.paypalobjects.com"),
				JwksUri: pulumi.String("https://api.paypal.com/v1/oauth2/certs"),
				NonPersistentAttrs: pulumi.StringArray{
					pulumi.String("ethnicity"),
					pulumi.String("gender"),
				},
				Scopes: pulumi.StringArray{
					pulumi.String("openid"),
					pulumi.String("email"),
				},
				SetUserRootAttributes: pulumi.String("on_first_login"),
				TenantDomain:          pulumi.String(""),
				TokenEndpoint:         pulumi.String("https://api.paypal.com/v1/oauth2/token"),
				Type:                  pulumi.String("front_channel"),
				UserinfoEndpoint:      pulumi.String("https://api.paypal.com/v1/oauth2/token/userinfo"),
			},
			ShowAsButton: pulumi.Bool(false),
			Strategy:     pulumi.String("oidc"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var oidc = new Connection("oidc", ConnectionArgs.builder()        
            .displayName("OIDC Connection")
            .options(ConnectionOptionsArgs.builder()
                .authorizationEndpoint("https://www.paypal.com/signin/authorize")
                .clientId("1234567")
                .clientSecret("1234567")
                .discoveryUrl("https://www.paypalobjects.com/.well-known/openid-configuration")
                .domainAliases("example.com")
                .iconUrl("https://example.com/assets/logo.png")
                .issuer("https://www.paypalobjects.com")
                .jwksUri("https://api.paypal.com/v1/oauth2/certs")
                .nonPersistentAttrs(                
                    "ethnicity",
                    "gender")
                .scopes(                
                    "openid",
                    "email")
                .setUserRootAttributes("on_first_login")
                .tenantDomain("")
                .tokenEndpoint("https://api.paypal.com/v1/oauth2/token")
                .type("front_channel")
                .userinfoEndpoint("https://api.paypal.com/v1/oauth2/token/userinfo")
                .build())
            .showAsButton(false)
            .strategy("oidc")
            .build());

    }
}
import pulumi
import pulumi_auth0 as auth0

oidc = auth0.Connection("oidc",
    display_name="OIDC Connection",
    options=auth0.ConnectionOptionsArgs(
        authorization_endpoint="https://www.paypal.com/signin/authorize",
        client_id="1234567",
        client_secret="1234567",
        discovery_url="https://www.paypalobjects.com/.well-known/openid-configuration",
        domain_aliases=["example.com"],
        icon_url="https://example.com/assets/logo.png",
        issuer="https://www.paypalobjects.com",
        jwks_uri="https://api.paypal.com/v1/oauth2/certs",
        non_persistent_attrs=[
            "ethnicity",
            "gender",
        ],
        scopes=[
            "openid",
            "email",
        ],
        set_user_root_attributes="on_first_login",
        tenant_domain="",
        token_endpoint="https://api.paypal.com/v1/oauth2/token",
        type="front_channel",
        userinfo_endpoint="https://api.paypal.com/v1/oauth2/token/userinfo",
    ),
    show_as_button=False,
    strategy="oidc")
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

const oidc = new auth0.Connection("oidc", {
    displayName: "OIDC Connection",
    options: {
        authorizationEndpoint: "https://www.paypal.com/signin/authorize",
        clientId: "1234567",
        clientSecret: "1234567",
        discoveryUrl: "https://www.paypalobjects.com/.well-known/openid-configuration",
        domainAliases: ["example.com"],
        iconUrl: "https://example.com/assets/logo.png",
        issuer: "https://www.paypalobjects.com",
        jwksUri: "https://api.paypal.com/v1/oauth2/certs",
        nonPersistentAttrs: [
            "ethnicity",
            "gender",
        ],
        scopes: [
            "openid",
            "email",
        ],
        setUserRootAttributes: "on_first_login",
        tenantDomain: "",
        tokenEndpoint: "https://api.paypal.com/v1/oauth2/token",
        type: "front_channel",
        userinfoEndpoint: "https://api.paypal.com/v1/oauth2/token/userinfo",
    },
    showAsButton: false,
    strategy: "oidc",
});
resources:
  oidc:
    type: auth0:Connection
    properties:
      displayName: OIDC Connection
      options:
        authorizationEndpoint: https://www.paypal.com/signin/authorize
        clientId: '1234567'
        clientSecret: '1234567'
        discoveryUrl: https://www.paypalobjects.com/.well-known/openid-configuration
        domainAliases:
          - example.com
        iconUrl: https://example.com/assets/logo.png
        issuer: https://www.paypalobjects.com
        jwksUri: https://api.paypal.com/v1/oauth2/certs
        nonPersistentAttrs:
          - ethnicity
          - gender
        scopes:
          - openid
          - email
        setUserRootAttributes: on_first_login
        tenantDomain:
        tokenEndpoint: https://api.paypal.com/v1/oauth2/token
        type: front_channel
        userinfoEndpoint: https://api.paypal.com/v1/oauth2/token/userinfo
      showAsButton: false
      strategy: oidc

Create Connection Resource

new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);
@overload
def Connection(resource_name: str,
               opts: Optional[ResourceOptions] = None,
               display_name: Optional[str] = None,
               is_domain_connection: Optional[bool] = None,
               metadata: Optional[Mapping[str, str]] = None,
               name: Optional[str] = None,
               options: Optional[ConnectionOptionsArgs] = None,
               realms: Optional[Sequence[str]] = None,
               show_as_button: Optional[bool] = None,
               strategy: Optional[str] = None)
@overload
def Connection(resource_name: str,
               args: ConnectionArgs,
               opts: Optional[ResourceOptions] = None)
func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)
public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)
public Connection(String name, ConnectionArgs args)
public Connection(String name, ConnectionArgs args, CustomResourceOptions options)
type: auth0:Connection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args ConnectionArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Connection Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Connection resource accepts the following input properties:

Strategy string

Type of the connection, which indicates the identity provider.

DisplayName string

Name used in login screen.

IsDomainConnection bool

Indicates whether the connection is domain level.

Metadata Dictionary<string, string>

Metadata associated with the connection, in the form of a map of string values (max 255 chars). Maximum of 10 metadata properties allowed.

Name string

Name of the connection.

Options ConnectionOptionsArgs

Configuration settings for connection options.

Realms List<string>

Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.

ShowAsButton bool

Display connection as a button. Only available on enterprise connections.

Strategy string

Type of the connection, which indicates the identity provider.

DisplayName string

Name used in login screen.

IsDomainConnection bool

Indicates whether the connection is domain level.

Metadata map[string]string

Metadata associated with the connection, in the form of a map of string values (max 255 chars). Maximum of 10 metadata properties allowed.

Name string

Name of the connection.

Options ConnectionOptionsArgs

Configuration settings for connection options.

Realms []string

Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.

ShowAsButton bool

Display connection as a button. Only available on enterprise connections.

strategy String

Type of the connection, which indicates the identity provider.

displayName String

Name used in login screen.

isDomainConnection Boolean

Indicates whether the connection is domain level.

metadata Map<String,String>

Metadata associated with the connection, in the form of a map of string values (max 255 chars). Maximum of 10 metadata properties allowed.

name String

Name of the connection.

options ConnectionOptionsArgs

Configuration settings for connection options.

realms List<String>

Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.

showAsButton Boolean

Display connection as a button. Only available on enterprise connections.

strategy string

Type of the connection, which indicates the identity provider.

displayName string

Name used in login screen.

isDomainConnection boolean

Indicates whether the connection is domain level.

metadata {[key: string]: string}

Metadata associated with the connection, in the form of a map of string values (max 255 chars). Maximum of 10 metadata properties allowed.

name string

Name of the connection.

options ConnectionOptionsArgs

Configuration settings for connection options.

realms string[]

Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.

showAsButton boolean

Display connection as a button. Only available on enterprise connections.

strategy str

Type of the connection, which indicates the identity provider.

display_name str

Name used in login screen.

is_domain_connection bool

Indicates whether the connection is domain level.

metadata Mapping[str, str]

Metadata associated with the connection, in the form of a map of string values (max 255 chars). Maximum of 10 metadata properties allowed.

name str

Name of the connection.

options ConnectionOptionsArgs

Configuration settings for connection options.

realms Sequence[str]

Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.

show_as_button bool

Display connection as a button. Only available on enterprise connections.

strategy String

Type of the connection, which indicates the identity provider.

displayName String

Name used in login screen.

isDomainConnection Boolean

Indicates whether the connection is domain level.

metadata Map<String>

Metadata associated with the connection, in the form of a map of string values (max 255 chars). Maximum of 10 metadata properties allowed.

name String

Name of the connection.

options Property Map

Configuration settings for connection options.

realms List<String>

Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.

showAsButton Boolean

Display connection as a button. Only available on enterprise connections.

Outputs

All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:

EnabledClients List<string>

IDs of the clients for which the connection is enabled.

Id string

The provider-assigned unique ID for this managed resource.

EnabledClients []string

IDs of the clients for which the connection is enabled.

Id string

The provider-assigned unique ID for this managed resource.

enabledClients List<String>

IDs of the clients for which the connection is enabled.

id String

The provider-assigned unique ID for this managed resource.

enabledClients string[]

IDs of the clients for which the connection is enabled.

id string

The provider-assigned unique ID for this managed resource.

enabled_clients Sequence[str]

IDs of the clients for which the connection is enabled.

id str

The provider-assigned unique ID for this managed resource.

enabledClients List<String>

IDs of the clients for which the connection is enabled.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing Connection Resource

Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        display_name: Optional[str] = None,
        enabled_clients: Optional[Sequence[str]] = None,
        is_domain_connection: Optional[bool] = None,
        metadata: Optional[Mapping[str, str]] = None,
        name: Optional[str] = None,
        options: Optional[ConnectionOptionsArgs] = None,
        realms: Optional[Sequence[str]] = None,
        show_as_button: Optional[bool] = None,
        strategy: Optional[str] = None) -> Connection
func GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)
public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)
public static Connection get(String name, Output<String> id, ConnectionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
DisplayName string

Name used in login screen.

EnabledClients List<string>

IDs of the clients for which the connection is enabled.

IsDomainConnection bool

Indicates whether the connection is domain level.

Metadata Dictionary<string, string>

Metadata associated with the connection, in the form of a map of string values (max 255 chars). Maximum of 10 metadata properties allowed.

Name string

Name of the connection.

Options ConnectionOptionsArgs

Configuration settings for connection options.

Realms List<string>

Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.

ShowAsButton bool

Display connection as a button. Only available on enterprise connections.

Strategy string

Type of the connection, which indicates the identity provider.

DisplayName string

Name used in login screen.

EnabledClients []string

IDs of the clients for which the connection is enabled.

IsDomainConnection bool

Indicates whether the connection is domain level.

Metadata map[string]string

Metadata associated with the connection, in the form of a map of string values (max 255 chars). Maximum of 10 metadata properties allowed.

Name string

Name of the connection.

Options ConnectionOptionsArgs

Configuration settings for connection options.

Realms []string

Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.

ShowAsButton bool

Display connection as a button. Only available on enterprise connections.

Strategy string

Type of the connection, which indicates the identity provider.

displayName String

Name used in login screen.

enabledClients List<String>

IDs of the clients for which the connection is enabled.

isDomainConnection Boolean

Indicates whether the connection is domain level.

metadata Map<String,String>

Metadata associated with the connection, in the form of a map of string values (max 255 chars). Maximum of 10 metadata properties allowed.

name String

Name of the connection.

options ConnectionOptionsArgs

Configuration settings for connection options.

realms List<String>

Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.

showAsButton Boolean

Display connection as a button. Only available on enterprise connections.

strategy String

Type of the connection, which indicates the identity provider.

displayName string

Name used in login screen.

enabledClients string[]

IDs of the clients for which the connection is enabled.

isDomainConnection boolean

Indicates whether the connection is domain level.

metadata {[key: string]: string}

Metadata associated with the connection, in the form of a map of string values (max 255 chars). Maximum of 10 metadata properties allowed.

name string

Name of the connection.

options ConnectionOptionsArgs

Configuration settings for connection options.

realms string[]

Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.

showAsButton boolean

Display connection as a button. Only available on enterprise connections.

strategy string

Type of the connection, which indicates the identity provider.

display_name str

Name used in login screen.

enabled_clients Sequence[str]

IDs of the clients for which the connection is enabled.

is_domain_connection bool

Indicates whether the connection is domain level.

metadata Mapping[str, str]

Metadata associated with the connection, in the form of a map of string values (max 255 chars). Maximum of 10 metadata properties allowed.

name str

Name of the connection.

options ConnectionOptionsArgs

Configuration settings for connection options.

realms Sequence[str]

Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.

show_as_button bool

Display connection as a button. Only available on enterprise connections.

strategy str

Type of the connection, which indicates the identity provider.

displayName String

Name used in login screen.

enabledClients List<String>

IDs of the clients for which the connection is enabled.

isDomainConnection Boolean

Indicates whether the connection is domain level.

metadata Map<String>

Metadata associated with the connection, in the form of a map of string values (max 255 chars). Maximum of 10 metadata properties allowed.

name String

Name of the connection.

options Property Map

Configuration settings for connection options.

realms List<String>

Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.

showAsButton Boolean

Display connection as a button. Only available on enterprise connections.

strategy String

Type of the connection, which indicates the identity provider.

Supporting Types

ConnectionOptions

AdfsServer string

ADFS URL where to fetch the metadata source.

AllowedAudiences List<string>

List of allowed audiences.

ApiEnableUsers bool

Enable API Access to users.

AppId string

App ID.

AuthParams Dictionary<string, string>

Query string parameters to be included as part of the generated passwordless email link.

AuthorizationEndpoint string

Authorization endpoint.

BruteForceProtection bool

Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

ClientId string

The strategy's client ID.

ClientSecret string

The strategy's client secret.

CommunityBaseUrl string

Salesforce community base URL.

Configuration Dictionary<string, object>

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

CustomScripts Dictionary<string, string>

A map of scripts used to integrate with a custom database.

Debug bool

When enabled, additional debug information will be generated.

DigestAlgorithm string

Sign Request Algorithm Digest.

DisableCache bool

Indicates whether to disable the cache or not.

DisableSelfServiceChangePassword bool

Indicates whether to remove the forgot password link within the New Universal Login.

DisableSignOut bool

When enabled, will disable sign out.

DisableSignup bool

Indicates whether to allow user sign-ups to your application.

DiscoveryUrl string

OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.

Domain string

Domain name.

DomainAliases List<string>

List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.

EnableScriptContext bool

Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).

EnabledDatabaseCustomization bool

Set to true to use a legacy user store.

EntityId string

Custom Entity ID for the connection.

FedMetadataXml string

Federation Metadata for the ADFS connection.

FieldsMap string

If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

ForwardRequestInfo bool

Specifies whether or not request info should be forwarded to sms gateway.

From string

Address to use as the sender.

GatewayAuthentication ConnectionOptionsGatewayAuthentication

Defines the parameters used to generate the auth token for the custom gateway.

GatewayUrl string

Defines a custom sms gateway to use instead of Twilio.

IconUrl string

Icon URL.

IdentityApi string

Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.

IdpInitiated ConnectionOptionsIdpInitiated

Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.

ImportMode bool

Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.

Ips List<string>

A list of IPs.

Issuer string

Issuer URL, e.g. https://auth.example.com.

JwksUri string

JWKS URI.

KeyId string

Apple Key ID.

MaxGroupsToRetrieve string

Maximum number of groups to retrieve.

MessagingServiceSid string

SID for Copilot. Used when SMS Source is Copilot.

MetadataUrl string

The URL of the SAML metadata document.

MetadataXml string

The XML content for the SAML metadata document.

Mfa ConnectionOptionsMfa

Configuration options for multifactor authentication.

Name string

The public name of the email or SMS Connection. In most cases this is the same name as the connection name.

NonPersistentAttrs List<string>

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.

PasswordComplexityOptions ConnectionOptionsPasswordComplexityOptions

Configuration settings for password complexity.

PasswordDictionary ConnectionOptionsPasswordDictionary

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.

PasswordHistories List<ConnectionOptionsPasswordHistory>

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.

PasswordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo

Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.

PasswordPolicy string

Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

PingFederateBaseUrl string

Ping Federate Server URL.

PkceEnabled bool

Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.

ProtocolBinding string

The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.

Provider string

Defines the custom sms_gateway provider.

RequestTemplate string

Template that formats the SAML request.

RequiresUsername bool

Indicates whether the user is required to provide a username in addition to an email address.

Scopes List<string>

Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.

Scripts Dictionary<string, string>

A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.

SetUserRootAttributes string

Determines whether the 'name', 'givenname', 'familyname', 'nickname', and 'picture' attributes can be independently updated when using an external IdP. Possible values are 'oneachlogin' (default value, it configures the connection to automatically update the root attributes from the external IdP with each user login. When this setting is used, root attributes cannot be independently updated), 'onfirstlogin' (configures the connection to only set the root attributes on first login, allowing them to be independently updated thereafter).

ShouldTrustEmailVerifiedConnection string

Choose how Auth0 sets the email_verified field in the user profile.

SignInEndpoint string

SAML single login URL for the connection.

SignOutEndpoint string

SAML single logout URL for the connection.

SignSamlRequest bool

When enabled, the SAML authentication request will be signed.

SignatureAlgorithm string

Sign Request Algorithm.

SigningCert string

X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.

SigningKey ConnectionOptionsSigningKey

The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.

StrategyVersion int

Version 1 is deprecated, use version 2.

Subject string

Subject line of the email.

Syntax string

Syntax of the template body.

TeamId string

Apple Team ID.

Template string

Body of the template.

TenantDomain string

Tenant domain name.

TokenEndpoint string

Token endpoint.

Totp ConnectionOptionsTotp

Configuration options for one-time passwords.

TwilioSid string

SID for your Twilio account.

TwilioToken string

AuthToken for your Twilio account.

Type string

Value can be back_channel or front_channel.

UpstreamParams string

You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.

UseCertAuth bool

Indicates whether to use cert auth or not.

UseKerberos bool

Indicates whether to use Kerberos or not.

UseWsfed bool

Whether to use WS-Fed.

UserIdAttribute string

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

UserinfoEndpoint string

User info endpoint.

Validation ConnectionOptionsValidation

Validation of the minimum and maximum values allowed for a user to have as username.

WaadCommonEndpoint bool

Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

WaadProtocol string

Protocol to use.

AdfsServer string

ADFS URL where to fetch the metadata source.

AllowedAudiences []string

List of allowed audiences.

ApiEnableUsers bool

Enable API Access to users.

AppId string

App ID.

AuthParams map[string]string

Query string parameters to be included as part of the generated passwordless email link.

AuthorizationEndpoint string

Authorization endpoint.

BruteForceProtection bool

Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

ClientId string

The strategy's client ID.

ClientSecret string

The strategy's client secret.

CommunityBaseUrl string

Salesforce community base URL.

Configuration map[string]interface{}

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

CustomScripts map[string]string

A map of scripts used to integrate with a custom database.

Debug bool

When enabled, additional debug information will be generated.

DigestAlgorithm string

Sign Request Algorithm Digest.

DisableCache bool

Indicates whether to disable the cache or not.

DisableSelfServiceChangePassword bool

Indicates whether to remove the forgot password link within the New Universal Login.

DisableSignOut bool

When enabled, will disable sign out.

DisableSignup bool

Indicates whether to allow user sign-ups to your application.

DiscoveryUrl string

OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.

Domain string

Domain name.

DomainAliases []string

List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.

EnableScriptContext bool

Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).

EnabledDatabaseCustomization bool

Set to true to use a legacy user store.

EntityId string

Custom Entity ID for the connection.

FedMetadataXml string

Federation Metadata for the ADFS connection.

FieldsMap string

If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

ForwardRequestInfo bool

Specifies whether or not request info should be forwarded to sms gateway.

From string

Address to use as the sender.

GatewayAuthentication ConnectionOptionsGatewayAuthentication

Defines the parameters used to generate the auth token for the custom gateway.

GatewayUrl string

Defines a custom sms gateway to use instead of Twilio.

IconUrl string

Icon URL.

IdentityApi string

Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.

IdpInitiated ConnectionOptionsIdpInitiated

Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.

ImportMode bool

Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.

Ips []string

A list of IPs.

Issuer string

Issuer URL, e.g. https://auth.example.com.

JwksUri string

JWKS URI.

KeyId string

Apple Key ID.

MaxGroupsToRetrieve string

Maximum number of groups to retrieve.

MessagingServiceSid string

SID for Copilot. Used when SMS Source is Copilot.

MetadataUrl string

The URL of the SAML metadata document.

MetadataXml string

The XML content for the SAML metadata document.

Mfa ConnectionOptionsMfa

Configuration options for multifactor authentication.

Name string

The public name of the email or SMS Connection. In most cases this is the same name as the connection name.

NonPersistentAttrs []string

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.

PasswordComplexityOptions ConnectionOptionsPasswordComplexityOptions

Configuration settings for password complexity.

PasswordDictionary ConnectionOptionsPasswordDictionary

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.

PasswordHistories []ConnectionOptionsPasswordHistory

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.

PasswordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo

Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.

PasswordPolicy string

Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

PingFederateBaseUrl string

Ping Federate Server URL.

PkceEnabled bool

Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.

ProtocolBinding string

The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.

Provider string

Defines the custom sms_gateway provider.

RequestTemplate string

Template that formats the SAML request.

RequiresUsername bool

Indicates whether the user is required to provide a username in addition to an email address.

Scopes []string

Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.

Scripts map[string]string

A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.

SetUserRootAttributes string

Determines whether the 'name', 'givenname', 'familyname', 'nickname', and 'picture' attributes can be independently updated when using an external IdP. Possible values are 'oneachlogin' (default value, it configures the connection to automatically update the root attributes from the external IdP with each user login. When this setting is used, root attributes cannot be independently updated), 'onfirstlogin' (configures the connection to only set the root attributes on first login, allowing them to be independently updated thereafter).

ShouldTrustEmailVerifiedConnection string

Choose how Auth0 sets the email_verified field in the user profile.

SignInEndpoint string

SAML single login URL for the connection.

SignOutEndpoint string

SAML single logout URL for the connection.

SignSamlRequest bool

When enabled, the SAML authentication request will be signed.

SignatureAlgorithm string

Sign Request Algorithm.

SigningCert string

X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.

SigningKey ConnectionOptionsSigningKey

The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.

StrategyVersion int

Version 1 is deprecated, use version 2.

Subject string

Subject line of the email.

Syntax string

Syntax of the template body.

TeamId string

Apple Team ID.

Template string

Body of the template.

TenantDomain string

Tenant domain name.

TokenEndpoint string

Token endpoint.

Totp ConnectionOptionsTotp

Configuration options for one-time passwords.

TwilioSid string

SID for your Twilio account.

TwilioToken string

AuthToken for your Twilio account.

Type string

Value can be back_channel or front_channel.

UpstreamParams string

You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.

UseCertAuth bool

Indicates whether to use cert auth or not.

UseKerberos bool

Indicates whether to use Kerberos or not.

UseWsfed bool

Whether to use WS-Fed.

UserIdAttribute string

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

UserinfoEndpoint string

User info endpoint.

Validation ConnectionOptionsValidation

Validation of the minimum and maximum values allowed for a user to have as username.

WaadCommonEndpoint bool

Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

WaadProtocol string

Protocol to use.

adfsServer String

ADFS URL where to fetch the metadata source.

allowedAudiences List<String>

List of allowed audiences.

apiEnableUsers Boolean

Enable API Access to users.

appId String

App ID.

authParams Map<String,String>

Query string parameters to be included as part of the generated passwordless email link.

authorizationEndpoint String

Authorization endpoint.

bruteForceProtection Boolean

Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

clientId String

The strategy's client ID.

clientSecret String

The strategy's client secret.

communityBaseUrl String

Salesforce community base URL.

configuration Map<String,Object>

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

customScripts Map<String,String>

A map of scripts used to integrate with a custom database.

debug Boolean

When enabled, additional debug information will be generated.

digestAlgorithm String

Sign Request Algorithm Digest.

disableCache Boolean

Indicates whether to disable the cache or not.

disableSelfServiceChangePassword Boolean

Indicates whether to remove the forgot password link within the New Universal Login.

disableSignOut Boolean

When enabled, will disable sign out.

disableSignup Boolean

Indicates whether to allow user sign-ups to your application.

discoveryUrl String

OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.

domain String

Domain name.

domainAliases List<String>

List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.

enableScriptContext Boolean

Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).

enabledDatabaseCustomization Boolean

Set to true to use a legacy user store.

entityId String

Custom Entity ID for the connection.

fedMetadataXml String

Federation Metadata for the ADFS connection.

fieldsMap String

If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

forwardRequestInfo Boolean

Specifies whether or not request info should be forwarded to sms gateway.

from String

Address to use as the sender.

gatewayAuthentication ConnectionOptionsGatewayAuthentication

Defines the parameters used to generate the auth token for the custom gateway.

gatewayUrl String

Defines a custom sms gateway to use instead of Twilio.

iconUrl String

Icon URL.

identityApi String

Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.

idpInitiated ConnectionOptionsIdpInitiated

Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.

importMode Boolean

Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.

ips List<String>

A list of IPs.

issuer String

Issuer URL, e.g. https://auth.example.com.

jwksUri String

JWKS URI.

keyId String

Apple Key ID.

maxGroupsToRetrieve String

Maximum number of groups to retrieve.

messagingServiceSid String

SID for Copilot. Used when SMS Source is Copilot.

metadataUrl String

The URL of the SAML metadata document.

metadataXml String

The XML content for the SAML metadata document.

mfa ConnectionOptionsMfa

Configuration options for multifactor authentication.

name String

The public name of the email or SMS Connection. In most cases this is the same name as the connection name.

nonPersistentAttrs List<String>

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.

passwordComplexityOptions ConnectionOptionsPasswordComplexityOptions

Configuration settings for password complexity.

passwordDictionary ConnectionOptionsPasswordDictionary

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.

passwordHistories List<ConnectionOptionsPasswordHistory>

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.

passwordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo

Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.

passwordPolicy String

Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

pingFederateBaseUrl String

Ping Federate Server URL.

pkceEnabled Boolean

Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.

protocolBinding String

The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.

provider String

Defines the custom sms_gateway provider.

requestTemplate String

Template that formats the SAML request.

requiresUsername Boolean

Indicates whether the user is required to provide a username in addition to an email address.

scopes List<String>

Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.

scripts Map<String,String>

A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.

setUserRootAttributes String

Determines whether the 'name', 'givenname', 'familyname', 'nickname', and 'picture' attributes can be independently updated when using an external IdP. Possible values are 'oneachlogin' (default value, it configures the connection to automatically update the root attributes from the external IdP with each user login. When this setting is used, root attributes cannot be independently updated), 'onfirstlogin' (configures the connection to only set the root attributes on first login, allowing them to be independently updated thereafter).

shouldTrustEmailVerifiedConnection String

Choose how Auth0 sets the email_verified field in the user profile.

signInEndpoint String

SAML single login URL for the connection.

signOutEndpoint String

SAML single logout URL for the connection.

signSamlRequest Boolean

When enabled, the SAML authentication request will be signed.

signatureAlgorithm String

Sign Request Algorithm.

signingCert String

X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.

signingKey ConnectionOptionsSigningKey

The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.

strategyVersion Integer

Version 1 is deprecated, use version 2.

subject String

Subject line of the email.

syntax String

Syntax of the template body.

teamId String

Apple Team ID.

template String

Body of the template.

tenantDomain String

Tenant domain name.

tokenEndpoint String

Token endpoint.

totp ConnectionOptionsTotp

Configuration options for one-time passwords.

twilioSid String

SID for your Twilio account.

twilioToken String

AuthToken for your Twilio account.

type String

Value can be back_channel or front_channel.

upstreamParams String

You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.

useCertAuth Boolean

Indicates whether to use cert auth or not.

useKerberos Boolean

Indicates whether to use Kerberos or not.

useWsfed Boolean

Whether to use WS-Fed.

userIdAttribute String

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

userinfoEndpoint String

User info endpoint.

validation ConnectionOptionsValidation

Validation of the minimum and maximum values allowed for a user to have as username.

waadCommonEndpoint Boolean

Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

waadProtocol String

Protocol to use.

adfsServer string

ADFS URL where to fetch the metadata source.

allowedAudiences string[]

List of allowed audiences.

apiEnableUsers boolean

Enable API Access to users.

appId string

App ID.

authParams {[key: string]: string}

Query string parameters to be included as part of the generated passwordless email link.

authorizationEndpoint string

Authorization endpoint.

bruteForceProtection boolean

Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

clientId string

The strategy's client ID.

clientSecret string

The strategy's client secret.

communityBaseUrl string

Salesforce community base URL.

configuration {[key: string]: any}

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

customScripts {[key: string]: string}

A map of scripts used to integrate with a custom database.

debug boolean

When enabled, additional debug information will be generated.

digestAlgorithm string

Sign Request Algorithm Digest.

disableCache boolean

Indicates whether to disable the cache or not.

disableSelfServiceChangePassword boolean

Indicates whether to remove the forgot password link within the New Universal Login.

disableSignOut boolean

When enabled, will disable sign out.

disableSignup boolean

Indicates whether to allow user sign-ups to your application.

discoveryUrl string

OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.

domain string

Domain name.

domainAliases string[]

List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.

enableScriptContext boolean

Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).

enabledDatabaseCustomization boolean

Set to true to use a legacy user store.

entityId string

Custom Entity ID for the connection.

fedMetadataXml string

Federation Metadata for the ADFS connection.

fieldsMap string

If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

forwardRequestInfo boolean

Specifies whether or not request info should be forwarded to sms gateway.

from string

Address to use as the sender.

gatewayAuthentication ConnectionOptionsGatewayAuthentication

Defines the parameters used to generate the auth token for the custom gateway.

gatewayUrl string

Defines a custom sms gateway to use instead of Twilio.

iconUrl string

Icon URL.

identityApi string

Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.

idpInitiated ConnectionOptionsIdpInitiated

Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.

importMode boolean

Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.

ips string[]

A list of IPs.

issuer string

Issuer URL, e.g. https://auth.example.com.

jwksUri string

JWKS URI.

keyId string

Apple Key ID.

maxGroupsToRetrieve string

Maximum number of groups to retrieve.

messagingServiceSid string

SID for Copilot. Used when SMS Source is Copilot.

metadataUrl string

The URL of the SAML metadata document.

metadataXml string

The XML content for the SAML metadata document.

mfa ConnectionOptionsMfa

Configuration options for multifactor authentication.

name string

The public name of the email or SMS Connection. In most cases this is the same name as the connection name.

nonPersistentAttrs string[]

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.

passwordComplexityOptions ConnectionOptionsPasswordComplexityOptions

Configuration settings for password complexity.

passwordDictionary ConnectionOptionsPasswordDictionary

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.

passwordHistories ConnectionOptionsPasswordHistory[]

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.

passwordNoPersonalInfo ConnectionOptionsPasswordNoPersonalInfo

Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.

passwordPolicy string

Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

pingFederateBaseUrl string

Ping Federate Server URL.

pkceEnabled boolean

Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.

protocolBinding string

The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.

provider string

Defines the custom sms_gateway provider.

requestTemplate string

Template that formats the SAML request.

requiresUsername boolean

Indicates whether the user is required to provide a username in addition to an email address.

scopes string[]

Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.

scripts {[key: string]: string}

A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.

setUserRootAttributes string

Determines whether the 'name', 'givenname', 'familyname', 'nickname', and 'picture' attributes can be independently updated when using an external IdP. Possible values are 'oneachlogin' (default value, it configures the connection to automatically update the root attributes from the external IdP with each user login. When this setting is used, root attributes cannot be independently updated), 'onfirstlogin' (configures the connection to only set the root attributes on first login, allowing them to be independently updated thereafter).

shouldTrustEmailVerifiedConnection string

Choose how Auth0 sets the email_verified field in the user profile.

signInEndpoint string

SAML single login URL for the connection.

signOutEndpoint string

SAML single logout URL for the connection.

signSamlRequest boolean

When enabled, the SAML authentication request will be signed.

signatureAlgorithm string

Sign Request Algorithm.

signingCert string

X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.

signingKey ConnectionOptionsSigningKey

The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.

strategyVersion number

Version 1 is deprecated, use version 2.

subject string

Subject line of the email.

syntax string

Syntax of the template body.

teamId string

Apple Team ID.

template string

Body of the template.

tenantDomain string

Tenant domain name.

tokenEndpoint string

Token endpoint.

totp ConnectionOptionsTotp

Configuration options for one-time passwords.

twilioSid string

SID for your Twilio account.

twilioToken string

AuthToken for your Twilio account.

type string

Value can be back_channel or front_channel.

upstreamParams string

You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.

useCertAuth boolean

Indicates whether to use cert auth or not.

useKerberos boolean

Indicates whether to use Kerberos or not.

useWsfed boolean

Whether to use WS-Fed.

userIdAttribute string

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

userinfoEndpoint string

User info endpoint.

validation ConnectionOptionsValidation

Validation of the minimum and maximum values allowed for a user to have as username.

waadCommonEndpoint boolean

Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

waadProtocol string

Protocol to use.

adfs_server str

ADFS URL where to fetch the metadata source.

allowed_audiences Sequence[str]

List of allowed audiences.

api_enable_users bool

Enable API Access to users.

app_id str

App ID.

auth_params Mapping[str, str]

Query string parameters to be included as part of the generated passwordless email link.

authorization_endpoint str

Authorization endpoint.

brute_force_protection bool

Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

client_id str

The strategy's client ID.

client_secret str

The strategy's client secret.

community_base_url str

Salesforce community base URL.

configuration Mapping[str, Any]

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

custom_scripts Mapping[str, str]

A map of scripts used to integrate with a custom database.

debug bool

When enabled, additional debug information will be generated.

digest_algorithm str

Sign Request Algorithm Digest.

disable_cache bool

Indicates whether to disable the cache or not.

disable_self_service_change_password bool

Indicates whether to remove the forgot password link within the New Universal Login.

disable_sign_out bool

When enabled, will disable sign out.

disable_signup bool

Indicates whether to allow user sign-ups to your application.

discovery_url str

OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.

domain str

Domain name.

domain_aliases Sequence[str]

List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.

enable_script_context bool

Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).

enabled_database_customization bool

Set to true to use a legacy user store.

entity_id str

Custom Entity ID for the connection.

fed_metadata_xml str

Federation Metadata for the ADFS connection.

fields_map str

If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

forward_request_info bool

Specifies whether or not request info should be forwarded to sms gateway.

from_ str

Address to use as the sender.

gateway_authentication ConnectionOptionsGatewayAuthentication

Defines the parameters used to generate the auth token for the custom gateway.

gateway_url str

Defines a custom sms gateway to use instead of Twilio.

icon_url str

Icon URL.

identity_api str

Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.

idp_initiated ConnectionOptionsIdpInitiated

Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.

import_mode bool

Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.

ips Sequence[str]

A list of IPs.

issuer str

Issuer URL, e.g. https://auth.example.com.

jwks_uri str

JWKS URI.

key_id str

Apple Key ID.

max_groups_to_retrieve str

Maximum number of groups to retrieve.

messaging_service_sid str

SID for Copilot. Used when SMS Source is Copilot.

metadata_url str

The URL of the SAML metadata document.

metadata_xml str

The XML content for the SAML metadata document.

mfa ConnectionOptionsMfa

Configuration options for multifactor authentication.

name str

The public name of the email or SMS Connection. In most cases this is the same name as the connection name.

non_persistent_attrs Sequence[str]

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.

password_complexity_options ConnectionOptionsPasswordComplexityOptions

Configuration settings for password complexity.

password_dictionary ConnectionOptionsPasswordDictionary

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.

password_histories Sequence[ConnectionOptionsPasswordHistory]

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.

password_no_personal_info ConnectionOptionsPasswordNoPersonalInfo

Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.

password_policy str

Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

ping_federate_base_url str

Ping Federate Server URL.

pkce_enabled bool

Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.

protocol_binding str

The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.

provider str

Defines the custom sms_gateway provider.

request_template str

Template that formats the SAML request.

requires_username bool

Indicates whether the user is required to provide a username in addition to an email address.

scopes Sequence[str]

Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.

scripts Mapping[str, str]

A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.

set_user_root_attributes str

Determines whether the 'name', 'givenname', 'familyname', 'nickname', and 'picture' attributes can be independently updated when using an external IdP. Possible values are 'oneachlogin' (default value, it configures the connection to automatically update the root attributes from the external IdP with each user login. When this setting is used, root attributes cannot be independently updated), 'onfirstlogin' (configures the connection to only set the root attributes on first login, allowing them to be independently updated thereafter).

should_trust_email_verified_connection str

Choose how Auth0 sets the email_verified field in the user profile.

sign_in_endpoint str

SAML single login URL for the connection.

sign_out_endpoint str

SAML single logout URL for the connection.

sign_saml_request bool

When enabled, the SAML authentication request will be signed.

signature_algorithm str

Sign Request Algorithm.

signing_cert str

X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.

signing_key ConnectionOptionsSigningKey

The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.

strategy_version int

Version 1 is deprecated, use version 2.

subject str

Subject line of the email.

syntax str

Syntax of the template body.

team_id str

Apple Team ID.

template str

Body of the template.

tenant_domain str

Tenant domain name.

token_endpoint str

Token endpoint.

totp ConnectionOptionsTotp

Configuration options for one-time passwords.

twilio_sid str

SID for your Twilio account.

twilio_token str

AuthToken for your Twilio account.

type str

Value can be back_channel or front_channel.

upstream_params str

You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.

use_cert_auth bool

Indicates whether to use cert auth or not.

use_kerberos bool

Indicates whether to use Kerberos or not.

use_wsfed bool

Whether to use WS-Fed.

user_id_attribute str

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

userinfo_endpoint str

User info endpoint.

validation ConnectionOptionsValidation

Validation of the minimum and maximum values allowed for a user to have as username.

waad_common_endpoint bool

Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

waad_protocol str

Protocol to use.

adfsServer String

ADFS URL where to fetch the metadata source.

allowedAudiences List<String>

List of allowed audiences.

apiEnableUsers Boolean

Enable API Access to users.

appId String

App ID.

authParams Map<String>

Query string parameters to be included as part of the generated passwordless email link.

authorizationEndpoint String

Authorization endpoint.

bruteForceProtection Boolean

Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.

clientId String

The strategy's client ID.

clientSecret String

The strategy's client secret.

communityBaseUrl String

Salesforce community base URL.

configuration Map<Any>

A case-sensitive map of key value pairs used as configuration variables for the custom_script.

customScripts Map<String>

A map of scripts used to integrate with a custom database.

debug Boolean

When enabled, additional debug information will be generated.

digestAlgorithm String

Sign Request Algorithm Digest.

disableCache Boolean

Indicates whether to disable the cache or not.

disableSelfServiceChangePassword Boolean

Indicates whether to remove the forgot password link within the New Universal Login.

disableSignOut Boolean

When enabled, will disable sign out.

disableSignup Boolean

Indicates whether to allow user sign-ups to your application.

discoveryUrl String

OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.

domain String

Domain name.

domainAliases List<String>

List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.

enableScriptContext Boolean

Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).

enabledDatabaseCustomization Boolean

Set to true to use a legacy user store.

entityId String

Custom Entity ID for the connection.

fedMetadataXml String

Federation Metadata for the ADFS connection.

fieldsMap String

If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.

forwardRequestInfo Boolean

Specifies whether or not request info should be forwarded to sms gateway.

from String

Address to use as the sender.

gatewayAuthentication Property Map

Defines the parameters used to generate the auth token for the custom gateway.

gatewayUrl String

Defines a custom sms gateway to use instead of Twilio.

iconUrl String

Icon URL.

identityApi String

Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.

idpInitiated Property Map

Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.

importMode Boolean

Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.

ips List<String>

A list of IPs.

issuer String

Issuer URL, e.g. https://auth.example.com.

jwksUri String

JWKS URI.

keyId String

Apple Key ID.

maxGroupsToRetrieve String

Maximum number of groups to retrieve.

messagingServiceSid String

SID for Copilot. Used when SMS Source is Copilot.

metadataUrl String

The URL of the SAML metadata document.

metadataXml String

The XML content for the SAML metadata document.

mfa Property Map

Configuration options for multifactor authentication.

name String

The public name of the email or SMS Connection. In most cases this is the same name as the connection name.

nonPersistentAttrs List<String>

If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.

passwordComplexityOptions Property Map

Configuration settings for password complexity.

passwordDictionary Property Map

Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.

passwordHistories List<Property Map>

Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.

passwordNoPersonalInfo Property Map

Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.

passwordPolicy String

Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.

pingFederateBaseUrl String

Ping Federate Server URL.

pkceEnabled Boolean

Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.

protocolBinding String

The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.

provider String

Defines the custom sms_gateway provider.

requestTemplate String

Template that formats the SAML request.

requiresUsername Boolean

Indicates whether the user is required to provide a username in addition to an email address.

scopes List<String>

Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.

scripts Map<String>

A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.

setUserRootAttributes String

Determines whether the 'name', 'givenname', 'familyname', 'nickname', and 'picture' attributes can be independently updated when using an external IdP. Possible values are 'oneachlogin' (default value, it configures the connection to automatically update the root attributes from the external IdP with each user login. When this setting is used, root attributes cannot be independently updated), 'onfirstlogin' (configures the connection to only set the root attributes on first login, allowing them to be independently updated thereafter).

shouldTrustEmailVerifiedConnection String

Choose how Auth0 sets the email_verified field in the user profile.

signInEndpoint String

SAML single login URL for the connection.

signOutEndpoint String

SAML single logout URL for the connection.

signSamlRequest Boolean

When enabled, the SAML authentication request will be signed.

signatureAlgorithm String

Sign Request Algorithm.

signingCert String

X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.

signingKey Property Map

The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.

strategyVersion Number

Version 1 is deprecated, use version 2.

subject String

Subject line of the email.

syntax String

Syntax of the template body.

teamId String

Apple Team ID.

template String

Body of the template.

tenantDomain String

Tenant domain name.

tokenEndpoint String

Token endpoint.

totp Property Map

Configuration options for one-time passwords.

twilioSid String

SID for your Twilio account.

twilioToken String

AuthToken for your Twilio account.

type String

Value can be back_channel or front_channel.

upstreamParams String

You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.

useCertAuth Boolean

Indicates whether to use cert auth or not.

useKerberos Boolean

Indicates whether to use Kerberos or not.

useWsfed Boolean

Whether to use WS-Fed.

userIdAttribute String

Attribute in the SAML token that will be mapped to the user_id property in Auth0.

userinfoEndpoint String

User info endpoint.

validation Property Map

Validation of the minimum and maximum values allowed for a user to have as username.

waadCommonEndpoint Boolean

Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

waadProtocol String

Protocol to use.

ConnectionOptionsGatewayAuthentication

Audience string
Method string
Secret string
SecretBase64Encoded bool
Subject string
Audience string
Method string
Secret string
SecretBase64Encoded bool
Subject string
audience String
method String
secret String
secretBase64Encoded Boolean
subject String
audience string
method string
secret string
secretBase64Encoded boolean
subject string
audience String
method String
secret String
secretBase64Encoded Boolean
subject String

ConnectionOptionsIdpInitiated

ConnectionOptionsMfa

ConnectionOptionsPasswordComplexityOptions

minLength Integer
minLength number
minLength Number

ConnectionOptionsPasswordDictionary

Dictionaries List<string>
Enable bool
Dictionaries []string
Enable bool
dictionaries List<String>
enable Boolean
dictionaries string[]
enable boolean
dictionaries Sequence[str]
enable bool
dictionaries List<String>
enable Boolean

ConnectionOptionsPasswordHistory

Enable bool
Size int
Enable bool
Size int
enable Boolean
size Integer
enable boolean
size number
enable bool
size int
enable Boolean
size Number

ConnectionOptionsPasswordNoPersonalInfo

Enable bool
Enable bool
enable Boolean
enable boolean
enable bool
enable Boolean

ConnectionOptionsSigningKey

Cert string
Key string
Cert string
Key string
cert String
key String
cert string
key string
cert str
key str
cert String
key String

ConnectionOptionsTotp

length Integer
timeStep Integer
length number
timeStep number
length Number
timeStep Number

ConnectionOptionsValidation

ConnectionOptionsValidationUsername

Max int
Min int
Max int
Min int
max Integer
min Integer
max number
min number
max int
min int
max Number
min Number

Import

Connections can be imported using their ID. # Example

 $ pulumi import auth0:index/connection:Connection google con_a17f21fdb24d48a0

Package Details

Repository
Auth0 pulumi/pulumi-auth0
License
Apache-2.0
Notes

This Pulumi package is based on the auth0 Terraform Provider.