auth0.Connection
Explore with Pulumi AI
With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers (such as Google or LinkedIn), databases, or passwordless authentication methods. This resource allows you to configure and manage connections to be used with your clients and users.
The Auth0 dashboard displays only one connection per social provider. Although the Auth0 Management API allows the creation of multiple connections per strategy, the additional connections may not be visible in the Auth0 dashboard.
Example Usage
Auth0 Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an Auth0 connection.
const myConnection = new auth0.Connection("my_connection", {
name: "Example-Connection",
isDomainConnection: true,
strategy: "auth0",
metadata: {
key1: "foo",
key2: "bar",
},
options: {
passwordPolicy: "excellent",
bruteForceProtection: true,
strategyVersion: 2,
enabledDatabaseCustomization: true,
importMode: false,
requiresUsername: true,
disableSignup: false,
customScripts: {
get_user: ` function getByEmail(email, callback) {
return callback(new Error("Whoops!"));
}
`,
},
configuration: {
foo: "bar",
bar: "baz",
},
upstreamParams: JSON.stringify({
screen_name: {
alias: "login_hint",
},
}),
passwordHistories: [{
enable: true,
size: 3,
}],
passwordNoPersonalInfo: {
enable: true,
},
passwordDictionary: {
enable: true,
dictionaries: [
"password",
"admin",
"1234",
],
},
passwordComplexityOptions: {
minLength: 12,
},
validation: {
username: {
min: 10,
max: 40,
},
},
mfa: {
active: true,
returnEnrollSettings: true,
},
},
});
import pulumi
import json
import pulumi_auth0 as auth0
# This is an example of an Auth0 connection.
my_connection = auth0.Connection("my_connection",
name="Example-Connection",
is_domain_connection=True,
strategy="auth0",
metadata={
"key1": "foo",
"key2": "bar",
},
options={
"password_policy": "excellent",
"brute_force_protection": True,
"strategy_version": 2,
"enabled_database_customization": True,
"import_mode": False,
"requires_username": True,
"disable_signup": False,
"custom_scripts": {
"get_user": """ function getByEmail(email, callback) {
return callback(new Error("Whoops!"));
}
""",
},
"configuration": {
"foo": "bar",
"bar": "baz",
},
"upstream_params": json.dumps({
"screen_name": {
"alias": "login_hint",
},
}),
"password_histories": [{
"enable": True,
"size": 3,
}],
"password_no_personal_info": {
"enable": True,
},
"password_dictionary": {
"enable": True,
"dictionaries": [
"password",
"admin",
"1234",
],
},
"password_complexity_options": {
"min_length": 12,
},
"validation": {
"username": {
"min": 10,
"max": 40,
},
},
"mfa": {
"active": True,
"return_enroll_settings": True,
},
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"screen_name": map[string]interface{}{
"alias": "login_hint",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
// This is an example of an Auth0 connection.
_, err = auth0.NewConnection(ctx, "my_connection", &auth0.ConnectionArgs{
Name: pulumi.String("Example-Connection"),
IsDomainConnection: pulumi.Bool(true),
Strategy: pulumi.String("auth0"),
Metadata: pulumi.StringMap{
"key1": pulumi.String("foo"),
"key2": pulumi.String("bar"),
},
Options: &auth0.ConnectionOptionsArgs{
PasswordPolicy: pulumi.String("excellent"),
BruteForceProtection: pulumi.Bool(true),
StrategyVersion: pulumi.Int(2),
EnabledDatabaseCustomization: pulumi.Bool(true),
ImportMode: pulumi.Bool(false),
RequiresUsername: pulumi.Bool(true),
DisableSignup: pulumi.Bool(false),
CustomScripts: pulumi.StringMap{
"get_user": pulumi.String(" function getByEmail(email, callback) {\n return callback(new Error(\"Whoops!\"));\n }\n"),
},
Configuration: pulumi.StringMap{
"foo": pulumi.String("bar"),
"bar": pulumi.String("baz"),
},
UpstreamParams: pulumi.String(json0),
PasswordHistories: auth0.ConnectionOptionsPasswordHistoryArray{
&auth0.ConnectionOptionsPasswordHistoryArgs{
Enable: pulumi.Bool(true),
Size: pulumi.Int(3),
},
},
PasswordNoPersonalInfo: &auth0.ConnectionOptionsPasswordNoPersonalInfoArgs{
Enable: pulumi.Bool(true),
},
PasswordDictionary: &auth0.ConnectionOptionsPasswordDictionaryArgs{
Enable: pulumi.Bool(true),
Dictionaries: pulumi.StringArray{
pulumi.String("password"),
pulumi.String("admin"),
pulumi.String("1234"),
},
},
PasswordComplexityOptions: &auth0.ConnectionOptionsPasswordComplexityOptionsArgs{
MinLength: pulumi.Int(12),
},
Validation: &auth0.ConnectionOptionsValidationArgs{
Username: &auth0.ConnectionOptionsValidationUsernameArgs{
Min: pulumi.Int(10),
Max: pulumi.Int(40),
},
},
Mfa: &auth0.ConnectionOptionsMfaArgs{
Active: pulumi.Bool(true),
ReturnEnrollSettings: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an Auth0 connection.
var myConnection = new Auth0.Connection("my_connection", new()
{
Name = "Example-Connection",
IsDomainConnection = true,
Strategy = "auth0",
Metadata =
{
{ "key1", "foo" },
{ "key2", "bar" },
},
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
PasswordPolicy = "excellent",
BruteForceProtection = true,
StrategyVersion = 2,
EnabledDatabaseCustomization = true,
ImportMode = false,
RequiresUsername = true,
DisableSignup = false,
CustomScripts =
{
{ "get_user", @" function getByEmail(email, callback) {
return callback(new Error(""Whoops!""));
}
" },
},
Configuration =
{
{ "foo", "bar" },
{ "bar", "baz" },
},
UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["screen_name"] = new Dictionary<string, object?>
{
["alias"] = "login_hint",
},
}),
PasswordHistories = new[]
{
new Auth0.Inputs.ConnectionOptionsPasswordHistoryArgs
{
Enable = true,
Size = 3,
},
},
PasswordNoPersonalInfo = new Auth0.Inputs.ConnectionOptionsPasswordNoPersonalInfoArgs
{
Enable = true,
},
PasswordDictionary = new Auth0.Inputs.ConnectionOptionsPasswordDictionaryArgs
{
Enable = true,
Dictionaries = new[]
{
"password",
"admin",
"1234",
},
},
PasswordComplexityOptions = new Auth0.Inputs.ConnectionOptionsPasswordComplexityOptionsArgs
{
MinLength = 12,
},
Validation = new Auth0.Inputs.ConnectionOptionsValidationArgs
{
Username = new Auth0.Inputs.ConnectionOptionsValidationUsernameArgs
{
Min = 10,
Max = 40,
},
},
Mfa = new Auth0.Inputs.ConnectionOptionsMfaArgs
{
Active = true,
ReturnEnrollSettings = true,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsPasswordNoPersonalInfoArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsPasswordDictionaryArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsPasswordComplexityOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsValidationArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsValidationUsernameArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsMfaArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an Auth0 connection.
var myConnection = new Connection("myConnection", ConnectionArgs.builder()
.name("Example-Connection")
.isDomainConnection(true)
.strategy("auth0")
.metadata(Map.ofEntries(
Map.entry("key1", "foo"),
Map.entry("key2", "bar")
))
.options(ConnectionOptionsArgs.builder()
.passwordPolicy("excellent")
.bruteForceProtection(true)
.strategyVersion(2)
.enabledDatabaseCustomization(true)
.importMode(false)
.requiresUsername(true)
.disableSignup(false)
.customScripts(Map.of("get_user", """
function getByEmail(email, callback) {
return callback(new Error("Whoops!"));
}
"""))
.configuration(Map.ofEntries(
Map.entry("foo", "bar"),
Map.entry("bar", "baz")
))
.upstreamParams(serializeJson(
jsonObject(
jsonProperty("screen_name", jsonObject(
jsonProperty("alias", "login_hint")
))
)))
.passwordHistories(ConnectionOptionsPasswordHistoryArgs.builder()
.enable(true)
.size(3)
.build())
.passwordNoPersonalInfo(ConnectionOptionsPasswordNoPersonalInfoArgs.builder()
.enable(true)
.build())
.passwordDictionary(ConnectionOptionsPasswordDictionaryArgs.builder()
.enable(true)
.dictionaries(
"password",
"admin",
"1234")
.build())
.passwordComplexityOptions(ConnectionOptionsPasswordComplexityOptionsArgs.builder()
.minLength(12)
.build())
.validation(ConnectionOptionsValidationArgs.builder()
.username(ConnectionOptionsValidationUsernameArgs.builder()
.min(10)
.max(40)
.build())
.build())
.mfa(ConnectionOptionsMfaArgs.builder()
.active(true)
.returnEnrollSettings(true)
.build())
.build())
.build());
}
}
resources:
# This is an example of an Auth0 connection.
myConnection:
type: auth0:Connection
name: my_connection
properties:
name: Example-Connection
isDomainConnection: true
strategy: auth0
metadata:
key1: foo
key2: bar
options:
passwordPolicy: excellent
bruteForceProtection: true
strategyVersion: 2
enabledDatabaseCustomization: true
importMode: false
requiresUsername: true
disableSignup: false
customScripts:
get_user: |2
function getByEmail(email, callback) {
return callback(new Error("Whoops!"));
}
configuration:
foo: bar
bar: baz
upstreamParams:
fn::toJSON:
screen_name:
alias: login_hint
passwordHistories:
- enable: true
size: 3
passwordNoPersonalInfo:
enable: true
passwordDictionary:
enable: true
dictionaries:
- password
- admin
- '1234'
passwordComplexityOptions:
minLength: 12
validation:
username:
min: 10
max: 40
mfa:
active: true
returnEnrollSettings: true
Google OAuth2 Connection
Your Auth0 account may be pre-configured with a
google-oauth2
connection.
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of a Google OAuth2 connection.
const googleOauth2 = new auth0.Connection("google_oauth2", {
name: "Google-OAuth2-Connection",
strategy: "google-oauth2",
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
allowedAudiences: [
"example.com",
"api.example.com",
],
scopes: [
"email",
"profile",
"gmail",
"youtube",
],
setUserRootAttributes: "on_each_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of a Google OAuth2 connection.
google_oauth2 = auth0.Connection("google_oauth2",
name="Google-OAuth2-Connection",
strategy="google-oauth2",
options={
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"allowed_audiences": [
"example.com",
"api.example.com",
],
"scopes": [
"email",
"profile",
"gmail",
"youtube",
],
"set_user_root_attributes": "on_each_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of a Google OAuth2 connection.
_, err := auth0.NewConnection(ctx, "google_oauth2", &auth0.ConnectionArgs{
Name: pulumi.String("Google-OAuth2-Connection"),
Strategy: pulumi.String("google-oauth2"),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
AllowedAudiences: pulumi.StringArray{
pulumi.String("example.com"),
pulumi.String("api.example.com"),
},
Scopes: pulumi.StringArray{
pulumi.String("email"),
pulumi.String("profile"),
pulumi.String("gmail"),
pulumi.String("youtube"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of a Google OAuth2 connection.
var googleOauth2 = new Auth0.Connection("google_oauth2", new()
{
Name = "Google-OAuth2-Connection",
Strategy = "google-oauth2",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
AllowedAudiences = new[]
{
"example.com",
"api.example.com",
},
Scopes = new[]
{
"email",
"profile",
"gmail",
"youtube",
},
SetUserRootAttributes = "on_each_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of a Google OAuth2 connection.
var googleOauth2 = new Connection("googleOauth2", ConnectionArgs.builder()
.name("Google-OAuth2-Connection")
.strategy("google-oauth2")
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.allowedAudiences(
"example.com",
"api.example.com")
.scopes(
"email",
"profile",
"gmail",
"youtube")
.setUserRootAttributes("on_each_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
# This is an example of a Google OAuth2 connection.
googleOauth2:
type: auth0:Connection
name: google_oauth2
properties:
name: Google-OAuth2-Connection
strategy: google-oauth2
options:
clientId: <client-id>
clientSecret: <client-secret>
allowedAudiences:
- example.com
- api.example.com
scopes:
- email
- profile
- gmail
- youtube
setUserRootAttributes: on_each_login
nonPersistentAttrs:
- ethnicity
- gender
Google Apps
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const googleApps = new auth0.Connection("google_apps", {
name: "connection-google-apps",
isDomainConnection: false,
strategy: "google-apps",
showAsButton: false,
options: {
clientId: "",
clientSecret: "",
domain: "example.com",
tenantDomain: "example.com",
domainAliases: [
"example.com",
"api.example.com",
],
apiEnableUsers: true,
scopes: [
"ext_profile",
"ext_groups",
],
iconUrl: "https://example.com/assets/logo.png",
upstreamParams: JSON.stringify({
screen_name: {
alias: "login_hint",
},
}),
setUserRootAttributes: "on_each_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import json
import pulumi_auth0 as auth0
google_apps = auth0.Connection("google_apps",
name="connection-google-apps",
is_domain_connection=False,
strategy="google-apps",
show_as_button=False,
options={
"client_id": "",
"client_secret": "",
"domain": "example.com",
"tenant_domain": "example.com",
"domain_aliases": [
"example.com",
"api.example.com",
],
"api_enable_users": True,
"scopes": [
"ext_profile",
"ext_groups",
],
"icon_url": "https://example.com/assets/logo.png",
"upstream_params": json.dumps({
"screen_name": {
"alias": "login_hint",
},
}),
"set_user_root_attributes": "on_each_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"screen_name": map[string]interface{}{
"alias": "login_hint",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = auth0.NewConnection(ctx, "google_apps", &auth0.ConnectionArgs{
Name: pulumi.String("connection-google-apps"),
IsDomainConnection: pulumi.Bool(false),
Strategy: pulumi.String("google-apps"),
ShowAsButton: pulumi.Bool(false),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String(""),
ClientSecret: pulumi.String(""),
Domain: pulumi.String("example.com"),
TenantDomain: pulumi.String("example.com"),
DomainAliases: pulumi.StringArray{
pulumi.String("example.com"),
pulumi.String("api.example.com"),
},
ApiEnableUsers: pulumi.Bool(true),
Scopes: pulumi.StringArray{
pulumi.String("ext_profile"),
pulumi.String("ext_groups"),
},
IconUrl: pulumi.String("https://example.com/assets/logo.png"),
UpstreamParams: pulumi.String(json0),
SetUserRootAttributes: pulumi.String("on_each_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var googleApps = new Auth0.Connection("google_apps", new()
{
Name = "connection-google-apps",
IsDomainConnection = false,
Strategy = "google-apps",
ShowAsButton = false,
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "",
ClientSecret = "",
Domain = "example.com",
TenantDomain = "example.com",
DomainAliases = new[]
{
"example.com",
"api.example.com",
},
ApiEnableUsers = true,
Scopes = new[]
{
"ext_profile",
"ext_groups",
},
IconUrl = "https://example.com/assets/logo.png",
UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["screen_name"] = new Dictionary<string, object?>
{
["alias"] = "login_hint",
},
}),
SetUserRootAttributes = "on_each_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var googleApps = new Connection("googleApps", ConnectionArgs.builder()
.name("connection-google-apps")
.isDomainConnection(false)
.strategy("google-apps")
.showAsButton(false)
.options(ConnectionOptionsArgs.builder()
.clientId("")
.clientSecret("")
.domain("example.com")
.tenantDomain("example.com")
.domainAliases(
"example.com",
"api.example.com")
.apiEnableUsers(true)
.scopes(
"ext_profile",
"ext_groups")
.iconUrl("https://example.com/assets/logo.png")
.upstreamParams(serializeJson(
jsonObject(
jsonProperty("screen_name", jsonObject(
jsonProperty("alias", "login_hint")
))
)))
.setUserRootAttributes("on_each_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
googleApps:
type: auth0:Connection
name: google_apps
properties:
name: connection-google-apps
isDomainConnection: false
strategy: google-apps
showAsButton: false
options:
clientId: ""
clientSecret: ""
domain: example.com
tenantDomain: example.com
domainAliases:
- example.com
- api.example.com
apiEnableUsers: true
scopes:
- ext_profile
- ext_groups
iconUrl: https://example.com/assets/logo.png
upstreamParams:
fn::toJSON:
screen_name:
alias: login_hint
setUserRootAttributes: on_each_login
nonPersistentAttrs:
- ethnicity
- gender
Facebook Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of a Facebook connection.
const facebook = new auth0.Connection("facebook", {
name: "Facebook-Connection",
strategy: "facebook",
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
scopes: [
"public_profile",
"email",
"groups_access_member_info",
"user_birthday",
],
setUserRootAttributes: "on_each_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of a Facebook connection.
facebook = auth0.Connection("facebook",
name="Facebook-Connection",
strategy="facebook",
options={
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"scopes": [
"public_profile",
"email",
"groups_access_member_info",
"user_birthday",
],
"set_user_root_attributes": "on_each_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of a Facebook connection.
_, err := auth0.NewConnection(ctx, "facebook", &auth0.ConnectionArgs{
Name: pulumi.String("Facebook-Connection"),
Strategy: pulumi.String("facebook"),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
Scopes: pulumi.StringArray{
pulumi.String("public_profile"),
pulumi.String("email"),
pulumi.String("groups_access_member_info"),
pulumi.String("user_birthday"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of a Facebook connection.
var facebook = new Auth0.Connection("facebook", new()
{
Name = "Facebook-Connection",
Strategy = "facebook",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
Scopes = new[]
{
"public_profile",
"email",
"groups_access_member_info",
"user_birthday",
},
SetUserRootAttributes = "on_each_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of a Facebook connection.
var facebook = new Connection("facebook", ConnectionArgs.builder()
.name("Facebook-Connection")
.strategy("facebook")
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.scopes(
"public_profile",
"email",
"groups_access_member_info",
"user_birthday")
.setUserRootAttributes("on_each_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
# This is an example of a Facebook connection.
facebook:
type: auth0:Connection
properties:
name: Facebook-Connection
strategy: facebook
options:
clientId: <client-id>
clientSecret: <client-secret>
scopes:
- public_profile
- email
- groups_access_member_info
- user_birthday
setUserRootAttributes: on_each_login
nonPersistentAttrs:
- ethnicity
- gender
Apple Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an Apple connection.
const apple = new auth0.Connection("apple", {
name: "Apple-Connection",
strategy: "apple",
options: {
clientId: "<client-id>",
clientSecret: `-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----`,
teamId: "<team-id>",
keyId: "<key-id>",
scopes: [
"email",
"name",
],
setUserRootAttributes: "on_first_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of an Apple connection.
apple = auth0.Connection("apple",
name="Apple-Connection",
strategy="apple",
options={
"client_id": "<client-id>",
"client_secret": """-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----""",
"team_id": "<team-id>",
"key_id": "<key-id>",
"scopes": [
"email",
"name",
],
"set_user_root_attributes": "on_first_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of an Apple connection.
_, err := auth0.NewConnection(ctx, "apple", &auth0.ConnectionArgs{
Name: pulumi.String("Apple-Connection"),
Strategy: pulumi.String("apple"),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("-----BEGIN PRIVATE KEY-----\nMIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA\n-----END PRIVATE KEY-----"),
TeamId: pulumi.String("<team-id>"),
KeyId: pulumi.String("<key-id>"),
Scopes: pulumi.StringArray{
pulumi.String("email"),
pulumi.String("name"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an Apple connection.
var apple = new Auth0.Connection("apple", new()
{
Name = "Apple-Connection",
Strategy = "apple",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = @"-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----",
TeamId = "<team-id>",
KeyId = "<key-id>",
Scopes = new[]
{
"email",
"name",
},
SetUserRootAttributes = "on_first_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an Apple connection.
var apple = new Connection("apple", ConnectionArgs.builder()
.name("Apple-Connection")
.strategy("apple")
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("""
-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY----- """)
.teamId("<team-id>")
.keyId("<key-id>")
.scopes(
"email",
"name")
.setUserRootAttributes("on_first_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
# This is an example of an Apple connection.
apple:
type: auth0:Connection
properties:
name: Apple-Connection
strategy: apple
options:
clientId: <client-id>
clientSecret: |-
-----BEGIN PRIVATE KEY-----
MIHBAgEAMA0GCSqGSIb3DQEBAQUABIGsMIGpAgEAA
-----END PRIVATE KEY-----
teamId: <team-id>
keyId: <key-id>
scopes:
- email
- name
setUserRootAttributes: on_first_login
nonPersistentAttrs:
- ethnicity
- gender
LinkedIn Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an LinkedIn connection.
const linkedin = new auth0.Connection("linkedin", {
name: "Linkedin-Connection",
strategy: "linkedin",
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
strategyVersion: 2,
scopes: [
"basic_profile",
"profile",
"email",
],
setUserRootAttributes: "on_each_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of an LinkedIn connection.
linkedin = auth0.Connection("linkedin",
name="Linkedin-Connection",
strategy="linkedin",
options={
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"strategy_version": 2,
"scopes": [
"basic_profile",
"profile",
"email",
],
"set_user_root_attributes": "on_each_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of an LinkedIn connection.
_, err := auth0.NewConnection(ctx, "linkedin", &auth0.ConnectionArgs{
Name: pulumi.String("Linkedin-Connection"),
Strategy: pulumi.String("linkedin"),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
StrategyVersion: pulumi.Int(2),
Scopes: pulumi.StringArray{
pulumi.String("basic_profile"),
pulumi.String("profile"),
pulumi.String("email"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an LinkedIn connection.
var linkedin = new Auth0.Connection("linkedin", new()
{
Name = "Linkedin-Connection",
Strategy = "linkedin",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
StrategyVersion = 2,
Scopes = new[]
{
"basic_profile",
"profile",
"email",
},
SetUserRootAttributes = "on_each_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an LinkedIn connection.
var linkedin = new Connection("linkedin", ConnectionArgs.builder()
.name("Linkedin-Connection")
.strategy("linkedin")
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.strategyVersion(2)
.scopes(
"basic_profile",
"profile",
"email")
.setUserRootAttributes("on_each_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
# This is an example of an LinkedIn connection.
linkedin:
type: auth0:Connection
properties:
name: Linkedin-Connection
strategy: linkedin
options:
clientId: <client-id>
clientSecret: <client-secret>
strategyVersion: 2
scopes:
- basic_profile
- profile
- email
setUserRootAttributes: on_each_login
nonPersistentAttrs:
- ethnicity
- gender
GitHub Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an GitHub connection.
const github = new auth0.Connection("github", {
name: "GitHub-Connection",
strategy: "github",
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
scopes: [
"email",
"profile",
"public_repo",
"repo",
],
setUserRootAttributes: "on_each_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of an GitHub connection.
github = auth0.Connection("github",
name="GitHub-Connection",
strategy="github",
options={
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"scopes": [
"email",
"profile",
"public_repo",
"repo",
],
"set_user_root_attributes": "on_each_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of an GitHub connection.
_, err := auth0.NewConnection(ctx, "github", &auth0.ConnectionArgs{
Name: pulumi.String("GitHub-Connection"),
Strategy: pulumi.String("github"),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
Scopes: pulumi.StringArray{
pulumi.String("email"),
pulumi.String("profile"),
pulumi.String("public_repo"),
pulumi.String("repo"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an GitHub connection.
var github = new Auth0.Connection("github", new()
{
Name = "GitHub-Connection",
Strategy = "github",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
Scopes = new[]
{
"email",
"profile",
"public_repo",
"repo",
},
SetUserRootAttributes = "on_each_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an GitHub connection.
var github = new Connection("github", ConnectionArgs.builder()
.name("GitHub-Connection")
.strategy("github")
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.scopes(
"email",
"profile",
"public_repo",
"repo")
.setUserRootAttributes("on_each_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
# This is an example of an GitHub connection.
github:
type: auth0:Connection
properties:
name: GitHub-Connection
strategy: github
options:
clientId: <client-id>
clientSecret: <client-secret>
scopes:
- email
- profile
- public_repo
- repo
setUserRootAttributes: on_each_login
nonPersistentAttrs:
- ethnicity
- gender
SalesForce Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an SalesForce connection.
const salesforce = new auth0.Connection("salesforce", {
name: "Salesforce-Connection",
strategy: "salesforce",
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
communityBaseUrl: "https://salesforce.example.com",
scopes: [
"openid",
"email",
],
setUserRootAttributes: "on_first_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of an SalesForce connection.
salesforce = auth0.Connection("salesforce",
name="Salesforce-Connection",
strategy="salesforce",
options={
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"community_base_url": "https://salesforce.example.com",
"scopes": [
"openid",
"email",
],
"set_user_root_attributes": "on_first_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of an SalesForce connection.
_, err := auth0.NewConnection(ctx, "salesforce", &auth0.ConnectionArgs{
Name: pulumi.String("Salesforce-Connection"),
Strategy: pulumi.String("salesforce"),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
CommunityBaseUrl: pulumi.String("https://salesforce.example.com"),
Scopes: pulumi.StringArray{
pulumi.String("openid"),
pulumi.String("email"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an SalesForce connection.
var salesforce = new Auth0.Connection("salesforce", new()
{
Name = "Salesforce-Connection",
Strategy = "salesforce",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
CommunityBaseUrl = "https://salesforce.example.com",
Scopes = new[]
{
"openid",
"email",
},
SetUserRootAttributes = "on_first_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an SalesForce connection.
var salesforce = new Connection("salesforce", ConnectionArgs.builder()
.name("Salesforce-Connection")
.strategy("salesforce")
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.communityBaseUrl("https://salesforce.example.com")
.scopes(
"openid",
"email")
.setUserRootAttributes("on_first_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
# This is an example of an SalesForce connection.
salesforce:
type: auth0:Connection
properties:
name: Salesforce-Connection
strategy: salesforce
options:
clientId: <client-id>
clientSecret: <client-secret>
communityBaseUrl: https://salesforce.example.com
scopes:
- openid
- email
setUserRootAttributes: on_first_login
nonPersistentAttrs:
- ethnicity
- gender
OAuth2 Connection
Also applies to following connection strategies: dropbox
, bitbucket
, paypal
, twitter
, amazon
, yahoo
, box
, wordpress
, shopify
, custom
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an OAuth2 connection.
const oauth2 = new auth0.Connection("oauth2", {
name: "OAuth2-Connection",
strategy: "oauth2",
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
strategyVersion: 2,
scopes: [
"basic_profile",
"profile",
"email",
],
tokenEndpoint: "https://auth.example.com/oauth2/token",
authorizationEndpoint: "https://auth.example.com/oauth2/authorize",
pkceEnabled: true,
iconUrl: "https://auth.example.com/assets/logo.png",
scripts: {
fetchUserProfile: ` function fetchUserProfile(accessToken, context, callback) {
return callback(new Error("Whoops!"));
}
`,
},
setUserRootAttributes: "on_each_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of an OAuth2 connection.
oauth2 = auth0.Connection("oauth2",
name="OAuth2-Connection",
strategy="oauth2",
options={
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"strategy_version": 2,
"scopes": [
"basic_profile",
"profile",
"email",
],
"token_endpoint": "https://auth.example.com/oauth2/token",
"authorization_endpoint": "https://auth.example.com/oauth2/authorize",
"pkce_enabled": True,
"icon_url": "https://auth.example.com/assets/logo.png",
"scripts": {
"fetchUserProfile": """ function fetchUserProfile(accessToken, context, callback) {
return callback(new Error("Whoops!"));
}
""",
},
"set_user_root_attributes": "on_each_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of an OAuth2 connection.
_, err := auth0.NewConnection(ctx, "oauth2", &auth0.ConnectionArgs{
Name: pulumi.String("OAuth2-Connection"),
Strategy: pulumi.String("oauth2"),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
StrategyVersion: pulumi.Int(2),
Scopes: pulumi.StringArray{
pulumi.String("basic_profile"),
pulumi.String("profile"),
pulumi.String("email"),
},
TokenEndpoint: pulumi.String("https://auth.example.com/oauth2/token"),
AuthorizationEndpoint: pulumi.String("https://auth.example.com/oauth2/authorize"),
PkceEnabled: pulumi.Bool(true),
IconUrl: pulumi.String("https://auth.example.com/assets/logo.png"),
Scripts: pulumi.StringMap{
"fetchUserProfile": pulumi.String(" function fetchUserProfile(accessToken, context, callback) {\n return callback(new Error(\"Whoops!\"));\n }\n"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an OAuth2 connection.
var oauth2 = new Auth0.Connection("oauth2", new()
{
Name = "OAuth2-Connection",
Strategy = "oauth2",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
StrategyVersion = 2,
Scopes = new[]
{
"basic_profile",
"profile",
"email",
},
TokenEndpoint = "https://auth.example.com/oauth2/token",
AuthorizationEndpoint = "https://auth.example.com/oauth2/authorize",
PkceEnabled = true,
IconUrl = "https://auth.example.com/assets/logo.png",
Scripts =
{
{ "fetchUserProfile", @" function fetchUserProfile(accessToken, context, callback) {
return callback(new Error(""Whoops!""));
}
" },
},
SetUserRootAttributes = "on_each_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an OAuth2 connection.
var oauth2 = new Connection("oauth2", ConnectionArgs.builder()
.name("OAuth2-Connection")
.strategy("oauth2")
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.strategyVersion(2)
.scopes(
"basic_profile",
"profile",
"email")
.tokenEndpoint("https://auth.example.com/oauth2/token")
.authorizationEndpoint("https://auth.example.com/oauth2/authorize")
.pkceEnabled(true)
.iconUrl("https://auth.example.com/assets/logo.png")
.scripts(Map.of("fetchUserProfile", """
function fetchUserProfile(accessToken, context, callback) {
return callback(new Error("Whoops!"));
}
"""))
.setUserRootAttributes("on_each_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
# This is an example of an OAuth2 connection.
oauth2:
type: auth0:Connection
properties:
name: OAuth2-Connection
strategy: oauth2
options:
clientId: <client-id>
clientSecret: <client-secret>
strategyVersion: 2
scopes:
- basic_profile
- profile
- email
tokenEndpoint: https://auth.example.com/oauth2/token
authorizationEndpoint: https://auth.example.com/oauth2/authorize
pkceEnabled: true
iconUrl: https://auth.example.com/assets/logo.png
scripts:
fetchUserProfile: |2
function fetchUserProfile(accessToken, context, callback) {
return callback(new Error("Whoops!"));
}
setUserRootAttributes: on_each_login
nonPersistentAttrs:
- ethnicity
- gender
Active Directory (AD)
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const ad = new auth0.Connection("ad", {
name: "connection-active-directory",
displayName: "Active Directory Connection",
strategy: "ad",
showAsButton: true,
options: {
disableSelfServiceChangePassword: true,
bruteForceProtection: true,
tenantDomain: "example.com",
strategyVersion: 2,
iconUrl: "https://example.com/assets/logo.png",
domainAliases: [
"example.com",
"api.example.com",
],
ips: [
"192.168.1.1",
"192.168.1.2",
],
setUserRootAttributes: "on_each_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
upstreamParams: JSON.stringify({
screen_name: {
alias: "login_hint",
},
}),
useCertAuth: false,
useKerberos: false,
disableCache: false,
},
});
import pulumi
import json
import pulumi_auth0 as auth0
ad = auth0.Connection("ad",
name="connection-active-directory",
display_name="Active Directory Connection",
strategy="ad",
show_as_button=True,
options={
"disable_self_service_change_password": True,
"brute_force_protection": True,
"tenant_domain": "example.com",
"strategy_version": 2,
"icon_url": "https://example.com/assets/logo.png",
"domain_aliases": [
"example.com",
"api.example.com",
],
"ips": [
"192.168.1.1",
"192.168.1.2",
],
"set_user_root_attributes": "on_each_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
"upstream_params": json.dumps({
"screen_name": {
"alias": "login_hint",
},
}),
"use_cert_auth": False,
"use_kerberos": False,
"disable_cache": False,
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"screen_name": map[string]interface{}{
"alias": "login_hint",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = auth0.NewConnection(ctx, "ad", &auth0.ConnectionArgs{
Name: pulumi.String("connection-active-directory"),
DisplayName: pulumi.String("Active Directory Connection"),
Strategy: pulumi.String("ad"),
ShowAsButton: pulumi.Bool(true),
Options: &auth0.ConnectionOptionsArgs{
DisableSelfServiceChangePassword: pulumi.Bool(true),
BruteForceProtection: pulumi.Bool(true),
TenantDomain: pulumi.String("example.com"),
StrategyVersion: pulumi.Int(2),
IconUrl: pulumi.String("https://example.com/assets/logo.png"),
DomainAliases: pulumi.StringArray{
pulumi.String("example.com"),
pulumi.String("api.example.com"),
},
Ips: pulumi.StringArray{
pulumi.String("192.168.1.1"),
pulumi.String("192.168.1.2"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
UpstreamParams: pulumi.String(json0),
UseCertAuth: pulumi.Bool(false),
UseKerberos: pulumi.Bool(false),
DisableCache: pulumi.Bool(false),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var ad = new Auth0.Connection("ad", new()
{
Name = "connection-active-directory",
DisplayName = "Active Directory Connection",
Strategy = "ad",
ShowAsButton = true,
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
DisableSelfServiceChangePassword = true,
BruteForceProtection = true,
TenantDomain = "example.com",
StrategyVersion = 2,
IconUrl = "https://example.com/assets/logo.png",
DomainAliases = new[]
{
"example.com",
"api.example.com",
},
Ips = new[]
{
"192.168.1.1",
"192.168.1.2",
},
SetUserRootAttributes = "on_each_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["screen_name"] = new Dictionary<string, object?>
{
["alias"] = "login_hint",
},
}),
UseCertAuth = false,
UseKerberos = false,
DisableCache = false,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var ad = new Connection("ad", ConnectionArgs.builder()
.name("connection-active-directory")
.displayName("Active Directory Connection")
.strategy("ad")
.showAsButton(true)
.options(ConnectionOptionsArgs.builder()
.disableSelfServiceChangePassword(true)
.bruteForceProtection(true)
.tenantDomain("example.com")
.strategyVersion(2)
.iconUrl("https://example.com/assets/logo.png")
.domainAliases(
"example.com",
"api.example.com")
.ips(
"192.168.1.1",
"192.168.1.2")
.setUserRootAttributes("on_each_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.upstreamParams(serializeJson(
jsonObject(
jsonProperty("screen_name", jsonObject(
jsonProperty("alias", "login_hint")
))
)))
.useCertAuth(false)
.useKerberos(false)
.disableCache(false)
.build())
.build());
}
}
resources:
ad:
type: auth0:Connection
properties:
name: connection-active-directory
displayName: Active Directory Connection
strategy: ad
showAsButton: true
options:
disableSelfServiceChangePassword: true
bruteForceProtection: true
tenantDomain: example.com
strategyVersion: 2
iconUrl: https://example.com/assets/logo.png
domainAliases:
- example.com
- api.example.com
ips:
- 192.168.1.1
- 192.168.1.2
setUserRootAttributes: on_each_login
nonPersistentAttrs:
- ethnicity
- gender
upstreamParams:
fn::toJSON:
screen_name:
alias: login_hint
useCertAuth: false
useKerberos: false
disableCache: false
Azure AD Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
const azureAd = new auth0.Connection("azure_ad", {
name: "connection-azure-ad",
strategy: "waad",
showAsButton: true,
options: {
identityApi: "azure-active-directory-v1.0",
clientId: "123456",
clientSecret: "123456",
strategyVersion: 2,
userIdAttribute: "oid",
appId: "app-id-123",
tenantDomain: "example.onmicrosoft.com",
domain: "example.onmicrosoft.com",
domainAliases: [
"example.com",
"api.example.com",
],
iconUrl: "https://example.onmicrosoft.com/assets/logo.png",
useWsfed: false,
waadProtocol: "openid-connect",
waadCommonEndpoint: false,
maxGroupsToRetrieve: "250",
apiEnableUsers: true,
scopes: [
"basic_profile",
"ext_groups",
"ext_profile",
],
setUserRootAttributes: "on_each_login",
shouldTrustEmailVerifiedConnection: "never_set_emails_as_verified",
upstreamParams: JSON.stringify({
screen_name: {
alias: "login_hint",
},
}),
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import json
import pulumi_auth0 as auth0
azure_ad = auth0.Connection("azure_ad",
name="connection-azure-ad",
strategy="waad",
show_as_button=True,
options={
"identity_api": "azure-active-directory-v1.0",
"client_id": "123456",
"client_secret": "123456",
"strategy_version": 2,
"user_id_attribute": "oid",
"app_id": "app-id-123",
"tenant_domain": "example.onmicrosoft.com",
"domain": "example.onmicrosoft.com",
"domain_aliases": [
"example.com",
"api.example.com",
],
"icon_url": "https://example.onmicrosoft.com/assets/logo.png",
"use_wsfed": False,
"waad_protocol": "openid-connect",
"waad_common_endpoint": False,
"max_groups_to_retrieve": "250",
"api_enable_users": True,
"scopes": [
"basic_profile",
"ext_groups",
"ext_profile",
],
"set_user_root_attributes": "on_each_login",
"should_trust_email_verified_connection": "never_set_emails_as_verified",
"upstream_params": json.dumps({
"screen_name": {
"alias": "login_hint",
},
}),
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"screen_name": map[string]interface{}{
"alias": "login_hint",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = auth0.NewConnection(ctx, "azure_ad", &auth0.ConnectionArgs{
Name: pulumi.String("connection-azure-ad"),
Strategy: pulumi.String("waad"),
ShowAsButton: pulumi.Bool(true),
Options: &auth0.ConnectionOptionsArgs{
IdentityApi: pulumi.String("azure-active-directory-v1.0"),
ClientId: pulumi.String("123456"),
ClientSecret: pulumi.String("123456"),
StrategyVersion: pulumi.Int(2),
UserIdAttribute: pulumi.String("oid"),
AppId: pulumi.String("app-id-123"),
TenantDomain: pulumi.String("example.onmicrosoft.com"),
Domain: pulumi.String("example.onmicrosoft.com"),
DomainAliases: pulumi.StringArray{
pulumi.String("example.com"),
pulumi.String("api.example.com"),
},
IconUrl: pulumi.String("https://example.onmicrosoft.com/assets/logo.png"),
UseWsfed: pulumi.Bool(false),
WaadProtocol: pulumi.String("openid-connect"),
WaadCommonEndpoint: pulumi.Bool(false),
MaxGroupsToRetrieve: pulumi.String("250"),
ApiEnableUsers: pulumi.Bool(true),
Scopes: pulumi.StringArray{
pulumi.String("basic_profile"),
pulumi.String("ext_groups"),
pulumi.String("ext_profile"),
},
SetUserRootAttributes: pulumi.String("on_each_login"),
ShouldTrustEmailVerifiedConnection: pulumi.String("never_set_emails_as_verified"),
UpstreamParams: pulumi.String(json0),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
var azureAd = new Auth0.Connection("azure_ad", new()
{
Name = "connection-azure-ad",
Strategy = "waad",
ShowAsButton = true,
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
IdentityApi = "azure-active-directory-v1.0",
ClientId = "123456",
ClientSecret = "123456",
StrategyVersion = 2,
UserIdAttribute = "oid",
AppId = "app-id-123",
TenantDomain = "example.onmicrosoft.com",
Domain = "example.onmicrosoft.com",
DomainAliases = new[]
{
"example.com",
"api.example.com",
},
IconUrl = "https://example.onmicrosoft.com/assets/logo.png",
UseWsfed = false,
WaadProtocol = "openid-connect",
WaadCommonEndpoint = false,
MaxGroupsToRetrieve = "250",
ApiEnableUsers = true,
Scopes = new[]
{
"basic_profile",
"ext_groups",
"ext_profile",
},
SetUserRootAttributes = "on_each_login",
ShouldTrustEmailVerifiedConnection = "never_set_emails_as_verified",
UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["screen_name"] = new Dictionary<string, object?>
{
["alias"] = "login_hint",
},
}),
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azureAd = new Connection("azureAd", ConnectionArgs.builder()
.name("connection-azure-ad")
.strategy("waad")
.showAsButton(true)
.options(ConnectionOptionsArgs.builder()
.identityApi("azure-active-directory-v1.0")
.clientId("123456")
.clientSecret("123456")
.strategyVersion(2)
.userIdAttribute("oid")
.appId("app-id-123")
.tenantDomain("example.onmicrosoft.com")
.domain("example.onmicrosoft.com")
.domainAliases(
"example.com",
"api.example.com")
.iconUrl("https://example.onmicrosoft.com/assets/logo.png")
.useWsfed(false)
.waadProtocol("openid-connect")
.waadCommonEndpoint(false)
.maxGroupsToRetrieve(250)
.apiEnableUsers(true)
.scopes(
"basic_profile",
"ext_groups",
"ext_profile")
.setUserRootAttributes("on_each_login")
.shouldTrustEmailVerifiedConnection("never_set_emails_as_verified")
.upstreamParams(serializeJson(
jsonObject(
jsonProperty("screen_name", jsonObject(
jsonProperty("alias", "login_hint")
))
)))
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
azureAd:
type: auth0:Connection
name: azure_ad
properties:
name: connection-azure-ad
strategy: waad
showAsButton: true
options:
identityApi: azure-active-directory-v1.0
clientId: '123456'
clientSecret: '123456'
strategyVersion: 2
userIdAttribute: oid
appId: app-id-123
tenantDomain: example.onmicrosoft.com
domain: example.onmicrosoft.com
domainAliases:
- example.com
- api.example.com
iconUrl: https://example.onmicrosoft.com/assets/logo.png
useWsfed: false
waadProtocol: openid-connect
waadCommonEndpoint: false
maxGroupsToRetrieve: 250
apiEnableUsers: true
scopes:
- basic_profile
- ext_groups
- ext_profile
setUserRootAttributes: on_each_login
shouldTrustEmailVerifiedConnection: never_set_emails_as_verified
upstreamParams:
fn::toJSON:
screen_name:
alias: login_hint
nonPersistentAttrs:
- ethnicity
- gender
Email Connection
To be able to see this in the management dashboard as well, the name of the connection must be set to “email”.
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an Email connection.
const passwordlessEmail = new auth0.Connection("passwordless_email", {
strategy: "email",
name: "email",
options: {
name: "email",
from: "{{ application.name }} <root@auth0.com>",
subject: "Welcome to {{ application.name }}",
syntax: "liquid",
template: "<html>This is the body of the email</html>",
disableSignup: false,
bruteForceProtection: true,
setUserRootAttributes: "on_each_login",
nonPersistentAttrs: [],
authParams: {
scope: "openid email profile offline_access",
response_type: "code",
},
totp: {
timeStep: 300,
length: 6,
},
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of an Email connection.
passwordless_email = auth0.Connection("passwordless_email",
strategy="email",
name="email",
options={
"name": "email",
"from_": "{{ application.name }} <root@auth0.com>",
"subject": "Welcome to {{ application.name }}",
"syntax": "liquid",
"template": "<html>This is the body of the email</html>",
"disable_signup": False,
"brute_force_protection": True,
"set_user_root_attributes": "on_each_login",
"non_persistent_attrs": [],
"auth_params": {
"scope": "openid email profile offline_access",
"response_type": "code",
},
"totp": {
"time_step": 300,
"length": 6,
},
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of an Email connection.
_, err := auth0.NewConnection(ctx, "passwordless_email", &auth0.ConnectionArgs{
Strategy: pulumi.String("email"),
Name: pulumi.String("email"),
Options: &auth0.ConnectionOptionsArgs{
Name: pulumi.String("email"),
From: pulumi.String("{{ application.name }} <root@auth0.com>"),
Subject: pulumi.String("Welcome to {{ application.name }}"),
Syntax: pulumi.String("liquid"),
Template: pulumi.String("<html>This is the body of the email</html>"),
DisableSignup: pulumi.Bool(false),
BruteForceProtection: pulumi.Bool(true),
SetUserRootAttributes: pulumi.String("on_each_login"),
NonPersistentAttrs: pulumi.StringArray{},
AuthParams: pulumi.StringMap{
"scope": pulumi.String("openid email profile offline_access"),
"response_type": pulumi.String("code"),
},
Totp: &auth0.ConnectionOptionsTotpArgs{
TimeStep: pulumi.Int(300),
Length: pulumi.Int(6),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an Email connection.
var passwordlessEmail = new Auth0.Connection("passwordless_email", new()
{
Strategy = "email",
Name = "email",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
Name = "email",
From = "{{ application.name }} <root@auth0.com>",
Subject = "Welcome to {{ application.name }}",
Syntax = "liquid",
Template = "<html>This is the body of the email</html>",
DisableSignup = false,
BruteForceProtection = true,
SetUserRootAttributes = "on_each_login",
NonPersistentAttrs = new() { },
AuthParams =
{
{ "scope", "openid email profile offline_access" },
{ "response_type", "code" },
},
Totp = new Auth0.Inputs.ConnectionOptionsTotpArgs
{
TimeStep = 300,
Length = 6,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsTotpArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an Email connection.
var passwordlessEmail = new Connection("passwordlessEmail", ConnectionArgs.builder()
.strategy("email")
.name("email")
.options(ConnectionOptionsArgs.builder()
.name("email")
.from("{{ application.name }} <root@auth0.com>")
.subject("Welcome to {{ application.name }}")
.syntax("liquid")
.template("<html>This is the body of the email</html>")
.disableSignup(false)
.bruteForceProtection(true)
.setUserRootAttributes("on_each_login")
.nonPersistentAttrs()
.authParams(Map.ofEntries(
Map.entry("scope", "openid email profile offline_access"),
Map.entry("response_type", "code")
))
.totp(ConnectionOptionsTotpArgs.builder()
.timeStep(300)
.length(6)
.build())
.build())
.build());
}
}
resources:
# This is an example of an Email connection.
passwordlessEmail:
type: auth0:Connection
name: passwordless_email
properties:
strategy: email
name: email
options:
name: email
from: '{{ application.name }} <root@auth0.com>'
subject: Welcome to {{ application.name }}
syntax: liquid
template: <html>This is the body of the email</html>
disableSignup: false
bruteForceProtection: true
setUserRootAttributes: on_each_login
nonPersistentAttrs: []
authParams:
scope: openid email profile offline_access
response_type: code
totp:
timeStep: 300
length: 6
SAML Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of a SAML connection.
const samlp = new auth0.Connection("samlp", {
name: "SAML-Connection",
strategy: "samlp",
options: {
debug: false,
signingCert: "<signing-certificate>",
signInEndpoint: "https://saml.provider/sign_in",
signOutEndpoint: "https://saml.provider/sign_out",
disableSignOut: true,
strategyVersion: 2,
tenantDomain: "example.com",
domainAliases: [
"example.com",
"alias.example.com",
],
protocolBinding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
requestTemplate: `<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
ID="@@ID@@"
IssueInstant="@@IssueInstant@@"
ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>`,
userIdAttribute: "https://saml.provider/imi/ns/identity-200810",
signatureAlgorithm: "rsa-sha256",
digestAlgorithm: "sha256",
iconUrl: "https://saml.provider/assets/logo.png",
entityId: "<entity_id>",
metadataXml: ` <?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
`,
metadataUrl: "https://saml.provider/imi/ns/FederationMetadata.xml",
fieldsMap: JSON.stringify({
name: [
"name",
"nameidentifier",
],
email: [
"emailaddress",
"nameidentifier",
],
family_name: "surname",
}),
signingKey: {
key: `-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----`,
cert: `-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----`,
},
decryptionKey: {
key: `-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----`,
cert: `-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----`,
},
idpInitiated: {
clientId: "client_id",
clientProtocol: "samlp",
clientAuthorizeQuery: "type=code&timeout=30",
},
},
});
import pulumi
import json
import pulumi_auth0 as auth0
# This is an example of a SAML connection.
samlp = auth0.Connection("samlp",
name="SAML-Connection",
strategy="samlp",
options={
"debug": False,
"signing_cert": "<signing-certificate>",
"sign_in_endpoint": "https://saml.provider/sign_in",
"sign_out_endpoint": "https://saml.provider/sign_out",
"disable_sign_out": True,
"strategy_version": 2,
"tenant_domain": "example.com",
"domain_aliases": [
"example.com",
"alias.example.com",
],
"protocol_binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
"request_template": """<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
ID="@@ID@@"
IssueInstant="@@IssueInstant@@"
ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>""",
"user_id_attribute": "https://saml.provider/imi/ns/identity-200810",
"signature_algorithm": "rsa-sha256",
"digest_algorithm": "sha256",
"icon_url": "https://saml.provider/assets/logo.png",
"entity_id": "<entity_id>",
"metadata_xml": """ <?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
""",
"metadata_url": "https://saml.provider/imi/ns/FederationMetadata.xml",
"fields_map": json.dumps({
"name": [
"name",
"nameidentifier",
],
"email": [
"emailaddress",
"nameidentifier",
],
"family_name": "surname",
}),
"signing_key": {
"key": """-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----""",
"cert": """-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----""",
},
"decryption_key": {
"key": """-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----""",
"cert": """-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----""",
},
"idp_initiated": {
"client_id": "client_id",
"client_protocol": "samlp",
"client_authorize_query": "type=code&timeout=30",
},
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"name": []string{
"name",
"nameidentifier",
},
"email": []string{
"emailaddress",
"nameidentifier",
},
"family_name": "surname",
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
// This is an example of a SAML connection.
_, err = auth0.NewConnection(ctx, "samlp", &auth0.ConnectionArgs{
Name: pulumi.String("SAML-Connection"),
Strategy: pulumi.String("samlp"),
Options: &auth0.ConnectionOptionsArgs{
Debug: pulumi.Bool(false),
SigningCert: pulumi.String("<signing-certificate>"),
SignInEndpoint: pulumi.String("https://saml.provider/sign_in"),
SignOutEndpoint: pulumi.String("https://saml.provider/sign_out"),
DisableSignOut: pulumi.Bool(true),
StrategyVersion: pulumi.Int(2),
TenantDomain: pulumi.String("example.com"),
DomainAliases: pulumi.StringArray{
pulumi.String("example.com"),
pulumi.String("alias.example.com"),
},
ProtocolBinding: pulumi.String("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"),
RequestTemplate: pulumi.String(`<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
ID="@@ID@@"
IssueInstant="@@IssueInstant@@"
ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>`),
UserIdAttribute: pulumi.String("https://saml.provider/imi/ns/identity-200810"),
SignatureAlgorithm: pulumi.String("rsa-sha256"),
DigestAlgorithm: pulumi.String("sha256"),
IconUrl: pulumi.String("https://saml.provider/assets/logo.png"),
EntityId: pulumi.String("<entity_id>"),
MetadataXml: pulumi.String(` <?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
`),
MetadataUrl: pulumi.String("https://saml.provider/imi/ns/FederationMetadata.xml"),
FieldsMap: pulumi.String(json0),
SigningKey: &auth0.ConnectionOptionsSigningKeyArgs{
Key: pulumi.String("-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"),
Cert: pulumi.String("-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"),
},
DecryptionKey: &auth0.ConnectionOptionsDecryptionKeyArgs{
Key: pulumi.String("-----BEGIN PRIVATE KEY-----\n...{your private key here}...\n-----END PRIVATE KEY-----"),
Cert: pulumi.String("-----BEGIN CERTIFICATE-----\n...{your public key cert here}...\n-----END CERTIFICATE-----"),
},
IdpInitiated: &auth0.ConnectionOptionsIdpInitiatedArgs{
ClientId: pulumi.String("client_id"),
ClientProtocol: pulumi.String("samlp"),
ClientAuthorizeQuery: pulumi.String("type=code&timeout=30"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of a SAML connection.
var samlp = new Auth0.Connection("samlp", new()
{
Name = "SAML-Connection",
Strategy = "samlp",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
Debug = false,
SigningCert = "<signing-certificate>",
SignInEndpoint = "https://saml.provider/sign_in",
SignOutEndpoint = "https://saml.provider/sign_out",
DisableSignOut = true,
StrategyVersion = 2,
TenantDomain = "example.com",
DomainAliases = new[]
{
"example.com",
"alias.example.com",
},
ProtocolBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST",
RequestTemplate = @"<samlp:AuthnRequest xmlns:samlp=""urn:oasis:names:tc:SAML:2.0:protocol""
@@AssertServiceURLAndDestination@@
ID=""@@ID@@""
IssueInstant=""@@IssueInstant@@""
ProtocolBinding=""@@ProtocolBinding@@"" Version=""2.0"">
<saml:Issuer xmlns:saml=""urn:oasis:names:tc:SAML:2.0:assertion"">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>",
UserIdAttribute = "https://saml.provider/imi/ns/identity-200810",
SignatureAlgorithm = "rsa-sha256",
DigestAlgorithm = "sha256",
IconUrl = "https://saml.provider/assets/logo.png",
EntityId = "<entity_id>",
MetadataXml = @" <?xml version=""1.0""?>
<md:EntityDescriptor xmlns:md=""urn:oasis:names:tc:SAML:2.0:metadata"" xmlns:ds=""http://www.w3.org/2000/09/xmldsig#"" entityID=""https://example.com"">
<md:IDPSSODescriptor protocolSupportEnumeration=""urn:oasis:names:tc:SAML:2.0:protocol"">
<md:SingleLogoutService Binding=""urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"" Location=""https://saml.provider/sign_out""/>
<md:SingleSignOnService Binding=""urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"" Location=""https://saml.provider/sign_in""/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
",
MetadataUrl = "https://saml.provider/imi/ns/FederationMetadata.xml",
FieldsMap = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["name"] = new[]
{
"name",
"nameidentifier",
},
["email"] = new[]
{
"emailaddress",
"nameidentifier",
},
["family_name"] = "surname",
}),
SigningKey = new Auth0.Inputs.ConnectionOptionsSigningKeyArgs
{
Key = @"-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----",
Cert = @"-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----",
},
DecryptionKey = new Auth0.Inputs.ConnectionOptionsDecryptionKeyArgs
{
Key = @"-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----",
Cert = @"-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----",
},
IdpInitiated = new Auth0.Inputs.ConnectionOptionsIdpInitiatedArgs
{
ClientId = "client_id",
ClientProtocol = "samlp",
ClientAuthorizeQuery = "type=code&timeout=30",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsSigningKeyArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsDecryptionKeyArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsIdpInitiatedArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of a SAML connection.
var samlp = new Connection("samlp", ConnectionArgs.builder()
.name("SAML-Connection")
.strategy("samlp")
.options(ConnectionOptionsArgs.builder()
.debug(false)
.signingCert("<signing-certificate>")
.signInEndpoint("https://saml.provider/sign_in")
.signOutEndpoint("https://saml.provider/sign_out")
.disableSignOut(true)
.strategyVersion(2)
.tenantDomain("example.com")
.domainAliases(
"example.com",
"alias.example.com")
.protocolBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")
.requestTemplate("""
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
ID="@@ID@@"
IssueInstant="@@IssueInstant@@"
ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest> """)
.userIdAttribute("https://saml.provider/imi/ns/identity-200810")
.signatureAlgorithm("rsa-sha256")
.digestAlgorithm("sha256")
.iconUrl("https://saml.provider/assets/logo.png")
.entityId("<entity_id>")
.metadataXml("""
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
""")
.metadataUrl("https://saml.provider/imi/ns/FederationMetadata.xml")
.fieldsMap(serializeJson(
jsonObject(
jsonProperty("name", jsonArray(
"name",
"nameidentifier"
)),
jsonProperty("email", jsonArray(
"emailaddress",
"nameidentifier"
)),
jsonProperty("family_name", "surname")
)))
.signingKey(ConnectionOptionsSigningKeyArgs.builder()
.key("""
-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY----- """)
.cert("""
-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE----- """)
.build())
.decryptionKey(ConnectionOptionsDecryptionKeyArgs.builder()
.key("""
-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY----- """)
.cert("""
-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE----- """)
.build())
.idpInitiated(ConnectionOptionsIdpInitiatedArgs.builder()
.clientId("client_id")
.clientProtocol("samlp")
.clientAuthorizeQuery("type=code&timeout=30")
.build())
.build())
.build());
}
}
resources:
# This is an example of a SAML connection.
samlp:
type: auth0:Connection
properties:
name: SAML-Connection
strategy: samlp
options:
debug: false
signingCert: <signing-certificate>
signInEndpoint: https://saml.provider/sign_in
signOutEndpoint: https://saml.provider/sign_out
disableSignOut: true
strategyVersion: 2
tenantDomain: example.com
domainAliases:
- example.com
- alias.example.com
protocolBinding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
requestTemplate: |-
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
ID="@@ID@@"
IssueInstant="@@IssueInstant@@"
ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>
userIdAttribute: https://saml.provider/imi/ns/identity-200810
signatureAlgorithm: rsa-sha256
digestAlgorithm: sha256
iconUrl: https://saml.provider/assets/logo.png
entityId: <entity_id>
metadataXml: |2
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://example.com">
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_out"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://saml.provider/sign_in"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
metadataUrl: https://saml.provider/imi/ns/FederationMetadata.xml
fieldsMap:
fn::toJSON:
name:
- name
- nameidentifier
email:
- emailaddress
- nameidentifier
family_name: surname
signingKey:
key: |-
-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----
cert: |-
-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----
decryptionKey:
key: |-
-----BEGIN PRIVATE KEY-----
...{your private key here}...
-----END PRIVATE KEY-----
cert: |-
-----BEGIN CERTIFICATE-----
...{your public key cert here}...
-----END CERTIFICATE-----
idpInitiated:
clientId: client_id
clientProtocol: samlp
clientAuthorizeQuery: type=code&timeout=30
WindowsLive Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of a WindowsLive connection.
const windowslive = new auth0.Connection("windowslive", {
name: "Windowslive-Connection",
strategy: "windowslive",
options: {
clientId: "<client-id>",
clientSecret: "<client-secret>",
strategyVersion: 2,
scopes: [
"signin",
"graph_user",
],
setUserRootAttributes: "on_first_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
},
});
import pulumi
import pulumi_auth0 as auth0
# This is an example of a WindowsLive connection.
windowslive = auth0.Connection("windowslive",
name="Windowslive-Connection",
strategy="windowslive",
options={
"client_id": "<client-id>",
"client_secret": "<client-secret>",
"strategy_version": 2,
"scopes": [
"signin",
"graph_user",
],
"set_user_root_attributes": "on_first_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
})
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// This is an example of a WindowsLive connection.
_, err := auth0.NewConnection(ctx, "windowslive", &auth0.ConnectionArgs{
Name: pulumi.String("Windowslive-Connection"),
Strategy: pulumi.String("windowslive"),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("<client-id>"),
ClientSecret: pulumi.String("<client-secret>"),
StrategyVersion: pulumi.Int(2),
Scopes: pulumi.StringArray{
pulumi.String("signin"),
pulumi.String("graph_user"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of a WindowsLive connection.
var windowslive = new Auth0.Connection("windowslive", new()
{
Name = "Windowslive-Connection",
Strategy = "windowslive",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "<client-id>",
ClientSecret = "<client-secret>",
StrategyVersion = 2,
Scopes = new[]
{
"signin",
"graph_user",
},
SetUserRootAttributes = "on_first_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of a WindowsLive connection.
var windowslive = new Connection("windowslive", ConnectionArgs.builder()
.name("Windowslive-Connection")
.strategy("windowslive")
.options(ConnectionOptionsArgs.builder()
.clientId("<client-id>")
.clientSecret("<client-secret>")
.strategyVersion(2)
.scopes(
"signin",
"graph_user")
.setUserRootAttributes("on_first_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.build())
.build());
}
}
resources:
# This is an example of a WindowsLive connection.
windowslive:
type: auth0:Connection
properties:
name: Windowslive-Connection
strategy: windowslive
options:
clientId: <client-id>
clientSecret: <client-secret>
strategyVersion: 2
scopes:
- signin
- graph_user
setUserRootAttributes: on_first_login
nonPersistentAttrs:
- ethnicity
- gender
OIDC Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an OIDC connection.
const oidc = new auth0.Connection("oidc", {
name: "oidc-connection",
displayName: "OIDC Connection",
strategy: "oidc",
showAsButton: false,
options: {
clientId: "1234567",
clientSecret: "1234567",
domainAliases: ["example.com"],
tenantDomain: "",
iconUrl: "https://example.com/assets/logo.png",
type: "back_channel",
issuer: "https://www.paypalobjects.com",
jwksUri: "https://api.paypal.com/v1/oauth2/certs",
discoveryUrl: "https://www.paypalobjects.com/.well-known/openid-configuration",
tokenEndpoint: "https://api.paypal.com/v1/oauth2/token",
userinfoEndpoint: "https://api.paypal.com/v1/oauth2/token/userinfo",
authorizationEndpoint: "https://www.paypal.com/signin/authorize",
scopes: [
"openid",
"email",
],
setUserRootAttributes: "on_first_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
connectionSettings: {
pkce: "auto",
},
attributeMap: {
mappingMode: "use_map",
userinfoScope: "openid email profile groups",
attributes: JSON.stringify({
name: "${context.tokenset.name}",
email: "${context.tokenset.email}",
email_verified: "${context.tokenset.email_verified}",
nickname: "${context.tokenset.nickname}",
picture: "${context.tokenset.picture}",
given_name: "${context.tokenset.given_name}",
family_name: "${context.tokenset.family_name}",
}),
},
},
});
import pulumi
import json
import pulumi_auth0 as auth0
# This is an example of an OIDC connection.
oidc = auth0.Connection("oidc",
name="oidc-connection",
display_name="OIDC Connection",
strategy="oidc",
show_as_button=False,
options={
"client_id": "1234567",
"client_secret": "1234567",
"domain_aliases": ["example.com"],
"tenant_domain": "",
"icon_url": "https://example.com/assets/logo.png",
"type": "back_channel",
"issuer": "https://www.paypalobjects.com",
"jwks_uri": "https://api.paypal.com/v1/oauth2/certs",
"discovery_url": "https://www.paypalobjects.com/.well-known/openid-configuration",
"token_endpoint": "https://api.paypal.com/v1/oauth2/token",
"userinfo_endpoint": "https://api.paypal.com/v1/oauth2/token/userinfo",
"authorization_endpoint": "https://www.paypal.com/signin/authorize",
"scopes": [
"openid",
"email",
],
"set_user_root_attributes": "on_first_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
"connection_settings": {
"pkce": "auto",
},
"attribute_map": {
"mapping_mode": "use_map",
"userinfo_scope": "openid email profile groups",
"attributes": json.dumps({
"name": "${context.tokenset.name}",
"email": "${context.tokenset.email}",
"email_verified": "${context.tokenset.email_verified}",
"nickname": "${context.tokenset.nickname}",
"picture": "${context.tokenset.picture}",
"given_name": "${context.tokenset.given_name}",
"family_name": "${context.tokenset.family_name}",
}),
},
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"name": "${context.tokenset.name}",
"email": "${context.tokenset.email}",
"email_verified": "${context.tokenset.email_verified}",
"nickname": "${context.tokenset.nickname}",
"picture": "${context.tokenset.picture}",
"given_name": "${context.tokenset.given_name}",
"family_name": "${context.tokenset.family_name}",
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
// This is an example of an OIDC connection.
_, err = auth0.NewConnection(ctx, "oidc", &auth0.ConnectionArgs{
Name: pulumi.String("oidc-connection"),
DisplayName: pulumi.String("OIDC Connection"),
Strategy: pulumi.String("oidc"),
ShowAsButton: pulumi.Bool(false),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("1234567"),
ClientSecret: pulumi.String("1234567"),
DomainAliases: pulumi.StringArray{
pulumi.String("example.com"),
},
TenantDomain: pulumi.String(""),
IconUrl: pulumi.String("https://example.com/assets/logo.png"),
Type: pulumi.String("back_channel"),
Issuer: pulumi.String("https://www.paypalobjects.com"),
JwksUri: pulumi.String("https://api.paypal.com/v1/oauth2/certs"),
DiscoveryUrl: pulumi.String("https://www.paypalobjects.com/.well-known/openid-configuration"),
TokenEndpoint: pulumi.String("https://api.paypal.com/v1/oauth2/token"),
UserinfoEndpoint: pulumi.String("https://api.paypal.com/v1/oauth2/token/userinfo"),
AuthorizationEndpoint: pulumi.String("https://www.paypal.com/signin/authorize"),
Scopes: pulumi.StringArray{
pulumi.String("openid"),
pulumi.String("email"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
ConnectionSettings: &auth0.ConnectionOptionsConnectionSettingsArgs{
Pkce: pulumi.String("auto"),
},
AttributeMap: &auth0.ConnectionOptionsAttributeMapArgs{
MappingMode: pulumi.String("use_map"),
UserinfoScope: pulumi.String("openid email profile groups"),
Attributes: pulumi.String(json0),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an OIDC connection.
var oidc = new Auth0.Connection("oidc", new()
{
Name = "oidc-connection",
DisplayName = "OIDC Connection",
Strategy = "oidc",
ShowAsButton = false,
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "1234567",
ClientSecret = "1234567",
DomainAliases = new[]
{
"example.com",
},
TenantDomain = "",
IconUrl = "https://example.com/assets/logo.png",
Type = "back_channel",
Issuer = "https://www.paypalobjects.com",
JwksUri = "https://api.paypal.com/v1/oauth2/certs",
DiscoveryUrl = "https://www.paypalobjects.com/.well-known/openid-configuration",
TokenEndpoint = "https://api.paypal.com/v1/oauth2/token",
UserinfoEndpoint = "https://api.paypal.com/v1/oauth2/token/userinfo",
AuthorizationEndpoint = "https://www.paypal.com/signin/authorize",
Scopes = new[]
{
"openid",
"email",
},
SetUserRootAttributes = "on_first_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
ConnectionSettings = new Auth0.Inputs.ConnectionOptionsConnectionSettingsArgs
{
Pkce = "auto",
},
AttributeMap = new Auth0.Inputs.ConnectionOptionsAttributeMapArgs
{
MappingMode = "use_map",
UserinfoScope = "openid email profile groups",
Attributes = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["name"] = "${context.tokenset.name}",
["email"] = "${context.tokenset.email}",
["email_verified"] = "${context.tokenset.email_verified}",
["nickname"] = "${context.tokenset.nickname}",
["picture"] = "${context.tokenset.picture}",
["given_name"] = "${context.tokenset.given_name}",
["family_name"] = "${context.tokenset.family_name}",
}),
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsConnectionSettingsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsAttributeMapArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an OIDC connection.
var oidc = new Connection("oidc", ConnectionArgs.builder()
.name("oidc-connection")
.displayName("OIDC Connection")
.strategy("oidc")
.showAsButton(false)
.options(ConnectionOptionsArgs.builder()
.clientId("1234567")
.clientSecret("1234567")
.domainAliases("example.com")
.tenantDomain("")
.iconUrl("https://example.com/assets/logo.png")
.type("back_channel")
.issuer("https://www.paypalobjects.com")
.jwksUri("https://api.paypal.com/v1/oauth2/certs")
.discoveryUrl("https://www.paypalobjects.com/.well-known/openid-configuration")
.tokenEndpoint("https://api.paypal.com/v1/oauth2/token")
.userinfoEndpoint("https://api.paypal.com/v1/oauth2/token/userinfo")
.authorizationEndpoint("https://www.paypal.com/signin/authorize")
.scopes(
"openid",
"email")
.setUserRootAttributes("on_first_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.connectionSettings(ConnectionOptionsConnectionSettingsArgs.builder()
.pkce("auto")
.build())
.attributeMap(ConnectionOptionsAttributeMapArgs.builder()
.mappingMode("use_map")
.userinfoScope("openid email profile groups")
.attributes(serializeJson(
jsonObject(
jsonProperty("name", "${context.tokenset.name}"),
jsonProperty("email", "${context.tokenset.email}"),
jsonProperty("email_verified", "${context.tokenset.email_verified}"),
jsonProperty("nickname", "${context.tokenset.nickname}"),
jsonProperty("picture", "${context.tokenset.picture}"),
jsonProperty("given_name", "${context.tokenset.given_name}"),
jsonProperty("family_name", "${context.tokenset.family_name}")
)))
.build())
.build())
.build());
}
}
resources:
# This is an example of an OIDC connection.
oidc:
type: auth0:Connection
properties:
name: oidc-connection
displayName: OIDC Connection
strategy: oidc
showAsButton: false
options:
clientId: '1234567'
clientSecret: '1234567'
domainAliases:
- example.com
tenantDomain: ""
iconUrl: https://example.com/assets/logo.png
type: back_channel
issuer: https://www.paypalobjects.com
jwksUri: https://api.paypal.com/v1/oauth2/certs
discoveryUrl: https://www.paypalobjects.com/.well-known/openid-configuration
tokenEndpoint: https://api.paypal.com/v1/oauth2/token
userinfoEndpoint: https://api.paypal.com/v1/oauth2/token/userinfo
authorizationEndpoint: https://www.paypal.com/signin/authorize
scopes:
- openid
- email
setUserRootAttributes: on_first_login
nonPersistentAttrs:
- ethnicity
- gender
connectionSettings:
pkce: auto
attributeMap:
mappingMode: use_map
userinfoScope: openid email profile groups
attributes:
fn::toJSON:
name: $${context.tokenset.name}
email: $${context.tokenset.email}
email_verified: $${context.tokenset.email_verified}
nickname: $${context.tokenset.nickname}
picture: $${context.tokenset.picture}
given_name: $${context.tokenset.given_name}
family_name: $${context.tokenset.family_name}
Okta Connection
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// This is an example of an Okta Workforce connection.
const okta = new auth0.Connection("okta", {
name: "okta-connection",
displayName: "Okta Workforce Connection",
strategy: "okta",
showAsButton: false,
options: {
clientId: "1234567",
clientSecret: "1234567",
domain: "example.okta.com",
domainAliases: ["example.com"],
issuer: "https://example.okta.com",
jwksUri: "https://example.okta.com/oauth2/v1/keys",
tokenEndpoint: "https://example.okta.com/oauth2/v1/token",
userinfoEndpoint: "https://example.okta.com/oauth2/v1/userinfo",
authorizationEndpoint: "https://example.okta.com/oauth2/v1/authorize",
scopes: [
"openid",
"email",
],
setUserRootAttributes: "on_first_login",
nonPersistentAttrs: [
"ethnicity",
"gender",
],
upstreamParams: JSON.stringify({
screen_name: {
alias: "login_hint",
},
}),
connectionSettings: {
pkce: "auto",
},
attributeMap: {
mappingMode: "basic_profile",
userinfoScope: "openid email profile groups",
attributes: JSON.stringify({
name: "${context.tokenset.name}",
email: "${context.tokenset.email}",
email_verified: "${context.tokenset.email_verified}",
nickname: "${context.tokenset.nickname}",
picture: "${context.tokenset.picture}",
given_name: "${context.tokenset.given_name}",
family_name: "${context.tokenset.family_name}",
}),
},
},
});
import pulumi
import json
import pulumi_auth0 as auth0
# This is an example of an Okta Workforce connection.
okta = auth0.Connection("okta",
name="okta-connection",
display_name="Okta Workforce Connection",
strategy="okta",
show_as_button=False,
options={
"client_id": "1234567",
"client_secret": "1234567",
"domain": "example.okta.com",
"domain_aliases": ["example.com"],
"issuer": "https://example.okta.com",
"jwks_uri": "https://example.okta.com/oauth2/v1/keys",
"token_endpoint": "https://example.okta.com/oauth2/v1/token",
"userinfo_endpoint": "https://example.okta.com/oauth2/v1/userinfo",
"authorization_endpoint": "https://example.okta.com/oauth2/v1/authorize",
"scopes": [
"openid",
"email",
],
"set_user_root_attributes": "on_first_login",
"non_persistent_attrs": [
"ethnicity",
"gender",
],
"upstream_params": json.dumps({
"screen_name": {
"alias": "login_hint",
},
}),
"connection_settings": {
"pkce": "auto",
},
"attribute_map": {
"mapping_mode": "basic_profile",
"userinfo_scope": "openid email profile groups",
"attributes": json.dumps({
"name": "${context.tokenset.name}",
"email": "${context.tokenset.email}",
"email_verified": "${context.tokenset.email_verified}",
"nickname": "${context.tokenset.nickname}",
"picture": "${context.tokenset.picture}",
"given_name": "${context.tokenset.given_name}",
"family_name": "${context.tokenset.family_name}",
}),
},
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"screen_name": map[string]interface{}{
"alias": "login_hint",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
tmpJSON1, err := json.Marshal(map[string]interface{}{
"name": "${context.tokenset.name}",
"email": "${context.tokenset.email}",
"email_verified": "${context.tokenset.email_verified}",
"nickname": "${context.tokenset.nickname}",
"picture": "${context.tokenset.picture}",
"given_name": "${context.tokenset.given_name}",
"family_name": "${context.tokenset.family_name}",
})
if err != nil {
return err
}
json1 := string(tmpJSON1)
// This is an example of an Okta Workforce connection.
_, err = auth0.NewConnection(ctx, "okta", &auth0.ConnectionArgs{
Name: pulumi.String("okta-connection"),
DisplayName: pulumi.String("Okta Workforce Connection"),
Strategy: pulumi.String("okta"),
ShowAsButton: pulumi.Bool(false),
Options: &auth0.ConnectionOptionsArgs{
ClientId: pulumi.String("1234567"),
ClientSecret: pulumi.String("1234567"),
Domain: pulumi.String("example.okta.com"),
DomainAliases: pulumi.StringArray{
pulumi.String("example.com"),
},
Issuer: pulumi.String("https://example.okta.com"),
JwksUri: pulumi.String("https://example.okta.com/oauth2/v1/keys"),
TokenEndpoint: pulumi.String("https://example.okta.com/oauth2/v1/token"),
UserinfoEndpoint: pulumi.String("https://example.okta.com/oauth2/v1/userinfo"),
AuthorizationEndpoint: pulumi.String("https://example.okta.com/oauth2/v1/authorize"),
Scopes: pulumi.StringArray{
pulumi.String("openid"),
pulumi.String("email"),
},
SetUserRootAttributes: pulumi.String("on_first_login"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("ethnicity"),
pulumi.String("gender"),
},
UpstreamParams: pulumi.String(json0),
ConnectionSettings: &auth0.ConnectionOptionsConnectionSettingsArgs{
Pkce: pulumi.String("auto"),
},
AttributeMap: &auth0.ConnectionOptionsAttributeMapArgs{
MappingMode: pulumi.String("basic_profile"),
UserinfoScope: pulumi.String("openid email profile groups"),
Attributes: pulumi.String(json1),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// This is an example of an Okta Workforce connection.
var okta = new Auth0.Connection("okta", new()
{
Name = "okta-connection",
DisplayName = "Okta Workforce Connection",
Strategy = "okta",
ShowAsButton = false,
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ClientId = "1234567",
ClientSecret = "1234567",
Domain = "example.okta.com",
DomainAliases = new[]
{
"example.com",
},
Issuer = "https://example.okta.com",
JwksUri = "https://example.okta.com/oauth2/v1/keys",
TokenEndpoint = "https://example.okta.com/oauth2/v1/token",
UserinfoEndpoint = "https://example.okta.com/oauth2/v1/userinfo",
AuthorizationEndpoint = "https://example.okta.com/oauth2/v1/authorize",
Scopes = new[]
{
"openid",
"email",
},
SetUserRootAttributes = "on_first_login",
NonPersistentAttrs = new[]
{
"ethnicity",
"gender",
},
UpstreamParams = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["screen_name"] = new Dictionary<string, object?>
{
["alias"] = "login_hint",
},
}),
ConnectionSettings = new Auth0.Inputs.ConnectionOptionsConnectionSettingsArgs
{
Pkce = "auto",
},
AttributeMap = new Auth0.Inputs.ConnectionOptionsAttributeMapArgs
{
MappingMode = "basic_profile",
UserinfoScope = "openid email profile groups",
Attributes = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["name"] = "${context.tokenset.name}",
["email"] = "${context.tokenset.email}",
["email_verified"] = "${context.tokenset.email_verified}",
["nickname"] = "${context.tokenset.nickname}",
["picture"] = "${context.tokenset.picture}",
["given_name"] = "${context.tokenset.given_name}",
["family_name"] = "${context.tokenset.family_name}",
}),
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Connection;
import com.pulumi.auth0.ConnectionArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsConnectionSettingsArgs;
import com.pulumi.auth0.inputs.ConnectionOptionsAttributeMapArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// This is an example of an Okta Workforce connection.
var okta = new Connection("okta", ConnectionArgs.builder()
.name("okta-connection")
.displayName("Okta Workforce Connection")
.strategy("okta")
.showAsButton(false)
.options(ConnectionOptionsArgs.builder()
.clientId("1234567")
.clientSecret("1234567")
.domain("example.okta.com")
.domainAliases("example.com")
.issuer("https://example.okta.com")
.jwksUri("https://example.okta.com/oauth2/v1/keys")
.tokenEndpoint("https://example.okta.com/oauth2/v1/token")
.userinfoEndpoint("https://example.okta.com/oauth2/v1/userinfo")
.authorizationEndpoint("https://example.okta.com/oauth2/v1/authorize")
.scopes(
"openid",
"email")
.setUserRootAttributes("on_first_login")
.nonPersistentAttrs(
"ethnicity",
"gender")
.upstreamParams(serializeJson(
jsonObject(
jsonProperty("screen_name", jsonObject(
jsonProperty("alias", "login_hint")
))
)))
.connectionSettings(ConnectionOptionsConnectionSettingsArgs.builder()
.pkce("auto")
.build())
.attributeMap(ConnectionOptionsAttributeMapArgs.builder()
.mappingMode("basic_profile")
.userinfoScope("openid email profile groups")
.attributes(serializeJson(
jsonObject(
jsonProperty("name", "${context.tokenset.name}"),
jsonProperty("email", "${context.tokenset.email}"),
jsonProperty("email_verified", "${context.tokenset.email_verified}"),
jsonProperty("nickname", "${context.tokenset.nickname}"),
jsonProperty("picture", "${context.tokenset.picture}"),
jsonProperty("given_name", "${context.tokenset.given_name}"),
jsonProperty("family_name", "${context.tokenset.family_name}")
)))
.build())
.build())
.build());
}
}
resources:
# This is an example of an Okta Workforce connection.
okta:
type: auth0:Connection
properties:
name: okta-connection
displayName: Okta Workforce Connection
strategy: okta
showAsButton: false
options:
clientId: '1234567'
clientSecret: '1234567'
domain: example.okta.com
domainAliases:
- example.com
issuer: https://example.okta.com
jwksUri: https://example.okta.com/oauth2/v1/keys
tokenEndpoint: https://example.okta.com/oauth2/v1/token
userinfoEndpoint: https://example.okta.com/oauth2/v1/userinfo
authorizationEndpoint: https://example.okta.com/oauth2/v1/authorize
scopes:
- openid
- email
setUserRootAttributes: on_first_login
nonPersistentAttrs:
- ethnicity
- gender
upstreamParams:
fn::toJSON:
screen_name:
alias: login_hint
connectionSettings:
pkce: auto
attributeMap:
mappingMode: basic_profile
userinfoScope: openid email profile groups
attributes:
fn::toJSON:
name: $${context.tokenset.name}
email: $${context.tokenset.email}
email_verified: $${context.tokenset.email_verified}
nickname: $${context.tokenset.nickname}
picture: $${context.tokenset.picture}
given_name: $${context.tokenset.given_name}
family_name: $${context.tokenset.family_name}
Create Connection Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Connection(name: string, args: ConnectionArgs, opts?: CustomResourceOptions);
@overload
def Connection(resource_name: str,
args: ConnectionArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Connection(resource_name: str,
opts: Optional[ResourceOptions] = None,
strategy: Optional[str] = None,
display_name: Optional[str] = None,
is_domain_connection: Optional[bool] = None,
metadata: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
options: Optional[ConnectionOptionsArgs] = None,
realms: Optional[Sequence[str]] = None,
show_as_button: Optional[bool] = None)
func NewConnection(ctx *Context, name string, args ConnectionArgs, opts ...ResourceOption) (*Connection, error)
public Connection(string name, ConnectionArgs args, CustomResourceOptions? opts = null)
public Connection(String name, ConnectionArgs args)
public Connection(String name, ConnectionArgs args, CustomResourceOptions options)
type: auth0:Connection
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ConnectionArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var connectionResource = new Auth0.Connection("connectionResource", new()
{
Strategy = "string",
DisplayName = "string",
IsDomainConnection = false,
Metadata =
{
{ "string", "string" },
},
Name = "string",
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
AdfsServer = "string",
AllowedAudiences = new[]
{
"string",
},
ApiEnableUsers = false,
AppId = "string",
AttributeMap = new Auth0.Inputs.ConnectionOptionsAttributeMapArgs
{
MappingMode = "string",
Attributes = "string",
UserinfoScope = "string",
},
Attributes = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeArgs
{
Emails = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeEmailArgs
{
Identifiers = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeEmailIdentifierArgs
{
Active = false,
},
},
ProfileRequired = false,
Signups = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeEmailSignupArgs
{
Status = "string",
Verifications = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeEmailSignupVerificationArgs
{
Active = false,
},
},
},
},
},
},
PhoneNumbers = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributePhoneNumberArgs
{
Identifiers = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributePhoneNumberIdentifierArgs
{
Active = false,
},
},
ProfileRequired = false,
Signups = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributePhoneNumberSignupArgs
{
Status = "string",
Verifications = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributePhoneNumberSignupVerificationArgs
{
Active = false,
},
},
},
},
},
},
Usernames = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeUsernameArgs
{
Identifiers = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeUsernameIdentifierArgs
{
Active = false,
},
},
ProfileRequired = false,
Signups = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeUsernameSignupArgs
{
Status = "string",
},
},
Validations = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeUsernameValidationArgs
{
AllowedTypes = new[]
{
new Auth0.Inputs.ConnectionOptionsAttributeUsernameValidationAllowedTypeArgs
{
Email = false,
PhoneNumber = false,
},
},
MaxLength = 0,
MinLength = 0,
},
},
},
},
},
},
AuthParams =
{
{ "string", "string" },
},
AuthorizationEndpoint = "string",
BruteForceProtection = false,
ClientId = "string",
ClientSecret = "string",
CommunityBaseUrl = "string",
Configuration =
{
{ "string", "string" },
},
ConnectionSettings = new Auth0.Inputs.ConnectionOptionsConnectionSettingsArgs
{
Pkce = "string",
},
CustomScripts =
{
{ "string", "string" },
},
Debug = false,
DecryptionKey = new Auth0.Inputs.ConnectionOptionsDecryptionKeyArgs
{
Cert = "string",
Key = "string",
},
DigestAlgorithm = "string",
DisableCache = false,
DisableSelfServiceChangePassword = false,
DisableSignOut = false,
DisableSignup = false,
DiscoveryUrl = "string",
Domain = "string",
DomainAliases = new[]
{
"string",
},
EnableScriptContext = false,
EnabledDatabaseCustomization = false,
EntityId = "string",
FedMetadataXml = "string",
FieldsMap = "string",
ForwardRequestInfo = false,
From = "string",
GatewayAuthentication = new Auth0.Inputs.ConnectionOptionsGatewayAuthenticationArgs
{
Audience = "string",
Method = "string",
Secret = "string",
SecretBase64Encoded = false,
Subject = "string",
},
GatewayUrl = "string",
IconUrl = "string",
IdentityApi = "string",
IdpInitiated = new Auth0.Inputs.ConnectionOptionsIdpInitiatedArgs
{
ClientAuthorizeQuery = "string",
ClientId = "string",
ClientProtocol = "string",
},
ImportMode = false,
Ips = new[]
{
"string",
},
Issuer = "string",
JwksUri = "string",
KeyId = "string",
MapUserIdToId = false,
MaxGroupsToRetrieve = "string",
MessagingServiceSid = "string",
MetadataUrl = "string",
MetadataXml = "string",
Mfa = new Auth0.Inputs.ConnectionOptionsMfaArgs
{
Active = false,
ReturnEnrollSettings = false,
},
Name = "string",
NonPersistentAttrs = new[]
{
"string",
},
PasswordComplexityOptions = new Auth0.Inputs.ConnectionOptionsPasswordComplexityOptionsArgs
{
MinLength = 0,
},
PasswordDictionary = new Auth0.Inputs.ConnectionOptionsPasswordDictionaryArgs
{
Dictionaries = new[]
{
"string",
},
Enable = false,
},
PasswordHistories = new[]
{
new Auth0.Inputs.ConnectionOptionsPasswordHistoryArgs
{
Enable = false,
Size = 0,
},
},
PasswordNoPersonalInfo = new Auth0.Inputs.ConnectionOptionsPasswordNoPersonalInfoArgs
{
Enable = false,
},
PasswordPolicy = "string",
PingFederateBaseUrl = "string",
PkceEnabled = false,
Precedences = new[]
{
"string",
},
ProtocolBinding = "string",
Provider = "string",
RequestTemplate = "string",
RequiresUsername = false,
Scopes = new[]
{
"string",
},
Scripts =
{
{ "string", "string" },
},
SetUserRootAttributes = "string",
ShouldTrustEmailVerifiedConnection = "string",
SignInEndpoint = "string",
SignOutEndpoint = "string",
SignSamlRequest = false,
SignatureAlgorithm = "string",
SigningCert = "string",
SigningKey = new Auth0.Inputs.ConnectionOptionsSigningKeyArgs
{
Cert = "string",
Key = "string",
},
StrategyVersion = 0,
Subject = "string",
Syntax = "string",
TeamId = "string",
Template = "string",
TenantDomain = "string",
TokenEndpoint = "string",
Totp = new Auth0.Inputs.ConnectionOptionsTotpArgs
{
Length = 0,
TimeStep = 0,
},
TwilioSid = "string",
TwilioToken = "string",
Type = "string",
UpstreamParams = "string",
UseCertAuth = false,
UseKerberos = false,
UseWsfed = false,
UserIdAttribute = "string",
UserinfoEndpoint = "string",
Validation = new Auth0.Inputs.ConnectionOptionsValidationArgs
{
Username = new Auth0.Inputs.ConnectionOptionsValidationUsernameArgs
{
Max = 0,
Min = 0,
},
},
WaadCommonEndpoint = false,
WaadProtocol = "string",
},
Realms = new[]
{
"string",
},
ShowAsButton = false,
});
example, err := auth0.NewConnection(ctx, "connectionResource", &auth0.ConnectionArgs{
Strategy: pulumi.String("string"),
DisplayName: pulumi.String("string"),
IsDomainConnection: pulumi.Bool(false),
Metadata: pulumi.StringMap{
"string": pulumi.String("string"),
},
Name: pulumi.String("string"),
Options: &auth0.ConnectionOptionsArgs{
AdfsServer: pulumi.String("string"),
AllowedAudiences: pulumi.StringArray{
pulumi.String("string"),
},
ApiEnableUsers: pulumi.Bool(false),
AppId: pulumi.String("string"),
AttributeMap: &auth0.ConnectionOptionsAttributeMapArgs{
MappingMode: pulumi.String("string"),
Attributes: pulumi.String("string"),
UserinfoScope: pulumi.String("string"),
},
Attributes: auth0.ConnectionOptionsAttributeArray{
&auth0.ConnectionOptionsAttributeArgs{
Emails: auth0.ConnectionOptionsAttributeEmailArray{
&auth0.ConnectionOptionsAttributeEmailArgs{
Identifiers: auth0.ConnectionOptionsAttributeEmailIdentifierArray{
&auth0.ConnectionOptionsAttributeEmailIdentifierArgs{
Active: pulumi.Bool(false),
},
},
ProfileRequired: pulumi.Bool(false),
Signups: auth0.ConnectionOptionsAttributeEmailSignupArray{
&auth0.ConnectionOptionsAttributeEmailSignupArgs{
Status: pulumi.String("string"),
Verifications: auth0.ConnectionOptionsAttributeEmailSignupVerificationArray{
&auth0.ConnectionOptionsAttributeEmailSignupVerificationArgs{
Active: pulumi.Bool(false),
},
},
},
},
},
},
PhoneNumbers: auth0.ConnectionOptionsAttributePhoneNumberArray{
&auth0.ConnectionOptionsAttributePhoneNumberArgs{
Identifiers: auth0.ConnectionOptionsAttributePhoneNumberIdentifierArray{
&auth0.ConnectionOptionsAttributePhoneNumberIdentifierArgs{
Active: pulumi.Bool(false),
},
},
ProfileRequired: pulumi.Bool(false),
Signups: auth0.ConnectionOptionsAttributePhoneNumberSignupArray{
&auth0.ConnectionOptionsAttributePhoneNumberSignupArgs{
Status: pulumi.String("string"),
Verifications: auth0.ConnectionOptionsAttributePhoneNumberSignupVerificationArray{
&auth0.ConnectionOptionsAttributePhoneNumberSignupVerificationArgs{
Active: pulumi.Bool(false),
},
},
},
},
},
},
Usernames: auth0.ConnectionOptionsAttributeUsernameArray{
&auth0.ConnectionOptionsAttributeUsernameArgs{
Identifiers: auth0.ConnectionOptionsAttributeUsernameIdentifierArray{
&auth0.ConnectionOptionsAttributeUsernameIdentifierArgs{
Active: pulumi.Bool(false),
},
},
ProfileRequired: pulumi.Bool(false),
Signups: auth0.ConnectionOptionsAttributeUsernameSignupArray{
&auth0.ConnectionOptionsAttributeUsernameSignupArgs{
Status: pulumi.String("string"),
},
},
Validations: auth0.ConnectionOptionsAttributeUsernameValidationArray{
&auth0.ConnectionOptionsAttributeUsernameValidationArgs{
AllowedTypes: auth0.ConnectionOptionsAttributeUsernameValidationAllowedTypeArray{
&auth0.ConnectionOptionsAttributeUsernameValidationAllowedTypeArgs{
Email: pulumi.Bool(false),
PhoneNumber: pulumi.Bool(false),
},
},
MaxLength: pulumi.Int(0),
MinLength: pulumi.Int(0),
},
},
},
},
},
},
AuthParams: pulumi.StringMap{
"string": pulumi.String("string"),
},
AuthorizationEndpoint: pulumi.String("string"),
BruteForceProtection: pulumi.Bool(false),
ClientId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
CommunityBaseUrl: pulumi.String("string"),
Configuration: pulumi.StringMap{
"string": pulumi.String("string"),
},
ConnectionSettings: &auth0.ConnectionOptionsConnectionSettingsArgs{
Pkce: pulumi.String("string"),
},
CustomScripts: pulumi.StringMap{
"string": pulumi.String("string"),
},
Debug: pulumi.Bool(false),
DecryptionKey: &auth0.ConnectionOptionsDecryptionKeyArgs{
Cert: pulumi.String("string"),
Key: pulumi.String("string"),
},
DigestAlgorithm: pulumi.String("string"),
DisableCache: pulumi.Bool(false),
DisableSelfServiceChangePassword: pulumi.Bool(false),
DisableSignOut: pulumi.Bool(false),
DisableSignup: pulumi.Bool(false),
DiscoveryUrl: pulumi.String("string"),
Domain: pulumi.String("string"),
DomainAliases: pulumi.StringArray{
pulumi.String("string"),
},
EnableScriptContext: pulumi.Bool(false),
EnabledDatabaseCustomization: pulumi.Bool(false),
EntityId: pulumi.String("string"),
FedMetadataXml: pulumi.String("string"),
FieldsMap: pulumi.String("string"),
ForwardRequestInfo: pulumi.Bool(false),
From: pulumi.String("string"),
GatewayAuthentication: &auth0.ConnectionOptionsGatewayAuthenticationArgs{
Audience: pulumi.String("string"),
Method: pulumi.String("string"),
Secret: pulumi.String("string"),
SecretBase64Encoded: pulumi.Bool(false),
Subject: pulumi.String("string"),
},
GatewayUrl: pulumi.String("string"),
IconUrl: pulumi.String("string"),
IdentityApi: pulumi.String("string"),
IdpInitiated: &auth0.ConnectionOptionsIdpInitiatedArgs{
ClientAuthorizeQuery: pulumi.String("string"),
ClientId: pulumi.String("string"),
ClientProtocol: pulumi.String("string"),
},
ImportMode: pulumi.Bool(false),
Ips: pulumi.StringArray{
pulumi.String("string"),
},
Issuer: pulumi.String("string"),
JwksUri: pulumi.String("string"),
KeyId: pulumi.String("string"),
MapUserIdToId: pulumi.Bool(false),
MaxGroupsToRetrieve: pulumi.String("string"),
MessagingServiceSid: pulumi.String("string"),
MetadataUrl: pulumi.String("string"),
MetadataXml: pulumi.String("string"),
Mfa: &auth0.ConnectionOptionsMfaArgs{
Active: pulumi.Bool(false),
ReturnEnrollSettings: pulumi.Bool(false),
},
Name: pulumi.String("string"),
NonPersistentAttrs: pulumi.StringArray{
pulumi.String("string"),
},
PasswordComplexityOptions: &auth0.ConnectionOptionsPasswordComplexityOptionsArgs{
MinLength: pulumi.Int(0),
},
PasswordDictionary: &auth0.ConnectionOptionsPasswordDictionaryArgs{
Dictionaries: pulumi.StringArray{
pulumi.String("string"),
},
Enable: pulumi.Bool(false),
},
PasswordHistories: auth0.ConnectionOptionsPasswordHistoryArray{
&auth0.ConnectionOptionsPasswordHistoryArgs{
Enable: pulumi.Bool(false),
Size: pulumi.Int(0),
},
},
PasswordNoPersonalInfo: &auth0.ConnectionOptionsPasswordNoPersonalInfoArgs{
Enable: pulumi.Bool(false),
},
PasswordPolicy: pulumi.String("string"),
PingFederateBaseUrl: pulumi.String("string"),
PkceEnabled: pulumi.Bool(false),
Precedences: pulumi.StringArray{
pulumi.String("string"),
},
ProtocolBinding: pulumi.String("string"),
Provider: pulumi.String("string"),
RequestTemplate: pulumi.String("string"),
RequiresUsername: pulumi.Bool(false),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
Scripts: pulumi.StringMap{
"string": pulumi.String("string"),
},
SetUserRootAttributes: pulumi.String("string"),
ShouldTrustEmailVerifiedConnection: pulumi.String("string"),
SignInEndpoint: pulumi.String("string"),
SignOutEndpoint: pulumi.String("string"),
SignSamlRequest: pulumi.Bool(false),
SignatureAlgorithm: pulumi.String("string"),
SigningCert: pulumi.String("string"),
SigningKey: &auth0.ConnectionOptionsSigningKeyArgs{
Cert: pulumi.String("string"),
Key: pulumi.String("string"),
},
StrategyVersion: pulumi.Int(0),
Subject: pulumi.String("string"),
Syntax: pulumi.String("string"),
TeamId: pulumi.String("string"),
Template: pulumi.String("string"),
TenantDomain: pulumi.String("string"),
TokenEndpoint: pulumi.String("string"),
Totp: &auth0.ConnectionOptionsTotpArgs{
Length: pulumi.Int(0),
TimeStep: pulumi.Int(0),
},
TwilioSid: pulumi.String("string"),
TwilioToken: pulumi.String("string"),
Type: pulumi.String("string"),
UpstreamParams: pulumi.String("string"),
UseCertAuth: pulumi.Bool(false),
UseKerberos: pulumi.Bool(false),
UseWsfed: pulumi.Bool(false),
UserIdAttribute: pulumi.String("string"),
UserinfoEndpoint: pulumi.String("string"),
Validation: &auth0.ConnectionOptionsValidationArgs{
Username: &auth0.ConnectionOptionsValidationUsernameArgs{
Max: pulumi.Int(0),
Min: pulumi.Int(0),
},
},
WaadCommonEndpoint: pulumi.Bool(false),
WaadProtocol: pulumi.String("string"),
},
Realms: pulumi.StringArray{
pulumi.String("string"),
},
ShowAsButton: pulumi.Bool(false),
})
var connectionResource = new Connection("connectionResource", ConnectionArgs.builder()
.strategy("string")
.displayName("string")
.isDomainConnection(false)
.metadata(Map.of("string", "string"))
.name("string")
.options(ConnectionOptionsArgs.builder()
.adfsServer("string")
.allowedAudiences("string")
.apiEnableUsers(false)
.appId("string")
.attributeMap(ConnectionOptionsAttributeMapArgs.builder()
.mappingMode("string")
.attributes("string")
.userinfoScope("string")
.build())
.attributes(ConnectionOptionsAttributeArgs.builder()
.emails(ConnectionOptionsAttributeEmailArgs.builder()
.identifiers(ConnectionOptionsAttributeEmailIdentifierArgs.builder()
.active(false)
.build())
.profileRequired(false)
.signups(ConnectionOptionsAttributeEmailSignupArgs.builder()
.status("string")
.verifications(ConnectionOptionsAttributeEmailSignupVerificationArgs.builder()
.active(false)
.build())
.build())
.build())
.phoneNumbers(ConnectionOptionsAttributePhoneNumberArgs.builder()
.identifiers(ConnectionOptionsAttributePhoneNumberIdentifierArgs.builder()
.active(false)
.build())
.profileRequired(false)
.signups(ConnectionOptionsAttributePhoneNumberSignupArgs.builder()
.status("string")
.verifications(ConnectionOptionsAttributePhoneNumberSignupVerificationArgs.builder()
.active(false)
.build())
.build())
.build())
.usernames(ConnectionOptionsAttributeUsernameArgs.builder()
.identifiers(ConnectionOptionsAttributeUsernameIdentifierArgs.builder()
.active(false)
.build())
.profileRequired(false)
.signups(ConnectionOptionsAttributeUsernameSignupArgs.builder()
.status("string")
.build())
.validations(ConnectionOptionsAttributeUsernameValidationArgs.builder()
.allowedTypes(ConnectionOptionsAttributeUsernameValidationAllowedTypeArgs.builder()
.email(false)
.phoneNumber(false)
.build())
.maxLength(0)
.minLength(0)
.build())
.build())
.build())
.authParams(Map.of("string", "string"))
.authorizationEndpoint("string")
.bruteForceProtection(false)
.clientId("string")
.clientSecret("string")
.communityBaseUrl("string")
.configuration(Map.of("string", "string"))
.connectionSettings(ConnectionOptionsConnectionSettingsArgs.builder()
.pkce("string")
.build())
.customScripts(Map.of("string", "string"))
.debug(false)
.decryptionKey(ConnectionOptionsDecryptionKeyArgs.builder()
.cert("string")
.key("string")
.build())
.digestAlgorithm("string")
.disableCache(false)
.disableSelfServiceChangePassword(false)
.disableSignOut(false)
.disableSignup(false)
.discoveryUrl("string")
.domain("string")
.domainAliases("string")
.enableScriptContext(false)
.enabledDatabaseCustomization(false)
.entityId("string")
.fedMetadataXml("string")
.fieldsMap("string")
.forwardRequestInfo(false)
.from("string")
.gatewayAuthentication(ConnectionOptionsGatewayAuthenticationArgs.builder()
.audience("string")
.method("string")
.secret("string")
.secretBase64Encoded(false)
.subject("string")
.build())
.gatewayUrl("string")
.iconUrl("string")
.identityApi("string")
.idpInitiated(ConnectionOptionsIdpInitiatedArgs.builder()
.clientAuthorizeQuery("string")
.clientId("string")
.clientProtocol("string")
.build())
.importMode(false)
.ips("string")
.issuer("string")
.jwksUri("string")
.keyId("string")
.mapUserIdToId(false)
.maxGroupsToRetrieve("string")
.messagingServiceSid("string")
.metadataUrl("string")
.metadataXml("string")
.mfa(ConnectionOptionsMfaArgs.builder()
.active(false)
.returnEnrollSettings(false)
.build())
.name("string")
.nonPersistentAttrs("string")
.passwordComplexityOptions(ConnectionOptionsPasswordComplexityOptionsArgs.builder()
.minLength(0)
.build())
.passwordDictionary(ConnectionOptionsPasswordDictionaryArgs.builder()
.dictionaries("string")
.enable(false)
.build())
.passwordHistories(ConnectionOptionsPasswordHistoryArgs.builder()
.enable(false)
.size(0)
.build())
.passwordNoPersonalInfo(ConnectionOptionsPasswordNoPersonalInfoArgs.builder()
.enable(false)
.build())
.passwordPolicy("string")
.pingFederateBaseUrl("string")
.pkceEnabled(false)
.precedences("string")
.protocolBinding("string")
.provider("string")
.requestTemplate("string")
.requiresUsername(false)
.scopes("string")
.scripts(Map.of("string", "string"))
.setUserRootAttributes("string")
.shouldTrustEmailVerifiedConnection("string")
.signInEndpoint("string")
.signOutEndpoint("string")
.signSamlRequest(false)
.signatureAlgorithm("string")
.signingCert("string")
.signingKey(ConnectionOptionsSigningKeyArgs.builder()
.cert("string")
.key("string")
.build())
.strategyVersion(0)
.subject("string")
.syntax("string")
.teamId("string")
.template("string")
.tenantDomain("string")
.tokenEndpoint("string")
.totp(ConnectionOptionsTotpArgs.builder()
.length(0)
.timeStep(0)
.build())
.twilioSid("string")
.twilioToken("string")
.type("string")
.upstreamParams("string")
.useCertAuth(false)
.useKerberos(false)
.useWsfed(false)
.userIdAttribute("string")
.userinfoEndpoint("string")
.validation(ConnectionOptionsValidationArgs.builder()
.username(ConnectionOptionsValidationUsernameArgs.builder()
.max(0)
.min(0)
.build())
.build())
.waadCommonEndpoint(false)
.waadProtocol("string")
.build())
.realms("string")
.showAsButton(false)
.build());
connection_resource = auth0.Connection("connectionResource",
strategy="string",
display_name="string",
is_domain_connection=False,
metadata={
"string": "string",
},
name="string",
options={
"adfs_server": "string",
"allowed_audiences": ["string"],
"api_enable_users": False,
"app_id": "string",
"attribute_map": {
"mapping_mode": "string",
"attributes": "string",
"userinfo_scope": "string",
},
"attributes": [{
"emails": [{
"identifiers": [{
"active": False,
}],
"profile_required": False,
"signups": [{
"status": "string",
"verifications": [{
"active": False,
}],
}],
}],
"phone_numbers": [{
"identifiers": [{
"active": False,
}],
"profile_required": False,
"signups": [{
"status": "string",
"verifications": [{
"active": False,
}],
}],
}],
"usernames": [{
"identifiers": [{
"active": False,
}],
"profile_required": False,
"signups": [{
"status": "string",
}],
"validations": [{
"allowed_types": [{
"email": False,
"phone_number": False,
}],
"max_length": 0,
"min_length": 0,
}],
}],
}],
"auth_params": {
"string": "string",
},
"authorization_endpoint": "string",
"brute_force_protection": False,
"client_id": "string",
"client_secret": "string",
"community_base_url": "string",
"configuration": {
"string": "string",
},
"connection_settings": {
"pkce": "string",
},
"custom_scripts": {
"string": "string",
},
"debug": False,
"decryption_key": {
"cert": "string",
"key": "string",
},
"digest_algorithm": "string",
"disable_cache": False,
"disable_self_service_change_password": False,
"disable_sign_out": False,
"disable_signup": False,
"discovery_url": "string",
"domain": "string",
"domain_aliases": ["string"],
"enable_script_context": False,
"enabled_database_customization": False,
"entity_id": "string",
"fed_metadata_xml": "string",
"fields_map": "string",
"forward_request_info": False,
"from_": "string",
"gateway_authentication": {
"audience": "string",
"method": "string",
"secret": "string",
"secret_base64_encoded": False,
"subject": "string",
},
"gateway_url": "string",
"icon_url": "string",
"identity_api": "string",
"idp_initiated": {
"client_authorize_query": "string",
"client_id": "string",
"client_protocol": "string",
},
"import_mode": False,
"ips": ["string"],
"issuer": "string",
"jwks_uri": "string",
"key_id": "string",
"map_user_id_to_id": False,
"max_groups_to_retrieve": "string",
"messaging_service_sid": "string",
"metadata_url": "string",
"metadata_xml": "string",
"mfa": {
"active": False,
"return_enroll_settings": False,
},
"name": "string",
"non_persistent_attrs": ["string"],
"password_complexity_options": {
"min_length": 0,
},
"password_dictionary": {
"dictionaries": ["string"],
"enable": False,
},
"password_histories": [{
"enable": False,
"size": 0,
}],
"password_no_personal_info": {
"enable": False,
},
"password_policy": "string",
"ping_federate_base_url": "string",
"pkce_enabled": False,
"precedences": ["string"],
"protocol_binding": "string",
"provider": "string",
"request_template": "string",
"requires_username": False,
"scopes": ["string"],
"scripts": {
"string": "string",
},
"set_user_root_attributes": "string",
"should_trust_email_verified_connection": "string",
"sign_in_endpoint": "string",
"sign_out_endpoint": "string",
"sign_saml_request": False,
"signature_algorithm": "string",
"signing_cert": "string",
"signing_key": {
"cert": "string",
"key": "string",
},
"strategy_version": 0,
"subject": "string",
"syntax": "string",
"team_id": "string",
"template": "string",
"tenant_domain": "string",
"token_endpoint": "string",
"totp": {
"length": 0,
"time_step": 0,
},
"twilio_sid": "string",
"twilio_token": "string",
"type": "string",
"upstream_params": "string",
"use_cert_auth": False,
"use_kerberos": False,
"use_wsfed": False,
"user_id_attribute": "string",
"userinfo_endpoint": "string",
"validation": {
"username": {
"max": 0,
"min": 0,
},
},
"waad_common_endpoint": False,
"waad_protocol": "string",
},
realms=["string"],
show_as_button=False)
const connectionResource = new auth0.Connection("connectionResource", {
strategy: "string",
displayName: "string",
isDomainConnection: false,
metadata: {
string: "string",
},
name: "string",
options: {
adfsServer: "string",
allowedAudiences: ["string"],
apiEnableUsers: false,
appId: "string",
attributeMap: {
mappingMode: "string",
attributes: "string",
userinfoScope: "string",
},
attributes: [{
emails: [{
identifiers: [{
active: false,
}],
profileRequired: false,
signups: [{
status: "string",
verifications: [{
active: false,
}],
}],
}],
phoneNumbers: [{
identifiers: [{
active: false,
}],
profileRequired: false,
signups: [{
status: "string",
verifications: [{
active: false,
}],
}],
}],
usernames: [{
identifiers: [{
active: false,
}],
profileRequired: false,
signups: [{
status: "string",
}],
validations: [{
allowedTypes: [{
email: false,
phoneNumber: false,
}],
maxLength: 0,
minLength: 0,
}],
}],
}],
authParams: {
string: "string",
},
authorizationEndpoint: "string",
bruteForceProtection: false,
clientId: "string",
clientSecret: "string",
communityBaseUrl: "string",
configuration: {
string: "string",
},
connectionSettings: {
pkce: "string",
},
customScripts: {
string: "string",
},
debug: false,
decryptionKey: {
cert: "string",
key: "string",
},
digestAlgorithm: "string",
disableCache: false,
disableSelfServiceChangePassword: false,
disableSignOut: false,
disableSignup: false,
discoveryUrl: "string",
domain: "string",
domainAliases: ["string"],
enableScriptContext: false,
enabledDatabaseCustomization: false,
entityId: "string",
fedMetadataXml: "string",
fieldsMap: "string",
forwardRequestInfo: false,
from: "string",
gatewayAuthentication: {
audience: "string",
method: "string",
secret: "string",
secretBase64Encoded: false,
subject: "string",
},
gatewayUrl: "string",
iconUrl: "string",
identityApi: "string",
idpInitiated: {
clientAuthorizeQuery: "string",
clientId: "string",
clientProtocol: "string",
},
importMode: false,
ips: ["string"],
issuer: "string",
jwksUri: "string",
keyId: "string",
mapUserIdToId: false,
maxGroupsToRetrieve: "string",
messagingServiceSid: "string",
metadataUrl: "string",
metadataXml: "string",
mfa: {
active: false,
returnEnrollSettings: false,
},
name: "string",
nonPersistentAttrs: ["string"],
passwordComplexityOptions: {
minLength: 0,
},
passwordDictionary: {
dictionaries: ["string"],
enable: false,
},
passwordHistories: [{
enable: false,
size: 0,
}],
passwordNoPersonalInfo: {
enable: false,
},
passwordPolicy: "string",
pingFederateBaseUrl: "string",
pkceEnabled: false,
precedences: ["string"],
protocolBinding: "string",
provider: "string",
requestTemplate: "string",
requiresUsername: false,
scopes: ["string"],
scripts: {
string: "string",
},
setUserRootAttributes: "string",
shouldTrustEmailVerifiedConnection: "string",
signInEndpoint: "string",
signOutEndpoint: "string",
signSamlRequest: false,
signatureAlgorithm: "string",
signingCert: "string",
signingKey: {
cert: "string",
key: "string",
},
strategyVersion: 0,
subject: "string",
syntax: "string",
teamId: "string",
template: "string",
tenantDomain: "string",
tokenEndpoint: "string",
totp: {
length: 0,
timeStep: 0,
},
twilioSid: "string",
twilioToken: "string",
type: "string",
upstreamParams: "string",
useCertAuth: false,
useKerberos: false,
useWsfed: false,
userIdAttribute: "string",
userinfoEndpoint: "string",
validation: {
username: {
max: 0,
min: 0,
},
},
waadCommonEndpoint: false,
waadProtocol: "string",
},
realms: ["string"],
showAsButton: false,
});
type: auth0:Connection
properties:
displayName: string
isDomainConnection: false
metadata:
string: string
name: string
options:
adfsServer: string
allowedAudiences:
- string
apiEnableUsers: false
appId: string
attributeMap:
attributes: string
mappingMode: string
userinfoScope: string
attributes:
- emails:
- identifiers:
- active: false
profileRequired: false
signups:
- status: string
verifications:
- active: false
phoneNumbers:
- identifiers:
- active: false
profileRequired: false
signups:
- status: string
verifications:
- active: false
usernames:
- identifiers:
- active: false
profileRequired: false
signups:
- status: string
validations:
- allowedTypes:
- email: false
phoneNumber: false
maxLength: 0
minLength: 0
authParams:
string: string
authorizationEndpoint: string
bruteForceProtection: false
clientId: string
clientSecret: string
communityBaseUrl: string
configuration:
string: string
connectionSettings:
pkce: string
customScripts:
string: string
debug: false
decryptionKey:
cert: string
key: string
digestAlgorithm: string
disableCache: false
disableSelfServiceChangePassword: false
disableSignOut: false
disableSignup: false
discoveryUrl: string
domain: string
domainAliases:
- string
enableScriptContext: false
enabledDatabaseCustomization: false
entityId: string
fedMetadataXml: string
fieldsMap: string
forwardRequestInfo: false
from: string
gatewayAuthentication:
audience: string
method: string
secret: string
secretBase64Encoded: false
subject: string
gatewayUrl: string
iconUrl: string
identityApi: string
idpInitiated:
clientAuthorizeQuery: string
clientId: string
clientProtocol: string
importMode: false
ips:
- string
issuer: string
jwksUri: string
keyId: string
mapUserIdToId: false
maxGroupsToRetrieve: string
messagingServiceSid: string
metadataUrl: string
metadataXml: string
mfa:
active: false
returnEnrollSettings: false
name: string
nonPersistentAttrs:
- string
passwordComplexityOptions:
minLength: 0
passwordDictionary:
dictionaries:
- string
enable: false
passwordHistories:
- enable: false
size: 0
passwordNoPersonalInfo:
enable: false
passwordPolicy: string
pingFederateBaseUrl: string
pkceEnabled: false
precedences:
- string
protocolBinding: string
provider: string
requestTemplate: string
requiresUsername: false
scopes:
- string
scripts:
string: string
setUserRootAttributes: string
shouldTrustEmailVerifiedConnection: string
signInEndpoint: string
signOutEndpoint: string
signSamlRequest: false
signatureAlgorithm: string
signingCert: string
signingKey:
cert: string
key: string
strategyVersion: 0
subject: string
syntax: string
teamId: string
template: string
tenantDomain: string
tokenEndpoint: string
totp:
length: 0
timeStep: 0
twilioSid: string
twilioToken: string
type: string
upstreamParams: string
useCertAuth: false
useKerberos: false
useWsfed: false
userIdAttribute: string
userinfoEndpoint: string
validation:
username:
max: 0
min: 0
waadCommonEndpoint: false
waadProtocol: string
realms:
- string
showAsButton: false
strategy: string
Connection Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Connection resource accepts the following input properties:
- Strategy string
- Type of the connection, which indicates the identity provider.
- Display
Name string - Name used in login screen.
- Is
Domain boolConnection - Indicates whether the connection is domain level.
- Metadata Dictionary<string, string>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Name string
- Name of the connection.
- Options
Connection
Options - Configuration settings for connection options.
- Realms List<string>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- Strategy string
- Type of the connection, which indicates the identity provider.
- Display
Name string - Name used in login screen.
- Is
Domain boolConnection - Indicates whether the connection is domain level.
- Metadata map[string]string
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Name string
- Name of the connection.
- Options
Connection
Options Args - Configuration settings for connection options.
- Realms []string
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- strategy String
- Type of the connection, which indicates the identity provider.
- display
Name String - Name used in login screen.
- is
Domain BooleanConnection - Indicates whether the connection is domain level.
- metadata Map<String,String>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name String
- Name of the connection.
- options
Connection
Options - Configuration settings for connection options.
- realms List<String>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
- Display connection as a button. Only available on enterprise connections.
- strategy string
- Type of the connection, which indicates the identity provider.
- display
Name string - Name used in login screen.
- is
Domain booleanConnection - Indicates whether the connection is domain level.
- metadata {[key: string]: string}
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name string
- Name of the connection.
- options
Connection
Options - Configuration settings for connection options.
- realms string[]
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- boolean
- Display connection as a button. Only available on enterprise connections.
- strategy str
- Type of the connection, which indicates the identity provider.
- display_
name str - Name used in login screen.
- is_
domain_ boolconnection - Indicates whether the connection is domain level.
- metadata Mapping[str, str]
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name str
- Name of the connection.
- options
Connection
Options Args - Configuration settings for connection options.
- realms Sequence[str]
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- strategy String
- Type of the connection, which indicates the identity provider.
- display
Name String - Name used in login screen.
- is
Domain BooleanConnection - Indicates whether the connection is domain level.
- metadata Map<String>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name String
- Name of the connection.
- options Property Map
- Configuration settings for connection options.
- realms List<String>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
- Display connection as a button. Only available on enterprise connections.
Outputs
All input properties are implicitly available as output properties. Additionally, the Connection resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Connection Resource
Get an existing Connection resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ConnectionState, opts?: CustomResourceOptions): Connection
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
display_name: Optional[str] = None,
is_domain_connection: Optional[bool] = None,
metadata: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
options: Optional[ConnectionOptionsArgs] = None,
realms: Optional[Sequence[str]] = None,
show_as_button: Optional[bool] = None,
strategy: Optional[str] = None) -> Connection
func GetConnection(ctx *Context, name string, id IDInput, state *ConnectionState, opts ...ResourceOption) (*Connection, error)
public static Connection Get(string name, Input<string> id, ConnectionState? state, CustomResourceOptions? opts = null)
public static Connection get(String name, Output<String> id, ConnectionState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Display
Name string - Name used in login screen.
- Is
Domain boolConnection - Indicates whether the connection is domain level.
- Metadata Dictionary<string, string>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Name string
- Name of the connection.
- Options
Connection
Options - Configuration settings for connection options.
- Realms List<string>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- Strategy string
- Type of the connection, which indicates the identity provider.
- Display
Name string - Name used in login screen.
- Is
Domain boolConnection - Indicates whether the connection is domain level.
- Metadata map[string]string
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Name string
- Name of the connection.
- Options
Connection
Options Args - Configuration settings for connection options.
- Realms []string
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- Strategy string
- Type of the connection, which indicates the identity provider.
- display
Name String - Name used in login screen.
- is
Domain BooleanConnection - Indicates whether the connection is domain level.
- metadata Map<String,String>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name String
- Name of the connection.
- options
Connection
Options - Configuration settings for connection options.
- realms List<String>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
- Display connection as a button. Only available on enterprise connections.
- strategy String
- Type of the connection, which indicates the identity provider.
- display
Name string - Name used in login screen.
- is
Domain booleanConnection - Indicates whether the connection is domain level.
- metadata {[key: string]: string}
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- name string
- Name of the connection.
- options
Connection
Options - Configuration settings for connection options.
- realms string[]
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- boolean
- Display connection as a button. Only available on enterprise connections.
- strategy string
- Type of the connection, which indicates the identity provider.