I recently (as of yesterday) started to use terraform to manage my newly created Auth0 tenant. The initial import of the infrastructure (using the auth0 tf generate command found in the official guide worked great.
However, today (after a successful terraform plan run to ensure there was no delta) I added an auth0_custom_domain resource to the stack with the required validation options, and now I am getting HTTP 402 Payment Required errors when terraform calls the Get Universal Login Template API. I have confirmed (by manually calling that API using curl) that this is the case.
The auth0_branding block in my terraform config (which has the child triggering the call to get the universal login template) is what was generated by the auth0 CLI:
So my question is: should this API be returning a 402? Is this a terraform provider issue that it should be ignoring a 402? Is this just some eventual consistency issue due to my recently enabling a custom domain that will eventually be worked out? Or is the work to support custom domains (and Universal Login templates in the free tier) still in progress?
If you enabled the custom domains for your terraform plan being on a Free plan, yes, you should get a 402 error.
This is due to the new changes. With the latest pricing changes introduced, “custom domains” is available for a free subscription with some conditions.
Note that the current free plan restricts access to custom domain configuration in a free subscription based on credit card verification. This means that for a free subscription tenant admin to be able to configure custom text, they must first complete the credit card verification step.
The credit card verification step will NOT imply actual charges, so there will be no costs associated with configuring or using the custom domain.
I recommend checking this article for more information on custom domains: Using Custom Domains with Free Tenants
Please note that the Auth0 terraform provider supports the Custom Domain for the management API. However, while initializing the provider, you need to pass the audience parameter set to your canonical domain.
I assume your tenant is in the US-3 region, so your tenant’s canonical domain is a sub-domain of us.auth0.com.
Unfortunately, I’m still scratching my head. 36 hours before I started configuring our custom domain, I did add a credit card to the Teams Account with which our tenant is associated with and, as far as I can tell from the UI, there were no issues verifying the payment information. So, unless there was some verification issue that isn’t being surfaced in the UI or an additional step I need to take, I feel like this step is complete.
Today, I decided to eliminate one variable to just side step terraform and start calling the APIs using curl. I am reliably able to get the HTTP 402 Payment Required response from the same API that terraform is erroring out on (GET /api/v2/branding/templates/universal-login) whether I call the Management API on our canonical domain directly or on our custom domain with the appropriate audience set when retrieving the auth token.
Thanks in advance for any more advice you can give!
Same issue - I have verified my custom domain. The error is very generic. There’s nothing changed, custom domain is added, verified, and works - but the terraform plan doesn’t work anymore