Auth0 Connection Management Options - Full API Missing

Hi,

I’m trying to find full documentation on the Management API for updating a connection. The docs here: https://auth0.com/docs/api/management/v2#!/Connections/patch_connections_by_id
show that you can update a connection by passing the options listed, and this API here shows all the “possible” options: https://auth0.com/docs/connections/references/options-mgmt-api

However, I know there are more options available. For example, we can specify a “cert” field or “signingCert” field in the options. I’m specifically interested in these two because I am updating management code that was written by someone else and I need to understand which cert field designates what. The API docs above show no mention of these values. The cert can be modified through the Admin UI, but I need to do this programatically. Any tips on how to find the full list/description of options for connection management?

I’d like to add that the connection I’m trying to update is an Enterprise SAML connection. The fields I’m most interested in are “signingCert”, “expires”, “subject”, “thumbprints”, and “cert”.

Hello,

Here are details of these attributes and some recommendation for how to update them with the management API.

signingCert is the base64 encoded version of the certificate which you want to update for the SAML connection. With a quick test with https://www.base64encode.org/ I can get the same encoded certificate when I select UTF-8 as the destination character set and CRLF as the destination new line.

cert is the decoded (clear text) version of the certificate which you upload from the dashboard.

expires is the Validity - Not After attribute in the certificate.

subject is the Subject attribute in the certificate.

thumbprints is the certificate’s thumbprint which you may also calculate with a tool like openssl. It is stored without colons on the Auth0 side

E.g.
“thumbprints”: [
“4e66c2188bd0635cb736b42914e585af6d08620b”
],

openssl x509 -in saltukalakus.cer -fingerprint -noout

SHA1 Fingerprint=4E:66:C2:18:8B:D0:63:5C:B7:36:B4:29:14:E5:85:AF:6D:08:62:0B

You will only need to update the signingCert using the management API, rest of the above attributes are automatically generated. So here are the steps:

1- Encode your certificate with base64.
2- Use signingCert attribute in the options object to modify the connection with the encoded certificate from step-1.
3- Read the thumbprints attribute from the management API response and check it with your calculated fingerprint to make sure that operation completed successfully.

Also, please note that, for an existing connection, if you need to update the signingCert with the management API, existing attributes in the options object should be used while making the patch request otherwise they will be lost. For the following attributes though you can remove them safely e.g. cert , expires , subject , thumbprints as they will be recalculated and updated with the new signingCert attribute.

So the actual flow should be like this for an existing connections:

1- Read the connection configuration with the management API.
2- Extract the options section.
3- Remove cert , expires , subject , thumbprints form the extracted options object.
4- Calculate the new base64 encoded certificate and add it as signingCert in the options. So you will have something like in this link in step 4.
5- Use this as the payload to modify the connection.
6- Get the calculated thumbprint and compare it with the calculated digest to make sure that everything is as expected.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.