Auth0 Terraform Provider not handling the state for "auth0_role_permissions" resources

I am creating some resources using the Auth0 Terraform provider and I am noticing this strange behavior with the auth0_role_permissions, and I am not sure if is expected or not.

What is happening to me, is that the first time I ran my Terraform, I got an error saying that one permission didn’t exist. I added the depends_on and the terraform worked fine and all my Auth0 resources are being created.

Now what happens is that every time I run a terraform plan(without making any change to the terraform code) it says that it will update my role permissions, and the update is that it will delete the assigned permissions, like this:

# module.iq_saas_admin[0].auth0_role_permissions.iq_saas_admin_support["staging"] will be updated in-place
  ~ resource "auth0_role_permissions" "iq_saas_admin_support" {
        id      = "rol_v0XKG2RYOinLzPtZ"
        # (1 unchanged attribute hidden)

      - permissions {
          - description                = "Permission to generate support zip files" -> null
          - name                       = "create:support-zip" -> null
          - resource_server_identifier = "https://dev.app.dev/" -> null
          - resource_server_name       = "dev-iq-saas-admin-api" -> null
        }
      - permissions {
          - description                = "Permission to read IQ SaaS tenants" -> null
          - name                       = "read:tenants" -> null
          - resource_server_identifier = "https://dev.appdev/" -> null
          - resource_server_name       = "dev-iq-saas-admin-api" -> null
        }

        # (2 unchanged blocks hidden)
    }

If apply the terraform plan, then the role permissions are deleted, and if I run again the terraform plan(Again without making any change to the terraform code), what happens is that my role permissions will be updated again, but now all the permissions will be added, something like this:

# module.iq_saas_admin[0].auth0_role_permissions.iq_saas_admin_support["dev"] will be updated in-place
  ~ resource "auth0_role_permissions" "iq_saas_admin_support" {
        id      = "rol_v0XKG2RYOinLzPtZ"
        # (1 unchanged attribute hidden)

      + permissions {
          + description                = (known after apply)
          + name                       = "create:support-zip"
          + resource_server_identifier = "https://dev.app.dev/"
          + resource_server_name       = (known after apply)
        }
      + permissions {
          + description                = (known after apply)
          + name                       = "read:tenants"
          + resource_server_identifier = "https://dev.appdev/"
          + resource_server_name       = (known after apply)
        }
    }

So in the end I never get the No Changesmessage I expect from Terraform. Maybe do you know if I am doing something wrong?

Here is my current terraform code for reference:

resource "auth0_resource_server" "iq_saas_admin_apis" {
  for_each = var.configuration.environments

  name                                            = each.value.api.name
  identifier                                      = each.value.api.identifier
  signing_alg                                     = "RS256"
  token_lifetime                                  = 86400
  token_lifetime_for_web                          = 7200
  enforce_policies                                = true
  skip_consent_for_verifiable_first_party_clients = true
  allow_offline_access                            = false
  token_dialect                                   = "access_token"
}

resource "auth0_resource_server_scopes" "iq_saas_admin_api_scopes" {
  for_each = var.configuration.environments

  resource_server_identifier = auth0_resource_server.iq_saas_admin_apis[each.key].identifier

  scopes {
    name        = "create:tenants"
    description = "Permission to create IQ SaaS tenants"
  }

  scopes {
    name        = "update:tenants"
    description = "Permission to update IQ SaaS tenants"
  }

  scopes {
    name        = "read:tenants"
    description = "Permission to read IQ SaaS tenants"
  }

  scopes {
    name        = "delete:tenants"
    description = "Permission to delete IQ SaaS tenants"
  }

  scopes {
    name        = "create:support-zip"
    description = "Permission to generate support zip files"
  }
}

resource "auth0_role" "iq_saas_admin_support" {
  description = "Support access for the IQ SaaS Admin App"
  name        = "IQ SaaS Admin App - Support"
}

resource "auth0_role_permissions" "iq_saas_admin_support" {
  for_each = var.configuration.environments

  role_id = auth0_role.iq_saas_admin_support.id

  permissions {
    name                       = "create:support-zip"
    resource_server_identifier = auth0_resource_server.iq_saas_admin_apis[each.key].identifier
  }
  permissions {
    name                       = "read:tenants"
    resource_server_identifier = auth0_resource_server.iq_saas_admin_apis[each.key].identifier
  }

  depends_on = [
    auth0_resource_server_scopes.iq_saas_admin_api_scopes
  ]
}

So, I reported the issue on GitHub to the Terraform provider developers and I got a response. Basically, I am not properly using the auth0_role_permissions resource.

Here is the link with the explanation and a solution for the problem, I hope this can help others: