Granting API Access to Applications with Terraform

Problem statement

How does one grant API access to applications with Terraform?

Solution

This can be done using the auth0_client_grant resource.

Here’s an example:

# The following example grants a client the "create:foo" and "create:bar" permissions (scopes).

resource "auth0_client" "my_client" {
  name = "Example Application - Client Grant (Managed by Terraform)"
}

resource "auth0_resource_server" "my_resource_server" {
  name       = "Example Resource Server - Client Grant (Managed by Terraform)"
  identifier = "https://api.example.com/client-grant""

  scopes {
    value       = "create:foo"
    description = "Create foos"
  }

  scopes {
    value       = "create:bar"
    description = "Create bars"
  }
}

resource "auth0_client_grant" "my_client_grant" {
  client_id = auth0_client.my_client.id
  audience  = auth0_resource_server.my_resource_server.identifier
  scopes    = ["create:foo", "create:bar"]
}

As shown above, the auth0_client_grant definition includes the client_id of the application, the API’s audience, and the scopes that should be granted to the application.