Problem statement
How does one grant API access to applications with Terraform?
Solution
This can be done using the auth0_client_grant resource.
Here’s an example:
# The following example grants a client the "create:foo" and "create:bar" permissions (scopes).
resource "auth0_client" "my_client" {
name = "Example Application - Client Grant (Managed by Terraform)"
}
resource "auth0_resource_server" "my_resource_server" {
name = "Example Resource Server - Client Grant (Managed by Terraform)"
identifier = "https://api.example.com/client-grant""
scopes {
value = "create:foo"
description = "Create foos"
}
scopes {
value = "create:bar"
description = "Create bars"
}
}
resource "auth0_client_grant" "my_client_grant" {
client_id = auth0_client.my_client.id
audience = auth0_resource_server.my_resource_server.identifier
scopes = ["create:foo", "create:bar"]
}
As shown above, the auth0_client_grant
definition includes the client_id
of the application, the API’s audience
, and the scopes
that should be granted to the application.