I have developed a custom action which I would like to deploy to more than one tenant. So far, the only way I’ve found to do this is to cut and paste the code of the action and create a new custom action for each tenant with the same code, but that’s obviously not a very maintainable solution; if I need to change the action code, I have to go through the various tenants and make sure to apply the same change to all of them. Is there a more efficient way to do this?
As an aside for the moderators: there seems to be something wrong with the tagging for this new topic. I see there are existing topics with “actions” and “tenants” tags (which seem most appropriate for this question) but when I type those into the “select at least 2 tags…” box, it says “No matches found”. I guessed that maybe “extensibility” would be the closest thing on the list that is available to me… and then after that the option to choose “actions-extensibility” appeared, which wasn’t available before! This is all pretty confusing and unintuitive for a first-time poster!
Unfortunately, Actions are currently not able to be shared between tenants - I did a quick search in our Feedback section and don’t see a similar request, so I definitely recommend creating one as it’s an interesting use case I image other users would be interested in as well.
We’re always looking to improve the community experience so thanks for the feedback
One option to rid yourself of cutting and pasting is to use the Auth0 Terraform Provider to create your Auth0 configuration from a script, or in our case a Gitlab Pipeline.
The Terraform Provider has an auth0_action resource, which would allow you to deploy your action into the tenants.
The trick is to create a machine to machine application in both tenants and call it Terraform Client. Then link the Application to the Auth0 Management API. (Behind the scenes the Terraform Auth0 Provider is calling the Auth0 Management API to create the Auth0 resources). In your terraform resource file, you use the client_id and client_secret of the Machine to Machine Terraform Client you’ve created to link Auth0 to the Terraform Provider.
provider “auth0” {
domain = “”
client_id = “<client_id of the M2M application>”
client_secret = “<client_secret of the M2M application>”
debug = true
}
If you’re only going to create less than 500 resource per month, Terraform is free. You can download the executable from the HashiCorp site
Terraform (Infrastructure as code) and the Terraform Auth0 Provider may help you out.
Thanks @richard.sanigar, that’s a helpful tip for me as we are actually in the process of migrating some other infrastructure setup to Terraform but it hadn’t occurred to me that it could help with this. I will add it to our list.
I forgot to mention you can put your code in a separate file and include it using either file or templatefile, to prevent cutting and pasting.
resource "auth0_action" "add_custom_claims_to_access_token" {
name = "add-custom-claims-to-access-token${var.service_name_postfix}"
runtime = "node16"
deploy = true
code = file("files/script/login-flow-action-script.js")
supported_triggers {
id = "post-login"
version = "v3"
}
}
resource "auth0_action" "add_custom_claims_to_m2m_token" {
name = "add-custom-claims-to-m2m-token${var.service_name_postfix}"
runtime = "node16"
deploy = true
code = file("files/script/m2m-flow-action-script.js")
supported_triggers {
id = "credentials-exchange"
version = "v2"
}
}
If you have subtle differences between tenants, then use the terraform template function. Terraform will parse the template file first, substituting any changes e.g.
So if you had something like this in your action script template file:
if (event.client.name === ${app_name}) {
....
}
Terraform will replace the ${app_name} with the value of the var.tenant_app_name, and then assign the whole contents of the file to the code variable of the resource.
