Managing Refresh Token Behavior via Terraform

mark18 · July 24, 2020, 3:29pm

Hey folks, I’m new to Auth0 and this community, so apologies if this is in the wrong spot.

I’m trying to set up an Auth0 application via Terraform, and would like to manage the “Refresh Token Behavior”. Specifically, I’d like to set it to rotating since our application is a SPA. However, it doesn’t look like the Terraform provider allows this: Terraform Registry

Am I missing something in the terraform docs, or is this not possible right now?

Thanks for the help! I love the integration with Terraform.

dan.woda · July 27, 2020, 7:44pm

Hi @mark18,

Welcome to the Community!

It is a somewhat new feature, but I would guess this is just creating a JSON object to send to the auth0 management API.

You could try setting it like this:

"refresh_token": {
        "leeway": 0,
        "token_lifetime": 2592000,
        "rotation_type": "rotating",
        "expiration_type": "expiring"
    }

Please confirm if this works for you.

mark18 · July 27, 2020, 8:26pm

Hi @dan.woda

Thanks for the response!

I don’t think I’m able to include that in the terraform file. I tried two configurations based on this:

resource "auth0_client" "test-app" {
  ...
  refresh_token {
    rotation_type = "rotating"
  }
  ...
}

This threw Blocks of type "refresh_token" are not expected here.

I also tried

resource "auth0_client" "test-app" {
  ...
  jwt_configuration {
    lifetime_in_seconds = 36000
    rotation_type = "rotating"
    secret_encoded = true
    alg = "RS256"
  }
  ...
}

Which failed with: “An argument named “rotation_type” is not expected here.”

I tried the second one because in the Terraform specification it looks like you can specify the token lifetime via the lifetime_in_seconds key in the jwt_configuration block. But doesn’t look like you can put the rotation_type in there too

dan.woda · July 28, 2020, 9:07pm

This might be best handled by creating an issue in the terraform repo.

mark18 · July 28, 2020, 9:29pm

I think it probably has to do more with the Terraform Provider for Auth0 instead of Terraform itself. But did some searching and found this issue: Ability to set 'refresh_token' properties on a client · Issue #251 · alexkappa/terraform-provider-auth0 · GitHub. So it looks like it’s just not supported yet!

dan.woda · July 29, 2020, 7:15pm

Oh nice, thanks for posting that. Looks like you’re not the first!

dan.woda · August 12, 2020, 11:15pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.