Managing Refresh Token Behavior via Terraform

Hey folks, I’m new to Auth0 and this community, so apologies if this is in the wrong spot.

I’m trying to set up an Auth0 application via Terraform, and would like to manage the “Refresh Token Behavior”. Specifically, I’d like to set it to rotating since our application is a SPA. However, it doesn’t look like the Terraform provider allows this: https://www.terraform.io/docs/providers/auth0/r/client.html

Am I missing something in the terraform docs, or is this not possible right now?

Thanks for the help! I love the integration with Terraform.

Hi @mark18,

Welcome to the Community!

It is a somewhat new feature, but I would guess this is just creating a JSON object to send to the auth0 management API.

You could try setting it like this:

"refresh_token": {
        "leeway": 0,
        "token_lifetime": 2592000,
        "rotation_type": "rotating",
        "expiration_type": "expiring"
    }

Please confirm if this works for you.

Hi @dan.woda

Thanks for the response!

I don’t think I’m able to include that in the terraform file. I tried two configurations based on this:

resource "auth0_client" "test-app" {
  ...
  refresh_token {
    rotation_type = "rotating"
  }
  ...
}

This threw Blocks of type "refresh_token" are not expected here.

I also tried

resource "auth0_client" "test-app" {
  ...
  jwt_configuration {
    lifetime_in_seconds = 36000
    rotation_type = "rotating"
    secret_encoded = true
    alg = "RS256"
  }
  ...
}

Which failed with: “An argument named “rotation_type” is not expected here.”

I tried the second one because in the Terraform specification it looks like you can specify the token lifetime via the lifetime_in_seconds key in the jwt_configuration block. But doesn’t look like you can put the rotation_type in there too :frowning:

This might be best handled by creating an issue in the terraform repo.

1 Like

I think it probably has to do more with the Terraform Provider for Auth0 instead of Terraform itself. But did some searching and found this issue: https://github.com/alexkappa/terraform-provider-auth0/issues/251. So it looks like it’s just not supported yet!

1 Like

Oh nice, thanks for posting that. Looks like you’re not the first!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.