Thanks for sharing all that James with the rest of community!
Hi,
I just noticed your reply @jamesmehorter1 about importing existing resources. How about other resources like the email provider or email templates? Any idea how to retrieve these idās?
I tried importing an email provider by name which failed, but Iām not able to retrieve the id by the Auth0 API.
Hello Dan,
Is there any movement on that feature? Weāre looking to move to managing auth0 via terraform and being able to export config from auth0 into a terraform configuration would save a huge amount of time.
Stuart,
If you are still using the Auth0 terraform provider and are still in need of this feature I would ask that you raise it with your account manager. I would like to see Auth0 provide an official terraform provider that provides full feature parity with the Auth0 UI and is kept in sync as new features are developed. If you are a paying customer please raise this as a requirement with your account manager so that internal resources can be allocated and a commitment made
regards
Andrew
This question is based on the Auth0 blog - Use Terraform to Manage Your Auth0 Configuration
Iāve been playing with the sample secure_express app from the Terraform blog post linked above and itās working great. I have extended it to use my idp for authentication (instead of just the local database) and that works great too.
Now I am trying to get idp-initiated login to work and that is failing. I believe the problem is that Auth0 does a POST to the /callback
url after the idp initiates the login.
When the idp flow POSTs to the /callback
url, I get this error:
If I place my cursor in the url field of the browser window and just press enter
- this does an HTTP GET request to the callback url and the login is successful.
Is there a way I can change the IDP initiated flow (or the auth in general) so that it does a GET to the /callback
url instead of a POST?
Hi again - Iām wondering if I could get a response on this?
Hello chaps. How are we doing on this?
Hello, itās been a week so Iām checking in. Can I assist with any samples or info?
Hi @camepp. Could you please provide your sample code with the customizations? I just to check with the team for more information about it.
for sure! Here is the terraform code that has added the samlp provider. It works great, but the IdP initiated flow fails because Auth0 is doing a āPOSTā to http://localhost:8300/callback
instead of a GET.
variable "auth0_domain" {}
variable "auth0_client_id" {}
variable "auth0_client_secret" {}
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "3.0.1"
}
auth0 = {
source = "auth0/auth0"
version = "0.44.1"
}
}
}
provider "auth0" {
domain = var.auth0_domain
client_id = var.auth0_client_id
client_secret = var.auth0_client_secret
}
provider "docker" {
# Configuration options
host = "unix:///Users/me/.docker/run/docker.sock"
}
resource "auth0_tenant" "dev_tenant" {
allowed_logout_urls = []
enabled_locales = [
"en",
]
sandbox_version = "16"
flags {
allow_legacy_delegation_grant_types = false
allow_legacy_ro_grant_types = false
allow_legacy_tokeninfo_endpoint = false
dashboard_insights_view = false
dashboard_log_streams_next = false
disable_clickjack_protection_headers = false
disable_fields_map_fix = false
disable_management_api_sms_obfuscation = false
enable_adfs_waad_email_verification = false
enable_apis_section = false
enable_client_connections = false
enable_custom_domain_in_emails = false
enable_dynamic_client_registration = false
enable_idtoken_api2 = false
enable_legacy_logs_search_v2 = false
enable_legacy_profile = false
enable_pipeline2 = false
enable_public_signup_user_exists_error = false
no_disclose_enterprise_connections = false
revoke_refresh_token_grant = false
use_scope_descriptions_for_consent = false
}
session_cookie {}
}
resource "auth0_client" "terraform-secure-express" {
name = "Terraform Secure Express"
description = "App for running Dockerized Express application via Terraform"
app_type = "regular_web"
is_first_party = true
callbacks = ["http://localhost:8300/callback"]
allowed_logout_urls = [
"http://localhost:8300/callback",
"http://localhost:8300/"
]
oidc_conformant = true
jwt_configuration {
alg = "RS256"
}
}
resource "auth0_connection" "terraform-express-user-db" {
name = "terraform-express-user-db"
strategy = "auth0"
options {
password_policy = "excellent"
brute_force_protection = true
disable_signup = true
password_history {
enable = true
size = 3
}
password_no_personal_info {
enable = true
}
}
}
resource "auth0_connection_client" "associate_terraform_client" {
connection_id = auth0_connection.terraform-express-user-db.id
client_id = var.auth0_client_id
}
resource "auth0_connection_client" "my_conn_client_assoc" {
connection_id = auth0_connection.terraform-express-user-db.id
client_id = auth0_client.terraform-secure-express.id
}
resource "auth0_connection_client" "samlp_client" {
connection_id = auth0_connection.samlp.id
client_id = auth0_client.terraform-secure-express.id
}
# SAML connection
resource "auth0_connection" "samlp" {
display_name = "foo-face"
is_domain_connection = false
metadata = {}
name = "foo-face"
realms = [
"foo-face",
]
show_as_button = false
strategy = "samlp"
options {
debug = true
digest_algorithm = "sha256"
disable_cache = false
disable_sign_out = true
disable_signup = false
domain_aliases = [
"my-domain.com",
]
set_user_root_attributes = "on_first_login"
sign_in_endpoint = "https://sso.jumpcloud.com/saml2/auth0_testing"
sign_saml_request = true
signature_algorithm = "rsa-sha256"
signing_cert = <<EOF
-----BEGIN CERTIFICATE-----
MIIFcDCCA1igAwIBAgIUFu/iJtW01d7pZlSRwueJpaXXo5gwDQYJKoZIhvcNAQEL
<cert stuff here>
adqX5IxGO/2C/AGwVe9qZivj4/xr/KJ+cDJyrwwPm/4LTi+ji8mx3CfxZZ7HPj4/
XGgpBQ==
-----END CERTIFICATE-----
EOF
idp_initiated {
client_id = "my application ID (in Auth0)"
client_protocol = "samlp"
}
}
}
resource "auth0_user" "terraform-express-admin-user" {
connection_name = auth0_connection.terraform-express-user-db.name
user_id = "adminface"
email = "admin@example.com"
email_verified = true
password = "passwords"
roles = [auth0_role.terraform-express-admin-role.id]
}
resource "auth0_user" "terraform-express-basic-user" {
connection_name = auth0_connection.terraform-express-user-db.name
user_id = "useyface"
email = "user@example.com"
email_verified = true
password = "passwords"
# roles = [auth0_role.terraform-express-basic-user-role.id]
}
resource "docker_image" "terraform-secure-express" {
name = "terraform-secure-express:1.0"
build {
context = "."
}
}
resource "docker_container" "terraform-secure-express" {
image = docker_image.terraform-secure-express.image_id
name = "terraform-secure-express"
ports {
internal = 8300
external = 8300
}
env = [
"AUTH0_CLIENT_ID=${auth0_client.terraform-secure-express.client_id}",
"AUTH0_CLIENT_SECRET=${auth0_client.terraform-secure-express.client_secret}",
"AUTH0_CLIENT_DOMAIN=${var.auth0_domain}",
"AUTH0_API_IDENTIFIER=${var.terraform-express-api-identifier}"
]
}
if you ever encouter a this problem :
on main.tf line 46, in resource ādocker_containerā āterraform-secure-expressā:
ā 46: image = docker_image.terraform-secure-express.latest
ā
ā This object has no argument, nested block, or exported attribute named ālatestā.
simply replace the ```
image = docker_image.terraform-secure-express.latest
to ```
image = docker_image.terraform-secure-express.image_id
in the container resource
Hi, I canāt seem to find any docs on how to add āApplication Metadataā to an Auth0 Application via a Terraform script. Is it possible ?
Hi @david.isackson, how are you?
Have you tried to use the client_metadata
property in the client
object? You can find more information in the Terraform docs: Terraform Registry
Please let me know if this helps,
Juan
Thank you. That looks like what I need.
Hey there everyone!
I thought Iām gonna chime in again with something that might be of your interest! Weāre hosting an Ask Me Anything Session in our Forum regarding Auth0 Terraform Provider.
Itās gonna be on Thursday, September 28, 2023. Check out more info about it here!