Hello Dan,
Is there any movement on that feature? We’re looking to move to managing auth0 via terraform and being able to export config from auth0 into a terraform configuration would save a huge amount of time.
Stuart,
If you are still using the Auth0 terraform provider and are still in need of this feature I would ask that you raise it with your account manager. I would like to see Auth0 provide an official terraform provider that provides full feature parity with the Auth0 UI and is kept in sync as new features are developed. If you are a paying customer please raise this as a requirement with your account manager so that internal resources can be allocated and a commitment made
regards
Andrew
This question is based on the Auth0 blog - Use Terraform to Manage Your Auth0 Configuration
I’ve been playing with the sample secure_express app from the Terraform blog post linked above and it’s working great. I have extended it to use my idp for authentication (instead of just the local database) and that works great too.
Now I am trying to get idp-initiated login to work and that is failing. I believe the problem is that Auth0 does a POST to the /callback url after the idp initiates the login.
When the idp flow POSTs to the /callback url, I get this error:
If I place my cursor in the url field of the browser window and just press enter - this does an HTTP GET request to the callback url and the login is successful.
Is there a way I can change the IDP initiated flow (or the auth in general) so that it does a GET to the /callback url instead of a POST?
Hey there @robertino.calcaterra and @dan-auth0 can we get some eyes on this thread? Thanks!
2 Likes
Hi again - I’m wondering if I could get a response on this?
Hello chaps. How are we doing on this?
Hi @camepp. We are working on your question. We’ll be back here as soon as possible.
2 Likes
Hello, it’s been a week so I’m checking in. Can I assist with any samples or info?
Hi @camepp. Could you please provide your sample code with the customizations? I just to check with the team for more information about it.
for sure! Here is the terraform code that has added the samlp provider. It works great, but the IdP initiated flow fails because Auth0 is doing a ‘POST’ to http://localhost:8300/callback instead of a GET.
variable "auth0_domain" {}
variable "auth0_client_id" {}
variable "auth0_client_secret" {}
terraform {
required_providers {
docker = {
source = "kreuzwerker/docker"
version = "3.0.1"
}
auth0 = {
source = "auth0/auth0"
version = "0.44.1"
}
}
}
provider "auth0" {
domain = var.auth0_domain
client_id = var.auth0_client_id
client_secret = var.auth0_client_secret
}
provider "docker" {
# Configuration options
host = "unix:///Users/me/.docker/run/docker.sock"
}
resource "auth0_tenant" "dev_tenant" {
allowed_logout_urls = []
enabled_locales = [
"en",
]
sandbox_version = "16"
flags {
allow_legacy_delegation_grant_types = false
allow_legacy_ro_grant_types = false
allow_legacy_tokeninfo_endpoint = false
dashboard_insights_view = false
dashboard_log_streams_next = false
disable_clickjack_protection_headers = false
disable_fields_map_fix = false
disable_management_api_sms_obfuscation = false
enable_adfs_waad_email_verification = false
enable_apis_section = false
enable_client_connections = false
enable_custom_domain_in_emails = false
enable_dynamic_client_registration = false
enable_idtoken_api2 = false
enable_legacy_logs_search_v2 = false
enable_legacy_profile = false
enable_pipeline2 = false
enable_public_signup_user_exists_error = false
no_disclose_enterprise_connections = false
revoke_refresh_token_grant = false
use_scope_descriptions_for_consent = false
}
session_cookie {}
}
resource "auth0_client" "terraform-secure-express" {
name = "Terraform Secure Express"
description = "App for running Dockerized Express application via Terraform"
app_type = "regular_web"
is_first_party = true
callbacks = ["http://localhost:8300/callback"]
allowed_logout_urls = [
"http://localhost:8300/callback",
"http://localhost:8300/"
]
oidc_conformant = true
jwt_configuration {
alg = "RS256"
}
}
resource "auth0_connection" "terraform-express-user-db" {
name = "terraform-express-user-db"
strategy = "auth0"
options {
password_policy = "excellent"
brute_force_protection = true
disable_signup = true
password_history {
enable = true
size = 3
}
password_no_personal_info {
enable = true
}
}
}
resource "auth0_connection_client" "associate_terraform_client" {
connection_id = auth0_connection.terraform-express-user-db.id
client_id = var.auth0_client_id
}
resource "auth0_connection_client" "my_conn_client_assoc" {
connection_id = auth0_connection.terraform-express-user-db.id
client_id = auth0_client.terraform-secure-express.id
}
resource "auth0_connection_client" "samlp_client" {
connection_id = auth0_connection.samlp.id
client_id = auth0_client.terraform-secure-express.id
}
# SAML connection
resource "auth0_connection" "samlp" {
display_name = "foo-face"
is_domain_connection = false
metadata = {}
name = "foo-face"
realms = [
"foo-face",
]
show_as_button = false
strategy = "samlp"
options {
debug = true
digest_algorithm = "sha256"
disable_cache = false
disable_sign_out = true
disable_signup = false
domain_aliases = [
"my-domain.com",
]
set_user_root_attributes = "on_first_login"
sign_in_endpoint = "https://sso.jumpcloud.com/saml2/auth0_testing"
sign_saml_request = true
signature_algorithm = "rsa-sha256"
signing_cert = <<EOF
-----BEGIN CERTIFICATE-----
MIIFcDCCA1igAwIBAgIUFu/iJtW01d7pZlSRwueJpaXXo5gwDQYJKoZIhvcNAQEL
<cert stuff here>
adqX5IxGO/2C/AGwVe9qZivj4/xr/KJ+cDJyrwwPm/4LTi+ji8mx3CfxZZ7HPj4/
XGgpBQ==
-----END CERTIFICATE-----
EOF
idp_initiated {
client_id = "my application ID (in Auth0)"
client_protocol = "samlp"
}
}
}
resource "auth0_user" "terraform-express-admin-user" {
connection_name = auth0_connection.terraform-express-user-db.name
user_id = "adminface"
email = "admin@example.com"
email_verified = true
password = "passwords"
roles = [auth0_role.terraform-express-admin-role.id]
}
resource "auth0_user" "terraform-express-basic-user" {
connection_name = auth0_connection.terraform-express-user-db.name
user_id = "useyface"
email = "user@example.com"
email_verified = true
password = "passwords"
# roles = [auth0_role.terraform-express-basic-user-role.id]
}
resource "docker_image" "terraform-secure-express" {
name = "terraform-secure-express:1.0"
build {
context = "."
}
}
resource "docker_container" "terraform-secure-express" {
image = docker_image.terraform-secure-express.image_id
name = "terraform-secure-express"
ports {
internal = 8300
external = 8300
}
env = [
"AUTH0_CLIENT_ID=${auth0_client.terraform-secure-express.client_id}",
"AUTH0_CLIENT_SECRET=${auth0_client.terraform-secure-express.client_secret}",
"AUTH0_CLIENT_DOMAIN=${var.auth0_domain}",
"AUTH0_API_IDENTIFIER=${var.terraform-express-api-identifier}"
]
}
1 Like
1 Like
if you ever encouter a this problem :
on main.tf line 46, in resource “docker_container” “terraform-secure-express”:
│ 46: image = docker_image.terraform-secure-express.latest
│
│ This object has no argument, nested block, or exported attribute named “latest”.
simply replace the ```
image = docker_image.terraform-secure-express.latest
to ```
image = docker_image.terraform-secure-express.image_id
in the container resource
Hi @robertino.calcaterra - have you had a chance to follow up with the team?
Hi, I can’t seem to find any docs on how to add “Application Metadata” to an Auth0 Application via a Terraform script. Is it possible ?
Hi @david.isackson, how are you?
Have you tried to use the client_metadata property in the client object? You can find more information in the Terraform docs: Terraform Registry
Please let me know if this helps,
Juan
1 Like
Thank you. That looks like what I need.
Hey there everyone! 
I thought I’m gonna chime in again with something that might be of your interest! We’re hosting an Ask Me Anything Session in our Forum regarding Auth0 Terraform Provider.
It’s gonna be on Thursday, September 28, 2023. Check out more info about it here!
Getting this error while running terraform init
terraform init
Initializing the backend...
Initializing modules...
Initializing provider plugins...
- Reusing previous version of auth0/auth0 from the dependency lock file
- Using previously-installed auth0/auth0 v1.4.0
╷
│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider hashicorp/auth0: provider registry registry.terraform.io does not have a provider
│ named registry.terraform.io/hashicorp/auth0
│
│ Did you intend to use auth0/auth0? If so, you must specify that source address in each module which requires that provider. To see which modules
│ are currently depending on hashicorp/auth0, run the following command:
│ terraform providers
It’s working when I put the same provider configuration under modules/provider.tf
but putting in root modules causing this issue please help
auth0 = {
source = “auth0/auth0”
version = “1.4.0”
}