Namespace Pulumi.Auth0
Classes
Client
With this resource, you can set up applications that use Auth0 for authentication and configure allowed callback URLs and secrets for these applications. Depending on your plan, you may also configure add-ons to allow your application to call another application's API (such as Firebase and AWS) on behalf of an authenticated user.
Example Usage
using Pulumi;
using Auth0 = Pulumi.Auth0;
class MyStack : Stack
{
public MyStack()
{
var myClient = new Auth0.Client("myClient", new Auth0.ClientArgs
{
Addons = new Auth0.Inputs.ClientAddonsArgs
{
Firebase =
{
{ "client_email", "john.doe@example.com" },
{ "lifetime_in_seconds", 1 },
{ "private_key", "wer" },
{ "private_key_id", "qwreerwerwe" },
},
Samlp = new Auth0.Inputs.ClientAddonsSamlpArgs
{
Audience = "https://example.com/saml",
CreateUpnClaim = false,
MapIdentities = false,
MapUnknownClaimsAsIs = false,
Mappings =
{
{ "email", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" },
{ "name", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" },
},
NameIdentifierFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
NameIdentifierProbes =
{
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
},
PassthroughClaimsWithNoMapping = false,
},
},
AllowedLogoutUrls =
{
"https://example.com",
},
AllowedOrigins =
{
"https://example.com",
},
AppType = "non_interactive",
Callbacks =
{
"https://example.com/callback",
},
ClientMetadata =
{
{ "foo", "zoo" },
},
CustomLoginPageOn = true,
Description = "Test Applications Long Description",
GrantTypes =
{
"authorization_code",
"http://auth0.com/oauth/grant-type/password-realm",
"implicit",
"password",
"refresh_token",
},
IsFirstParty = true,
IsTokenEndpointIpHeaderTrusted = true,
JwtConfiguration = new Auth0.Inputs.ClientJwtConfigurationArgs
{
Alg = "RS256",
LifetimeInSeconds = 300,
Scopes =
{
{ "foo", "bar" },
},
SecretEncoded = true,
},
Mobile = new Auth0.Inputs.ClientMobileArgs
{
Ios = new Auth0.Inputs.ClientMobileIosArgs
{
AppBundleIdentifier = "com.my.bundle.id",
TeamId = "9JA89QQLNQ",
},
},
OidcConformant = false,
TokenEndpointAuthMethod = "client_secret_post",
WebOrigins =
{
"https://example.com",
},
});
}
}
ClientArgs
ClientGrant
Auth0 uses various grant types, or methods by which you grant limited access to your resources to another entity without exposing credentials. The OAuth 2.0 protocol supports several types of grants, which allow different types of access. This resource allows you to create and manage client grants used with configured Auth0 clients.
Example Usage
using Pulumi;
using Auth0 = Pulumi.Auth0;
class MyStack : Stack
{
public MyStack()
{
var myClient = new Auth0.Client("myClient", new Auth0.ClientArgs
{
});
var myResourceServer = new Auth0.ResourceServer("myResourceServer", new Auth0.ResourceServerArgs
{
Identifier = "https://api.example.com/client-grant",
Scopes =
{
new Auth0.Inputs.ResourceServerScopeArgs
{
Description = "Create foos",
Value = "create:foo",
},
new Auth0.Inputs.ResourceServerScopeArgs
{
Description = "Create bars",
Value = "create:bar",
},
},
});
var myClientGrant = new Auth0.ClientGrant("myClientGrant", new Auth0.ClientGrantArgs
{
Audience = myResourceServer.Identifier,
ClientId = myClient.Id,
Scopes =
{
"create:foo",
},
});
}
}
ClientGrantArgs
ClientGrantState
ClientState
Config
Connection
With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers (such as Google or LinkedIn), databases, or passwordless authentication methods. This resource allows you to configure and manage connections to be used with your clients and users.
Example Usage
using Pulumi;
using Auth0 = Pulumi.Auth0;
class MyStack : Stack
{
public MyStack()
{
var myConnection = new Auth0.Connection("myConnection", new Auth0.ConnectionArgs
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
BruteForceProtection = "true",
Configuration =
{
{ "bar", "baz" },
{ "foo", "bar" },
},
CustomScripts =
{
{ "getUser", @"function getByEmail (email, callback) {
return callback(new Error(""Whoops!""))
}
" },
},
EnabledDatabaseCustomization = "true",
PasswordHistory =
{
{
{ "enable", true },
{ "size", 3 },
},
},
PasswordPolicy = "excellent",
},
Strategy = "auth0",
});
var myWaadConnection = new Auth0.Connection("myWaadConnection", new Auth0.ConnectionArgs
{
Options = new Auth0.Inputs.ConnectionOptionsArgs
{
ApiEnableUsers = true,
AppDomain = "my-auth0-app.eu.auth0.com",
BasicProfile = true,
ClientId = "1234",
ClientSecret = "1234",
DomainAliases =
{
"example.io",
},
ExtGroups = true,
ExtProfile = true,
TenantDomain = "exmaple.onmicrosoft.com",
UseWsfed = false,
WaadCommonEndpoint = false,
WaadProtocol = "openid-connect",
},
Strategy = "waad",
});
}
}
ConnectionArgs
ConnectionState
CustomDomain
With Auth0, you can use a custom domain to maintain a consistent user experience. This resource allows you to create and manage a custom domain within your Auth0 tenant.
Example Usage
using Pulumi;
using Auth0 = Pulumi.Auth0;
class MyStack : Stack
{
public MyStack()
{
var myCustomDomain = new Auth0.CustomDomain("myCustomDomain", new Auth0.CustomDomainArgs
{
Domain = "auth.example.com",
Type = "auth0_managed_certs",
VerificationMethod = "txt",
});
}
}
CustomDomainArgs
CustomDomainState
With Auth0, you can have standard welcome, password reset, and account verification email-based workflows built right into Auth0. This resource allows you to configure email providers so you can route all emails that are part of Auth0's authentication workflows through the supported high-volume email service of your choice.
Example Usage
using Pulumi;
using Auth0 = Pulumi.Auth0;
class MyStack : Stack
{
public MyStack()
{
var myEmailProvider = new Auth0.Email("myEmailProvider", new Auth0.EmailArgs
{
Credentials = new Auth0.Inputs.EmailCredentialsArgs
{
AccessKeyId = "AKIAXXXXXXXXXXXXXXXX",
Region = "us-east-1",
SecretAccessKey = "7e8c2148xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
},
DefaultFromAddress = "accounts@example.com",
Enabled = true,
});
}
}
EmailArgs
EmailState
EmailTemplate
With Auth0, you can have standard welcome, password reset, and account verification email-based workflows built right into Auth0. This resource allows you to configure email templates to customize the look, feel, and sender identities of emails sent by Auth0. Used in conjunction with configured email providers.
Example Usage
using Pulumi;
using Auth0 = Pulumi.Auth0;
class MyStack : Stack
{
public MyStack()
{
var myEmailProvider = new Auth0.Email("myEmailProvider", new Auth0.EmailArgs
{
Enabled = true,
DefaultFromAddress = "accounts@example.com",
Credentials = new Auth0.Inputs.EmailCredentialsArgs
{
AccessKeyId = "AKIAXXXXXXXXXXXXXXXX",
SecretAccessKey = "7e8c2148xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
Region = "us-east-1",
},
});
var myEmailTemplate = new Auth0.EmailTemplate("myEmailTemplate", new Auth0.EmailTemplateArgs
{
Template = "welcome_email",
Body = "<html><body><h1>Welcome!</h1></body></html>",
From = "welcome@example.com",
ResultUrl = "https://example.com/welcome",
Subject = "Welcome",
Syntax = "liquid",
UrlLifetimeInSeconds = 3600,
Enabled = true,
});
}
}
EmailTemplateArgs
EmailTemplateState
GlobalClient
GlobalClientArgs
GlobalClientState
Hook
Hooks are secure, self-contained functions that allow you to customize the behavior of Auth0 when executed for selected extensibility points of the Auth0 platform. Auth0 invokes Hooks during runtime to execute your custom Node.js code.
Depending on the extensibility point, you can use Hooks with Database Connections and/or Passwordless Connections.
Example Usage
using Pulumi;
using Auth0 = Pulumi.Auth0;
class MyStack : Stack
{
public MyStack()
{
var myHook = new Auth0.Hook("myHook", new Auth0.HookArgs
{
Enabled = true,
Script = @"function (user, context, callback) {
callback(null, { user });
}
",
TriggerId = "pre-user-registration",
});
}
}
HookArgs
HookState
Prompt
With this resource, you can manage your Auth0 prompts, including choosing the login experience version.
Example Usage
using Pulumi;
using Auth0 = Pulumi.Auth0;
class MyStack : Stack
{
public MyStack()
{
var example = new Auth0.Prompt("example", new Auth0.PromptArgs
{
UniversalLoginExperience = "classic",
});
}
}
PromptArgs
PromptState
Provider
The provider type for the auth0 package. By default, resources use package-wide configuration
settings, however an explicit Provider instance may be created and passed during resource
construction to achieve fine-grained programmatic control over provider settings. See the
documentation for more information.
ProviderArgs
ResourceServer
With this resource, you can set up APIs that can be consumed from your authorized applications.
Example Usage
using Pulumi;
using Auth0 = Pulumi.Auth0;
class MyStack : Stack
{
public MyStack()
{
var myResourceServer = new Auth0.ResourceServer("myResourceServer", new Auth0.ResourceServerArgs
{
AllowOfflineAccess = true,
Identifier = "https://api.example.com",
Scopes =
{
new Auth0.Inputs.ResourceServerScopeArgs
{
Description = "Create foos",
Value = "create:foo",
},
new Auth0.Inputs.ResourceServerScopeArgs
{
Description = "Create bars",
Value = "create:bar",
},
},
SigningAlg = "RS256",
SkipConsentForVerifiableFirstPartyClients = true,
TokenLifetime = 8600,
});
}
}
ResourceServerArgs
ResourceServerState
Role
With this resource, you can created and manage collections of permissions that can be assigned to users, which are otherwise known as roles. Permissions (scopes) are created on auth0_resource_server, then associated with roles and optionally, users using this resource.
Example Usage
using Pulumi;
using Auth0 = Pulumi.Auth0;
class MyStack : Stack
{
public MyStack()
{
var myResourceServer = new Auth0.ResourceServer("myResourceServer", new Auth0.ResourceServerArgs
{
EnforcePolicies = true,
Identifier = "my-resource-server-identifier",
Scopes =
{
new Auth0.Inputs.ResourceServerScopeArgs
{
Description = "read something",
Value = "read:something",
},
},
SigningAlg = "RS256",
SkipConsentForVerifiableFirstPartyClients = true,
TokenLifetime = 86400,
});
var myRole = new Auth0.Role("myRole", new Auth0.RoleArgs
{
Description = "Role Description...",
Permissions =
{
new Auth0.Inputs.RolePermissionArgs
{
Name = "read:something",
ResourceServerIdentifier = myResourceServer.Identifier,
},
},
});
var myUser = new Auth0.User("myUser", new Auth0.UserArgs
{
ConnectionName = "Username-Password-Authentication",
Email = "test@test.com",
Nickname = "testnick",
Password = "passpass$$12$$12",
Roles =
{
myRole.Id,
},
UserId = "auth0|1234567890",
Username = "testnick",
});
}
}
RoleArgs
RoleState
Rule
With Auth0, you can create custom Javascript snippets that run in a secure, isolated sandbox as part of your authentication pipeline, which are otherwise known as rules. This resource allows you to create and manage rules. You can create global variable for use with rules by using the auth0..RuleConfig resource.
Example Usage
using Pulumi;
using Auth0 = Pulumi.Auth0;
class MyStack : Stack
{
public MyStack()
{
var myRule = new Auth0.Rule("myRule", new Auth0.RuleArgs
{
Enabled = true,
Script = @"function (user, context, callback) {
callback(null, user, context);
}
",
});
var myRuleConfig = new Auth0.RuleConfig("myRuleConfig", new Auth0.RuleConfigArgs
{
Key = "foo",
Value = "bar",
});
}
}
RuleArgs
RuleConfig
With Auth0, you can create custom Javascript snippets that run in a secure, isolated sandbox as part of your authentication pipeline, which are otherwise known as rules. This resource allows you to create and manage variables that are available to all rules via Auth0's global configuration object. Used in conjunction with configured rules.
Example Usage
using Pulumi;
using Auth0 = Pulumi.Auth0;
class MyStack : Stack
{
public MyStack()
{
var myRule = new Auth0.Rule("myRule", new Auth0.RuleArgs
{
Enabled = true,
Script = @"function (user, context, callback) {
callback(null, user, context);
}
",
});
var myRuleConfig = new Auth0.RuleConfig("myRuleConfig", new Auth0.RuleConfigArgs
{
Key = "foo",
Value = "bar",
});
}
}
RuleConfigArgs
RuleConfigState
RuleState
Tenant
With this resource, you can manage Auth0 tenants, including setting logos and support contact information, setting error pages, and configuring default tenant behaviors.
Example Usage
using System.IO;
using Pulumi;
using Auth0 = Pulumi.Auth0;
class MyStack : Stack
{
public MyStack()
{
var tenant = new Auth0.Tenant("tenant", new Auth0.TenantArgs
{
AllowedLogoutUrls =
{
"http://mysite/logout",
},
ChangePassword = new Auth0.Inputs.TenantChangePasswordArgs
{
Enabled = true,
Html = File.ReadAllText("./password_reset.html"),
},
DefaultAudience = "<client_id>",
DefaultDirectory = "Connection-Name",
ErrorPage = new Auth0.Inputs.TenantErrorPageArgs
{
Html = File.ReadAllText("./error.html"),
ShowLogLink = true,
Url = "http://mysite/errors",
},
FriendlyName = "Tenant Name",
GuardianMfaPage = new Auth0.Inputs.TenantGuardianMfaPageArgs
{
Enabled = true,
Html = File.ReadAllText("./guardian_multifactor.html"),
},
PictureUrl = "http://mysite/logo.png",
SandboxVersion = "8",
SessionLifetime = 46000,
SupportEmail = "support@mysite",
SupportUrl = "http://mysite/support",
});
}
}
TenantArgs
TenantState
User
With this resource, you can manage user identities, including resetting passwords, and creating, provisioning, blocking, and deleting users.
Example Usage
using Pulumi;
using Auth0 = Pulumi.Auth0;
class MyStack : Stack
{
public MyStack()
{
var admin = new Auth0.Role("admin", new Auth0.RoleArgs
{
Description = "Administrator",
});
var user = new Auth0.User("user", new Auth0.UserArgs
{
ConnectionName = "Username-Password-Authentication",
UserId = "12345",
Username = "unique_username",
GivenName = "Firstname",
FamilyName = "Lastname",
Nickname = "some.nickname",
Email = "test@test.com",
EmailVerified = true,
Password = "passpass$12$12",
Roles =
{
admin.Id,
},
});
}
}