Auth0 v3.8.3 published on Wednesday, Nov 6, 2024 by Pulumi
auth0.getConnection
Explore with Pulumi AI
Data source to retrieve a specific Auth0 connection by connection_id
or name
.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";
// An Auth0 Connection loaded using its name.
const some-connection-by-name = auth0.getConnection({
name: "Acceptance-Test-Connection-{{.testName}}",
});
// An Auth0 Connection loaded using its ID.
const some-connection-by-id = auth0.getConnection({
connectionId: "con_abcdefghkijklmnopqrstuvwxyz0123456789",
});
import pulumi
import pulumi_auth0 as auth0
# An Auth0 Connection loaded using its name.
some_connection_by_name = auth0.get_connection(name="Acceptance-Test-Connection-{{.testName}}")
# An Auth0 Connection loaded using its ID.
some_connection_by_id = auth0.get_connection(connection_id="con_abcdefghkijklmnopqrstuvwxyz0123456789")
package main
import (
"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// An Auth0 Connection loaded using its name.
_, err := auth0.LookupConnection(ctx, &auth0.LookupConnectionArgs{
Name: pulumi.StringRef("Acceptance-Test-Connection-{{.testName}}"),
}, nil)
if err != nil {
return err
}
// An Auth0 Connection loaded using its ID.
_, err = auth0.LookupConnection(ctx, &auth0.LookupConnectionArgs{
ConnectionId: pulumi.StringRef("con_abcdefghkijklmnopqrstuvwxyz0123456789"),
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;
return await Deployment.RunAsync(() =>
{
// An Auth0 Connection loaded using its name.
var some_connection_by_name = Auth0.GetConnection.Invoke(new()
{
Name = "Acceptance-Test-Connection-{{.testName}}",
});
// An Auth0 Connection loaded using its ID.
var some_connection_by_id = Auth0.GetConnection.Invoke(new()
{
ConnectionId = "con_abcdefghkijklmnopqrstuvwxyz0123456789",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Auth0Functions;
import com.pulumi.auth0.inputs.GetConnectionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// An Auth0 Connection loaded using its name.
final var some-connection-by-name = Auth0Functions.getConnection(GetConnectionArgs.builder()
.name("Acceptance-Test-Connection-{{.testName}}")
.build());
// An Auth0 Connection loaded using its ID.
final var some-connection-by-id = Auth0Functions.getConnection(GetConnectionArgs.builder()
.connectionId("con_abcdefghkijklmnopqrstuvwxyz0123456789")
.build());
}
}
variables:
# An Auth0 Connection loaded using its name.
some-connection-by-name:
fn::invoke:
Function: auth0:getConnection
Arguments:
name: Acceptance-Test-Connection-{{.testName}}
# An Auth0 Connection loaded using its ID.
some-connection-by-id:
fn::invoke:
Function: auth0:getConnection
Arguments:
connectionId: con_abcdefghkijklmnopqrstuvwxyz0123456789
Using getConnection
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getConnection(args: GetConnectionArgs, opts?: InvokeOptions): Promise<GetConnectionResult>
function getConnectionOutput(args: GetConnectionOutputArgs, opts?: InvokeOptions): Output<GetConnectionResult>
def get_connection(connection_id: Optional[str] = None,
name: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetConnectionResult
def get_connection_output(connection_id: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetConnectionResult]
func LookupConnection(ctx *Context, args *LookupConnectionArgs, opts ...InvokeOption) (*LookupConnectionResult, error)
func LookupConnectionOutput(ctx *Context, args *LookupConnectionOutputArgs, opts ...InvokeOption) LookupConnectionResultOutput
> Note: This function is named LookupConnection
in the Go SDK.
public static class GetConnection
{
public static Task<GetConnectionResult> InvokeAsync(GetConnectionArgs args, InvokeOptions? opts = null)
public static Output<GetConnectionResult> Invoke(GetConnectionInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetConnectionResult> getConnection(GetConnectionArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: auth0:index/getConnection:getConnection
arguments:
# arguments dictionary
The following arguments are supported:
- Connection
Id string - The ID of the connection. If not provided,
name
must be set. - Name string
- The name of the connection. If not provided,
connection_id
must be set.
- Connection
Id string - The ID of the connection. If not provided,
name
must be set. - Name string
- The name of the connection. If not provided,
connection_id
must be set.
- connection
Id String - The ID of the connection. If not provided,
name
must be set. - name String
- The name of the connection. If not provided,
connection_id
must be set.
- connection
Id string - The ID of the connection. If not provided,
name
must be set. - name string
- The name of the connection. If not provided,
connection_id
must be set.
- connection_
id str - The ID of the connection. If not provided,
name
must be set. - name str
- The name of the connection. If not provided,
connection_id
must be set.
- connection
Id String - The ID of the connection. If not provided,
name
must be set. - name String
- The name of the connection. If not provided,
connection_id
must be set.
getConnection Result
The following output properties are available:
- Display
Name string - Name used in login screen.
- Enabled
Clients List<string> - IDs of the clients for which the connection is enabled.
- Id string
- The provider-assigned unique ID for this managed resource.
- Is
Domain boolConnection - Indicates whether the connection is domain level.
- Metadata Dictionary<string, string>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Options
List<Get
Connection Option> - Configuration settings for connection options.
- Realms List<string>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- Strategy string
- Type of the connection, which indicates the identity provider.
- Connection
Id string - The ID of the connection. If not provided,
name
must be set. - Name string
- The name of the connection. If not provided,
connection_id
must be set.
- Display
Name string - Name used in login screen.
- Enabled
Clients []string - IDs of the clients for which the connection is enabled.
- Id string
- The provider-assigned unique ID for this managed resource.
- Is
Domain boolConnection - Indicates whether the connection is domain level.
- Metadata map[string]string
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- Options
[]Get
Connection Option - Configuration settings for connection options.
- Realms []string
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- Strategy string
- Type of the connection, which indicates the identity provider.
- Connection
Id string - The ID of the connection. If not provided,
name
must be set. - Name string
- The name of the connection. If not provided,
connection_id
must be set.
- display
Name String - Name used in login screen.
- enabled
Clients List<String> - IDs of the clients for which the connection is enabled.
- id String
- The provider-assigned unique ID for this managed resource.
- is
Domain BooleanConnection - Indicates whether the connection is domain level.
- metadata Map<String,String>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- options
List<Get
Connection Option> - Configuration settings for connection options.
- realms List<String>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
- Display connection as a button. Only available on enterprise connections.
- strategy String
- Type of the connection, which indicates the identity provider.
- connection
Id String - The ID of the connection. If not provided,
name
must be set. - name String
- The name of the connection. If not provided,
connection_id
must be set.
- display
Name string - Name used in login screen.
- enabled
Clients string[] - IDs of the clients for which the connection is enabled.
- id string
- The provider-assigned unique ID for this managed resource.
- is
Domain booleanConnection - Indicates whether the connection is domain level.
- metadata {[key: string]: string}
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- options
Get
Connection Option[] - Configuration settings for connection options.
- realms string[]
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- boolean
- Display connection as a button. Only available on enterprise connections.
- strategy string
- Type of the connection, which indicates the identity provider.
- connection
Id string - The ID of the connection. If not provided,
name
must be set. - name string
- The name of the connection. If not provided,
connection_id
must be set.
- display_
name str - Name used in login screen.
- enabled_
clients Sequence[str] - IDs of the clients for which the connection is enabled.
- id str
- The provider-assigned unique ID for this managed resource.
- is_
domain_ boolconnection - Indicates whether the connection is domain level.
- metadata Mapping[str, str]
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- options
Sequence[Get
Connection Option] - Configuration settings for connection options.
- realms Sequence[str]
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- bool
- Display connection as a button. Only available on enterprise connections.
- strategy str
- Type of the connection, which indicates the identity provider.
- connection_
id str - The ID of the connection. If not provided,
name
must be set. - name str
- The name of the connection. If not provided,
connection_id
must be set.
- display
Name String - Name used in login screen.
- enabled
Clients List<String> - IDs of the clients for which the connection is enabled.
- id String
- The provider-assigned unique ID for this managed resource.
- is
Domain BooleanConnection - Indicates whether the connection is domain level.
- metadata Map<String>
- Metadata associated with the connection, in the form of a map of string values (max 255 chars).
- options List<Property Map>
- Configuration settings for connection options.
- realms List<String>
- Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
- Boolean
- Display connection as a button. Only available on enterprise connections.
- strategy String
- Type of the connection, which indicates the identity provider.
- connection
Id String - The ID of the connection. If not provided,
name
must be set. - name String
- The name of the connection. If not provided,
connection_id
must be set.
Supporting Types
GetConnectionOption
- Adfs
Server string - ADFS URL where to fetch the metadata source.
- Allowed
Audiences List<string> - List of allowed audiences.
- Api
Enable boolUsers - Enable API Access to users.
- App
Id string - App ID.
- Attribute
Maps List<GetConnection Option Attribute Map> - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- Attributes
List<Get
Connection Option Attribute> - Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
- Auth
Params Dictionary<string, string> - Query string parameters to be included as part of the generated passwordless email link.
- string
- Authorization endpoint.
- Brute
Force boolProtection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- Client
Id string - The strategy's client ID.
- Client
Secret string - The strategy's client secret.
- Community
Base stringUrl - Salesforce community base URL.
- Configuration Dictionary<string, string>
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script
. - Connection
Settings List<GetConnection Option Connection Setting> - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- Custom
Scripts Dictionary<string, string> - A map of scripts used to integrate with a custom database.
- Debug bool
- When enabled, additional debug information will be generated.
- Decryption
Keys List<GetConnection Option Decryption Key> - The key used to decrypt encrypted responses from the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - Digest
Algorithm string - Sign Request Algorithm Digest.
- Disable
Cache bool - Indicates whether to disable the cache or not.
- Disable
Self boolService Change Password - Indicates whether to remove the forgot password link within the New Universal Login.
- Disable
Sign boolOut - When enabled, will disable sign out.
- Disable
Signup bool - Indicates whether to allow user sign-ups to your application.
- Discovery
Url string - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration
. - Domain string
- Domain name.
- Domain
Aliases List<string> - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- Enable
Script boolContext - Set to
true
to inject context into custom DB scripts (warning: cannot be disabled once enabled). - Enabled
Database boolCustomization - Set to
true
to use a legacy user store. - Entity
Id string - Custom Entity ID for the connection.
- Fed
Metadata stringXml - Federation Metadata for the ADFS connection.
- Fields
Map string - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- Forward
Request boolInfo - Specifies whether or not request info should be forwarded to sms gateway.
- From string
- Address to use as the sender.
- Gateway
Authentications List<GetConnection Option Gateway Authentication> - Defines the parameters used to generate the auth token for the custom gateway.
- Gateway
Url string - Defines a custom sms gateway to use instead of Twilio.
- Icon
Url string - Icon URL.
- Identity
Api string - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0
orazure-active-directory-v1.0
. - Idp
Initiateds List<GetConnection Option Idp Initiated> - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
. - Import
Mode bool - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- Ips List<string>
- A list of IPs.
- Issuer string
- Issuer URL, e.g.
https://auth.example.com
. - Jwks
Uri string - JWKS URI.
- Key
Id string - Apple Key ID.
- Map
User boolId To Id - By default Auth0 maps
user_id
toemail
. Enabling this setting changes the behavior to mapuser_id
to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - Max
Groups stringTo Retrieve - Maximum number of groups to retrieve.
- Messaging
Service stringSid - SID for Copilot. Used when SMS Source is Copilot.
- Metadata
Url string - The URL of the SAML metadata document.
- Metadata
Xml string - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- Mfas
List<Get
Connection Option Mfa> - Configuration options for multifactor authentication.
- Name string
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- Non
Persistent List<string>Attrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- Password
Complexity List<GetOptions Connection Option Password Complexity Option> - Configuration settings for password complexity.
- Password
Dictionaries List<GetConnection Option Password Dictionary> - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- Password
Histories List<GetConnection Option Password History> - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- Password
No List<GetPersonal Infos Connection Option Password No Personal Info> - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name
,username
,nickname
,user_metadata.name
,user_metadata.first
,user_metadata.last
, user'semail
, or first part of the user'semail
. - Password
Policy string - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
. - Ping
Federate stringBase Url - Ping Federate Server URL.
- Pkce
Enabled bool - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- Precedences List<string>
- Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
- Protocol
Binding string - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- Provider string
- Defines the custom
sms_gateway
provider. - Request
Template string - Template that formats the SAML request.
- Requires
Username bool - Indicates whether the user is required to provide a username in addition to an email address.
- Scopes List<string>
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile
,ext_profile
,ext_nested_groups
, etc. - Scripts Dictionary<string, string>
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfile
script. - Set
User stringRoot Attributes - Determines whether to sync user profile attributes (
name
,given_name
,family_name
,nickname
,picture
) at each login or only on the first login. Options include:on_each_login
,on_first_login
. Default value:on_each_login
. - Should
Trust stringEmail Verified Connection - Choose how Auth0 sets the email_verified field in the user profile.
- Sign
In stringEndpoint - SAML single login URL for the connection.
- Sign
Out stringEndpoint - SAML single logout URL for the connection.
- Sign
Saml boolRequest - When enabled, the SAML authentication request will be signed.
- Signature
Algorithm string - Sign Request Algorithm.
- Signing
Cert string - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- Signing
Keys List<GetConnection Option Signing Key> - The key used to sign requests in the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - Strategy
Version int - Version 1 is deprecated, use version 2.
- Subject string
- Subject line of the email.
- Syntax string
- Syntax of the template body.
- Team
Id string - Apple Team ID.
- Template string
- Body of the template.
- Tenant
Domain string - Tenant domain name.
- Token
Endpoint string - Token endpoint.
- Totps
List<Get
Connection Option Totp> - Configuration options for one-time passwords.
- Twilio
Sid string - SID for your Twilio account.
- Twilio
Token string - AuthToken for your Twilio account.
- Type string
- Value can be
back_channel
orfront_channel
. Front Channel will use OIDC protocol withresponse_mode=form_post
andresponse_type=id_token
. Back Channel will useresponse_type=code
. - Upstream
Params string - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- Use
Cert boolAuth - Indicates whether to use cert auth or not.
- Use
Kerberos bool - Indicates whether to use Kerberos or not.
- Use
Wsfed bool - Whether to use WS-Fed.
- User
Id stringAttribute - Attribute in the token that will be mapped to the user_id property in Auth0.
- Userinfo
Endpoint string - User info endpoint.
- Validations
List<Get
Connection Option Validation> - Validation of the minimum and maximum values allowed for a user to have as username.
- Waad
Common boolEndpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- Waad
Protocol string - Protocol to use.
- Adfs
Server string - ADFS URL where to fetch the metadata source.
- Allowed
Audiences []string - List of allowed audiences.
- Api
Enable boolUsers - Enable API Access to users.
- App
Id string - App ID.
- Attribute
Maps []GetConnection Option Attribute Map - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- Attributes
[]Get
Connection Option Attribute - Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
- Auth
Params map[string]string - Query string parameters to be included as part of the generated passwordless email link.
- string
- Authorization endpoint.
- Brute
Force boolProtection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- Client
Id string - The strategy's client ID.
- Client
Secret string - The strategy's client secret.
- Community
Base stringUrl - Salesforce community base URL.
- Configuration map[string]string
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script
. - Connection
Settings []GetConnection Option Connection Setting - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- Custom
Scripts map[string]string - A map of scripts used to integrate with a custom database.
- Debug bool
- When enabled, additional debug information will be generated.
- Decryption
Keys []GetConnection Option Decryption Key - The key used to decrypt encrypted responses from the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - Digest
Algorithm string - Sign Request Algorithm Digest.
- Disable
Cache bool - Indicates whether to disable the cache or not.
- Disable
Self boolService Change Password - Indicates whether to remove the forgot password link within the New Universal Login.
- Disable
Sign boolOut - When enabled, will disable sign out.
- Disable
Signup bool - Indicates whether to allow user sign-ups to your application.
- Discovery
Url string - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration
. - Domain string
- Domain name.
- Domain
Aliases []string - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- Enable
Script boolContext - Set to
true
to inject context into custom DB scripts (warning: cannot be disabled once enabled). - Enabled
Database boolCustomization - Set to
true
to use a legacy user store. - Entity
Id string - Custom Entity ID for the connection.
- Fed
Metadata stringXml - Federation Metadata for the ADFS connection.
- Fields
Map string - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- Forward
Request boolInfo - Specifies whether or not request info should be forwarded to sms gateway.
- From string
- Address to use as the sender.
- Gateway
Authentications []GetConnection Option Gateway Authentication - Defines the parameters used to generate the auth token for the custom gateway.
- Gateway
Url string - Defines a custom sms gateway to use instead of Twilio.
- Icon
Url string - Icon URL.
- Identity
Api string - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0
orazure-active-directory-v1.0
. - Idp
Initiateds []GetConnection Option Idp Initiated - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
. - Import
Mode bool - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- Ips []string
- A list of IPs.
- Issuer string
- Issuer URL, e.g.
https://auth.example.com
. - Jwks
Uri string - JWKS URI.
- Key
Id string - Apple Key ID.
- Map
User boolId To Id - By default Auth0 maps
user_id
toemail
. Enabling this setting changes the behavior to mapuser_id
to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - Max
Groups stringTo Retrieve - Maximum number of groups to retrieve.
- Messaging
Service stringSid - SID for Copilot. Used when SMS Source is Copilot.
- Metadata
Url string - The URL of the SAML metadata document.
- Metadata
Xml string - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- Mfas
[]Get
Connection Option Mfa - Configuration options for multifactor authentication.
- Name string
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- Non
Persistent []stringAttrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- Password
Complexity []GetOptions Connection Option Password Complexity Option - Configuration settings for password complexity.
- Password
Dictionaries []GetConnection Option Password Dictionary - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- Password
Histories []GetConnection Option Password History - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- Password
No []GetPersonal Infos Connection Option Password No Personal Info - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name
,username
,nickname
,user_metadata.name
,user_metadata.first
,user_metadata.last
, user'semail
, or first part of the user'semail
. - Password
Policy string - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
. - Ping
Federate stringBase Url - Ping Federate Server URL.
- Pkce
Enabled bool - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- Precedences []string
- Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
- Protocol
Binding string - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- Provider string
- Defines the custom
sms_gateway
provider. - Request
Template string - Template that formats the SAML request.
- Requires
Username bool - Indicates whether the user is required to provide a username in addition to an email address.
- Scopes []string
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile
,ext_profile
,ext_nested_groups
, etc. - Scripts map[string]string
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfile
script. - Set
User stringRoot Attributes - Determines whether to sync user profile attributes (
name
,given_name
,family_name
,nickname
,picture
) at each login or only on the first login. Options include:on_each_login
,on_first_login
. Default value:on_each_login
. - Should
Trust stringEmail Verified Connection - Choose how Auth0 sets the email_verified field in the user profile.
- Sign
In stringEndpoint - SAML single login URL for the connection.
- Sign
Out stringEndpoint - SAML single logout URL for the connection.
- Sign
Saml boolRequest - When enabled, the SAML authentication request will be signed.
- Signature
Algorithm string - Sign Request Algorithm.
- Signing
Cert string - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- Signing
Keys []GetConnection Option Signing Key - The key used to sign requests in the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - Strategy
Version int - Version 1 is deprecated, use version 2.
- Subject string
- Subject line of the email.
- Syntax string
- Syntax of the template body.
- Team
Id string - Apple Team ID.
- Template string
- Body of the template.
- Tenant
Domain string - Tenant domain name.
- Token
Endpoint string - Token endpoint.
- Totps
[]Get
Connection Option Totp - Configuration options for one-time passwords.
- Twilio
Sid string - SID for your Twilio account.
- Twilio
Token string - AuthToken for your Twilio account.
- Type string
- Value can be
back_channel
orfront_channel
. Front Channel will use OIDC protocol withresponse_mode=form_post
andresponse_type=id_token
. Back Channel will useresponse_type=code
. - Upstream
Params string - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- Use
Cert boolAuth - Indicates whether to use cert auth or not.
- Use
Kerberos bool - Indicates whether to use Kerberos or not.
- Use
Wsfed bool - Whether to use WS-Fed.
- User
Id stringAttribute - Attribute in the token that will be mapped to the user_id property in Auth0.
- Userinfo
Endpoint string - User info endpoint.
- Validations
[]Get
Connection Option Validation - Validation of the minimum and maximum values allowed for a user to have as username.
- Waad
Common boolEndpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- Waad
Protocol string - Protocol to use.
- adfs
Server String - ADFS URL where to fetch the metadata source.
- allowed
Audiences List<String> - List of allowed audiences.
- api
Enable BooleanUsers - Enable API Access to users.
- app
Id String - App ID.
- attribute
Maps List<GetConnection Option Attribute Map> - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- attributes
List<Get
Connection Option Attribute> - Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
- auth
Params Map<String,String> - Query string parameters to be included as part of the generated passwordless email link.
- String
- Authorization endpoint.
- brute
Force BooleanProtection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client
Id String - The strategy's client ID.
- client
Secret String - The strategy's client secret.
- community
Base StringUrl - Salesforce community base URL.
- configuration Map<String,String>
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script
. - connection
Settings List<GetConnection Option Connection Setting> - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- custom
Scripts Map<String,String> - A map of scripts used to integrate with a custom database.
- debug Boolean
- When enabled, additional debug information will be generated.
- decryption
Keys List<GetConnection Option Decryption Key> - The key used to decrypt encrypted responses from the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - digest
Algorithm String - Sign Request Algorithm Digest.
- disable
Cache Boolean - Indicates whether to disable the cache or not.
- disable
Self BooleanService Change Password - Indicates whether to remove the forgot password link within the New Universal Login.
- disable
Sign BooleanOut - When enabled, will disable sign out.
- disable
Signup Boolean - Indicates whether to allow user sign-ups to your application.
- discovery
Url String - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration
. - domain String
- Domain name.
- domain
Aliases List<String> - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- enable
Script BooleanContext - Set to
true
to inject context into custom DB scripts (warning: cannot be disabled once enabled). - enabled
Database BooleanCustomization - Set to
true
to use a legacy user store. - entity
Id String - Custom Entity ID for the connection.
- fed
Metadata StringXml - Federation Metadata for the ADFS connection.
- fields
Map String - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward
Request BooleanInfo - Specifies whether or not request info should be forwarded to sms gateway.
- from String
- Address to use as the sender.
- gateway
Authentications List<GetConnection Option Gateway Authentication> - Defines the parameters used to generate the auth token for the custom gateway.
- gateway
Url String - Defines a custom sms gateway to use instead of Twilio.
- icon
Url String - Icon URL.
- identity
Api String - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0
orazure-active-directory-v1.0
. - idp
Initiateds List<GetConnection Option Idp Initiated> - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
. - import
Mode Boolean - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- ips List<String>
- A list of IPs.
- issuer String
- Issuer URL, e.g.
https://auth.example.com
. - jwks
Uri String - JWKS URI.
- key
Id String - Apple Key ID.
- map
User BooleanId To Id - By default Auth0 maps
user_id
toemail
. Enabling this setting changes the behavior to mapuser_id
to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - max
Groups StringTo Retrieve - Maximum number of groups to retrieve.
- messaging
Service StringSid - SID for Copilot. Used when SMS Source is Copilot.
- metadata
Url String - The URL of the SAML metadata document.
- metadata
Xml String - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- mfas
List<Get
Connection Option Mfa> - Configuration options for multifactor authentication.
- name String
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- non
Persistent List<String>Attrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- password
Complexity List<GetOptions Connection Option Password Complexity Option> - Configuration settings for password complexity.
- password
Dictionaries List<GetConnection Option Password Dictionary> - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- password
Histories List<GetConnection Option Password History> - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- password
No List<GetPersonal Infos Connection Option Password No Personal Info> - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name
,username
,nickname
,user_metadata.name
,user_metadata.first
,user_metadata.last
, user'semail
, or first part of the user'semail
. - password
Policy String - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
. - ping
Federate StringBase Url - Ping Federate Server URL.
- pkce
Enabled Boolean - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- precedences List<String>
- Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
- protocol
Binding String - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- provider String
- Defines the custom
sms_gateway
provider. - request
Template String - Template that formats the SAML request.
- requires
Username Boolean - Indicates whether the user is required to provide a username in addition to an email address.
- scopes List<String>
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile
,ext_profile
,ext_nested_groups
, etc. - scripts Map<String,String>
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfile
script. - set
User StringRoot Attributes - Determines whether to sync user profile attributes (
name
,given_name
,family_name
,nickname
,picture
) at each login or only on the first login. Options include:on_each_login
,on_first_login
. Default value:on_each_login
. - should
Trust StringEmail Verified Connection - Choose how Auth0 sets the email_verified field in the user profile.
- sign
In StringEndpoint - SAML single login URL for the connection.
- sign
Out StringEndpoint - SAML single logout URL for the connection.
- sign
Saml BooleanRequest - When enabled, the SAML authentication request will be signed.
- signature
Algorithm String - Sign Request Algorithm.
- signing
Cert String - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- signing
Keys List<GetConnection Option Signing Key> - The key used to sign requests in the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - strategy
Version Integer - Version 1 is deprecated, use version 2.
- subject String
- Subject line of the email.
- syntax String
- Syntax of the template body.
- team
Id String - Apple Team ID.
- template String
- Body of the template.
- tenant
Domain String - Tenant domain name.
- token
Endpoint String - Token endpoint.
- totps
List<Get
Connection Option Totp> - Configuration options for one-time passwords.
- twilio
Sid String - SID for your Twilio account.
- twilio
Token String - AuthToken for your Twilio account.
- type String
- Value can be
back_channel
orfront_channel
. Front Channel will use OIDC protocol withresponse_mode=form_post
andresponse_type=id_token
. Back Channel will useresponse_type=code
. - upstream
Params String - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- use
Cert BooleanAuth - Indicates whether to use cert auth or not.
- use
Kerberos Boolean - Indicates whether to use Kerberos or not.
- use
Wsfed Boolean - Whether to use WS-Fed.
- user
Id StringAttribute - Attribute in the token that will be mapped to the user_id property in Auth0.
- userinfo
Endpoint String - User info endpoint.
- validations
List<Get
Connection Option Validation> - Validation of the minimum and maximum values allowed for a user to have as username.
- waad
Common BooleanEndpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad
Protocol String - Protocol to use.
- adfs
Server string - ADFS URL where to fetch the metadata source.
- allowed
Audiences string[] - List of allowed audiences.
- api
Enable booleanUsers - Enable API Access to users.
- app
Id string - App ID.
- attribute
Maps GetConnection Option Attribute Map[] - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- attributes
Get
Connection Option Attribute[] - Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
- auth
Params {[key: string]: string} - Query string parameters to be included as part of the generated passwordless email link.
- string
- Authorization endpoint.
- brute
Force booleanProtection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client
Id string - The strategy's client ID.
- client
Secret string - The strategy's client secret.
- community
Base stringUrl - Salesforce community base URL.
- configuration {[key: string]: string}
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script
. - connection
Settings GetConnection Option Connection Setting[] - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- custom
Scripts {[key: string]: string} - A map of scripts used to integrate with a custom database.
- debug boolean
- When enabled, additional debug information will be generated.
- decryption
Keys GetConnection Option Decryption Key[] - The key used to decrypt encrypted responses from the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - digest
Algorithm string - Sign Request Algorithm Digest.
- disable
Cache boolean - Indicates whether to disable the cache or not.
- disable
Self booleanService Change Password - Indicates whether to remove the forgot password link within the New Universal Login.
- disable
Sign booleanOut - When enabled, will disable sign out.
- disable
Signup boolean - Indicates whether to allow user sign-ups to your application.
- discovery
Url string - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration
. - domain string
- Domain name.
- domain
Aliases string[] - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- enable
Script booleanContext - Set to
true
to inject context into custom DB scripts (warning: cannot be disabled once enabled). - enabled
Database booleanCustomization - Set to
true
to use a legacy user store. - entity
Id string - Custom Entity ID for the connection.
- fed
Metadata stringXml - Federation Metadata for the ADFS connection.
- fields
Map string - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward
Request booleanInfo - Specifies whether or not request info should be forwarded to sms gateway.
- from string
- Address to use as the sender.
- gateway
Authentications GetConnection Option Gateway Authentication[] - Defines the parameters used to generate the auth token for the custom gateway.
- gateway
Url string - Defines a custom sms gateway to use instead of Twilio.
- icon
Url string - Icon URL.
- identity
Api string - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0
orazure-active-directory-v1.0
. - idp
Initiateds GetConnection Option Idp Initiated[] - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
. - import
Mode boolean - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- ips string[]
- A list of IPs.
- issuer string
- Issuer URL, e.g.
https://auth.example.com
. - jwks
Uri string - JWKS URI.
- key
Id string - Apple Key ID.
- map
User booleanId To Id - By default Auth0 maps
user_id
toemail
. Enabling this setting changes the behavior to mapuser_id
to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - max
Groups stringTo Retrieve - Maximum number of groups to retrieve.
- messaging
Service stringSid - SID for Copilot. Used when SMS Source is Copilot.
- metadata
Url string - The URL of the SAML metadata document.
- metadata
Xml string - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- mfas
Get
Connection Option Mfa[] - Configuration options for multifactor authentication.
- name string
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- non
Persistent string[]Attrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- password
Complexity GetOptions Connection Option Password Complexity Option[] - Configuration settings for password complexity.
- password
Dictionaries GetConnection Option Password Dictionary[] - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- password
Histories GetConnection Option Password History[] - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- password
No GetPersonal Infos Connection Option Password No Personal Info[] - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name
,username
,nickname
,user_metadata.name
,user_metadata.first
,user_metadata.last
, user'semail
, or first part of the user'semail
. - password
Policy string - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
. - ping
Federate stringBase Url - Ping Federate Server URL.
- pkce
Enabled boolean - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- precedences string[]
- Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
- protocol
Binding string - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- provider string
- Defines the custom
sms_gateway
provider. - request
Template string - Template that formats the SAML request.
- requires
Username boolean - Indicates whether the user is required to provide a username in addition to an email address.
- scopes string[]
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile
,ext_profile
,ext_nested_groups
, etc. - scripts {[key: string]: string}
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfile
script. - set
User stringRoot Attributes - Determines whether to sync user profile attributes (
name
,given_name
,family_name
,nickname
,picture
) at each login or only on the first login. Options include:on_each_login
,on_first_login
. Default value:on_each_login
. - should
Trust stringEmail Verified Connection - Choose how Auth0 sets the email_verified field in the user profile.
- sign
In stringEndpoint - SAML single login URL for the connection.
- sign
Out stringEndpoint - SAML single logout URL for the connection.
- sign
Saml booleanRequest - When enabled, the SAML authentication request will be signed.
- signature
Algorithm string - Sign Request Algorithm.
- signing
Cert string - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- signing
Keys GetConnection Option Signing Key[] - The key used to sign requests in the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - strategy
Version number - Version 1 is deprecated, use version 2.
- subject string
- Subject line of the email.
- syntax string
- Syntax of the template body.
- team
Id string - Apple Team ID.
- template string
- Body of the template.
- tenant
Domain string - Tenant domain name.
- token
Endpoint string - Token endpoint.
- totps
Get
Connection Option Totp[] - Configuration options for one-time passwords.
- twilio
Sid string - SID for your Twilio account.
- twilio
Token string - AuthToken for your Twilio account.
- type string
- Value can be
back_channel
orfront_channel
. Front Channel will use OIDC protocol withresponse_mode=form_post
andresponse_type=id_token
. Back Channel will useresponse_type=code
. - upstream
Params string - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- use
Cert booleanAuth - Indicates whether to use cert auth or not.
- use
Kerberos boolean - Indicates whether to use Kerberos or not.
- use
Wsfed boolean - Whether to use WS-Fed.
- user
Id stringAttribute - Attribute in the token that will be mapped to the user_id property in Auth0.
- userinfo
Endpoint string - User info endpoint.
- validations
Get
Connection Option Validation[] - Validation of the minimum and maximum values allowed for a user to have as username.
- waad
Common booleanEndpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad
Protocol string - Protocol to use.
- adfs_
server str - ADFS URL where to fetch the metadata source.
- allowed_
audiences Sequence[str] - List of allowed audiences.
- api_
enable_ boolusers - Enable API Access to users.
- app_
id str - App ID.
- attribute_
maps Sequence[GetConnection Option Attribute Map] - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- attributes
Sequence[Get
Connection Option Attribute] - Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
- auth_
params Mapping[str, str] - Query string parameters to be included as part of the generated passwordless email link.
- str
- Authorization endpoint.
- brute_
force_ boolprotection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client_
id str - The strategy's client ID.
- client_
secret str - The strategy's client secret.
- community_
base_ strurl - Salesforce community base URL.
- configuration Mapping[str, str]
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script
. - connection_
settings Sequence[GetConnection Option Connection Setting] - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- custom_
scripts Mapping[str, str] - A map of scripts used to integrate with a custom database.
- debug bool
- When enabled, additional debug information will be generated.
- decryption_
keys Sequence[GetConnection Option Decryption Key] - The key used to decrypt encrypted responses from the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - digest_
algorithm str - Sign Request Algorithm Digest.
- disable_
cache bool - Indicates whether to disable the cache or not.
- disable_
self_ boolservice_ change_ password - Indicates whether to remove the forgot password link within the New Universal Login.
- disable_
sign_ boolout - When enabled, will disable sign out.
- disable_
signup bool - Indicates whether to allow user sign-ups to your application.
- discovery_
url str - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration
. - domain str
- Domain name.
- domain_
aliases Sequence[str] - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- enable_
script_ boolcontext - Set to
true
to inject context into custom DB scripts (warning: cannot be disabled once enabled). - enabled_
database_ boolcustomization - Set to
true
to use a legacy user store. - entity_
id str - Custom Entity ID for the connection.
- fed_
metadata_ strxml - Federation Metadata for the ADFS connection.
- fields_
map str - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward_
request_ boolinfo - Specifies whether or not request info should be forwarded to sms gateway.
- from_ str
- Address to use as the sender.
- gateway_
authentications Sequence[GetConnection Option Gateway Authentication] - Defines the parameters used to generate the auth token for the custom gateway.
- gateway_
url str - Defines a custom sms gateway to use instead of Twilio.
- icon_
url str - Icon URL.
- identity_
api str - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0
orazure-active-directory-v1.0
. - idp_
initiateds Sequence[GetConnection Option Idp Initiated] - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
. - import_
mode bool - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- ips Sequence[str]
- A list of IPs.
- issuer str
- Issuer URL, e.g.
https://auth.example.com
. - jwks_
uri str - JWKS URI.
- key_
id str - Apple Key ID.
- map_
user_ boolid_ to_ id - By default Auth0 maps
user_id
toemail
. Enabling this setting changes the behavior to mapuser_id
to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - max_
groups_ strto_ retrieve - Maximum number of groups to retrieve.
- messaging_
service_ strsid - SID for Copilot. Used when SMS Source is Copilot.
- metadata_
url str - The URL of the SAML metadata document.
- metadata_
xml str - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- mfas
Sequence[Get
Connection Option Mfa] - Configuration options for multifactor authentication.
- name str
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- non_
persistent_ Sequence[str]attrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- password_
complexity_ Sequence[Getoptions Connection Option Password Complexity Option] - Configuration settings for password complexity.
- password_
dictionaries Sequence[GetConnection Option Password Dictionary] - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- password_
histories Sequence[GetConnection Option Password History] - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- password_
no_ Sequence[Getpersonal_ infos Connection Option Password No Personal Info] - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name
,username
,nickname
,user_metadata.name
,user_metadata.first
,user_metadata.last
, user'semail
, or first part of the user'semail
. - password_
policy str - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
. - ping_
federate_ strbase_ url - Ping Federate Server URL.
- pkce_
enabled bool - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- precedences Sequence[str]
- Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
- protocol_
binding str - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- provider str
- Defines the custom
sms_gateway
provider. - request_
template str - Template that formats the SAML request.
- requires_
username bool - Indicates whether the user is required to provide a username in addition to an email address.
- scopes Sequence[str]
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile
,ext_profile
,ext_nested_groups
, etc. - scripts Mapping[str, str]
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfile
script. - set_
user_ strroot_ attributes - Determines whether to sync user profile attributes (
name
,given_name
,family_name
,nickname
,picture
) at each login or only on the first login. Options include:on_each_login
,on_first_login
. Default value:on_each_login
. - should_
trust_ stremail_ verified_ connection - Choose how Auth0 sets the email_verified field in the user profile.
- sign_
in_ strendpoint - SAML single login URL for the connection.
- sign_
out_ strendpoint - SAML single logout URL for the connection.
- sign_
saml_ boolrequest - When enabled, the SAML authentication request will be signed.
- signature_
algorithm str - Sign Request Algorithm.
- signing_
cert str - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- signing_
keys Sequence[GetConnection Option Signing Key] - The key used to sign requests in the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - strategy_
version int - Version 1 is deprecated, use version 2.
- subject str
- Subject line of the email.
- syntax str
- Syntax of the template body.
- team_
id str - Apple Team ID.
- template str
- Body of the template.
- tenant_
domain str - Tenant domain name.
- token_
endpoint str - Token endpoint.
- totps
Sequence[Get
Connection Option Totp] - Configuration options for one-time passwords.
- twilio_
sid str - SID for your Twilio account.
- twilio_
token str - AuthToken for your Twilio account.
- type str
- Value can be
back_channel
orfront_channel
. Front Channel will use OIDC protocol withresponse_mode=form_post
andresponse_type=id_token
. Back Channel will useresponse_type=code
. - upstream_
params str - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- use_
cert_ boolauth - Indicates whether to use cert auth or not.
- use_
kerberos bool - Indicates whether to use Kerberos or not.
- use_
wsfed bool - Whether to use WS-Fed.
- user_
id_ strattribute - Attribute in the token that will be mapped to the user_id property in Auth0.
- userinfo_
endpoint str - User info endpoint.
- validations
Sequence[Get
Connection Option Validation] - Validation of the minimum and maximum values allowed for a user to have as username.
- waad_
common_ boolendpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad_
protocol str - Protocol to use.
- adfs
Server String - ADFS URL where to fetch the metadata source.
- allowed
Audiences List<String> - List of allowed audiences.
- api
Enable BooleanUsers - Enable API Access to users.
- app
Id String - App ID.
- attribute
Maps List<Property Map> - OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
- attributes List<Property Map>
- Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
- auth
Params Map<String> - Query string parameters to be included as part of the generated passwordless email link.
- String
- Authorization endpoint.
- brute
Force BooleanProtection - Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
- client
Id String - The strategy's client ID.
- client
Secret String - The strategy's client secret.
- community
Base StringUrl - Salesforce community base URL.
- configuration Map<String>
- A case-sensitive map of key value pairs used as configuration variables for the
custom_script
. - connection
Settings List<Property Map> - Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
- custom
Scripts Map<String> - A map of scripts used to integrate with a custom database.
- debug Boolean
- When enabled, additional debug information will be generated.
- decryption
Keys List<Property Map> - The key used to decrypt encrypted responses from the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - digest
Algorithm String - Sign Request Algorithm Digest.
- disable
Cache Boolean - Indicates whether to disable the cache or not.
- disable
Self BooleanService Change Password - Indicates whether to remove the forgot password link within the New Universal Login.
- disable
Sign BooleanOut - When enabled, will disable sign out.
- disable
Signup Boolean - Indicates whether to allow user sign-ups to your application.
- discovery
Url String - OpenID discovery URL, e.g.
https://auth.example.com/.well-known/openid-configuration
. - domain String
- Domain name.
- domain
Aliases List<String> - List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
- enable
Script BooleanContext - Set to
true
to inject context into custom DB scripts (warning: cannot be disabled once enabled). - enabled
Database BooleanCustomization - Set to
true
to use a legacy user store. - entity
Id String - Custom Entity ID for the connection.
- fed
Metadata StringXml - Federation Metadata for the ADFS connection.
- fields
Map String - If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
- forward
Request BooleanInfo - Specifies whether or not request info should be forwarded to sms gateway.
- from String
- Address to use as the sender.
- gateway
Authentications List<Property Map> - Defines the parameters used to generate the auth token for the custom gateway.
- gateway
Url String - Defines a custom sms gateway to use instead of Twilio.
- icon
Url String - Icon URL.
- identity
Api String - Azure AD Identity API. Available options are:
microsoft-identity-platform-v2.0
orazure-active-directory-v1.0
. - idp
Initiateds List<Property Map> - Configuration options for IDP Initiated Authentication. This is an object with the properties:
client_id
,client_protocol
, andclient_authorize_query
. - import
Mode Boolean - Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
- ips List<String>
- A list of IPs.
- issuer String
- Issuer URL, e.g.
https://auth.example.com
. - jwks
Uri String - JWKS URI.
- key
Id String - Apple Key ID.
- map
User BooleanId To Id - By default Auth0 maps
user_id
toemail
. Enabling this setting changes the behavior to mapuser_id
to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set. - max
Groups StringTo Retrieve - Maximum number of groups to retrieve.
- messaging
Service StringSid - SID for Copilot. Used when SMS Source is Copilot.
- metadata
Url String - The URL of the SAML metadata document.
- metadata
Xml String - The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
- mfas List<Property Map>
- Configuration options for multifactor authentication.
- name String
- The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
- non
Persistent List<String>Attrs - If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
- password
Complexity List<Property Map>Options - Configuration settings for password complexity.
- password
Dictionaries List<Property Map> - Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
- password
Histories List<Property Map> - Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
- password
No List<Property Map>Personal Infos - Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's
name
,username
,nickname
,user_metadata.name
,user_metadata.first
,user_metadata.last
, user'semail
, or first part of the user'semail
. - password
Policy String - Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include
none
,low
,fair
,good
,excellent
. - ping
Federate StringBase Url - Ping Federate Server URL.
- pkce
Enabled Boolean - Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
- precedences List<String>
- Order of attributes for precedence in identification.Valid values: email, phone_number, username. If Precedence is set, it must contain all values (email, phone_number, username) in specific order
- protocol
Binding String - The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
- provider String
- Defines the custom
sms_gateway
provider. - request
Template String - Template that formats the SAML request.
- requires
Username Boolean - Indicates whether the user is required to provide a username in addition to an email address.
- scopes List<String>
- Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples:
basic_profile
,ext_profile
,ext_nested_groups
, etc. - scripts Map<String>
- A map of scripts used for an OAuth connection. Only accepts a
fetchUserProfile
script. - set
User StringRoot Attributes - Determines whether to sync user profile attributes (
name
,given_name
,family_name
,nickname
,picture
) at each login or only on the first login. Options include:on_each_login
,on_first_login
. Default value:on_each_login
. - should
Trust StringEmail Verified Connection - Choose how Auth0 sets the email_verified field in the user profile.
- sign
In StringEndpoint - SAML single login URL for the connection.
- sign
Out StringEndpoint - SAML single logout URL for the connection.
- sign
Saml BooleanRequest - When enabled, the SAML authentication request will be signed.
- signature
Algorithm String - Sign Request Algorithm.
- signing
Cert String - X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
- signing
Keys List<Property Map> - The key used to sign requests in the connection. Uses the
key
andcert
properties to provide the private key and certificate respectively. - strategy
Version Number - Version 1 is deprecated, use version 2.
- subject String
- Subject line of the email.
- syntax String
- Syntax of the template body.
- team
Id String - Apple Team ID.
- template String
- Body of the template.
- tenant
Domain String - Tenant domain name.
- token
Endpoint String - Token endpoint.
- totps List<Property Map>
- Configuration options for one-time passwords.
- twilio
Sid String - SID for your Twilio account.
- twilio
Token String - AuthToken for your Twilio account.
- type String
- Value can be
back_channel
orfront_channel
. Front Channel will use OIDC protocol withresponse_mode=form_post
andresponse_type=id_token
. Back Channel will useresponse_type=code
. - upstream
Params String - You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
- use
Cert BooleanAuth - Indicates whether to use cert auth or not.
- use
Kerberos Boolean - Indicates whether to use Kerberos or not.
- use
Wsfed Boolean - Whether to use WS-Fed.
- user
Id StringAttribute - Attribute in the token that will be mapped to the user_id property in Auth0.
- userinfo
Endpoint String - User info endpoint.
- validations List<Property Map>
- Validation of the minimum and maximum values allowed for a user to have as username.
- waad
Common BooleanEndpoint - Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
- waad
Protocol String - Protocol to use.
GetConnectionOptionAttribute
- Emails
List<Get
Connection Option Attribute Email> - Connection Options for Email Attribute
- Phone
Numbers List<GetConnection Option Attribute Phone Number> - Connection Options for Phone Number Attribute
- Usernames
List<Get
Connection Option Attribute Username> - Connection Options for User Name Attribute
- Emails
[]Get
Connection Option Attribute Email - Connection Options for Email Attribute
- Phone
Numbers []GetConnection Option Attribute Phone Number - Connection Options for Phone Number Attribute
- Usernames
[]Get
Connection Option Attribute Username - Connection Options for User Name Attribute
- emails
List<Get
Connection Option Attribute Email> - Connection Options for Email Attribute
- phone
Numbers List<GetConnection Option Attribute Phone Number> - Connection Options for Phone Number Attribute
- usernames
List<Get
Connection Option Attribute Username> - Connection Options for User Name Attribute
- emails
Get
Connection Option Attribute Email[] - Connection Options for Email Attribute
- phone
Numbers GetConnection Option Attribute Phone Number[] - Connection Options for Phone Number Attribute
- usernames
Get
Connection Option Attribute Username[] - Connection Options for User Name Attribute
- emails
Sequence[Get
Connection Option Attribute Email] - Connection Options for Email Attribute
- phone_
numbers Sequence[GetConnection Option Attribute Phone Number] - Connection Options for Phone Number Attribute
- usernames
Sequence[Get
Connection Option Attribute Username] - Connection Options for User Name Attribute
- emails List<Property Map>
- Connection Options for Email Attribute
- phone
Numbers List<Property Map> - Connection Options for Phone Number Attribute
- usernames List<Property Map>
- Connection Options for User Name Attribute
GetConnectionOptionAttributeEmail
- Identifiers
List<Get
Connection Option Attribute Email Identifier> - Connection Options Email Attribute Identifier
- Profile
Required bool - Defines whether Profile is required
- Signups
List<Get
Connection Option Attribute Email Signup> - Defines signup settings for Email attribute
- Identifiers
[]Get
Connection Option Attribute Email Identifier - Connection Options Email Attribute Identifier
- Profile
Required bool - Defines whether Profile is required
- Signups
[]Get
Connection Option Attribute Email Signup - Defines signup settings for Email attribute
- identifiers
List<Get
Connection Option Attribute Email Identifier> - Connection Options Email Attribute Identifier
- profile
Required Boolean - Defines whether Profile is required
- signups
List<Get
Connection Option Attribute Email Signup> - Defines signup settings for Email attribute
- identifiers
Get
Connection Option Attribute Email Identifier[] - Connection Options Email Attribute Identifier
- profile
Required boolean - Defines whether Profile is required
- signups
Get
Connection Option Attribute Email Signup[] - Defines signup settings for Email attribute
- identifiers
Sequence[Get
Connection Option Attribute Email Identifier] - Connection Options Email Attribute Identifier
- profile_
required bool - Defines whether Profile is required
- signups
Sequence[Get
Connection Option Attribute Email Signup] - Defines signup settings for Email attribute
- identifiers List<Property Map>
- Connection Options Email Attribute Identifier
- profile
Required Boolean - Defines whether Profile is required
- signups List<Property Map>
- Defines signup settings for Email attribute
GetConnectionOptionAttributeEmailIdentifier
- Active bool
- Defines whether email attribute is active as an identifier
- Active bool
- Defines whether email attribute is active as an identifier
- active Boolean
- Defines whether email attribute is active as an identifier
- active boolean
- Defines whether email attribute is active as an identifier
- active bool
- Defines whether email attribute is active as an identifier
- active Boolean
- Defines whether email attribute is active as an identifier
GetConnectionOptionAttributeEmailSignup
- Status string
- Defines signup status for Email Attribute
- Verifications
List<Get
Connection Option Attribute Email Signup Verification> - Defines settings for Verification under Email attribute
- Status string
- Defines signup status for Email Attribute
- Verifications
[]Get
Connection Option Attribute Email Signup Verification - Defines settings for Verification under Email attribute
- status String
- Defines signup status for Email Attribute
- verifications
List<Get
Connection Option Attribute Email Signup Verification> - Defines settings for Verification under Email attribute
- status string
- Defines signup status for Email Attribute
- verifications
Get
Connection Option Attribute Email Signup Verification[] - Defines settings for Verification under Email attribute
- status str
- Defines signup status for Email Attribute
- verifications
Sequence[Get
Connection Option Attribute Email Signup Verification] - Defines settings for Verification under Email attribute
- status String
- Defines signup status for Email Attribute
- verifications List<Property Map>
- Defines settings for Verification under Email attribute
GetConnectionOptionAttributeEmailSignupVerification
- Active bool
- Defines verification settings for signup attribute
- Active bool
- Defines verification settings for signup attribute
- active Boolean
- Defines verification settings for signup attribute
- active boolean
- Defines verification settings for signup attribute
- active bool
- Defines verification settings for signup attribute
- active Boolean
- Defines verification settings for signup attribute
GetConnectionOptionAttributeMap
- Attributes string
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- Mapping
Mode string - Method used to map incoming claims. Possible values:
use_map
(Okta or OIDC),bind_all
(OIDC) orbasic_profile
(Okta). - Userinfo
Scope string - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
- Attributes string
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- Mapping
Mode string - Method used to map incoming claims. Possible values:
use_map
(Okta or OIDC),bind_all
(OIDC) orbasic_profile
(Okta). - Userinfo
Scope string - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
- attributes String
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- mapping
Mode String - Method used to map incoming claims. Possible values:
use_map
(Okta or OIDC),bind_all
(OIDC) orbasic_profile
(Okta). - userinfo
Scope String - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
- attributes string
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- mapping
Mode string - Method used to map incoming claims. Possible values:
use_map
(Okta or OIDC),bind_all
(OIDC) orbasic_profile
(Okta). - userinfo
Scope string - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
- attributes str
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- mapping_
mode str - Method used to map incoming claims. Possible values:
use_map
(Okta or OIDC),bind_all
(OIDC) orbasic_profile
(Okta). - userinfo_
scope str - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
- attributes String
- This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
- mapping
Mode String - Method used to map incoming claims. Possible values:
use_map
(Okta or OIDC),bind_all
(OIDC) orbasic_profile
(Okta). - userinfo
Scope String - This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.
GetConnectionOptionAttributePhoneNumber
- Identifiers
List<Get
Connection Option Attribute Phone Number Identifier> - Connection Options Phone Number Attribute Identifier
- Profile
Required bool - Defines whether Profile is required
- Signups
List<Get
Connection Option Attribute Phone Number Signup> - Defines signup settings for Phone Number attribute
- Identifiers
[]Get
Connection Option Attribute Phone Number Identifier - Connection Options Phone Number Attribute Identifier
- Profile
Required bool - Defines whether Profile is required
- Signups
[]Get
Connection Option Attribute Phone Number Signup - Defines signup settings for Phone Number attribute
- identifiers
List<Get
Connection Option Attribute Phone Number Identifier> - Connection Options Phone Number Attribute Identifier
- profile
Required Boolean - Defines whether Profile is required
- signups
List<Get
Connection Option Attribute Phone Number Signup> - Defines signup settings for Phone Number attribute
- identifiers
Get
Connection Option Attribute Phone Number Identifier[] - Connection Options Phone Number Attribute Identifier
- profile
Required boolean - Defines whether Profile is required
- signups
Get
Connection Option Attribute Phone Number Signup[] - Defines signup settings for Phone Number attribute
- identifiers
Sequence[Get
Connection Option Attribute Phone Number Identifier] - Connection Options Phone Number Attribute Identifier
- profile_
required bool - Defines whether Profile is required
- signups
Sequence[Get
Connection Option Attribute Phone Number Signup] - Defines signup settings for Phone Number attribute
- identifiers List<Property Map>
- Connection Options Phone Number Attribute Identifier
- profile
Required Boolean - Defines whether Profile is required
- signups List<Property Map>
- Defines signup settings for Phone Number attribute
GetConnectionOptionAttributePhoneNumberIdentifier
- Active bool
- Defines whether Phone Number attribute is active as an identifier
- Active bool
- Defines whether Phone Number attribute is active as an identifier
- active Boolean
- Defines whether Phone Number attribute is active as an identifier
- active boolean
- Defines whether Phone Number attribute is active as an identifier
- active bool
- Defines whether Phone Number attribute is active as an identifier
- active Boolean
- Defines whether Phone Number attribute is active as an identifier
GetConnectionOptionAttributePhoneNumberSignup
- Status string
- Defines status of signup for Phone Number attribute
- Verifications
List<Get
Connection Option Attribute Phone Number Signup Verification> - Defines verification settings for Phone Number attribute
- Status string
- Defines status of signup for Phone Number attribute
- Verifications
[]Get
Connection Option Attribute Phone Number Signup Verification - Defines verification settings for Phone Number attribute
- status String
- Defines status of signup for Phone Number attribute
- verifications
List<Get
Connection Option Attribute Phone Number Signup Verification> - Defines verification settings for Phone Number attribute
- status string
- Defines status of signup for Phone Number attribute
- verifications
Get
Connection Option Attribute Phone Number Signup Verification[] - Defines verification settings for Phone Number attribute
- status str
- Defines status of signup for Phone Number attribute
- verifications
Sequence[Get
Connection Option Attribute Phone Number Signup Verification] - Defines verification settings for Phone Number attribute
- status String
- Defines status of signup for Phone Number attribute
- verifications List<Property Map>
- Defines verification settings for Phone Number attribute
GetConnectionOptionAttributePhoneNumberSignupVerification
- Active bool
- Defines verification settings for Phone Number attribute
- Active bool
- Defines verification settings for Phone Number attribute
- active Boolean
- Defines verification settings for Phone Number attribute
- active boolean
- Defines verification settings for Phone Number attribute
- active bool
- Defines verification settings for Phone Number attribute
- active Boolean
- Defines verification settings for Phone Number attribute
GetConnectionOptionAttributeUsername
- Identifiers
List<Get
Connection Option Attribute Username Identifier> - Connection options for User Name Attribute Identifier
- Profile
Required bool - Defines whether Profile is required
- Signups
List<Get
Connection Option Attribute Username Signup> - Defines signup settings for User Name attribute
- Validations
List<Get
Connection Option Attribute Username Validation> - Defines validation settings for User Name attribute
- Identifiers
[]Get
Connection Option Attribute Username Identifier - Connection options for User Name Attribute Identifier
- Profile
Required bool - Defines whether Profile is required
- Signups
[]Get
Connection Option Attribute Username Signup - Defines signup settings for User Name attribute
- Validations
[]Get
Connection Option Attribute Username Validation - Defines validation settings for User Name attribute
- identifiers
List<Get
Connection Option Attribute Username Identifier> - Connection options for User Name Attribute Identifier
- profile
Required Boolean - Defines whether Profile is required
- signups
List<Get
Connection Option Attribute Username Signup> - Defines signup settings for User Name attribute
- validations
List<Get
Connection Option Attribute Username Validation> - Defines validation settings for User Name attribute
- identifiers
Get
Connection Option Attribute Username Identifier[] - Connection options for User Name Attribute Identifier
- profile
Required boolean - Defines whether Profile is required
- signups
Get
Connection Option Attribute Username Signup[] - Defines signup settings for User Name attribute
- validations
Get
Connection Option Attribute Username Validation[] - Defines validation settings for User Name attribute
- identifiers
Sequence[Get
Connection Option Attribute Username Identifier] - Connection options for User Name Attribute Identifier
- profile_
required bool - Defines whether Profile is required
- signups
Sequence[Get
Connection Option Attribute Username Signup] - Defines signup settings for User Name attribute
- validations
Sequence[Get
Connection Option Attribute Username Validation] - Defines validation settings for User Name attribute
- identifiers List<Property Map>
- Connection options for User Name Attribute Identifier
- profile
Required Boolean - Defines whether Profile is required
- signups List<Property Map>
- Defines signup settings for User Name attribute
- validations List<Property Map>
- Defines validation settings for User Name attribute
GetConnectionOptionAttributeUsernameIdentifier
- Active bool
- Defines whether UserName attribute is active as an identifier
- Active bool
- Defines whether UserName attribute is active as an identifier
- active Boolean
- Defines whether UserName attribute is active as an identifier
- active boolean
- Defines whether UserName attribute is active as an identifier
- active bool
- Defines whether UserName attribute is active as an identifier
- active Boolean
- Defines whether UserName attribute is active as an identifier
GetConnectionOptionAttributeUsernameSignup
- Status string
- Defines whether User Name attribute is active as an identifier
- Status string
- Defines whether User Name attribute is active as an identifier
- status String
- Defines whether User Name attribute is active as an identifier
- status string
- Defines whether User Name attribute is active as an identifier
- status str
- Defines whether User Name attribute is active as an identifier
- status String
- Defines whether User Name attribute is active as an identifier
GetConnectionOptionAttributeUsernameValidation
- Allowed
Types List<GetConnection Option Attribute Username Validation Allowed Type> - Defines allowed types for for UserName attribute
- Max
Length int - Defines Max Length for User Name attribute
- Min
Length int - Defines Min Length for User Name attribute
- Allowed
Types []GetConnection Option Attribute Username Validation Allowed Type - Defines allowed types for for UserName attribute
- Max
Length int - Defines Max Length for User Name attribute
- Min
Length int - Defines Min Length for User Name attribute
- allowed
Types List<GetConnection Option Attribute Username Validation Allowed Type> - Defines allowed types for for UserName attribute
- max
Length Integer - Defines Max Length for User Name attribute
- min
Length Integer - Defines Min Length for User Name attribute
- allowed
Types GetConnection Option Attribute Username Validation Allowed Type[] - Defines allowed types for for UserName attribute
- max
Length number - Defines Max Length for User Name attribute
- min
Length number - Defines Min Length for User Name attribute
- allowed_
types Sequence[GetConnection Option Attribute Username Validation Allowed Type] - Defines allowed types for for UserName attribute
- max_
length int - Defines Max Length for User Name attribute
- min_
length int - Defines Min Length for User Name attribute
- allowed
Types List<Property Map> - Defines allowed types for for UserName attribute
- max
Length Number - Defines Max Length for User Name attribute
- min
Length Number - Defines Min Length for User Name attribute
GetConnectionOptionAttributeUsernameValidationAllowedType
- Email bool
- One of the allowed types for UserName signup attribute
- Phone
Number bool - One of the allowed types for UserName signup attribute
- Email bool
- One of the allowed types for UserName signup attribute
- Phone
Number bool - One of the allowed types for UserName signup attribute
- email Boolean
- One of the allowed types for UserName signup attribute
- phone
Number Boolean - One of the allowed types for UserName signup attribute
- email boolean
- One of the allowed types for UserName signup attribute
- phone
Number boolean - One of the allowed types for UserName signup attribute
- email bool
- One of the allowed types for UserName signup attribute
- phone_
number bool - One of the allowed types for UserName signup attribute
- email Boolean
- One of the allowed types for UserName signup attribute
- phone
Number Boolean - One of the allowed types for UserName signup attribute
GetConnectionOptionConnectionSetting
- Pkce string
- PKCE configuration. Possible values:
auto
(uses the strongest algorithm available),S256
(uses the SHA-256 algorithm),plain
(uses plaintext as described in the PKCE specification) ordisabled
(disables support for PKCE).
- Pkce string
- PKCE configuration. Possible values:
auto
(uses the strongest algorithm available),S256
(uses the SHA-256 algorithm),plain
(uses plaintext as described in the PKCE specification) ordisabled
(disables support for PKCE).
- pkce String
- PKCE configuration. Possible values:
auto
(uses the strongest algorithm available),S256
(uses the SHA-256 algorithm),plain
(uses plaintext as described in the PKCE specification) ordisabled
(disables support for PKCE).
- pkce string
- PKCE configuration. Possible values:
auto
(uses the strongest algorithm available),S256
(uses the SHA-256 algorithm),plain
(uses plaintext as described in the PKCE specification) ordisabled
(disables support for PKCE).
- pkce str
- PKCE configuration. Possible values:
auto
(uses the strongest algorithm available),S256
(uses the SHA-256 algorithm),plain
(uses plaintext as described in the PKCE specification) ordisabled
(disables support for PKCE).
- pkce String
- PKCE configuration. Possible values:
auto
(uses the strongest algorithm available),S256
(uses the SHA-256 algorithm),plain
(uses plaintext as described in the PKCE specification) ordisabled
(disables support for PKCE).
GetConnectionOptionDecryptionKey
GetConnectionOptionGatewayAuthentication
- Audience string
- Audience claim for the HS256 token sent to
gateway_url
. - Method string
- Authentication method (default is
bearer
token). - Secret string
- Secret used to sign the HS256 token sent to
gateway_url
. - Secret
Base64Encoded bool - Specifies whether or not the secret is Base64-encoded.
- Subject string
- Subject claim for the HS256 token sent to
gateway_url
.
- Audience string
- Audience claim for the HS256 token sent to
gateway_url
. - Method string
- Authentication method (default is
bearer
token). - Secret string
- Secret used to sign the HS256 token sent to
gateway_url
. - Secret
Base64Encoded bool - Specifies whether or not the secret is Base64-encoded.
- Subject string
- Subject claim for the HS256 token sent to
gateway_url
.
- audience String
- Audience claim for the HS256 token sent to
gateway_url
. - method String
- Authentication method (default is
bearer
token). - secret String
- Secret used to sign the HS256 token sent to
gateway_url
. - secret
Base64Encoded Boolean - Specifies whether or not the secret is Base64-encoded.
- subject String
- Subject claim for the HS256 token sent to
gateway_url
.
- audience string
- Audience claim for the HS256 token sent to
gateway_url
. - method string
- Authentication method (default is
bearer
token). - secret string
- Secret used to sign the HS256 token sent to
gateway_url
. - secret
Base64Encoded boolean - Specifies whether or not the secret is Base64-encoded.
- subject string
- Subject claim for the HS256 token sent to
gateway_url
.
- audience str
- Audience claim for the HS256 token sent to
gateway_url
. - method str
- Authentication method (default is
bearer
token). - secret str
- Secret used to sign the HS256 token sent to
gateway_url
. - secret_
base64_ boolencoded - Specifies whether or not the secret is Base64-encoded.
- subject str
- Subject claim for the HS256 token sent to
gateway_url
.
- audience String
- Audience claim for the HS256 token sent to
gateway_url
. - method String
- Authentication method (default is
bearer
token). - secret String
- Secret used to sign the HS256 token sent to
gateway_url
. - secret
Base64Encoded Boolean - Specifies whether or not the secret is Base64-encoded.
- subject String
- Subject claim for the HS256 token sent to
gateway_url
.
GetConnectionOptionIdpInitiated
- string
- Client
Id string - Client
Protocol string
- string
- Client
Id string - Client
Protocol string
- String
- client
Id String - client
Protocol String
- string
- client
Id string - client
Protocol string
- str
- client_
id str - client_
protocol str
- String
- client
Id String - client
Protocol String
GetConnectionOptionMfa
- Active bool
- Indicates whether multifactor authentication is enabled for this connection.
- Return
Enroll boolSettings - Indicates whether multifactor authentication enrollment settings will be returned.
- Active bool
- Indicates whether multifactor authentication is enabled for this connection.
- Return
Enroll boolSettings - Indicates whether multifactor authentication enrollment settings will be returned.
- active Boolean
- Indicates whether multifactor authentication is enabled for this connection.
- return
Enroll BooleanSettings - Indicates whether multifactor authentication enrollment settings will be returned.
- active boolean
- Indicates whether multifactor authentication is enabled for this connection.
- return
Enroll booleanSettings - Indicates whether multifactor authentication enrollment settings will be returned.
- active bool
- Indicates whether multifactor authentication is enabled for this connection.
- return_
enroll_ boolsettings - Indicates whether multifactor authentication enrollment settings will be returned.
- active Boolean
- Indicates whether multifactor authentication is enabled for this connection.
- return
Enroll BooleanSettings - Indicates whether multifactor authentication enrollment settings will be returned.
GetConnectionOptionPasswordComplexityOption
- Min
Length int - Minimum number of characters allowed in passwords.
- Min
Length int - Minimum number of characters allowed in passwords.
- min
Length Integer - Minimum number of characters allowed in passwords.
- min
Length number - Minimum number of characters allowed in passwords.
- min_
length int - Minimum number of characters allowed in passwords.
- min
Length Number - Minimum number of characters allowed in passwords.
GetConnectionOptionPasswordDictionary
- Dictionaries List<string>
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- Enable bool
- Indicates whether the password dictionary check is enabled for this connection.
- Dictionaries []string
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- Enable bool
- Indicates whether the password dictionary check is enabled for this connection.
- dictionaries List<String>
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- enable Boolean
- Indicates whether the password dictionary check is enabled for this connection.
- dictionaries string[]
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- enable boolean
- Indicates whether the password dictionary check is enabled for this connection.
- dictionaries Sequence[str]
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- enable bool
- Indicates whether the password dictionary check is enabled for this connection.
- dictionaries List<String>
- Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
- enable Boolean
- Indicates whether the password dictionary check is enabled for this connection.
GetConnectionOptionPasswordHistory
GetConnectionOptionPasswordNoPersonalInfo
- Enable bool
- Enable bool
- enable Boolean
- enable boolean
- enable bool
- enable Boolean
GetConnectionOptionSigningKey
GetConnectionOptionTotp
GetConnectionOptionValidation
- Usernames
List<Get
Connection Option Validation Username> - Specifies the
min
andmax
values of username length.
- Usernames
[]Get
Connection Option Validation Username - Specifies the
min
andmax
values of username length.
- usernames
List<Get
Connection Option Validation Username> - Specifies the
min
andmax
values of username length.
- usernames
Get
Connection Option Validation Username[] - Specifies the
min
andmax
values of username length.
- usernames
Sequence[Get
Connection Option Validation Username] - Specifies the
min
andmax
values of username length.
- usernames List<Property Map>
- Specifies the
min
andmax
values of username length.
GetConnectionOptionValidationUsername
Package Details
- Repository
- Auth0 pulumi/pulumi-auth0
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
auth0
Terraform Provider.