-
Notifications
You must be signed in to change notification settings - Fork 89
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
DXCDT-147: Add new auth0_client_credentials resource with support for…
… JWT CA (#588)
- Loading branch information
Showing
15 changed files
with
5,280 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,129 @@ | ||
--- | ||
page_title: "Resource: auth0_client_credentials" | ||
description: |- | ||
With this resource, you can configure the method to use when making requests to any endpoint that requires this client to authenticate. | ||
--- | ||
|
||
# Resource: auth0_client_credentials | ||
|
||
With this resource, you can configure the method to use when making requests to any endpoint that requires this client to authenticate. | ||
|
||
## Example Usage | ||
|
||
```terraform | ||
resource "auth0_client" "my_client" { | ||
name = "Application - Acceptance Test" | ||
app_type = "non_interactive" | ||
jwt_configuration { | ||
alg = "RS256" | ||
} | ||
} | ||
# Configuring client_secret_post as an authentication method. | ||
resource "auth0_client_credentials" "test" { | ||
client_id = auth0_client.my_client.id | ||
authentication_method = "client_secret_post" | ||
} | ||
# Configuring client_secret_basic as an authentication method. | ||
resource "auth0_client_credentials" "test" { | ||
client_id = auth0_client.my_client.id | ||
authentication_method = "client_secret_basic" | ||
} | ||
# Configuring none as an authentication method. | ||
resource "auth0_client_credentials" "test" { | ||
client_id = auth0_client.my_client.id | ||
authentication_method = "none" | ||
} | ||
# Configuring private_key_jwt as an authentication method. | ||
resource "auth0_client_credentials" "test" { | ||
client_id = auth0_client.my_client.id | ||
authentication_method = "private_key_jwt" | ||
private_key_jwt { | ||
credentials { | ||
name = "Testing Credentials 1" | ||
credential_type = "public_key" | ||
algorithm = "RS256" | ||
parse_expiry_from_cert = true | ||
pem = <<EOF | ||
-----BEGIN CERTIFICATE----- | ||
MIIFWDCCA0ACCQDXqpBo3R...G9w0BAQsFADBuMQswCQYDVQQGEwJl | ||
-----END CERTIFICATE----- | ||
EOF | ||
} | ||
} | ||
} | ||
# Configuring the client_secret. | ||
resource "auth0_client_credentials" "test" { | ||
client_id = auth0_client.my_client.id | ||
authentication_method = "client_secret_basic" | ||
client_secret = "LUFqPx+sRLjbL7peYRPFmFu-bbvE7u7og4YUNe_C345=683341" | ||
} | ||
``` | ||
|
||
<!-- schema generated by tfplugindocs --> | ||
## Schema | ||
|
||
### Required | ||
|
||
- `authentication_method` (String) Configure the method to use when making requests to any endpoint that requires this client to authenticate. Options include `none` (public client without a client secret), `client_secret_post` (confidential client using HTTP POST parameters), `client_secret_basic` (confidential client using HTTP Basic), `private_key_jwt` (confidential client using a Private Key JWT). | ||
- `client_id` (String) The ID of the client for which to configure the authentication method. | ||
|
||
### Optional | ||
|
||
- `client_secret` (String, Sensitive) Secret for the client when using `client_secret_post` or `client_secret_basic` authentication method. Keep this private. To access this attribute you need to add the `read:client_keys` scope to the Terraform client. Otherwise, the attribute will contain an empty string. The attribute will also be an empty string in case `private_key_jwt` is selected as an authentication method. | ||
- `private_key_jwt` (Block List, Max: 1) Defines `private_key_jwt` client authentication method. (see [below for nested schema](#nestedblock--private_key_jwt)) | ||
|
||
### Read-Only | ||
|
||
- `id` (String) The ID of this resource. | ||
|
||
<a id="nestedblock--private_key_jwt"></a> | ||
### Nested Schema for `private_key_jwt` | ||
|
||
Required: | ||
|
||
- `credentials` (Block List, Min: 1, Max: 2) Client credentials available for use when Private Key JWT is in use as the client authentication method. A maximum of 2 client credentials can be set. (see [below for nested schema](#nestedblock--private_key_jwt--credentials)) | ||
|
||
<a id="nestedblock--private_key_jwt--credentials"></a> | ||
### Nested Schema for `private_key_jwt.credentials` | ||
|
||
Required: | ||
|
||
- `credential_type` (String) Credential type. Supported types: `public_key`. | ||
- `pem` (String) PEM-formatted public key (SPKI and PKCS1) or X509 certificate. Must be JSON escaped. | ||
|
||
Optional: | ||
|
||
- `algorithm` (String) Algorithm which will be used with the credential. Can be one of `RS256`, `RS384`, `PS256`. If not specified, `RS256` will be used. | ||
- `expires_at` (String) The ISO 8601 formatted date representing the expiration of the credential. It is not possible to set this tonever expire after it has been set. Recreate the certificate if needed. | ||
- `name` (String) Friendly name for a credential. | ||
- `parse_expiry_from_cert` (Boolean) Parse expiry from x509 certificate. If true, attempts to parse the expiry date from the provided PEM. If also the `expires_at` is set the credential expiry will be set to the explicit `expires_at` value. | ||
|
||
Read-Only: | ||
|
||
- `created_at` (String) The ISO 8601 formatted date the credential was created. | ||
- `id` (String) The ID of the client credential. | ||
- `key_id` (String) The key identifier of the credential, generated on creation. | ||
- `updated_at` (String) The ISO 8601 formatted date the credential was updated. | ||
|
||
## Import | ||
|
||
Import is supported using the following syntax: | ||
|
||
```shell | ||
# A client credentials resource can be imported using the client's ID. | ||
# | ||
# Example: | ||
terraform import auth0_client_credentials.my_creds AaiyAPdpYdesoKnqjj8HJqRn4T5titww | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
# A client credentials resource can be imported using the client's ID. | ||
# | ||
# Example: | ||
terraform import auth0_client_credentials.my_creds AaiyAPdpYdesoKnqjj8HJqRn4T5titww |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
resource "auth0_client" "my_client" { | ||
name = "Application - Acceptance Test" | ||
app_type = "non_interactive" | ||
|
||
jwt_configuration { | ||
alg = "RS256" | ||
} | ||
} | ||
|
||
# Configuring client_secret_post as an authentication method. | ||
resource "auth0_client_credentials" "test" { | ||
client_id = auth0_client.my_client.id | ||
|
||
authentication_method = "client_secret_post" | ||
} | ||
|
||
# Configuring client_secret_basic as an authentication method. | ||
resource "auth0_client_credentials" "test" { | ||
client_id = auth0_client.my_client.id | ||
|
||
authentication_method = "client_secret_basic" | ||
} | ||
|
||
# Configuring none as an authentication method. | ||
resource "auth0_client_credentials" "test" { | ||
client_id = auth0_client.my_client.id | ||
|
||
authentication_method = "none" | ||
} | ||
|
||
# Configuring private_key_jwt as an authentication method. | ||
resource "auth0_client_credentials" "test" { | ||
client_id = auth0_client.my_client.id | ||
|
||
authentication_method = "private_key_jwt" | ||
|
||
private_key_jwt { | ||
credentials { | ||
name = "Testing Credentials 1" | ||
credential_type = "public_key" | ||
algorithm = "RS256" | ||
parse_expiry_from_cert = true | ||
pem = <<EOF | ||
-----BEGIN CERTIFICATE----- | ||
MIIFWDCCA0ACCQDXqpBo3R...G9w0BAQsFADBuMQswCQYDVQQGEwJl | ||
-----END CERTIFICATE----- | ||
EOF | ||
} | ||
} | ||
} | ||
|
||
# Configuring the client_secret. | ||
resource "auth0_client_credentials" "test" { | ||
client_id = auth0_client.my_client.id | ||
|
||
authentication_method = "client_secret_basic" | ||
client_secret = "LUFqPx+sRLjbL7peYRPFmFu-bbvE7u7og4YUNe_C345=683341" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.