Skip to content

Commit

Permalink
Add support for PAR on client and tenant resources
Browse files Browse the repository at this point in the history
  • Loading branch information
sergiught committed Jul 26, 2023
1 parent b3afba9 commit 933d98e
Show file tree
Hide file tree
Showing 13 changed files with 76 additions and 267 deletions.
1 change: 1 addition & 0 deletions docs/data-sources/client.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ data "auth0_client" "some-client-by-id" {
- `organization_require_behavior` (String) Defines how to proceed during an authentication transaction when `organization_usage = "require"`. Can be `no_prompt` (default), `pre_login_prompt` or `post_login_prompt`.
- `organization_usage` (String) Defines how to proceed during an authentication transaction with regards to an organization. Can be `deny` (default), `allow` or `require`.
- `refresh_token` (List of Object) Configuration settings for the refresh tokens issued for this client. (see [below for nested schema](#nestedatt--refresh_token))
- `require_pushed_authorization_requests` (Boolean) Makes the use of Pushed Authorization Requests mandatory for this client.
- `signing_keys` (List of Map of String) List containing a map of the public cert of the signing key and the public cert of the signing key in PKCS7.
- `sso` (Boolean) Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- `sso_disabled` (Boolean) Indicates whether or not SSO is disabled.
Expand Down
1 change: 1 addition & 0 deletions docs/data-sources/tenant.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ Read-Only:
- `enable_public_signup_user_exists_error` (Boolean)
- `mfa_show_factor_list_on_enrollment` (Boolean)
- `no_disclose_enterprise_connections` (Boolean)
- `require_pushed_authorization_requests` (Boolean)
- `revoke_refresh_token_grant` (Boolean)
- `use_scope_descriptions_for_consent` (Boolean)

Expand Down
1 change: 1 addition & 0 deletions docs/resources/client.md
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,7 @@ resource "auth0_client" "my_client" {
- `organization_require_behavior` (String) Defines how to proceed during an authentication transaction when `organization_usage = "require"`. Can be `no_prompt` (default), `pre_login_prompt` or `post_login_prompt`.
- `organization_usage` (String) Defines how to proceed during an authentication transaction with regards to an organization. Can be `deny` (default), `allow` or `require`.
- `refresh_token` (Block List, Max: 1) Configuration settings for the refresh tokens issued for this client. (see [below for nested schema](#nestedblock--refresh_token))
- `require_pushed_authorization_requests` (Boolean) Makes the use of Pushed Authorization Requests mandatory for this client.
- `sso` (Boolean) Applies only to SSO clients and determines whether Auth0 will handle Single Sign-On (true) or whether the identity provider will (false).
- `sso_disabled` (Boolean) Indicates whether or not SSO is disabled.
- `web_origins` (List of String) URLs that represent valid web origins for use with web message response mode.
Expand Down
1 change: 1 addition & 0 deletions docs/resources/tenant.md
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ Optional:
- `enable_public_signup_user_exists_error` (Boolean) Indicates whether the public sign up process shows a `user_exists` error if the user already exists.
- `mfa_show_factor_list_on_enrollment` (Boolean) Used to allow users to pick which factor to enroll with from the list of available MFA factors.
- `no_disclose_enterprise_connections` (Boolean) Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
- `require_pushed_authorization_requests` (Boolean) Makes the use of Pushed Authorization Requests mandatory for all clients across the tenant.
- `revoke_refresh_token_grant` (Boolean) Delete underlying grant when a refresh token is revoked via the Authentication API.
- `use_scope_descriptions_for_consent` (Boolean) Indicates whether to use scope descriptions for consent.

Expand Down
63 changes: 32 additions & 31 deletions internal/auth0/client/expand.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,37 +13,38 @@ func expandClient(d *schema.ResourceData) *management.Client {
config := d.GetRawConfig()

client := &management.Client{
Name: value.String(config.GetAttr("name")),
Description: value.String(config.GetAttr("description")),
AppType: value.String(config.GetAttr("app_type")),
LogoURI: value.String(config.GetAttr("logo_uri")),
IsFirstParty: value.Bool(config.GetAttr("is_first_party")),
OIDCConformant: value.Bool(config.GetAttr("oidc_conformant")),
ClientAliases: value.Strings(config.GetAttr("client_aliases")),
Callbacks: value.Strings(config.GetAttr("callbacks")),
AllowedLogoutURLs: value.Strings(config.GetAttr("allowed_logout_urls")),
AllowedOrigins: value.Strings(config.GetAttr("allowed_origins")),
AllowedClients: value.Strings(config.GetAttr("allowed_clients")),
GrantTypes: value.Strings(config.GetAttr("grant_types")),
OrganizationUsage: value.String(config.GetAttr("organization_usage")),
OrganizationRequireBehavior: value.String(config.GetAttr("organization_require_behavior")),
WebOrigins: value.Strings(config.GetAttr("web_origins")),
SSO: value.Bool(config.GetAttr("sso")),
SSODisabled: value.Bool(config.GetAttr("sso_disabled")),
CrossOriginAuth: value.Bool(config.GetAttr("cross_origin_auth")),
CrossOriginLocation: value.String(config.GetAttr("cross_origin_loc")),
CustomLoginPageOn: value.Bool(config.GetAttr("custom_login_page_on")),
CustomLoginPage: value.String(config.GetAttr("custom_login_page")),
FormTemplate: value.String(config.GetAttr("form_template")),
InitiateLoginURI: value.String(config.GetAttr("initiate_login_uri")),
EncryptionKey: value.MapOfStrings(config.GetAttr("encryption_key")),
OIDCBackchannelLogout: expandOIDCBackchannelLogout(d),
ClientMetadata: expandClientMetadata(d),
RefreshToken: expandClientRefreshToken(d),
JWTConfiguration: expandClientJWTConfiguration(d),
Addons: expandClientAddons(d),
NativeSocialLogin: expandClientNativeSocialLogin(d),
Mobile: expandClientMobile(d),
Name: value.String(config.GetAttr("name")),
Description: value.String(config.GetAttr("description")),
AppType: value.String(config.GetAttr("app_type")),
LogoURI: value.String(config.GetAttr("logo_uri")),
IsFirstParty: value.Bool(config.GetAttr("is_first_party")),
OIDCConformant: value.Bool(config.GetAttr("oidc_conformant")),
ClientAliases: value.Strings(config.GetAttr("client_aliases")),
Callbacks: value.Strings(config.GetAttr("callbacks")),
AllowedLogoutURLs: value.Strings(config.GetAttr("allowed_logout_urls")),
AllowedOrigins: value.Strings(config.GetAttr("allowed_origins")),
AllowedClients: value.Strings(config.GetAttr("allowed_clients")),
GrantTypes: value.Strings(config.GetAttr("grant_types")),
OrganizationUsage: value.String(config.GetAttr("organization_usage")),
OrganizationRequireBehavior: value.String(config.GetAttr("organization_require_behavior")),
WebOrigins: value.Strings(config.GetAttr("web_origins")),
RequirePushedAuthorizationRequests: value.Bool(config.GetAttr("require_pushed_authorization_requests")),
SSO: value.Bool(config.GetAttr("sso")),
SSODisabled: value.Bool(config.GetAttr("sso_disabled")),
CrossOriginAuth: value.Bool(config.GetAttr("cross_origin_auth")),
CrossOriginLocation: value.String(config.GetAttr("cross_origin_loc")),
CustomLoginPageOn: value.Bool(config.GetAttr("custom_login_page_on")),
CustomLoginPage: value.String(config.GetAttr("custom_login_page")),
FormTemplate: value.String(config.GetAttr("form_template")),
InitiateLoginURI: value.String(config.GetAttr("initiate_login_uri")),
EncryptionKey: value.MapOfStrings(config.GetAttr("encryption_key")),
OIDCBackchannelLogout: expandOIDCBackchannelLogout(d),
ClientMetadata: expandClientMetadata(d),
RefreshToken: expandClientRefreshToken(d),
JWTConfiguration: expandClientJWTConfiguration(d),
Addons: expandClientAddons(d),
NativeSocialLogin: expandClientNativeSocialLogin(d),
Mobile: expandClientMobile(d),
}

if !d.IsNewResource() {
Expand Down
1 change: 1 addition & 0 deletions internal/auth0/client/flatten.go
Original file line number Diff line number Diff line change
Expand Up @@ -518,6 +518,7 @@ func flattenClient(d *schema.ResourceData, client *management.Client) error {
d.Set("organization_usage", client.GetOrganizationUsage()),
d.Set("organization_require_behavior", client.GetOrganizationRequireBehavior()),
d.Set("web_origins", client.GetWebOrigins()),
d.Set("require_pushed_authorization_requests", client.GetRequirePushedAuthorizationRequests()),
d.Set("sso", client.GetSSO()),
d.Set("sso_disabled", client.GetSSODisabled()),
d.Set("cross_origin_auth", client.GetCrossOriginAuth()),
Expand Down
5 changes: 5 additions & 0 deletions internal/auth0/client/resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -246,6 +246,11 @@ func NewResource() *schema.Resource {
"alphanumeric and may only include the following special characters: " +
"`:,-+=_*?\"/\\()<>@ [Tab] [Space]`.",
},
"require_pushed_authorization_requests": {
Type: schema.TypeBool,
Optional: true,
Description: "Makes the use of Pushed Authorization Requests mandatory for this client.",
},
"mobile": {
Type: schema.TypeList,
Optional: true,
Expand Down
4 changes: 4 additions & 0 deletions internal/auth0/client/resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -460,6 +460,7 @@ resource "auth0_client" "my_client" {
logo_uri = "https://example.com/logoUri"
organization_require_behavior = "no_prompt"
organization_usage = "deny"
require_pushed_authorization_requests = false
sso = false
sso_disabled = false
custom_login_page_on = true
Expand Down Expand Up @@ -491,6 +492,7 @@ resource "auth0_client" "my_client" {
logo_uri = "https://another-example.com/logoUri"
organization_require_behavior = "no_prompt"
organization_usage = "deny"
require_pushed_authorization_requests = true
sso = true
sso_disabled = true
custom_login_page_on = true
Expand Down Expand Up @@ -581,6 +583,7 @@ func TestAccClient(t *testing.T) {
resource.TestCheckResourceAttr("auth0_client.my_client", "organization_require_behavior", "no_prompt"),
resource.TestCheckResourceAttr("auth0_client.my_client", "organization_usage", "deny"),
resource.TestCheckResourceAttr("auth0_client.my_client", "sso", "false"),
resource.TestCheckResourceAttr("auth0_client.my_client", "require_pushed_authorization_requests", "false"),
resource.TestCheckResourceAttr("auth0_client.my_client", "sso_disabled", "false"),
resource.TestCheckResourceAttr("auth0_client.my_client", "custom_login_page_on", "true"),
resource.TestCheckResourceAttr("auth0_client.my_client", "is_first_party", "true"),
Expand Down Expand Up @@ -643,6 +646,7 @@ func TestAccClient(t *testing.T) {
resource.TestCheckResourceAttr("auth0_client.my_client", "logo_uri", "https://another-example.com/logoUri"),
resource.TestCheckResourceAttr("auth0_client.my_client", "organization_require_behavior", "no_prompt"),
resource.TestCheckResourceAttr("auth0_client.my_client", "organization_usage", "deny"),
resource.TestCheckResourceAttr("auth0_client.my_client", "require_pushed_authorization_requests", "true"),
resource.TestCheckResourceAttr("auth0_client.my_client", "sso", "true"),
resource.TestCheckResourceAttr("auth0_client.my_client", "sso_disabled", "true"),
resource.TestCheckResourceAttr("auth0_client.my_client", "custom_login_page_on", "true"),
Expand Down
1 change: 1 addition & 0 deletions internal/auth0/tenant/expand.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ func expandTenantFlags(config cty.Value) *management.TenantFlags {
DashboardInsightsView: value.Bool(flags.GetAttr("dashboard_insights_view")),
DisableFieldsMapFix: value.Bool(flags.GetAttr("disable_fields_map_fix")),
MFAShowFactorListOnEnrollment: value.Bool(flags.GetAttr("mfa_show_factor_list_on_enrollment")),
RequirePushedAuthorizationRequests: value.Bool(flags.GetAttr("require_pushed_authorization_requests")),
}

return stop
Expand Down
1 change: 1 addition & 0 deletions internal/auth0/tenant/flatten.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ func flattenTenantFlags(flags *management.TenantFlags) []interface{} {
m["dashboard_insights_view"] = flags.DashboardInsightsView
m["disable_fields_map_fix"] = flags.DisableFieldsMapFix
m["mfa_show_factor_list_on_enrollment"] = flags.MFAShowFactorListOnEnrollment
m["require_pushed_authorization_requests"] = flags.RequirePushedAuthorizationRequests

return []interface{}{m}
}
Expand Down
6 changes: 6 additions & 0 deletions internal/auth0/tenant/resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -241,6 +241,12 @@ func NewResource() *schema.Resource {
Computed: true,
Description: "Used to allow users to pick which factor to enroll with from the list of available MFA factors.",
},
"require_pushed_authorization_requests": {
Type: schema.TypeBool,
Optional: true,
Computed: true,
Description: "Makes the use of Pushed Authorization Requests mandatory for all clients across the tenant.",
},
},
},
},
Expand Down
2 changes: 2 additions & 0 deletions internal/auth0/tenant/resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,7 @@ resource "auth0_tenant" "my_tenant" {
disable_management_api_sms_obfuscation = false
disable_fields_map_fix = false
mfa_show_factor_list_on_enrollment = false
require_pushed_authorization_requests = false
}
session_cookie {
Expand Down Expand Up @@ -130,6 +131,7 @@ resource "auth0_tenant" "my_tenant" {
disable_management_api_sms_obfuscation = true
disable_fields_map_fix = true
mfa_show_factor_list_on_enrollment = true
require_pushed_authorization_requests = true
}
session_cookie {
Expand Down
Loading

0 comments on commit 933d98e

Please sign in to comment.