{"id":21639757,"url":"https://github.com/dasmeta/terraform-auth0-modules","last_synced_at":"2025-04-11T16:52:39.323Z","repository":{"id":62871994,"uuid":"557756310","full_name":"dasmeta/terraform-auth0-modules","owner":"dasmeta","description":"Terraform modules from DasMeta to manage auth0 setup","archived":false,"fork":false,"pushed_at":"2024-04-18T04:06:03.000Z","size":151,"stargazers_count":7,"open_issues_count":5,"forks_count":11,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-25T12:53:40.593Z","etag":null,"topics":["auth0","terraform"],"latest_commit_sha":null,"homepage":"https://www.dasmeta.com","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dasmeta.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-10-26T08:42:57.000Z","updated_at":"2025-02-28T17:22:08.000Z","dependencies_parsed_at":"2023-02-01T06:00:29.951Z","dependency_job_id":"7721c266-6bf5-42a6-a6c2-10dfa4c5cf9b","html_url":"https://github.com/dasmeta/terraform-auth0-modules","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dasmeta%2Fterraform-auth0-modules","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dasmeta%2Fterraform-auth0-modules/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dasmeta%2Fterraform-auth0-modules/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dasmeta%2Fterraform-auth0-modules/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dasmeta","download_url":"https://codeload.github.com/dasmeta/terraform-auth0-modules/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248443349,"owners_count":21104392,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth0","terraform"],"created_at":"2024-11-25T04:14:58.880Z","updated_at":"2025-04-11T16:52:39.300Z","avatar_url":"https://github.com/dasmeta.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-auth0-modules\n### This module  allow you to create and manage clients, resource servers(api), client grants, connections, email providers and  rules and  roles, tenants as part of a Terraform deployment.\n\n## Example\n[Auth0 multi resources create] (https://github.com/dasmeta/terraform-auth0-modules/tree/main/examples)\n\n## Using credentials from clients in actions\n\nIf you need the credentials from one of the managed `clients` for one of your `actions` you can refer to them like this:\n\n```\nactions = {\n      \"test\" = {\n        code   = file(\"${path.module}/actions-code/test.js\")\n        name   = \"test\"\n        deploy = false\n        client_secrets = [\n          {\n            name   = \"CLIENT_ID\"\n            client = \"Frontend (Test)\"\n            output = \"client_id\"\n          }\n        ]\n      }\n    }\n\n...\n\nclients = {\n  \"Frontend (Test)\" = {\n    name     = \"Frontend (Test)\"\n    app_type = \"non_interactive\"\n  },\n\n...\n```\n\n`name` is the name of the secret which will be created.\n`client` is the name of the client which is already managed by this module.\n`output` is the name of the output field of the client. The value of the secret is read from this output.\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | ~\u003e 1.5.6 |\n| \u003ca name=\"requirement_auth0\"\u003e\u003c/a\u003e [auth0](#requirement\\_auth0) | ~\u003e 1.0.0 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_auth0\"\u003e\u003c/a\u003e [auth0](#provider\\_auth0) | ~\u003e 1.0.0 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_action\"\u003e\u003c/a\u003e [action](#module\\_action) | ./modules/auth0-action | n/a |\n| \u003ca name=\"module_auth0-auth-db\"\u003e\u003c/a\u003e [auth0-auth-db](#module\\_auth0-auth-db) | ./modules/auth0-auth-db | n/a |\n| \u003ca name=\"module_auth0-email\"\u003e\u003c/a\u003e [auth0-email](#module\\_auth0-email) | ./modules/auth0-email | n/a |\n| \u003ca name=\"module_auth0-goa\"\u003e\u003c/a\u003e [auth0-goa](#module\\_auth0-goa) | ./modules/auth0-auth-google | n/a |\n| \u003ca name=\"module_auth0-guardian\"\u003e\u003c/a\u003e [auth0-guardian](#module\\_auth0-guardian) | ./modules/auth0-guardian | n/a |\n| \u003ca name=\"module_auth0-org\"\u003e\u003c/a\u003e [auth0-org](#module\\_auth0-org) | ./modules/auth0-org | n/a |\n| \u003ca name=\"module_auth0-tenant\"\u003e\u003c/a\u003e [auth0-tenant](#module\\_auth0-tenant) | ./modules/auth0-tenant | n/a |\n| \u003ca name=\"module_auth0_api\"\u003e\u003c/a\u003e [auth0\\_api](#module\\_auth0\\_api) | ./modules/auth0-api | n/a |\n| \u003ca name=\"module_auth0_client\"\u003e\u003c/a\u003e [auth0\\_client](#module\\_auth0\\_client) | ./modules/auth0-client | n/a |\n| \u003ca name=\"module_auth0_role\"\u003e\u003c/a\u003e [auth0\\_role](#module\\_auth0\\_role) | ./modules/auth0-role | n/a |\n| \u003ca name=\"module_auth0_users\"\u003e\u003c/a\u003e [auth0\\_users](#module\\_auth0\\_users) | ./modules/auth0-user/ | n/a |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [auth0_client_grant.my_client_grant](https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/client_grant) | resource |\n| [auth0_prompt.my_prompt](https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/prompt) | resource |\n| [auth0_trigger_actions.trigger_binding](https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/trigger_actions) | resource |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_actions\"\u003e\u003c/a\u003e [actions](#input\\_actions) | Actions are secure, tenant-specific, versioned functions written in Node.js that execute at certain points during the Auth0 runtime. Actions are used to customize and extend Auth0's capabilities with custom logic. | \u003cpre\u003elist(object({\u003cbr\u003e    name    = string\u003cbr\u003e    code    = string\u003cbr\u003e    runtime = optional(string, \"node16\")\u003cbr\u003e    supported_triggers = optional(any, {\u003cbr\u003e      id      = \"post-change-password\"\u003cbr\u003e      version = \"v2\"\u003cbr\u003e    })\u003cbr\u003e    dependencies = optional(list(any), [])\u003cbr\u003e    deploy       = optional(bool, false)\u003cbr\u003e    client_secrets = optional(list(object({\u003cbr\u003e      name   = string\u003cbr\u003e      client = string\u003cbr\u003e      output = string\u003cbr\u003e    })), [])\u003cbr\u003e    secrets = optional(list(object({\u003cbr\u003e      name  = string\u003cbr\u003e      value = string\u003cbr\u003e    })), [])\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_apis\"\u003e\u003c/a\u003e [apis](#input\\_apis) | With this resource, you can set up APIs that can be consumed from your authorized applications. | \u003cpre\u003elist(object({\u003cbr\u003e    name                                            = string\u003cbr\u003e    scopes                                          = list(any)\u003cbr\u003e    identifier                                      = string\u003cbr\u003e    enforce_policies                                = optional(bool, true)\u003cbr\u003e    signing_alg                                     = optional(string, \"RS256\")\u003cbr\u003e    skip_consent_for_verifiable_first_party_clients = optional(bool, true)\u003cbr\u003e    token_lifetime                                  = optional(number, 86400)\u003cbr\u003e    token_lifetime_for_web                          = optional(number, 7200)\u003cbr\u003e    token_dialect                                   = optional(string, null)\u003cbr\u003e    allow_offline_access                            = optional(bool, false)\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_client-id\"\u003e\u003c/a\u003e [client-id](#input\\_client-id) | Auth0 client id | `string` | n/a | yes |\n| \u003ca name=\"input_client-secret\"\u003e\u003c/a\u003e [client-secret](#input\\_client-secret) | Auth0 client secret | `string` | n/a | yes |\n| \u003ca name=\"input_client_grants\"\u003e\u003c/a\u003e [client\\_grants](#input\\_client\\_grants) | Auth0 uses various grant types, or methods by which you grant limited access to your resources to another entity without exposing credentials. | `any` | `[]` | no |\n| \u003ca name=\"input_clients\"\u003e\u003c/a\u003e [clients](#input\\_clients) | With this resource, you can set up applications that use Auth0 for authentication and configure allowed callback URLs and secrets for these applications. | \u003cpre\u003elist(object({\u003cbr\u003e\u003cbr\u003e    name                          = string\u003cbr\u003e    app_type                      = string\u003cbr\u003e    cross_origin_auth             = optional(bool, false)\u003cbr\u003e    allowed_logout_urls           = optional(list(string), [])\u003cbr\u003e    allowed_origins               = optional(list(string), [])\u003cbr\u003e    callbacks                     = optional(list(string), [])\u003cbr\u003e    web_origins                   = optional(list(string), [])\u003cbr\u003e    organization_usage            = optional(string, null)\u003cbr\u003e    organization_require_behavior = optional(string, null)\u003cbr\u003e    custom_login_page_on          = optional(bool, false)\u003cbr\u003e    custom_login_page             = optional(string, \" \")\u003cbr\u003e    token_endpoint_auth_method    = optional(string, \"none\")\u003cbr\u003e    grant_types                   = optional(list(string), [\"client_credentials\"])\u003cbr\u003e    token_endpoint_auth_method    = optional(string, \"client_secret_post\")\u003cbr\u003e    logo_uri                      = optional(string, null)\u003cbr\u003e    sso                           = optional(bool, false)\u003cbr\u003e    jwt_configuration = optional(any, {\u003cbr\u003e      alg                 = \"RS256\"\u003cbr\u003e      lifetime_in_seconds = \"36000\"\u003cbr\u003e      secret_encoded      = \"false\"\u003cbr\u003e    })\u003cbr\u003e    refresh_token = optional(any, {\u003cbr\u003e      expiration_type              = \"non-expiring\"\u003cbr\u003e      idle_token_lifetime          = \"2592000\"\u003cbr\u003e      infinite_idle_token_lifetime = \"true\"\u003cbr\u003e      infinite_token_lifetime      = \"true\"\u003cbr\u003e      leeway                       = \"0\"\u003cbr\u003e      rotation_type                = \"non-rotating\"\u003cbr\u003e      token_lifetime               = \"31557600\"\u003cbr\u003e    })\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_db_connections\"\u003e\u003c/a\u003e [db\\_connections](#input\\_db\\_connections) | With Auth0, you can define sources of users, otherwise known as connections, which may include identity providers database authentication methods. | \u003cpre\u003elist(object({\u003cbr\u003e    name                           = string\u003cbr\u003e    password_policy                = optional(string, \"good\")\u003cbr\u003e    password_history               = optional(any, { enable = true, size = 3 })\u003cbr\u003e    password_no_personal_info      = optional(bool, true)\u003cbr\u003e    password_dictionary            = optional(any, { enable = true, dictionary = [] })\u003cbr\u003e    brute_force_protection         = optional(bool, true)\u003cbr\u003e    custom_scripts                 = optional(any, {})\u003cbr\u003e    enabled_database_customization = optional(bool, false)\u003cbr\u003e    custom_scripts_configuration   = optional(any, {})\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_domain\"\u003e\u003c/a\u003e [domain](#input\\_domain) | Auth0 domain | `string` | n/a | yes |\n| \u003ca name=\"input_emails\"\u003e\u003c/a\u003e [emails](#input\\_emails) | With Auth0, you can have standard welcome, password reset, and account verification email-based workflows built right into Auth0. | \u003cpre\u003elist(object({\u003cbr\u003e    name                 = string\u003cbr\u003e    default_from_address = string\u003cbr\u003e    access_key_id        = optional(string, null)\u003cbr\u003e    secret_access_key    = optional(string, null)\u003cbr\u003e    region               = optional(string, null)\u003cbr\u003e    api_key              = optional(string, null)\u003cbr\u003e    email_template       = optional(any, {})\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_google\"\u003e\u003c/a\u003e [google](#input\\_google) | With Auth0, you can define sources of users, otherwise known as connections, which may include identity provider Google  authentication methods. | `any` | `[]` | no |\n| \u003ca name=\"input_mfa\"\u003e\u003c/a\u003e [mfa](#input\\_mfa) | Multi-Factor Authentication works by requiring additional factors during the login process to prevent unauthorized access. | \u003cpre\u003elist(object({\u003cbr\u003e    policy           = optional(string, \"all-applications\")\u003cbr\u003e    email            = optional(bool, false)\u003cbr\u003e    otp              = optional(bool, false)\u003cbr\u003e    recovery_code    = optional(bool, false)\u003cbr\u003e    webauthn_roaming = optional(list(any), [])\u003cbr\u003e    phone            = optional(list(any), [])\u003cbr\u003e    push             = optional(list(any), [])\u003cbr\u003e    duo              = optional(list(any), [])\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_orgs\"\u003e\u003c/a\u003e [orgs](#input\\_orgs) | The Organizations feature represents a broad update to the Auth0 platform that allows our business-to-business (B2B) customers to better manage their partners and customer | \u003cpre\u003elist(object({\u003cbr\u003e    name         = string\u003cbr\u003e    display_name = string\u003cbr\u003e\u003cbr\u003e    branding    = optional(list(any), [])\u003cbr\u003e    connections = optional(list(any), [])\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_prompts\"\u003e\u003c/a\u003e [prompts](#input\\_prompts) | With this resource, you can manage your Auth0 prompts, including choosing the login experience version. | `any` | `[]` | no |\n| \u003ca name=\"input_roles\"\u003e\u003c/a\u003e [roles](#input\\_roles) | With this resource, you can create and manage collections of permissions that can be assigned to users, which are otherwise known as roles. | `list(any)` | \u003cpre\u003e[\u003cbr\u003e  {\u003cbr\u003e    \"description\": \"Administrator role\",\u003cbr\u003e    \"name\": \"Administrator\",\u003cbr\u003e    \"permissions\": []\u003cbr\u003e  }\u003cbr\u003e]\u003c/pre\u003e | no |\n| \u003ca name=\"input_tenant\"\u003e\u003c/a\u003e [tenant](#input\\_tenant) | With this resource, you can manage Auth0 tenants | \u003cpre\u003elist(object({\u003cbr\u003e    friendly_name           = string\u003cbr\u003e    allowed_logout_urls     = optional(list(string), [])\u003cbr\u003e    default_audience        = optional(string, null)\u003cbr\u003e    picture_url             = optional(string, null)\u003cbr\u003e    enabled_locales         = optional(list(string), null)\u003cbr\u003e    change_password         = optional(list(any), [])\u003cbr\u003e    guardian_mfa_page       = optional(list(any), [])\u003cbr\u003e    default_redirection_uri = string\u003cbr\u003e    sandbox_version         = string\u003cbr\u003e    error_page              = optional(list(any), [])\u003cbr\u003e    default_directory       = optional(string, null)\u003cbr\u003e    support_email           = optional(string, null)\u003cbr\u003e    support_url             = optional(string, null)\u003cbr\u003e    session_lifetime        = optional(number, 168)\u003cbr\u003e    idle_session_lifetime   = optional(number, 72)\u003cbr\u003e    session_cookie          = optional(string, \"persistent\")\u003cbr\u003e    universal_login         = optional(any, [])\u003cbr\u003e    flags = optional(any, {\u003cbr\u003e      allow_legacy_delegation_grant_types    = \"false\"\u003cbr\u003e      allow_legacy_ro_grant_types            = \"false\"\u003cbr\u003e      allow_legacy_tokeninfo_endpoint        = \"false\"\u003cbr\u003e      dashboard_insights_view                = \"false\"\u003cbr\u003e      dashboard_log_streams_next             = \"false\"\u003cbr\u003e      disable_clickjack_protection_headers   = \"false\"\u003cbr\u003e      disable_fields_map_fix                 = \"false\"\u003cbr\u003e      disable_management_api_sms_obfuscation = \"false\"\u003cbr\u003e      enable_adfs_waad_email_verification    = \"false\"\u003cbr\u003e      enable_apis_section                    = \"false\"\u003cbr\u003e      enable_client_connections              = \"false\"\u003cbr\u003e      enable_custom_domain_in_emails         = \"false\"\u003cbr\u003e      enable_dynamic_client_registration     = \"false\"\u003cbr\u003e      enable_idtoken_api2                    = \"false\"\u003cbr\u003e      enable_legacy_logs_search_v2           = \"false\"\u003cbr\u003e      enable_legacy_profile                  = \"false\"\u003cbr\u003e      enable_pipeline2                       = \"false\"\u003cbr\u003e      enable_public_signup_user_exists_error = \"false\"\u003cbr\u003e      no_disclose_enterprise_connections     = \"false\"\u003cbr\u003e      revoke_refresh_token_grant             = \"false\"\u003cbr\u003e      universal_login                        = \"true\"\u003cbr\u003e      use_scope_descriptions_for_consent     = \"false\"\u003cbr\u003e    })\u003cbr\u003e\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_users\"\u003e\u003c/a\u003e [users](#input\\_users) | n/a | \u003cpre\u003elist(object({\u003cbr\u003e    name     = string\u003cbr\u003e    email    = string\u003cbr\u003e    roles    = list(string)\u003cbr\u003e    password = string\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_client_credentials\"\u003e\u003c/a\u003e [client\\_credentials](#output\\_client\\_credentials) | Client credentials for each client created. |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdasmeta%2Fterraform-auth0-modules","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdasmeta%2Fterraform-auth0-modules","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdasmeta%2Fterraform-auth0-modules/lists"}