{"id":16928397,"url":"https://github.com/singingwolfboy/auth0-set-application-uris","last_synced_at":"2026-04-29T16:31:45.739Z","repository":{"id":65161771,"uuid":"564032558","full_name":"singingwolfboy/auth0-set-application-uris","owner":"singingwolfboy","description":"Add/remove application URIs from an Auth0 application","archived":false,"fork":false,"pushed_at":"2023-06-01T23:04:26.000Z","size":2523,"stargazers_count":0,"open_issues_count":5,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-10T19:57:27.305Z","etag":null,"topics":["actions","auth0"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/singingwolfboy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-11-09T21:08:09.000Z","updated_at":"2022-11-12T13:59:45.000Z","dependencies_parsed_at":"2024-12-18T20:31:20.698Z","dependency_job_id":"a5f0086c-e766-4770-a983-754924ec3e28","html_url":"https://github.com/singingwolfboy/auth0-set-application-uris","commit_stats":{"total_commits":29,"total_committers":2,"mean_commits":14.5,"dds":0.4482758620689655,"last_synced_commit":"f2e0a1f4c8671a58a26bff43d953b3734ef20e55"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/singingwolfboy/auth0-set-application-uris","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/singingwolfboy%2Fauth0-set-application-uris","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/singingwolfboy%2Fauth0-set-application-uris/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/singingwolfboy%2Fauth0-set-application-uris/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/singingwolfboy%2Fauth0-set-application-uris/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/singingwolfboy","download_url":"https://codeload.github.com/singingwolfboy/auth0-set-application-uris/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/singingwolfboy%2Fauth0-set-application-uris/sbom","scorecard":{"id":827087,"data":{"date":"2025-08-11","repo":{"name":"github.com/singingwolfboy/auth0-set-application-uris","commit":"f2e0a1f4c8671a58a26bff43d953b3734ef20e55"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.1,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/13 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Warn: no topLevel permission defined: .github/workflows/check-dist.yml:1","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/singingwolfboy/auth0-set-application-uris/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/singingwolfboy/auth0-set-application-uris/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/singingwolfboy/auth0-set-application-uris/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/singingwolfboy/auth0-set-application-uris/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/singingwolfboy/auth0-set-application-uris/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/singingwolfboy/auth0-set-application-uris/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/singingwolfboy/auth0-set-application-uris/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/singingwolfboy/auth0-set-application-uris/test.yml/main?enable=pin","Info:   0 out of   8 GitHub-owned GitHubAction dependencies pinned","Info:   2 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":7,"reason":"SAST tool detected but not run on all commits","details":["Info: SAST configuration detected: CodeQL","Warn: 0 commits out of 18 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"17 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx","Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-hhhv-q57g-882q","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-23T16:49:24.643Z","repository_id":65161771,"created_at":"2025-08-23T16:49:24.644Z","updated_at":"2025-08-23T16:49:24.644Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32434642,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-29T13:34:34.882Z","status":"ssl_error","status_checked_at":"2026-04-29T13:34:29.830Z","response_time":110,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["actions","auth0"],"created_at":"2024-10-13T20:36:39.521Z","updated_at":"2026-04-29T16:31:45.721Z","avatar_url":"https://github.com/singingwolfboy.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Set Application URIs for Auth0\n\nThis [GitHub Action](https://github.com/features/actions) allows you to\nadd or remove application URIs from an [Auth0](https://auth0.com)\napplication. It's perfect for integrating pull request deployments\nwith Auth0, so that you can seamlessly review pull requests without\nmanually changing settings in Auth0.\n\n## Setup \u0026 Install\n\nFirst, go to the Auth0 Dashboard and\n[create a new application](https://auth0.com/docs/get-started/auth0-overview/create-applications).\nThe name does not matter, but since GitHub Actions will be using this\napplication to make changes in Auth0, we suggest using the name\n\"GitHub Actions\". For the application type, choose\n\"Machine to Machine Applications\".\n\nWhen Auth0 asks you to select an API for your new application,\nchoose the \"Auth0 Management API\". When it asks you to select permissions\nfor this API, check the boxes for \"read:clients\" and \"update:clients\".\n\nOnce you have created your new application, go to the \"Settings\"\ntab and find the \"Basic Information\" section for this new application.\nNotice that Auth0 has assigned a domain, client ID, and client secret\nto your application. On GitHub, you should\n[create encrypted secrets for GitHub Actions](https://docs.github.com/en/actions/security-guides/encrypted-secrets)\nfor each of these values. We suggest naming these secrets\n`AUTH0_DOMAIN`, `AUTH0_CLIENT_ID`, and `AUTH0_CLIENT_SECRET`,\nrespectively.\n\nBack on the Auth0 Dashboard, find the application that you want this\nGitHub Action to modify. This is a _different_ application from the\none you just created! Find the client ID for this application; you\nwill need this in a moment. (You do _not_ need the client secret,\nand the domain should be the same.)\n\nCreate a file named `auth0.yml` in the `.github/workflows` directory\nof your repository. Put in the following contents:\n\n```yaml\nname: Auth0\non:\n  pull_request:\n    types: [opened, reopened, closed]\n\njobs:\n  auth0-set-application-uris:\n    name: Set Application URIs\n    runs-on: ubuntu-latest\n    steps:\n      - uses: singingwolfboy/auth0-set-application-uris@v1\n        with:\n          auth0-domain: ${{ secrets.AUTH0_DOMAIN }}\n          auth0-client-id: ${{ secrets.AUTH0_CLIENT_ID }}\n          auth0-client-secret: ${{ secrets.AUTH0_CLIENT_SECRET }}\n          auth0-target-client-id: \"eX4AmP1e-Id123\"\n          callback-url-template: \"https://pr-{{ pull_request.number }}.example.com/callback\"\n          logout-url-template: \"https://pr-{{ pull_request.number }}.example.com/\"\n```\n\nYou will need to customize the last three lines for your own usage.\nThe `auth0-target-client-id` variable should contain the client ID\nof the Auth0 application that you want to modify. The\n`callback-url-template` and `logout-url-template` variables should\ncontain [Mustache templates](https://github.com/janl/mustache.js)\nfor the callback URL and logout URL for your pull request deployment.\nThese templates will be evaluated with a `pull_request` variable,\nwhich comes directly from\n[GitHub's API for getting a pull request](https://docs.github.com/en/rest/pulls/pulls#get-a-pull-request).\n\nCommit this file to your repository, and push it to GitHub. From\nnow on, this GitHub Action should take care of adding and removing\nthese callback and logout URLs on your target Auth0 application,\nautomatically when pull requests are opened and closed.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsingingwolfboy%2Fauth0-set-application-uris","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsingingwolfboy%2Fauth0-set-application-uris","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsingingwolfboy%2Fauth0-set-application-uris/lists"}