Auth0 v3.4.0, Jun 19 24

Auth0 v3.4.0 published on Wednesday, Jun 19, 2024 by Pulumi

auth0.getConnection

Explore with Pulumi AI

Auth0 v3.4.0 published on Wednesday, Jun 19, 2024 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as auth0 from "@pulumi/auth0";

// An Auth0 Connection loaded using its name.
const some-connection-by-name = auth0.getConnection({
    name: "Acceptance-Test-Connection-{{.testName}}",
});
// An Auth0 Connection loaded using its ID.
const some-connection-by-id = auth0.getConnection({
    connectionId: "con_abcdefghkijklmnopqrstuvwxyz0123456789",
});

import pulumi
import pulumi_auth0 as auth0

# An Auth0 Connection loaded using its name.
some_connection_by_name = auth0.get_connection(name="Acceptance-Test-Connection-{{.testName}}")
# An Auth0 Connection loaded using its ID.
some_connection_by_id = auth0.get_connection(connection_id="con_abcdefghkijklmnopqrstuvwxyz0123456789")

package main

import (
	"github.com/pulumi/pulumi-auth0/sdk/v3/go/auth0"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		// An Auth0 Connection loaded using its name.
		_, err := auth0.LookupConnection(ctx, &auth0.LookupConnectionArgs{
			Name: pulumi.StringRef("Acceptance-Test-Connection-{{.testName}}"),
		}, nil)
		if err != nil {
			return err
		}
		// An Auth0 Connection loaded using its ID.
		_, err = auth0.LookupConnection(ctx, &auth0.LookupConnectionArgs{
			ConnectionId: pulumi.StringRef("con_abcdefghkijklmnopqrstuvwxyz0123456789"),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Auth0 = Pulumi.Auth0;

return await Deployment.RunAsync(() => 
{
    // An Auth0 Connection loaded using its name.
    var some_connection_by_name = Auth0.GetConnection.Invoke(new()
    {
        Name = "Acceptance-Test-Connection-{{.testName}}",
    });

    // An Auth0 Connection loaded using its ID.
    var some_connection_by_id = Auth0.GetConnection.Invoke(new()
    {
        ConnectionId = "con_abcdefghkijklmnopqrstuvwxyz0123456789",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.auth0.Auth0Functions;
import com.pulumi.auth0.inputs.GetConnectionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        // An Auth0 Connection loaded using its name.
        final var some-connection-by-name = Auth0Functions.getConnection(GetConnectionArgs.builder()
            .name("Acceptance-Test-Connection-{{.testName}}")
            .build());

        // An Auth0 Connection loaded using its ID.
        final var some-connection-by-id = Auth0Functions.getConnection(GetConnectionArgs.builder()
            .connectionId("con_abcdefghkijklmnopqrstuvwxyz0123456789")
            .build());

    }
}

variables:
  # An Auth0 Connection loaded using its name.
  some-connection-by-name:
    fn::invoke:
      Function: auth0:getConnection
      Arguments:
        name: Acceptance-Test-Connection-{{.testName}}
  # An Auth0 Connection loaded using its ID.
  some-connection-by-id:
    fn::invoke:
      Function: auth0:getConnection
      Arguments:
        connectionId: con_abcdefghkijklmnopqrstuvwxyz0123456789

Using getConnection

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getConnection(args: GetConnectionArgs, opts?: InvokeOptions): Promise<GetConnectionResult>
function getConnectionOutput(args: GetConnectionOutputArgs, opts?: InvokeOptions): Output<GetConnectionResult>

def get_connection(connection_id: Optional[str] = None,
                   name: Optional[str] = None,
                   opts: Optional[InvokeOptions] = None) -> GetConnectionResult
def get_connection_output(connection_id: Optional[pulumi.Input[str]] = None,
                   name: Optional[pulumi.Input[str]] = None,
                   opts: Optional[InvokeOptions] = None) -> Output[GetConnectionResult]

func LookupConnection(ctx *Context, args *LookupConnectionArgs, opts ...InvokeOption) (*LookupConnectionResult, error)
func LookupConnectionOutput(ctx *Context, args *LookupConnectionOutputArgs, opts ...InvokeOption) LookupConnectionResultOutput

> Note: This function is named LookupConnection in the Go SDK.

public static class GetConnection 
{
    public static Task<GetConnectionResult> InvokeAsync(GetConnectionArgs args, InvokeOptions? opts = null)
    public static Output<GetConnectionResult> Invoke(GetConnectionInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetConnectionResult> getConnection(GetConnectionArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet

fn::invoke:
  function: auth0:index/getConnection:getConnection
  arguments:
    # arguments dictionary

The following arguments are supported:

ConnectionId string: The ID of the connection. If not provided, name must be set.
Name string: The name of the connection. If not provided, connection_id must be set.

ConnectionId string: The ID of the connection. If not provided, name must be set.
Name string: The name of the connection. If not provided, connection_id must be set.

connectionId String: The ID of the connection. If not provided, name must be set.
name String: The name of the connection. If not provided, connection_id must be set.

connectionId string: The ID of the connection. If not provided, name must be set.
name string: The name of the connection. If not provided, connection_id must be set.

connection_id str: The ID of the connection. If not provided, name must be set.
name str: The name of the connection. If not provided, connection_id must be set.

connectionId String: The ID of the connection. If not provided, name must be set.
name String: The name of the connection. If not provided, connection_id must be set.

getConnection Result

The following output properties are available:

DisplayName string: Name used in login screen.
EnabledClients List<string>: IDs of the clients for which the connection is enabled.
Id string: The provider-assigned unique ID for this managed resource.
IsDomainConnection bool: Indicates whether the connection is domain level.
Metadata Dictionary<string, string>: Metadata associated with the connection, in the form of a map of string values (max 255 chars).
Options List<GetConnectionOption>: Configuration settings for connection options.
Realms List<string>: Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
ShowAsButton bool: Display connection as a button. Only available on enterprise connections.
Strategy string: Type of the connection, which indicates the identity provider.
ConnectionId string: The ID of the connection. If not provided, name must be set.
Name string: The name of the connection. If not provided, connection_id must be set.

DisplayName string: Name used in login screen.
EnabledClients []string: IDs of the clients for which the connection is enabled.
Id string: The provider-assigned unique ID for this managed resource.
IsDomainConnection bool: Indicates whether the connection is domain level.
Metadata map[string]string: Metadata associated with the connection, in the form of a map of string values (max 255 chars).
Options []GetConnectionOption: Configuration settings for connection options.
Realms []string: Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
ShowAsButton bool: Display connection as a button. Only available on enterprise connections.
Strategy string: Type of the connection, which indicates the identity provider.
ConnectionId string: The ID of the connection. If not provided, name must be set.
Name string: The name of the connection. If not provided, connection_id must be set.

displayName String: Name used in login screen.
enabledClients List<String>: IDs of the clients for which the connection is enabled.
id String: The provider-assigned unique ID for this managed resource.
isDomainConnection Boolean: Indicates whether the connection is domain level.
metadata Map<String,String>: Metadata associated with the connection, in the form of a map of string values (max 255 chars).
options List<GetConnectionOption>: Configuration settings for connection options.
realms List<String>: Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
showAsButton Boolean: Display connection as a button. Only available on enterprise connections.
strategy String: Type of the connection, which indicates the identity provider.
connectionId String: The ID of the connection. If not provided, name must be set.
name String: The name of the connection. If not provided, connection_id must be set.

displayName string: Name used in login screen.
enabledClients string[]: IDs of the clients for which the connection is enabled.
id string: The provider-assigned unique ID for this managed resource.
isDomainConnection boolean: Indicates whether the connection is domain level.
metadata {[key: string]: string}: Metadata associated with the connection, in the form of a map of string values (max 255 chars).
options GetConnectionOption[]: Configuration settings for connection options.
realms string[]: Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
showAsButton boolean: Display connection as a button. Only available on enterprise connections.
strategy string: Type of the connection, which indicates the identity provider.
connectionId string: The ID of the connection. If not provided, name must be set.
name string: The name of the connection. If not provided, connection_id must be set.

display_name str: Name used in login screen.
enabled_clients Sequence[str]: IDs of the clients for which the connection is enabled.
id str: The provider-assigned unique ID for this managed resource.
is_domain_connection bool: Indicates whether the connection is domain level.
metadata Mapping[str, str]: Metadata associated with the connection, in the form of a map of string values (max 255 chars).
options Sequence[GetConnectionOption]: Configuration settings for connection options.
realms Sequence[str]: Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
show_as_button bool: Display connection as a button. Only available on enterprise connections.
strategy str: Type of the connection, which indicates the identity provider.
connection_id str: The ID of the connection. If not provided, name must be set.
name str: The name of the connection. If not provided, connection_id must be set.

displayName String: Name used in login screen.
enabledClients List<String>: IDs of the clients for which the connection is enabled.
id String: The provider-assigned unique ID for this managed resource.
isDomainConnection Boolean: Indicates whether the connection is domain level.
metadata Map<String>: Metadata associated with the connection, in the form of a map of string values (max 255 chars).
options List<Property Map>: Configuration settings for connection options.
realms List<String>: Defines the realms for which the connection will be used (e.g., email domains). If not specified, the connection name is added as the realm.
showAsButton Boolean: Display connection as a button. Only available on enterprise connections.
strategy String: Type of the connection, which indicates the identity provider.
connectionId String: The ID of the connection. If not provided, name must be set.
name String: The name of the connection. If not provided, connection_id must be set.

Supporting Types

GetConnectionOption

AdfsServer string: ADFS URL where to fetch the metadata source.
AllowedAudiences List<string>: List of allowed audiences.
ApiEnableUsers bool: Enable API Access to users.
AppId string: App ID.
AttributeMaps List<GetConnectionOptionAttributeMap>: OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
AuthParams Dictionary<string, string>: Query string parameters to be included as part of the generated passwordless email link.
AuthorizationEndpoint string: Authorization endpoint.
BruteForceProtection bool: Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
ClientId string: The strategy's client ID.
ClientSecret string: The strategy's client secret.
CommunityBaseUrl string: Salesforce community base URL.
Configuration Dictionary<string, object>: A case-sensitive map of key value pairs used as configuration variables for the custom_script.
ConnectionSettings List<GetConnectionOptionConnectionSetting>: Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
CustomScripts Dictionary<string, string>: A map of scripts used to integrate with a custom database.
Debug bool: When enabled, additional debug information will be generated.
DecryptionKeys List<GetConnectionOptionDecryptionKey>: The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
DigestAlgorithm string: Sign Request Algorithm Digest.
DisableCache bool: Indicates whether to disable the cache or not.
DisableSelfServiceChangePassword bool: Indicates whether to remove the forgot password link within the New Universal Login.
DisableSignOut bool: When enabled, will disable sign out.
DisableSignup bool: Indicates whether to allow user sign-ups to your application.
DiscoveryUrl string: OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
Domain string: Domain name.
DomainAliases List<string>: List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
EnableScriptContext bool: Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
EnabledDatabaseCustomization bool: Set to true to use a legacy user store.
EntityId string: Custom Entity ID for the connection.
FedMetadataXml string: Federation Metadata for the ADFS connection.
FieldsMap string: If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
ForwardRequestInfo bool: Specifies whether or not request info should be forwarded to sms gateway.
From string: Address to use as the sender.
GatewayAuthentications List<GetConnectionOptionGatewayAuthentication>: Defines the parameters used to generate the auth token for the custom gateway.
GatewayUrl string: Defines a custom sms gateway to use instead of Twilio.
IconUrl string: Icon URL.
IdentityApi string: Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
IdpInitiateds List<GetConnectionOptionIdpInitiated>: Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
ImportMode bool: Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
Ips List<string>: A list of IPs.
Issuer string: Issuer URL, e.g. https://auth.example.com.
JwksUri string: JWKS URI.
KeyId string: Apple Key ID.
MapUserIdToId bool: By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
MaxGroupsToRetrieve string: Maximum number of groups to retrieve.
MessagingServiceSid string: SID for Copilot. Used when SMS Source is Copilot.
MetadataUrl string: The URL of the SAML metadata document.
MetadataXml string: The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
Mfas List<GetConnectionOptionMfa>: Configuration options for multifactor authentication.
Name string: The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
NonPersistentAttrs List<string>: If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
PasswordComplexityOptions List<GetConnectionOptionPasswordComplexityOption>: Configuration settings for password complexity.
PasswordDictionaries List<GetConnectionOptionPasswordDictionary>: Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
PasswordHistories List<GetConnectionOptionPasswordHistory>: Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
PasswordNoPersonalInfos List<GetConnectionOptionPasswordNoPersonalInfo>: Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
PasswordPolicy string: Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
PingFederateBaseUrl string: Ping Federate Server URL.
PkceEnabled bool: Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
ProtocolBinding string: The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
Provider string: Defines the custom sms_gateway provider.
RequestTemplate string: Template that formats the SAML request.
RequiresUsername bool: Indicates whether the user is required to provide a username in addition to an email address.
Scopes List<string>: Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
Scripts Dictionary<string, string>: A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
SetUserRootAttributes string: Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login. Default value: on_each_login.
ShouldTrustEmailVerifiedConnection string: Choose how Auth0 sets the email_verified field in the user profile.
SignInEndpoint string: SAML single login URL for the connection.
SignOutEndpoint string: SAML single logout URL for the connection.
SignSamlRequest bool: When enabled, the SAML authentication request will be signed.
SignatureAlgorithm string: Sign Request Algorithm.
SigningCert string: X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
SigningKeys List<GetConnectionOptionSigningKey>: The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
StrategyVersion int: Version 1 is deprecated, use version 2.
Subject string: Subject line of the email.
Syntax string: Syntax of the template body.
TeamId string: Apple Team ID.
Template string: Body of the template.
TenantDomain string: Tenant domain name.
TokenEndpoint string: Token endpoint.
Totps List<GetConnectionOptionTotp>: Configuration options for one-time passwords.
TwilioSid string: SID for your Twilio account.
TwilioToken string: AuthToken for your Twilio account.
Type string: Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
UpstreamParams string: You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
UseCertAuth bool: Indicates whether to use cert auth or not.
UseKerberos bool: Indicates whether to use Kerberos or not.
UseWsfed bool: Whether to use WS-Fed.
UserIdAttribute string: Attribute in the SAML token that will be mapped to the user_id property in Auth0.
UserinfoEndpoint string: User info endpoint.
Validations List<GetConnectionOptionValidation>: Validation of the minimum and maximum values allowed for a user to have as username.
WaadCommonEndpoint bool: Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
WaadProtocol string: Protocol to use.

AdfsServer string: ADFS URL where to fetch the metadata source.
AllowedAudiences []string: List of allowed audiences.
ApiEnableUsers bool: Enable API Access to users.
AppId string: App ID.
AttributeMaps []GetConnectionOptionAttributeMap: OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
AuthParams map[string]string: Query string parameters to be included as part of the generated passwordless email link.
AuthorizationEndpoint string: Authorization endpoint.
BruteForceProtection bool: Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
ClientId string: The strategy's client ID.
ClientSecret string: The strategy's client secret.
CommunityBaseUrl string: Salesforce community base URL.
Configuration map[string]interface{}: A case-sensitive map of key value pairs used as configuration variables for the custom_script.
ConnectionSettings []GetConnectionOptionConnectionSetting: Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
CustomScripts map[string]string: A map of scripts used to integrate with a custom database.
Debug bool: When enabled, additional debug information will be generated.
DecryptionKeys []GetConnectionOptionDecryptionKey: The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
DigestAlgorithm string: Sign Request Algorithm Digest.
DisableCache bool: Indicates whether to disable the cache or not.
DisableSelfServiceChangePassword bool: Indicates whether to remove the forgot password link within the New Universal Login.
DisableSignOut bool: When enabled, will disable sign out.
DisableSignup bool: Indicates whether to allow user sign-ups to your application.
DiscoveryUrl string: OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
Domain string: Domain name.
DomainAliases []string: List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
EnableScriptContext bool: Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
EnabledDatabaseCustomization bool: Set to true to use a legacy user store.
EntityId string: Custom Entity ID for the connection.
FedMetadataXml string: Federation Metadata for the ADFS connection.
FieldsMap string: If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
ForwardRequestInfo bool: Specifies whether or not request info should be forwarded to sms gateway.
From string: Address to use as the sender.
GatewayAuthentications []GetConnectionOptionGatewayAuthentication: Defines the parameters used to generate the auth token for the custom gateway.
GatewayUrl string: Defines a custom sms gateway to use instead of Twilio.
IconUrl string: Icon URL.
IdentityApi string: Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
IdpInitiateds []GetConnectionOptionIdpInitiated: Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
ImportMode bool: Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
Ips []string: A list of IPs.
Issuer string: Issuer URL, e.g. https://auth.example.com.
JwksUri string: JWKS URI.
KeyId string: Apple Key ID.
MapUserIdToId bool: By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
MaxGroupsToRetrieve string: Maximum number of groups to retrieve.
MessagingServiceSid string: SID for Copilot. Used when SMS Source is Copilot.
MetadataUrl string: The URL of the SAML metadata document.
MetadataXml string: The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
Mfas []GetConnectionOptionMfa: Configuration options for multifactor authentication.
Name string: The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
NonPersistentAttrs []string: If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
PasswordComplexityOptions []GetConnectionOptionPasswordComplexityOption: Configuration settings for password complexity.
PasswordDictionaries []GetConnectionOptionPasswordDictionary: Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
PasswordHistories []GetConnectionOptionPasswordHistory: Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
PasswordNoPersonalInfos []GetConnectionOptionPasswordNoPersonalInfo: Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
PasswordPolicy string: Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
PingFederateBaseUrl string: Ping Federate Server URL.
PkceEnabled bool: Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
ProtocolBinding string: The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
Provider string: Defines the custom sms_gateway provider.
RequestTemplate string: Template that formats the SAML request.
RequiresUsername bool: Indicates whether the user is required to provide a username in addition to an email address.
Scopes []string: Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
Scripts map[string]string: A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
SetUserRootAttributes string: Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login. Default value: on_each_login.
ShouldTrustEmailVerifiedConnection string: Choose how Auth0 sets the email_verified field in the user profile.
SignInEndpoint string: SAML single login URL for the connection.
SignOutEndpoint string: SAML single logout URL for the connection.
SignSamlRequest bool: When enabled, the SAML authentication request will be signed.
SignatureAlgorithm string: Sign Request Algorithm.
SigningCert string: X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
SigningKeys []GetConnectionOptionSigningKey: The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
StrategyVersion int: Version 1 is deprecated, use version 2.
Subject string: Subject line of the email.
Syntax string: Syntax of the template body.
TeamId string: Apple Team ID.
Template string: Body of the template.
TenantDomain string: Tenant domain name.
TokenEndpoint string: Token endpoint.
Totps []GetConnectionOptionTotp: Configuration options for one-time passwords.
TwilioSid string: SID for your Twilio account.
TwilioToken string: AuthToken for your Twilio account.
Type string: Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
UpstreamParams string: You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
UseCertAuth bool: Indicates whether to use cert auth or not.
UseKerberos bool: Indicates whether to use Kerberos or not.
UseWsfed bool: Whether to use WS-Fed.
UserIdAttribute string: Attribute in the SAML token that will be mapped to the user_id property in Auth0.
UserinfoEndpoint string: User info endpoint.
Validations []GetConnectionOptionValidation: Validation of the minimum and maximum values allowed for a user to have as username.
WaadCommonEndpoint bool: Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
WaadProtocol string: Protocol to use.

adfsServer String: ADFS URL where to fetch the metadata source.
allowedAudiences List<String>: List of allowed audiences.
apiEnableUsers Boolean: Enable API Access to users.
appId String: App ID.
attributeMaps List<GetConnectionOptionAttributeMap>: OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
authParams Map<String,String>: Query string parameters to be included as part of the generated passwordless email link.
authorizationEndpoint String: Authorization endpoint.
bruteForceProtection Boolean: Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
clientId String: The strategy's client ID.
clientSecret String: The strategy's client secret.
communityBaseUrl String: Salesforce community base URL.
configuration Map<String,Object>: A case-sensitive map of key value pairs used as configuration variables for the custom_script.
connectionSettings List<GetConnectionOptionConnectionSetting>: Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
customScripts Map<String,String>: A map of scripts used to integrate with a custom database.
debug Boolean: When enabled, additional debug information will be generated.
decryptionKeys List<GetConnectionOptionDecryptionKey>: The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
digestAlgorithm String: Sign Request Algorithm Digest.
disableCache Boolean: Indicates whether to disable the cache or not.
disableSelfServiceChangePassword Boolean: Indicates whether to remove the forgot password link within the New Universal Login.
disableSignOut Boolean: When enabled, will disable sign out.
disableSignup Boolean: Indicates whether to allow user sign-ups to your application.
discoveryUrl String: OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
domain String: Domain name.
domainAliases List<String>: List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
enableScriptContext Boolean: Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
enabledDatabaseCustomization Boolean: Set to true to use a legacy user store.
entityId String: Custom Entity ID for the connection.
fedMetadataXml String: Federation Metadata for the ADFS connection.
fieldsMap String: If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
forwardRequestInfo Boolean: Specifies whether or not request info should be forwarded to sms gateway.
from String: Address to use as the sender.
gatewayAuthentications List<GetConnectionOptionGatewayAuthentication>: Defines the parameters used to generate the auth token for the custom gateway.
gatewayUrl String: Defines a custom sms gateway to use instead of Twilio.
iconUrl String: Icon URL.
identityApi String: Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
idpInitiateds List<GetConnectionOptionIdpInitiated>: Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
importMode Boolean: Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
ips List<String>: A list of IPs.
issuer String: Issuer URL, e.g. https://auth.example.com.
jwksUri String: JWKS URI.
keyId String: Apple Key ID.
mapUserIdToId Boolean: By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
maxGroupsToRetrieve String: Maximum number of groups to retrieve.
messagingServiceSid String: SID for Copilot. Used when SMS Source is Copilot.
metadataUrl String: The URL of the SAML metadata document.
metadataXml String: The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
mfas List<GetConnectionOptionMfa>: Configuration options for multifactor authentication.
name String: The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
nonPersistentAttrs List<String>: If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
passwordComplexityOptions List<GetConnectionOptionPasswordComplexityOption>: Configuration settings for password complexity.
passwordDictionaries List<GetConnectionOptionPasswordDictionary>: Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
passwordHistories List<GetConnectionOptionPasswordHistory>: Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
passwordNoPersonalInfos List<GetConnectionOptionPasswordNoPersonalInfo>: Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
passwordPolicy String: Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
pingFederateBaseUrl String: Ping Federate Server URL.
pkceEnabled Boolean: Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
protocolBinding String: The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
provider String: Defines the custom sms_gateway provider.
requestTemplate String: Template that formats the SAML request.
requiresUsername Boolean: Indicates whether the user is required to provide a username in addition to an email address.
scopes List<String>: Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
scripts Map<String,String>: A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
setUserRootAttributes String: Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login. Default value: on_each_login.
shouldTrustEmailVerifiedConnection String: Choose how Auth0 sets the email_verified field in the user profile.
signInEndpoint String: SAML single login URL for the connection.
signOutEndpoint String: SAML single logout URL for the connection.
signSamlRequest Boolean: When enabled, the SAML authentication request will be signed.
signatureAlgorithm String: Sign Request Algorithm.
signingCert String: X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
signingKeys List<GetConnectionOptionSigningKey>: The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
strategyVersion Integer: Version 1 is deprecated, use version 2.
subject String: Subject line of the email.
syntax String: Syntax of the template body.
teamId String: Apple Team ID.
template String: Body of the template.
tenantDomain String: Tenant domain name.
tokenEndpoint String: Token endpoint.
totps List<GetConnectionOptionTotp>: Configuration options for one-time passwords.
twilioSid String: SID for your Twilio account.
twilioToken String: AuthToken for your Twilio account.
type String: Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
upstreamParams String: You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
useCertAuth Boolean: Indicates whether to use cert auth or not.
useKerberos Boolean: Indicates whether to use Kerberos or not.
useWsfed Boolean: Whether to use WS-Fed.
userIdAttribute String: Attribute in the SAML token that will be mapped to the user_id property in Auth0.
userinfoEndpoint String: User info endpoint.
validations List<GetConnectionOptionValidation>: Validation of the minimum and maximum values allowed for a user to have as username.
waadCommonEndpoint Boolean: Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
waadProtocol String: Protocol to use.

adfsServer string: ADFS URL where to fetch the metadata source.
allowedAudiences string[]: List of allowed audiences.
apiEnableUsers boolean: Enable API Access to users.
appId string: App ID.
attributeMaps GetConnectionOptionAttributeMap[]: OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
authParams {[key: string]: string}: Query string parameters to be included as part of the generated passwordless email link.
authorizationEndpoint string: Authorization endpoint.
bruteForceProtection boolean: Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
clientId string: The strategy's client ID.
clientSecret string: The strategy's client secret.
communityBaseUrl string: Salesforce community base URL.
configuration {[key: string]: any}: A case-sensitive map of key value pairs used as configuration variables for the custom_script.
connectionSettings GetConnectionOptionConnectionSetting[]: Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
customScripts {[key: string]: string}: A map of scripts used to integrate with a custom database.
debug boolean: When enabled, additional debug information will be generated.
decryptionKeys GetConnectionOptionDecryptionKey[]: The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
digestAlgorithm string: Sign Request Algorithm Digest.
disableCache boolean: Indicates whether to disable the cache or not.
disableSelfServiceChangePassword boolean: Indicates whether to remove the forgot password link within the New Universal Login.
disableSignOut boolean: When enabled, will disable sign out.
disableSignup boolean: Indicates whether to allow user sign-ups to your application.
discoveryUrl string: OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
domain string: Domain name.
domainAliases string[]: List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
enableScriptContext boolean: Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
enabledDatabaseCustomization boolean: Set to true to use a legacy user store.
entityId string: Custom Entity ID for the connection.
fedMetadataXml string: Federation Metadata for the ADFS connection.
fieldsMap string: If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
forwardRequestInfo boolean: Specifies whether or not request info should be forwarded to sms gateway.
from string: Address to use as the sender.
gatewayAuthentications GetConnectionOptionGatewayAuthentication[]: Defines the parameters used to generate the auth token for the custom gateway.
gatewayUrl string: Defines a custom sms gateway to use instead of Twilio.
iconUrl string: Icon URL.
identityApi string: Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
idpInitiateds GetConnectionOptionIdpInitiated[]: Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
importMode boolean: Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
ips string[]: A list of IPs.
issuer string: Issuer URL, e.g. https://auth.example.com.
jwksUri string: JWKS URI.
keyId string: Apple Key ID.
mapUserIdToId boolean: By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
maxGroupsToRetrieve string: Maximum number of groups to retrieve.
messagingServiceSid string: SID for Copilot. Used when SMS Source is Copilot.
metadataUrl string: The URL of the SAML metadata document.
metadataXml string: The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
mfas GetConnectionOptionMfa[]: Configuration options for multifactor authentication.
name string: The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
nonPersistentAttrs string[]: If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
passwordComplexityOptions GetConnectionOptionPasswordComplexityOption[]: Configuration settings for password complexity.
passwordDictionaries GetConnectionOptionPasswordDictionary[]: Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
passwordHistories GetConnectionOptionPasswordHistory[]: Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
passwordNoPersonalInfos GetConnectionOptionPasswordNoPersonalInfo[]: Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
passwordPolicy string: Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
pingFederateBaseUrl string: Ping Federate Server URL.
pkceEnabled boolean: Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
protocolBinding string: The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
provider string: Defines the custom sms_gateway provider.
requestTemplate string: Template that formats the SAML request.
requiresUsername boolean: Indicates whether the user is required to provide a username in addition to an email address.
scopes string[]: Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
scripts {[key: string]: string}: A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
setUserRootAttributes string: Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login. Default value: on_each_login.
shouldTrustEmailVerifiedConnection string: Choose how Auth0 sets the email_verified field in the user profile.
signInEndpoint string: SAML single login URL for the connection.
signOutEndpoint string: SAML single logout URL for the connection.
signSamlRequest boolean: When enabled, the SAML authentication request will be signed.
signatureAlgorithm string: Sign Request Algorithm.
signingCert string: X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
signingKeys GetConnectionOptionSigningKey[]: The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
strategyVersion number: Version 1 is deprecated, use version 2.
subject string: Subject line of the email.
syntax string: Syntax of the template body.
teamId string: Apple Team ID.
template string: Body of the template.
tenantDomain string: Tenant domain name.
tokenEndpoint string: Token endpoint.
totps GetConnectionOptionTotp[]: Configuration options for one-time passwords.
twilioSid string: SID for your Twilio account.
twilioToken string: AuthToken for your Twilio account.
type string: Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
upstreamParams string: You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
useCertAuth boolean: Indicates whether to use cert auth or not.
useKerberos boolean: Indicates whether to use Kerberos or not.
useWsfed boolean: Whether to use WS-Fed.
userIdAttribute string: Attribute in the SAML token that will be mapped to the user_id property in Auth0.
userinfoEndpoint string: User info endpoint.
validations GetConnectionOptionValidation[]: Validation of the minimum and maximum values allowed for a user to have as username.
waadCommonEndpoint boolean: Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
waadProtocol string: Protocol to use.

adfs_server str: ADFS URL where to fetch the metadata source.
allowed_audiences Sequence[str]: List of allowed audiences.
api_enable_users bool: Enable API Access to users.
app_id str: App ID.
attribute_maps Sequence[GetConnectionOptionAttributeMap]: OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
auth_params Mapping[str, str]: Query string parameters to be included as part of the generated passwordless email link.
authorization_endpoint str: Authorization endpoint.
brute_force_protection bool: Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
client_id str: The strategy's client ID.
client_secret str: The strategy's client secret.
community_base_url str: Salesforce community base URL.
configuration Mapping[str, Any]: A case-sensitive map of key value pairs used as configuration variables for the custom_script.
connection_settings Sequence[GetConnectionOptionConnectionSetting]: Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
custom_scripts Mapping[str, str]: A map of scripts used to integrate with a custom database.
debug bool: When enabled, additional debug information will be generated.
decryption_keys Sequence[GetConnectionOptionDecryptionKey]: The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
digest_algorithm str: Sign Request Algorithm Digest.
disable_cache bool: Indicates whether to disable the cache or not.
disable_self_service_change_password bool: Indicates whether to remove the forgot password link within the New Universal Login.
disable_sign_out bool: When enabled, will disable sign out.
disable_signup bool: Indicates whether to allow user sign-ups to your application.
discovery_url str: OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
domain str: Domain name.
domain_aliases Sequence[str]: List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
enable_script_context bool: Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
enabled_database_customization bool: Set to true to use a legacy user store.
entity_id str: Custom Entity ID for the connection.
fed_metadata_xml str: Federation Metadata for the ADFS connection.
fields_map str: If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
forward_request_info bool: Specifies whether or not request info should be forwarded to sms gateway.
from_ str: Address to use as the sender.
gateway_authentications Sequence[GetConnectionOptionGatewayAuthentication]: Defines the parameters used to generate the auth token for the custom gateway.
gateway_url str: Defines a custom sms gateway to use instead of Twilio.
icon_url str: Icon URL.
identity_api str: Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
idp_initiateds Sequence[GetConnectionOptionIdpInitiated]: Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
import_mode bool: Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
ips Sequence[str]: A list of IPs.
issuer str: Issuer URL, e.g. https://auth.example.com.
jwks_uri str: JWKS URI.
key_id str: Apple Key ID.
map_user_id_to_id bool: By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
max_groups_to_retrieve str: Maximum number of groups to retrieve.
messaging_service_sid str: SID for Copilot. Used when SMS Source is Copilot.
metadata_url str: The URL of the SAML metadata document.
metadata_xml str: The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
mfas Sequence[GetConnectionOptionMfa]: Configuration options for multifactor authentication.
name str: The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
non_persistent_attrs Sequence[str]: If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
password_complexity_options Sequence[GetConnectionOptionPasswordComplexityOption]: Configuration settings for password complexity.
password_dictionaries Sequence[GetConnectionOptionPasswordDictionary]: Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
password_histories Sequence[GetConnectionOptionPasswordHistory]: Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
password_no_personal_infos Sequence[GetConnectionOptionPasswordNoPersonalInfo]: Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
password_policy str: Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
ping_federate_base_url str: Ping Federate Server URL.
pkce_enabled bool: Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
protocol_binding str: The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
provider str: Defines the custom sms_gateway provider.
request_template str: Template that formats the SAML request.
requires_username bool: Indicates whether the user is required to provide a username in addition to an email address.
scopes Sequence[str]: Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
scripts Mapping[str, str]: A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
set_user_root_attributes str: Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login. Default value: on_each_login.
should_trust_email_verified_connection str: Choose how Auth0 sets the email_verified field in the user profile.
sign_in_endpoint str: SAML single login URL for the connection.
sign_out_endpoint str: SAML single logout URL for the connection.
sign_saml_request bool: When enabled, the SAML authentication request will be signed.
signature_algorithm str: Sign Request Algorithm.
signing_cert str: X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
signing_keys Sequence[GetConnectionOptionSigningKey]: The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
strategy_version int: Version 1 is deprecated, use version 2.
subject str: Subject line of the email.
syntax str: Syntax of the template body.
team_id str: Apple Team ID.
template str: Body of the template.
tenant_domain str: Tenant domain name.
token_endpoint str: Token endpoint.
totps Sequence[GetConnectionOptionTotp]: Configuration options for one-time passwords.
twilio_sid str: SID for your Twilio account.
twilio_token str: AuthToken for your Twilio account.
type str: Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
upstream_params str: You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
use_cert_auth bool: Indicates whether to use cert auth or not.
use_kerberos bool: Indicates whether to use Kerberos or not.
use_wsfed bool: Whether to use WS-Fed.
user_id_attribute str: Attribute in the SAML token that will be mapped to the user_id property in Auth0.
userinfo_endpoint str: User info endpoint.
validations Sequence[GetConnectionOptionValidation]: Validation of the minimum and maximum values allowed for a user to have as username.
waad_common_endpoint bool: Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
waad_protocol str: Protocol to use.

adfsServer String: ADFS URL where to fetch the metadata source.
allowedAudiences List<String>: List of allowed audiences.
apiEnableUsers Boolean: Enable API Access to users.
appId String: App ID.
attributeMaps List<Property Map>: OpenID Connect and Okta Workforce connections can automatically map claims received from the identity provider (IdP). You can configure this mapping through a library template provided by Auth0 or by entering your own template directly. Click here for more info.
authParams Map<String>: Query string parameters to be included as part of the generated passwordless email link.
authorizationEndpoint String: Authorization endpoint.
bruteForceProtection Boolean: Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
clientId String: The strategy's client ID.
clientSecret String: The strategy's client secret.
communityBaseUrl String: Salesforce community base URL.
configuration Map<Any>: A case-sensitive map of key value pairs used as configuration variables for the custom_script.
connectionSettings List<Property Map>: Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection.
customScripts Map<String>: A map of scripts used to integrate with a custom database.
debug Boolean: When enabled, additional debug information will be generated.
decryptionKeys List<Property Map>: The key used to decrypt encrypted responses from the connection. Uses the key and cert properties to provide the private key and certificate respectively.
digestAlgorithm String: Sign Request Algorithm Digest.
disableCache Boolean: Indicates whether to disable the cache or not.
disableSelfServiceChangePassword Boolean: Indicates whether to remove the forgot password link within the New Universal Login.
disableSignOut Boolean: When enabled, will disable sign out.
disableSignup Boolean: Indicates whether to allow user sign-ups to your application.
discoveryUrl String: OpenID discovery URL, e.g. https://auth.example.com/.well-known/openid-configuration.
domain String: Domain name.
domainAliases List<String>: List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
enableScriptContext Boolean: Set to true to inject context into custom DB scripts (warning: cannot be disabled once enabled).
enabledDatabaseCustomization Boolean: Set to true to use a legacy user store.
entityId String: Custom Entity ID for the connection.
fedMetadataXml String: Federation Metadata for the ADFS connection.
fieldsMap String: If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
forwardRequestInfo Boolean: Specifies whether or not request info should be forwarded to sms gateway.
from String: Address to use as the sender.
gatewayAuthentications List<Property Map>: Defines the parameters used to generate the auth token for the custom gateway.
gatewayUrl String: Defines a custom sms gateway to use instead of Twilio.
iconUrl String: Icon URL.
identityApi String: Azure AD Identity API. Available options are: microsoft-identity-platform-v2.0 or azure-active-directory-v1.0.
idpInitiateds List<Property Map>: Configuration options for IDP Initiated Authentication. This is an object with the properties: client_id, client_protocol, and client_authorize_query.
importMode Boolean: Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
ips List<String>: A list of IPs.
issuer String: Issuer URL, e.g. https://auth.example.com.
jwksUri String: JWKS URI.
keyId String: Apple Key ID.
mapUserIdToId Boolean: By default Auth0 maps user_id to email. Enabling this setting changes the behavior to map user_id to 'id' instead. This can only be defined on a new Google Workspace connection and can not be changed once set.
maxGroupsToRetrieve String: Maximum number of groups to retrieve.
messagingServiceSid String: SID for Copilot. Used when SMS Source is Copilot.
metadataUrl String: The URL of the SAML metadata document.
metadataXml String: The XML content for the SAML metadata document. Values within the xml will take precedence over other attributes set on the options block.
mfas List<Property Map>: Configuration options for multifactor authentication.
name String: The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
nonPersistentAttrs List<String>: If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
passwordComplexityOptions List<Property Map>: Configuration settings for password complexity.
passwordDictionaries List<Property Map>: Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
passwordHistories List<Property Map>: Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
passwordNoPersonalInfos List<Property Map>: Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email.
passwordPolicy String: Indicates level of password strength to enforce during authentication. A strong password policy will make it difficult, if not improbable, for someone to guess a password through either manual or automated means. Options include none, low, fair, good, excellent.
pingFederateBaseUrl String: Ping Federate Server URL.
pkceEnabled Boolean: Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
protocolBinding String: The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
provider String: Defines the custom sms_gateway provider.
requestTemplate String: Template that formats the SAML request.
requiresUsername Boolean: Indicates whether the user is required to provide a username in addition to an email address.
scopes List<String>: Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: basic_profile, ext_profile, ext_nested_groups, etc.
scripts Map<String>: A map of scripts used for an OAuth connection. Only accepts a fetchUserProfile script.
setUserRootAttributes String: Determines whether to sync user profile attributes (name, given_name, family_name, nickname, picture) at each login or only on the first login. Options include: on_each_login, on_first_login. Default value: on_each_login.
shouldTrustEmailVerifiedConnection String: Choose how Auth0 sets the email_verified field in the user profile.
signInEndpoint String: SAML single login URL for the connection.
signOutEndpoint String: SAML single logout URL for the connection.
signSamlRequest Boolean: When enabled, the SAML authentication request will be signed.
signatureAlgorithm String: Sign Request Algorithm.
signingCert String: X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
signingKeys List<Property Map>: The key used to sign requests in the connection. Uses the key and cert properties to provide the private key and certificate respectively.
strategyVersion Number: Version 1 is deprecated, use version 2.
subject String: Subject line of the email.
syntax String: Syntax of the template body.
teamId String: Apple Team ID.
template String: Body of the template.
tenantDomain String: Tenant domain name.
tokenEndpoint String: Token endpoint.
totps List<Property Map>: Configuration options for one-time passwords.
twilioSid String: SID for your Twilio account.
twilioToken String: AuthToken for your Twilio account.
type String: Value can be back_channel or front_channel. Front Channel will use OIDC protocol with response_mode=form_post and response_type=id_token. Back Channel will use response_type=code.
upstreamParams String: You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
useCertAuth Boolean: Indicates whether to use cert auth or not.
useKerberos Boolean: Indicates whether to use Kerberos or not.
useWsfed Boolean: Whether to use WS-Fed.
userIdAttribute String: Attribute in the SAML token that will be mapped to the user_id property in Auth0.
userinfoEndpoint String: User info endpoint.
validations List<Property Map>: Validation of the minimum and maximum values allowed for a user to have as username.
waadCommonEndpoint Boolean: Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
waadProtocol String: Protocol to use.

GetConnectionOptionAttributeMap

Attributes string: This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
MappingMode string: Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
UserinfoScope string: This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.

Attributes string: This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
MappingMode string: Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
UserinfoScope string: This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.

attributes String: This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
mappingMode String: Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
userinfoScope String: This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.

attributes string: This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
mappingMode string: Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
userinfoScope string: This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.

attributes str: This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
mapping_mode str: Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
userinfo_scope str: This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.

attributes String: This property is an object containing mapping information that allows Auth0 to interpret incoming claims from the IdP. Mapping information must be provided as key/value pairs.
mappingMode String: Method used to map incoming claims. Possible values: use_map (Okta or OIDC), bind_all (OIDC) or basic_profile (Okta).
userinfoScope String: This property defines the scopes that Auth0 sends to the IdP’s UserInfo endpoint when requested.

GetConnectionOptionConnectionSetting

Pkce string: PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).

Pkce string: PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).

pkce String: PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).

pkce string: PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).

pkce str: PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).

pkce String: PKCE configuration. Possible values: auto (uses the strongest algorithm available), S256 (uses the SHA-256 algorithm), plain (uses plaintext as described in the PKCE specification) or disabled (disables support for PKCE).

GetConnectionOptionDecryptionKey

Cert string
Key string

Cert string
Key string

cert String
key String

cert string
key string

cert str
key str

cert String
key String

GetConnectionOptionGatewayAuthentication

Audience string: Audience claim for the HS256 token sent to gateway_url.
Method string: Authentication method (default is bearer token).
Secret string: Secret used to sign the HS256 token sent to gateway_url.
SecretBase64Encoded bool: Specifies whether or not the secret is Base64-encoded.
Subject string: Subject claim for the HS256 token sent to gateway_url.

Audience string: Audience claim for the HS256 token sent to gateway_url.
Method string: Authentication method (default is bearer token).
Secret string: Secret used to sign the HS256 token sent to gateway_url.
SecretBase64Encoded bool: Specifies whether or not the secret is Base64-encoded.
Subject string: Subject claim for the HS256 token sent to gateway_url.

audience String: Audience claim for the HS256 token sent to gateway_url.
method String: Authentication method (default is bearer token).
secret String: Secret used to sign the HS256 token sent to gateway_url.
secretBase64Encoded Boolean: Specifies whether or not the secret is Base64-encoded.
subject String: Subject claim for the HS256 token sent to gateway_url.

audience string: Audience claim for the HS256 token sent to gateway_url.
method string: Authentication method (default is bearer token).
secret string: Secret used to sign the HS256 token sent to gateway_url.
secretBase64Encoded boolean: Specifies whether or not the secret is Base64-encoded.
subject string: Subject claim for the HS256 token sent to gateway_url.

audience str: Audience claim for the HS256 token sent to gateway_url.
method str: Authentication method (default is bearer token).
secret str: Secret used to sign the HS256 token sent to gateway_url.
secret_base64_encoded bool: Specifies whether or not the secret is Base64-encoded.
subject str: Subject claim for the HS256 token sent to gateway_url.

audience String: Audience claim for the HS256 token sent to gateway_url.
method String: Authentication method (default is bearer token).
secret String: Secret used to sign the HS256 token sent to gateway_url.
secretBase64Encoded Boolean: Specifies whether or not the secret is Base64-encoded.
subject String: Subject claim for the HS256 token sent to gateway_url.

GetConnectionOptionIdpInitiated

ClientAuthorizeQuery string
ClientId string
ClientProtocol string

ClientAuthorizeQuery string
ClientId string
ClientProtocol string

clientAuthorizeQuery String
clientId String
clientProtocol String

clientAuthorizeQuery string
clientId string
clientProtocol string

client_authorize_query str
client_id str
client_protocol str

clientAuthorizeQuery String
clientId String
clientProtocol String

GetConnectionOptionMfa

Active bool: Indicates whether multifactor authentication is enabled for this connection.
ReturnEnrollSettings bool: Indicates whether multifactor authentication enrollment settings will be returned.

Active bool: Indicates whether multifactor authentication is enabled for this connection.
ReturnEnrollSettings bool: Indicates whether multifactor authentication enrollment settings will be returned.

active Boolean: Indicates whether multifactor authentication is enabled for this connection.
returnEnrollSettings Boolean: Indicates whether multifactor authentication enrollment settings will be returned.

active boolean: Indicates whether multifactor authentication is enabled for this connection.
returnEnrollSettings boolean: Indicates whether multifactor authentication enrollment settings will be returned.

active bool: Indicates whether multifactor authentication is enabled for this connection.
return_enroll_settings bool: Indicates whether multifactor authentication enrollment settings will be returned.

active Boolean: Indicates whether multifactor authentication is enabled for this connection.
returnEnrollSettings Boolean: Indicates whether multifactor authentication enrollment settings will be returned.

GetConnectionOptionPasswordComplexityOption

MinLength int: Minimum number of characters allowed in passwords.

MinLength int: Minimum number of characters allowed in passwords.

minLength Integer: Minimum number of characters allowed in passwords.

minLength number: Minimum number of characters allowed in passwords.

min_length int: Minimum number of characters allowed in passwords.

minLength Number: Minimum number of characters allowed in passwords.

GetConnectionOptionPasswordDictionary

Dictionaries List<string>: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
Enable bool: Indicates whether the password dictionary check is enabled for this connection.

Dictionaries []string: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
Enable bool: Indicates whether the password dictionary check is enabled for this connection.

dictionaries List<String>: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable Boolean: Indicates whether the password dictionary check is enabled for this connection.

dictionaries string[]: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable boolean: Indicates whether the password dictionary check is enabled for this connection.

dictionaries Sequence[str]: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable bool: Indicates whether the password dictionary check is enabled for this connection.

dictionaries List<String>: Customized contents of the password dictionary. By default, the password dictionary contains a list of the 10,000 most common passwords; your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
enable Boolean: Indicates whether the password dictionary check is enabled for this connection.

GetConnectionOptionPasswordHistory

Enable bool
Size int

Enable bool
Size int

enable Boolean
size Integer

enable boolean
size number

enable bool
size int

enable Boolean
size Number

GetConnectionOptionPasswordNoPersonalInfo

Enable bool

Enable bool

enable Boolean

enable boolean

enable bool

enable Boolean

GetConnectionOptionSigningKey

Cert string
Key string

Cert string
Key string

cert String
key String

cert string
key string

cert str
key str

cert String
key String

GetConnectionOptionTotp

Length int: Length of the one-time password.
TimeStep int: Seconds between allowed generation of new passwords.

Length int: Length of the one-time password.
TimeStep int: Seconds between allowed generation of new passwords.

length Integer: Length of the one-time password.
timeStep Integer: Seconds between allowed generation of new passwords.

length number: Length of the one-time password.
timeStep number: Seconds between allowed generation of new passwords.

length int: Length of the one-time password.
time_step int: Seconds between allowed generation of new passwords.

length Number: Length of the one-time password.
timeStep Number: Seconds between allowed generation of new passwords.

GetConnectionOptionValidation

Usernames List<GetConnectionOptionValidationUsername>: Specifies the min and max values of username length.

Usernames []GetConnectionOptionValidationUsername: Specifies the min and max values of username length.

usernames List<GetConnectionOptionValidationUsername>: Specifies the min and max values of username length.

usernames GetConnectionOptionValidationUsername[]: Specifies the min and max values of username length.

usernames Sequence[GetConnectionOptionValidationUsername]: Specifies the min and max values of username length.

usernames List<Property Map>: Specifies the min and max values of username length.

GetConnectionOptionValidationUsername

Max int
Min int

Max int
Min int

max Integer
min Integer

max number
min number

max int
min int

max Number
min Number

Package Details

Repository: Auth0 pulumi/pulumi-auth0
License: Apache-2.0
Notes: This Pulumi package is based on the auth0 Terraform Provider.

Auth0 v3.4.0 published on Wednesday, Jun 19, 2024 by Pulumi

pulumi/pulumi-auth0

auth0.getConnection

On this page

On this page

Example Usage

Using getConnection

getConnection Result

Supporting Types

GetConnectionOption

GetConnectionOptionAttributeMap

GetConnectionOptionConnectionSetting

GetConnectionOptionDecryptionKey

GetConnectionOptionGatewayAuthentication

GetConnectionOptionIdpInitiated

GetConnectionOptionMfa

GetConnectionOptionPasswordComplexityOption

GetConnectionOptionPasswordDictionary

GetConnectionOptionPasswordHistory

GetConnectionOptionPasswordNoPersonalInfo

GetConnectionOptionSigningKey

GetConnectionOptionTotp

GetConnectionOptionValidation

GetConnectionOptionValidationUsername

Package Details

On this page

On this page