Update branch to the latest

CHANGELOG.md

@@ -1,3 +1,17 @@
+## v1.8.0
+
+FEATURES:
+- `resource/auth0_self_service_profile_custom_text`: Add new resource which allow to set custom text for SSO Profile ([#1075](https://github.com/auth0/terraform-provider-auth0/pull/1075/))
+- `data-source/auth0_clients`: Add data-source which allows retrieving a list of clients with filters ([#1080](https://github.com/auth0/terraform-provider-auth0/pull/1080/))
+
+ENHANCEMENTS:
+- `resource/auth0_client`: Add support for setting `oidc_logout`, which includes `backchannel_logout_urls` and `backchannel_logout_initiators`. The `backchannel_logout_initiators` property supports `mode` and `selected_initiators` for more granular control ([#1045](https://github.com/auth0/terraform-provider-auth0/pull/1045/))
+- `resource/auth0_self_service_profile`: Add support for setting `name`, `description`, `allowed_strategies` ([#1075](https://github.com/auth0/terraform-provider-auth0/pull/1075/))
+
+BUG FIXES:
+- `resource/auth0_form`: Update messages property with expand rule ([#1088](https://github.com/auth0/terraform-provider-auth0/pull/1088/))
+
+
 ## v1.7.3
 
 NOTES:

CONTRIBUTING.md

@@ -53,6 +53,13 @@ Run `make docs` to regenerate documentation for newly added resources and schema
 make docs
 ```
 
+## Signing your Commits
+We require all commits on the contributing PR to be signed.
+
+- [Learn more about signing commits](https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits)
+- [Signing old commits](https://stackoverflow.com/questions/41882919/is-there-a-way-to-gpg-sign-all-previous-commits)
+
+
 ## Running the Tests
 
 The tests can be run using the following make commands:

docs/data-sources/client.md

@@ -62,6 +62,7 @@ data "auth0_client" "some-client-by-id" {
 - `native_social_login` (List of Object) Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to `false` in order to change the `app_type`. (see [below for nested schema](#nestedatt--native_social_login))
 - `oidc_backchannel_logout_urls` (Set of String) Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
 - `oidc_conformant` (Boolean) Indicates whether this client will conform to strict OIDC specifications.
+- `oidc_logout` (List of Object) Configure OIDC logout for the Client (see [below for nested schema](#nestedatt--oidc_logout))
 - `organization_require_behavior` (String) Defines how to proceed during an authentication transaction when `organization_usage = "require"`. Can be `no_prompt` (default), `pre_login_prompt` or  `post_login_prompt`.
 - `organization_usage` (String) Defines how to proceed during an authentication transaction with regards to an organization. Can be `deny` (default), `allow` or `require`.
 - `refresh_token` (List of Object) Configuration settings for the refresh tokens issued for this client. (see [below for nested schema](#nestedatt--refresh_token))
@@ -554,6 +555,24 @@ Read-Only:
 
 
 
+<a id="nestedatt--oidc_logout"></a>
+### Nested Schema for `oidc_logout`
+
+Read-Only:
+
+- `backchannel_logout_initiators` (List of Object) (see [below for nested schema](#nestedobjatt--oidc_logout--backchannel_logout_initiators))
+- `backchannel_logout_urls` (Set of String)
+
+<a id="nestedobjatt--oidc_logout--backchannel_logout_initiators"></a>
+### Nested Schema for `oidc_logout.backchannel_logout_initiators`
+
+Read-Only:
+
+- `mode` (String)
+- `selected_initiators` (Set of String)
+
+
+
 <a id="nestedatt--refresh_token"></a>
 ### Nested Schema for `refresh_token`
 

docs/data-sources/clients.md

@@ -0,0 +1,81 @@
+---
+page_title: "Data Source: auth0_clients"
+description: |-
+  Data source to retrieve a list of Auth0 application clients with optional filtering.
+---
+
+# Data Source: auth0_clients
+
+Data source to retrieve a list of Auth0 application clients with optional filtering.
+
+## Example Usage
+
+```terraform
+# Auth0 clients with "External" in the name
+data "auth0_clients" "external_apps" {
+  name_filter = "External"
+}
+
+# Auth0 clients filtered by non_interactive or spa app type
+data "auth0_clients" "m2m_apps" {
+  app_types = ["non_interactive", "spa"]
+}
+
+# Auth0 clients filtered by is_first_party equal to true
+data "auth0_clients" "first_party_apps" {
+  is_first_party = true
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `app_types` (Set of String) Filter clients by application types.
+- `is_first_party` (Boolean) Filter clients by first party status.
+- `name_filter` (String) Filter clients by name (partial matches supported).
+
+### Read-Only
+
+- `clients` (List of Object) List of clients matching the filter criteria. (see [below for nested schema](#nestedatt--clients))
+- `id` (String) The ID of this resource.
+
+<a id="nestedatt--clients"></a>
+### Nested Schema for `clients`
+
+Read-Only:
+
+- `allowed_clients` (List of String)
+- `allowed_logout_urls` (List of String)
+- `allowed_origins` (List of String)
+- `app_type` (String)
+- `callbacks` (List of String)
+- `client_id` (String)
+- `client_metadata` (Map of String)
+- `client_secret` (String)
+- `description` (String)
+- `grant_types` (List of String)
+- `is_first_party` (Boolean)
+- `is_token_endpoint_ip_header_trusted` (Boolean)
+- `name` (String)
+- `oidc_logout` (List of Object) (see [below for nested schema](#nestedobjatt--clients--oidc_logout))
+- `web_origins` (List of String)
+
+<a id="nestedobjatt--clients--oidc_logout"></a>
+### Nested Schema for `clients.oidc_logout`
+
+Read-Only:
+
+- `backchannel_logout_initiators` (List of Object) (see [below for nested schema](#nestedobjatt--clients--oidc_logout--backchannel_logout_initiators))
+- `backchannel_logout_urls` (Set of String)
+
+<a id="nestedobjatt--clients--oidc_logout--backchannel_logout_initiators"></a>
+### Nested Schema for `clients.oidc_logout.backchannel_logout_initiators`
+
+Read-Only:
+
+- `mode` (String)
+- `selected_initiators` (Set of String)
+
+

docs/data-sources/self_service_profile.md

@@ -26,8 +26,11 @@ data "auth0_self_service_profile" "auth0_self_service_profile" {
 
 ### Read-Only
 
+- `allowed_strategies` (Set of String) List of IdP strategies that will be shown to users during the Self-Service SSO flow.
 - `branding` (List of Object) Field can be used to customize the look and feel of the wizard. (see [below for nested schema](#nestedatt--branding))
 - `created_at` (String) The ISO 8601 formatted date the profile was created.
+- `description` (String) The description of the self-service Profile
+- `name` (String) The name of the self-service Profile
 - `updated_at` (String) The ISO 8601 formatted date the profile was updated.
 - `user_attributes` (List of Object) This array stores the mapping information that will be shown to the user during the SS-SSO flow. The user will be prompted to map the attributes on their identity provider to ensure the specified attributes get passed to Auth0. (see [below for nested schema](#nestedatt--user_attributes))
 

docs/resources/client.md

@@ -116,8 +116,9 @@ resource "auth0_client" "my_client" {
 - `logo_uri` (String) URL of the logo for the client. Recommended size is 150px x 150px. If none is set, the default badge for the application type will be shown.
 - `mobile` (Block List, Max: 1) Additional configuration for native mobile apps. (see [below for nested schema](#nestedblock--mobile))
 - `native_social_login` (Block List, Max: 1) Configuration settings to toggle native social login for mobile native applications. Once this is set it must stay set, with both resources set to `false` in order to change the `app_type`. (see [below for nested schema](#nestedblock--native_social_login))
-- `oidc_backchannel_logout_urls` (Set of String) Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
+- `oidc_backchannel_logout_urls` (Set of String, Deprecated) Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
 - `oidc_conformant` (Boolean) Indicates whether this client will conform to strict OIDC specifications.
+- `oidc_logout` (Block List, Max: 1) Configure OIDC logout for the Client (see [below for nested schema](#nestedblock--oidc_logout))
 - `organization_require_behavior` (String) Defines how to proceed during an authentication transaction when `organization_usage = "require"`. Can be `no_prompt` (default), `pre_login_prompt` or  `post_login_prompt`.
 - `organization_usage` (String) Defines how to proceed during an authentication transaction with regards to an organization. Can be `deny` (default), `allow` or `require`.
 - `refresh_token` (Block List, Max: 1) Configuration settings for the refresh tokens issued for this client. (see [below for nested schema](#nestedblock--refresh_token))
@@ -527,6 +528,30 @@ Optional:
 
 
 
+<a id="nestedblock--oidc_logout"></a>
+### Nested Schema for `oidc_logout`
+
+Required:
+
+- `backchannel_logout_urls` (Set of String) Set of URLs that are valid to call back from Auth0 for OIDC backchannel logout. Currently only one URL is allowed.
+
+Optional:
+
+- `backchannel_logout_initiators` (Block List, Max: 1) Configure OIDC logout initiators for the Client (see [below for nested schema](#nestedblock--oidc_logout--backchannel_logout_initiators))
+
+<a id="nestedblock--oidc_logout--backchannel_logout_initiators"></a>
+### Nested Schema for `oidc_logout.backchannel_logout_initiators`
+
+Required:
+
+- `mode` (String) Determines the configuration method for enabling initiators. `custom` enables only the initiators listed in the backchannel_logout_selected_initiators set, `all` enables all current and future initiators.
+
+Optional:
+
+- `selected_initiators` (Set of String) Contains the list of initiators to be enabled for the given client.
+
+
+
 <a id="nestedblock--refresh_token"></a>
 ### Nested Schema for `refresh_token`
 

docs/resources/form.md

@@ -87,6 +87,11 @@ resource "auth0_form" "my_form" {
     }
   })
 
+  messages {
+    errors = jsonencode({
+      ERR_REQUIRED_PROPERTY = "This field is required for user kyc."
+    })
+  }
   languages {
     default = "en"
     primary = "en"

docs/resources/organization_client_grant.md

@@ -8,7 +8,51 @@ description: |-
 
 With this resource, you can manage a client grant associated with an organization.
 
+## Example Usage
 
+```terraform
+# Create an Organization
+resource "auth0_organization" "my_organization" {
+  name         = "test-org-acceptance-testing"
+  display_name = "Test Org Acceptance Testing"
+}
+
+# Create a Resource Server
+resource "auth0_resource_server" "new_resource_server" {
+  name       = "Example API"
+  identifier = "https://api.travel00123.com/"
+}
+
+
+# Create a Client by referencing the newly created organisation or by reference an existing one.
+resource "auth0_client" "my_test_client" {
+  depends_on         = [auth0_organization.my_organization, auth0_resource_server.new_resource_server]
+  name               = "test_client"
+  organization_usage = "allow"
+  default_organization {
+    organization_id = auth0_organization.my_organization.id
+    flows           = ["client_credentials"]
+  }
+}
+
+# Create a client grant which is associated with the client and resource server.
+resource "auth0_client_grant" "my_client_grant" {
+  depends_on             = [auth0_resource_server.new_resource_server, auth0_client.my_test_client]
+  client_id              = auth0_client.my_test_client.id
+  audience               = auth0_resource_server.new_resource_server.identifier
+  scopes                 = ["create:organization_client_grants", "create:resource"]
+  allow_any_organization = true
+  organization_usage     = "allow"
+}
+
+
+# Create the organization and client grant association
+resource "auth0_organization_client_grant" "associate_org_client_grant" {
+  depends_on      = [auth0_client_grant.my_client_grant]
+  organization_id = auth0_organization.my_organization.id
+  grant_id        = auth0_client_grant.my_client_grant.id
+}
+```
 
 <!-- schema generated by tfplugindocs -->
 ## Schema
@@ -22,4 +66,15 @@ With this resource, you can manage a client grant associated with an organizatio
 
 - `id` (String) The ID of this resource.
 
+## Import
+
+Import is supported using the following syntax:
 
+```shell
+# This resource can be imported by specifying the
+# organization ID and client grant ID separated by "::" (note the double colon)
+# <organizationID>::<clientGrantID>
+#
+# Example:
+terraform import auth0_organization_client_grant.my_org_client_grant "org_XXXXX::cgr_XXXXX"
+```

docs/resources/self_service_profile.md

@@ -29,9 +29,15 @@ resource "auth0_self_service_profile" "my_self_service_profile" {
 <!-- schema generated by tfplugindocs -->
 ## Schema
 
+### Required
+
+- `name` (String) The name of the self-service Profile
+
 ### Optional
 
+- `allowed_strategies` (Set of String) List of IdP strategies that will be shown to users during the Self-Service SSO flow.
 - `branding` (Block List, Max: 1) Field can be used to customize the look and feel of the wizard. (see [below for nested schema](#nestedblock--branding))
+- `description` (String) The description of the self-service Profile
 - `user_attributes` (Block List, Max: 20) This array stores the mapping information that will be shown to the user during the SS-SSO flow. The user will be prompted to map the attributes on their identity provider to ensure the specified attributes get passed to Auth0. (see [below for nested schema](#nestedblock--user_attributes))
 
 ### Read-Only

docs/resources/self_service_profile_custom_text.md

@@ -0,0 +1,51 @@
+---
+page_title: "Resource: auth0_self_service_profile_custom_text"
+description: |-
+  With this resource, you can set custom text for Self-Service Profile
+---
+
+# Resource: auth0_self_service_profile_custom_text
+
+With this resource, you can set custom text for Self-Service Profile
+
+## Example Usage
+
+```terraform
+resource "auth0_self_service_profile_custom_text" "sso_custom_text" {
+  sso_id   = "some-sso-id"
+  language = "en"
+  page     = "get-started"
+  body = jsonencode(
+    {
+      "introduction" : "Welcome! With only a few steps you'll be able to setup your new custom text."
+    }
+  )
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `body` (String) The list of text keys and values to customize the self-service SSO page. Values can be plain text or rich HTML content limited to basic styling tags and hyperlinks
+- `language` (String) The language of the custom text
+- `page` (String) The page where the custom text is shown
+- `sso_id` (String) The id of the self-service profile
+
+### Read-Only
+
+- `id` (String) The ID of this resource.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# This resource can be imported by specifying the
+# sso-profile-id, language and page separated by "::" (note the double colon)
+# <sso-profile-id>::<language>::<page>
+#
+# Example
+terraform import auth0_self_service_profile_custom_text.example "some-sso-id::en::get-started"
+```

examples/data-sources/auth0_clients/data-source.tf

@@ -0,0 +1,14 @@
+# Auth0 clients with "External" in the name
+data "auth0_clients" "external_apps" {
+  name_filter = "External"
+}
+
+# Auth0 clients filtered by non_interactive or spa app type
+data "auth0_clients" "m2m_apps" {
+  app_types = ["non_interactive", "spa"]
+}
+
+# Auth0 clients filtered by is_first_party equal to true
+data "auth0_clients" "first_party_apps" {
+  is_first_party = true
+}

examples/resources/auth0_form/resource.tf

@@ -74,6 +74,11 @@ resource "auth0_form" "my_form" {
     }
   })
 
+  messages {
+    errors = jsonencode({
+      ERR_REQUIRED_PROPERTY = "This field is required for user kyc."
+    })
+  }
   languages {
     default = "en"
     primary = "en"

examples/resources/auth0_organization_client_grant/import.sh

@@ -0,0 +1,6 @@
+# This resource can be imported by specifying the
+# organization ID and client grant ID separated by "::" (note the double colon)
+# <organizationID>::<clientGrantID>
+#
+# Example:
+terraform import auth0_organization_client_grant.my_org_client_grant "org_XXXXX::cgr_XXXXX"