auth0 · sergiught · Feb 23, 2022 · Feb 21, 2022 · Feb 21, 2022 · Feb 21, 2022
@@ -40,6 +40,7 @@ func TestAccDataClientByName(t *testing.T) {
 				Config: random.Template(fmt.Sprintf(testAccDataClientConfigByName, testAccClientConfig), rand),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrSet("data.auth0_client.test", "client_id"),
+					resource.TestCheckResourceAttr("data.auth0_client.test", "signing_keys.#", "1"), // checks that signing_keys is set, and it includes 1 element
 					resource.TestCheckResourceAttr("data.auth0_client.test", "name", fmt.Sprintf("Acceptance Test - %v", rand)),
 					resource.TestCheckResourceAttr("data.auth0_client.test", "app_type", "non_interactive"), // Arbitrary property selection
 					resource.TestCheckNoResourceAttr("data.auth0_client.test", "client_secret_rotation_trigger"),
@@ -67,6 +68,7 @@ func TestAccDataClientById(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttrSet("data.auth0_client.test", "id"),
 					resource.TestCheckResourceAttrSet("data.auth0_client.test", "name"),
+					resource.TestCheckResourceAttr("data.auth0_client.test", "signing_keys.#", "1"), // checks that signing_keys is set, and it includes 1 element
 					resource.TestCheckNoResourceAttr("data.auth0_client.test", "client_secret_rotation_trigger"),
 					resource.TestCheckNoResourceAttr("data.auth0_client.test", "client_secret"),
 				),

@@ -582,6 +582,11 @@ func newClient() *schema.Resource {
 					},
 				},
 			},
+			"signing_keys": {
+				Type:     schema.TypeList,
+				Elem:     &schema.Schema{Type: schema.TypeMap},
+				Computed: true,
+			},
 		},
 	}
 }
@@ -642,6 +647,7 @@ func readClient(d *schema.ResourceData, m interface{}) error {
 	d.Set("client_metadata", c.ClientMetadata)
 	d.Set("mobile", c.Mobile)
 	d.Set("initiate_login_uri", c.InitiateLoginURI)
+	d.Set("signing_keys", c.SigningKeys)
 
 	return nil
 }

@@ -83,6 +83,7 @@ func TestAccClient(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_client.my_client", "addons.0.samlp.0.signing_cert", "-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "client_metadata.foo", "zoo"),
 					resource.TestCheckResourceAttr("auth0_client.my_client", "initiate_login_uri", "https://example.com/login"),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "signing_keys.#", "1"), // checks that signing_keys is set, and it includes 1 element
 				),
 			},
 		},

@@ -29,4 +29,6 @@ At least one of the following arguments required:
 
 ## Attribute Reference
 
-The client data source possesses the same attributes as the `auth0_client` resource, with the exception of `client_secret_rotation_trigger`. Refer to the [auth0_client resource documentation](../resources/client.md) for a list of returned attributes.
+The client data source possesses the same attributes as the `auth0_client` resource, except for
+`client_secret_rotation_trigger`. Refer to the [auth0_client resource documentation](../resources/client.md) for a list
+of returned attributes.
@@ -24,10 +24,11 @@ No arguments accepted.
 
 * `client_id` - String. ID of the client.
 * `client_secret`<sup>[1](#client-keys)</sup> - String. Secret for the client; keep this private.
-* `custom_login_page_on` - Boolean. Indicates whether or not a custom login page is to be used.
+* `custom_login_page_on` - Boolean. Indicates whether a custom login page is to be used.
 * `custom_login_page` - String. Content of the custom login page.
 * `client_metadata` - (Optional) Map(String)
 
 ### Client Keys
 
-To access the `client_secret` attribute you need to add the `read:client_keys` scope to the Terraform client. Otherwise, the attribute will contain an empty string.
+To access the `client_secret` attribute you need to add the `read:client_keys` scope to the Terraform client. Otherwise,
+the attribute will contain an empty string.
@@ -260,6 +260,7 @@ Attributes exported by this resource include:
 * `grant_types` - List(String). Types of grants that this client is authorized to use.
 * `custom_login_page_on` - Boolean. Indicates whether or not a custom login page is to be used.
 * `token_endpoint_auth_method` - String. Defines the requested authentication method for the token endpoint. Options include `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), `client_secret_basic` (client uses HTTP Basic).
+* `signing_keys` - List(Map). List containing a map of the public cert of the signing key and the public cert of the signing key in pkcs7.
 
 ### Client keys