auth0 · sergiught · Jul 13, 2023 · Jul 13, 2023
diff --git a/docs/resources/client_grant.md b/docs/resources/client_grant.md
@@ -11,7 +11,7 @@ Auth0 uses various grant types, or methods by which you grant limited access to
 ## Example Usage
 
 ```terraform
-# The following example grants a client the "create:foo" permission (scope).
+# The following example grants a client the "create:foo" and "create:bar" permissions (scopes).
 
 resource "auth0_client" "my_client" {
   name = "Example Application - Client Grant (Managed by Terraform)"
@@ -35,7 +35,7 @@ resource "auth0_resource_server" "my_resource_server" {
 resource "auth0_client_grant" "my_client_grant" {
   client_id = auth0_client.my_client.id
   audience  = auth0_resource_server.my_resource_server.identifier
-  scope     = ["create:foo"]
+  scopes    = ["create:foo", "create:bar"]
 }
 ```
 
@@ -46,7 +46,7 @@ resource "auth0_client_grant" "my_client_grant" {
 
 - `audience` (String) Audience or API Identifier for this grant.
 - `client_id` (String) ID of the client for this grant.
-- `scope` (List of String) Permissions (scopes) included in this grant.
+- `scopes` (List of String) Permissions (scopes) included in this grant.
 
 ### Read-Only
 

diff --git a/examples/resources/auth0_client_grant/resource.tf b/examples/resources/auth0_client_grant/resource.tf
@@ -1,4 +1,4 @@
-# The following example grants a client the "create:foo" permission (scope).
+# The following example grants a client the "create:foo" and "create:bar" permissions (scopes).
 
 resource "auth0_client" "my_client" {
   name = "Example Application - Client Grant (Managed by Terraform)"
@@ -22,5 +22,5 @@ resource "auth0_resource_server" "my_resource_server" {
 resource "auth0_client_grant" "my_client_grant" {
   client_id = auth0_client.my_client.id
   audience  = auth0_resource_server.my_resource_server.identifier
-  scope     = ["create:foo"]
+  scopes    = ["create:foo", "create:bar"]
 }
diff --git a/internal/auth0/client/resource_grant.go b/internal/auth0/client/resource_grant.go
@@ -40,9 +40,11 @@ func NewGrantResource() *schema.Resource {
 				ForceNew:    true,
 				Description: "Audience or API Identifier for this grant.",
 			},
-			"scope": {
-				Type:        schema.TypeList,
-				Elem:        &schema.Schema{Type: schema.TypeString},
+			"scopes": {
+				Type: schema.TypeList,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
 				Required:    true,
 				Description: "Permissions (scopes) included in this grant.",
 			},
@@ -86,13 +88,14 @@ func readClientGrant(ctx context.Context, d *schema.ResourceData, m interface{})
 			d.SetId("")
 			return nil
 		}
+
 		return diag.FromErr(err)
 	}
 
 	result := multierror.Append(
 		d.Set("client_id", clientGrant.GetClientID()),
 		d.Set("audience", clientGrant.GetAudience()),
-		d.Set("scope", clientGrant.Scope),
+		d.Set("scopes", clientGrant.Scope),
 	)
 
 	return diag.FromErr(result.ErrorOrNil())
@@ -116,28 +119,26 @@ func deleteClientGrant(ctx context.Context, d *schema.ResourceData, m interface{
 
 	if err := api.ClientGrant.Delete(ctx, d.Id()); err != nil {
 		if mErr, ok := err.(management.Error); ok && mErr.Status() == http.StatusNotFound {
-			d.SetId("")
 			return nil
 		}
 		return diag.FromErr(err)
 	}
 
-	d.SetId("")
 	return nil
 }
 
 func expandClientGrant(d *schema.ResourceData) *management.ClientGrant {
-	config := d.GetRawConfig()
+	cfg := d.GetRawConfig()
 
 	clientGrant := &management.ClientGrant{}
 
 	if d.IsNewResource() {
-		clientGrant.ClientID = value.String(config.GetAttr("client_id"))
-		clientGrant.Audience = value.String(config.GetAttr("audience"))
+		clientGrant.ClientID = value.String(cfg.GetAttr("client_id"))
+		clientGrant.Audience = value.String(cfg.GetAttr("audience"))
 	}
 
-	if d.IsNewResource() || d.HasChange("scope") {
-		scopeListFromConfig := d.Get("scope").([]interface{})
+	if d.HasChange("scopes") {
+		scopeListFromConfig := d.Get("scopes").([]interface{})
 		scopeList := make([]string, 0)
 		for _, scope := range scopeListFromConfig {
 			scopeList = append(scopeList, scope.(string))

diff --git a/internal/auth0/client/resource_grant_test.go b/internal/auth0/client/resource_grant_test.go
@@ -44,7 +44,7 @@ resource "auth0_client_grant" "my_client_grant" {
 
 	client_id = auth0_client.my_client.id
 	audience  = auth0_resource_server.my_resource_server.identifier
-	scope     = [ ]
+	scopes    = [ ]
 }
 `
 
@@ -54,7 +54,7 @@ resource "auth0_client_grant" "my_client_grant" {
 
 	client_id = auth0_client.my_client.id
 	audience  = auth0_resource_server.my_resource_server.identifier
-	scope     = [ "create:foo" ]
+	scopes    = [ "create:foo" ]
 }
 `
 
@@ -64,7 +64,7 @@ resource "auth0_client_grant" "my_client_grant" {
 
 	client_id = auth0_client.my_client.id
 	audience  = auth0_resource_server.my_resource_server.identifier
-	scope     = [ ]
+	scopes    = [ ]
 }
 `
 
@@ -82,7 +82,7 @@ resource "auth0_client_grant" "my_client_grant" {
 
 	client_id = auth0_client.my_client_alt.id
 	audience  = auth0_resource_server.my_resource_server.identifier
-	scope     = [ ]
+	scopes    = [ ]
 }
 `
 
@@ -100,15 +100,15 @@ resource "auth0_client_grant" "my_client_grant" {
 
 	client_id = auth0_client.my_client_alt.id
 	audience  = auth0_resource_server.my_resource_server.identifier
-	scope     = [ ]
+	scopes    = [ ]
 }
 
 resource "auth0_client_grant" "no_conflict_client_grant" {
 	depends_on = [ auth0_client_grant.my_client_grant ]
 
 	client_id = auth0_client.my_client_alt.id
 	audience  = auth0_resource_server.my_resource_server.identifier
-	scope     = [ ]
+	scopes    = [ ]
 }
 `
 
@@ -119,32 +119,32 @@ func TestAccClientGrant(t *testing.T) {
 				Config: acctest.ParseTestName(testAccClientGrantConfigCreate, t.Name()),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("auth0_client_grant.my_client_grant", "audience", fmt.Sprintf("https://uat.tf.terraform-provider-auth0.com/client-grant/%s", t.Name())),
-					resource.TestCheckResourceAttr("auth0_client_grant.my_client_grant", "scope.#", "0"),
+					resource.TestCheckResourceAttr("auth0_client_grant.my_client_grant", "scopes.#", "0"),
 				),
 			},
 			{
 				Config: acctest.ParseTestName(testAccClientGrantConfigUpdate, t.Name()),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("auth0_client_grant.my_client_grant", "scope.#", "1"),
-					resource.TestCheckResourceAttr("auth0_client_grant.my_client_grant", "scope.0", "create:foo"),
+					resource.TestCheckResourceAttr("auth0_client_grant.my_client_grant", "scopes.#", "1"),
+					resource.TestCheckResourceAttr("auth0_client_grant.my_client_grant", "scopes.0", "create:foo"),
 				),
 			},
 			{
 				Config: acctest.ParseTestName(testAccClientGrantConfigUpdateAgain, t.Name()),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("auth0_client_grant.my_client_grant", "scope.#", "0"),
+					resource.TestCheckResourceAttr("auth0_client_grant.my_client_grant", "scopes.#", "0"),
 				),
 			},
 			{
 				Config: acctest.ParseTestName(testAccClientGrantConfigUpdateChangeClient, t.Name()),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("auth0_client_grant.my_client_grant", "scope.#", "0"),
+					resource.TestCheckResourceAttr("auth0_client_grant.my_client_grant", "scopes.#", "0"),
 				),
 			},
 			{
 				Config: acctest.ParseTestName(testAccAlreadyExistingGrantWillNotConflict, t.Name()),
 				Check: resource.ComposeTestCheckFunc(
-					resource.TestCheckResourceAttr("auth0_client_grant.no_conflict_client_grant", "scope.#", "0"),
+					resource.TestCheckResourceAttr("auth0_client_grant.no_conflict_client_grant", "scopes.#", "0"),
 				),
 			},
 		},