auth0 · duedares-rvj · Sep 6, 2024 · Aug 26, 2024 · Aug 26, 2024 · Aug 28, 2024
@@ -45,6 +45,7 @@ data "auth0_client" "some-client-by-id" {
 - `cross_origin_loc` (String) URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
 - `custom_login_page` (String) The content (HTML, CSS, JS) of the custom login page.
 - `custom_login_page_on` (Boolean) Indicates whether a custom login page is to be used.
+- `default_organization` (List of Object) Configure and associate an organization with the Client (see [below for nested schema](#nestedatt--default_organization))
 - `description` (String) Description of the purpose of the client.
 - `encryption_key` (Map of String) Encryption used for WS-Fed responses with this client.
 - `form_template` (String) HTML form template to be used for WS-Federation.
@@ -402,6 +403,15 @@ Read-Only:
 
 
 
+<a id="nestedatt--default_organization"></a>
+### Nested Schema for `default_organization`
+
+Read-Only:
+
+- `flows` (List of String)
+- `organization_id` (String)
+
+
 <a id="nestedatt--jwt_configuration"></a>
 ### Nested Schema for `jwt_configuration`
 

@@ -100,6 +100,7 @@ resource "auth0_client" "my_client" {
 - `cross_origin_loc` (String) URL of the location in your site where the cross-origin verification takes place for the cross-origin auth flow when performing authentication in your own domain instead of Auth0 Universal Login page.
 - `custom_login_page` (String) The content (HTML, CSS, JS) of the custom login page.
 - `custom_login_page_on` (Boolean) Indicates whether a custom login page is to be used.
+- `default_organization` (Block List, Max: 1) Configure and associate an organization with the Client (see [below for nested schema](#nestedblock--default_organization))
 - `description` (String) Description of the purpose of the client.
 - `encryption_key` (Map of String) Encryption used for WS-Fed responses with this client.
 - `form_template` (String) HTML form template to be used for WS-Federation.
@@ -448,6 +449,15 @@ Optional:
 
 
 
+<a id="nestedblock--default_organization"></a>
+### Nested Schema for `default_organization`
+
+Required:
+
+- `flows` (List of String) Definition of the flow that needs to be configured. Eg. client_credentials
+- `organization_id` (String) The unique identifier of the organization
+
+
 <a id="nestedblock--jwt_configuration"></a>
 ### Nested Schema for `jwt_configuration`
 

diff --git a/go.mod b/go.mod
@@ -4,7 +4,7 @@ go 1.22
 
 require (
 	github.com/PuerkitoBio/rehttp v1.4.0
-	github.com/auth0/go-auth0 v1.9.0
+	github.com/auth0/go-auth0 v1.9.1-0.20240821140854-dd19483aa48c
 	github.com/google/go-cmp v0.6.0
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/go-multierror v1.1.1

diff --git a/go.sum b/go.sum
@@ -26,6 +26,8 @@ github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/auth0/go-auth0 v1.9.0 h1:IRCMQ9zLmFn8aAKkd+lopFo6IAdpARYSRf8i9ZACG48=
 github.com/auth0/go-auth0 v1.9.0/go.mod h1:p9KEEkCehO7tcDf32r1r06Ji63mqZa1QZ6IfQ172bys=
+github.com/auth0/go-auth0 v1.9.1-0.20240821140854-dd19483aa48c h1:NowlBWLzoopMnsY6oBd4Huxfb0QXCIPMbjBSEkFsnoM=
+github.com/auth0/go-auth0 v1.9.1-0.20240821140854-dd19483aa48c/go.mod h1:p9KEEkCehO7tcDf32r1r06Ji63mqZa1QZ6IfQ172bys=
 github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0 h1:0NmehRCgyk5rljDQLKUO+cRJCnduDyn11+zGZIc9Z48=
 github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0/go.mod h1:6L7zgvqo0idzI7IO8de6ZC051AfXb5ipkIJ7bIA2tGA=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=

@@ -46,6 +46,7 @@ func expandClient(data *schema.ResourceData) *management.Client {
 		Addons:                             expandClientAddons(data),
 		NativeSocialLogin:                  expandClientNativeSocialLogin(data),
 		Mobile:                             expandClientMobile(data),
+		DefaultOrganization:                expandDefaultOrganization(data),
 	}
 
 	if data.IsNewResource() && client.IsTokenEndpointIPHeaderTrusted != nil {
@@ -64,6 +65,23 @@ func expandClient(data *schema.ResourceData) *management.Client {
 	return client
 }
 
+func expandDefaultOrganization(data *schema.ResourceData) *management.ClientDefaultOrganization {
+	defaultOrganizationConfig := data.GetRawConfig().GetAttr("default_organization")
+	if defaultOrganizationConfig.IsNull() {
+		return nil
+	}
+
+	var defaultOrg management.ClientDefaultOrganization
+
+	defaultOrganizationConfig.ForEachElement(func(_ cty.Value, config cty.Value) (stop bool) {
+		defaultOrg.Flows = value.Strings(config.GetAttr("flows"))
+		defaultOrg.OrganizationID = value.String(config.GetAttr("organization_id"))
+		return stop
+	})
+
+	return &defaultOrg
+}
+
 func expandOIDCBackchannelLogout(data *schema.ResourceData) *management.OIDCBackchannelLogout {
 	raw := data.GetRawConfig().GetAttr("oidc_backchannel_logout_urls")
 

@@ -506,6 +506,18 @@ func flattenClientAddonSAML2(addon *management.SAML2ClientAddon) []interface{} {
 	}
 }
 
+func flattenDefaultOrganization(defaultOrganization *management.ClientDefaultOrganization) []interface{} {
+	if defaultOrganization == nil {
+		return nil
+	}
+	return []interface{}{
+		map[string]interface{}{
+			"flows":           defaultOrganization.GetFlows(),
+			"organization_id": defaultOrganization.GetOrganizationID(),
+		},
+	}
+}
+
 func flattenClient(data *schema.ResourceData, client *management.Client) error {
 	result := multierror.Append(
 		data.Set("client_id", client.GetClientID()),
@@ -543,6 +555,7 @@ func flattenClient(data *schema.ResourceData, client *management.Client) error {
 		data.Set("client_metadata", client.GetClientMetadata()),
 		data.Set("oidc_backchannel_logout_urls", client.GetOIDCBackchannelLogout().GetBackChannelLogoutURLs()),
 		data.Set("require_pushed_authorization_requests", client.GetRequirePushedAuthorizationRequests()),
+		data.Set("default_organization", flattenDefaultOrganization(client.GetDefaultOrganization())),
 	)
 	return result.ErrorOrNil()
 }

@@ -1271,6 +1271,27 @@ func NewResource() *schema.Resource {
 					},
 				},
 			},
+			"default_organization": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				MaxItems:    1,
+				Description: "Configure and associate an organization with the Client",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"flows": {
+							Type:        schema.TypeList,
+							Elem:        &schema.Schema{Type: schema.TypeString},
+							Required:    true,
+							Description: "Definition of the flow that needs to be configured. Eg. client_credentials",
+						},
+						"organization_id": {
+							Type:        schema.TypeString,
+							Required:    true,
+							Description: "The unique identifier of the organization",
+						},
+					},
+				},
+			},
 		},
 	}
 }

@@ -2315,3 +2315,40 @@ func TestAccClientCanSetDefaultAuthMethodOnCreate(t *testing.T) {
 		},
 	})
 }
+
+const testAccCreateClientWithDefaultOrganization = `
+resource "auth0_organization" "my_org" {
+	name         = "temp-org"
+	display_name = "temp-org"
+}
+
+data "auth0_organization" "my_org-by-name" {
+	depends_on = [ resource.auth0_organization.my_org ]
+	name = "temp-org"
+}
+
+resource "auth0_client" "my_client" {
+	depends_on = [ data.auth0_organization.my_org-by-name ]
+    name = "Acceptance Test - DefaultOrganization - {{.testName}}"
+    default_organization {
+        flows = ["client_credentials"]
+        organization_id = data.auth0_organization.my_org-by-name.id
+    }
+}
+`
+
+func TestAccClientWithDefaultOrganization(t *testing.T) {
+	acctest.Test(t, resource.TestCase{
+		Steps: []resource.TestStep{
+			{
+				Config: acctest.ParseTestName(testAccCreateClientWithDefaultOrganization, t.Name()),
+				Check: resource.ComposeTestCheckFunc(
+
+					resource.TestCheckResourceAttr("auth0_client.my_client", "name", fmt.Sprintf("Acceptance Test - DefaultOrganization - %s", t.Name())),
+					resource.TestCheckResourceAttr("auth0_client.my_client", "default_organization.0.flows.0", "client_credentials"),
+					resource.TestCheckResourceAttrSet("auth0_client.my_client", "default_organization.0.organization_id"),
+				),
+			},
+		},
+	})
+}