auth0 · acwest · Sep 20, 2024 · Sep 13, 2024 · Sep 19, 2024 · Sep 19, 2024
@@ -31,6 +31,7 @@ resource "auth0_connection" "my_connection" {
   options {
     password_policy                = "excellent"
     brute_force_protection         = true
+    strategy_version               = 2
     enabled_database_customization = true
     import_mode                    = false
     requires_username              = true
@@ -253,6 +254,7 @@ resource "auth0_connection" "oauth2" {
   options {
     client_id              = "<client-id>"
     client_secret          = "<client-secret>"
+    strategy_version       = 2
     scopes                 = ["basic_profile", "profile", "email"]
     token_endpoint         = "https://auth.example.com/oauth2/token"
     authorization_endpoint = "https://auth.example.com/oauth2/authorize"
@@ -284,6 +286,7 @@ resource "auth0_connection" "ad" {
     disable_self_service_change_password = true
     brute_force_protection               = true
     tenant_domain                        = "example.com"
+    strategy_version                     = 2
     icon_url                             = "https://example.com/assets/logo.png"
     domain_aliases = [
       "example.com",
@@ -312,12 +315,13 @@ resource "auth0_connection" "azure_ad" {
   strategy       = "waad"
   show_as_button = true
   options {
-    identity_api  = "azure-active-directory-v1.0"
-    client_id     = "123456"
-    client_secret = "123456"
-    app_id        = "app-id-123"
-    tenant_domain = "example.onmicrosoft.com"
-    domain        = "example.onmicrosoft.com"
+    identity_api     = "azure-active-directory-v1.0"
+    client_id        = "123456"
+    client_secret    = "123456"
+    strategy_version = 2
+    app_id           = "app-id-123"
+    tenant_domain    = "example.onmicrosoft.com"
+    domain           = "example.onmicrosoft.com"
     domain_aliases = [
       "example.com",
       "api.example.com"
@@ -468,6 +472,7 @@ resource "auth0_connection" "samlp" {
     sign_in_endpoint    = "https://saml.provider/sign_in"
     sign_out_endpoint   = "https://saml.provider/sign_out"
     disable_sign_out    = true
+    strategy_version    = 2
     tenant_domain       = "example.com"
     domain_aliases      = ["example.com", "alias.example.com"]
     protocol_binding    = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

@@ -12,6 +12,7 @@ resource "auth0_connection" "my_connection" {
   options {
     password_policy                = "excellent"
     brute_force_protection         = true
+    strategy_version               = 2
     enabled_database_customization = true
     import_mode                    = false
     requires_username              = true

@@ -8,6 +8,7 @@ resource "auth0_connection" "ad" {
     disable_self_service_change_password = true
     brute_force_protection               = true
     tenant_domain                        = "example.com"
+    strategy_version                     = 2
     icon_url                             = "https://example.com/assets/logo.png"
     domain_aliases = [
       "example.com",

@@ -3,12 +3,13 @@ resource "auth0_connection" "azure_ad" {
   strategy       = "waad"
   show_as_button = true
   options {
-    identity_api  = "azure-active-directory-v1.0"
-    client_id     = "123456"
-    client_secret = "123456"
-    app_id        = "app-id-123"
-    tenant_domain = "example.onmicrosoft.com"
-    domain        = "example.onmicrosoft.com"
+    identity_api     = "azure-active-directory-v1.0"
+    client_id        = "123456"
+    client_secret    = "123456"
+    strategy_version = 2
+    app_id           = "app-id-123"
+    tenant_domain    = "example.onmicrosoft.com"
+    domain           = "example.onmicrosoft.com"
     domain_aliases = [
       "example.com",
       "api.example.com"

@@ -7,6 +7,7 @@ resource "auth0_connection" "oauth2" {
   options {
     client_id              = "<client-id>"
     client_secret          = "<client-secret>"
+    strategy_version       = 2
     scopes                 = ["basic_profile", "profile", "email"]
     token_endpoint         = "https://auth.example.com/oauth2/token"
     authorization_endpoint = "https://auth.example.com/oauth2/authorize"

@@ -10,6 +10,7 @@ resource "auth0_connection" "samlp" {
     sign_in_endpoint    = "https://saml.provider/sign_in"
     sign_out_endpoint   = "https://saml.provider/sign_out"
     disable_sign_out    = true
+    strategy_version    = 2
     tenant_domain       = "example.com"
     domain_aliases      = ["example.com", "alias.example.com"]
     protocol_binding    = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

@@ -4,7 +4,7 @@ go 1.22
 
 require (
 	github.com/PuerkitoBio/rehttp v1.4.0
-	github.com/auth0/go-auth0 v1.10.0
+	github.com/auth0/go-auth0 v1.10.1-0.20240919142940-86c7e2f07e06
 	github.com/google/go-cmp v0.6.0
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/go-multierror v1.1.1
@@ -78,7 +78,7 @@ require (
 	golang.org/x/exp v0.0.0-20240525044651-4c93da0ed11d // indirect
 	golang.org/x/mod v0.19.0 // indirect
 	golang.org/x/net v0.26.0 // indirect
-	golang.org/x/oauth2 v0.22.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/sys v0.23.0 // indirect
 	golang.org/x/text v0.17.0 // indirect

@@ -24,8 +24,8 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew
 github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
 github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/auth0/go-auth0 v1.10.0 h1:7fjcuVjtTET5NEg8RPl3uYadGto7WZnBl31LcnXANWc=
-github.com/auth0/go-auth0 v1.10.0/go.mod h1:VMTiemb4rn2TUPiH9obD2FoHS2FoTALTsnKU0NUXLxk=
+github.com/auth0/go-auth0 v1.10.1-0.20240919142940-86c7e2f07e06 h1:KhdyIAvazLFhgG1xHDNY8YdWK5C8s6TU4izA3DPhfoI=
+github.com/auth0/go-auth0 v1.10.1-0.20240919142940-86c7e2f07e06/go.mod h1:VyYseHsdB4s9jmfBqoxnzJTvZr0w17ZJ5kjNdA+ag9Y=
 github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0 h1:0NmehRCgyk5rljDQLKUO+cRJCnduDyn11+zGZIc9Z48=
 github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0/go.mod h1:6L7zgvqo0idzI7IO8de6ZC051AfXb5ipkIJ7bIA2tGA=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
@@ -238,8 +238,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ=
 golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
-golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
-golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

@@ -329,6 +329,7 @@ func expandConnectionOptionsAuth0(_ *schema.ResourceData, config cty.Value) (int
 		Configuration:                    value.MapOfStrings(config.GetAttr("configuration")),
 		Precedence:                       value.Strings(config.GetAttr("precedence")),
 		Attributes:                       expandConnectionOptionsAttributes(config.GetAttr("attributes")),
+		StrategyVersion:                  value.Int(config.GetAttr("strategy_version")),
 	}
 
 	config.GetAttr("validation").ForEachElement(
@@ -507,6 +508,7 @@ func expandConnectionOptionsOAuth2(data *schema.ResourceData, config cty.Value)
 		LogoURL:            value.String(config.GetAttr("icon_url")),
 		PKCEEnabled:        value.Bool(config.GetAttr("pkce_enabled")),
 		Scripts:            value.MapOfStrings(config.GetAttr("scripts")),
+		StrategyVersion:    value.Int(config.GetAttr("strategy_version")),
 	}
 
 	expandConnectionOptionsScopes(data, options)
@@ -691,6 +693,7 @@ func expandConnectionOptionsAD(_ *schema.ResourceData, config cty.Value) (interf
 		NonPersistentAttrs:               value.Strings(config.GetAttr("non_persistent_attrs")),
 		BruteForceProtection:             value.Bool(config.GetAttr("brute_force_protection")),
 		DisableSelfServiceChangePassword: value.Bool(config.GetAttr("disable_self_service_change_password")),
+		StrategyVersion:                  value.Int(config.GetAttr("strategy_version")),
 	}
 
 	options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes"))
@@ -721,6 +724,7 @@ func expandConnectionOptionsAzureAD(data *schema.ResourceData, config cty.Value)
 		IdentityAPI:         value.String(config.GetAttr("identity_api")),
 		NonPersistentAttrs:  value.Strings(config.GetAttr("non_persistent_attrs")),
 		TrustEmailVerified:  value.String(config.GetAttr("should_trust_email_verified_connection")),
+		StrategyVersion:     value.Int(config.GetAttr("strategy_version")),
 	}
 
 	options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes"))
@@ -850,6 +854,7 @@ func expandConnectionOptionsSAML(_ *schema.ResourceData, config cty.Value) (inte
 		EntityID:           value.String(config.GetAttr("entity_id")),
 		MetadataXML:        value.String(config.GetAttr("metadata_xml")),
 		MetadataURL:        value.String(config.GetAttr("metadata_url")),
+		StrategyVersion:    value.Int(config.GetAttr("strategy_version")),
 	}
 
 	options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes"))
@@ -907,6 +912,7 @@ func expandConnectionOptionsADFS(_ *schema.ResourceData, config cty.Value) (inte
 		EnableUsersAPI:     value.Bool(config.GetAttr("api_enable_users")),
 		TrustEmailVerified: value.String(config.GetAttr("should_trust_email_verified_connection")),
 		NonPersistentAttrs: value.Strings(config.GetAttr("non_persistent_attrs")),
+		StrategyVersion:    value.Int(config.GetAttr("strategy_version")),
 	}
 
 	options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes"))

@@ -323,6 +323,7 @@ func flattenConnectionOptionsAuth0(
 		"set_user_root_attributes":             options.GetSetUserAttributes(),
 		"upstream_params":                      upstreamParams,
 		"precedence":                           options.GetPrecedence(),
+		"strategy_version":                     options.GetStrategyVersion(),
 	}
 
 	if options.Attributes != nil {
@@ -450,6 +451,7 @@ func flattenConnectionOptionsOAuth2(
 		"non_persistent_attrs":     options.GetNonPersistentAttrs(),
 		"icon_url":                 options.GetLogoURL(),
 		"pkce_enabled":             options.GetPKCEEnabled(),
+		"strategy_version":         options.GetStrategyVersion(),
 		"upstream_params":          upstreamParams,
 	}
 
@@ -813,6 +815,7 @@ func flattenConnectionOptionsAD(
 		"non_persistent_attrs":                 options.GetNonPersistentAttrs(),
 		"set_user_root_attributes":             options.GetSetUserAttributes(),
 		"disable_self_service_change_password": options.GetDisableSelfServiceChangePassword(),
+		"strategy_version":                     options.GetStrategyVersion(),
 		"upstream_params":                      upstreamParams,
 	}
 
@@ -855,6 +858,7 @@ func flattenConnectionOptionsAzureAD(
 		"non_persistent_attrs":                   options.GetNonPersistentAttrs(),
 		"should_trust_email_verified_connection": options.GetTrustEmailVerified(),
 		"set_user_root_attributes":               options.GetSetUserAttributes(),
+		"strategy_version":                       options.GetStrategyVersion(),
 		"upstream_params":                        upstreamParams,
 	}
 
@@ -890,6 +894,7 @@ func flattenConnectionOptionsADFS(
 		"should_trust_email_verified_connection": options.GetTrustEmailVerified(),
 		"non_persistent_attrs":                   options.GetNonPersistentAttrs(),
 		"set_user_root_attributes":               options.GetSetUserAttributes(),
+		"strategy_version":                       options.GetStrategyVersion(),
 		"upstream_params":                        upstreamParams,
 	}
 
@@ -939,6 +944,7 @@ func flattenConnectionOptionsSAML(
 		"metadata_url":             options.GetMetadataURL(),
 		"metadata_xml":             data.Get("options.0.metadata_xml").(string), // Does not get read back.
 		"set_user_root_attributes": options.GetSetUserAttributes(),
+		"strategy_version":         options.GetStrategyVersion(),
 		"fields_map":               fieldsMap,
 		"upstream_params":          upstreamParams,
 	}

@@ -163,6 +163,9 @@ resource "auth0_connection_clients" "my_conn_client_assoc" {
 func TestAccConnectionClientsImport(t *testing.T) {
 	if os.Getenv("AUTH0_DOMAIN") != acctest.RecordingsDomain {
 		// The test runs only with recordings as it requires an initial setup.
+		// If you need to re-record it, comment out the t.Skip, create the
+		// resources defined above and fix the IDs in the test before running
+		// make record.
 		t.Skip()
 	}
 
@@ -172,21 +175,21 @@ func TestAccConnectionClientsImport(t *testing.T) {
 				Config:             acctest.ParseTestName(testAccConnectionClientsImport, t.Name()),
 				ResourceName:       "auth0_connection.my_conn",
 				ImportState:        true,
-				ImportStateId:      "con_ouKiPbGv6eONERfA",
+				ImportStateId:      "con_QfclIwGFilDZfig3",
 				ImportStatePersist: true,
 			},
 			{
 				Config:             acctest.ParseTestName(testAccConnectionClientsImport, t.Name()),
 				ResourceName:       "auth0_client.my_client-1",
 				ImportState:        true,
-				ImportStateId:      "TGIXl1IBOpFmwBpxuCLsoXwl5OQBa1Z7",
+				ImportStateId:      "iUytqzFf4KueZRmFL7DRFNqn8RrQGu5Q",
 				ImportStatePersist: true,
 			},
 			{
 				Config:             acctest.ParseTestName(testAccConnectionClientsImport, t.Name()),
 				ResourceName:       "auth0_connection_clients.my_conn_client_assoc",
 				ImportState:        true,
-				ImportStateId:      "con_ouKiPbGv6eONERfA",
+				ImportStateId:      "con_QfclIwGFilDZfig3",
 				ImportStatePersist: true,
 			},
 			{