Verification for custom domains

[squarebracket]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

I noticed that the auth0_custom_domain resource doesn't verify the domain. I don't know much about the guts of Terraform's resource dependency, but I'd imagine that it's not possible to have the auth0_custom_domain resource wait for the DNS record to work, since the DNS resource relies on the output of the custom domain resource. But perhaps there could be a separate auth0_custom_domain_verification resource that could accomplish this?

I see that the auth0 go package has a Verify method. In the simplest implementation, one could simply depends_on a null_resource that sleeps for a bit. I suppose a more thorough implementation would wait for the actual DNS record to appear.

New or Affected Resource(s)

• auth0_custom_domain_verification (I guess, see above)

Potential Terraform Configuration

# Ideal implementation
resource "auth0_custom_domain" "mydomain" {
  domain = "login.example.com"
  type = "auth0_managed_certs"
  verification_method = "txt"
}
resource "digitalocean_record" "auth0_domain" {
  domain = "example.com"
  type = upper(auth0_custom_domain.mydomain.verification[0].methods[0].name)
  name = "login"
  value = "${auth0_custom_domain.mydomain.verification[0].methods[0].record}."
}
resource "auth0_custom_domain_verification" "mydomain" {
  custom_domain_id = auth0_custom_domain.mydomain.id
  dns_record = digitalocean_record.auth0_domain.value
  dns_record_type = auth0_custom_domain.mydomain.verification[0].methods[0].name
}

# hacky version
resource "auth0_custom_domain" "mydomain" {
  domain = "login.example.com"
  type = "auth0_managed_certs"
  verification_method = "txt"
}
resource "digitalocean_record" "auth0_domain" {
  domain = "example.com"
  type = upper(auth0_custom_domain.mydomain.verification[0].methods[0].name)
  name = "login"
  value = "${auth0_custom_domain.mydomain.verification[0].methods[0].record}."
}
resource "null_resource" "delay" {
  provisioner "local-exec" {
    command = "sleep 120"
  }
  triggers = {
    before = digitalocean_record.auth0_domain.id
  }
}
resource "auth0_custom_domain_verification" "mydomain" {
  custom_domain_id = auth0_custom_domain.mydomain.id
  depends_on = ["null_resource.delay"]
}  

[hugbubby]

Another problem is that the existing documentation doesn't say anything about the verification object that I'm supposed to use, what its fields are, or how to create the DNS record that ends up verifying my auth0 custom domain.

[squarebracket]

@hugbubby unfortunately, not even the auth0 docs document the schema of the verification object, i had to figure that one out on my own...

[smyrman]

Will this approach support CNAME verification for Auth0 Managed Certificates?

• https://auth0.com/docs/custom-domains/auth0-managed-certificates#verify-ownership

[squarebracket]

@smyrman that is how #228 works.