-
-
Notifications
You must be signed in to change notification settings - Fork 150
Conversation
…ting domain verification
type = "auth0_managed_certs" | ||
verification_method = "txt" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where is the documentation for those 2 inputs?
It would be nice if the doc include the possible values for those 2 fields.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to the api docs, there's only one option: "txt". Maybe other types are just not documented? I have the feeling CNAME type is also an option that the dashboard uses, but haven't verified
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah that is what I thought too. I'm gonna open a support ticket and see what their response is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From Auth0
Good day,
Thank you for contacting support. I would be happy to assist.
Our documentation on how custom domains work as documented at https://auth0.com/docs/custom-domains#how-it-works notes that you have two choices when setting up a custom domain
1. use Auth0 Managed Certificates (https://auth0.com/docs/custom-domains#auth0-managed-certificates)
2. use a Self-managed Certificate (https://auth0.com/docs/custom-domains#self-managed-certificates).
When you are using Auth0 Managed Certificates, the CNAME record that you configure for your domain can be used to verify ownership as documented at https://auth0.com/docs/custom-domains/configure-custom-domains-with-auth0-managed-certificates#verify-ownership and complete the configuration of your custom domain.
With Self-managed Certificates, an option available to Enterprise subscribers, you are choosing to take ownership of more of the pipeline by managing the SSL certificate and setting up and managing the reverse proxy to send content to Auth0, with Auth0 negotiating SSL with the proxy and not the end-user client. As documented at https://auth0.com/docs/custom-domains/configure-custom-domains-with-self-managed-certificates#verify-ownership you would use the TXT verification information you noted as part of the steps for the process for verification in this use case.
When using the endpoint to create the custom domain that you referenced https://auth0.com/docs/api/management/v2/#!/Custom_Domains/post_custom_domains the parameter you have referenced is set when you plan to use a Self-managed Certificate as the method for configuring your custom domain, as it would be required for the verification process subsequently.
Please let me know if there is any additional assistance I can offer here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for following up on this! After fiddling a little, I am starting to believe the verification_method
is not necessary. The Auth0 dashboard doesn't specify it at all, but relies on the type to chose the correct type. auth0_managed_certs
default to TXT
verification and self_managed_certs
default to CNAME
.
In fact, even in the test specifying verification_method = "txt"
are ignored. The DNS entry created at DO is of CNAME type.
Maybe best to deprecate verification_method
altogether?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree that since it depends on the type
then better to remove it for less confusion.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would still be nice to have type
documented to mention that it supports both self_managed_certs
and auth0_managed_certs
Proposed Changes
auth0_custom_domain_verification
for verifying custom domains.Fixes #227
Builds on #228
Acceptance Test Output
Community Note