Support for verifying custom domains #410
Conversation
…ting domain verification
| type = "auth0_managed_certs" | ||
| verification_method = "txt" |
There was a problem hiding this comment.
Where is the documentation for those 2 inputs?
It would be nice if the doc include the possible values for those 2 fields.
There was a problem hiding this comment.
According to the api docs, there's only one option: "txt". Maybe other types are just not documented? I have the feeling CNAME type is also an option that the dashboard uses, but haven't verified
There was a problem hiding this comment.
Yeah that is what I thought too. I'm gonna open a support ticket and see what their response is.
There was a problem hiding this comment.
From Auth0
Good day,
Thank you for contacting support. I would be happy to assist.
Our documentation on how custom domains work as documented at https://auth0.com/docs/custom-domains#how-it-works notes that you have two choices when setting up a custom domain
1. use Auth0 Managed Certificates (https://auth0.com/docs/custom-domains#auth0-managed-certificates)
2. use a Self-managed Certificate (https://auth0.com/docs/custom-domains#self-managed-certificates).
When you are using Auth0 Managed Certificates, the CNAME record that you configure for your domain can be used to verify ownership as documented at https://auth0.com/docs/custom-domains/configure-custom-domains-with-auth0-managed-certificates#verify-ownership and complete the configuration of your custom domain.
With Self-managed Certificates, an option available to Enterprise subscribers, you are choosing to take ownership of more of the pipeline by managing the SSL certificate and setting up and managing the reverse proxy to send content to Auth0, with Auth0 negotiating SSL with the proxy and not the end-user client. As documented at https://auth0.com/docs/custom-domains/configure-custom-domains-with-self-managed-certificates#verify-ownership you would use the TXT verification information you noted as part of the steps for the process for verification in this use case.
When using the endpoint to create the custom domain that you referenced https://auth0.com/docs/api/management/v2/#!/Custom_Domains/post_custom_domains the parameter you have referenced is set when you plan to use a Self-managed Certificate as the method for configuring your custom domain, as it would be required for the verification process subsequently.
Please let me know if there is any additional assistance I can offer here.
There was a problem hiding this comment.
Thanks for following up on this! After fiddling a little, I am starting to believe the verification_method is not necessary. The Auth0 dashboard doesn't specify it at all, but relies on the type to chose the correct type. auth0_managed_certs default to TXT verification and self_managed_certs default to CNAME.
In fact, even in the test specifying verification_method = "txt" are ignored. The DNS entry created at DO is of CNAME type.
Maybe best to deprecate verification_method altogether?
There was a problem hiding this comment.
I agree that since it depends on the type then better to remove it for less confusion.
There was a problem hiding this comment.
It would still be nice to have type documented to mention that it supports both self_managed_certs and auth0_managed_certs
Proposed Changes
auth0_custom_domain_verificationfor verifying custom domains.Fixes #227
Builds on #228
Acceptance Test Output
Community Note