Skip to content

Latest commit

 

History

History
605 lines (332 loc) · 15.4 KB

REFERENCE.md

File metadata and controls

605 lines (332 loc) · 15.4 KB
Raw

Reference

Table of Contents

Resource types

  • auth0_client: This type provides Puppet with the capabilities to manage Auth0 Client (Application) resources. Note that this resource type makes use of th
  • auth0_client_grant: This type provides Puppet with the capabilities to manage client grants. Note that this resource type makes use of the following scopes from
  • auth0_connection: This type provides Puppet with the capabilities to manage Auth0 Connections. Note that this resource type makes use of the following scopes
  • auth0_resource_server: This type provides Puppet with the capabilities to manage Auth0 Resource Servers (APIs). Note that this resource type makes use of the follo
  • auth0_rule: This type provides Puppet with the capabilities to manage Auth0 Rules. Note that this resource type makes use of the following scopes from t

Functions

Resource types

auth0_client

This type provides Puppet with the capabilities to manage Auth0 Client (Application) resources.

Note that this resource type makes use of the following scopes from the Auth0 Management API:

  • read:clients
  • create:clients
  • delete:clients
  • update:clients

Properties

The following properties are available in the auth0_client type.

ensure

Data type: Enum[present, absent]

Whether this resource should be present or absent on the target system.

Default value: present

puppet_resource_identifier

Data type: String[0,255]

A unique identifier for this client; stored in the client_metadata hash under the key "puppet_resource_identifier".

display_name

Data type: Pattern[/^[^<>]+$/] *this data type contains a regex that may not be accurately reflected in generated documentation

The name of the client (Application). Does not allow "<" or ">".

description

Data type: Optional[String[0,140]]

Free text description of the purpose of this client.

logo_uri

Data type: Optional[String]

The URL of the client logo (recommended size: 150x150).

callbacks

Data type: Optional[Array[String]]

A set of URLs that are valid to call back from Auth0 when authenticating users. To remove all callbacks you must specify an empty array; leaving this undefined will leave existing callbacks untouched.

keep_extra_callbacks

Data type: Boolean

If true, callbacks set in Auth0 but not in puppet will be left in place.

allowed_origins

Data type: Optional[Array[String]]

A set of URLs that represent valid origins for CORS.

keep_extra_allowed_origins

Data type: Boolean

If true, allowed_origins set in Auth0 but not in puppet will be left in place.

web_origins

Data type: Optional[Array[String]]

A set of URLs that represents valid web origins for use with web message response mode.

keep_extra_web_origins

Data type: Boolean

If true, web_origins set in Auth0 but not in puppet will be left in place.

client_aliases

Data type: Optional[Array[String]]

List of audiences for SAML protocol.

allowed_logout_urls

Data type: Optional[Array[String]]

A set of URLs that are valid to redirect to after logout from Auth0

keep_extra_allowed_logout_urls

Data type: Boolean

If true, allowed_logout_urls set in Auth0 but not in puppet will be left in place.

grant_types

Data type: Optional[Array[String]]

A set of grant types that the client is authorized to use

token_endpoint_auth_method

Data type: Optional[Enum['none','client_secret_post','client_secret_basic']]

Defines the requested authentication methods for the token endpoint.

app_type

Data type: Optional[String]

The type of application this client represents. Common values include "native", "spa" (single-page-application), "non_interactive" (Machine-to-Machine) and "regular_web".

oidc_conformant

Data type: Optional[Boolean]

Whether this client will conform to string OIDC specifications.

jwt_lifetime_in_seconds

Data type: Optional[Integer]

The amount of time (in seconds) that the token will be valid after being issued.

jwt_alg

Data type: Optional[Enum['HS256','RS256']]

The algorithm used to sign the JsonWebToken

sso

Data type: Optional[Boolean]

Whether to use Auth0 instead of the IdP to do single sign on.

sso_disabled

Data type: Optional[Boolean]

Whether to disable Single Sign On

client_id

Data type: String

Auth0 server-side unique identifier for Client.

auth0_client_grant

This type provides Puppet with the capabilities to manage client grants.

Note that this resource type makes use of the following scopes from the Auth0 Management API:

  • read:client_grants
  • create:client_grants
  • delete:client_grants
  • update:client_grants
  • read:clients

Properties

The following properties are available in the auth0_client_grant type.

ensure

Data type: Enum[present, absent]

Whether this resource should be present or absent on the target system.

Default value: present

audience

Data type: String

The audience (identifier) of the resource server providing the grant.

scopes

Data type: Array[String]

The scopes being granted to the client application.

Default value: []

client_id

Data type: String

Auth0 server-side unique identifier for Client.

Parameters

The following parameters are available in the auth0_client_grant type.

client_resource

namevar

Data type: String

The puppet_resource_identifier of the client application receiving the grant.

auth0_connection

This type provides Puppet with the capabilities to manage Auth0 Connections.

Note that this resource type makes use of the following scopes from the Auth0 Management API:

  • read:connections
  • create:connections
  • delete:connections
  • update:connections
  • read:clients

Properties

The following properties are available in the auth0_connection type.

ensure

Data type: Enum[present, absent]

Whether this resource should be present or absent on the target system.

Default value: present

strategy

Data type: String

The type of the connection, related to the identity provider; common values include "ad" (Active Directory), "auth0" (Username-Password DB stored by Auth0), "google-oauth2", etc.

options

Data type: Optional[Hash]

A hash of options used to configure the Connection; structure of the hash depends on the selected Strategy.

clients

Data type: Optional[Array[String]]

A list of client resource identifiers for which this connection is enabled.

realms

Data type: Optional[Array[String]]

Defines the realms for which the connection will be used (ie: email domains). If the array is empty or the property is not specified, the connection name will be added as realm.

Parameters

The following parameters are available in the auth0_connection type.

name

namevar

Data type: Pattern[/^([\da-zA-Z]|[\da-zA-Z][\da-zA-Z-]{0,126}[\da-zA-Z])$/] *this data type contains a regex that may not be accurately reflected in generated documentation

The name of the connection. Must start and end with an alphanumeric character and can only contain alphanumeric characters and '-'. Max length 128.

keep_extra_clients

Data type: Boolean

If true, clients enabled for this connection in Auth0 but not in Puppet will be left in place. Only matters is clients property is specified; otherwise clients are always left alone.

keep_extra_options

Data type: Boolean

If true, options stored in Auth0 with no specified value in Puppet will be left as-is. Only matters if options property is specified; otherwise options is always left alone.

auth0_resource_server

This type provides Puppet with the capabilities to manage Auth0 Resource Servers (APIs).

Note that this resource type makes use of the following scopes from the Auth0 Management API:

  • read:resource_servers
  • create:resource_servers
  • delete:resource_servers
  • update:resource_servers

Properties

The following properties are available in the auth0_resource_server type.

ensure

Data type: Enum[present, absent]

Whether this resource should be present or absent on the target system.

Default value: present

display_name

Data type: Pattern[/^[^<>]+$/] *this data type contains a regex that may not be accurately reflected in generated documentation

The display name of the resource server.

scopes

Data type: Optional[Hash]

No description given in Auth0 API documentation

signing_alg

Data type: Optional[Enum['HS256','RS256']]

The algorithm used to sign tokens.

signing_secret

Data type: Optional[String]

The secret used to sign tokens when using symmetric algorithms.

allow_offline_access

Data type: Optional[Boolean]

Whether to allow issuance of refresh tokens for this entity.

token_lifetime

Data type: Optional[Integer]

The amount of time (in seconds) that the token will be valid after being issued.

skip_consent

Data type: Optional[Boolean]

Whether this entity allows skipping consent prompt for verifiable first-party clients.

Parameters

The following parameters are available in the auth0_resource_server type.

identifier

namevar

Data type: String

The identifier of the resource server.

auth0_rule

This type provides Puppet with the capabilities to manage Auth0 Rules.

Note that this resource type makes use of the following scopes from the Auth0 Management API:

  • read:rules
  • create:rules
  • delete:rules
  • update:rules

Properties

The following properties are available in the auth0_rule type.

ensure

Data type: Enum[present, absent]

Whether this resource should be present or absent on the target system.

Default value: present

script

Data type: String

A script that contains the rule's Javascript code.

order

Data type: Optional[Integer]

The rule's order in relation to other rules. A rule with a lower order than another rule executes first. If no order is provided it will automatically be one greater than the current maximum

run_stage

Data type: Optional[Enum['login_success','login_failure','pre_authorize','user_registration','user_blocked']]

The stage at which the rule will be executed.

Default value: login_success

enabled

Data type: Optional[Boolean]

Whether this rule is enabled

Default value: true

Parameters

The following parameters are available in the auth0_rule type.

name

namevar

Data type: Pattern[/^([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9 -]*[A-Za-z0-9])$/] *this data type contains a regex that may not be accurately reflected in generated documentation

The name of the resource you want to manage.

Functions

auth0_get_client_credentials

Type: Ruby 4.x API

Retrieves Client (Application) credentials from the Auth0 Management API.

  • Note This function uses the following scopes from Auth0's Management API:
    • read:clients
    • read:client_keys

auth0_get_client_credentials(String $puppet_resource_identifier, String $management_client_id, String $management_client_secret, String $tenant_domain)

Gets client_id and client_secret for a client specified by its puppet_resource_identifier.

Returns: Optional[Credentials] A Hash with two keys, 'client_id' and 'client_secret', containing the credentials for the requested client. Returns Undef if no client with the requested puppet_resource_identifier could be found.

Examples
Retrieving client credentials.
auth0_get_client_credentials('example_application',$auth0_id,$auth0_secret,'example.auth0.com')
puppet_resource_identifier

Data type: String

The puppet_resource_identifier of the client whose credentials will be retrieved.

management_client_id

Data type: String

The client_id that Puppet should use to access the Auth0 Management API

management_client_secret

Data type: String

The client_secret that Puppet should use to access the Auth0 Management API

tenant_domain

Data type: String

The Auth0 Domain (Tenant) that is being queried.

auth0_get_client_credentials(String $puppet_resource_identifier)

Gets client_id and client_secret for a client specified by its puppet_resource_identifier. Retrieves credentials for the Auth0 Management API from Hiera under the keys 'auth0::management_client_id', 'auth0::management_client_secret' and 'auth0::tenant_domain'.

Returns: Optional[Credentials] A Hash with two keys, 'client_id' and 'client_secret', containing the credentials for the requested client. Returns Undef if no client with the requested puppet_resource_identifier could be found.

Examples
Retrieving client credentials.
auth0_get_client_credentials('Example Application')
puppet_resource_identifier

Data type: String

The name of the client whose credentials will be retrieved

auth0_get_client_credentials_by_name

Type: Ruby 4.x API

Retrieves Client (Application) credentials from the Auth0 Management API by name.

  • Note This function uses the following scopes from Auth0's Management API:
    • read:clients
    • read:client_keys

auth0_get_client_credentials_by_name(String $client_name, String $management_client_id, String $management_client_secret, String $tenant_domain)

Gets client_id and client_secret for a client specified by name.

Returns: Optional[Credentials] A Hash with two keys, 'client_id' and 'client_secret', containing the credentials for the requested client. Returns Undef if no client with the requested name could be found.

Examples
Retrieving client credentials.
auth0_get_client_credentials_by_name('Example Application',$auth0_id,$auth0_secret,'example.auth0.com')
client_name

Data type: String

The display name of the client whose credentials will be retrieved

management_client_id

Data type: String

The client_id that Puppet should use to access the Auth0 Management API

management_client_secret

Data type: String

The client_secret that Puppet should use to access the Auth0 Management API

tenant_domain

Data type: String

The Auth0 Domain (Tenant) that is being queried.

auth0_get_client_credentials_by_name(String $client_name)

Gets client_id and client_secret for a client specified by name. Retrieves credentials for the Auth0 Management API from Hiera under the keys 'auth0::management_client_id', 'auth0::management_client_secret' and 'auth0::tenant_domain'.

Returns: Optional[Credentials] A Hash with two keys, 'client_id' and 'client_secret', containing the credentials for the requested client. Returns Undef if no client with the requested name could be found.

Examples
Retrieving client credentials.
auth0_get_client_credentials_by_name('Example Application')
client_name

Data type: String

The name of the client whose credentials will be retrieved