auth0
Version:
SDK for Auth0 API v2
1,778 lines • 581 kB
TypeScript
/**
*
*/
export interface ActionsDraftUpdate {
/**
* True if the draft of the action should be updated with the reverted version.
*
*/
update_draft?: boolean;
}
/**
* Certificate information. This object is relevant only for Custom Domains with Auth0-Managed Certificates.
*/
export interface Certificate {
/**
* The provisioning status of the certificate.
*
*/
status?: CertificateStatusEnum;
/**
* A user-friendly error message will be presented if the certificate status is provisioning_failed or renewing_failed.
*
*/
error_msg?: string;
/**
* The Certificate Authority issued the certificate.
*
*/
certificate_authority?: CertificateCertificateAuthorityEnum;
/**
* The certificate will be renewed prior to this date.
*
*/
renews_before?: string;
}
export declare const CertificateStatusEnum: {
readonly provisioning: "provisioning";
readonly provisioning_failed: "provisioning_failed";
readonly provisioned: "provisioned";
readonly renewing_failed: "renewing_failed";
};
export type CertificateStatusEnum = (typeof CertificateStatusEnum)[keyof typeof CertificateStatusEnum];
export declare const CertificateCertificateAuthorityEnum: {
readonly letsencrypt: "letsencrypt";
readonly googletrust: "googletrust";
};
export type CertificateCertificateAuthorityEnum = (typeof CertificateCertificateAuthorityEnum)[keyof typeof CertificateCertificateAuthorityEnum];
/**
*
*/
export interface Client {
[key: string]: any | any;
/**
* ID of this client.
*
*/
client_id: string;
/**
* Name of the tenant this client belongs to.
*
*/
tenant: string;
/**
* Name of this client (min length: 1 character, does not allow `<` or `>`).
*
*/
name: string;
/**
* Free text description of this client (max length: 140 characters).
*
*/
description: string;
/**
* Whether this is your global 'All Applications' client representing legacy tenant settings (true) or a regular client (false).
*
*/
global: boolean;
/**
* Client secret (which you must not make public).
*
*/
client_secret: string;
/**
* Type of client used to determine which settings are applicable. Can be `spa`, `native`, `non_interactive`, or `regular_web`.
*
*/
app_type: string;
/**
* URL of the logo to display for this client. Recommended size is 150x150 pixels.
*
*/
logo_uri: string;
/**
* Whether this client a first party client (true) or not (false).
*
*/
is_first_party: boolean;
/**
* Whether this client conforms to <a href='https://auth0.com/docs/api-auth/tutorials/adoption'>strict OIDC specifications</a> (true) or uses legacy features (false).
*
*/
oidc_conformant: boolean;
/**
* Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication.
*
*/
callbacks: Array<string>;
/**
* Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs.
*
*/
allowed_origins: Array<string>;
/**
* Comma-separated list of allowed origins for use with <a href='https://auth0.com/docs/cross-origin-authentication'>Cross-Origin Authentication</a>, <a href='https://auth0.com/docs/flows/concepts/device-auth'>Device Flow</a>, and <a href='https://auth0.com/docs/protocols/oauth2#how-response-mode-works'>web message response mode</a>.
*
*/
web_origins: Array<string>;
/**
* List of audiences/realms for SAML protocol. Used by the wsfed addon.
*
*/
client_aliases: Array<string>;
/**
* List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed.
*
*/
allowed_clients: Array<string>;
/**
* Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains.
*
*/
allowed_logout_urls: Array<string>;
/**
*/
oidc_logout: ClientOidcLogout;
/**
* List of grant types supported for this application. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, and `urn:ietf:params:oauth:grant-type:device_code`.
*
*/
grant_types: Array<string>;
/**
*/
jwt_configuration: ClientJwtConfiguration;
/**
* Signing certificates associated with this client.
*
*/
signing_keys: Array<ClientSigningKeysInner>;
/**
*/
encryption_key: ClientEncryptionKey | null;
/**
* Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false).
*
*/
sso: boolean;
/**
* Whether Single Sign On is disabled (true) or enabled (true). Defaults to true.
*
*/
sso_disabled: boolean;
/**
* Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).
*
*/
cross_origin_authentication: boolean;
/**
* URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page.
*
*/
cross_origin_loc: string;
/**
* Whether a custom login page is to be used (true) or the default provided login page (false).
*
*/
custom_login_page_on: boolean;
/**
* The content (HTML, CSS, JS) of the custom login page.
*
*/
custom_login_page: string;
/**
* The content (HTML, CSS, JS) of the custom login page. (Used on Previews)
*
*/
custom_login_page_preview: string;
/**
* HTML form template to be used for WS-Federation.
*
*/
form_template: string;
/**
*/
addons: ClientAddons;
/**
* Defines the requested authentication method for the token endpoint. Can be `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), or `client_secret_basic` (client uses HTTP Basic).
*
*/
token_endpoint_auth_method: ClientTokenEndpointAuthMethodEnum;
/**
* Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space]
*
*/
client_metadata: {
[key: string]: any;
};
/**
*/
mobile: ClientMobile;
/**
* Initiate login uri, must be https
*
*/
initiate_login_uri: string;
/**
*/
native_social_login: any | null;
/**
*/
refresh_token: ClientRefreshToken | null;
/**
*/
default_organization: ClientDefaultOrganization | null;
/**
* Defines how to proceed during an authentication transaction with regards an organization. Can be `deny` (default), `allow` or `require`.
*
*/
organization_usage: ClientOrganizationUsageEnum;
/**
* Defines how to proceed during an authentication transaction when `client.organization_usage: 'require'`. Can be `no_prompt` (default), `pre_login_prompt` or `post_login_prompt`. `post_login_prompt` requires `oidc_conformant: true`.
*
*/
organization_require_behavior: ClientOrganizationRequireBehaviorEnum;
/**
*/
client_authentication_methods: ClientClientAuthenticationMethods | null;
/**
* Makes the use of Pushed Authorization Requests mandatory for this client
*
*/
require_pushed_authorization_requests: boolean;
/**
* Makes the use of Proof-of-Possession mandatory for this client
*
*/
require_proof_of_possession: boolean;
/**
*/
signed_request_object: ClientSignedRequestObject;
/**
* Defines the compliance level for this client, which may restrict it's capabilities
*
*/
compliance_level: ClientComplianceLevelEnum;
/**
* Specifies how long, in seconds, a Pushed Authorization Request URI remains valid
*
*/
par_request_expiry: number | null;
/**
*/
token_quota: TokenQuota;
}
export declare const ClientTokenEndpointAuthMethodEnum: {
readonly none: "none";
readonly client_secret_post: "client_secret_post";
readonly client_secret_basic: "client_secret_basic";
};
export type ClientTokenEndpointAuthMethodEnum = (typeof ClientTokenEndpointAuthMethodEnum)[keyof typeof ClientTokenEndpointAuthMethodEnum];
export declare const ClientOrganizationUsageEnum: {
readonly deny: "deny";
readonly allow: "allow";
readonly require: "require";
};
export type ClientOrganizationUsageEnum = (typeof ClientOrganizationUsageEnum)[keyof typeof ClientOrganizationUsageEnum];
export declare const ClientOrganizationRequireBehaviorEnum: {
readonly no_prompt: "no_prompt";
readonly pre_login_prompt: "pre_login_prompt";
readonly post_login_prompt: "post_login_prompt";
};
export type ClientOrganizationRequireBehaviorEnum = (typeof ClientOrganizationRequireBehaviorEnum)[keyof typeof ClientOrganizationRequireBehaviorEnum];
export declare const ClientComplianceLevelEnum: {
readonly none: "none";
readonly fapi1_adv_pkj_par: "fapi1_adv_pkj_par";
readonly fapi1_adv_mtls_par: "fapi1_adv_mtls_par";
readonly null: "null";
};
export type ClientComplianceLevelEnum = (typeof ClientComplianceLevelEnum)[keyof typeof ClientComplianceLevelEnum];
/**
* Addons enabled for this client and their associated configurations.
*/
export interface ClientAddons {
/**
*/
aws: ClientAddonsAws;
/**
*/
azure_blob: ClientAddonsAzureBlob;
/**
*/
azure_sb: ClientAddonsAzureSb;
/**
*/
rms: ClientAddonsRms;
/**
*/
mscrm: ClientAddonsMscrm;
/**
*/
slack: ClientAddonsSlack;
/**
*/
sentry: ClientAddonsSentry;
/**
* Box SSO indicator (no configuration settings needed for Box SSO).
*
*/
box: {
[key: string]: any;
};
/**
* CloudBees SSO indicator (no configuration settings needed for CloudBees SSO).
*
*/
cloudbees: {
[key: string]: any;
};
/**
* Concur SSO indicator (no configuration settings needed for Concur SSO).
*
*/
concur: {
[key: string]: any;
};
/**
* Dropbox SSO indicator (no configuration settings needed for Dropbox SSO).
*
*/
dropbox: {
[key: string]: any;
};
/**
*/
echosign: ClientAddonsEchosign;
/**
*/
egnyte: ClientAddonsEgnyte;
/**
*/
firebase: ClientAddonsFirebase;
/**
*/
newrelic: ClientAddonsNewrelic;
/**
*/
office365: ClientAddonsOffice365;
/**
*/
salesforce: ClientAddonsSalesforce;
/**
*/
salesforce_api: ClientAddonsSalesforceApi;
/**
*/
salesforce_sandbox_api: ClientAddonsSalesforceSandboxApi;
/**
*/
samlp: ClientAddonsSamlp;
/**
*/
layer: ClientAddonsLayer;
/**
*/
sap_api: ClientAddonsSapApi;
/**
*/
sharepoint: ClientAddonsSharepoint;
/**
*/
springcm: ClientAddonsSpringcm;
/**
*/
wams: ClientAddonsWams;
/**
* WS-Fed (WIF) addon indicator. Actual configuration is stored in `callback` and `client_aliases` properties on the client.
*
*/
wsfed: {
[key: string]: any;
};
/**
*/
zendesk: ClientAddonsZendesk;
/**
*/
zoom: ClientAddonsZoom;
/**
*/
sso_integration: ClientAddonsSsoIntegration;
/**
* Okta Access Gateway SSO configuration
*
*/
oag: object | null;
}
/**
* AWS addon configuration.
*/
export interface ClientAddonsAws {
[key: string]: any | any;
/**
* AWS principal ARN, e.g. `arn:aws:iam::010616021751:saml-provider/idpname`
*
*/
principal: string;
/**
* AWS role ARN, e.g. `arn:aws:iam::010616021751:role/foo`
*
*/
role: string;
/**
* AWS token lifetime in seconds
*
*/
lifetime_in_seconds: number;
}
/**
* Azure Blob Storage addon configuration.
*/
export interface ClientAddonsAzureBlob {
[key: string]: any | any;
/**
* Your Azure storage account name. Usually first segment in your Azure storage URL. e.g. `https://acme-org.blob.core.windows.net` would be the account name `acme-org`.
*
*/
accountName: string;
/**
* Access key associated with this storage account.
*
*/
storageAccessKey: string;
/**
* Container to request a token for. e.g. `my-container`.
*
*/
containerName: string;
/**
* Entity to request a token for. e.g. `my-blob`. If blank the computed SAS will apply to the entire storage container.
*
*/
blobName: string;
/**
* Expiration in minutes for the generated token (default of 5 minutes).
*
*/
expiration: number;
/**
* Shared access policy identifier defined in your storage account resource.
*
*/
signedIdentifier: string;
/**
* Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
*
*/
blob_read: boolean;
/**
* Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
*
*/
blob_write: boolean;
/**
* Indicates if the issued token has permission to delete the blob.
*
*/
blob_delete: boolean;
/**
* Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation
*
*/
container_read: boolean;
/**
* Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
*
*/
container_write: boolean;
/**
* Indicates if issued token has permission to delete any blob in the container.
*
*/
container_delete: boolean;
/**
* Indicates if the issued token has permission to list blobs in the container.
*
*/
container_list: boolean;
}
/**
* Azure Storage Bus addon configuration.
*/
export interface ClientAddonsAzureSb {
[key: string]: any | any;
/**
* Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (e.g. `https://acme-org.servicebus.windows.net` would be `acme-org`).
*
*/
namespace: string;
/**
* Your shared access policy name defined in your Service Bus entity.
*
*/
sasKeyName: string;
/**
* Primary Key associated with your shared access policy.
*
*/
sasKey: string;
/**
* Entity you want to request a token for. e.g. `my-queue`.'
*
*/
entityPath: string;
/**
* Optional expiration in minutes for the generated token. Defaults to 5 minutes.
*
*/
expiration: number;
}
/**
* Adobe EchoSign SSO configuration.
*/
export interface ClientAddonsEchosign {
[key: string]: any | any;
/**
* Your custom domain found in your EchoSign URL. e.g. `https://acme-org.echosign.com` would be `acme-org`.
*
*/
domain: string;
}
/**
* Egnyte SSO configuration.
*/
export interface ClientAddonsEgnyte {
[key: string]: any | any;
/**
* Your custom domain found in your Egnyte URL. e.g. `https://acme-org.egnyte.com` would be `acme-org`.
*
*/
domain: string;
}
/**
* Google Firebase addon configuration.
*/
export interface ClientAddonsFirebase {
[key: string]: any | any;
/**
* Google Firebase Secret. (SDK 2 only).
*
*/
secret: string;
/**
* Optional ID of the private key to obtain kid header in the issued token (SDK v3+ tokens only).
*
*/
private_key_id: string;
/**
* Private Key for signing the token (SDK v3+ tokens only).
*
*/
private_key: string;
/**
* ID of the Service Account you have created (shown as `client_email` in the generated JSON file, SDK v3+ tokens only).
*
*/
client_email: string;
/**
* Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only).
*
*/
lifetime_in_seconds: number;
}
/**
* Layer addon configuration.
*/
export interface ClientAddonsLayer {
[key: string]: any | any;
/**
* Provider ID of your Layer account
*
*/
providerId: string;
/**
* Authentication Key identifier used to sign the Layer token.
*
*/
keyId: string;
/**
* Private key for signing the Layer token.
*
*/
privateKey: string;
/**
* Name of the property used as the unique user id in Layer. If not specified `user_id` is used.
*
*/
principal?: string;
/**
* Optional expiration in minutes for the generated token. Defaults to 5 minutes.
*
*/
expiration?: number;
}
/**
* Microsoft Dynamics CRM SSO configuration.
*/
export interface ClientAddonsMscrm {
[key: string]: any | any;
/**
* Microsoft Dynamics CRM application URL.
*
*/
url: string;
}
/**
* New Relic SSO configuration.
*/
export interface ClientAddonsNewrelic {
[key: string]: any | any;
/**
* Your New Relic Account ID found in your New Relic URL after the `/accounts/` path. e.g. `https://rpm.newrelic.com/accounts/123456/query` would be `123456`.
*
*/
account: string;
}
/**
* Microsoft Office 365 SSO configuration.
*/
export interface ClientAddonsOffice365 {
[key: string]: any | any;
/**
* Your Office 365 domain name. e.g. `acme-org.com`.
*
*/
domain: string;
/**
* Optional Auth0 database connection for testing an already-configured Office 365 tenant.
*
*/
connection: string;
}
/**
* Active Directory Rights Management Service SSO configuration.
*/
export interface ClientAddonsRms {
[key: string]: any | any;
/**
* URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it.
*
*/
url: string;
}
/**
* Salesforce SSO configuration.
*/
export interface ClientAddonsSalesforce {
[key: string]: any | any;
/**
* Arbitrary logical URL that identifies the Saleforce resource. e.g. `https://acme-org.com`.
*
*/
entity_id: string;
}
/**
* Salesforce API addon configuration.
*/
export interface ClientAddonsSalesforceApi {
[key: string]: any | any;
/**
* Consumer Key assigned by Salesforce to the Connected App.
*
*/
clientid: string;
/**
* Name of the property in the user object that maps to a Salesforce username. e.g. `email`.
*
*/
principal: string;
/**
* Community name.
*
*/
communityName: string;
/**
* Community url section.
*
*/
community_url_section: string;
}
/**
* Salesforce Sandbox addon configuration.
*/
export interface ClientAddonsSalesforceSandboxApi {
[key: string]: any | any;
/**
* Consumer Key assigned by Salesforce to the Connected App.
*
*/
clientid: string;
/**
* Name of the property in the user object that maps to a Salesforce username. e.g. `email`.
*
*/
principal: string;
/**
* Community name.
*
*/
communityName: string;
/**
* Community url section.
*
*/
community_url_section: string;
}
/**
* SAML2 addon indicator (no configuration settings needed for SAML2 addon).
*/
export interface ClientAddonsSamlp {
[key: string]: any | any;
/**
*/
mappings: {
[key: string]: any;
};
/**
*/
audience: string;
/**
*/
recipient: string;
/**
*/
createUpnClaim: boolean;
/**
*/
mapUnknownClaimsAsIs: boolean;
/**
*/
passthroughClaimsWithNoMapping: boolean;
/**
*/
mapIdentities: boolean;
/**
*/
signatureAlgorithm: string;
/**
*/
digestAlgorithm: string;
/**
*/
issuer: string;
/**
*/
destination: string;
/**
*/
lifetimeInSeconds: number;
/**
*/
signResponse: boolean;
/**
*/
nameIdentifierFormat: string;
/**
*/
nameIdentifierProbes: Array<string>;
/**
*/
authnContextClassRef: string;
}
/**
* SAP API addon configuration.
*/
export interface ClientAddonsSapApi {
[key: string]: any | any;
/**
* If activated in the OAuth 2.0 client configuration (transaction SOAUTH2) the SAML attribute client_id must be set and equal the client_id form parameter of the access token request.
*
*/
clientid: string;
/**
* Name of the property in the user object that maps to a SAP username. e.g. `email`.
*
*/
usernameAttribute: string;
/**
* Your SAP OData server OAuth2 token endpoint URL.
*
*/
tokenEndpointUrl: string;
/**
* Requested scope for SAP APIs.
*
*/
scope: string;
/**
* Service account password to use to authenticate API calls to the token endpoint.
*
*/
servicePassword: string;
/**
* NameID element of the Subject which can be used to express the user's identity. Defaults to `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified`.
*
*/
nameIdentifierFormat: string;
}
/**
* Sentry SSO configuration.
*/
export interface ClientAddonsSentry {
[key: string]: any | any;
/**
* Generated slug for your Sentry organization. Found in your Sentry URL. e.g. `https://sentry.acme.com/acme-org/` would be `acme-org`.
*
*/
org_slug: string;
/**
* URL prefix only if running Sentry Community Edition, otherwise leave should be blank.
*
*/
base_url: string;
}
/**
* SharePoint SSO configuration.
*/
export interface ClientAddonsSharepoint {
[key: string]: any | any;
/**
* Internal SharePoint application URL.
*
*/
url: string;
/**
*/
external_url: ClientAddonsSharepointExternalUrl;
}
/**
* External SharePoint application URLs if exposed to the Internet.
*/
export type ClientAddonsSharepointExternalUrl = Array<string> | string;
/**
* Slack team or workspace name usually first segment in your Slack URL. e.g. `https://acme-org.slack.com` would be `acme-org`.
*/
export interface ClientAddonsSlack {
[key: string]: any | any;
/**
* Slack team name.
*
*/
team: string;
}
/**
* SpringCM SSO configuration.
*/
export interface ClientAddonsSpringcm {
[key: string]: any | any;
/**
* SpringCM ACS URL, e.g. `https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx`.
*
*/
acsurl: string;
}
/**
*
*/
export interface ClientAddonsSsoIntegration {
[key: string]: any | any;
/**
* SSO integration name
*
*/
name: string;
/**
* SSO integration version installed
*
*/
version: string;
}
/**
* Windows Azure Mobile Services addon configuration.
*/
export interface ClientAddonsWams {
[key: string]: any | any;
/**
* Your master key for Windows Azure Mobile Services.
*
*/
masterkey: string;
}
/**
* Zendesk SSO configuration.
*/
export interface ClientAddonsZendesk {
[key: string]: any | any;
/**
* Zendesk account name usually first segment in your Zendesk URL. e.g. `https://acme-org.zendesk.com` would be `acme-org`.
*
*/
accountName: string;
}
/**
* Zoom SSO configuration.
*/
export interface ClientAddonsZoom {
[key: string]: any | any;
/**
* Zoom account name usually first segment of your Zoom URL, e.g. `https://acme-org.zoom.us` would be `acme-org`.
*
*/
account: string;
}
/**
* Defines client authentication methods.
*/
export interface ClientClientAuthenticationMethods {
/**
*/
private_key_jwt: ClientClientAuthenticationMethodsPrivateKeyJwt;
/**
*/
tls_client_auth: ClientClientAuthenticationMethodsTlsClientAuth;
/**
*/
self_signed_tls_client_auth: ClientClientAuthenticationMethodsSelfSignedTlsClientAuth;
}
/**
* Defines `private_key_jwt` client authentication method. If this property is defined, the client is enabled to use the Private Key JWT authentication method.
*/
export interface ClientClientAuthenticationMethodsPrivateKeyJwt {
/**
* A list of unique and previously created credential IDs enabled on the client for Private Key JWT authentication.
*
*/
credentials: Array<ClientClientAuthenticationMethodsPrivateKeyJwtCredentialsInner>;
}
/**
*
*/
export interface ClientClientAuthenticationMethodsPrivateKeyJwtCredentialsInner {
/**
* Credential ID
*
*/
id: string;
}
/**
* Defines `self_signed_tls_client_auth` client authentication method. If the property is defined, the client is configured to use mTLS authentication method utilizing self-signed certificate.
*/
export interface ClientClientAuthenticationMethodsSelfSignedTlsClientAuth {
/**
* A list of unique and previously created credential IDs enabled on the client for mTLS authentication utilizing self-signed certificate.
*
*/
credentials: Array<ClientClientAuthenticationMethodsPrivateKeyJwtCredentialsInner>;
}
/**
* Defines `tls_client_auth` client authentication method. If the property is defined, the client is configured to use CA-based mTLS authentication method.
*/
export interface ClientClientAuthenticationMethodsTlsClientAuth {
/**
* A list of unique and previously created credential IDs enabled on the client for CA-based mTLS authentication.
*
*/
credentials: Array<ClientClientAuthenticationMethodsPrivateKeyJwtCredentialsInner>;
}
/**
*
*/
export interface ClientCreate {
/**
* Name of this client (min length: 1 character, does not allow `<` or `>`).
*
*/
name: string;
/**
* Free text description of this client (max length: 140 characters).
*
*/
description?: string;
/**
* URL of the logo to display for this client. Recommended size is 150x150 pixels.
*
*/
logo_uri?: string;
/**
* Comma-separated list of URLs whitelisted for Auth0 to use as a callback to the client after authentication.
*
*/
callbacks?: Array<string>;
/**
*/
oidc_logout?: ClientCreateOidcLogout;
/**
* Comma-separated list of URLs allowed to make requests from JavaScript to Auth0 API (typically used with CORS). By default, all your callback URLs will be allowed. This field allows you to enter other origins if necessary. You can also use wildcards at the subdomain level (e.g., https://*.contoso.com). Query strings and hash information are not taken into account when validating these URLs.
*
*/
allowed_origins?: Array<string>;
/**
* Comma-separated list of allowed origins for use with <a href='https://auth0.com/docs/cross-origin-authentication'>Cross-Origin Authentication</a>, <a href='https://auth0.com/docs/flows/concepts/device-auth'>Device Flow</a>, and <a href='https://auth0.com/docs/protocols/oauth2#how-response-mode-works'>web message response mode</a>.
*
*/
web_origins?: Array<string>;
/**
* List of audiences/realms for SAML protocol. Used by the wsfed addon.
*
*/
client_aliases?: Array<string>;
/**
* List of allow clients and API ids that are allowed to make delegation requests. Empty means all all your clients are allowed.
*
*/
allowed_clients?: Array<string>;
/**
* Comma-separated list of URLs that are valid to redirect to after logout from Auth0. Wildcards are allowed for subdomains.
*
*/
allowed_logout_urls?: Array<string>;
/**
* List of grant types supported for this application. Can include `authorization_code`, `implicit`, `refresh_token`, `client_credentials`, `password`, `http://auth0.com/oauth/grant-type/password-realm`, `http://auth0.com/oauth/grant-type/mfa-oob`, `http://auth0.com/oauth/grant-type/mfa-otp`, `http://auth0.com/oauth/grant-type/mfa-recovery-code`, and `urn:ietf:params:oauth:grant-type:device_code`.
*
*/
grant_types?: Array<string>;
/**
* Defines the requested authentication method for the token endpoint. Can be `none` (public client without a client secret), `client_secret_post` (client uses HTTP POST parameters), or `client_secret_basic` (client uses HTTP Basic).
*
*/
token_endpoint_auth_method?: ClientCreateTokenEndpointAuthMethodEnum;
/**
* Type of client used to determine which settings are applicable. Can be `spa`, `native`, `non_interactive`, or `regular_web`.
*
*/
app_type?: ClientCreateAppTypeEnum;
/**
* Whether this client a first party client or not
*
*/
is_first_party?: boolean;
/**
* Whether this client conforms to <a href='https://auth0.com/docs/api-auth/tutorials/adoption'>strict OIDC specifications</a> (true) or uses legacy features (false).
*
*/
oidc_conformant?: boolean;
/**
*/
jwt_configuration?: ClientCreateJwtConfiguration;
/**
*/
encryption_key?: ClientCreateEncryptionKey;
/**
* Applies only to SSO clients and determines whether Auth0 will handle Single Sign On (true) or whether the Identity Provider will (false).
*
*/
sso?: boolean;
/**
* Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).
*
*/
cross_origin_authentication?: boolean;
/**
* URL of the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page.
*
*/
cross_origin_loc?: string;
/**
* <code>true</code> to disable Single Sign On, <code>false</code> otherwise (default: <code>false</code>)
*
*/
sso_disabled?: boolean;
/**
* <code>true</code> if the custom login page is to be used, <code>false</code> otherwise. Defaults to <code>true</code>
*
*/
custom_login_page_on?: boolean;
/**
* The content (HTML, CSS, JS) of the custom login page.
*
*/
custom_login_page?: string;
/**
* The content (HTML, CSS, JS) of the custom login page. (Used on Previews)
*
*/
custom_login_page_preview?: string;
/**
* HTML form template to be used for WS-Federation.
*
*/
form_template?: string;
/**
*/
addons?: ClientCreateAddons;
/**
* Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed. Field names (max 255 chars) are alphanumeric and may only include the following special characters: :,-+=_*?"/\()<>@ [Tab] [Space]
*
*/
client_metadata?: {
[key: string]: any;
};
/**
*/
mobile?: ClientCreateMobile;
/**
* Initiate login uri, must be https
*
*/
initiate_login_uri?: string;
/**
*/
native_social_login?: ClientCreateNativeSocialLogin | null;
/**
*/
refresh_token?: ClientRefreshToken | null;
/**
*/
default_organization?: ClientCreateDefaultOrganization;
/**
* Defines how to proceed during an authentication transaction with regards an organization. Can be `deny` (default), `allow` or `require`.
*
*/
organization_usage?: ClientCreateOrganizationUsageEnum;
/**
* Defines how to proceed during an authentication transaction when `client.organization_usage: 'require'`. Can be `no_prompt` (default), `pre_login_prompt` or `post_login_prompt`. `post_login_prompt` requires `oidc_conformant: true`.
*
*/
organization_require_behavior?: ClientCreateOrganizationRequireBehaviorEnum;
/**
*/
client_authentication_methods?: ClientCreateClientAuthenticationMethods;
/**
* Makes the use of Pushed Authorization Requests mandatory for this client
*
*/
require_pushed_authorization_requests?: boolean;
/**
*/
signed_request_object?: ClientCreateSignedRequestObject;
/**
* Makes the use of Proof-of-Possession mandatory for this client
*
*/
require_proof_of_possession?: boolean;
/**
* Defines the compliance level for this client, which may restrict it's capabilities
*
*/
compliance_level?: ClientCreateComplianceLevelEnum;
/**
* Specifies how long, in seconds, a Pushed Authorization Request URI remains valid
*
*/
par_request_expiry?: number | null;
/**
*/
token_quota?: CreateTokenQuota;
}
export declare const ClientCreateTokenEndpointAuthMethodEnum: {
readonly none: "none";
readonly client_secret_post: "client_secret_post";
readonly client_secret_basic: "client_secret_basic";
};
export type ClientCreateTokenEndpointAuthMethodEnum = (typeof ClientCreateTokenEndpointAuthMethodEnum)[keyof typeof ClientCreateTokenEndpointAuthMethodEnum];
export declare const ClientCreateAppTypeEnum: {
readonly native: "native";
readonly spa: "spa";
readonly regular_web: "regular_web";
readonly non_interactive: "non_interactive";
readonly rms: "rms";
readonly box: "box";
readonly cloudbees: "cloudbees";
readonly concur: "concur";
readonly dropbox: "dropbox";
readonly mscrm: "mscrm";
readonly echosign: "echosign";
readonly egnyte: "egnyte";
readonly newrelic: "newrelic";
readonly office365: "office365";
readonly salesforce: "salesforce";
readonly sentry: "sentry";
readonly sharepoint: "sharepoint";
readonly slack: "slack";
readonly springcm: "springcm";
readonly zendesk: "zendesk";
readonly zoom: "zoom";
readonly sso_integration: "sso_integration";
readonly oag: "oag";
};
export type ClientCreateAppTypeEnum = (typeof ClientCreateAppTypeEnum)[keyof typeof ClientCreateAppTypeEnum];
export declare const ClientCreateOrganizationUsageEnum: {
readonly deny: "deny";
readonly allow: "allow";
readonly require: "require";
};
export type ClientCreateOrganizationUsageEnum = (typeof ClientCreateOrganizationUsageEnum)[keyof typeof ClientCreateOrganizationUsageEnum];
export declare const ClientCreateOrganizationRequireBehaviorEnum: {
readonly no_prompt: "no_prompt";
readonly pre_login_prompt: "pre_login_prompt";
readonly post_login_prompt: "post_login_prompt";
};
export type ClientCreateOrganizationRequireBehaviorEnum = (typeof ClientCreateOrganizationRequireBehaviorEnum)[keyof typeof ClientCreateOrganizationRequireBehaviorEnum];
export declare const ClientCreateComplianceLevelEnum: {
readonly none: "none";
readonly fapi1_adv_pkj_par: "fapi1_adv_pkj_par";
readonly fapi1_adv_mtls_par: "fapi1_adv_mtls_par";
readonly null: "null";
};
export type ClientCreateComplianceLevelEnum = (typeof ClientCreateComplianceLevelEnum)[keyof typeof ClientCreateComplianceLevelEnum];
/**
* Addons enabled for this client and their associated configurations.
*/
export interface ClientCreateAddons {
/**
*/
aws?: ClientCreateAddonsAws;
/**
*/
azure_blob?: ClientCreateAddonsAzureBlob;
/**
*/
azure_sb?: ClientCreateAddonsAzureSb;
/**
*/
rms?: ClientCreateAddonsRms;
/**
*/
mscrm?: ClientCreateAddonsMscrm;
/**
*/
slack?: ClientAddonsSlack;
/**
*/
sentry?: ClientCreateAddonsSentry;
/**
* Box SSO indicator (no configuration settings needed for Box SSO).
*
*/
box?: {
[key: string]: any;
};
/**
* CloudBees SSO indicator (no configuration settings needed for CloudBees SSO).
*
*/
cloudbees?: {
[key: string]: any;
};
/**
* Concur SSO indicator (no configuration settings needed for Concur SSO).
*
*/
concur?: {
[key: string]: any;
};
/**
* Dropbox SSO indicator (no configuration settings needed for Dropbox SSO).
*
*/
dropbox?: {
[key: string]: any;
};
/**
*/
echosign?: ClientCreateAddonsEchosign;
/**
*/
egnyte?: ClientCreateAddonsEgnyte;
/**
*/
firebase?: ClientCreateAddonsFirebase;
/**
*/
newrelic?: ClientCreateAddonsNewrelic;
/**
*/
office365?: ClientCreateAddonsOffice365;
/**
*/
salesforce?: ClientCreateAddonsSalesforce;
/**
*/
salesforce_api?: ClientCreateAddonsSalesforceApi;
/**
*/
salesforce_sandbox_api?: ClientCreateAddonsSalesforceSandboxApi;
/**
*/
samlp?: ClientCreateAddonsSamlp;
/**
*/
layer?: ClientAddonsLayer;
/**
*/
sap_api?: ClientCreateAddonsSapApi;
/**
*/
sharepoint?: ClientCreateAddonsSharepoint;
/**
*/
springcm?: ClientCreateAddonsSpringcm;
/**
*/
wams?: ClientCreateAddonsWams;
/**
* WS-Fed (WIF) addon indicator. Actual configuration is stored in `callback` and `client_aliases` properties on the client.
*
*/
wsfed?: {
[key: string]: any;
};
/**
*/
zendesk?: ClientCreateAddonsZendesk;
/**
*/
zoom?: ClientCreateAddonsZoom;
/**
*/
sso_integration?: ClientCreateAddonsSsoIntegration;
/**
* Okta Access Gateway SSO configuration
*
*/
oag?: object | null;
}
/**
* AWS addon configuration.
*/
export interface ClientCreateAddonsAws {
[key: string]: any | any;
/**
* AWS principal ARN, e.g. `arn:aws:iam::010616021751:saml-provider/idpname`
*
*/
principal?: string;
/**
* AWS role ARN, e.g. `arn:aws:iam::010616021751:role/foo`
*
*/
role?: string;
/**
* AWS token lifetime in seconds
*
*/
lifetime_in_seconds?: number;
}
/**
* Azure Blob Storage addon configuration.
*/
export interface ClientCreateAddonsAzureBlob {
[key: string]: any | any;
/**
* Your Azure storage account name. Usually first segment in your Azure storage URL. e.g. `https://acme-org.blob.core.windows.net` would be the account name `acme-org`.
*
*/
accountName?: string;
/**
* Access key associated with this storage account.
*
*/
storageAccessKey?: string;
/**
* Container to request a token for. e.g. `my-container`.
*
*/
containerName?: string;
/**
* Entity to request a token for. e.g. `my-blob`. If blank the computed SAS will apply to the entire storage container.
*
*/
blobName?: string;
/**
* Expiration in minutes for the generated token (default of 5 minutes).
*
*/
expiration?: number;
/**
* Shared access policy identifier defined in your storage account resource.
*
*/
signedIdentifier?: string;
/**
* Indicates if the issued token has permission to read the content, properties, metadata and block list. Use the blob as the source of a copy operation.
*
*/
blob_read?: boolean;
/**
* Indicates if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
*
*/
blob_write?: boolean;
/**
* Indicates if the issued token has permission to delete the blob.
*
*/
blob_delete?: boolean;
/**
* Indicates if the issued token has permission to read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation
*
*/
container_read?: boolean;
/**
* Indicates that for any blob in the container if the issued token has permission to create or write content, properties, metadata, or block list. Snapshot or lease the blob. Resize the blob (page blob only). Use the blob as the destination of a copy operation within the same account.
*
*/
container_write?: boolean;
/**
* Indicates if issued token has permission to delete any blob in the container.
*
*/
container_delete?: boolean;
/**
* Indicates if the issued token has permission to list blobs in the container.
*
*/
container_list?: boolean;
}
/**
* Azure Storage Bus addon configuration.
*/
export interface ClientCreateAddonsAzureSb {
[key: string]: any | any;
/**
* Your Azure Service Bus namespace. Usually the first segment of your Service Bus URL (e.g. `https://acme-org.servicebus.windows.net` would be `acme-org`).
*
*/
namespace?: string;
/**
* Your shared access policy name defined in your Service Bus entity.
*
*/
sasKeyName?: string;
/**
* Primary Key associated with your shared access policy.
*
*/
sasKey?: string;
/**
* Entity you want to request a token for. e.g. `my-queue`.'
*
*/
entityPath?: string;
/**
* Optional expiration in minutes for the generated token. Defaults to 5 minutes.
*
*/
expiration?: number;
}
/**
* Adobe EchoSign SSO configuration.
*/
export interface ClientCreateAddonsEchosign {
[key: string]: any | any;
/**
* Your custom domain found in your EchoSign URL. e.g. `https://acme-org.echosign.com` would be `acme-org`.
*
*/
domain?: string;
}
/**
* Egnyte SSO configuration.
*/
export interface ClientCreateAddonsEgnyte {
[key: string]: any | any;
/**
* Your custom domain found in your Egnyte URL. e.g. `https://acme-org.egnyte.com` would be `acme-org`.
*
*/
domain?: string;
}
/**
* Google Firebase addon configuration.
*/
export interface ClientCreateAddonsFirebase {
[key: string]: any | any;
/**
* Google Firebase Secret. (SDK 2 only).
*
*/
secret?: string;
/**
* Optional ID of the private key to obtain kid header in the issued token (SDK v3+ tokens only).
*
*/
private_key_id?: string;
/**
* Private Key for signing the token (SDK v3+ tokens only).
*
*/
private_key?: string;
/**
* ID of the Service Account you have created (shown as `client_email` in the generated JSON file, SDK v3+ tokens only).
*
*/
client_email?: string;
/**
* Optional expiration in seconds for the generated token. Defaults to 3600 seconds (SDK v3+ tokens only).
*
*/
lifetime_in_seconds?: number;
}
/**
* Microsoft Dynamics CRM SSO configuration.
*/
export interface ClientCreateAddonsMscrm {
[key: string]: any | any;
/**
* Microsoft Dynamics CRM application URL.
*
*/
url: string;
}
/**
* New Relic SSO configuration.
*/
export interface ClientCreateAddonsNewrelic {
[key: string]: any | any;
/**
* Your New Relic Account ID found in your New Relic URL after the `/accounts/` path. e.g. `https://rpm.newrelic.com/accounts/123456/query` would be `123456`.
*
*/
account?: string;
}
/**
* Microsoft Office 365 SSO configuration.
*/
export interface ClientCreateAddonsOffice365 {
[key: string]: any | any;
/**
* Your Office 365 domain name. e.g. `acme-org.com`.
*
*/
domain?: string;
/**
* Optional Auth0 database connection for testing an already-configured Office 365 tenant.
*
*/
connection?: string;
}
/**
* Active Directory Rights Management Service SSO configuration.
*/
export interface ClientCreateAddonsRms {
[key: string]: any | any;
/**
* URL of your Rights Management Server. It can be internal or external, but users will have to be able to reach it.
*
*/
url: string;
}
/**
* Salesforce SSO configuration.
*/
export interface ClientCreateAddonsSalesforce {
[key: string]: any | any;
/**
* Arbitrary logical URL that identifies the Saleforce resource. e.g. `https://acme-org.com`.
*
*/
entity_id?: string;
}
/**
* Salesforce API addon configuration.
*/
export interface ClientCreateAddonsSalesforceApi {
[key: string]: any | any;
/**
* Consumer Key assigned by Salesforce to the Connected App.
*
*/
clientid?: string;
/**
* Name of the property in the user object that maps to a Salesforce username. e.g. `email`.
*
*/
principal?: string;
/**
* Community name.
*
*/
communityName?: string;
/**
* Community url section.
*
*/
community_url_section?: string;
}
/**
* Salesforce Sandbox addon configuration.
*/
export interface ClientCreateAddonsSalesforceSandboxApi {
[key: string]: any | any;
/**
* Consumer Key assigned by Salesforce to the Connected App.
*
*/
clientid?: string;
/**
* Name of the property in the user object that maps to a Salesforce username. e.g. `email`.
*
*/
principal?: string;
/**
* Community name.
*
*/
communityName?: string;
/**
* Community url section.
*
*/
community_url_section?: string;
}
/**
* SAML2 addon indicator (no configuration settings needed for SAML2 addon).
*/
export interface ClientCreateAddonsSamlp {
[key: string]: any | any;
/**
*/
mappings?: {
[key: string]: any;
};
/**
*/
audience?: string;
/**
*/
recipient?: string;
/**
*/
createUpnClaim?: boolean;
/**
*/
mapUnknownClaimsAsIs?: boolean;
/**
*/
passthroughClaimsWithNoMapping?: boolean;
/**
*/
mapIdentities?: boolean;
/**
*/
signatureAlgorithm?: string;
/**
*/
digestAlgorithm?: string;
/**
*/
issuer?: string;
/**
*/
destination?: string;
/**
*/
lifetimeInSeconds?: number;
/**
*/
signResponse?: boolean;
/**
*/
nameIdentifierFormat?: string;
/**
*/
nameIdentifierProbes?: Array<string>;
/**
*/
authnContextClassRef?: string;
}
/**
* SAP API addon configuration.
*/
export interface ClientCreateAddonsSapApi {
[key: string]: any | any;
/**
* If activated in the OAuth 2.0 client configuration (transaction SOAUTH2) the SAML attribute client_id must be set and equal the client_id form parameter of the access token request.
*
*/
clientid?: string;
/**
* Name of the property in the user object that maps to a SAP username. e.g. `email`.
*
*/
usernameAttribute?: string;
/**
* Your SAP OData server OAuth2 token endpoint URL.
*
*/
tokenEndpointUrl?: string;
/**
* Requested scope for SAP APIs.
*
*/
scope?: string;
/**
* Service account password to use to authenticate API calls to the token endpoint.
*
*/
servicePassword?: string;
/**
* NameID element of the Subject which can be used to express the user's identity. Defaults to `urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified`.
*
*/
nameIdentifierFormat?: string;
}
/**
* Sentry SSO configuration.
*/
export interface ClientCreateAddonsSentry {
[key: string]: any | any;
/**
* Generated slug for your Sentry organization. Found in your Sentry URL. e.g. `https://sentry.acme.com/acme-org/` would be `acme-org`.
*
*/
org_slug?: string;
/**
* URL prefix only if running Sentry Community Edition, otherwise leave should be blank.
*
*/
base_url?: string;
}
/**
* SharePoint SSO configuration.
*/
export interface ClientCreateAddonsSharepoint {
[key: string]: any | any;
/**
* Internal SharePoint application URL.
*
*/
url?: string;
/**
*/
external_url?: ClientAddonsSharepointExternalUrl;
}
/**
* SpringCM SSO configuration.
*/
export interface ClientCreateAddonsSpringcm {
[key: string]: any | any;
/**
* SpringCM ACS URL, e.g. `https://na11.springcm.com/atlas/sso/SSOEndpoint.ashx`.
*
*/
acsurl?: string;
}
/**
*
*/
export interface ClientCreateAddonsSsoIntegration {
[key: string]: any | any;
/**
* SSO integration name
*
*/
name?: string;
/**
* SSO integration version installed
*
*/
version?: string;
}
/**
* Windows Azure Mobile Services addon configuration.
*/
export interface ClientCreateAddonsWams {
[key: string]: any | any;
/**
* Your master key for Windows Azure Mobile Services.
*