@pulumi/auth0 2.14.0-alpha.1663280530 → 2.14.0-alpha.1666810964

package/types/output.d.ts

@@ -1,11 +1,11 @@
-import { output as outputs } from "../types";
+import * as outputs from "../types/output";
 export interface ActionDependency {
     /**
-     * Secret name.
+     * Dependency name, e.g. `lodash`.
      */
     name: string;
     /**
-     * Trigger version.
+     * Dependency version, e.g. `latest` or `4.17.21`.
      */
     version: string;
 }
@@ -21,11 +21,11 @@ export interface ActionSecret {
 }
 export interface ActionSupportedTriggers {
     /**
-     * Trigger ID.
+     * The trigger ID.
      */
     id: string;
     /**
-     * Trigger version.
+     * The trigger version. This regulates which `runtime` versions are supported.
      */
     version: string;
 }
@@ -35,7 +35,7 @@ export interface AttackProtectionBreachedPasswordDetection {
      */
     adminNotificationFrequencies: string[];
     /**
-     * Whether or not breached password detection is active.
+     * Whether breached password detection is active.
      */
     enabled?: boolean;
     /**
@@ -43,7 +43,7 @@ export interface AttackProtectionBreachedPasswordDetection {
      */
     method: string;
     /**
-     * Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`.
+     * Action to take when a breached password is detected.
      */
     shields: string[];
 }
@@ -53,7 +53,7 @@ export interface AttackProtectionBruteForceProtection {
      */
     allowlists: string[];
     /**
-     * Whether or not breached password detection is active.
+     * Whether brute force attack protections are active.
      */
     enabled?: boolean;
     /**
@@ -61,11 +61,11 @@ export interface AttackProtectionBruteForceProtection {
      */
     maxAttempts: number;
     /**
-     * Determines whether or not IP address is used when counting failed attempts. Possible values: `countPerIdentifierAndIp` or `countPerIdentifier`.
+     * Determines whether the IP address is used when counting failed attempts. Possible values: `countPerIdentifierAndIp` or `countPerIdentifier`.
      */
     mode: string;
     /**
-     * Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`.
+     * Action to take when a brute force protection threshold is violated. Possible values: `block`, `userNotification`
      */
     shields: string[];
 }
@@ -75,7 +75,7 @@ export interface AttackProtectionSuspiciousIpThrottling {
      */
     allowlists: string[];
     /**
-     * Whether or not breached password detection is active.
+     * Whether suspicious IP throttling attack protections are active.
      */
     enabled?: boolean;
     /**
@@ -87,399 +87,442 @@ export interface AttackProtectionSuspiciousIpThrottling {
      */
     preUserRegistration: outputs.AttackProtectionSuspiciousIpThrottlingPreUserRegistration;
     /**
-     * Action to take when a breached password is detected. Possible values: `block`, `userNotification`, `adminNotification`.
+     * Action to take when a suspicious IP throttling threshold is violated. Possible values: `block`, `adminNotification`
      */
     shields: string[];
 }
 export interface AttackProtectionSuspiciousIpThrottlingPreLogin {
-    /**
-     * Maximum number of unsuccessful attempts. Only available on public tenants.
-     */
     maxAttempts: number;
     rate: number;
 }
 export interface AttackProtectionSuspiciousIpThrottlingPreUserRegistration {
-    /**
-     * Maximum number of unsuccessful attempts. Only available on public tenants.
-     */
     maxAttempts: number;
     rate: number;
 }
 export interface BrandingColors {
     /**
-     * String, Hexadecimal. Background color of login pages.
+     * Background color of login pages in hexadecimal.
      */
     pageBackground: string;
     /**
-     * String, Hexadecimal. Primary button background color.
+     * Primary button background color in hexadecimal.
      */
     primary: string;
 }
 export interface BrandingFont {
     /**
-     * String. URL for the custom font.
+     * URL for the custom font.
      */
     url: string;
 }
+export interface BrandingThemeBorders {
+    /**
+     * Button border radius. Value needs to be between `1` and `10`.
+     */
+    buttonBorderRadius: number;
+    /**
+     * Button border weight. Value needs to be between `0` and `10`.
+     */
+    buttonBorderWeight: number;
+    /**
+     * Buttons style. Available options: `pill`, `rounded`, `sharp`.
+     */
+    buttonsStyle: string;
+    /**
+     * Input border radius. Value needs to be between `0` and `10`.
+     */
+    inputBorderRadius: number;
+    /**
+     * Input border weight. Value needs to be between `0` and `3`.
+     */
+    inputBorderWeight: number;
+    /**
+     * Inputs style. Available options: `pill`, `rounded`, `sharp`.
+     */
+    inputsStyle: string;
+    /**
+     * Show widget shadow.
+     */
+    showWidgetShadow: boolean;
+    /**
+     * Widget border weight. Value needs to be between `0` and `10`.
+     */
+    widgetBorderWeight: number;
+    /**
+     * Widget corner radius. Value needs to be between `0` and `50`.
+     */
+    widgetCornerRadius: number;
+}
+export interface BrandingThemeColors {
+    /**
+     * Base focus color.
+     */
+    baseFocusColor?: string;
+    /**
+     * Base hover color.
+     */
+    baseHoverColor?: string;
+    /**
+     * Body text.
+     */
+    bodyText: string;
+    /**
+     * Error.
+     */
+    error: string;
+    /**
+     * Header.
+     */
+    header: string;
+    /**
+     * Icons.
+     */
+    icons: string;
+    /**
+     * Input background.
+     */
+    inputBackground: string;
+    /**
+     * Input border.
+     */
+    inputBorder: string;
+    /**
+     * Input filled text.
+     */
+    inputFilledText: string;
+    /**
+     * Input labels & placeholders.
+     */
+    inputLabelsPlaceholders: string;
+    /**
+     * Links & focused components.
+     */
+    linksFocusedComponents: string;
+    /**
+     * Primary button.
+     */
+    primaryButton: string;
+    /**
+     * Primary button label.
+     */
+    primaryButtonLabel: string;
+    /**
+     * Secondary button border.
+     */
+    secondaryButtonBorder: string;
+    /**
+     * Secondary button label.
+     */
+    secondaryButtonLabel: string;
+    /**
+     * Success.
+     */
+    success: string;
+    /**
+     * Widget background.
+     */
+    widgetBackground: string;
+    /**
+     * Widget border.
+     */
+    widgetBorder: string;
+}
+export interface BrandingThemeFonts {
+    /**
+     * Body text.
+     */
+    bodyText: outputs.BrandingThemeFontsBodyText;
+    /**
+     * Buttons text.
+     */
+    buttonsText: outputs.BrandingThemeFontsButtonsText;
+    /**
+     * Font URL.
+     */
+    fontUrl: string;
+    /**
+     * Input labels.
+     */
+    inputLabels: outputs.BrandingThemeFontsInputLabels;
+    /**
+     * Links.
+     */
+    links: outputs.BrandingThemeFontsLinks;
+    /**
+     * Links style.
+     */
+    linksStyle: string;
+    /**
+     * Reference text size. Value needs to be between `12` and `24`.
+     */
+    referenceTextSize: number;
+    /**
+     * Subtitle.
+     */
+    subtitle: outputs.BrandingThemeFontsSubtitle;
+    /**
+     * Title.
+     */
+    title: outputs.BrandingThemeFontsTitle;
+}
+export interface BrandingThemeFontsBodyText {
+    bold: boolean;
+    size: number;
+}
+export interface BrandingThemeFontsButtonsText {
+    bold: boolean;
+    size: number;
+}
+export interface BrandingThemeFontsInputLabels {
+    bold: boolean;
+    size: number;
+}
+export interface BrandingThemeFontsLinks {
+    bold: boolean;
+    size: number;
+}
+export interface BrandingThemeFontsSubtitle {
+    bold: boolean;
+    size: number;
+}
+export interface BrandingThemeFontsTitle {
+    bold: boolean;
+    size: number;
+}
+export interface BrandingThemePageBackground {
+    /**
+     * Background color.
+     */
+    backgroundColor: string;
+    /**
+     * Background image url.
+     */
+    backgroundImageUrl: string;
+    /**
+     * Page layout. Available options: `center`, `left`, `right`.
+     */
+    pageLayout: string;
+}
+export interface BrandingThemeWidget {
+    /**
+     * Header text alignment. Available options: `center`, `left`, `right`.
+     */
+    headerTextAlignment: string;
+    /**
+     * Logo height. Value needs to be between `1` and `100`.
+     */
+    logoHeight: number;
+    /**
+     * Logo position. Available options: `center`, `left`, `right`, `none`.
+     */
+    logoPosition: string;
+    /**
+     * Logo url.
+     */
+    logoUrl: string;
+    /**
+     * Social buttons layout.  Available options: `bottom`, `top`.
+     */
+    socialButtonsLayout: string;
+}
 export interface BrandingUniversalLogin {
     /**
-     * String, body of login pages.
+     * The body of login pages.
      */
     body: string;
 }
 export interface ClientAddons {
-    /**
-     * String
-     */
     aws?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     azureBlob?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     azureSb?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     box?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     cloudbees?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     concur?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     dropbox?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     echosign?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     egnyte?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     firebase?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     layer?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     mscrm?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     newrelic?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     office365?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     rms?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     salesforce?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     salesforceApi?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     salesforceSandboxApi?: {
         [key: string]: any;
     };
     /**
-     * List(Resource). Configuration settings for a SAML add-on. For details, see SAML.
-     */
-    samlp: outputs.ClientAddonsSamlp;
-    /**
-     * String
+     * Configuration settings for a SAML add-on.
      */
+    samlp?: outputs.ClientAddonsSamlp;
     sapApi?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     sentry?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     sharepoint?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     slack?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     springcm?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     wams?: {
         [key: string]: any;
     };
     /**
-     * String
+     * WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and `clientAliases` properties on the client.
      */
     wsfed?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     zendesk?: {
         [key: string]: any;
     };
-    /**
-     * String
-     */
     zoom?: {
         [key: string]: any;
     };
 }
 export interface ClientAddonsSamlp {
-    /**
-     * String. Audience of the SAML Assertion. Default will be the Issuer on SAMLRequest.
-     */
     audience?: string;
-    /**
-     * String. Class reference of the authentication context.
-     */
     authnContextClassRef?: string;
-    /**
-     * String. Protocol binding used for SAML logout responses.
-     */
     binding?: string;
-    /**
-     * Boolean, (Default=true) Indicates whether or not a UPN claim should be created.
-     */
     createUpnClaim?: boolean;
-    /**
-     * String. Destination of the SAML Response. If not specified, it will be AssertionConsumerUrlof SAMLRequest or Callback URL if there was no SAMLRequest.
-     */
     destination?: string;
-    /**
-     * String, (Default=`sha1`). Algorithm used to calculate the digest of the SAML Assertion or response. Options include `defaultsha1` and `sha256`.
-     */
     digestAlgorithm?: string;
-    /**
-     * Boolean,(Default=true). Indicates whether or not we should infer the NameFormat based on the attribute name. If set to false, the attribute NameFormat is not set in the assertion.
-     */
     includeAttributeNameFormat?: boolean;
-    /**
-     * Integer, (Default=3600). Number of seconds during which the token is valid.
-     */
+    issuer?: string;
     lifetimeInSeconds?: number;
-    /**
-     * Map(Resource). Configuration settings for logout. For details, see Logout.
-     */
     logout?: {
         [key: string]: any;
     };
-    /**
-     * Boolean, (Default=true). Indicates whether or not to add additional identity information in the token, such as the provider used and the access_token, if available.
-     */
     mapIdentities?: boolean;
-    /**
-     * Boolean, (Default=false). Indicates whether or not to add a prefix of `http://schema.auth0.com` to any claims that are not mapped to the common profile when passed through in the output assertion.
-     */
     mapUnknownClaimsAsIs?: boolean;
-    /**
-     * Map(String). Mappings between the Auth0 user profile property name (`name`) and the output attributes on the SAML attribute in the assertion (`value`).
-     */
     mappings?: {
         [key: string]: any;
     };
-    /**
-     * String, (Default=`urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified`). Format of the name identifier.
-     */
     nameIdentifierFormat?: string;
-    /**
-     * List(String). Attributes that can be used for Subject/NameID. Auth0 will try each of the attributes of this array in order and use the first value it finds.
-     */
     nameIdentifierProbes?: string[];
-    /**
-     * Boolean, (Default=true). Indicates whether or not to passthrough claims that are not mapped to the common profile in the output assertion.
-     */
     passthroughClaimsWithNoMapping?: boolean;
-    /**
-     * String. Recipient of the SAML Assertion (SubjectConfirmationData). Default is AssertionConsumerUrl on SAMLRequest or Callback URL if no SAMLRequest was sent.
-     */
     recipient?: string;
-    /**
-     * Boolean. Indicates whether or not the SAML Response should be signed instead of the SAML Assertion.
-     */
     signResponse?: boolean;
-    /**
-     * String, (Default=`rsa-sha1`). Algorithm used to sign the SAML Assertion or response. Options include `rsa-sha1` and `rsa-sha256`.
-     */
     signatureAlgorithm?: string;
-    /**
-     * String. Optionally indicates the public key certificate used to validate SAML requests. If set, SAML requests will be required to be signed. A sample value would be `-----BEGIN PUBLIC KEY-----\nMIGf...bpP/t3\n+JGNGIRMj1hF1rnb6QIDAQAB\n-----END PUBLIC KEY-----\n`.
-     */
     signingCert?: string;
-    /**
-     * Boolean, (Default=true). Indicates whether or not we should infer the `xs:type` of the element. Types include `xs:string`, `xs:boolean`, `xs:double`, and `xs:anyType`. When set to false, all `xs:type` are `xs:anyType`.
-     */
     typedAttributes?: boolean;
 }
 export interface ClientJwtConfiguration {
     /**
-     * String. Algorithm used to sign JWTs.
+     * Algorithm used to sign JWTs.
      */
     alg?: string;
     /**
-     * Integer. Number of seconds during which the JWT will be valid.
+     * Number of seconds during which the JWT will be valid.
      */
     lifetimeInSeconds: number;
     /**
-     * Map(String). Permissions (scopes) included in JWTs.
+     * Permissions (scopes) included in JWTs.
      */
     scopes?: {
         [key: string]: string;
     };
     /**
-     * Boolean. Indicates whether or not the client secret is base64 encoded.
+     * Indicates whether the client secret is Base64-encoded.
      */
     secretEncoded: boolean;
 }
 export interface ClientMobile {
     /**
-     * List(Resource). Configuration settings for Android native apps. For details, see Android.
+     * Configuration settings for Android native apps.
      */
-    android?: outputs.ClientMobileAndroid;
+    android: outputs.ClientMobileAndroid;
     /**
-     * List(Resource). Configuration settings for i0S native apps. For details, see iOS.
+     * Configuration settings for i0S native apps.
      */
-    ios?: outputs.ClientMobileIos;
+    ios: outputs.ClientMobileIos;
 }
 export interface ClientMobileAndroid {
-    /**
-     * String
-     */
     appPackageName?: string;
-    /**
-     * List(String)
-     */
     sha256CertFingerprints?: string[];
 }
 export interface ClientMobileIos {
-    /**
-     * String
-     */
     appBundleIdentifier?: string;
-    /**
-     * String
-     */
     teamId?: string;
 }
 export interface ClientNativeSocialLogin {
-    /**
-     * Resource:
-     */
-    apple?: outputs.ClientNativeSocialLoginApple;
-    /**
-     * Resources:
-     */
-    facebook?: outputs.ClientNativeSocialLoginFacebook;
+    apple: outputs.ClientNativeSocialLoginApple;
+    facebook: outputs.ClientNativeSocialLoginFacebook;
 }
 export interface ClientNativeSocialLoginApple {
-    /**
-     * Boolean
-     */
     enabled?: boolean;
 }
 export interface ClientNativeSocialLoginFacebook {
-    /**
-     * Boolean
-     */
     enabled?: boolean;
 }
 export interface ClientRefreshToken {
     /**
-     * String. Options include `expiring`, `non-expiring`. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is `rotating`, this must be set to `expiring`.
+     * Options include `expiring`, `non-expiring`. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is `rotating`, this must be set to `expiring`.
      */
     expirationType: string;
     /**
-     * Integer. The time in seconds after which inactive refresh tokens will expire.
+     * The time in seconds after which inactive refresh tokens will expire.
      */
     idleTokenLifetime: number;
     /**
-     * Boolean, (Default=false) Whether or not inactive refresh tokens should be remain valid indefinitely.
+     * Whether inactive refresh tokens should remain valid indefinitely.
      */
     infiniteIdleTokenLifetime: boolean;
     /**
-     * Boolean, (Default=false) Whether or not refresh tokens should remain valid indefinitely. If false, `tokenLifetime` should also be set
+     * Whether refresh tokens should remain valid indefinitely. If false, `tokenLifetime` should also be set.
      */
     infiniteTokenLifetime: boolean;
     /**
-     * Integer. The amount of time in seconds in which a refresh token may be reused without trigging reuse detection.
+     * The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
      */
     leeway: number;
     /**
-     * String. Options include `rotating`, `non-rotating`. When `rotating`, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
+     * Options include `rotating`, `non-rotating`. When `rotating`, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
      */
     rotationType: string;
     /**
-     * Integer. The absolute lifetime of a refresh token in seconds.
+     * The absolute lifetime of a refresh token in seconds.
      */
     tokenLifetime: number;
 }
@@ -492,109 +535,142 @@ export interface ConnectionOptions {
      * List of allowed audiences.
      */
     allowedAudiences: string[];
+    /**
+     * Enable API Access to users.
+     */
     apiEnableUsers?: boolean;
     /**
-     * Azure AD app ID.
+     * App ID.
      */
     appId?: string;
     /**
-     * Map(String). Use this to append or override the link parameters (like `scope`, `redirectUri`, `protocol`, `responseType`), when you send a link using email.
+     * Query string parameters to be included as part of the generated passwordless email link.
      */
     authParams?: {
         [key: string]: string;
     };
+    /**
+     * Authorization endpoint.
+     */
     authorizationEndpoint?: string;
     /**
-     * Indicates whether or not to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
+     * Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
      */
     bruteForceProtection?: boolean;
     /**
-     * OIDC provider client ID.
+     * The strategy's client ID.
      */
     clientId?: string;
     /**
-     * OIDC provider client secret.
+     * The strategy's client secret.
      */
     clientSecret?: string;
     /**
-     * String.
+     * Salesforce community base URL.
      */
     communityBaseUrl?: string;
     /**
      * A case-sensitive map of key value pairs used as configuration variables for the `customScript`.
      */
     configuration?: {
-        [key: string]: string;
+        [key: string]: any;
     };
     /**
-     * Custom database action scripts. For more information, read [Custom Database Action Script Templates](https://auth0.com/docs/connections/database/custom-db/templates).
+     * A map of scripts used to integrate with a custom database.
      */
     customScripts?: {
         [key: string]: string;
     };
     /**
-     * (Boolean) When enabled additional debugging information will be generated.
+     * When enabled, additional debug information will be generated.
      */
     debug?: boolean;
     /**
-     * Sign Request Algorithm Digest
+     * Sign Request Algorithm Digest.
      */
     digestAlgorithm?: string;
+    /**
+     * Indicates whether to disable the cache or not.
+     */
     disableCache?: boolean;
     /**
-     * (Boolean) Disables or enables user sign out.
+     * When enabled, will disable sign out.
      */
     disableSignOut?: boolean;
     /**
-     * Boolean. Indicates whether or not to allow user sign-ups to your application.
+     * Indicates whether to allow user sign-ups to your application.
      */
     disableSignup?: boolean;
     /**
-     * OpenID discovery URL. E.g. `https://auth.example.com/.well-known/openid-configuration`.
+     * OpenID discovery URL, e.g. `https://auth.example.com/.well-known/openid-configuration`.
      */
     discoveryUrl?: string;
     /**
-     * Azure AD domain name.
+     * Domain name.
      */
     domain?: string;
     /**
-     * List of the domains that can be authenticated using the Identity Provider. Only needed for Identifier First authentication flows.
+     * List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
      */
     domainAliases: string[];
+    /**
+     * Set to `true` to use a legacy user store.
+     */
     enabledDatabaseCustomization?: boolean;
     /**
      * Custom Entity ID for the connection.
      */
     entityId?: string;
     /**
-     * SAML Attributes mapping. If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
+     * If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
      */
     fieldsMap?: string;
+    /**
+     * Specifies whether or not request info should be forwarded to sms gateway.
+     */
     forwardRequestInfo?: boolean;
     /**
-     * SMS number for the sender. Used when SMS Source is From.
+     * Address to use as the sender.
      */
     from?: string;
+    /**
+     * Defines the parameters used to generate the auth token for the custom gateway.
+     */
     gatewayAuthentication?: outputs.ConnectionOptionsGatewayAuthentication;
+    /**
+     * Defines a custom sms gateway to use instead of Twilio.
+     */
     gatewayUrl?: string;
+    /**
+     * Icon URL.
+     */
     iconUrl?: string;
+    /**
+     * Azure AD Identity API. Available options are: `microsoft-identity-platform-v2.0` or `azure-active-directory-v1.0`.
+     */
     identityApi?: string;
     /**
-     * Configuration Options for IDP Initiated Authentication.  This is an object with the properties: `clientId`, `clientProtocol`, and `clientAuthorizeQuery`
+     * Configuration options for IDP Initiated Authentication. This is an object with the properties: `clientId`, `clientProtocol`, and `clientAuthorizeQuery`.
      */
     idpInitiated?: outputs.ConnectionOptionsIdpInitiated;
     /**
-     * Indicates whether or not you have a legacy user store and want to gradually migrate those users to the Auth0 user store. [Learn more](https://auth0.com/docs/users/guides/configure-automatic-migration).
+     * Indicates whether you have a legacy user store and want to gradually migrate those users to the Auth0 user store.
      */
     importMode?: boolean;
+    /**
+     * A list of IPs.
+     */
     ips: string[];
     /**
-     * Issuer URL. E.g. `https://auth.example.com`
+     * Issuer URL, e.g. `https://auth.example.com`.
      */
     issuer?: string;
+    /**
+     * JWKS URI.
+     */
     jwksUri?: string;
     /**
-     * Key ID.
+     * Apple Key ID.
      */
     keyId?: string;
     /**
@@ -606,39 +682,39 @@ export interface ConnectionOptions {
      */
     messagingServiceSid?: string;
     /**
-     * URL of the SAML metadata document.
+     * The URL of the SAML metadata document.
      */
     metadataUrl?: string;
     /**
-     * XML content for the SAML metadata document.
+     * The XML content for the SAML metadata document.
      */
     metadataXml?: string;
     /**
-     * Configuration settings Options for multifactor authentication. For details, see MFA Options.
+     * Configuration options for multifactor authentication.
      */
     mfa: outputs.ConnectionOptionsMfa;
     /**
-     * Name of the connection.
+     * The public name of the email or SMS Connection. In most cases this is the same name as the connection name.
      */
     name?: string;
     /**
-     * If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the denylist. See [here](https://auth0.com/docs/security/denylist-user-attributes) for more info.
+     * If there are user fields that should not be stored in Auth0 databases due to privacy reasons, you can add them to the DenyList here.
      */
     nonPersistentAttrs: string[];
     /**
-     * Configuration settings for password complexity. For details, see Password Complexity Options.
+     * Configuration settings for password complexity.
      */
     passwordComplexityOptions: outputs.ConnectionOptionsPasswordComplexityOptions;
     /**
-     * Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary. For details, see Password Dictionary.
+     * Configuration settings for the password dictionary check, which does not allow passwords that are part of the password dictionary.
      */
     passwordDictionary: outputs.ConnectionOptionsPasswordDictionary;
     /**
-     * Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords. For details, see Password History.
+     * Configuration settings for the password history that is maintained for each user to prevent the reuse of passwords.
      */
     passwordHistories: outputs.ConnectionOptionsPasswordHistory[];
     /**
-     * Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's name, username, nickname, user_metadata.name, user_metadata.first, user_metadata.last, user's email, or first part of the user's email. For details, see Password No Personal Info.
+     * Configuration settings for the password personal info check, which does not allow passwords that contain any part of the user's personal data, including user's `name`, `username`, `nickname`, `user_metadata.name`, `user_metadata.first`, `user_metadata.last`, user's `email`, or first part of the user's `email`.
      */
     passwordNoPersonalInfo: outputs.ConnectionOptionsPasswordNoPersonalInfo;
     /**
@@ -646,35 +722,41 @@ export interface ConnectionOptions {
      */
     passwordPolicy: string;
     /**
-     * (Boolean) Enables proof key for code exchange (PKCE) functionality for OAuth2 connections.
+     * Enables Proof Key for Code Exchange (PKCE) functionality for OAuth2 connections.
      */
     pkceEnabled?: boolean;
     /**
-     * The SAML Response Binding - how the SAML token is received by Auth0 from IdP. Two possible values are `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect` (default) and `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST`
+     * The SAML Response Binding: how the SAML token is received by Auth0 from the IdP.
      */
     protocolBinding?: string;
+    /**
+     * Defines the custom `smsGateway` provider.
+     */
     provider?: string;
     /**
-     * Template that formats the SAML request
+     * Template that formats the SAML request.
      */
     requestTemplate?: string;
     /**
-     * Indicates whether or not the user is required to provide a username in addition to an email address.
+     * Indicates whether the user is required to provide a username in addition to an email address.
      */
     requiresUsername?: boolean;
     /**
-     * Scopes required by the connection. The value must be a list, for example `["openid", "profile", "email"]`.
+     * Permissions to grant to the connection. Within the Auth0 dashboard these appear under the "Attributes" and "Extended Attributes" sections. Some examples: `basicProfile`, `extProfile`, `extNestedGroups`, etc.
      */
     scopes: string[];
+    /**
+     * A map of scripts used for an OAuth connection. Only accepts a `fetchUserProfile` script.
+     */
     scripts?: {
         [key: string]: string;
     };
     /**
-     * Determines whether the 'name', 'given_name', 'family_name', 'nickname', and 'picture' attributes can be independently updated when using the external IdP. Default is `onEachLogin` and can be set to `onFirstLogin`.
+     * Determines whether the 'name', 'given*name', 'family*name', 'nickname', and 'picture' attributes can be independently updated when using an external IdP. Possible values are 'on*each*login' (default value, it configures the connection to automatically update the root attributes from the external IdP with each user login. When this setting is used, root attributes cannot be independently updated), 'on*first*login' (configures the connection to only set the root attributes on first login, allowing them to be independently updated thereafter).
      */
     setUserRootAttributes: string;
     /**
-     * Determines how Auth0 sets the emailVerified field in the user profile. Can either be set to `neverSetEmailsAsVerified` or `alwaysSetEmailsAsVerified`.
+     * Choose how Auth0 sets the emailVerified field in the user profile.
      */
     shouldTrustEmailVerifiedConnection?: string;
     /**
@@ -686,19 +768,19 @@ export interface ConnectionOptions {
      */
     signOutEndpoint?: string;
     /**
-     * (Boolean) When enabled, the SAML authentication request will be signed.
+     * When enabled, the SAML authentication request will be signed.
      */
     signSamlRequest?: boolean;
     /**
-     * Sign Request Algorithm
+     * Sign Request Algorithm.
      */
     signatureAlgorithm?: string;
     /**
-     * The X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded
+     * X.509 signing certificate (encoded in PEM or CER) you retrieved from the IdP, Base64-encoded.
      */
     signingCert?: string;
     /**
-     * . The key used to sign requests in the connection. Uses the `key` and `cert` properties to provide the private key and certificate respectively.
+     * The key used to sign requests in the connection. Uses the `key` and `cert` properties to provide the private key and certificate respectively.
      */
     signingKey?: outputs.ConnectionOptionsSigningKey;
     /**
@@ -706,25 +788,31 @@ export interface ConnectionOptions {
      */
     strategyVersion: number;
     /**
-     * String. Subject line of the email. You can include [common variables](https://auth0.com/docs/email/templates#common-variables).
+     * Subject line of the email.
      */
     subject?: string;
     /**
-     * Syntax of the SMS. Options include `markdown` and `liquid`.
+     * Syntax of the template body.
      */
     syntax?: string;
     /**
-     * Team ID.
+     * Apple Team ID.
      */
     teamId?: string;
     /**
-     * Template for the SMS. You can use `@@password@@` as a placeholder for the password value.
+     * Body of the template.
      */
     template?: string;
+    /**
+     * Tenant domain name.
+     */
     tenantDomain?: string;
+    /**
+     * Token endpoint.
+     */
     tokenEndpoint?: string;
     /**
-     * Configuration options for one-time passwords. For details, see TOTP.
+     * Configuration options for one-time passwords.
      */
     totp?: outputs.ConnectionOptionsTotp;
     /**
@@ -740,25 +828,40 @@ export interface ConnectionOptions {
      */
     type?: string;
     /**
-     * String (JSON Encoded). You can pass provider-specific parameters to an Identity Provider during authentication. The values can either be static per connection or dynamic per user.
+     * You can pass provider-specific parameters to an identity provider during authentication. The values can either be static per connection or dynamic per user.
      */
     upstreamParams?: string;
+    /**
+     * Indicates whether to use cert auth or not.
+     */
     useCertAuth?: boolean;
+    /**
+     * Indicates whether to use Kerberos or not.
+     */
     useKerberos?: boolean;
+    /**
+     * Whether to use WS-Fed.
+     */
     useWsfed?: boolean;
     /**
      * Attribute in the SAML token that will be mapped to the userId property in Auth0.
      */
     userIdAttribute?: string;
+    /**
+     * User info endpoint.
+     */
     userinfoEndpoint?: string;
     /**
-     * Validation of the minimum and maximum values allowed for a user to have as username. For details, see Validation.
+     * Validation of the minimum and maximum values allowed for a user to have as username.
      */
     validation?: outputs.ConnectionOptionsValidation;
     /**
-     * Indicates whether or not to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
+     * Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.
      */
     waadCommonEndpoint?: boolean;
+    /**
+     * Protocol to use.
+     */
     waadProtocol?: string;
 }
 export interface ConnectionOptionsGatewayAuthentication {
@@ -766,59 +869,29 @@ export interface ConnectionOptionsGatewayAuthentication {
     method?: string;
     secret?: string;
     secretBase64Encoded?: boolean;
-    /**
-     * String. Subject line of the email. You can include [common variables](https://auth0.com/docs/email/templates#common-variables).
-     */
     subject?: string;
 }
 export interface ConnectionOptionsIdpInitiated {
     clientAuthorizeQuery?: string;
-    /**
-     * Google client ID.
-     */
     clientId?: string;
     clientProtocol?: string;
 }
 export interface ConnectionOptionsMfa {
-    /**
-     * Indicates whether multifactor authentication is enabled for this connection.
-     */
     active?: boolean;
-    /**
-     * Indicates whether multifactor authentication enrollment settings will be returned.
-     */
     returnEnrollSettings?: boolean;
 }
 export interface ConnectionOptionsPasswordComplexityOptions {
-    /**
-     * Minimum number of characters allowed in passwords.
-     */
     minLength?: number;
 }
 export interface ConnectionOptionsPasswordDictionary {
-    /**
-     * Customized contents of the password dictionary. By default, the password dictionary contains a list of the [10,000 most common passwords](https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10k-most-common.txt); your customized content is used in addition to the default password dictionary. Matching is not case-sensitive.
-     */
     dictionaries?: string[];
-    /**
-     * Indicates whether the password dictionary check is enabled for this connection.
-     */
     enable?: boolean;
 }
 export interface ConnectionOptionsPasswordHistory {
-    /**
-     * Indicates whether password history is enabled for the connection. When enabled, any existing users in this connection will be unaffected; the system will maintain their password history going forward.
-     */
     enable?: boolean;
-    /**
-     * Indicates the number of passwords to keep in history with a maximum of 24.
-     */
     size?: number;
 }
 export interface ConnectionOptionsPasswordNoPersonalInfo {
-    /**
-     * Indicates whether the password personal info check is enabled for this connection.
-     */
     enable?: boolean;
 }
 export interface ConnectionOptionsSigningKey {
@@ -826,19 +899,10 @@ export interface ConnectionOptionsSigningKey {
     key: string;
 }
 export interface ConnectionOptionsTotp {
-    /**
-     * Integer. Length of the one-time password.
-     */
     length?: number;
-    /**
-     * Integer. Seconds between allowed generation of new passwords.
-     */
     timeStep?: number;
 }
 export interface ConnectionOptionsValidation {
-    /**
-     * Specifies the `min` and `max` values of username length. `min` and `max` are integers.
-     */
     username?: outputs.ConnectionOptionsValidationUsername;
 }
 export interface ConnectionOptionsValidationUsername {
@@ -846,47 +910,47 @@ export interface ConnectionOptionsValidationUsername {
     min?: number;
 }
 export interface CustomDomainVerification {
-    /**
-     * List(Map). Verification methods for the domain.
-     */
     methods: any[];
 }
 export interface EmailCredentials {
     /**
-     * String, Case-sensitive. AWS Access Key ID. Used only for AWS.
+     * AWS Access Key ID. Used only for AWS.
      */
     accessKeyId?: string;
     /**
-     * String, Case-sensitive. API Key for your email service. Will always be encrypted in our database.
+     * API Key for your email service. Will always be encrypted in our database.
      */
     apiKey?: string;
     /**
-     * String. API User for your email service.
+     * API User for your email service.
      */
     apiUser?: string;
+    /**
+     * Domain name.
+     */
     domain?: string;
     /**
-     * String. Default region. Used only for AWS, Mailgun, and SparkPost.
+     * Default region. Used only for AWS, Mailgun, and SparkPost.
      */
     region?: string;
     /**
-     * String, Case-sensitive. AWS Secret Key. Will always be encrypted in our database. Used only for AWS.
+     * AWS Secret Key. Will always be encrypted in our database. Used only for AWS.
      */
     secretAccessKey?: string;
     /**
-     * String. Hostname or IP address of your SMTP server. Used only for SMTP.
+     * Hostname or IP address of your SMTP server. Used only for SMTP.
      */
     smtpHost?: string;
     /**
-     * String, Case-sensitive. SMTP password. Used only for SMTP.
+     * SMTP password. Used only for SMTP.
      */
     smtpPass?: string;
     /**
-     * Integer. Port used by your SMTP server. Please avoid using port 25 if possible because many providers have limitations on this port. Used only for SMTP.
+     * Port used by your SMTP server. Please avoid using port 25 if possible because many providers have limitations on this port. Used only for SMTP.
      */
     smtpPort?: number;
     /**
-     * String. SMTP username. Used only for SMTP.
+     * SMTP username. Used only for SMTP.
      */
     smtpUser?: string;
 }
@@ -982,6 +1046,7 @@ export interface GetClientAddonSamlp {
     destination: string;
     digestAlgorithm: string;
     includeAttributeNameFormat: boolean;
+    issuer: string;
     lifetimeInSeconds: number;
     logout: {
         [key: string]: any;
@@ -1131,6 +1196,7 @@ export interface GetGlobalClientAddonSamlp {
     destination: string;
     digestAlgorithm: string;
     includeAttributeNameFormat: boolean;
+    issuer: string;
     lifetimeInSeconds: number;
     logout: {
         [key: string]: any;
@@ -1243,7 +1309,10 @@ export interface GlobalClientAddons {
     salesforceSandboxApi?: {
         [key: string]: any;
     };
-    samlp: outputs.GlobalClientAddonsSamlp;
+    /**
+     * Configuration settings for a SAML add-on.
+     */
+    samlp?: outputs.GlobalClientAddonsSamlp;
     sapApi?: {
         [key: string]: any;
     };
@@ -1262,6 +1331,9 @@ export interface GlobalClientAddons {
     wams?: {
         [key: string]: any;
     };
+    /**
+     * WS-Fed (WIF) addon indicator. Actual configuration is stored in callback and `clientAliases` properties on the client.
+     */
     wsfed?: {
         [key: string]: any;
     };
@@ -1280,6 +1352,7 @@ export interface GlobalClientAddonsSamlp {
     destination?: string;
     digestAlgorithm?: string;
     includeAttributeNameFormat?: boolean;
+    issuer?: string;
     lifetimeInSeconds?: number;
     logout?: {
         [key: string]: any;
@@ -1299,16 +1372,34 @@ export interface GlobalClientAddonsSamlp {
     typedAttributes?: boolean;
 }
 export interface GlobalClientJwtConfiguration {
+    /**
+     * Algorithm used to sign JWTs.
+     */
     alg?: string;
+    /**
+     * Number of seconds during which the JWT will be valid.
+     */
     lifetimeInSeconds: number;
+    /**
+     * Permissions (scopes) included in JWTs.
+     */
     scopes?: {
         [key: string]: string;
     };
+    /**
+     * Indicates whether the client secret is Base64-encoded.
+     */
     secretEncoded: boolean;
 }
 export interface GlobalClientMobile {
-    android?: outputs.GlobalClientMobileAndroid;
-    ios?: outputs.GlobalClientMobileIos;
+    /**
+     * Configuration settings for Android native apps.
+     */
+    android: outputs.GlobalClientMobileAndroid;
+    /**
+     * Configuration settings for i0S native apps.
+     */
+    ios: outputs.GlobalClientMobileIos;
 }
 export interface GlobalClientMobileAndroid {
     appPackageName?: string;
@@ -1319,8 +1410,8 @@ export interface GlobalClientMobileIos {
     teamId?: string;
 }
 export interface GlobalClientNativeSocialLogin {
-    apple?: outputs.GlobalClientNativeSocialLoginApple;
-    facebook?: outputs.GlobalClientNativeSocialLoginFacebook;
+    apple: outputs.GlobalClientNativeSocialLoginApple;
+    facebook: outputs.GlobalClientNativeSocialLoginFacebook;
 }
 export interface GlobalClientNativeSocialLoginApple {
     enabled?: boolean;
@@ -1329,171 +1420,156 @@ export interface GlobalClientNativeSocialLoginFacebook {
     enabled?: boolean;
 }
 export interface GlobalClientRefreshToken {
+    /**
+     * Options include `expiring`, `non-expiring`. Whether a refresh token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is `rotating`, this must be set to `expiring`.
+     */
     expirationType: string;
+    /**
+     * The time in seconds after which inactive refresh tokens will expire.
+     */
     idleTokenLifetime: number;
+    /**
+     * Whether inactive refresh tokens should remain valid indefinitely.
+     */
     infiniteIdleTokenLifetime: boolean;
+    /**
+     * Whether refresh tokens should remain valid indefinitely. If false, `tokenLifetime` should also be set.
+     */
     infiniteTokenLifetime: boolean;
+    /**
+     * The amount of time in seconds in which a refresh token may be reused without triggering reuse detection.
+     */
     leeway: number;
+    /**
+     * Options include `rotating`, `non-rotating`. When `rotating`, exchanging a refresh token will cause a new refresh token to be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked.
+     */
     rotationType: string;
+    /**
+     * The absolute lifetime of a refresh token in seconds.
+     */
     tokenLifetime: number;
 }
 export interface GuardianDuo {
     /**
-     * String. Duo API Hostname, see the Duo documentation for more details on Duo setup.
+     * Duo API Hostname, see the Duo documentation for more details on Duo setup.
      */
     hostname: string;
     /**
-     * String. Duo client ID, see the Duo documentation for more details on Duo setup.
+     * Duo client ID, see the Duo documentation for more details on Duo setup.
      */
     integrationKey: string;
     /**
-     * String. Duo client secret, see the Duo documentation for more details on Duo setup.
+     * Duo client secret, see the Duo documentation for more details on Duo setup.
      */
     secretKey: string;
 }
 export interface GuardianPhone {
     /**
-     * List(String). Message types to use, array of `sms` and or `voice`. Adding both to array should enable the user to choose.
+     * Message types to use, array of `sms` and/or `voice`. Adding both to the array should enable the user to choose.
      */
     messageTypes: string[];
     /**
-     * List(Resource). Options for the various providers. See Options.
+     * Options for the various providers.
      */
     options: outputs.GuardianPhoneOptions;
     /**
-     * String, Case-sensitive. Provider to use, one of `auth0`, `twilio` or `phone-message-hook`.
+     * Provider to use, one of `auth0`, `twilio` or `phone-message-hook`.
      */
     provider: string;
 }
 export interface GuardianPhoneOptions {
-    /**
-     * String.
-     */
     authToken?: string;
-    /**
-     * String. This message will be sent whenever a user enrolls a new device for the first time using MFA. Supports liquid syntax, see [Auth0 docs](https://auth0.com/docs/mfa/customize-sms-or-voice-messages).
-     */
     enrollmentMessage?: string;
-    /**
-     * String.
-     */
     from?: string;
-    /**
-     * String.
-     */
     messagingServiceSid?: string;
-    /**
-     * String.
-     */
     sid?: string;
-    /**
-     * String. This message will be sent whenever a user logs in after the enrollment. Supports liquid syntax, see [Auth0 docs](https://auth0.com/docs/mfa/customize-sms-or-voice-messages).
-     */
     verificationMessage?: string;
 }
 export interface GuardianPush {
+    /**
+     * Configuration for Amazon SNS.
+     */
     amazonSns?: outputs.GuardianPushAmazonSns;
+    /**
+     * Configuration for the Guardian Custom App.
+     */
     customApp?: outputs.GuardianPushCustomApp;
 }
 export interface GuardianPushAmazonSns {
-    /**
-     * String. Your AWS Access Key ID.
-     */
     awsAccessKeyId: string;
-    /**
-     * String. Your AWS application's region.
-     */
     awsRegion: string;
-    /**
-     * String. Your AWS Secret Access Key.
-     */
     awsSecretAccessKey: string;
-    /**
-     * String. The Amazon Resource Name for your Apple Push Notification Service.
-     */
     snsApnsPlatformApplicationArn: string;
-    /**
-     * String. The Amazon Resource Name for your Firebase Cloud Messaging Service.
-     */
     snsGcmPlatformApplicationArn: string;
 }
 export interface GuardianPushCustomApp {
-    /**
-     * String. Custom Application Name.
-     */
     appName?: string;
-    /**
-     * String. Apple App Store URL.
-     */
     appleAppLink?: string;
-    /**
-     * String. Google Store URL.
-     */
     googleAppLink?: string;
 }
 export interface GuardianWebauthnPlatform {
     /**
-     * Bool. The Relying Party is the domain for which the WebAuthn keys will be issued, set to true if you are customizing the identifier.
+     * The Relying Party is the domain for which the WebAuthn keys will be issued, set to `true` if you are customizing the identifier.
      */
     overrideRelyingParty: boolean;
     /**
-     * String. The Relying Party should be a suffix of the custom domain.
+     * The Relying Party should be a suffix of the custom domain.
      */
     relyingPartyIdentifier: string;
 }
 export interface GuardianWebauthnRoaming {
     /**
-     * Bool. The Relying Party is the domain for which the WebAuthn keys will be issued, set to true if you are customizing the identifier.
+     * The Relying Party is the domain for which the WebAuthn keys will be issued, set to `true` if you are customizing the identifier.
      */
     overrideRelyingParty: boolean;
     /**
-     * String. The Relying Party should be a suffix of the custom domain.
+     * The Relying Party should be a suffix of the custom domain.
      */
     relyingPartyIdentifier: string;
     /**
-     * String. User verification, one of `discouraged`, `preferred` or `required`.
+     * User verification, one of `discouraged`, `preferred` or `required`.
      */
     userVerification: string;
 }
 export interface LogStreamSink {
     /**
-     * The AWS Account ID
+     * The AWS Account ID.
      */
     awsAccountId?: string;
     /**
-     * Name of the Partner Event Source to be used with AWS. Generally generated by Auth0 and passed to AWS so this should generally be an output attribute.
+     * Name of the Partner Event Source to be used with AWS. Generally generated by Auth0 and passed to AWS, so this should be an output attribute.
      */
     awsPartnerEventSource: string;
     /**
-     * The AWS Region (i.e "us-east-2")
+     * The AWS Region, e.g. "us-east-2").
      */
     awsRegion?: string;
     /**
-     * Name of the Partner Topic to be used with Azure.  Generally should not be specified.
+     * Name of the Partner Topic to be used with Azure. Generally should not be specified.
      */
     azurePartnerTopic: string;
     /**
-     * The Azure region code (i.e. "ne")
+     * The Azure region code, e.g. "ne")
      */
     azureRegion?: string;
     /**
-     * The Azure EventGrid resource group which allows you to manage all Azure assets within one subscription
+     * The Azure EventGrid resource group which allows you to manage all Azure assets within one subscription.
      */
     azureResourceGroup?: string;
     /**
-     * The unique alphanumeric string that identifies your Azure subscription
+     * The unique alphanumeric string that identifies your Azure subscription.
      */
     azureSubscriptionId?: string;
     /**
-     * The Datadog API key
+     * The Datadog API key.
      */
     datadogApiKey?: string;
     /**
-     * The Datadog region. Options are ["us", "eu", "us3", "us5"]
+     * The Datadog region. Options are ["us", "eu", "us3", "us5"].
      */
     datadogRegion?: string;
     /**
-     * Sent in the HTTP "Authorization" header with each request
+     * Sent in the HTTP "Authorization" header with each request.
      */
     httpAuthorization?: string;
     /**
@@ -1501,221 +1577,210 @@ export interface LogStreamSink {
      */
     httpContentFormat?: string;
     /**
-     * The ContentType header to send over HTTP.  Common value is "application/json"
+     * The "Content-Type" header to send over HTTP. Common value is "application/json".
      */
     httpContentType?: string;
     /**
-     * Additional HTTP headers to be included as part of the HTTP request
+     * Additional HTTP headers to be included as part of the HTTP request.
      */
     httpCustomHeaders?: {
         [key: string]: string;
     }[];
     /**
-     * The HTTP endpoint to send streaming logs
+     * The HTTP endpoint to send streaming logs.
      */
     httpEndpoint?: string;
     /**
-     * The Splunk domain name
+     * The Splunk domain name.
      */
     splunkDomain?: string;
+    /**
+     * The Splunk port.
+     */
     splunkPort?: string;
     /**
-     * This toggle should be turned off when using self-signed certificates
+     * This toggle should be turned off when using self-signed certificates.
      */
     splunkSecure?: boolean;
     /**
-     * The Splunk access token
+     * The Splunk access token.
      */
     splunkToken?: string;
     /**
-     * Generated URL for your defined HTTP source in Sumo Logic for collecting streaming data from Auth0
+     * Generated URL for your defined HTTP source in Sumo Logic for collecting streaming data from Auth0.
      */
     sumoSourceAddress?: string;
 }
 export interface OrganizationBranding {
     /**
-     * Color scheme used to customize the login pages
+     * Color scheme used to customize the login pages.
      */
     colors?: {
         [key: string]: string;
     };
     /**
-     * URL of logo to display on login page
+     * URL of logo to display on login page.
      */
     logoUrl?: string;
 }
-export interface OrganizationConnection {
-    /**
-     * When true, all users that log in
-     * with this connection will be automatically granted membership in the
-     * organization. When false, users must be granted membership in the organization
-     * before logging in with this connection.
-     */
-    assignMembershipOnLogin?: boolean;
-    /**
-     * The connection ID of the connection to add to the
-     * organization
-     */
-    connectionId: string;
-}
 export interface ResourceServerScope {
     /**
-     * String. Description of the permission (scope).
+     * Description of the permission (scope).
      */
     description?: string;
     /**
-     * String. Name of the permission (scope). Examples include `read:appointments` or `delete:appointments`.
+     * Name of the permission (scope). Examples include `read:appointments` or `delete:appointments`.
      */
     value: string;
 }
 export interface RolePermission {
     /**
-     * String. Name of the permission (scope).
+     * Name of the permission (scope).
      */
     name: string;
     /**
-     * String. Unique identifier for the resource server.
+     * Unique identifier for the resource server.
      */
     resourceServerIdentifier: string;
 }
 export interface TenantChangePassword {
     /**
-     * Boolean. Indicates whether to use the custom change password page.
+     * Indicates whether to use the custom change password page.
      */
     enabled: boolean;
     /**
-     * String, HTML format with supported Liquid syntax. Customized content of the change password page.
+     * HTML format with supported Liquid syntax. Customized content of the change password page.
      */
     html: string;
 }
 export interface TenantErrorPage {
     /**
-     * String, HTML format with supported Liquid syntax. Customized content of the error page.
+     * HTML format with supported Liquid syntax. Customized content of the error page.
      */
     html: string;
     /**
-     * Boolean. Indicates whether to show the link to logs as part of the default error page.
+     * Indicates whether to show the link to logs as part of the default error page.
      */
     showLogLink: boolean;
     /**
-     * String. URL to redirect to when an error occurs rather than showing the default error page.
+     * URL to redirect to when an error occurs rather than showing the default error page.
      */
     url: string;
 }
 export interface TenantFlags {
     /**
-     * Boolean. Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
+     * Whether the legacy delegation endpoint will be enabled for your account (true) or not available (false).
      */
     allowLegacyDelegationGrantTypes: boolean;
     /**
-     * Boolean. Whether the legacy `auth/ro` endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
+     * Whether the legacy `auth/ro` endpoint (used with resource owner password and passwordless features) will be enabled for your account (true) or not available (false).
      */
     allowLegacyRoGrantTypes: boolean;
     /**
-     * Boolean. If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
+     * If enabled, customers can use Tokeninfo Endpoint, otherwise they can not use it.
      */
     allowLegacyTokeninfoEndpoint: boolean;
     /**
-     * Boolean. Enables new insights activity page view.
+     * Enables new insights activity page view.
      */
     dashboardInsightsView: boolean;
     /**
-     * Boolean. Enables beta access to log streaming changes.
+     * Enables beta access to log streaming changes.
      */
     dashboardLogStreamsNext: boolean;
     /**
-     * Boolean. Indicated whether classic Universal Login prompts include additional security headers to prevent clickjacking.
+     * Indicates whether classic Universal Login prompts include additional security headers to prevent clickjacking.
      */
     disableClickjackProtectionHeaders: boolean;
     /**
-     * Boolean. Disables SAML fields map fix for bad mappings with repeated attributes.
+     * Disables SAML fields map fix for bad mappings with repeated attributes.
      */
     disableFieldsMapFix: boolean;
     /**
-     * Boolean. If true, SMS phone numbers will not be obfuscated in Management API GET calls.
+     * If true, SMS phone numbers will not be obfuscated in Management API GET calls.
      */
     disableManagementApiSmsObfuscation: boolean;
     /**
-     * Boolean. If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
+     * If enabled, users will be presented with an email verification prompt during their first login when using Azure AD or ADFS connections.
      */
     enableAdfsWaadEmailVerification: boolean;
     /**
-     * Boolean. Indicates whether the APIs section is enabled for the tenant.
+     * Indicates whether the APIs section is enabled for the tenant.
      */
     enableApisSection: boolean;
     /**
-     * Boolean. Indicates whether all current connections should be enabled when a new client is created.
+     * Indicates whether all current connections should be enabled when a new client is created.
      */
     enableClientConnections: boolean;
     /**
-     * Boolean. Indicates whether the tenant allows custom domains in emails.
+     * Indicates whether the tenant allows custom domains in emails.
      */
     enableCustomDomainInEmails: boolean;
     /**
-     * Boolean. Indicates whether the tenant allows dynamic client registration.
+     * Indicates whether the tenant allows dynamic client registration.
      */
     enableDynamicClientRegistration: boolean;
     /**
-     * Boolean. Whether ID tokens can be used to authorize some types of requests to API v2 (true) not not (false).
+     * Whether ID tokens can be used to authorize some types of requests to API v2 (true) or not (false).
      */
     enableIdtokenApi2: boolean;
     /**
-     * Boolean. Indicates whether to use the older v2 legacy logs search.
+     * Indicates whether to use the older v2 legacy logs search.
      */
     enableLegacyLogsSearchV2: boolean;
     /**
-     * Boolean. Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
+     * Whether ID tokens and the userinfo endpoint includes a complete user profile (true) or only OpenID Connect claims (false).
      */
     enableLegacyProfile: boolean;
     /**
-     * Boolean. Indicates whether advanced API Authorization scenarios are enabled.
+     * Indicates whether advanced API Authorization scenarios are enabled.
      */
     enablePipeline2: boolean;
     /**
-     * Boolean. Indicates whether the public sign up process shows a userExists error if the user already exists.
+     * Indicates whether the public sign up process shows a `userExists` error if the user already exists.
      */
     enablePublicSignupUserExistsError: boolean;
     /**
-     * Boolean. Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
+     * Do not Publish Enterprise Connections Information with IdP domains on the lock configuration file.
      */
     noDiscloseEnterpriseConnections: boolean;
     /**
-     * Boolean. Delete underlying grant when a Refresh Token is revoked via the Authentication API.
+     * Delete underlying grant when a refresh token is revoked via the Authentication API.
      */
     revokeRefreshTokenGrant: boolean;
     /**
-     * Boolean. Indicates whether the tenant uses universal login.
+     * Indicates whether the tenant uses Universal Login.
      */
     universalLogin: boolean;
+    /**
+     * Indicates whether to use scope descriptions for consent.
+     */
     useScopeDescriptionsForConsent: boolean;
 }
 export interface TenantGuardianMfaPage {
     /**
-     * Boolean. Indicates whether to use the custom Guardian page.
+     * Indicates whether to use the custom Guardian page.
      */
     enabled: boolean;
     /**
-     * String, HTML format with supported Liquid syntax. Customized content of the Guardian page.
+     * HTML format with supported Liquid syntax. Customized content of the Guardian page.
      */
     html: string;
 }
 export interface TenantSessionCookie {
+    /**
+     * Behavior of tenant session cookie. Accepts either "persistent" or "non-persistent".
+     */
     mode?: string;
 }
 export interface TenantUniversalLogin {
     /**
-     * List(Resource). Configuration settings for Universal Login colors. See Universal Login - Colors.
+     * Configuration settings for Universal Login colors.
      */
     colors?: outputs.TenantUniversalLoginColors;
 }
 export interface TenantUniversalLoginColors {
-    /**
-     * String, Hexadecimal. Background color of login pages.
-     */
     pageBackground: string;
-    /**
-     * String, Hexadecimal. Primary button background color.
-     */
     primary: string;
 }
 export interface TriggerBindingAction {
@@ -1724,7 +1789,7 @@ export interface TriggerBindingAction {
      */
     displayName: string;
     /**
-     * Trigger ID.
+     * Action ID.
      */
     id: string;
 }