@pulumi/auth0 2.15.0 → 2.16.0-alpha.1676310122

package/action.d.ts

@@ -47,7 +47,7 @@ export declare class Action extends pulumi.CustomResource {
      */
     readonly name: pulumi.Output<string>;
     /**
-     * The Node runtime, e.g. `node16`. Defaults to `node12`.
+     * The Node runtime. Defaults to `node12`. Possible values are: `node12`, `node16` or `node18`.
      */
     readonly runtime: pulumi.Output<string>;
     /**
@@ -95,7 +95,7 @@ export interface ActionState {
      */
     name?: pulumi.Input<string>;
     /**
-     * The Node runtime, e.g. `node16`. Defaults to `node12`.
+     * The Node runtime. Defaults to `node12`. Possible values are: `node12`, `node16` or `node18`.
      */
     runtime?: pulumi.Input<string>;
     /**
@@ -135,7 +135,7 @@ export interface ActionArgs {
      */
     name?: pulumi.Input<string>;
     /**
-     * The Node runtime, e.g. `node16`. Defaults to `node12`.
+     * The Node runtime. Defaults to `node12`. Possible values are: `node12`, `node16` or `node18`.
      */
     runtime?: pulumi.Input<string>;
     /**

package/attackProtection.d.ts

@@ -15,6 +15,9 @@ import * as outputs from "./types/output";
  *         adminNotificationFrequencies: ["daily"],
  *         enabled: true,
  *         method: "standard",
+ *         preUserRegistration: {
+ *             shields: ["block"],
+ *         },
  *         shields: [
  *             "admin_notification",
  *             "block",

package/attackProtection.js

@@ -19,6 +19,9 @@ const utilities = require("./utilities");
  *         adminNotificationFrequencies: ["daily"],
  *         enabled: true,
  *         method: "standard",
+ *         preUserRegistration: {
+ *             shields: ["block"],
+ *         },
  *         shields: [
  *             "admin_notification",
  *             "block",

package/attackProtection.js.map

@@ -1 +1 @@
-{"version":3,"file":"attackProtection.js","sourceRoot":"","sources":["../attackProtection.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuDG;AACH,MAAa,gBAAiB,SAAQ,MAAM,CAAC,cAAc;IACvD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA6B,EAAE,IAAmC;QAC3H,OAAO,IAAI,gBAAgB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACvE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,gBAAgB,CAAC,YAAY,CAAC;IACjE,CAAC;IAuBD,YAAY,IAAY,EAAE,WAA0D,EAAE,IAAmC;QACrH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAgD,CAAC;YAC/D,cAAc,CAAC,2BAA2B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClG,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/F;aAAM;YACH,MAAM,IAAI,GAAG,WAA+C,CAAC;YAC7D,cAAc,CAAC,2BAA2B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChG,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7F;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,gBAAgB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;;AAjEL,4CAkEC;AApDG,gBAAgB;AACO,6BAAY,GAAG,+CAA+C,CAAC"}
+{"version":3,"file":"attackProtection.js","sourceRoot":"","sources":["../attackProtection.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0DG;AACH,MAAa,gBAAiB,SAAQ,MAAM,CAAC,cAAc;IACvD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA6B,EAAE,IAAmC;QAC3H,OAAO,IAAI,gBAAgB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACvE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,gBAAgB,CAAC,YAAY,CAAC;IACjE,CAAC;IAuBD,YAAY,IAAY,EAAE,WAA0D,EAAE,IAAmC;QACrH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAgD,CAAC;YAC/D,cAAc,CAAC,2BAA2B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClG,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/F;aAAM;YACH,MAAM,IAAI,GAAG,WAA+C,CAAC;YAC7D,cAAc,CAAC,2BAA2B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChG,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7F;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,gBAAgB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;;AAjEL,4CAkEC;AApDG,gBAAgB;AACO,6BAAY,GAAG,+CAA+C,CAAC"}

package/client.d.ts

@@ -72,13 +72,13 @@ export declare class Client extends pulumi.CustomResource {
      */
     readonly clientSecret: pulumi.Output<string>;
     /**
-     * Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).
+     * Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).
      */
     readonly clientSecretRotationTrigger: pulumi.Output<{
         [key: string]: any;
     } | undefined>;
     /**
-     * Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).
+     * Whether this client can be used to make cross-origin authentication requests (`true`) or it is not allowed to make such requests (`false`). Requires the `coaToggleEnabled` feature flag to be enabled on the tenant by the support team.
      */
     readonly crossOriginAuth: pulumi.Output<boolean | undefined>;
     /**
@@ -112,7 +112,7 @@ export declare class Client extends pulumi.CustomResource {
      */
     readonly grantTypes: pulumi.Output<string[]>;
     /**
-     * Initiate login URI, must be HTTPS.
+     * Initiate login URI. Must be HTTPS or an empty string.
      */
     readonly initiateLoginUri: pulumi.Output<string | undefined>;
     /**
@@ -238,13 +238,13 @@ export interface ClientState {
      */
     clientSecret?: pulumi.Input<string>;
     /**
-     * Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).
+     * Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).
      */
     clientSecretRotationTrigger?: pulumi.Input<{
         [key: string]: any;
     }>;
     /**
-     * Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).
+     * Whether this client can be used to make cross-origin authentication requests (`true`) or it is not allowed to make such requests (`false`). Requires the `coaToggleEnabled` feature flag to be enabled on the tenant by the support team.
      */
     crossOriginAuth?: pulumi.Input<boolean>;
     /**
@@ -278,7 +278,7 @@ export interface ClientState {
      */
     grantTypes?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * Initiate login URI, must be HTTPS.
+     * Initiate login URI. Must be HTTPS or an empty string.
      */
     initiateLoginUri?: pulumi.Input<string>;
     /**
@@ -387,13 +387,13 @@ export interface ClientArgs {
         [key: string]: any;
     }>;
     /**
-     * Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).
+     * Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).
      */
     clientSecretRotationTrigger?: pulumi.Input<{
         [key: string]: any;
     }>;
     /**
-     * Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).
+     * Whether this client can be used to make cross-origin authentication requests (`true`) or it is not allowed to make such requests (`false`). Requires the `coaToggleEnabled` feature flag to be enabled on the tenant by the support team.
      */
     crossOriginAuth?: pulumi.Input<boolean>;
     /**
@@ -427,7 +427,7 @@ export interface ClientArgs {
      */
     grantTypes?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * Initiate login URI, must be HTTPS.
+     * Initiate login URI. Must be HTTPS or an empty string.
      */
     initiateLoginUri?: pulumi.Input<string>;
     /**

package/getClient.d.ts

@@ -75,7 +75,7 @@ export interface GetClientResult {
     };
     readonly clientSecret: string;
     /**
-     * Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).
+     * Whether this client can be used to make cross-origin authentication requests (`true`) or it is not allowed to make such requests (`false`). Requires the `coaToggleEnabled` feature flag to be enabled on the tenant by the support team.
      */
     readonly crossOriginAuth: boolean;
     /**
@@ -113,7 +113,7 @@ export interface GetClientResult {
      */
     readonly id: string;
     /**
-     * Initiate login URI, must be HTTPS.
+     * Initiate login URI. Must be HTTPS or an empty string.
      */
     readonly initiateLoginUri: string;
     /**

package/getGlobalClient.d.ts

@@ -57,7 +57,7 @@ export interface GetGlobalClientResult {
     };
     readonly clientSecret: string;
     /**
-     * Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).
+     * Whether this client can be used to make cross-origin authentication requests (`true`) or it is not allowed to make such requests (`false`). Requires the `coaToggleEnabled` feature flag to be enabled on the tenant by the support team.
      */
     readonly crossOriginAuth: boolean;
     /**
@@ -95,7 +95,7 @@ export interface GetGlobalClientResult {
      */
     readonly id: string;
     /**
-     * Initiate login URI, must be HTTPS.
+     * Initiate login URI. Must be HTTPS or an empty string.
      */
     readonly initiateLoginUri: string;
     /**

package/globalClient.d.ts

@@ -92,13 +92,13 @@ export declare class GlobalClient extends pulumi.CustomResource {
      */
     readonly clientSecret: pulumi.Output<string>;
     /**
-     * Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).
+     * Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).
      */
     readonly clientSecretRotationTrigger: pulumi.Output<{
         [key: string]: any;
     } | undefined>;
     /**
-     * Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).
+     * Whether this client can be used to make cross-origin authentication requests (`true`) or it is not allowed to make such requests (`false`). Requires the `coaToggleEnabled` feature flag to be enabled on the tenant by the support team.
      */
     readonly crossOriginAuth: pulumi.Output<boolean>;
     /**
@@ -132,7 +132,7 @@ export declare class GlobalClient extends pulumi.CustomResource {
      */
     readonly grantTypes: pulumi.Output<string[]>;
     /**
-     * Initiate login URI, must be HTTPS.
+     * Initiate login URI. Must be HTTPS or an empty string.
      */
     readonly initiateLoginUri: pulumi.Output<string>;
     /**
@@ -258,13 +258,13 @@ export interface GlobalClientState {
      */
     clientSecret?: pulumi.Input<string>;
     /**
-     * Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).
+     * Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).
      */
     clientSecretRotationTrigger?: pulumi.Input<{
         [key: string]: any;
     }>;
     /**
-     * Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).
+     * Whether this client can be used to make cross-origin authentication requests (`true`) or it is not allowed to make such requests (`false`). Requires the `coaToggleEnabled` feature flag to be enabled on the tenant by the support team.
      */
     crossOriginAuth?: pulumi.Input<boolean>;
     /**
@@ -298,7 +298,7 @@ export interface GlobalClientState {
      */
     grantTypes?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * Initiate login URI, must be HTTPS.
+     * Initiate login URI. Must be HTTPS or an empty string.
      */
     initiateLoginUri?: pulumi.Input<string>;
     /**
@@ -416,13 +416,13 @@ export interface GlobalClientArgs {
      */
     clientSecret?: pulumi.Input<string>;
     /**
-     * Custom metadata for the rotation. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).
+     * Custom metadata for the rotation. The contents of this map are arbitrary and are hashed by the provider. When the hash changes, a rotation is triggered. For example, the map could contain the user making the change, the date of the change, and a text reason for the change. For more info: [rotate-client-secret](https://auth0.com/docs/get-started/applications/rotate-client-secret).
      */
     clientSecretRotationTrigger?: pulumi.Input<{
         [key: string]: any;
     }>;
     /**
-     * Whether this client can be used to make cross-origin authentication requests (true) or it is not allowed to make such requests (false).
+     * Whether this client can be used to make cross-origin authentication requests (`true`) or it is not allowed to make such requests (`false`). Requires the `coaToggleEnabled` feature flag to be enabled on the tenant by the support team.
      */
     crossOriginAuth?: pulumi.Input<boolean>;
     /**
@@ -456,7 +456,7 @@ export interface GlobalClientArgs {
      */
     grantTypes?: pulumi.Input<pulumi.Input<string>[]>;
     /**
-     * Initiate login URI, must be HTTPS.
+     * Initiate login URI. Must be HTTPS or an empty string.
      */
     initiateLoginUri?: pulumi.Input<string>;
     /**

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@pulumi/auth0",
-    "version": "v2.15.0",
+    "version": "v2.16.0-alpha.1676310122+db9b4886",
     "description": "A Pulumi package for creating and managing auth0 cloud resources.",
     "keywords": [
         "pulumi",
@@ -11,7 +11,7 @@
     "license": "Apache-2.0",
     "scripts": {
         "build": "tsc",
-        "install": "node scripts/install-pulumi-plugin.js resource auth0 v2.15.0"
+        "install": "node scripts/install-pulumi-plugin.js resource auth0 v2.16.0-alpha.1676310122+db9b4886"
     },
     "dependencies": {
         "@pulumi/pulumi": "^3.0.0"

package/package.json.dev

@@ -1,6 +1,6 @@
 {
     "name": "@pulumi/auth0",
-    "version": "v2.15.0",
+    "version": "v2.16.0-alpha.1676310122+db9b4886",
     "description": "A Pulumi package for creating and managing auth0 cloud resources.",
     "keywords": [
         "pulumi",
@@ -11,7 +11,7 @@
     "license": "Apache-2.0",
     "scripts": {
         "build": "tsc",
-        "install": "node scripts/install-pulumi-plugin.js resource auth0 v2.15.0"
+        "install": "node scripts/install-pulumi-plugin.js resource auth0 v2.16.0-alpha.1676310122+db9b4886"
     },
     "dependencies": {
         "@pulumi/pulumi": "^3.0.0"

package/tenant.d.ts

@@ -98,7 +98,7 @@ export declare class Tenant extends pulumi.CustomResource {
      */
     readonly defaultDirectory: pulumi.Output<string>;
     /**
-     * The default absolute redirection URI, must be https and cannot contain a fragment.
+     * The default absolute redirection URI. Must be HTTPS or an empty string.
      */
     readonly defaultRedirectionUri: pulumi.Output<string>;
     /**
@@ -183,7 +183,7 @@ export interface TenantState {
      */
     defaultDirectory?: pulumi.Input<string>;
     /**
-     * The default absolute redirection URI, must be https and cannot contain a fragment.
+     * The default absolute redirection URI. Must be HTTPS or an empty string.
      */
     defaultRedirectionUri?: pulumi.Input<string>;
     /**
@@ -260,7 +260,7 @@ export interface TenantArgs {
      */
     defaultDirectory?: pulumi.Input<string>;
     /**
-     * The default absolute redirection URI, must be https and cannot contain a fragment.
+     * The default absolute redirection URI. Must be HTTPS or an empty string.
      */
     defaultRedirectionUri?: pulumi.Input<string>;
     /**

package/types/input.d.ts

@@ -43,11 +43,18 @@ export interface AttackProtectionBreachedPasswordDetection {
      * The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: `standard`, `enhanced`.
      */
     method?: pulumi.Input<string>;
+    /**
+     * Configuration options that apply before every user registration attempt. Only available on public tenants.
+     */
+    preUserRegistration?: pulumi.Input<inputs.AttackProtectionBreachedPasswordDetectionPreUserRegistration>;
     /**
      * Action to take when a breached password is detected.
      */
     shields?: pulumi.Input<pulumi.Input<string>[]>;
 }
+export interface AttackProtectionBreachedPasswordDetectionPreUserRegistration {
+    shields?: pulumi.Input<pulumi.Input<string>[]>;
+}
 export interface AttackProtectionBruteForceProtection {
     /**
      * List of trusted IP addresses that will not have attack protection enforced against them.
@@ -529,7 +536,7 @@ export interface ClientRefreshToken {
 }
 export interface ConnectionOptions {
     /**
-     * ADFS Metadata source.
+     * ADFS URL where to fetch the metadata source.
      */
     adfsServer?: pulumi.Input<string>;
     /**
@@ -614,6 +621,10 @@ export interface ConnectionOptions {
      * List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
      */
     domainAliases?: pulumi.Input<pulumi.Input<string>[]>;
+    /**
+     * Set to `true` to inject context into custom DB scripts (warning: cannot be disabled once enabled).
+     */
+    enableScriptContext?: pulumi.Input<boolean>;
     /**
      * Set to `true` to use a legacy user store.
      */
@@ -622,6 +633,10 @@ export interface ConnectionOptions {
      * Custom Entity ID for the connection.
      */
     entityId?: pulumi.Input<string>;
+    /**
+     * Federation Metadata for the ADFS connection.
+     */
+    fedMetadataXml?: pulumi.Input<string>;
     /**
      * If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
      */
@@ -1202,7 +1217,7 @@ export interface GuardianPhone {
      */
     options?: pulumi.Input<inputs.GuardianPhoneOptions>;
     /**
-     * Provider to use, one of `auth0`, `twilio` or `phone-message-hook`.
+     * Provider to use, one of `auth0`, `twilio` or `phone-message-hook`. Selecting `phone-message-hook` will require a Phone Message Action to be created before. [Learn how](https://auth0.com/docs/customize/actions/flows-and-triggers/send-phone-message-flow).
      */
     provider?: pulumi.Input<string>;
 }
@@ -1351,6 +1366,10 @@ export interface LogStreamSink {
      * The Mixpanel Service Account username. Services Accounts can be created in the Project Settings page.
      */
     mixpanelServiceAccountUsername?: pulumi.Input<string>;
+    /**
+     * The [Segment Write Key](https://segment.com/docs/connections/find-writekey/).
+     */
+    segmentWriteKey?: pulumi.Input<string>;
     /**
      * The Splunk domain name.
      */

package/types/output.d.ts

@@ -42,11 +42,18 @@ export interface AttackProtectionBreachedPasswordDetection {
      * The subscription level for breached password detection methods. Use "enhanced" to enable Credential Guard. Possible values: `standard`, `enhanced`.
      */
     method: string;
+    /**
+     * Configuration options that apply before every user registration attempt. Only available on public tenants.
+     */
+    preUserRegistration: outputs.AttackProtectionBreachedPasswordDetectionPreUserRegistration;
     /**
      * Action to take when a breached password is detected.
      */
     shields: string[];
 }
+export interface AttackProtectionBreachedPasswordDetectionPreUserRegistration {
+    shields: string[];
+}
 export interface AttackProtectionBruteForceProtection {
     /**
      * List of trusted IP addresses that will not have attack protection enforced against them.
@@ -528,7 +535,7 @@ export interface ClientRefreshToken {
 }
 export interface ConnectionOptions {
     /**
-     * ADFS Metadata source.
+     * ADFS URL where to fetch the metadata source.
      */
     adfsServer?: string;
     /**
@@ -552,7 +559,7 @@ export interface ConnectionOptions {
     /**
      * Authorization endpoint.
      */
-    authorizationEndpoint?: string;
+    authorizationEndpoint: string;
     /**
      * Indicates whether to enable brute force protection, which will limit the number of signups and failed logins from a suspicious IP address.
      */
@@ -613,6 +620,10 @@ export interface ConnectionOptions {
      * List of the domains that can be authenticated using the identity provider. Only needed for Identifier First authentication flows.
      */
     domainAliases: string[];
+    /**
+     * Set to `true` to inject context into custom DB scripts (warning: cannot be disabled once enabled).
+     */
+    enableScriptContext?: boolean;
     /**
      * Set to `true` to use a legacy user store.
      */
@@ -621,6 +632,10 @@ export interface ConnectionOptions {
      * Custom Entity ID for the connection.
      */
     entityId?: string;
+    /**
+     * Federation Metadata for the ADFS connection.
+     */
+    fedMetadataXml?: string;
     /**
      * If you're configuring a SAML enterprise connection for a non-standard PingFederate Server, you must update the attribute mappings.
      */
@@ -664,11 +679,11 @@ export interface ConnectionOptions {
     /**
      * Issuer URL, e.g. `https://auth.example.com`.
      */
-    issuer?: string;
+    issuer: string;
     /**
      * JWKS URI.
      */
-    jwksUri?: string;
+    jwksUri: string;
     /**
      * Apple Key ID.
      */
@@ -810,7 +825,7 @@ export interface ConnectionOptions {
     /**
      * Token endpoint.
      */
-    tokenEndpoint?: string;
+    tokenEndpoint: string;
     /**
      * Configuration options for one-time passwords.
      */
@@ -850,7 +865,7 @@ export interface ConnectionOptions {
     /**
      * User info endpoint.
      */
-    userinfoEndpoint?: string;
+    userinfoEndpoint: string;
     /**
      * Validation of the minimum and maximum values allowed for a user to have as username.
      */
@@ -1501,7 +1516,7 @@ export interface GuardianPhone {
      */
     options: outputs.GuardianPhoneOptions;
     /**
-     * Provider to use, one of `auth0`, `twilio` or `phone-message-hook`.
+     * Provider to use, one of `auth0`, `twilio` or `phone-message-hook`. Selecting `phone-message-hook` will require a Phone Message Action to be created before. [Learn how](https://auth0.com/docs/customize/actions/flows-and-triggers/send-phone-message-flow).
      */
     provider?: string;
 }
@@ -1650,6 +1665,10 @@ export interface LogStreamSink {
      * The Mixpanel Service Account username. Services Accounts can be created in the Project Settings page.
      */
     mixpanelServiceAccountUsername?: string;
+    /**
+     * The [Segment Write Key](https://segment.com/docs/connections/find-writekey/).
+     */
+    segmentWriteKey?: string;
     /**
      * The Splunk domain name.
      */

package/user.d.ts

@@ -67,19 +67,19 @@ export declare class User extends pulumi.CustomResource {
      */
     readonly emailVerified: pulumi.Output<boolean | undefined>;
     /**
-     * Family name of the user.
+     * Family name of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
      */
     readonly familyName: pulumi.Output<string | undefined>;
     /**
-     * Given name of the user.
+     * Given name of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
      */
     readonly givenName: pulumi.Output<string | undefined>;
     /**
-     * Name of the user.
+     * Name of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
      */
     readonly name: pulumi.Output<string>;
     /**
-     * Preferred nickname or alias of the user.
+     * Preferred nickname or alias of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
      */
     readonly nickname: pulumi.Output<string>;
     /**
@@ -95,7 +95,7 @@ export declare class User extends pulumi.CustomResource {
      */
     readonly phoneVerified: pulumi.Output<boolean | undefined>;
     /**
-     * Picture of the user.
+     * Picture of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
      */
     readonly picture: pulumi.Output<string>;
     /**
@@ -152,19 +152,19 @@ export interface UserState {
      */
     emailVerified?: pulumi.Input<boolean>;
     /**
-     * Family name of the user.
+     * Family name of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
      */
     familyName?: pulumi.Input<string>;
     /**
-     * Given name of the user.
+     * Given name of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
      */
     givenName?: pulumi.Input<string>;
     /**
-     * Name of the user.
+     * Name of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
      */
     name?: pulumi.Input<string>;
     /**
-     * Preferred nickname or alias of the user.
+     * Preferred nickname or alias of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
      */
     nickname?: pulumi.Input<string>;
     /**
@@ -180,7 +180,7 @@ export interface UserState {
      */
     phoneVerified?: pulumi.Input<boolean>;
     /**
-     * Picture of the user.
+     * Picture of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
      */
     picture?: pulumi.Input<string>;
     /**
@@ -229,19 +229,19 @@ export interface UserArgs {
      */
     emailVerified?: pulumi.Input<boolean>;
     /**
-     * Family name of the user.
+     * Family name of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
      */
     familyName?: pulumi.Input<string>;
     /**
-     * Given name of the user.
+     * Given name of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
      */
     givenName?: pulumi.Input<string>;
     /**
-     * Name of the user.
+     * Name of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
      */
     name?: pulumi.Input<string>;
     /**
-     * Preferred nickname or alias of the user.
+     * Preferred nickname or alias of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
      */
     nickname?: pulumi.Input<string>;
     /**
@@ -257,7 +257,7 @@ export interface UserArgs {
      */
     phoneVerified?: pulumi.Input<boolean>;
     /**
-     * Picture of the user.
+     * Picture of the user. This value can only be updated if the connection is a database connection (using the Auth0 store), a passwordless connection (email or sms) or has disabled 'Sync user profile attributes at each login'. For more information, see: [Configure Identity Provider Connection for User Profile Updates](https://auth0.com/docs/manage-users/user-accounts/user-profiles/configure-connection-sync-with-auth0).
      */
     picture?: pulumi.Input<string>;
     /**