auth0-deploy-cli 8.24.0 → 8.25.0

package/CHANGELOG.md

@@ -7,6 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [8.25.0] - 2026-01-08
+
+### Added
+
+- `AUTH0_INCLUDED_CONNECTIONS` config property to include only selected `connection`. [#1242]
+
+### Fixed
+
+- Fix `tokenExchangeProfiles` profiles handling. [#1253]
+- Fix `idle_ephemeral_session_lifetime` and `ephemeral_session_lifetime` handling while importing [#1261]
+
 ## [8.24.0] - 2025-12-22
 
 ### Added
@@ -1591,9 +1602,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#1232]: https://github.com/auth0/auth0-deploy-cli/issues/1232
 [#1239]: https://github.com/auth0/auth0-deploy-cli/issues/1239
 [#1240]: https://github.com/auth0/auth0-deploy-cli/issues/1240
+[#1242]: https://github.com/auth0/auth0-deploy-cli/issues/1242
 [#1244]: https://github.com/auth0/auth0-deploy-cli/issues/1244
 [#1246]: https://github.com/auth0/auth0-deploy-cli/issues/1246
-[Unreleased]: https://github.com/auth0/auth0-deploy-cli/compare/v8.24.0...HEAD
+[#1253]: https://github.com/auth0/auth0-deploy-cli/issues/1253
+[Unreleased]: https://github.com/auth0/auth0-deploy-cli/compare/v8.25.0...HEAD
+[8.25.0]: https://github.com/auth0/auth0-deploy-cli/compare/v8.24.0...v8.25.0
 [8.24.0]: https://github.com/auth0/auth0-deploy-cli/compare/v8.23.2...v8.24.0
 [8.23.2]: https://github.com/auth0/auth0-deploy-cli/compare/v8.23.1...v8.23.2
 [8.23.1]: https://github.com/auth0/auth0-deploy-cli/compare/v8.23.0...v8.23.1

package/lib/context/directory/handlers/tenant.js

@@ -15,12 +15,17 @@ function parse(context) {
         return { tenant: null };
     }
     /* eslint-disable camelcase */
-    const { session_lifetime, idle_session_lifetime, ...tenant } = (0, utils_1.loadJSON)(tenantFile, {
+    const { session_lifetime, idle_session_lifetime, idle_ephemeral_session_lifetime, ephemeral_session_lifetime, ...tenant } = (0, utils_1.loadJSON)(tenantFile, {
         mappings: context.mappings,
         disableKeywordReplacement: context.disableKeywordReplacement,
     });
     (0, utils_1.clearTenantFlags)(tenant);
-    const sessionDurations = (0, sessionDurationsToMinutes_1.sessionDurationsToMinutes)({ session_lifetime, idle_session_lifetime });
+    const sessionDurations = (0, sessionDurationsToMinutes_1.sessionDurationsToMinutes)({
+        session_lifetime,
+        idle_session_lifetime,
+        idle_ephemeral_session_lifetime,
+        ephemeral_session_lifetime,
+    });
     return {
         //@ts-ignore
         tenant: {

package/lib/context/directory/index.js

@@ -63,6 +63,9 @@ class DirectoryContext {
             resourceServers: config.AUTH0_EXCLUDED_RESOURCE_SERVERS || [],
             defaults: config.AUTH0_EXCLUDED_DEFAULTS || [],
         };
+        this.assets.include = {
+            connections: config.AUTH0_INCLUDED_CONNECTIONS || [],
+        };
     }
     loadFile(f, folder) {
         const basePath = path.join(this.filePath, folder);

package/lib/context/index.js

@@ -26,6 +26,7 @@ const nonPrimitiveProps = [
     'AUTH0_INCLUDED_ONLY',
     'EXCLUDED_PROPS',
     'INCLUDED_PROPS',
+    'AUTH0_INCLUDED_CONNECTIONS',
 ];
 const EA_FEATURES = [];
 const setupContext = async (config, command) => {
@@ -97,6 +98,15 @@ const setupContext = async (config, command) => {
             logger_1.default.warn(`Usage of the ${usedDeprecatedParams.join(', ')} exclusion ${usedDeprecatedParams.length > 1 ? 'params are' : 'param is'} deprecated and may be removed from future major versions. See: https://github.com/auth0/auth0-deploy-cli/issues/451#user-content-deprecated-exclusion-props for details.`);
         }
     })(config);
+    ((config) => {
+        const hasIncludedConnections = config.AUTH0_INCLUDED_CONNECTIONS !== undefined &&
+            config.AUTH0_INCLUDED_CONNECTIONS.length > 0;
+        const hasExcludedConnections = config.AUTH0_EXCLUDED_CONNECTIONS !== undefined &&
+            config.AUTH0_EXCLUDED_CONNECTIONS.length > 0;
+        if (hasIncludedConnections && hasExcludedConnections) {
+            throw new Error('Both AUTH0_INCLUDED_CONNECTIONS and AUTH0_EXCLUDED_CONNECTIONS configuration values are defined, only one can be configured at a time.');
+        }
+    })(config);
     ((config) => {
         // Check if experimental early access features are enabled
         if (config.AUTH0_EXPERIMENTAL_EA) {

package/lib/context/yaml/handlers/tenant.js

@@ -6,9 +6,14 @@ async function parse(context) {
     if (!context.assets.tenant)
         return { tenant: null };
     /* eslint-disable camelcase */
-    const { session_lifetime, idle_session_lifetime, ...tenant } = context.assets.tenant;
+    const { session_lifetime, idle_session_lifetime, idle_ephemeral_session_lifetime, ephemeral_session_lifetime, ...tenant } = context.assets.tenant;
     (0, utils_1.clearTenantFlags)(tenant);
-    const sessionDurations = (0, sessionDurationsToMinutes_1.sessionDurationsToMinutes)({ session_lifetime, idle_session_lifetime });
+    const sessionDurations = (0, sessionDurationsToMinutes_1.sessionDurationsToMinutes)({
+        session_lifetime,
+        idle_session_lifetime,
+        idle_ephemeral_session_lifetime,
+        ephemeral_session_lifetime,
+    });
     return {
         tenant: {
             ...tenant,

package/lib/context/yaml/index.js

@@ -32,6 +32,9 @@ class YAMLContext {
             resourceServers: config.AUTH0_EXCLUDED_RESOURCE_SERVERS || [],
             defaults: config.AUTH0_EXCLUDED_DEFAULTS || [],
         };
+        this.assets.include = {
+            connections: config.AUTH0_INCLUDED_CONNECTIONS || [],
+        };
         this.basePath = (() => {
             if (!!config.AUTH0_BASE_PATH)
                 return config.AUTH0_BASE_PATH;
@@ -80,6 +83,7 @@ class YAMLContext {
         }, {});
         const initialAssets = {
             exclude: this.assets.exclude, // Keep the exclude rules in result assets
+            include: this.assets.include, // Keep the include rules in result assets
         };
         this.assets = Object.keys(this.assets).reduce((acc, key) => {
             // Get the list of asset types to include
@@ -173,6 +177,7 @@ class YAMLContext {
         let cleaned = (0, readonly_1.default)(this.assets, this.config);
         // Delete exclude as it's not part of the auth0 tenant config
         delete cleaned.exclude;
+        delete cleaned.include;
         // Optionally Strip identifiers
         if (!this.config.AUTH0_EXPORT_IDENTIFIERS) {
             cleaned = (0, utils_1.stripIdentifiers)(auth0, cleaned);

package/lib/sessionDurationsToMinutes.d.ts

@@ -1,7 +1,11 @@
-export declare const sessionDurationsToMinutes: ({ session_lifetime, idle_session_lifetime, }: {
+export declare const sessionDurationsToMinutes: ({ session_lifetime, idle_session_lifetime, idle_ephemeral_session_lifetime, ephemeral_session_lifetime, }: {
     session_lifetime?: number;
     idle_session_lifetime?: number;
+    idle_ephemeral_session_lifetime?: number;
+    ephemeral_session_lifetime?: number;
 }) => {
     session_lifetime_in_minutes?: number;
     idle_session_lifetime_in_minutes?: number;
+    idle_ephemeral_session_lifetime_in_minutes?: number;
+    ephemeral_session_lifetime_in_minutes?: number;
 };

package/lib/sessionDurationsToMinutes.js

@@ -4,12 +4,16 @@ exports.sessionDurationsToMinutes = void 0;
 function hoursToMinutes(hours) {
     return Math.round(hours * 60);
 }
-const sessionDurationsToMinutes = ({ session_lifetime, idle_session_lifetime, }) => {
+const sessionDurationsToMinutes = ({ session_lifetime, idle_session_lifetime, idle_ephemeral_session_lifetime, ephemeral_session_lifetime, }) => {
     const sessionDurations = {};
     if (!!session_lifetime)
         sessionDurations.session_lifetime_in_minutes = hoursToMinutes(session_lifetime);
     if (!!idle_session_lifetime)
         sessionDurations.idle_session_lifetime_in_minutes = hoursToMinutes(idle_session_lifetime);
+    if (!!idle_ephemeral_session_lifetime)
+        sessionDurations.idle_ephemeral_session_lifetime_in_minutes = hoursToMinutes(idle_ephemeral_session_lifetime);
+    if (!!ephemeral_session_lifetime)
+        sessionDurations.ephemeral_session_lifetime_in_minutes = hoursToMinutes(ephemeral_session_lifetime);
     return sessionDurations;
 };
 exports.sessionDurationsToMinutes = sessionDurationsToMinutes;

package/lib/tools/auth0/handlers/connections.js

@@ -551,13 +551,16 @@ class ConnectionsHandler extends default_1.default {
         if (!isOptionExists) {
             logger_1.default.warn(`Insufficient scope the update:connections_options scope is required to update ${this.type} options.`);
         }
+        const includedConnections = (assets.include && assets.include.connections) || [];
         const excludedConnections = (assets.exclude && assets.exclude.connections) || [];
-        const changes = await this.calcChanges(assets);
-        await super.processChanges(assets, (0, utils_1.filterExcluded)(changes, excludedConnections));
+        let changes = await this.calcChanges(assets);
+        changes = (0, utils_1.filterExcluded)(changes, excludedConnections);
+        changes = (0, utils_1.filterIncluded)(changes, includedConnections);
+        await super.processChanges(assets, changes);
         // process enabled clients
-        await (0, exports.processConnectionEnabledClients)(this.client, this.type, (0, utils_1.filterExcluded)(changes, excludedConnections));
+        await (0, exports.processConnectionEnabledClients)(this.client, this.type, changes);
         // process directory provisioning
-        await this.processConnectionDirectoryProvisioning((0, utils_1.filterExcluded)(changes, excludedConnections));
+        await this.processConnectionDirectoryProvisioning(changes);
     }
 }
 exports.default = ConnectionsHandler;

package/lib/tools/auth0/handlers/index.d.ts

@@ -4,5 +4,6 @@ declare const _default: { [key in AssetTypes]: {
     default: typeof APIHandler;
     excludeSchema?: any;
     schema: any;
+    includeSchema?: any;
 }; };
 export default _default;

package/lib/tools/auth0/handlers/tokenExchangeProfiles.d.ts

@@ -11,10 +11,6 @@ export declare const schema: {
                 type: string;
                 description: string;
             };
-            id: {
-                type: string;
-                description: string;
-            };
             subject_token_type: {
                 type: string;
                 description: string;
@@ -28,16 +24,6 @@ export declare const schema: {
                 enum: string[];
                 description: string;
             };
-            created_at: {
-                type: string;
-                format: string;
-                description: string;
-            };
-            updated_at: {
-                type: string;
-                format: string;
-                description: string;
-            };
         };
         required: string[];
     };

package/lib/tools/auth0/handlers/tokenExchangeProfiles.js

@@ -55,10 +55,6 @@ exports.schema = {
                 type: 'string',
                 description: 'The name of the token exchange profile',
             },
-            id: {
-                type: 'string',
-                description: 'The unique identifier of the token exchange profile',
-            },
             subject_token_type: {
                 type: 'string',
                 description: 'The URI representing the subject token type',
@@ -72,16 +68,6 @@ exports.schema = {
                 enum: ['custom_authentication'],
                 description: 'The type of token exchange profile',
             },
-            created_at: {
-                type: 'string',
-                format: 'date-time',
-                description: 'The timestamp when the profile was created',
-            },
-            updated_at: {
-                type: 'string',
-                format: 'date-time',
-                description: 'The timestamp when the profile was last updated',
-            },
         },
         required: ['name', 'subject_token_type', 'action', 'type'],
     },
@@ -92,10 +78,10 @@ class TokenExchangeProfilesHandler extends default_1.default {
             ...config,
             type: 'tokenExchangeProfiles',
             id: 'id',
-            identifiers: ['id', 'name'],
+            identifiers: ['id', 'subject_token_type'],
             // Only name and subject_token_type can be updated
-            stripUpdateFields: ['id', 'created_at', 'updated_at', 'action_id', 'type'],
-            stripCreateFields: ['id', 'created_at', 'updated_at'],
+            stripUpdateFields: ['created_at', 'updated_at', 'action_id', 'type'],
+            stripCreateFields: ['created_at', 'updated_at'],
         });
     }
     sanitizeForExport(profile, actions) {
@@ -145,9 +131,9 @@ class TokenExchangeProfilesHandler extends default_1.default {
                 paginate: true,
             });
             // Fetch all actions to map action_id to action name
-            const actions = await this.getActions();
+            this.actions = await this.getActions();
             // Map action_id to action name for each profile
-            this.existing = profiles.map((profile) => this.sanitizeForExport(profile, actions));
+            this.existing = profiles.map((profile) => this.sanitizeForExport(profile, this.actions ?? []));
             return this.existing;
         }
         catch (err) {
@@ -163,31 +149,34 @@ class TokenExchangeProfilesHandler extends default_1.default {
         // Do nothing if not set
         if (!tokenExchangeProfiles)
             return;
-        // Fetch actions to resolve action names to IDs
-        const actions = await this.getActions();
-        // Map action names to action_ids before processing
-        const sanitizedProfiles = tokenExchangeProfiles.map((profile) => this.sanitizeForAPI(profile, actions));
-        // Create modified assets with sanitized profiles
-        const modifiedAssets = {
-            ...assets,
-            tokenExchangeProfiles: sanitizedProfiles,
-        };
         // Calculate changes
-        const { del, update, create, conflicts } = await this.calcChanges(modifiedAssets);
+        const { del, update, create, conflicts } = await this.calcChanges(assets);
         logger_1.default.debug(`Start processChanges for tokenExchangeProfiles [delete:${del.length}] [update:${update.length}], [create:${create.length}], [conflicts:${conflicts.length}]`);
+        // Fetch actions to resolve action names to IDs
+        if (!this.actions || this.actions.length === 0) {
+            this.actions = await this.getActions();
+        }
         // Process changes in order: delete, create, update
         if (del.length > 0) {
-            await this.deleteTokenExchangeProfiles(del);
+            await this.deleteTokenExchangeProfiles(del.map((profile) => this.sanitizeForAPI(profile, this.actions ?? [])));
         }
         if (create.length > 0) {
-            await this.createTokenExchangeProfiles(create);
+            await this.createTokenExchangeProfiles(create.map((profile) => this.sanitizeForAPI(profile, this.actions ?? [])));
         }
         if (update.length > 0) {
-            await this.updateTokenExchangeProfiles(update);
+            await this.updateTokenExchangeProfiles(update.map((profile) => this.sanitizeForAPI(profile, this.actions ?? [])));
         }
     }
     async createTokenExchangeProfile(profile) {
-        const { id, created_at, updated_at, ...createParams } = profile;
+        if (!profile.name || !profile.subject_token_type || !profile.action_id || !profile.type) {
+            throw new Error(`Cannot create token exchange profile missing required fields`);
+        }
+        const createParams = {
+            name: profile.name,
+            subject_token_type: profile.subject_token_type,
+            action_id: profile.action_id,
+            type: profile.type,
+        };
         const created = await this.client.tokenExchangeProfiles.create(createParams);
         return created;
     }
@@ -207,10 +196,14 @@ class TokenExchangeProfilesHandler extends default_1.default {
             .promise();
     }
     async updateTokenExchangeProfile(profile) {
-        const { id, created_at, updated_at, action_id, type, ...updateParams } = profile;
+        const { id, name, subject_token_type } = profile;
         if (!id) {
             throw new Error(`Cannot update token exchange profile "${profile.name}" - missing id`);
         }
+        const updateParams = {
+            name,
+            subject_token_type,
+        };
         await this.client.tokenExchangeProfiles.update(id, updateParams);
     }
     async updateTokenExchangeProfiles(updates) {

package/lib/tools/auth0/schema.d.ts

@@ -9,6 +9,13 @@ declare const _default: {
             };
             default: {};
         };
+        include: {
+            type: string;
+            properties: {
+                [key: string]: Object;
+            };
+            default: {};
+        };
     };
     additionalProperties: boolean;
 };

package/lib/tools/auth0/schema.js

@@ -14,6 +14,12 @@ const excludeSchema = Object.entries(handlers_1.default).reduce((map, [name, obj
     }
     return map;
 }, {});
+const includeSchema = Object.entries(handlers_1.default).reduce((map, [name, obj]) => {
+    if (obj.includeSchema) {
+        map[name] = obj.includeSchema;
+    }
+    return map;
+}, {});
 exports.default = {
     type: 'object',
     $schema: 'http://json-schema.org/draft-07/schema#',
@@ -24,6 +30,11 @@ exports.default = {
             properties: { ...excludeSchema },
             default: {},
         },
+        include: {
+            type: 'object',
+            properties: { ...includeSchema },
+            default: {},
+        },
     },
     additionalProperties: false,
 };

package/lib/tools/utils.d.ts

@@ -19,6 +19,7 @@ export declare function stripFields(obj: Asset, fields: string[]): Asset;
 export declare function getEnabledClients(assets: Assets, connection: Asset, existing: Asset[], clients: Asset[]): string[] | undefined;
 export declare function duplicateItems(arr: Asset[], key: string): Asset[];
 export declare function filterExcluded(changes: CalculatedChanges, exclude: string[]): CalculatedChanges;
+export declare function filterIncluded(changes: CalculatedChanges, include: string[]): CalculatedChanges;
 export declare function areArraysEquals(x: any[], y: any[]): boolean;
 export declare const obfuscateSensitiveValues: (data: Asset | Asset[] | null, sensitiveFieldsToObfuscate: string[]) => Asset | Asset[] | null;
 export declare const stripObfuscatedFieldsFromPayload: (data: Asset | Asset[] | null, obfuscatedFields: string[]) => Asset | Asset[] | null;

package/lib/tools/utils.js

@@ -50,6 +50,7 @@ exports.stripFields = stripFields;
 exports.getEnabledClients = getEnabledClients;
 exports.duplicateItems = duplicateItems;
 exports.filterExcluded = filterExcluded;
+exports.filterIncluded = filterIncluded;
 exports.areArraysEquals = areArraysEquals;
 exports.sleep = sleep;
 exports.maskSecretAtPath = maskSecretAtPath;
@@ -213,6 +214,19 @@ function filterExcluded(changes, exclude) {
         conflicts: filter(conflicts),
     };
 }
+function filterIncluded(changes, include) {
+    const { del, update, create, conflicts } = changes;
+    if (!include || !include.length) {
+        return changes;
+    }
+    const filter = (list) => list.filter((item) => include.includes(item.name));
+    return {
+        del: filter(del),
+        update: filter(update),
+        create: filter(create),
+        conflicts: filter(conflicts),
+    };
+}
 function areArraysEquals(x, y) {
     return lodash_1.default.isEqual(x && x.sort(), y && y.sort());
 }

package/lib/types.d.ts

@@ -76,6 +76,7 @@ export type Config = {
     INCLUDED_PROPS?: {
         [key: string]: string[];
     };
+    AUTH0_INCLUDED_CONNECTIONS?: string[];
     AUTH0_IGNORE_UNAVAILABLE_MIGRATIONS?: boolean;
     AUTH0_EXCLUDED_RULES?: string[];
     AUTH0_EXCLUDED_CLIENTS?: string[];
@@ -131,6 +132,9 @@ export type Assets = Partial<{
     exclude?: {
         [key: string]: string[];
     };
+    include?: {
+        [key: string]: string[];
+    };
     clientsOrig: Asset[] | null;
     themes: Theme[] | null;
     forms: Form[] | null;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auth0-deploy-cli",
-  "version": "8.24.0",
+  "version": "8.25.0",
   "description": "A command line tool for deploying updates to your Auth0 tenant",
   "main": "lib/index.js",
   "bin": {
@@ -42,7 +42,7 @@
     "nconf": "^0.13.0",
     "promise-pool-executor": "^1.1.1",
     "sanitize-filename": "^1.6.3",
-    "undici": "^7.16.0",
+    "undici": "^7.18.0",
     "winston": "^3.19.0",
     "yargs": "^15.4.1"
   },
@@ -52,8 +52,8 @@
     "@types/mocha": "^10.0.10",
     "@types/nconf": "^0.10.7",
     "@eslint/js": "^9.39.2",
-    "@typescript-eslint/eslint-plugin": "^8.50.0",
-    "@typescript-eslint/parser": "^8.50.0",
+    "@typescript-eslint/eslint-plugin": "^8.52.0",
+    "@typescript-eslint/parser": "^8.52.0",
     "chai": "^4.5.0",
     "chai-as-promised": "^7.1.2",
     "eslint": "^9.39.2",