auth0-deploy-cli 8.25.0 → 8.27.0

package/lib/tools/auth0/handlers/flowVaultConnections.js

@@ -66,10 +66,13 @@ exports.schema = {
 const getAllFlowConnections = async (auth0Client) => {
     const allFlowConnections = [];
     let vaultConnections = await auth0Client.flows.vault.connections.list();
-    do {
-        allFlowConnections.push(...vaultConnections.data);
+    // Process first page
+    allFlowConnections.push(...vaultConnections.data);
+    // Fetch remaining pages
+    while (vaultConnections.hasNextPage()) {
         vaultConnections = await vaultConnections.getNextPage();
-    } while (vaultConnections.hasNextPage());
+        allFlowConnections.push(...vaultConnections.data);
+    }
     return allFlowConnections;
 };
 exports.getAllFlowConnections = getAllFlowConnections;

package/lib/tools/auth0/handlers/flows.js

@@ -70,9 +70,6 @@ class FlowHandler extends default_1.default {
             id: 'id',
             stripCreateFields: ['created_at', 'updated_at', 'executed_at'],
             stripUpdateFields: ['created_at', 'updated_at', 'executed_at'],
-            functions: {
-                update: async ({ id }, bodyParams) => this.client.flows.update(id, bodyParams),
-            },
         });
     }
     objString(item) {

package/lib/tools/auth0/handlers/forms.js

@@ -69,9 +69,6 @@ class FormsHandler extends default_1.default {
             id: 'id',
             stripCreateFields: ['created_at', 'updated_at', 'submitted_at', 'embedded_at'],
             stripUpdateFields: ['created_at', 'updated_at', 'submitted_at', 'embedded_at'],
-            functions: {
-                update: async ({ id }, bodyParams) => this.client.forms.update(id, bodyParams),
-            },
         });
     }
     objString(item) {

package/lib/tools/auth0/handlers/logStreams.js

@@ -96,9 +96,6 @@ class LogStreamsHandler extends default_1.default {
                 'sink.splunkToken',
                 'sink.datadogApiKey',
             ],
-            functions: {
-                update: async (params, payload) => this.client.logStreams.update(params?.id, payload),
-            },
         });
     }
     objString(item) {

package/lib/tools/auth0/handlers/organizations.d.ts

@@ -87,6 +87,9 @@ export declare const schema: {
                             type: string;
                             enum: string[];
                         };
+                        use_for_organization_discovery: {
+                            type: string;
+                        };
                     };
                     required: string[];
                 };
@@ -122,7 +125,7 @@ export default class OrganizationsHandler extends DefaultHandler {
     getAllOrganizationDiscoveryDomains(organizationId: string): Promise<Management.OrganizationDiscoveryDomain[] | null>;
     getOrganizationDiscoveryDomain(organizationId: string, discoveryDomainId: string): Promise<Management.GetOrganizationDiscoveryDomainResponseContent>;
     createOrganizationDiscoveryDomain(organizationId: string, discoveryDomain: Management.CreateOrganizationDiscoveryDomainRequestContent): Promise<Management.CreateOrganizationDiscoveryDomainResponseContent>;
-    updateOrganizationDiscoveryDomain(organizationId: string, discoveryDomainId: string, discoveryDomain: string, status: Management.OrganizationDiscoveryDomainStatus): Promise<Management.UpdateOrganizationDiscoveryDomainResponseContent>;
+    updateOrganizationDiscoveryDomain(organizationId: string, discoveryDomainId: string, discoveryDomain: string, discoveryDomainUpdate: Management.UpdateOrganizationDiscoveryDomainRequestContent): Promise<Management.UpdateOrganizationDiscoveryDomainResponseContent>;
     deleteOrganizationDiscoveryDomain(organizationId: string, discoveryDomain: string, discoveryDomainId: string): Promise<void>;
 }
 export {};

package/lib/tools/auth0/handlers/organizations.js

@@ -112,6 +112,9 @@ exports.schema = {
                     properties: {
                         domain: { type: 'string' },
                         status: { type: 'string', enum: ['pending', 'verified'] },
+                        use_for_organization_discovery: {
+                            type: 'boolean',
+                        },
                     },
                     required: ['domain', 'status'],
                 },
@@ -174,6 +177,7 @@ class OrganizationsHandler extends default_1.default {
                 generator: (discoveryDomain) => this.createOrganizationDiscoveryDomain(created.id, {
                     domain: discoveryDomain?.domain,
                     status: discoveryDomain?.status,
+                    use_for_organization_discovery: discoveryDomain?.use_for_organization_discovery,
                 }).catch((err) => {
                     throw new Error(`Problem creating discovery domain ${discoveryDomain?.domain} for organization ${created.id}\n${err}`);
                 }),
@@ -256,32 +260,47 @@ class OrganizationsHandler extends default_1.default {
         const orgDiscoveryDomainsToRemove = existingDiscoveryDomains?.filter((existingDomain) => !organizationDiscoveryDomains?.find((d) => d.domain === existingDomain.domain)) || [];
         const orgDiscoveryDomainsToAdd = organizationDiscoveryDomains?.filter((domain) => !existingDiscoveryDomains?.find((d) => d.domain === domain.domain)) || [];
         const orgDiscoveryDomainsToUpdate = existingDiscoveryDomains
-            ?.filter((existingDomain) => {
+            ?.map((existingDomain) => {
             const updatedDomain = organizationDiscoveryDomains?.find((d) => d.domain === existingDomain.domain);
-            return updatedDomain && updatedDomain.status !== existingDomain.status;
+            if (!updatedDomain)
+                return undefined;
+            return {
+                ...updatedDomain,
+                id: existingDomain.id, // setting remote id for update
+            };
         })
-            .map((existingDomain) => ({
-            id: existingDomain.id,
-            domain: existingDomain.domain,
-            status: organizationDiscoveryDomains.find((d) => d.domain === existingDomain.domain)
-                .status,
-        })) || [];
-        // Handle updates first
-        await Promise.all(orgDiscoveryDomainsToUpdate.map((domainUpdate) => this.updateOrganizationDiscoveryDomain(params.id, domainUpdate.id, domainUpdate.domain, domainUpdate.status).catch((err) => {
-            throw new Error(`Problem updating discovery domain ${domainUpdate.domain} for organization ${params.id}\n${err.message}`);
-        })));
-        await Promise.all(orgDiscoveryDomainsToAdd.map((domain) => this.createOrganizationDiscoveryDomain(params.id, {
-            domain: domain.domain,
-            status: domain.status,
-        }).catch((err) => {
-            throw new Error(`Problem adding discovery domain ${domain.domain} for organization ${params.id}\n${err.message}`);
-        })));
+            .filter(Boolean) || [];
+        for (const { id, domain, ...updateParams } of orgDiscoveryDomainsToUpdate) {
+            try {
+                await this.updateOrganizationDiscoveryDomain(params.id, id, domain, updateParams);
+            }
+            catch (err) {
+                throw new Error(`Problem updating discovery domain ${domain} for organization ${params.id}\n${err.message}`);
+            }
+        }
+        for (const domain of orgDiscoveryDomainsToAdd) {
+            try {
+                await this.createOrganizationDiscoveryDomain(params.id, {
+                    domain: domain.domain,
+                    status: domain.status,
+                    use_for_organization_discovery: domain.use_for_organization_discovery,
+                });
+            }
+            catch (err) {
+                throw new Error(`Problem adding discovery domain ${domain.domain} for organization ${params.id}\n${err.message}`);
+            }
+        }
         if (orgDiscoveryDomainsToRemove.length > 0) {
             if (this.config('AUTH0_ALLOW_DELETE') === 'true' ||
                 this.config('AUTH0_ALLOW_DELETE') === true) {
-                await Promise.all(orgDiscoveryDomainsToRemove.map((domain) => this.deleteOrganizationDiscoveryDomain(params.id, domain.domain, domain.id).catch((err) => {
-                    throw new Error(`Problem removing discovery domain ${domain.domain} for organization ${params.id}\n${err.message}`);
-                })));
+                for (const domain of orgDiscoveryDomainsToRemove) {
+                    try {
+                        await this.deleteOrganizationDiscoveryDomain(params.id, domain.domain, domain.id);
+                    }
+                    catch (err) {
+                        throw new Error(`Problem removing discovery domain ${domain.domain} for organization ${params.id}\n${err.message}`);
+                    }
+                }
             }
             else {
                 logger_1.default.warn(`Detected the following organization discovery domains should be deleted. Doing so may be destructive.\nYou can enable deletes by setting 'AUTH0_ALLOW_DELETE' to true in the config
@@ -416,19 +435,25 @@ class OrganizationsHandler extends default_1.default {
     async getOrganizationEnabledConnections(organizationId) {
         const allOrganizationConnections = [];
         let organizationConnections = await this.client.organizations.enabledConnections.list(organizationId);
-        do {
-            allOrganizationConnections.push(...organizationConnections.data);
+        // Process first page
+        allOrganizationConnections.push(...organizationConnections.data);
+        // Fetch remaining pages
+        while (organizationConnections.hasNextPage()) {
             organizationConnections = await organizationConnections.getNextPage();
-        } while (organizationConnections.hasNextPage());
+            allOrganizationConnections.push(...organizationConnections.data);
+        }
         return allOrganizationConnections;
     }
     async getOrganizationClientGrants(organizationId) {
         const allOrganizationClientGrants = [];
         let organizationClientGrants = await this.client.organizations.clientGrants.list(organizationId);
-        do {
-            allOrganizationClientGrants.push(...organizationClientGrants.data);
+        // Process first page
+        allOrganizationClientGrants.push(...organizationClientGrants.data);
+        // Fetch remaining pages
+        while (organizationClientGrants.hasNextPage()) {
             organizationClientGrants = await organizationClientGrants.getNextPage();
-        } while (organizationClientGrants.hasNextPage());
+            allOrganizationClientGrants.push(...organizationClientGrants.data);
+        }
         return allOrganizationClientGrants;
     }
     async createOrganizationClientGrants(organizationId, grantId) {
@@ -447,10 +472,13 @@ class OrganizationsHandler extends default_1.default {
         const allDiscoveryDomains = [];
         try {
             let orgDiscoveryDomain = await this.client.organizations.discoveryDomains.list(organizationId);
-            do {
-                allDiscoveryDomains.push(...orgDiscoveryDomain.data);
+            // Process first page
+            allDiscoveryDomains.push(...orgDiscoveryDomain.data);
+            // Fetch remaining pages
+            while (orgDiscoveryDomain.hasNextPage()) {
                 orgDiscoveryDomain = await orgDiscoveryDomain.getNextPage();
-            } while (orgDiscoveryDomain.hasNextPage());
+                allDiscoveryDomains.push(...orgDiscoveryDomain.data);
+            }
             return allDiscoveryDomains;
         }
         catch (err) {
@@ -480,7 +508,7 @@ class OrganizationsHandler extends default_1.default {
             .promise();
         return orgDiscoveryDomain;
     }
-    async updateOrganizationDiscoveryDomain(organizationId, discoveryDomainId, discoveryDomain, status) {
+    async updateOrganizationDiscoveryDomain(organizationId, discoveryDomainId, discoveryDomain, discoveryDomainUpdate) {
         logger_1.default.debug(`Updating discovery domain ${discoveryDomain} for organization ${organizationId}`);
         // stripUpdateFields does not support in sub modules
         const stripUpdateFields = ['verification_host', 'verification_txt'];
@@ -492,7 +520,8 @@ class OrganizationsHandler extends default_1.default {
                 discoveryDomainId: discoveryDomainId,
             },
             generator: (args) => this.client.organizations.discoveryDomains.update(args.id, args.discoveryDomainId, {
-                status: status,
+                status: discoveryDomainUpdate.status,
+                use_for_organization_discovery: discoveryDomainUpdate.use_for_organization_discovery,
             }),
         })
             .promise();

package/lib/tools/auth0/handlers/prompts.d.ts

@@ -3,7 +3,7 @@ import DefaultHandler from './default';
 import { Assets, Language } from '../../../types';
 declare const promptTypes: readonly ["login", "login-id", "login-password", "login-passwordless", "login-email-verification", "signup", "signup-id", "signup-password", "phone-identifier-enrollment", "phone-identifier-challenge", "email-identifier-challenge", "reset-password", "custom-form", "consent", "customized-consent", "logout", "mfa-push", "mfa-otp", "mfa-voice", "mfa-phone", "mfa-webauthn", "mfa-sms", "mfa-email", "mfa-recovery-code", "mfa", "status", "device-flow", "email-verification", "email-otp-challenge", "organizations", "invitation", "common", "captcha", "passkeys", "brute-force-protection"];
 export type PromptTypes = (typeof promptTypes)[number];
-declare const screenTypes: readonly ["login", "login-id", "login-password", "login-email-verification", "signup", "signup-id", "signup-password", "reset-password-request", "reset-password-email", "reset-password", "reset-password-success", "reset-password-error", "consent", "status", "mfa-detect-browser-capabilities", "mfa-enroll-result", "mfa-login-options", "mfa-begin-enroll-options", "mfa-otp-enrollment-qr", "mfa-otp-enrollment-code", "mfa-otp-challenge", "mfa-voice-challenge", "mfa-sms-challenge", "mfa-recovery-code-enrollment", "mfa-recovery-code-challenge", "mfa-country-codes", "mfa-sms-enrollment", "mfa-voice-enrollment", "mfa-phone-challenge", "mfa-phone-enrollment", "mfa-webauthn-roaming-enrollment", "mfa-webauthn-platform-enrollment", "mfa-webauthn-platform-challenge", "mfa-webauthn-roaming-challenge", "mfa-webauthn-change-key-nickname", "mfa-webauthn-enrollment-success", "mfa-webauthn-error", "mfa-webauthn-not-available-error", "mfa-sms-list", "mfa-email-challenge", "mfa-email-list", "mfa-push-welcome", "mfa-push-list", "mfa-push-enrollment-qr", "mfa-push-enrollment-code", "mfa-push-success", "mfa-push-challenge-push", "device-code-activation", "device-code-activation-allowed", "device-code-activation-denied", "device-code-confirmation", "email-verification-result", "email-otp-challenge", "redeem-ticket", "organization-selection", "accept-invitation", "login-passwordless-email-code", "login-passwordless-email-link", "login-passwordless-sms-otp", "passkey-enrollment", "passkey-enrollment-local", "brute-force-protection-unblock", "brute-force-protection-unblock-success", "brute-force-protection-unblock-failure"];
+declare const screenTypes: readonly ["login", "login-id", "login-password", "login-email-verification", "signup", "signup-id", "signup-password", "reset-password-request", "reset-password-email", "reset-password", "reset-password-success", "reset-password-error", "consent", "status", "mfa-detect-browser-capabilities", "mfa-enroll-result", "mfa-login-options", "mfa-begin-enroll-options", "mfa-otp-enrollment-qr", "mfa-otp-enrollment-code", "mfa-otp-challenge", "mfa-voice-challenge", "mfa-sms-challenge", "mfa-recovery-code-enrollment", "mfa-recovery-code-challenge", "mfa-country-codes", "mfa-sms-enrollment", "mfa-voice-enrollment", "mfa-phone-challenge", "mfa-phone-enrollment", "mfa-webauthn-roaming-enrollment", "mfa-webauthn-platform-enrollment", "mfa-webauthn-platform-challenge", "mfa-webauthn-roaming-challenge", "mfa-webauthn-change-key-nickname", "mfa-webauthn-enrollment-success", "mfa-webauthn-error", "mfa-webauthn-not-available-error", "mfa-sms-list", "mfa-email-challenge", "mfa-email-list", "mfa-push-welcome", "mfa-push-list", "mfa-push-enrollment-qr", "mfa-push-enrollment-code", "mfa-push-success", "mfa-push-challenge-push", "device-code-activation", "device-code-activation-allowed", "device-code-activation-denied", "device-code-confirmation", "email-verification-result", "email-otp-challenge", "redeem-ticket", "organization-selection", "pre-login-organization-picker", "accept-invitation", "login-passwordless-email-code", "login-passwordless-email-link", "login-passwordless-sms-otp", "passkey-enrollment", "passkey-enrollment-local", "brute-force-protection-unblock", "brute-force-protection-unblock-success", "brute-force-protection-unblock-failure"];
 export type ScreenTypes = (typeof screenTypes)[number];
 declare const customPartialsPromptTypes: string[];
 export type CustomPartialsPromptTypes = (typeof customPartialsPromptTypes)[number];
@@ -75,7 +75,7 @@ export type PromptsCustomText = {
 export type AllPromptsByLanguage = Partial<{
     [key in Language]: Partial<PromptsCustomText>;
 }>;
-export type ScreenRenderer = Management.AculResponseContent;
+export type ScreenRenderer = Management.GetAculResponseContent;
 export type Prompts = Partial<PromptSettings & {
     customText: AllPromptsByLanguage;
     partials: CustomPromptPartials;

package/lib/tools/auth0/handlers/prompts.js

@@ -103,6 +103,7 @@ const screenTypes = [
     'email-otp-challenge',
     'redeem-ticket',
     'organization-selection',
+    'pre-login-organization-picker',
     'accept-invitation',
     'login-passwordless-email-code',
     'login-passwordless-email-link',

package/lib/tools/auth0/handlers/resourceServers.d.ts

@@ -95,7 +95,5 @@ export default class ResourceServersHandler extends DefaultHandler {
     calcChanges(assets: Assets): Promise<CalculatedChanges>;
     validate(assets: Assets): Promise<void>;
     processChanges(assets: Assets): Promise<void>;
-    updateResourceServer(args: {
-        id: string;
-    }, update: ResourceServer): Promise<Management.UpdateResourceServerResponseContent>;
+    updateResourceServer(id: string, update: ResourceServer): Promise<Management.UpdateResourceServerResponseContent>;
 }

package/lib/tools/auth0/handlers/resourceServers.js

@@ -88,7 +88,7 @@ class ResourceServersHandler extends default_1.default {
             stripCreateFields: ['client_id', 'is_system'],
             stripUpdateFields: ['identifier', 'client_id', 'is_system'],
             functions: {
-                update: (args, data) => this.updateResourceServer(args, data),
+                update: (id, data) => this.updateResourceServer(id, data),
             },
         });
     }
@@ -172,7 +172,7 @@ class ResourceServersHandler extends default_1.default {
             ...changes,
         });
     }
-    async updateResourceServer(args, update) {
+    async updateResourceServer(id, update) {
         // Exclude name from update as it cannot be modified for system resource servers like Auth0 My Account API
         if (update.is_system === true || update.name === 'Auth0 My Account API') {
             const updateFields = {
@@ -181,9 +181,9 @@ class ResourceServersHandler extends default_1.default {
                 skip_consent_for_verifiable_first_party_clients: update.skip_consent_for_verifiable_first_party_clients,
                 subject_type_authorization: update.subject_type_authorization,
             };
-            return this.client.resourceServers.update(args?.id, updateFields);
+            return this.client.resourceServers.update(id, updateFields);
         }
-        return this.client.resourceServers.update(args?.id, update);
+        return this.client.resourceServers.update(id, update);
     }
 }
 exports.default = ResourceServersHandler;

package/lib/tools/auth0/handlers/roles.js

@@ -194,10 +194,13 @@ class RolesHandler extends default_1.default {
                 */
                 const rolesId = roles[index].id;
                 let permissions = await this.client.roles.permissions.list(rolesId, { per_page: 100 });
-                do {
-                    allPermission.push(...permissions.data);
+                // Process first page
+                allPermission.push(...permissions.data);
+                // Fetch remaining pages
+                while (permissions.hasNextPage()) {
                     permissions = await permissions.getNextPage();
-                } while (permissions.hasNextPage());
+                    allPermission.push(...permissions.data);
+                }
                 const strippedPerms = await Promise.all(allPermission.map(async (permission) => {
                     delete permission.resource_server_name;
                     delete permission.description;

package/lib/tools/auth0/handlers/scimHandler.d.ts

@@ -1,9 +1,6 @@
 import { PromisePoolExecutor } from 'promise-pool-executor';
 import { Management } from 'auth0';
 import { Asset } from '../../../types';
-interface ScimRequestParams {
-    id: string;
-}
 interface ScimBodyParams {
     user_id_attribute: string;
     mapping: {
@@ -61,20 +58,20 @@ export default class ScimHandler {
     /**
      * Creates a new `SCIM` configuration.
      */
-    createScimConfiguration({ id }: ScimRequestParams, { user_id_attribute, mapping }: ScimBodyParams): Promise<Asset | null>;
+    createScimConfiguration(id: string, { user_id_attribute, mapping }: ScimBodyParams): Promise<Asset | null>;
     /**
      * Retrieves `SCIM` configuration of an enterprise connection.
      */
-    getScimConfiguration({ id, }: ScimRequestParams): Promise<Management.GetScimConfigurationResponseContent | null>;
+    getScimConfiguration(id: string): Promise<Management.GetScimConfigurationResponseContent | null>;
     /**
      * Updates an existing `SCIM` configuration.
      */
-    updateScimConfiguration({ id }: ScimRequestParams, { user_id_attribute, mapping }: ScimBodyParams): Promise<Asset | null>;
+    updateScimConfiguration(id: string, { user_id_attribute, mapping }: ScimBodyParams): Promise<Asset | null>;
     /**
      * Deletes an existing `SCIM` configuration.
      */
-    deleteScimConfiguration({ id }: ScimRequestParams): Promise<Asset | null>;
-    updateOverride(requestParams: ScimRequestParams, bodyParams: Asset): Promise<Management.UpdateConnectionResponseContent>;
+    deleteScimConfiguration(id: string): Promise<Asset | null>;
+    updateOverride(connectionId: string, bodyParams: Asset): Promise<Management.UpdateConnectionResponseContent>;
     createOverride(bodyParams: Asset): Promise<Management.CreateConnectionResponseContent>;
 }
 export {};

package/lib/tools/auth0/handlers/scimHandler.js

@@ -49,7 +49,7 @@ class ScimHandler {
                 if (!this.isScimStrategy(connection.strategy))
                     return Promise.resolve(null);
                 this.idMap.set(connection.id, { strategy: connection.strategy });
-                return this.getScimConfiguration({ id: connection.id })
+                return this.getScimConfiguration(connection.id)
                     .then((response) => {
                     const scimConfiguration = response;
                     if (scimConfiguration) {
@@ -156,7 +156,7 @@ class ScimHandler {
     /**
      * Creates a new `SCIM` configuration.
      */
-    async createScimConfiguration({ id }, 
+    async createScimConfiguration(id, 
     // eslint-disable-next-line camelcase
     { user_id_attribute, mapping }) {
         logger_1.default.debug(`Creating SCIM configuration on connection ${id}`);
@@ -165,14 +165,14 @@ class ScimHandler {
     /**
      * Retrieves `SCIM` configuration of an enterprise connection.
      */
-    async getScimConfiguration({ id, }) {
+    async getScimConfiguration(id) {
         logger_1.default.debug(`Getting SCIM configuration from connection ${id}`);
         return this.withErrorHandling(async () => this.connectionsManager.scimConfiguration.get(id), 'get', id);
     }
     /**
      * Updates an existing `SCIM` configuration.
      */
-    async updateScimConfiguration({ id }, 
+    async updateScimConfiguration(id, 
     // eslint-disable-next-line camelcase
     { user_id_attribute, mapping }) {
         logger_1.default.debug(`Updating SCIM configuration on connection ${id}`);
@@ -181,19 +181,22 @@ class ScimHandler {
     /**
      * Deletes an existing `SCIM` configuration.
      */
-    async deleteScimConfiguration({ id }) {
+    async deleteScimConfiguration(id) {
         logger_1.default.debug(`Deleting SCIM configuration on connection ${id}`);
         return this.withErrorHandling(async () => this.connectionsManager.scimConfiguration.delete(id), 'delete', id);
     }
-    async updateOverride(requestParams, bodyParams) {
+    async updateOverride(connectionId, bodyParams) {
         // Extract `scim_configuration` from `bodyParams`.
         // Remove `scim_configuration` from `bodyParams`, because `connections.update` doesn't accept it.
         const { scim_configuration: scimBodyParams } = bodyParams;
         delete bodyParams.scim_configuration;
         delete bodyParams.directory_provisioning_configuration;
+        // Remove deprecated enabled_clients field
+        if ('enabled_clients' in bodyParams)
+            delete bodyParams.enabled_clients;
         // First, update `connections`.
-        const updated = await this.connectionsManager.update(requestParams.id, bodyParams);
-        const idMapEntry = this.idMap.get(requestParams.id);
+        const updated = await this.connectionsManager.update(connectionId, bodyParams);
+        const idMapEntry = this.idMap.get(connectionId);
         // Now, update `scim_configuration` inside the updated connection.
         // If `scim_configuration` exists in both local and remote -> updateScimConfiguration(...)
         // If `scim_configuration` exists in remote but local -> deleteScimConfiguration(...)
@@ -201,20 +204,20 @@ class ScimHandler {
         if (idMapEntry?.scimConfiguration) {
             if (scimBodyParams) {
                 if (this.scimScopes.update) {
-                    await this.updateScimConfiguration(requestParams, scimBodyParams);
+                    await this.updateScimConfiguration(connectionId, scimBodyParams);
                 }
             }
             else if (this.config('AUTH0_ALLOW_DELETE')) {
                 if (this.scimScopes.delete) {
-                    await this.deleteScimConfiguration(requestParams);
+                    await this.deleteScimConfiguration(connectionId);
                 }
             }
             else {
-                logger_1.default.warn(`Skipping DELETE scim_configuration on \"${requestParams.id}\". Enable deletes by setting \"AUTH0_ALLOW_DELETE\" to true in your config.`);
+                logger_1.default.warn(`Skipping DELETE scim_configuration on \"${connectionId}\". Enable deletes by setting \"AUTH0_ALLOW_DELETE\" to true in your config.`);
             }
         }
         else if (scimBodyParams && this.scimScopes.create) {
-            await this.createScimConfiguration(requestParams, scimBodyParams);
+            await this.createScimConfiguration(connectionId, scimBodyParams);
         }
         // Return response from connections.update(...).
         return updated;
@@ -225,11 +228,14 @@ class ScimHandler {
         const { scim_configuration: scimBodyParams } = bodyParams;
         delete bodyParams.scim_configuration;
         delete bodyParams.directory_provisioning_configuration;
+        // Remove deprecated enabled_clients field
+        if ('enabled_clients' in bodyParams)
+            delete bodyParams.enabled_clients;
         // First, create the new `connection`.
         const data = await this.connectionsManager.create(bodyParams);
         if (data?.id && scimBodyParams && this.scimScopes.create) {
             // Now, create the `scim_configuration` for newly created `connection`.
-            await this.createScimConfiguration({ id: data.id }, scimBodyParams);
+            await this.createScimConfiguration(data.id, scimBodyParams);
         }
         // Return response from connections.create(...).
         return data;

package/lib/tools/auth0/handlers/selfServiceProfiles.d.ts

@@ -48,6 +48,14 @@ export declare const schema: {
                     };
                 };
             };
+            allowed_strategies: {
+                type: string;
+                description: string;
+                items: {
+                    type: string;
+                    enum: ("pingfederate" | "adfs" | "waad" | "google-apps" | "okta" | "oidc" | "samlp" | "auth0-samlp" | "okta-samlp" | "keycloak-samlp")[];
+                };
+            };
             branding: {
                 type: string;
                 properties: {

package/lib/tools/auth0/handlers/selfServiceProfiles.js

@@ -43,6 +43,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.schema = void 0;
+const auth0_1 = require("auth0");
 const lodash_1 = require("lodash");
 const logger_1 = __importDefault(require("../../../logger"));
 const default_1 = __importStar(require("./default"));
@@ -86,6 +87,14 @@ exports.schema = {
                     },
                 },
             },
+            allowed_strategies: {
+                type: 'array',
+                description: 'List of IdP strategies that will be shown to users during the Self-Service SSO flow.',
+                items: {
+                    type: 'string',
+                    enum: Object.values(auth0_1.Management.SelfServiceProfileAllowedStrategyEnum),
+                },
+            },
             branding: {
                 type: 'object',
                 properties: {

package/lib/tools/auth0/handlers/userAttributeProfiles.js

@@ -256,9 +256,6 @@ class UserAttributeProfilesHandler extends default_1.default {
             id: 'id',
             identifiers: ['id', 'name'],
             stripUpdateFields: ['id'],
-            functions: {
-                update: async (params, payload) => this.client.userAttributeProfiles.update(params?.id, payload),
-            },
         });
     }
     async getType() {

package/lib/tools/utils.d.ts

@@ -6,6 +6,8 @@ export declare function keywordStringReplace(input: string, mappings: KeywordMap
 export declare function keywordReplace(input: string | undefined, mappings: KeywordMappings): string;
 export declare function wrapArrayReplaceMarkersInQuotes(body: string, mappings: KeywordMappings): string;
 export declare function convertClientNameToId(name: string, clients: Asset[]): string;
+export declare function convertActionNameToId(name: string, actions: Asset[]): string;
+export declare function convertActionIdToName(id: string, actions: Asset[]): string;
 export declare function convertClientNamesToIds(names: string[], clients: Asset[]): string[];
 export declare function loadFileAndReplaceKeywords(file: string, { mappings, disableKeywordReplacement, }: {
     mappings: KeywordMappings;
@@ -44,3 +46,12 @@ export declare function maskSecretAtPath({ resourceTypeName, maskedKeyName, mask
     maskOnObj: object;
     keyJsonPath: string;
 }): any;
+/**
+ * Determines whether third-party clients should be excluded based on configuration.
+ * Checks the AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS config value and returns true if it's
+ * set to boolean true or string 'true'.
+ *
+ * @param configFn - The configuration function to retrieve the config value.
+ * @returns True if third-party clients should be excluded, false otherwise.
+ */
+export declare const shouldExcludeThirdPartyClients: (configFn: (key: string) => any) => boolean;

package/lib/tools/utils.js

@@ -36,12 +36,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.isForbiddenFeatureError = exports.isDeprecatedError = exports.detectInsufficientScopeError = exports.stripObfuscatedFieldsFromPayload = exports.obfuscateSensitiveValues = exports.keywordReplaceStringRegExp = exports.keywordReplaceArrayRegExp = void 0;
+exports.shouldExcludeThirdPartyClients = exports.isForbiddenFeatureError = exports.isDeprecatedError = exports.detectInsufficientScopeError = exports.stripObfuscatedFieldsFromPayload = exports.obfuscateSensitiveValues = exports.keywordReplaceStringRegExp = exports.keywordReplaceArrayRegExp = void 0;
 exports.keywordArrayReplace = keywordArrayReplace;
 exports.keywordStringReplace = keywordStringReplace;
 exports.keywordReplace = keywordReplace;
 exports.wrapArrayReplaceMarkersInQuotes = wrapArrayReplaceMarkersInQuotes;
 exports.convertClientNameToId = convertClientNameToId;
+exports.convertActionNameToId = convertActionNameToId;
+exports.convertActionIdToName = convertActionIdToName;
 exports.convertClientNamesToIds = convertClientNamesToIds;
 exports.loadFileAndReplaceKeywords = loadFileAndReplaceKeywords;
 exports.flatten = flatten;
@@ -115,6 +117,14 @@ function convertClientNameToId(name, clients) {
     const found = clients.find((c) => c.name === name);
     return (found && found.client_id) || name;
 }
+function convertActionNameToId(name, actions) {
+    const found = actions.find((a) => a.name === name);
+    return (found && found.id) || name;
+}
+function convertActionIdToName(id, actions) {
+    const found = actions.find((a) => a.id === id);
+    return (found && found.name) || id;
+}
 function convertClientNamesToIds(names, clients) {
     const resolvedNames = names.map((name) => ({ name, resolved: false }));
     const result = clients.reduce((acc, client) => {
@@ -311,3 +321,16 @@ function maskSecretAtPath({ resourceTypeName, maskedKeyName, maskOnObj, keyJsonP
     }
     return maskOnObj;
 }
+/**
+ * Determines whether third-party clients should be excluded based on configuration.
+ * Checks the AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS config value and returns true if it's
+ * set to boolean true or string 'true'.
+ *
+ * @param configFn - The configuration function to retrieve the config value.
+ * @returns True if third-party clients should be excluded, false otherwise.
+ */
+const shouldExcludeThirdPartyClients = (configFn) => {
+    const value = configFn('AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS');
+    return value === 'true' || value === true;
+};
+exports.shouldExcludeThirdPartyClients = shouldExcludeThirdPartyClients;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auth0-deploy-cli",
-  "version": "8.25.0",
+  "version": "8.27.0",
   "description": "A command line tool for deploying updates to your Auth0 tenant",
   "main": "lib/index.js",
   "bin": {
@@ -33,27 +33,27 @@
   "homepage": "https://github.com/auth0/auth0-deploy-cli#readme",
   "dependencies": {
     "ajv": "^6.12.6",
-    "auth0": "^5.2.0",
+    "auth0": "^5.3.1",
     "dot-prop": "^5.3.0",
     "fs-extra": "^10.1.0",
     "js-yaml": "^4.1.1",
-    "lodash": "^4.17.21",
+    "lodash": "^4.17.23",
     "mkdirp": "^1.0.4",
     "nconf": "^0.13.0",
     "promise-pool-executor": "^1.1.1",
     "sanitize-filename": "^1.6.3",
-    "undici": "^7.18.0",
+    "undici": "^7.21.0",
     "winston": "^3.19.0",
     "yargs": "^15.4.1"
   },
   "devDependencies": {
     "@types/fs-extra": "^9.0.13",
-    "@types/lodash": "^4.17.21",
+    "@types/lodash": "^4.17.23",
     "@types/mocha": "^10.0.10",
     "@types/nconf": "^0.10.7",
     "@eslint/js": "^9.39.2",
-    "@typescript-eslint/eslint-plugin": "^8.52.0",
-    "@typescript-eslint/parser": "^8.52.0",
+    "@typescript-eslint/eslint-plugin": "^8.55.0",
+    "@typescript-eslint/parser": "^8.55.0",
     "chai": "^4.5.0",
     "chai-as-promised": "^7.1.2",
     "eslint": "^9.39.2",
@@ -72,7 +72,7 @@
     "rmdir-sync": "^1.0.1",
     "sinon": "^13.0.2",
     "sinon-chai": "^3.7.0",
-    "ts-mocha": "^10.1.0",
+    "ts-mocha": "^11.1.0",
     "typescript": "^5.9.3"
   },
   "engines": {