auth0-deploy-cli 8.28.0 → 8.29.0

package/.circleci/config.yml

@@ -10,7 +10,7 @@ jobs:
     working_directory: ~/repo
     steps:
       - checkout
-      - run: npm ci
+      - run: npm i
       - run: AUTH0_HTTP_RECORDINGS="lockdown" npm run test:e2e:node-module
 
   e2e_test_as_cli:
@@ -19,7 +19,7 @@ jobs:
     working_directory: ~/repo
     steps:
       - checkout
-      - run: npm ci
+      - run: npm i
       - run: npm run test:e2e:cli
 
   unit_test:
@@ -34,11 +34,11 @@ jobs:
       - checkout
       - restore_cache:
           keys:
-            - v<< parameters.v >>-npm-deps-{{ checksum "package-lock.json" }}
+            - v<< parameters.v >>-npm-deps-{{ checksum "package.json" }}
             - v<< parameters.v >>-npm-deps-
-      - run: npm ci
+      - run: npm i
       - save_cache:
-          key: v<< parameters.v >>-npm-deps-{{ checksum "package-lock.json" }}
+          key: v<< parameters.v >>-npm-deps-{{ checksum "package.json" }}
           paths:
             - node_modules
       - run: npm run lint
@@ -90,7 +90,7 @@ jobs:
     working_directory: ~/repo
     steps:
       - checkout
-      - run: npm ci
+      - run: npm i
       - run: npx tsc --noEmit
 
   does_lint_pass:
@@ -99,7 +99,7 @@ jobs:
     working_directory: ~/repo
     steps:
       - checkout
-      - run: npm ci
+      - run: npm i
       - run: npm run lint
 
 workflows:

package/CHANGELOG.md

@@ -7,6 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [8.29.0] - 2026-03-03
+
+### Added
+
+- Add DPoP support for proof-of-possession mechanism in `resourceServers` (GA) [#1311]
+- Add `supplemental signals` configuration for Akamai integration.(EA) [#1310]
+
 ## [8.28.0] - 2026-02-20
 
 ### Added
@@ -1660,7 +1667,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [#1297]: https://github.com/auth0/auth0-deploy-cli/issues/1297
 [#1298]: https://github.com/auth0/auth0-deploy-cli/issues/1298
 [#1302]: https://github.com/auth0/auth0-deploy-cli/issues/1302
-[Unreleased]: https://github.com/auth0/auth0-deploy-cli/compare/v8.28.0...HEAD
+[#1310]: https://github.com/auth0/auth0-deploy-cli/issues/1310
+[#1311]: https://github.com/auth0/auth0-deploy-cli/issues/1311
+[Unreleased]: https://github.com/auth0/auth0-deploy-cli/compare/v8.29.0...HEAD
+[8.29.0]: https://github.com/auth0/auth0-deploy-cli/compare/v8.28.0...v8.29.0
 [8.28.0]: https://github.com/auth0/auth0-deploy-cli/compare/v8.27.0...v8.28.0
 [8.27.0]: https://github.com/auth0/auth0-deploy-cli/compare/v8.26.0...v8.27.0
 [8.26.0]: https://github.com/auth0/auth0-deploy-cli/compare/v8.25.0...v8.26.0

package/CONTRIBUTING.md

@@ -27,7 +27,7 @@ Thank you for your interest in contributing! This guide will help you get starte
 
 ```bash
 # Install dependencies
-npm ci
+npm i
 ```
 
 ## Development Workflow

package/lib/context/directory/handlers/index.js

@@ -42,6 +42,7 @@ const networkACLs_1 = __importDefault(require("./networkACLs"));
 const userAttributeProfiles_1 = __importDefault(require("./userAttributeProfiles"));
 const connectionProfiles_1 = __importDefault(require("./connectionProfiles"));
 const tokenExchangeProfiles_1 = __importDefault(require("./tokenExchangeProfiles"));
+const supplementalSignals_1 = __importDefault(require("./supplementalSignals"));
 const selfServiceProfiles_1 = __importDefault(require("./selfServiceProfiles"));
 const directoryHandlers = {
     rules: rules_1.default,
@@ -84,5 +85,6 @@ const directoryHandlers = {
     userAttributeProfiles: userAttributeProfiles_1.default,
     connectionProfiles: connectionProfiles_1.default,
     tokenExchangeProfiles: tokenExchangeProfiles_1.default,
+    supplementalSignals: supplementalSignals_1.default,
 };
 exports.default = directoryHandlers;

package/lib/context/directory/handlers/supplementalSignals.d.ts

@@ -0,0 +1,6 @@
+import { DirectoryHandler } from '.';
+import { ParsedAsset } from '../../../types';
+import { SupplementalSignals } from '../../../tools/auth0/handlers/supplementalSignals';
+type ParsedSupplementalSignals = ParsedAsset<'supplementalSignals', SupplementalSignals>;
+declare const _default: DirectoryHandler<ParsedSupplementalSignals>;
+export default _default;

package/lib/context/directory/handlers/supplementalSignals.js

@@ -0,0 +1,34 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const path_1 = __importDefault(require("path"));
+const utils_1 = require("../../../utils");
+function parse(context) {
+    const baseFolder = path_1.default.join(context.filePath);
+    if (!(0, utils_1.existsMustBeDir)(baseFolder))
+        return { supplementalSignals: null }; // Skip
+    const supplementalSignalsFile = path_1.default.join(baseFolder, 'supplemental-signals.json');
+    if (!(0, utils_1.isFile)(supplementalSignalsFile)) {
+        return { supplementalSignals: null };
+    }
+    const supplementalSignals = (0, utils_1.loadJSON)(supplementalSignalsFile, {
+        mappings: context.mappings,
+        disableKeywordReplacement: context.disableKeywordReplacement,
+    });
+    return {
+        supplementalSignals,
+    };
+}
+async function dump(context) {
+    const { supplementalSignals } = context.assets;
+    if (!supplementalSignals)
+        return; // Skip, nothing to dump
+    const supplementalSignalsFile = path_1.default.join(context.filePath, 'supplemental-signals.json');
+    (0, utils_1.dumpJSON)(supplementalSignalsFile, supplementalSignals);
+}
+exports.default = {
+    parse,
+    dump,
+};

package/lib/context/yaml/handlers/index.js

@@ -42,6 +42,7 @@ const networkACLs_1 = __importDefault(require("./networkACLs"));
 const userAttributeProfiles_1 = __importDefault(require("./userAttributeProfiles"));
 const connectionProfiles_1 = __importDefault(require("./connectionProfiles"));
 const tokenExchangeProfiles_1 = __importDefault(require("./tokenExchangeProfiles"));
+const supplementalSignals_1 = __importDefault(require("./supplementalSignals"));
 const selfServiceProfiles_1 = __importDefault(require("./selfServiceProfiles"));
 const yamlHandlers = {
     rules: rules_1.default,
@@ -84,5 +85,6 @@ const yamlHandlers = {
     userAttributeProfiles: userAttributeProfiles_1.default,
     connectionProfiles: connectionProfiles_1.default,
     tokenExchangeProfiles: tokenExchangeProfiles_1.default,
+    supplementalSignals: supplementalSignals_1.default,
 };
 exports.default = yamlHandlers;

package/lib/context/yaml/handlers/supplementalSignals.d.ts

@@ -0,0 +1,6 @@
+import { YAMLHandler } from '.';
+import { ParsedAsset } from '../../../types';
+import { SupplementalSignals } from '../../../tools/auth0/handlers/supplementalSignals';
+type ParsedSupplementalSignals = ParsedAsset<'supplementalSignals', SupplementalSignals>;
+declare const supplementalSignalsHandler: YAMLHandler<ParsedSupplementalSignals>;
+export default supplementalSignalsHandler;

package/lib/context/yaml/handlers/supplementalSignals.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+async function parseAndDump(context) {
+    const { supplementalSignals } = context.assets;
+    if (!supplementalSignals)
+        return { supplementalSignals: null };
+    return {
+        supplementalSignals,
+    };
+}
+const supplementalSignalsHandler = {
+    parse: parseAndDump,
+    dump: parseAndDump,
+};
+exports.default = supplementalSignalsHandler;

package/lib/tools/auth0/handlers/index.js

@@ -73,6 +73,7 @@ const networkACLs = __importStar(require("./networkACLs"));
 const userAttributeProfiles = __importStar(require("./userAttributeProfiles"));
 const connectionProfiles = __importStar(require("./connectionProfiles"));
 const tokenExchangeProfiles = __importStar(require("./tokenExchangeProfiles"));
+const supplementalSignals = __importStar(require("./supplementalSignals"));
 const auth0ApiHandlers = {
     rules,
     rulesConfigs,
@@ -115,5 +116,6 @@ const auth0ApiHandlers = {
     userAttributeProfiles,
     connectionProfiles,
     tokenExchangeProfiles,
+    supplementalSignals,
 };
 exports.default = auth0ApiHandlers; // TODO: apply stronger types to schema properties

package/lib/tools/auth0/handlers/resourceServers.d.ts

@@ -49,6 +49,10 @@ export declare const schema: {
                     required: {
                         type: string;
                     };
+                    required_for: {
+                        type: string;
+                        enum: ("public_clients" | "confidential_clients" | "all_clients")[];
+                    };
                 };
                 required: string[];
             };

package/lib/tools/auth0/handlers/resourceServers.js

@@ -41,6 +41,10 @@ exports.schema = {
                         enum: Object.values(auth0_1.Management.ResourceServerProofOfPossessionMechanismEnum),
                     },
                     required: { type: 'boolean' },
+                    required_for: {
+                        type: 'string',
+                        enum: Object.values(auth0_1.Management.ResourceServerProofOfPossessionRequiredForEnum),
+                    },
                 },
                 required: ['mechanism', 'required'],
             },

package/lib/tools/auth0/handlers/supplementalSignals.d.ts

@@ -0,0 +1,19 @@
+import { Management } from 'auth0';
+import DefaultHandler from './default';
+import { Asset, Assets } from '../../../types';
+export declare const schema: {
+    type: string;
+    properties: {
+        akamai_enabled: {
+            type: string;
+            description: string;
+        };
+    };
+};
+export type SupplementalSignals = Management.GetSupplementalSignalsResponseContent;
+export default class SupplementalSignalsHandler extends DefaultHandler {
+    existing: SupplementalSignals | null;
+    constructor(options: DefaultHandler);
+    getType(): Promise<Asset | null>;
+    processChanges(assets: Assets): Promise<void>;
+}

package/lib/tools/auth0/handlers/supplementalSignals.js

@@ -0,0 +1,102 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.schema = void 0;
+const auth0_1 = require("auth0");
+const default_1 = __importStar(require("./default"));
+const logger_1 = __importDefault(require("../../../logger"));
+exports.schema = {
+    type: 'object',
+    properties: {
+        akamai_enabled: {
+            type: 'boolean',
+            description: 'Enable Akamai supplemental signals integration',
+        },
+    },
+};
+class SupplementalSignalsHandler extends default_1.default {
+    constructor(options) {
+        super({
+            ...options,
+            type: 'supplementalSignals',
+        });
+    }
+    async getType() {
+        try {
+            const supplementalSignals = await this.client.supplementalSignals.get();
+            this.existing = supplementalSignals;
+            return supplementalSignals;
+        }
+        catch (err) {
+            if (err instanceof auth0_1.ManagementError && err.statusCode === 403) {
+                logger_1.default.debug('Supplemental Signals unavailable: insufficient scope or missing attack_protection entitlement.');
+                return null;
+            }
+            throw err;
+        }
+    }
+    async processChanges(assets) {
+        const { supplementalSignals } = assets;
+        if (!supplementalSignals)
+            return;
+        if (Object.keys(supplementalSignals).length > 0) {
+            try {
+                await this.client.supplementalSignals.patch(supplementalSignals);
+                this.updated += 1;
+                this.didUpdate(supplementalSignals);
+            }
+            catch (err) {
+                if (err instanceof auth0_1.ManagementError && err.statusCode === 403) {
+                    logger_1.default.debug('Supplemental Signals unavailable: insufficient scope or missing attack_protection entitlement.');
+                    return;
+                }
+                throw err;
+            }
+        }
+    }
+}
+exports.default = SupplementalSignalsHandler;
+__decorate([
+    (0, default_1.order)('100')
+], SupplementalSignalsHandler.prototype, "processChanges", null);

package/lib/tools/constants.d.ts

@@ -89,5 +89,6 @@ declare const constants: {
     USER_ATTRIBUTE_PROFILES_DIRECTORY: string;
     CONNECTION_PROFILES_DIRECTORY: string;
     TOKEN_EXCHANGE_PROFILES_DIRECTORY: string;
+    SUPPLEMENTAL_SIGNALS_DIRECTORY: string;
 };
 export default constants;

package/lib/tools/constants.js

@@ -217,5 +217,6 @@ const constants = {
     USER_ATTRIBUTE_PROFILES_DIRECTORY: 'user-attribute-profiles',
     CONNECTION_PROFILES_DIRECTORY: 'connection-profiles',
     TOKEN_EXCHANGE_PROFILES_DIRECTORY: 'token-exchange-profiles',
+    SUPPLEMENTAL_SIGNALS_DIRECTORY: 'supplemental-signals',
 };
 exports.default = constants;

package/lib/types.d.ts

@@ -20,6 +20,7 @@ import { UserAttributeProfile } from './tools/auth0/handlers/userAttributeProfil
 import { AttackProtection } from './tools/auth0/handlers/attackProtection';
 import { TokenExchangeProfile } from './tools/auth0/handlers/tokenExchangeProfiles';
 import { RiskAssessment } from './tools/auth0/handlers/riskAssessment';
+import { SupplementalSignals } from './tools/auth0/handlers/supplementalSignals';
 type SharedPaginationParams = {
     checkpoint?: boolean;
     paginate?: boolean;
@@ -131,6 +132,7 @@ export type Assets = Partial<{
     rulesConfigs: Asset[] | null;
     tenant: Tenant | null;
     triggers: Asset[] | null;
+    supplementalSignals: SupplementalSignals | null;
     exclude?: {
         [key: string]: string[];
     };
@@ -155,7 +157,7 @@ export type CalculatedChanges = {
     conflicts: Asset[];
     create: Asset[];
 };
-export type AssetTypes = 'rules' | 'rulesConfigs' | 'hooks' | 'pages' | 'databases' | 'clientGrants' | 'resourceServers' | 'clients' | 'connections' | 'tenant' | 'emailProvider' | 'emailTemplates' | 'guardianFactors' | 'guardianFactorProviders' | 'guardianFactorTemplates' | 'guardianPhoneFactorMessageTypes' | 'guardianPhoneFactorSelectedProvider' | 'guardianPolicies' | 'roles' | 'actions' | 'actionModules' | 'organizations' | 'triggers' | 'attackProtection' | 'riskAssessment' | 'branding' | 'phoneProviders' | 'phoneTemplates' | 'logStreams' | 'prompts' | 'customDomains' | 'themes' | 'forms' | 'flows' | 'flowVaultConnections' | 'selfServiceProfiles' | 'networkACLs' | 'userAttributeProfiles' | 'connectionProfiles' | 'tokenExchangeProfiles';
+export type AssetTypes = 'rules' | 'rulesConfigs' | 'hooks' | 'pages' | 'databases' | 'clientGrants' | 'resourceServers' | 'clients' | 'connections' | 'tenant' | 'emailProvider' | 'emailTemplates' | 'guardianFactors' | 'guardianFactorProviders' | 'guardianFactorTemplates' | 'guardianPhoneFactorMessageTypes' | 'guardianPhoneFactorSelectedProvider' | 'guardianPolicies' | 'roles' | 'actions' | 'actionModules' | 'organizations' | 'triggers' | 'attackProtection' | 'riskAssessment' | 'branding' | 'phoneProviders' | 'phoneTemplates' | 'logStreams' | 'prompts' | 'customDomains' | 'themes' | 'forms' | 'flows' | 'flowVaultConnections' | 'selfServiceProfiles' | 'networkACLs' | 'userAttributeProfiles' | 'connectionProfiles' | 'tokenExchangeProfiles' | 'supplementalSignals';
 export type KeywordMappings = {
     [key: string]: (string | number)[] | string | number;
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "auth0-deploy-cli",
-  "version": "8.28.0",
+  "version": "8.29.0",
   "description": "A command line tool for deploying updates to your Auth0 tenant",
   "main": "lib/index.js",
   "bin": {