change noise with cross_origin_auth

[DavidS-ovm]

Checklist

• [X] I have looked into the README and have not found a suitable solution or answer.
• [X] I have looked into the documentation and have not found a suitable solution or answer.
• [X] I have searched the issues and have not found a suitable solution or answer.
• [X] I have upgraded to the latest version of this provider and the issue still persists.
• [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [X] I agree to the terms within the Auth0 Code of Conduct.

Description

Since a few days I'm getting the following changes for every auth0_client on every run:

  # auth0_client.efg will be updated in-place
  ~ resource "auth0_client" "efg" {
      - cross_origin_auth                     = true -> null
        id                                    = "abcd"
        name                                  = "efg"
        # (28 unchanged attributes hidden)

        # (3 unchanged blocks hidden)
    }

This is causing severe issues as terraform propagates the (presumed, but not actually) updated client values into the rest of our infrastructure.

Expectation

No changes when nothing changes.

Reproduction

Run terraform with this resource:

resource "auth0_client" "efg" {
  name        = "efg"
  description = "Client used by efg"
  app_type    = "non_interactive"
}

Auth0 Terraform Provider version

1.6.0

Terraform version

1.9.5

[jordanjennings]

We're also very recently experiencing this same issue and we're on Auth0 provider v1.0.0

[hoppalotta]

Same issue here. I have posted in the auth0 community about this as well.

Seems like this may have changed in the auth0 api without notice. The change described in the community thread does seem related, but the given change date of October 24, 2024 is about a month from today so that's odd.

[dan-cbm]

Also experiencing this, I can run terraform apply 5 times and the plan is the same each time :cry:

[kayleabox]

It seems that setting crossOriginAuth to true in cdktf is clearing up this diff for me.

[dan-cbm]

@kayleabox yes me as well in terraform I explicitly set cross_origin_auth = true on my auth0_client resource and it fixed the problem after a single terraform apply

my current version is:

provider "registry.terraform.io/auth0/auth0" {
  version     = "1.6.1"

[hoppalotta]

A post in the auth0 community forum indicates this is not a bug in the provider, but a change to a default in the auth0 api:

If a application/client did not have cross_origin_authenication defined, a default value has been specified to match the value that you see in the Admin Dashboard. Previously this attribute (cross_origin_authentication) was not stored and exposed on the client object.

That post also notes:

we will be removing cross_origin_auth to make this less confusing

If I'm reading this correctly, this may impact the cross_origin_auth argument on the auth0_client resource. Is there any specific guidance on how this will impact the provider or how we can prepare when this deprecation takes place on October 25, 2024?

[leontastic]

Based on the docs, it looks like cross_origin_auth existed in many prior versions of this provider. I had this config specified for over 2 years and it was explicitly set to false. I remember noticing drift in the Terraform state when turning on cross origin authentication for one of my clients in December 2023 to see if embedded login still works (spoiler: it doesn't).

Now Terraform is reporting drift on every single client in my config:

      ~ cross_origin_auth                   = true -> false

I confirmed the option is turned on for all of these clients in the Dashboard as well. I am quite certain they were previously turned off.

Could someone from Auth0 confirm if there was an incident here that caused cross origin authentication to be turned on for all clients?

[DavidS-ovm]

Hey folks, my account manager has advised me to contact Auth0 support to get this ticket prioritized with engineering. The current status is

I am just reaching out to update you that the internal ticket is still in progress.

I will return as soon as any updates occur.

from nine days ago on a ticket I opened three weeks ago. It might be useful if any customer on this ticket also contacted support pointing out that there is already an engineering ticket for this, and to add your weight (i.e. revenue) to that.

Thanks for listening.

[Inlustra]

Will also be reaching out and creating a ticket to get this sped up - so many useless changes appearing in our large monorepo tf