Add user_id_attribute support to AzureAD connection options (#1028)

Add user_id_attribute to AzureAD connection options

docs/resources/connection.md

@@ -315,13 +315,14 @@ resource "auth0_connection" "azure_ad" {
   strategy       = "waad"
   show_as_button = true
   options {
-    identity_api     = "azure-active-directory-v1.0"
-    client_id        = "123456"
-    client_secret    = "123456"
-    strategy_version = 2
-    app_id           = "app-id-123"
-    tenant_domain    = "example.onmicrosoft.com"
-    domain           = "example.onmicrosoft.com"
+    identity_api      = "azure-active-directory-v1.0"
+    client_id         = "123456"
+    client_secret     = "123456"
+    strategy_version  = 2
+    user_id_attribute = "userName"
+    app_id            = "app-id-123"
+    tenant_domain     = "example.onmicrosoft.com"
+    domain            = "example.onmicrosoft.com"
     domain_aliases = [
       "example.com",
       "api.example.com"
@@ -751,7 +752,7 @@ Optional:
 - `use_cert_auth` (Boolean) Indicates whether to use cert auth or not.
 - `use_kerberos` (Boolean) Indicates whether to use Kerberos or not.
 - `use_wsfed` (Boolean) Whether to use WS-Fed.
-- `user_id_attribute` (String) Attribute in the SAML token that will be mapped to the user_id property in Auth0.
+- `user_id_attribute` (String) Attribute in the token that will be mapped to the user_id property in Auth0.
 - `userinfo_endpoint` (String) User info endpoint.
 - `validation` (Block List, Max: 1) Validation of the minimum and maximum values allowed for a user to have as username. (see [below for nested schema](#nestedblock--options--validation))
 - `waad_common_endpoint` (Boolean) Indicates whether to use the common endpoint rather than the default endpoint. Typically enabled if you're using this for a multi-tenant application in Azure AD.

examples/resources/auth0_connection/resource_with_azure_ad.tf

@@ -3,13 +3,14 @@ resource "auth0_connection" "azure_ad" {
   strategy       = "waad"
   show_as_button = true
   options {
-    identity_api     = "azure-active-directory-v1.0"
-    client_id        = "123456"
-    client_secret    = "123456"
-    strategy_version = 2
-    app_id           = "app-id-123"
-    tenant_domain    = "example.onmicrosoft.com"
-    domain           = "example.onmicrosoft.com"
+    identity_api      = "azure-active-directory-v1.0"
+    client_id         = "123456"
+    client_secret     = "123456"
+    strategy_version  = 2
+    user_id_attribute = "userName"
+    app_id            = "app-id-123"
+    tenant_domain     = "example.onmicrosoft.com"
+    domain            = "example.onmicrosoft.com"
     domain_aliases = [
       "example.com",
       "api.example.com"

go.mod

@@ -4,7 +4,7 @@ go 1.22
 
 require (
 	github.com/PuerkitoBio/rehttp v1.4.0
-	github.com/auth0/go-auth0 v1.10.1-0.20240919142940-86c7e2f07e06
+	github.com/auth0/go-auth0 v1.10.1-0.20240920131149-720c3a081e03
 	github.com/google/go-cmp v0.6.0
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/go-multierror v1.1.1

go.sum

@@ -24,8 +24,8 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew
 github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
 github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI=
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/auth0/go-auth0 v1.10.1-0.20240919142940-86c7e2f07e06 h1:KhdyIAvazLFhgG1xHDNY8YdWK5C8s6TU4izA3DPhfoI=
-github.com/auth0/go-auth0 v1.10.1-0.20240919142940-86c7e2f07e06/go.mod h1:VyYseHsdB4s9jmfBqoxnzJTvZr0w17ZJ5kjNdA+ag9Y=
+github.com/auth0/go-auth0 v1.10.1-0.20240920131149-720c3a081e03 h1:U6WVosTYUQ+fafwlT5qPX2j2JpsB2cpXUdvKqUXbyho=
+github.com/auth0/go-auth0 v1.10.1-0.20240920131149-720c3a081e03/go.mod h1:VyYseHsdB4s9jmfBqoxnzJTvZr0w17ZJ5kjNdA+ag9Y=
 github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0 h1:0NmehRCgyk5rljDQLKUO+cRJCnduDyn11+zGZIc9Z48=
 github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0/go.mod h1:6L7zgvqo0idzI7IO8de6ZC051AfXb5ipkIJ7bIA2tGA=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=

internal/auth0/connection/expand.go

@@ -725,6 +725,7 @@ func expandConnectionOptionsAzureAD(data *schema.ResourceData, config cty.Value)
 		NonPersistentAttrs:  value.Strings(config.GetAttr("non_persistent_attrs")),
 		TrustEmailVerified:  value.String(config.GetAttr("should_trust_email_verified_connection")),
 		StrategyVersion:     value.Int(config.GetAttr("strategy_version")),
+		UserIDAttribute:     value.String(config.GetAttr("user_id_attribute")),
 	}
 
 	options.SetUserAttributes = value.String(config.GetAttr("set_user_root_attributes"))

internal/auth0/connection/flatten.go

@@ -859,6 +859,7 @@ func flattenConnectionOptionsAzureAD(
 		"should_trust_email_verified_connection": options.GetTrustEmailVerified(),
 		"set_user_root_attributes":               options.GetSetUserAttributes(),
 		"strategy_version":                       options.GetStrategyVersion(),
+		"user_id_attribute":                      options.GetUserIDAttribute(),
 		"upstream_params":                        upstreamParams,
 	}
 

internal/auth0/connection/resource_test.go

@@ -592,6 +592,7 @@ func TestAccConnectionAzureAD(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.client_id", "123456"),
 					resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.client_secret", "123456"),
 					resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.strategy_version", "2"),
+					resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.user_id_attribute", "userName"),
 					resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.tenant_domain", "example.onmicrosoft.com"),
 					resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.domain", "example.onmicrosoft.com"),
 					resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.domain_aliases.#", "2"),
@@ -615,6 +616,7 @@ func TestAccConnectionAzureAD(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.identity_api", "azure-active-directory-v1.0"),
 					resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.client_id", "123456"),
 					resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.client_secret", "123456"),
+					resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.user_id_attribute", "email"),
 					resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.tenant_domain", "example.onmicrosoft.com"),
 					resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.domain", "example.onmicrosoft.com"),
 					resource.TestCheckResourceAttr("auth0_connection.azure_ad", "options.0.domain_aliases.#", "2"),
@@ -652,6 +654,7 @@ resource "auth0_connection" "azure_ad" {
 		use_wsfed            = false
 		waad_protocol        = "openid-connect"
 		waad_common_endpoint = false
+		user_id_attribute    = "userName"
 		api_enable_users     = true
 		scopes               = [
 			"basic_profile",
@@ -687,6 +690,7 @@ resource "auth0_connection" "azure_ad" {
 		use_wsfed            = false
 		waad_protocol        = "openid-connect"
 		waad_common_endpoint = false
+		user_id_attribute    = "email"
 		api_enable_users     = true
 		scopes               = [
 			"basic_profile",

internal/auth0/connection/schema.go

@@ -689,7 +689,7 @@ var optionsSchema = &schema.Schema{
 			"user_id_attribute": {
 				Type:        schema.TypeString,
 				Optional:    true,
-				Description: "Attribute in the SAML token that will be mapped to the user_id property in Auth0.",
+				Description: "Attribute in the token that will be mapped to the user_id property in Auth0.",
 			},
 			"idp_initiated": {
 				Type:     schema.TypeList,