auth0 · asce1062 · Feb 2, 2024
@@ -60,6 +60,7 @@ Read-Only:
 - `community_base_url` (String)
 - `configuration` (Map of String)
 - `connection_settings` (List of Object) (see [below for nested schema](#nestedobjatt--options--connection_settings))
+- `custom_headers` (List of Map of String)
 - `custom_scripts` (Map of String)
 - `debug` (Boolean)
 - `decryption_key` (List of Object) (see [below for nested schema](#nestedobjatt--options--decryption_key))

@@ -672,6 +672,7 @@ Optional:
 - `community_base_url` (String) Salesforce community base URL.
 - `configuration` (Map of String, Sensitive) A case-sensitive map of key value pairs used as configuration variables for the `custom_script`.
 - `connection_settings` (Block List, Max: 1) Proof Key for Code Exchange (PKCE) configuration settings for an OIDC or Okta Workforce connection. (see [below for nested schema](#nestedblock--options--connection_settings))
+- `custom_headers` (List of Map of String) Configure extra headers to the Token endpoint of an OAuth 2.0 provider
 - `custom_scripts` (Map of String) A map of scripts used to integrate with a custom database.
 - `debug` (Boolean) When enabled, additional debug information will be generated.
 - `decryption_key` (Block List, Max: 1) The key used to decrypt encrypted responses from the connection. Uses the `key` and `cert` properties to provide the private key and certificate respectively. (see [below for nested schema](#nestedblock--options--decryption_key))

@@ -373,6 +373,19 @@
 		Scripts:            value.MapOfStrings(config.GetAttr("scripts")),
 	}
 
+	customHeadersConfig := config.GetAttr("custom_headers")
+
+	if !customHeadersConfig.IsNull() {
+		customHeaders := make([]map[string]string, 0)
+
+		customHeadersConfig.ForEachElement(func(_ cty.Value, httpHeader cty.Value) (stop bool) {
+			customHeaders = append(customHeaders, *value.MapOfStrings(httpHeader))
+			return stop
+		})
+
+		options.CustomHeaders = &customHeaders
+	}
+
 	expandConnectionOptionsScopes(data, options)
 
 	var err error

@@ -327,6 +327,7 @@
 		"icon_url":                 options.GetLogoURL(),
 		"pkce_enabled":             options.GetPKCEEnabled(),
 		"upstream_params":          upstreamParams,
+		"custom_headers":           options.CustomHeaders,
 	}
 
 	return optionsMap, nil

@@ -930,6 +930,7 @@ func TestAccConnectionOAuth2(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_connection.oauth2", "options.0.icon_url", ""),
 					resource.TestCheckResourceAttr("auth0_connection.oauth2", "options.0.pkce_enabled", "true"),
 					resource.TestCheckResourceAttr("auth0_connection.oauth2", "options.0.upstream_params", "{\"screen_name\":{\"alias\":\"login_hint\"}}"),
+					resource.TestCheckResourceAttr("auth0_connection.oauth2", "options.0.custom_headers.#", "0"),
 				),
 			},
 			{
@@ -947,6 +948,11 @@ func TestAccConnectionOAuth2(t *testing.T) {
 					resource.TestCheckResourceAttr("auth0_connection.oauth2", "options.0.icon_url", "https://cdn.paypal.com/assets/logo.png"),
 					resource.TestCheckResourceAttr("auth0_connection.oauth2", "options.0.pkce_enabled", "false"),
 					resource.TestCheckResourceAttr("auth0_connection.oauth2", "options.0.upstream_params", ""),
+					resource.TestCheckResourceAttr("auth0_connection.oauth2", "options.0.custom_headers.#", "2"),
+					resource.TestCheckResourceAttr("auth0_connection.oauth2", "options.0.custom_headers.0.header", "foo"),
+					resource.TestCheckResourceAttr("auth0_connection.oauth2", "options.0.custom_headers.0.value", "bar"),
+					resource.TestCheckResourceAttr("auth0_connection.oauth2", "options.0.custom_headers.1.header", "bar"),
+					resource.TestCheckResourceAttr("auth0_connection.oauth2", "options.0.custom_headers.1.value", "foo"),
 				),
 			},
 		},
@@ -974,6 +980,7 @@ resource "auth0_connection" "oauth2" {
 				"alias": "login_hint"
 			}
 		})
+		custom_headers = []
 	}
 }
 `
@@ -995,6 +1002,16 @@ resource "auth0_connection" "oauth2" {
 			fetchUserProfile= "function( { return callback(null) }"
 		}
 		pkce_enabled = false
+		custom_headers = [
+			{
+				header = "foo"
+				value  = "bar"
+			},
+	{
+				header = "bar"
+				value  = "foo"
+			}
+		]
 	}
 }
 `

@@ -276,6 +276,18 @@ var optionsSchema = &schema.Schema{
 				Sensitive:   true,
 				Description: "The strategy's client secret.",
 			},
+			"custom_headers": {
+				Type: schema.TypeList,
+				Elem: &schema.Schema{
+					Type: schema.TypeMap,
+					Elem: &schema.Schema{
+						Type: schema.TypeString,
+					},
+				},
+				Optional:    true,
+				Default:     nil,
+				Description: "Configure extra headers to the Token endpoint of an OAuth 2.0 provider",
+			},
 			"allowed_audiences": {
 				Type:        schema.TypeSet,
 				Computed:    true,