Support OIDC for Provider connection #522
Comments
|
Hey @fproulx-boostsecurity 👋🏻 Thanks for raising this with us, it's a great suggestion! 🥳 Additionally we could expand further and include even more ways of authenticating, even leveraging the Auth0 CLI. To set some realistic expectations, at the moment our biggest focus is to get this provider to a stable v1. So tackling something like additional authentication options will most likely come afterwards. We'll keep you updated and leave the issue open until then. |
|
Just throwing this out there from the Okta workforce identity side of the house. We are currently working with Hashicorp to implement |
I appreciate the effort you're going to, to accomplish that however, I'd imagine the vast majority of us don't want to sign up with Hashicorps Terraform Cloud. Especially inline with existing CI/CD tools that we're all invested in and in lieu of corporate requirements/procurement getting in the way. Is there any chance of having a OIDC connection without the bells and whistles as a first step? |
Checklist
Describe the problem you'd like to have solved
Similar to how AWS, GCP, Azure terraform providers support OIDC to authenticate from GitHub Actions for instance (https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services) it would be really nice for Auth0 provider to do that too.
That would allow to remove any long term secrets to connect to Auth0 provider and make IaC more secure.
Describe the ideal solution
Provider not only support OAuth client secret, but a mechanism to get ephemeral access based on OIDC claims trusting GitHub Actions
Alternatives and current workarounds
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: