Skip to content

feat: Exclude Third-Party Clients via AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS config property #1212

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

feat: Exclude Third-Party Clients via AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS config property #1212

wants to merge 4 commits into from

Conversation

@mgyarmathy
Copy link

@mgyarmathy mgyarmathy commented Nov 19, 2025

🔧 Changes

When Dynamic Client Registration (DCR) is enabled on a tenant, it can often have an innumerable amount of third-party clients that don't need to be directly managed through a tool like auth0-deploy-cli.

This PR adds a new AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS config property that enables the CLI to filter out third-party clients using the Client API's is_first_party request parameter.

🔬 Testing

I've added a simple unit test and confirmed this works as expected on my own tenant (which includes third-party clients created via DCR), but would welcome the assistance of this project's maintainers to add E2E test recordings from the deploy-cli-dev or auth0-deploy-cli-e2e tenant to further validate this new feature.

📝 Checklist

  • All new/changed/fixed functionality is covered by tests (or N/A)
  • I have added documentation for all new/changed functionality (or N/A)

@mgyarmathy mgyarmathy requested a review from a team as a code owner November 19, 2025 17:50
@kushalshit27
Copy link
Contributor

kushalshit27 commented Nov 20, 2025

Thank you for submitting this PR! Your contribution is greatly appreciated. We'll review it shortly

@kushalshit27
Copy link
Contributor

kushalshit27 commented Nov 24, 2025

Hi, @mgyarmathy

Really appreciate your idea. 👍

The primary use of Deploy CLI is for "Infrastructure as Code." The source of truth is a static local file (YAML/JSON).

Since the dynamic nature of DCR clients, it would be better to use the opposite approach, AUTH0_INCLUDE_THIRD_PARTY_CLIENTS is false (default).

Thanks again, Great work on this PR! Thanks for taking the time to contribute. Let me know if you have any questions. Looking forward to your updates!

@mgyarmathy
Copy link
Author

mgyarmathy commented Nov 24, 2025

Hi, @mgyarmathy

Really appreciate your idea. 👍

The primary use of Deploy CLI is for "Infrastructure as Code." The source of truth is a static local file (YAML/JSON).

Since the dynamic nature of DCR clients, it would be better to use the opposite approach, AUTH0_INCLUDE_THIRD_PARTY_CLIENTS is false (default).

Thanks again, Great work on this PR! Thanks for taking the time to contribute. Let me know if you have any questions. Looking forward to your updates!

If we implement the opposite behavior, we'd be introducing a breaking change, since currently third-party clients are included by default. Is this the direction you'd like to take this?

@kushalshit27
Copy link
Contributor

kushalshit27 commented Nov 25, 2025

Agree, this is a good candidate for v9.X.X. For v8 AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS looks safe to me also.

kushalshit27
kushalshit27 reviewed Nov 25, 2025
View reviewed changes
kushalshit27
kushalshit27 reviewed Dec 2, 2025
View reviewed changes
@kushalshit27
Copy link
Contributor

kushalshit27 commented Dec 2, 2025
edited
Loading

Hi, @mgyarmathy,
The proposed changes look great.

I’ll take care of the failing CI check [ci/circleci: E2E tests as Node module]

kushalshit27
kushalshit27 previously approved these changes Dec 2, 2025
View reviewed changes
tanya732
tanya732 previously approved these changes Dec 2, 2025
View reviewed changes
@kushalshit27
Copy link
Contributor

kushalshit27 commented Dec 2, 2025

Hi, @mgyarmathy,
To merge the PR, all commits need to be signed. seems one of your commits is not signed. Can you please update that?

@kushalshit27 kushalshit27 self-requested a review December 2, 2025 12:51
@mgyarmathy mgyarmathy force-pushed the exclude-third-party-clients branch from 468df88 to a24f6a9 Compare December 2, 2025 16:28
@mgyarmathy mgyarmathy dismissed stale reviews from kushalshit27 and tanya732 via ba50fbe December 2, 2025 16:42
@mgyarmathy mgyarmathy force-pushed the exclude-third-party-clients branch 5 times, most recently from 4191f94 to c565e20 Compare December 2, 2025 21:28
@mgyarmathy mgyarmathy force-pushed the exclude-third-party-clients branch from c565e20 to 2fda27b Compare December 2, 2025 21:34
@mgyarmathy
Copy link
Author

mgyarmathy commented Dec 2, 2025

Hi, @mgyarmathy, To merge the PR, all commits need to be signed. seems one of your commits is not signed. Can you please update that?

@kushalshit27 apologies -- I've signed all of the commits. Can you re-add the new e2e recordings before merging?

@kushalshit27
Copy link
Contributor

kushalshit27 commented Dec 3, 2025

Sure 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kushalshit27 kushalshit27 kushalshit27 approved these changes

@tanya732 tanya732 tanya732 left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mgyarmathy @kushalshit27 @tanya732