Prerequisites
Ensure you have initialized a management client:import (
"context"
"github.com/auth0/go-auth0/v2/management"
"github.com/auth0/go-auth0/v2/management/client"
"github.com/auth0/go-auth0/v2/management/option"
)
mgmt, err := client.New(
"your-tenant.auth0.com",
option.WithClientCredentials(
context.Background(),
"YOUR_CLIENT_ID",
"YOUR_CLIENT_SECRET",
),
)
Connection Types
Auth0 supports various connection strategies:- auth0 - Auth0 database connections
- google-oauth2, facebook, twitter, etc. - Social providers
- samlp - SAML enterprise connections
- oidc - OpenID Connect enterprise connections
- waad - Azure AD connections
- ad - Active Directory / LDAP
- email, sms - Passwordless connections
Creating Connections
- Database Connection
- Social Connection
- SAML Enterprise
- OIDC Enterprise
Create a custom database connection:
createRequest := &management.CreateConnectionRequestContent{
Name: "my-database",
Strategy: management.ConnectionIdentityProviderEnumAuth0,
Options: &management.ConnectionPropertiesOptions{
PasswordPolicy: management.ConnectionPropertiesOptionsPasswordPolicyEnumGood.Ptr(),
RequiresUsername: management.Bool(false),
BruteForceProtection: management.Bool(true),
EnabledDatabaseCustomization: management.Bool(false),
ImportMode: management.Bool(false),
DisableSignup: management.Bool(false),
PasswordHistory: &management.ConnectionPropertiesOptionsPasswordHistory{
Enable: management.Bool(true),
Size: management.Int(5),
},
PasswordNoPersonalInfo: &management.ConnectionPropertiesOptionsPasswordNoPersonalInfo{
Enable: management.Bool(true),
},
PasswordDictionary: &management.ConnectionPropertiesOptionsPasswordDictionary{
Enable: management.Bool(true),
},
},
EnabledClients: []string{
"client_id_1",
"client_id_2",
},
}
connection, err := mgmt.Connections.Create(ctx, createRequest)
if err != nil {
return err
}
fmt.Printf("Created connection: %s (ID: %s)\n",
*connection.GetName(),
*connection.GetID(),
)
Create a social provider connection (requires provider configuration):
createRequest := &management.CreateConnectionRequestContent{
Name: "google-oauth2",
Strategy: management.ConnectionIdentityProviderEnumGoogleOauth2,
Options: &management.ConnectionPropertiesOptions{
ClientID: management.String("YOUR_GOOGLE_CLIENT_ID"),
ClientSecret: management.String("YOUR_GOOGLE_CLIENT_SECRET"),
AllowedAudiences: []string{
"https://your-tenant.auth0.com",
},
Scope: []string{
"email",
"profile",
},
},
EnabledClients: []string{
"client_id_1",
},
}
connection, err := mgmt.Connections.Create(ctx, createRequest)
Create a SAML enterprise connection:
createRequest := &management.CreateConnectionRequestContent{
Name: "saml-connection",
Strategy: management.ConnectionIdentityProviderEnumSamlp,
Options: &management.ConnectionPropertiesOptions{
SignInEndpoint: management.String("https://idp.example.com/saml/sso"),
SigningCert: management.String("-----BEGIN CERTIFICATE-----\n..."),
SignSamlRequest: management.Bool(true),
FieldsMap: map[string]interface{}{
"email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"given_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
"family_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
},
},
EnabledClients: []string{
"client_id_1",
},
}
connection, err := mgmt.Connections.Create(ctx, createRequest)
Create an OpenID Connect enterprise connection:
createRequest := &management.CreateConnectionRequestContent{
Name: "oidc-connection",
Strategy: management.ConnectionIdentityProviderEnumOidc,
Options: &management.ConnectionPropertiesOptions{
ClientID: management.String("YOUR_OIDC_CLIENT_ID"),
ClientSecret: management.String("YOUR_OIDC_CLIENT_SECRET"),
Issuer: management.String("https://idp.example.com"),
Scope: []string{"openid", "profile", "email"},
DiscoveryUrl: management.String("https://idp.example.com/.well-known/openid-configuration"),
},
EnabledClients: []string{
"client_id_1",
},
}
connection, err := mgmt.Connections.Create(ctx, createRequest)
Reading Connections
Get a Single Connection
connectionID := "con_abc123xyz789"
connection, err := mgmt.Connections.Read(ctx, connectionID)
if err != nil {
return err
}
fmt.Printf("Connection: %s\n", *connection.GetName())
fmt.Printf("Strategy: %s\n", *connection.GetStrategy())
fmt.Printf("Enabled Clients: %v\n", connection.EnabledClients)
List All Connections
listRequest := &management.ListConnectionsRequestParameters{}
connectionsPage, err := mgmt.Connections.List(ctx, listRequest)
if err != nil {
return err
}
for _, conn := range connectionsPage.Results {
fmt.Printf("Connection: %s (Strategy: %s)\n",
*conn.GetName(),
*conn.GetStrategy(),
)
}
Filter by Strategy
listRequest := &management.ListConnectionsRequestParameters{
Strategy: management.String("auth0"),
}
connectionsPage, err := mgmt.Connections.List(ctx, listRequest)
Select Specific Fields
import "net/url"
queryParams := url.Values{}
queryParams.Set("fields", "id,name,strategy,enabled_clients")
queryParams.Set("include_fields", "true")
listRequest := &management.ListConnectionsRequestParameters{}
connectionsPage, err := mgmt.Connections.List(
ctx,
listRequest,
option.WithQueryParameters(queryParams),
)
Updating Connections
- Update Basic Settings
- Update Password Policy
- Configure MFA
- Disable Signup
Update connection name and enabled clients:
updateRequest := &management.UpdateConnectionRequestContent{
DisplayName: management.String("My Updated Database"),
EnabledClients: []string{
"client_id_1",
"client_id_2",
"client_id_3",
},
}
connection, err := mgmt.Connections.Update(ctx, connectionID, updateRequest)
Update database connection password requirements:
updateRequest := &management.UpdateConnectionRequestContent{
Options: &management.ConnectionPropertiesOptions{
PasswordPolicy: management.ConnectionPropertiesOptionsPasswordPolicyEnumExcellent.Ptr(),
PasswordComplexityOptions: &management.ConnectionPropertiesOptionsPasswordComplexityOptions{
MinLength: management.Int(12),
},
PasswordHistory: &management.ConnectionPropertiesOptionsPasswordHistory{
Enable: management.Bool(true),
Size: management.Int(10),
},
},
}
connection, err := mgmt.Connections.Update(ctx, connectionID, updateRequest)
Enable MFA for a connection:
updateRequest := &management.UpdateConnectionRequestContent{
Options: &management.ConnectionPropertiesOptions{
Mfa: &management.ConnectionPropertiesOptionsMfa{
Active: management.Bool(true),
ReturnEnrollSettings: management.Bool(true),
},
},
}
connection, err := mgmt.Connections.Update(ctx, connectionID, updateRequest)
Disable user signup for a database connection:
updateRequest := &management.UpdateConnectionRequestContent{
Options: &management.ConnectionPropertiesOptions{
DisableSignup: management.Bool(true),
},
}
connection, err := mgmt.Connections.Update(ctx, connectionID, updateRequest)
Advanced Connection Configuration
Custom Database Scripts
Configure custom database scripts for user migration:updateRequest := &management.UpdateConnectionRequestContent{
Options: &management.ConnectionPropertiesOptions{
EnabledDatabaseCustomization: management.Bool(true),
ImportMode: management.Bool(true),
CustomScripts: map[string]interface{}{
"login": "function login(email, password, callback) { /* your code */ }",
"get_user": "function getUser(email, callback) { /* your code */ }",
},
},
}
connection, err := mgmt.Connections.Update(ctx, connectionID, updateRequest)
Attribute Mapping
Map identity provider attributes to Auth0 user profile:updateRequest := &management.UpdateConnectionRequestContent{
Options: &management.ConnectionPropertiesOptions{
FieldsMap: map[string]interface{}{
"email": "mail",
"given_name": "firstName",
"family_name": "lastName",
"nickname": "username",
},
},
}
connection, err := mgmt.Connections.Update(ctx, connectionID, updateRequest)
Connection Metadata
Add custom metadata usingWithBodyProperties:
import "github.com/auth0/go-auth0/v2/management/option"
customMetadata := map[string]interface{}{
"custom_timeout": 30,
"retry_policy": "exponential_backoff",
"webhook_endpoints": []string{
"https://api.example.com/auth-webhook",
},
"advanced_config": map[string]interface{}{
"enable_debug_logs": true,
"api_version": "v2.1",
},
}
updateRequest := &management.UpdateConnectionRequestContent{
DisplayName: management.String("My Connection"),
}
connection, err := mgmt.Connections.Update(
ctx,
connectionID,
updateRequest,
option.WithBodyProperties(customMetadata),
)
Working with ExtraProperties
Some connection types supportExtraProperties in the request struct:
createRequest := &management.CreateConnectionRequestContent{
Name: "My Custom Connection",
Strategy: management.ConnectionIdentityProviderEnumAuth0,
Options: &management.ConnectionPropertiesOptions{
ImportMode: management.Bool(true),
ExtraProperties: map[string]interface{}{
"custom_timeout": 30,
"retry_policy": "exponential_backoff",
"webhook_endpoints": []string{
"https://api.example.com/webhook",
},
"advanced_config": map[string]interface{}{
"enable_debug_logs": true,
"api_version": "v2.1",
},
},
},
}
connection, err := mgmt.Connections.Create(ctx, createRequest)
Managing Enabled Clients
Enable Connection for Specific Clients
updateRequest := &management.UpdateConnectionRequestContent{
EnabledClients: []string{
"client_id_1",
"client_id_2",
},
}
connection, err := mgmt.Connections.Update(ctx, connectionID, updateRequest)
Disable Connection for All Clients
updateRequest := &management.UpdateConnectionRequestContent{
EnabledClients: []string{}, // Empty array disables for all clients
}
connection, err := mgmt.Connections.Update(ctx, connectionID, updateRequest)
Deleting Connections
err := mgmt.Connections.Delete(ctx, connectionID)
if err != nil {
return err
}
fmt.Printf("Deleted connection: %s\n", connectionID)
Deleting a connection is permanent and will prevent users from authenticating using that connection.
Pagination
Iterate through all connections:listRequest := &management.ListConnectionsRequestParameters{}
connectionsPage, err := mgmt.Connections.List(ctx, listRequest)
if err != nil {
return err
}
// Note: Connections API may not support pagination iterator
// Use Results directly
for _, conn := range connectionsPage.Results {
fmt.Printf("Connection: %s (Strategy: %s)\n",
*conn.GetName(),
*conn.GetStrategy(),
)
}
Testing Connections
Before enabling a connection for production, test it thoroughly:func testConnection(ctx context.Context, mgmt *client.Client, connectionID string) error {
// Read the connection
connection, err := mgmt.Connections.Read(ctx, connectionID)
if err != nil {
return fmt.Errorf("failed to read connection: %w", err)
}
// Verify configuration
if connection.Strategy == nil {
return fmt.Errorf("connection has no strategy")
}
if len(connection.EnabledClients) == 0 {
log.Println("Warning: Connection has no enabled clients")
}
fmt.Printf("Connection %s is configured correctly\n", *connection.GetName())
return nil
}
Complete Example
package main
import (
"context"
"fmt"
"log"
"github.com/auth0/go-auth0/v2/management"
"github.com/auth0/go-auth0/v2/management/client"
"github.com/auth0/go-auth0/v2/management/option"
)
func main() {
mgmt, err := client.New(
"your-tenant.auth0.com",
option.WithClientCredentials(
context.Background(),
"YOUR_CLIENT_ID",
"YOUR_CLIENT_SECRET",
),
)
if err != nil {
log.Fatalf("Error creating management client: %v", err)
}
ctx := context.Background()
// Create a new database connection
createRequest := &management.CreateConnectionRequestContent{
Name: "my-custom-database",
Strategy: management.ConnectionIdentityProviderEnumAuth0,
Options: &management.ConnectionPropertiesOptions{
PasswordPolicy: management.ConnectionPropertiesOptionsPasswordPolicyEnumGood.Ptr(),
RequiresUsername: management.Bool(false),
BruteForceProtection: management.Bool(true),
DisableSignup: management.Bool(false),
},
EnabledClients: []string{
"YOUR_CLIENT_ID",
},
}
connection, err := mgmt.Connections.Create(ctx, createRequest)
if err != nil {
log.Fatalf("Error creating connection: %v", err)
}
fmt.Printf("Created connection: %s (ID: %s)\n",
*connection.GetName(),
*connection.GetID(),
)
// List all database connections
listRequest := &management.ListConnectionsRequestParameters{
Strategy: management.String("auth0"),
}
connectionsPage, err := mgmt.Connections.List(ctx, listRequest)
if err != nil {
log.Fatalf("Error listing connections: %v", err)
}
fmt.Println("\nDatabase Connections:")
for _, conn := range connectionsPage.Results {
fmt.Printf("- %s (Strategy: %s)\n",
*conn.GetName(),
*conn.GetStrategy(),
)
}
// Update connection settings
updateRequest := &management.UpdateConnectionRequestContent{
Options: &management.ConnectionPropertiesOptions{
PasswordPolicy: management.ConnectionPropertiesOptionsPasswordPolicyEnumExcellent.Ptr(),
PasswordHistory: &management.ConnectionPropertiesOptionsPasswordHistory{
Enable: management.Bool(true),
Size: management.Int(5),
},
},
}
updatedConnection, err := mgmt.Connections.Update(
ctx,
*connection.GetID(),
updateRequest,
)
if err != nil {
log.Fatalf("Error updating connection: %v", err)
}
fmt.Printf("\nUpdated connection password policy: %v\n",
updatedConnection.Options.PasswordPolicy,
)
}
Best Practices
Enable Brute Force Protection
Enable Brute Force Protection
Always enable brute force protection for database connections:
Options: &management.ConnectionPropertiesOptions{
BruteForceProtection: management.Bool(true),
}
Use Strong Password Policies
Use Strong Password Policies
Set appropriate password policies based on your security requirements:
Options: &management.ConnectionPropertiesOptions{
PasswordPolicy: management.ConnectionPropertiesOptionsPasswordPolicyEnumExcellent.Ptr(),
}
Limit Enabled Clients
Limit Enabled Clients
Only enable connections for the clients that need them:
EnabledClients: []string{
"client_id_1", // Only enable for specific clients
}
Test Before Production
Test Before Production
Always test connection changes in a development environment first.
Next Steps
User Management
Learn how to manage users
Client Management
Learn how to manage applications
Request Options
Customize connection operations with request options