Skip to content

feat: Exclude Third-Party Clients via AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS config property #1212

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat: Exclude Third-Party Clients via AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS config property #1212

wants to merge 2 commits into from
+57 −0

Conversation

@mgyarmathy
Copy link

@mgyarmathy mgyarmathy commented Nov 19, 2025

🔧 Changes

When Dynamic Client Registration (DCR) is enabled on a tenant, it can often have an innumerable amount of third-party clients that don't need to be directly managed through a tool like auth0-deploy-cli.

This PR adds a new AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS config property that enables the CLI to filter out third-party clients using the Client API's is_first_party request parameter.

🔬 Testing

I've added a simple unit test and confirmed this works as expected on my own tenant (which includes third-party clients created via DCR), but would welcome the assistance of this project's maintainers to add E2E test recordings from the deploy-cli-dev or auth0-deploy-cli-e2e tenant to further validate this new feature.

📝 Checklist

  • All new/changed/fixed functionality is covered by tests (or N/A)
  • I have added documentation for all new/changed functionality (or N/A)

@mgyarmathy mgyarmathy requested a review from a team as a code owner November 19, 2025 17:50
@kushalshit27
Copy link
Contributor

kushalshit27 commented Nov 20, 2025

Thank you for submitting this PR! Your contribution is greatly appreciated. We'll review it shortly

@kushalshit27
Copy link
Contributor

kushalshit27 commented Nov 24, 2025

Hi, @mgyarmathy

Really appreciate your idea. 👍

The primary use of Deploy CLI is for "Infrastructure as Code." The source of truth is a static local file (YAML/JSON).

Since the dynamic nature of DCR clients, it would be better to use the opposite approach, AUTH0_INCLUDE_THIRD_PARTY_CLIENTS is false (default).

Thanks again, Great work on this PR! Thanks for taking the time to contribute. Let me know if you have any questions. Looking forward to your updates!

@mgyarmathy
Copy link
Author

mgyarmathy commented Nov 24, 2025

Hi, @mgyarmathy

Really appreciate your idea. 👍

The primary use of Deploy CLI is for "Infrastructure as Code." The source of truth is a static local file (YAML/JSON).

Since the dynamic nature of DCR clients, it would be better to use the opposite approach, AUTH0_INCLUDE_THIRD_PARTY_CLIENTS is false (default).

Thanks again, Great work on this PR! Thanks for taking the time to contribute. Let me know if you have any questions. Looking forward to your updates!

If we implement the opposite behavior, we'd be introducing a breaking change, since currently third-party clients are included by default. Is this the direction you'd like to take this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mgyarmathy @kushalshit27