Added Support for Multiple Custom Domain (#1109)

Author: tanya732

src/index.ts

@@ -5,3 +5,4 @@ export * from './lib/errors.js';
 export * from './lib/models.js';
 export * from './lib/httpResponseHeadersUtils.js';
 export * from './deprecations.js';
+export { CustomDomainHeader } from './lib/runtime.js';

src/lib/index.ts

@@ -1,3 +1,4 @@
 export * from './errors.js';
 export * from './models.js';
 export { RetryConfiguration } from './retry.js';
+export { CustomDomainHeader } from './runtime.js';

src/lib/runtime.ts

@@ -291,6 +291,48 @@ export function applyQueryParams<
   ) as Pick<TRequestParams, ReadonlyArray<Key>[number]>;
 }
 
+// Pre-compiled regex for matching whitelisted paths
+const compiledWhitelistedPathRegexes: RegExp[] = compileWhitelistedPathPatterns();
+
+// Function to compile the whitelisted patterns
+function compileWhitelistedPathPatterns(): RegExp[] {
+  const patterns = [
+    '^/api/v2/jobs/verification-email$',
+    '^/api/v2/tickets/email-verification$',
+    '^/api/v2/tickets/password-change$',
+    '^/api/v2/organizations/[^/]+/invitations$',
+    '^/api/v2/users$',
+    '^/api/v2/users/[^/]+$',
+    '^/api/v2/guardian/enrollments/ticket$',
+  ];
+
+  return patterns.map((pattern) => new RegExp(pattern));
+}
+
+// Function to check if the path matches any whitelisted pattern
+function isCustomDomainPathWhitelisted(path: string): boolean {
+  return compiledWhitelistedPathRegexes.some((regex) => regex.test(path));
+}
+
+// Function to create the custom domain header for a request
+export function CustomDomainHeader(domain: string): InitOverrideFunction {
+  return async ({ init, context }: { init: RequestInit; context: RequestOpts }) => {
+    const headers: Record<string, string> = { ...init.headers } as Record<string, string>;
+
+    // Only add the custom domain header for whitelisted paths
+    const formattedPath = context.path.startsWith('/api/v2/')
+      ? context.path
+      : `/api/v2${context.path}`;
+
+    if (isCustomDomainPathWhitelisted(formattedPath)) {
+      headers['auth0-custom-domain'] = domain;
+    }
+
+    // Return the updated init with custom domain header if needed
+    return { ...init, headers: headers };
+  };
+}
+
 /**
  * @private
  */

src/management/__generated/managers/custom-domains-manager.ts

@@ -65,6 +65,14 @@ export class CustomDomainsManager extends BaseAPI {
         key: 'from',
         config: {},
       },
+      {
+        key: 'domain_metadata_filter',
+        config: {},
+      },
+      {
+        key: 'domain_name_filter',
+        config: {},
+      },
     ]);
 
     const response = await this.request(
@@ -118,19 +126,18 @@ export class CustomDomainsManager extends BaseAPI {
    * <pre><code>{ "custom_client_ip_header": "cf-connecting-ip" }</code></pre>
    *
    * <h5>Updating TLS_POLICY for a custom domain</h5>To update the <code>tls_policy</code> for a domain, the body to send should be:
-   * <pre><code>{ "tls_policy": "compatible" }</code></pre>
+   * <pre><code>{ "tls_policy": "recommended" }</code></pre>
    *
    *
    * TLS Policies:
    *
    * - recommended - for modern usage this includes TLS 1.2 only
-   * - compatible - compatible with older browsers this policy includes TLS 1.0, 1.1, 1.2
    *
    *
    * Some considerations:
    *
    * - The TLS ciphers and protocols available in each TLS policy follow industry recommendations, and may be updated occasionally.
-   * - Do not use the <code>compatible</code> TLS policy unless you have clients that require TLS 1.0.
+   * - The <code>compatible</code> TLS policy is no longer supported.
    *
    * Update custom domain configuration
    *

src/management/__generated/models/index.ts

@@ -8,6 +8,48 @@ export interface ActionsDraftUpdate {
    */
   update_draft?: boolean;
 }
+/**
+ * Certificate information. This object is relevant only for Custom Domains with Auth0-Managed Certificates.
+ */
+export interface Certificate {
+  /**
+   * The provisioning status of the certificate.
+   *
+   */
+  status?: CertificateStatusEnum;
+  /**
+   * A user-friendly error message will be presented if the certificate status is provisioning_failed or renewing_failed.
+   *
+   */
+  error_msg?: string;
+  /**
+   * The Certificate Authority issued the certificate.
+   *
+   */
+  certificate_authority?: CertificateCertificateAuthorityEnum;
+  /**
+   * The certificate will be renewed prior to this date.
+   *
+   */
+  renews_before?: string;
+}
+
+export const CertificateStatusEnum = {
+  provisioning: 'provisioning',
+  provisioning_failed: 'provisioning_failed',
+  provisioned: 'provisioned',
+  renewing_failed: 'renewing_failed',
+} as const;
+export type CertificateStatusEnum =
+  (typeof CertificateStatusEnum)[keyof typeof CertificateStatusEnum];
+
+export const CertificateCertificateAuthorityEnum = {
+  letsencrypt: 'letsencrypt',
+  googletrust: 'googletrust',
+} as const;
+export type CertificateCertificateAuthorityEnum =
+  (typeof CertificateCertificateAuthorityEnum)[keyof typeof CertificateCertificateAuthorityEnum];
+
 /**
  *
  */
@@ -3776,6 +3818,14 @@ export interface CustomDomain {
    *
    */
   tls_policy?: string;
+  /**
+   * Domain metadata associated with the custom domain, in the form of an object with string values (max 255 chars). Maximum of 10 domain metadata properties allowed.
+   *
+   */
+  domain_metadata?: { [key: string]: any };
+  /**
+   */
+  certificate?: Certificate;
 }
 
 export const CustomDomainStatusEnum = {
@@ -9838,7 +9888,7 @@ export interface PatchCredentialsByCredentialIdRequest {
  */
 export interface PatchCustomDomainsByIdRequest {
   /**
-   * compatible includes TLS 1.0, 1.1, 1.2, and recommended only includes TLS 1.2
+   * recommended includes TLS 1.2
    *
    */
   tls_policy?: PatchCustomDomainsByIdRequestTlsPolicyEnum;
@@ -9847,11 +9897,15 @@ export interface PatchCustomDomainsByIdRequest {
    *
    */
   custom_client_ip_header?: PatchCustomDomainsByIdRequestCustomClientIpHeaderEnum;
+  /**
+   * Domain metadata associated with the custom domain, in the form of an object with string values (max 255 chars). Maximum of 10 domain metadata properties allowed.
+   *
+   */
+  domain_metadata?: { [key: string]: any };
 }
 
 export const PatchCustomDomainsByIdRequestTlsPolicyEnum = {
   recommended: 'recommended',
-  compatible: 'compatible',
 } as const;
 export type PatchCustomDomainsByIdRequestTlsPolicyEnum =
   (typeof PatchCustomDomainsByIdRequestTlsPolicyEnum)[keyof typeof PatchCustomDomainsByIdRequestTlsPolicyEnum];
@@ -11198,6 +11252,14 @@ export interface PostCustomDomains201Response {
    *
    */
   tls_policy?: string;
+  /**
+   * Domain metadata associated with the custom domain, in the form of an object with string values (max 255 chars). Maximum of 10 domain metadata properties allowed.
+   *
+   */
+  domain_metadata?: { [key: string]: any };
+  /**
+   */
+  certificate?: Certificate;
 }
 
 export const PostCustomDomains201ResponseStatusEnum = {
@@ -11225,7 +11287,31 @@ export interface PostCustomDomains201ResponseVerification {
    *
    */
   methods?: Array<PostCustomDomains201ResponseVerificationMethodsInner>;
+  /**
+   * The DNS record verification status. This field is relevant only for Custom Domains with Auth0-Managed Certificates.
+   *
+   */
+  status?: PostCustomDomains201ResponseVerificationStatusEnum;
+  /**
+   * The user0-friendly error message in case of failed verification. This field is relevant only for Custom Domains with Auth0-Managed Certificates.
+   *
+   */
+  error_msg?: string;
+  /**
+   * The date and time when the custom domain was last verified. This field is relevant only for Custom Domains with Auth0-Managed Certificates.
+   *
+   */
+  last_verified_at?: string;
 }
+
+export const PostCustomDomains201ResponseVerificationStatusEnum = {
+  verified: 'verified',
+  pending: 'pending',
+  failed: 'failed',
+} as const;
+export type PostCustomDomains201ResponseVerificationStatusEnum =
+  (typeof PostCustomDomains201ResponseVerificationStatusEnum)[keyof typeof PostCustomDomains201ResponseVerificationStatusEnum];
+
 /**
  *
  */
@@ -11274,7 +11360,7 @@ export interface PostCustomDomainsRequest {
    */
   verification_method?: PostCustomDomainsRequestVerificationMethodEnum;
   /**
-   * compatible includes TLS 1.0, 1.1, 1.2, and recommended only includes TLS 1.2
+   * Custom domain TLS policy. Must be `recommended`, includes TLS 1.2.
    *
    */
   tls_policy?: PostCustomDomainsRequestTlsPolicyEnum;
@@ -11283,6 +11369,11 @@ export interface PostCustomDomainsRequest {
    *
    */
   custom_client_ip_header?: PostCustomDomainsRequestCustomClientIpHeaderEnum;
+  /**
+   * Domain metadata associated with the custom domain, in the form of an object with string values (max 255 chars). Maximum of 10 domain metadata properties allowed.
+   *
+   */
+  domain_metadata?: { [key: string]: any };
 }
 
 export const PostCustomDomainsRequestTypeEnum = {
@@ -11300,7 +11391,6 @@ export type PostCustomDomainsRequestVerificationMethodEnum =
 
 export const PostCustomDomainsRequestTlsPolicyEnum = {
   recommended: 'recommended',
-  compatible: 'compatible',
 } as const;
 export type PostCustomDomainsRequestTlsPolicyEnum =
   (typeof PostCustomDomainsRequestTlsPolicyEnum)[keyof typeof PostCustomDomainsRequestTlsPolicyEnum];
@@ -15056,6 +15146,14 @@ export interface PostVerify200Response {
    *
    */
   tls_policy?: string;
+  /**
+   * Domain metadata associated with the custom domain, in the form of an object with string values (max 255 chars). Maximum of 10 domain metadata properties allowed.
+   *
+   */
+  domain_metadata?: { [key: string]: any };
+  /**
+   */
+  certificate?: Certificate;
 }
 
 export const PostVerify200ResponseStatusEnum = {
@@ -18872,6 +18970,16 @@ export interface GetCustomDomainsRequest {
    *
    */
   from?: string;
+  /**
+   * Optional filter on domain_metadata.
+   *
+   */
+  domain_metadata_filter?: string;
+  /**
+   * Optional filter on domain_name.
+   *
+   */
+  domain_name_filter?: string;
 }
 /**
  *

src/management/management-client-options.ts

@@ -3,6 +3,7 @@ import { ClientOptions } from '../lib/runtime.js';
 export interface ManagementClientOptions extends ClientOptions {
   domain: string;
   audience?: string;
+  headers?: Record<string, string>;
 }
 
 export interface ManagementClientOptionsWithToken extends ManagementClientOptions {

test/lib/runtime.test.ts

@@ -10,7 +10,7 @@ import {
   AuthApiError,
 } from '../../src/index.js';
 import { InitOverrideFunction, RequestOpts } from '../../src/lib/models.js';
-import { BaseAPI, applyQueryParams } from '../../src/lib/runtime.js';
+import { BaseAPI, applyQueryParams, CustomDomainHeader } from '../../src/lib/runtime.js';
 
 import * as utils from '../../src/utils.js';
 import { base64url } from 'jose';
@@ -909,3 +909,64 @@ describe('Runtime for UserInfoClient', () => {
     expect(request.isDone()).toBe(true);
   });
 });
+
+describe('CustomDomainHeader', () => {
+  const domain = 'custom.domain.com';
+
+  const whitelistedPaths = [
+    '/api/v2/jobs/verification-email',
+    '/api/v2/tickets/email-verification',
+    '/api/v2/tickets/password-change',
+    '/api/v2/organizations/org123/invitations',
+    '/api/v2/users',
+    '/api/v2/users/user123',
+    '/api/v2/guardian/enrollments/ticket',
+  ];
+
+  const nonWhitelistedPath = '/api/v2/not-whitelisted';
+
+  const method = 'GET';
+
+  it('adds the custom domain header for whitelisted paths', async () => {
+    for (const path of whitelistedPaths) {
+      const fn = CustomDomainHeader(domain);
+      const result = await fn({
+        init: { method, headers: {} },
+        context: { method, path },
+      });
+      const headers = result.headers as Record<string, string>;
+      expect(headers['auth0-custom-domain']).toBe(domain);
+    }
+  });
+
+  it('does not add the custom domain header for non-whitelisted paths', async () => {
+    const fn = CustomDomainHeader(domain);
+    const result = await fn({
+      init: { method, headers: {} },
+      context: { method, path: nonWhitelistedPath },
+    });
+    const headers = result.headers as Record<string, string>;
+    expect(headers['auth0-custom-domain']).toBeUndefined();
+  });
+
+  it('prepends /api/v2 to non-prefixed paths', async () => {
+    const fn = CustomDomainHeader(domain);
+    const result = await fn({
+      init: { method, headers: {} },
+      context: { method, path: '/users' },
+    });
+    const headers = result.headers as Record<string, string>;
+    expect(headers['auth0-custom-domain']).toBe(domain);
+  });
+
+  it('preserves existing headers', async () => {
+    const fn = CustomDomainHeader(domain);
+    const result = await fn({
+      init: { method, headers: { 'existing-header': 'value' } },
+      context: { method, path: whitelistedPaths[0] },
+    });
+    const headers = result.headers as Record<string, string>;
+    expect(headers['existing-header']).toBe('value');
+    expect(headers['auth0-custom-domain']).toBe(domain);
+  });
+});