Auth0 module · weave

Setup

Configure credentials via environment variables. We recommend sourcing them through 1Password or your secrets manager rather than committing them to the shell rc.

Official API reference

weave commands for this module are checked against the vendor's published API.

Management API v2

Variable	Description	Status
AUTH0_DOMAIN	Required for authentication.	required
AUTH0_TOKEN	Required for authentication.	required

Sanity-check the wiring:

weave secrets check
weave auth0 --help
weave doctor   # reports AUTH0_DOMAIN status

Capabilities

What this module can do, by entity and verb. ✓ means a working CLI surface; · means not (yet) wired.

Entity	find	list	show	do	snapshot	diff	apply
client	·	✓	·	·	·	·	·
organization	·	✓	·	·	·	·	·
user	✓	✓	·	✓	✓	✓	✓

Commands

Every registered CLI command, grouped by verb. Each example uses placeholder arguments — substitute real values for your environment.

find (1)

find user

read

Find a user by email or Auth0 user_id.

weave auth0 find user <identifier>

list (3)

list clients

read

List applications (Management API /clients).

weave auth0 list clients <arg>

list organizations

read

List Auth0 organizations (B2B).

weave auth0 list organizations <arg>

list users

read

List users (paginated).

weave auth0 list users <arg>

do (3)

do block

write

Block a user from signing in.

weave auth0 do block <identifier>

do reset-mfa

write

Delete all enrolled MFA factors for a user.

weave auth0 do reset-mfa <identifier>

do unblock

write

Unblock a user.

weave auth0 do unblock <identifier>

snapshot / diff / apply are generated automatically from the State Kinds declared on this module — see the State kinds section below for per-kind details. Workflow: snapshot → edit YAML → diff → apply --yes (or confirm interactively; apply --dry-run previews the same diff).

State kinds

Resources this module can snapshot and diff; apply where the kind supports live writes (see Round-trip per kind). Always run diff before apply; use --yes in automation after review. Files live under .weave-state/auth0/.

users

snapshot diff apply

Auth0 users — block status is round-trippable via apply.

Scope: —
Round-trip: Full round-trip — snapshot, diff, apply.

State file skeleton

module: auth0
kind: users
items:
  - # <fields specific to this kind — see snapshot output>

Workflows

End-to-end recipes from operators who already run this module in production. Copy, adapt, and put under change-control.

User block status audit

Snapshot users, edit blocked flags, diff and apply.

weave auth0 snapshot users
$EDITOR .weave-state/auth0/<domain>/users.yaml
weave auth0 diff users
weave auth0 apply users

Look up one user

weave auth0 find user <email-or-user_id>

List users

weave auth0 list users

List applications

weave auth0 list clients

Terraform parity

For each Terraform resource in the canonical provider, here's the equivalent live-API verb in weave. Use this as a migration cheat-sheet, not a 1:1 contract — weave deliberately stays in the live-state lane, not the desired-state lane.

Terraform resource	weave equivalent
auth0_user	weave auth0 snapshot/diff/apply users Block status round-trips via Management API PATCH.
auth0_client	weave auth0 list clients Lists applications (Management API /clients).

Troubleshooting & source

Missing credentials

Run weave doctor — it reports which env vars (including AUTH0_DOMAIN) are set and which are blank.

Unexpected behaviour from a state apply

Re-run weave auth0 diff <kind> to confirm the controller's current state, then re-snapshot before the next apply. The driver always re-snapshots before diffing.

Open the source

The module lives at https://github.com/andy-broyles/weavewhatever/tree/main/src/weave/modules/auth0. File a bug or feature request at https://github.com/andy-broyles/weavewhatever/issues.