Hey @mratzer 👋🏻

Thanks for reporting this. We have a fix merged for this in #608, however I'd just like to mention that even tho it says it's gonna recreate the resource, it won't actually change the client_secret, unless you specify that argument. It's shown in the plan due to it being a sensitive value so it can't display a proper diff, meaning you can still run an apply on an already existing client resource if your config is just:

resource "auth0_client_credentials" "this" {
  client_id = auth0_client.this.id

  authentication_method = "client_secret_post"
}

To note that if using private_key_jwt and importing, the resource will always get recreated because we have no way of knowing if the pem file changed or not, but that won't cause any negative side effects as the key_id will remain the same, given the same pem file.

PS. The fix will be available in the upcoming release, towards the end of this week or if not next week, no exact ETAs atm unfortunately.

PS2. Also if you have any other feedback for us on this new resource or other please let us know :) our aim is to make using the Auth0 Terraform Provider an enjoyable experience.

from terraform-provider-auth0.

Hey @mratzer , we fixed this in https://github.com/auth0/terraform-provider-auth0/releases/tag/v0.49.0. Try it out and let us know if you encounter any other issues.

from terraform-provider-auth0.

Possible/Risky Workaround

In a non-PROD tenant I created a new application and used its client_id to apply the auth0_client_credentials and it did not change the client_secret.

from terraform-provider-auth0.