Auth0 + Steampipe
Auth0 is a flexible, drop-in solution to add authentication and authorization services to your applications.
Steampipe is an open-source zero-ETL engine to instantly query cloud APIs using SQL.
For example:
select email, id, updated_atfrom auth0_userwhere not email_verified;
+--------------------------------+--------------------------------+---------------------------+| email | id | updated_at |+--------------------------------+--------------------------------+---------------------------+| select-joey@mail.com | auth0|63c1e7732fbd7515d3fbe622 | 2023-01-19T12:56:32-04:00 || brief-ocelot@coffeetech.com.br | auth0|63d1a8b93addd17774ec0302 | 2022-07-28T00:28:13-04:00 || enough-snake@mail.com | auth0|63c1e75e20e950c9f84d9ca5 | 2020-10-23T20:35:35-04:00 |+--------------------------------+--------------------------------+---------------------------+
Documentation
Get started
Install
Download and install the latest Auth0 plugin:
steampipe plugin install auth0
Credentials
Item | Description |
---|---|
Credentials | Auth0 requires an API token or a Client ID and Client Secret for all requests. |
Permissions | API tokens have the same permissions as the user who creates them, and if the user permissions change, the API token permissions also change. |
Radius | Each connection represents a single Auth0 Installation. |
Resolution | 1. Credentials explicitly set in a steampipe config file (~/.steampipe/config/auth0.spc )2. Credentials specified in environment variables, e.g., AUTH0_TOKEN . |
Configuration
Installing the latest auth0 plugin will create a config file (~/.steampipe/config/auth0.spc) with a single connection named auth0
:
connection "auth0" { plugin = "auth0"
# `domain` (required) - Your Auth0 domain name. # This can also be set via the `AUTH0_DOMAIN` environment variable. # domain = "<your_auth0_domain>.<region>.auth0.com"
# Either api_token or client_id + client_secret is also required
# Get your API token from Auth0 https://auth0.com/docs/secure/tokens/access-tokens/management-api-access-tokens # This can also be set via the `AUTH0_API_TOKEN` environment variable. api_token = "fyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZYbjJoN251dFRFbS1ZSndPSEdFdiJ9.eyJpc3MiOiJodHRwczovL2Rldi1zdGVhZHktbGFyay51cy5hdXRoMC5jb20vIiwic3ViIjoickNRWTF6UndJOEFOTzM4RkF3NE5nRFg2dzJIVHJOUWZAY1xp"
# The below client_id and client_secret can be used instead of api_token. If both are specified, api_token will be used over client_id + client_secret. # This can also be set via the `AUTH0_CLIENT_ID` and `AUTH0_CLIENT_SECRET` environment variables. # client_id = "rCQY1zRwI8ANO38FAw4NgDX6w2HTrNQh" # client_secret = "p8vxBHRRLiYDRNAQ9sk37sh2-6k_9XY25YgC2YY-mYcw715hvAl9olXg2Iqqpa2o"}
Credentials from Environment Variables
The Auth0 plugin will use the standard Auth0 environment variables to obtain credentials only if other arguments (domain
, api_token
, client_id
, client_secret
) are not specified in the connection:
API Token
export AUTH0_DOMAIN=<your_auth0_domain>.<region>.auth0.comexport AUTH0_API_TOKEN="fyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZYbjJoN251dFRFbS1ZSndPSEdFdiJ9.eyJpc3MiOiJodHRwczovL2Rldi1zdGVhZHktbGFyay51cy5hdXRoMC5jb20vIiwic3ViIjoickNRWTF6UndJOEFOTzM4RkF3NE5nRFg2dzJIVHJOUWZAY2xp"
Client App
export AUTH0_DOMAIN=<your_auth0_domain>.<region>.auth0.comexport AUTH0_CLIENT_ID="rCQY1zRwI8ANO38FAw4NgDX6w2HTrNQf"export AUTH0_CLIENT_SECRET="p8vxBHRRLiYDRNAQ9sk37sh2-6k_9XY25YgC2YY-mYcw715hvAl9olXg2Iqqpa7o"
Postgres FDW
This plugin is available as a native Postgres FDW. Unlike Steampipe CLI, which ships with an embedded Postgres server instance, the Postgres FDW can be installed in any supported Postgres database version.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_postgres_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/postgres.sh)" -- auth0
The installer will prompt you for the plugin name and version, download and install the appropriate files for your OS, system architecture, and Postgres version.
To configure the Postgres FDW, you will create an extension, foreign server, and schema and import the foreign schema.
CREATE EXTENSION IF NOT EXISTS steampipe_postgres_auth0;CREATE SERVER steampipe_auth0 FOREIGN DATA WRAPPER steampipe_postgres_auth0 OPTIONS (config '<your_config>');CREATE SCHEMA auth0;IMPORT FOREIGN SCHEMA auth0 FROM SERVER steampipe_auth0 INTO auth0;
SQLite Extension
This plugin is available as a SQLite Extension, making the tables available as SQLite virtual tables.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_sqlite_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/sqlite.sh)" -- auth0
The installer will prompt you for the plugin name, version, and destination directory. It will then determine the OS and system architecture, and it will download and install the appropriate package.
To configure the SQLite extension, load the extension module and then run the steampipe_configure_auth0
function to configure it with plugin-specific options.
$ sqlite3sqlite> .load ./steampipe_sqlite_extension_auth0.sosqlite> select steampipe_configure_auth0('<your_config>');
Export
This plugin is available as a standalone Export CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- auth0
You can pass the configuration to the command with the --config
argument:
steampipe_export_auth0 --config '<your_config>' <table_name>