OIDC Connection Requires Over-Specification (Again?)

[dh-abaird]

Checklist

• I have looked into the README and have not found a suitable solution or answer.
• I have looked into the documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have upgraded to the latest version of this provider and the issue still persists.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

As recently as February, when creating an auth0_connection of strategy oidc, I was able to supply only the discovery_url and Auth0 would pull the other settings from the JSON response (authorization_endpoint, jwks_uri, etc.). As of today, when trying to do the same thing, with say, this example config:

resource "auth0_connection" "oidc" {
  name           = "oidc-connection"
  display_name   = "OIDC Connection"
  strategy       = "oidc"
  show_as_button = false

  options {
    client_id      = "1234567"
    client_secret  = "1234567"
    domain_aliases = ["example.com"]
    type           = "back_channel"
    discovery_url  = "https://www.paypalobjects.com/.well-known/openid-configuration"
    scopes         = ["openid", "email"]

    connection_settings {
      pkce = "auto"
    }
  }
}

The management API throws an HTTP 400:

Error: 400 Bad Request: "options.issuer" must be a string

It's not until I manually add issuer, authorization_endpoint, and jwks_uri, all of which are present in the response from the discovery URL, that the apply completes successfully. As mentioned previously, this didn't use to be the case, and indeed isn't the case now if I create the connection using the dashboard, where all I have to do is enter the OpenID Connect Discovery URL.

Feels like a potential recurrence of this issue, however given the connection is created fine from the dashboard I'm guessing it isn't a problem with the management API.

Expectation

When discovery_url is provided I expect issuer, authorization_endpoint, and jwks_uri to be extracted automatically

Reproduction

As per the description above 👆

Auth0 Terraform Provider version

1.2.0

Terraform version

1.5.7

[gaima8]

I've only been using this provider for a morning and have already been very frustrated by this.
There is actually a worse level here too. You have to specify discovery_url to create a connection, but, once created you have to remove discovery_url otherwise every plan/apply adds the discovery_url.

╷
│ Error: 400 Bad Request: "options.discovery_url" must be a string
│ 

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.---.auth0_connection.connection will be updated in-place
  ~ resource "auth0_connection" "connection" {
        id                   = "...."
        name                 = "..."
        # (6 unchanged attributes hidden)

      ~ options {
          + discovery_url                        = "https://..../.well-known/openid-configuration"
            # (38 unchanged attributes hidden)

            # (2 unchanged blocks hidden)
        }
    }

[mikeaddresscloud]

Also experiencing this issue. Thanks for reporting.

[craig-a-vinet]

Also experiencing this issue. I've only started using TF, but this is the first issue I've come across. Sorry that it's new-ish