
auth0-cli
★ 37by auth0 · part of auth0/agent-skills
Reference for Auth0 CLI commands — apps, apis, users, roles, organizations, actions, logs, custom domains, universal-login, terraform, raw API mode, and --json…
Reference for Auth0 CLI commands — apps, apis, users, roles, organizations, actions, logs, custom domains, universal-login, terraform, raw API mode, and --json…
Inspect the full instructions your agent will receiveExpandCollapse
This is the exact playbook injected into your agent when the skill activates — shown here so you can audit it before installing. You don't need to read it to use the skill.
by auth0
Reference for Auth0 CLI commands — apps, apis, users, roles, organizations, actions, logs, custom domains, universal-login, terraform, raw API mode, and --json…
npx skills add https://github.com/auth0/agent-skills --skill auth0-cli
Download ZIPGitHub37
Auth0 CLI — Command Reference
The Auth0 CLI (auth0) lets you manage your tenant from the terminal. Install it via Homebrew (brew install auth0/auth0-cli/auth0). For complete flag definitions and examples, see the Full CLI Reference.
Before You Start: Authenticate
auth0 login # interactive device-code login
auth0 login --scopes "read:client_grants" # request extra scopes if 403
auth0 login --domain .auth0.com --client-id --client-secret "$AUTH0_CLIENT_SECRET" # CI/CD
See Authentication Details for machine login with JWT, tenant management, and logout.
Quick Decision Guide
What you're doing Command to use
Setting up a new project auth0 apps create --type spa|regular|m2m|native --json
Need a client ID or secret auth0 apps show <id> -r --json
Registering a backend API auth0 apis create --identifier "https://..." --json
Finding a user's ID auth0 users search --query "email:..." --json
Creating/managing roles (RBAC) auth0 roles create / auth0 users roles assign
B2B multi-tenancy auth0 orgs create
Custom login logic auth0 actions create --trigger post-login --json
Branding the login page auth0 ul update --logo ... --accent ...
Custom domain for login auth0 domains create --domain "auth.myapp.com" --json
Debugging a failed login auth0 logs tail --filter "type:f" --json-compact
Testing a login flow auth0 test login <client-id>
Exporting config as Terraform auth0 terraform generate --output-dir ./terraform
Managing connections, grants, hooks auth0 api get <path>
Scripting / parsing output Add --json or --json-compact to any command
Security hardening auth0 protection brute-force-protection update --enabled true
Routing logs externally auth0 logs streams create datadog|http|splunk
Bulk importing users auth0 users import --connection-name ... --users '...' --json
Command Overview
Apps — Manage Applications
Create or inspect Auth0 applications (client ID, secret, callback URLs, app type). Alias: auth0 clients.
auth0 apps create --name "My SPA" --type spa \
--auth-method None \
--callbacks "http://localhost:3000" \
--logout-urls "http://localhost:3000" \
--origins "http://localhost:3000" --json
auth0 apps list --json-compact
auth0 apps show --json
auth0 apps update --callbacks "http://localhost:3000,https://myapp.com" --json
auth0 apps delete --force
App types: spa, regular, m2m, native, resource_server
Full details: Apps Reference
APIs — Manage API Resources
Register backend APIs (Resource Servers) to protect with Auth0 tokens. Alias: auth0 resource-servers.
auth0 apis create --name "My API" --identifier "https://api.myapp.com" \
--scopes "read:data,write:data" --token-lifetime 3600 --json
auth0 apis list --json-compact
auth0 apis scopes list --json
Key distinction: apps = the client requesting tokens. apis = the resource accepting tokens.
Full details: APIs Reference
Users — Manage Users
Create, search, inspect, import, and manage users in your tenant.
auth0 users search --query "email:[email protected]" --json
auth0 users search-by-email [email protected] --json-compact
auth0 users create --connection-name "Username-Password-Authentication" \
--email "[email protected]" --password "$USER_PASSWORD" --json
auth0 users show --json
auth0 users blocks list --json
auth0 users blocks unblock
auth0 users import --connection-name "Username-Password-Authentication" \
--users '[...]' --upsert --json
Full details: Users Reference
Roles — Manage RBAC Roles
Create roles, assign permissions, and assign roles to users. The CLI has dedicated commands for all role operations.
auth0 roles create --name "editor" --description "Can edit content" --json
auth0 roles permissions add --api-id --permissions "read:data,write:data" --json
auth0 users roles assign --roles
auth0 users roles show --json-compact
Full details: Roles Reference
Organizations — B2B Multi-Tenancy
Manage organizations for B2B SaaS scenarios. Alias: auth0 orgs.
auth0 orgs create --name "acme-corp" --display "Acme Corporation" \
--logo "https://acme.com/logo.png" --accent "#FF6600" --json
auth0 orgs members list --json
auth0 orgs invitations create --org-id --invitee-email "[email protected]" \
--inviter-name "Admin" --client-id --json
Full details: Organizations Reference
Actions — Serverless Auth Pipeline
Create and deploy serverless functions at auth pipeline trigger points. Replaces deprecated Rules.
auth0 actions create --name "Add Claims" --trigger "post-login" \
--code 'exports.onExecutePostLogin = async (event, api) => { ... }' --json
auth0 actions deploy
Triggers: post-login, credentials-exchange, pre-user-registration, post-user-registration, post-change-password, send-phone-message
Important: You must deploy after creating or updating for changes to take effect.
Full details: Actions Reference
Logs — Debugging & Monitoring
auth0 logs tail --filter "type:f" --json-compact # real-time failed logins
auth0 logs list --filter "type:f" --number 20 --json-compact # historical
Common codes: s (success), f (failed login), slo (logout), fs (silent auth failure)
Full details: Logs Reference
Domains — Custom Domains
auth0 domains create --domain "auth.myapp.com" --type "auth0_managed_certs" --json
auth0 domains verify --json
Full details: Domains Reference
Universal Login — Branding
auth0 ul update --accent "#FF6600" --background "#FFFFFF" \
--logo "https://myapp.com/logo.png" --json
Full details: Universal Login Reference
Terraform — Export as IaC
auth0 terraform generate --output-dir ./terraform --resources "auth0_client,auth0_connection"
Full details: Terraform Reference
Test — Verify Login Flows
auth0 test login
auth0 test login --audience "https://api.myapp.com" --scopes "openid profile email"
Full details: Test Reference
Attack Protection — Security Hardening
auth0 protection brute-force-protection update --enabled true
auth0 protection breached-password-detection update --enabled true
auth0 protection bot-detection update --enabled true
Full details: Attack Protection Reference
Log Streams — External Routing
auth0 logs streams create datadog # interactive setup
auth0 logs streams create http # custom webhook
auth0 logs streams list --json
Supported: eventbridge, eventgrid, http, datadog, splunk, sumo
Full details: Log Streams Reference
Raw API Mode — Direct Management API Access
When a dedicated command doesn't exist, auth0 api calls Management API v2 endpoints directly.
auth0 api get connections
auth0 api post client-grants --data '{"client_id":"...","audience":"...","scope":["read:data"]}'
auth0 api get stats/daily -q "from=20240101" -q "to=20240131"
Full details: Raw API Reference
Output Formatting
Always use --json or --json-compact for machine-readable output. Three modes (mutually exclusive):
Flag When to use
--json Human inspection, debugging — pretty-printed with indentation
--json-compact Piping to jq, scripting, pipelines — compact single-line
--csv Spreadsheets and tabular export
auth0 apps list --json-compact | jq '.[] | {client_id, name}'
auth0 users show --json-compact | jq '{id: .user_id, email: .email}'
auth0 roles list --json-compact | jq '.[].name'
Full details: Output Formatting Reference
Reference Documentation
Complete CLI reference with all flags, examples, and usage patterns:
-
Setup Guide — installation, authentication, CI/CD configuration
-
Authentication — login modes, tenant management, scopes
-
Apps — create, list, show, update, delete, session-transfer
-
APIs — create, scopes, token lifetime
-
Users — search, create, import, blocks, roles
-
Roles — RBAC setup, permissions management
-
Organizations — B2B, members, invitations
-
Actions — pipeline triggers, deploy workflow
-
Logs — tail, list, type codes
-
Domains — custom domains, verification
-
Universal Login — branding, templates, prompts
-
Terraform — IaC export
-
Test — login flow verification
-
Attack Protection — brute-force, breach, bot detection
-
Log Streams — external service routing
-
Raw API Mode — direct Management API access
-
Output Formatting — --json, --json-compact, --csv
-
Shared Flags — --tenant, --no-input, --debug
Related Skills
-
auth0-quickstart— Initial Auth0 setup, framework detection -
auth0-migration— Migrate from other auth providers -
auth0-mfa— Multi-Factor Authentication setup
References
npx skills add https://github.com/auth0/agent-skills --skill auth0-cliRun this in your project — your agent picks the skill up automatically.
No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.