Skip to content

mgmt: Adds Auth0-Custom-Header on allow-listed Management API endpoints#985

Merged
kailash-b merged 1 commit into
fern-generation/2026-04-22from
mcd/custom-header
Apr 22, 2026
Merged

mgmt: Adds Auth0-Custom-Header on allow-listed Management API endpoints#985
kailash-b merged 1 commit into
fern-generation/2026-04-22from
mcd/custom-header

Conversation

@kailash-b
Copy link
Copy Markdown
Contributor

@kailash-b kailash-b commented Apr 22, 2026
edited
Loading

Changes

Adds support for the Auth0-Custom-Domain header on Management API endpoints that generate user-facing links. Auth0 tenants with Multiple Custom Domains (MCD) enabled must supply this header so that generated
URLs (verification emails, password reset tickets, invitations, etc.) resolve against the correct custom domain.
Affected endpoints (allow-list):

  • POST /api/v2/tickets/email-verification
  • POST /api/v2/tickets/password-change
  • POST /api/v2/organizations/{id}/invitations
  • POST /api/v2/guardian/enrollments/ticket
  • POST /api/v2/jobs/verification-email
  • POST /api/v2/jobs/users-imports
  • POST /api/v2/users and PATCH /api/v2/users/{id}
  • POST /api/v2/self-service-profiles/{id}/sso-ticket

New classes/APIs:

  • CustomDomainInterceptor (DelegatingHandler) — strips Auth0-Custom-Domain from any request whose path is not on the allow-list, preventing the header from leaking to unrelated endpoints.
  • CustomDomainHeader.For(string domain) — convenience factory returning a RequestOptions pre-populated with the Auth0-Custom-Domain header for per-request use.
  • CustomDomain property added to ClientOptions and ManagementClientOptions — when set (and no custom HttpClient is provided), the SDK automatically wires up CustomDomainInterceptor.

Usage summary:

// Option 1 — Global via ManagementClient (recommended)
var client = new ManagementClient(new ManagementClientOptions
{
    Domain = "my.auth0.domain",
    TokenProvider = ...,
    CustomDomain = "login.mycompany.com"   // interceptor injected automatically
});

// Option 2 — Per-request override
await client.Tickets.VerifyEmailAsync(request,
    CustomDomainHeader.For("login.mycompany.com"));

// Option 3 — Manual via ManagementApiClient (bring-your-own token)
var client = new ManagementApiClient("token", new ClientOptions
{
    BaseUrl = "https://my.auth0.domain/api/v2",
    CustomDomain = "login.mycompany.com",
    HttpClient = new HttpClient(new CustomDomainInterceptor())   // required when BYO HttpClient
});
  • Examples.md updated with a new section 5 covering all three patterns.

References

Testing

  • This change adds unit test coverage

  • This change adds integration test coverage

  • This change has been tested on the latest version of the platform/language or why not

Checklist

@kailash-b kailash-b requested a review from a team as a code owner April 22, 2026 09:17
tanya732
tanya732 reviewed Apr 22, 2026
View reviewed changes
Comment thread src/Auth0.ManagementApi/Core/Public/ClientOptions.Custom.cs
public string? CustomDomain
{
get => _customDomain;
#if NET5_0_OR_GREATER
Copy link
Copy Markdown

@tanya732 tanya732 Apr 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix indentation, if needed

@kailash-b kailash-b merged commit 93d6a22 into fern-generation/2026-04-22 Apr 22, 2026
2 checks passed
@kailash-b kailash-b deleted the mcd/custom-header branch April 22, 2026 13:50
@kailash-b kailash-b changed the title Adds Auth0-Custom-Header on allow-listed Management API endpoints mgmt: Adds Auth0-Custom-Header on allow-listed Management API endpoints Apr 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tanya732 tanya732 tanya732 left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kailash-b @tanya732