auth0 · duedares-rvj · Oct 17, 2025 · Oct 17, 2025 · Oct 17, 2025 · Oct 17, 2025
@@ -42,7 +42,7 @@ data "auth0_custom_domain" "test" {
 - `id` (String) The ID of this resource.
 - `origin_domain_name` (String) Once the configuration status is `ready`, the DNS name of the Auth0 origin server that handles traffic for the custom domain.
 - `primary` (Boolean) Indicates whether this is a primary domain.
-- `status` (String) Configuration status for the custom domain. Options include `disabled`, `pending`, `pending_verification`, and `ready`.
+- `status` (String) Configuration status for the custom domain. Options include `disabled`, `pending`, `pending_verification`, `ready` and `failed`.
 - `tls_policy` (String) TLS policy for the custom domain. Available options are: `compatible` or `recommended`. Compatible includes TLS 1.0, 1.1, 1.2, and recommended only includes TLS 1.2. Cannot be set on self_managed domains.
 - `type` (String) Provisioning type for the custom domain. Options include `auth0_managed_certs` and `self_managed_certs`.
 - `verification` (List of Object) Configuration settings for verification. (see [below for nested schema](#nestedatt--verification))

@@ -0,0 +1,88 @@
+---
+page_title: "Data Source: auth0_custom_domains"
+description: |-
+  Data source to retrieve multiple custom domains based on a search query.
+---
+
+# Data Source: auth0_custom_domains
+
+Data source to retrieve multiple custom domains based on a search query.
+
+## Example Usage
+
+```terraform
+resource "auth0_custom_domain" "my_custom_domain_1" {
+  domain     = "example1.auth.tempdomain.com"
+  type       = "auth0_managed_certs"
+  tls_policy = "recommended"
+  domain_metadata = {
+    key1 : "foo1"
+    key2 : "bar1"
+  }
+}
+
+resource "auth0_custom_domain" "my_custom_domain_2" {
+  domain     = "example2.auth.tempdomain.com"
+  type       = "auth0_managed_certs"
+  tls_policy = "recommended"
+  domain_metadata = {
+    key1 : "foo2"
+    key2 : "bar2"
+  }
+}
+
+data "auth0_custom_domains" "test" {
+  q = "domain:example1* AND status:pending_verification"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Optional
+
+- `q` (String) Search query string to filter custom domains.
+
+### Read-Only
+
+- `custom_domains` (List of Object) List of custom domains matching the search criteria. (see [below for nested schema](#nestedatt--custom_domains))
+- `id` (String) The ID of this resource.
+
+<a id="nestedatt--custom_domains"></a>
+### Nested Schema for `custom_domains`
+
+Read-Only:
+
+- `certificate` (List of Object) (see [below for nested schema](#nestedobjatt--custom_domains--certificate))
+- `custom_client_ip_header` (String)
+- `domain` (String)
+- `domain_metadata` (Map of String)
+- `origin_domain_name` (String)
+- `primary` (Boolean)
+- `status` (String)
+- `tls_policy` (String)
+- `type` (String)
+- `verification` (List of Object) (see [below for nested schema](#nestedobjatt--custom_domains--verification))
+
+<a id="nestedobjatt--custom_domains--certificate"></a>
+### Nested Schema for `custom_domains.certificate`
+
+Read-Only:
+
+- `certificate_authority` (String)
+- `error_msg` (String)
+- `renews_before` (String)
+- `status` (String)
+
+
+<a id="nestedobjatt--custom_domains--verification"></a>
+### Nested Schema for `custom_domains.verification`
+
+Read-Only:
+
+- `error_msg` (String)
+- `last_verified_at` (String)
+- `methods` (List of Map of String)
+- `status` (String)
+
+
@@ -42,7 +42,7 @@ resource "auth0_custom_domain" "my_custom_domain" {
 - `id` (String) The ID of this resource.
 - `origin_domain_name` (String) Once the configuration status is `ready`, the DNS name of the Auth0 origin server that handles traffic for the custom domain.
 - `primary` (Boolean, Deprecated) Indicates whether this is a primary domain.
-- `status` (String) Configuration status for the custom domain. Options include `disabled`, `pending`, `pending_verification`, and `ready`.
+- `status` (String) Configuration status for the custom domain. Options include `disabled`, `pending`, `pending_verification`, `ready` and `failed`.
 - `verification` (List of Object) Configuration settings for verification. (see [below for nested schema](#nestedatt--verification))
 
 <a id="nestedatt--certificate"></a>

@@ -0,0 +1,23 @@
+resource "auth0_custom_domain" "my_custom_domain_1" {
+  domain     = "example1.auth.tempdomain.com"
+  type       = "auth0_managed_certs"
+  tls_policy = "recommended"
+  domain_metadata = {
+    key1 : "foo1"
+    key2 : "bar1"
+  }
+}
+
+resource "auth0_custom_domain" "my_custom_domain_2" {
+  domain     = "example2.auth.tempdomain.com"
+  type       = "auth0_managed_certs"
+  tls_policy = "recommended"
+  domain_metadata = {
+    key1 : "foo2"
+    key2 : "bar2"
+  }
+}
+
+data "auth0_custom_domains" "test" {
+  q = "domain:example1* AND status:pending_verification"
+}
@@ -58,6 +58,6 @@ func readCustomDomainForDataSource(ctx context.Context, data *schema.ResourceDat
 		data.SetId(customDomain.GetID())
 		return diag.FromErr(flattenCustomDomain(data, customDomain))
 	default:
-		return diag.FromErr(errors.New("multiple custom domains found, please specify custom_domain_id"))
+		return diag.FromErr(errors.New("multiple custom domains found, please specify custom_domain_id or use auth0_custom_domains data-source"))
 	}
 }
@@ -0,0 +1,77 @@
+package customdomain
+
+import (
+	"context"
+
+	"github.com/auth0/go-auth0/management"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+
+	"github.com/auth0/terraform-provider-auth0/internal/config"
+	internalSchema "github.com/auth0/terraform-provider-auth0/internal/schema"
+)
+
+// NewCustomDomainsDataSource returns a new auth0_custom_domains data source that allows
+// listing custom domains by query filter.
+func NewCustomDomainsDataSource() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: readCustomDomainsForDataSource,
+		Description: "Data source to retrieve multiple custom domains based on a search query.",
+		Schema: map[string]*schema.Schema{
+			"q": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Search query string to filter custom domains.",
+			},
+			"custom_domains": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "List of custom domains matching the search criteria.",
+				Elem: &schema.Resource{
+					Schema: internalSchema.TransformResourceToDataSource(NewResource().Schema),
+				},
+			},
+		},
+	}
+}
+
+func readCustomDomainsForDataSource(ctx context.Context, data *schema.ResourceData, meta interface{}) diag.Diagnostics {
+	api := meta.(*config.Config).GetAPI()
+	q := data.Get("q").(string)
+
+	var customDomains []*management.CustomDomain
+	var from string
+	options := []management.RequestOption{
+		management.Take(100),
+	}
+
+	if q != "" {
+		options = append(options, management.Parameter("q", q))
+	}
+
+	for {
+		if from != "" {
+			options = append(options, management.From(from))
+		}
+
+		customDomainList, err := api.CustomDomain.ListWithPagination(ctx, options...)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+
+		customDomains = append(customDomains, customDomainList.CustomDomains...)
+
+		if !customDomainList.HasNext() {
+			break
+		}
+		from = customDomainList.Next
+	}
+
+	data.SetId("custom-domains")
+	if err := flattenCustomDomainList(data, customDomains); err != nil {
+		return diag.FromErr(err)
+	}
+
+	return nil
+}
@@ -0,0 +1,86 @@
+package customdomain_test
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+
+	"github.com/auth0/terraform-provider-auth0/internal/acctest"
+)
+
+const testAccCustomDomainFirst = `
+resource "auth0_custom_domain" "my_custom_domain1" {
+  domain = "authninja1.auth.tempdomain.com"
+  type   = "self_managed_certs"
+}
+`
+
+const testAccCustomDomainSecond = testAccCustomDomainFirst + `
+resource "auth0_custom_domain" "my_custom_domain2" {
+  domain = "authninja2.auth.tempdomain.com"
+  type   = "self_managed_certs"
+}
+`
+
+const testAccCustomDomainThird = testAccCustomDomainSecond + `
+resource "auth0_custom_domain" "my_custom_domain3" {
+  domain = "beacon.auth.tempdomain.com"
+  type   = "self_managed_certs"
+}
+`
+
+const testAccDataSourceCustomDomainsFilter1 = `
+data "auth0_custom_domains" "filtered" {
+  q = "domain:authninja*"
+}
+`
+
+const testAccDataSourceCustomDomainsFilter2 = `
+data "auth0_custom_domains" "filtered" {
+  q = "domain:beacon*"
+}
+`
+
+func TestAccDataSourceCustomDomains(t *testing.T) {
+	acctest.Test(t, resource.TestCase{
+		Steps: []resource.TestStep{
+			{
+				// We had to split this into two separate posts to work around an issue
+				// in the test recording library. We need to add X-Request-Id header to the POST requests
+				// to fix this, and make sure that go-vcr uses that to match requests.
+				Config: acctest.ParseTestName(testAccCustomDomainFirst, t.Name()),
+			},
+			{
+				Config: acctest.ParseTestName(testAccCustomDomainSecond, t.Name()),
+			},
+			{
+				Config: testAccCustomDomainThird + testAccDataSourceCustomDomainsFilter1,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.auth0_custom_domains.filtered", "q", "domain:authninja*"),
+					resource.TestCheckResourceAttr("data.auth0_custom_domains.filtered", "custom_domains.#", "2"),
+
+					resource.TestCheckTypeSetElemNestedAttrs("data.auth0_custom_domains.filtered", "custom_domains.*", map[string]string{
+						"type":   "self_managed_certs",
+						"status": "pending_verification",
+					}),
+				),
+			},
+			{
+				Config: testAccCustomDomainThird + testAccDataSourceCustomDomainsFilter2,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("data.auth0_custom_domains.filtered", "q", "domain:beacon*"),
+					resource.TestCheckResourceAttr("data.auth0_custom_domains.filtered", "custom_domains.#", "1"),
+
+					resource.TestCheckTypeSetElemNestedAttrs("data.auth0_custom_domains.filtered", "custom_domains.*", map[string]string{
+						"type":   "self_managed_certs",
+						"status": "pending_verification",
+					}),
+
+					resource.TestCheckTypeSetElemNestedAttrs("data.auth0_custom_domains.filtered", "custom_domains.*", map[string]string{
+						"domain": "beacon.auth.tempdomain.com",
+					}),
+				),
+			},
+		},
+	})
+}
@@ -7,6 +7,10 @@ import (
 )
 
 func flattenCustomDomain(data *schema.ResourceData, customDomain *management.CustomDomain) error {
+	if customDomain == nil {
+		return nil
+	}
+
 	result := multierror.Append(
 		data.Set("domain", customDomain.GetDomain()),
 		data.Set("type", customDomain.GetType()),
@@ -19,6 +23,7 @@ func flattenCustomDomain(data *schema.ResourceData, customDomain *management.Cus
 		data.Set("domain_metadata", customDomain.GetDomainMetadata()),
 		data.Set("certificate", flattenCustomDomainCertificates(customDomain.GetCertificate())),
 	)
+
 	return result.ErrorOrNil()
 }
 
@@ -60,3 +65,33 @@ func flattenCustomDomainVerification(data *schema.ResourceData, customDomain *ma
 
 	return result.ErrorOrNil()
 }
+
+func flattenCustomDomainList(data *schema.ResourceData, customDomains []*management.CustomDomain) error {
+	if customDomains == nil {
+		return data.Set("custom_domains", make([]map[string]interface{}, 0))
+	}
+
+	list := make([]map[string]interface{}, 0, len(customDomains))
+	for _, domain := range customDomains {
+		if domain == nil {
+			continue
+		}
+
+		entry := map[string]interface{}{
+			"domain":                  domain.GetDomain(),
+			"type":                    domain.GetType(),
+			"primary":                 domain.GetPrimary(),
+			"status":                  domain.GetStatus(),
+			"origin_domain_name":      domain.GetOriginDomainName(),
+			"custom_client_ip_header": domain.GetCustomClientIPHeader(),
+			"tls_policy":              domain.GetTLSPolicy(),
+			"verification":            flattenCustomDomainVerificationMethods(domain.GetVerification()),
+			"domain_metadata":         domain.GetDomainMetadata(),
+			"certificate":             flattenCustomDomainCertificates(domain.GetCertificate()),
+		}
+
+		list = append(list, entry)
+	}
+
+	return data.Set("custom_domains", list)
+}
@@ -51,7 +51,7 @@ func NewResource() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 				Description: "Configuration status for the custom domain. " +
-					"Options include `disabled`, `pending`, `pending_verification`, and `ready`. ",
+					"Options include `disabled`, `pending`, `pending_verification`, `ready` and `failed`. ",
 			},
 			"origin_domain_name": {
 				Type:     schema.TypeString,

@@ -230,6 +230,7 @@ func New() *schema.Provider {
 			"auth0_connection_keys":               connection.NewKeysDataSource(),
 			"auth0_connection_scim_configuration": connection.NewSCIMConfigurationDataSource(),
 			"auth0_custom_domain":                 customdomain.NewDataSource(),
+			"auth0_custom_domains":                customdomain.NewCustomDomainsDataSource(),
 			"auth0_event_stream":                  eventstream.NewDataSource(),
 			"auth0_flow":                          flow.NewDataSource(),
 			"auth0_flow_vault_connection":         flow.NewVaultConnectionDataSource(),