Feature/session transfer (#1180)

nelsonmaia · ramya18101 · duedares-rvj · web-flow · commit 4754db480b86 · 2025-05-05T18:25:32.000+05:30
* adding support for Native to Web SSO - Session Transfer

* adding support for Native to Web SSO - Session Transfer

* Refactor managing apps session transfer

* Add integration test and handle nil check

* updated go.mod

* minor fix

---------

Co-authored-by: ramya18101 &lt;anusriankisetty@gmail.com&gt;
Co-authored-by: Rajat Bajaj &lt;rajat.bajaj@okta.com&gt;
Co-authored-by: Rajat Bajaj &lt;duedares@gmail.com&gt;
diff --git a/docs/auth0_apps.md b/docs/auth0_apps.md
@@ -13,6 +13,7 @@ The term application or app in Auth0 does not imply any particular implementatio
 - [auth0 apps delete](auth0_apps_delete.md) - Delete an application
 - [auth0 apps list](auth0_apps_list.md) - List your applications
 - [auth0 apps open](auth0_apps_open.md) - Open the settings page of an application
+- [auth0 apps session-transfer](auth0_apps_session-transfer.md) - Manage session transfer settings for an application
 - [auth0 apps show](auth0_apps_show.md) - Show an application
 - [auth0 apps update](auth0_apps_update.md) - Update an application
 - [auth0 apps use](auth0_apps_use.md) - Choose a default application for the Auth0 CLI
diff --git a/docs/auth0_apps_create.md b/docs/auth0_apps_create.md
@@ -70,6 +70,7 @@ auth0 apps create [flags]
 - [auth0 apps delete](auth0_apps_delete.md) - Delete an application
 - [auth0 apps list](auth0_apps_list.md) - List your applications
 - [auth0 apps open](auth0_apps_open.md) - Open the settings page of an application
+- [auth0 apps session-transfer](auth0_apps_session-transfer.md) - Manage session transfer settings for an application
 - [auth0 apps show](auth0_apps_show.md) - Show an application
 - [auth0 apps update](auth0_apps_update.md) - Update an application
 - [auth0 apps use](auth0_apps_use.md) - Choose a default application for the Auth0 CLI
diff --git a/docs/auth0_apps_delete.md b/docs/auth0_apps_delete.md
@@ -51,6 +51,7 @@ auth0 apps delete [flags]
 - [auth0 apps delete](auth0_apps_delete.md) - Delete an application
 - [auth0 apps list](auth0_apps_list.md) - List your applications
 - [auth0 apps open](auth0_apps_open.md) - Open the settings page of an application
+- [auth0 apps session-transfer](auth0_apps_session-transfer.md) - Manage session transfer settings for an application
 - [auth0 apps show](auth0_apps_show.md) - Show an application
 - [auth0 apps update](auth0_apps_update.md) - Update an application
 - [auth0 apps use](auth0_apps_use.md) - Choose a default application for the Auth0 CLI
diff --git a/docs/auth0_apps_list.md b/docs/auth0_apps_list.md
@@ -50,6 +50,7 @@ auth0 apps list [flags]
 - [auth0 apps delete](auth0_apps_delete.md) - Delete an application
 - [auth0 apps list](auth0_apps_list.md) - List your applications
 - [auth0 apps open](auth0_apps_open.md) - Open the settings page of an application
+- [auth0 apps session-transfer](auth0_apps_session-transfer.md) - Manage session transfer settings for an application
 - [auth0 apps show](auth0_apps_show.md) - Show an application
 - [auth0 apps update](auth0_apps_update.md) - Update an application
 - [auth0 apps use](auth0_apps_use.md) - Choose a default application for the Auth0 CLI
diff --git a/docs/auth0_apps_open.md b/docs/auth0_apps_open.md
@@ -38,6 +38,7 @@ auth0 apps open [flags]
 - [auth0 apps delete](auth0_apps_delete.md) - Delete an application
 - [auth0 apps list](auth0_apps_list.md) - List your applications
 - [auth0 apps open](auth0_apps_open.md) - Open the settings page of an application
+- [auth0 apps session-transfer](auth0_apps_session-transfer.md) - Manage session transfer settings for an application
 - [auth0 apps show](auth0_apps_show.md) - Show an application
 - [auth0 apps update](auth0_apps_update.md) - Update an application
 - [auth0 apps use](auth0_apps_use.md) - Choose a default application for the Auth0 CLI
diff --git a/docs/auth0_apps_session-transfer.md b/docs/auth0_apps_session-transfer.md
@@ -0,0 +1,14 @@
+---
+layout: default
+has_toc: false
+has_children: true
+---
+# auth0 apps session-transfer
+
+
+
+## Commands
+
+- [auth0 apps session-transfer show](auth0_apps_session-transfer_show.md) - Show session transfer settings for an app
+- [auth0 apps session-transfer update](auth0_apps_session-transfer_update.md) - Update session transfer settings for an app
+
diff --git a/docs/auth0_apps_session-transfer_show.md b/docs/auth0_apps_session-transfer_show.md
@@ -0,0 +1,46 @@
+---
+layout: default
+parent: auth0 apps session-transfer
+has_toc: false
+---
+# auth0 apps session-transfer show
+
+
+
+## Usage
+```
+auth0 apps session-transfer show [flags]
+```
+
+## Examples
+
+```
+auth0 apps session-transfer show
+  auth0 apps session-transfer show <app-id>
+  auth0 apps session-transfer show <app-id> --json
+```
+
+
+## Flags
+
+```
+      --json   Output in json format.
+```
+
+
+## Inherited Flags
+
+```
+      --debug           Enable debug mode.
+      --no-color        Disable colors.
+      --no-input        Disable interactivity.
+      --tenant string   Specific tenant to use.
+```
+
+
+## Related Commands
+
+- [auth0 apps session-transfer show](auth0_apps_session-transfer_show.md) - Show session transfer settings for an app
+- [auth0 apps session-transfer update](auth0_apps_session-transfer_update.md) - Update session transfer settings for an app
+
+
diff --git a/docs/auth0_apps_session-transfer_update.md b/docs/auth0_apps_session-transfer_update.md
@@ -0,0 +1,50 @@
+---
+layout: default
+parent: auth0 apps session-transfer
+has_toc: false
+---
+# auth0 apps session-transfer update
+
+
+
+## Usage
+```
+auth0 apps session-transfer update [flags]
+```
+
+## Examples
+
+```
+ auth0 apps session-transfer update 
+  auth0 apps session-transfer update <app-id>
+  auth0 apps session-transfer update <app-id> --can-create-token --json
+  auth0 apps session-transfer update <app-id> --can-create-token=true --allowed-auth-methods=cookie,query --enforce-device-binding=ip
+```
+
+
+## Flags
+
+```
+  -m, --allowed-auth-methods strings    Comma-separated list of authentication methods (e.g., cookie, query).
+  -t, --can-create-token                Allow creation of session transfer tokens.
+  -e, --enforce-device-binding string   Device binding enforcement: 'none', 'ip', or 'asn'.
+      --json                            Output in json format.
+```
+
+
+## Inherited Flags
+
+```
+      --debug           Enable debug mode.
+      --no-color        Disable colors.
+      --no-input        Disable interactivity.
+      --tenant string   Specific tenant to use.
+```
+
+
+## Related Commands
+
+- [auth0 apps session-transfer show](auth0_apps_session-transfer_show.md) - Show session transfer settings for an app
+- [auth0 apps session-transfer update](auth0_apps_session-transfer_update.md) - Update session transfer settings for an app
+
+
diff --git a/docs/auth0_apps_show.md b/docs/auth0_apps_show.md
@@ -46,6 +46,7 @@ auth0 apps show [flags]
 - [auth0 apps delete](auth0_apps_delete.md) - Delete an application
 - [auth0 apps list](auth0_apps_list.md) - List your applications
 - [auth0 apps open](auth0_apps_open.md) - Open the settings page of an application
+- [auth0 apps session-transfer](auth0_apps_session-transfer.md) - Manage session transfer settings for an application
 - [auth0 apps show](auth0_apps_show.md) - Show an application
 - [auth0 apps update](auth0_apps_update.md) - Update an application
 - [auth0 apps use](auth0_apps_use.md) - Choose a default application for the Auth0 CLI
diff --git a/docs/auth0_apps_update.md b/docs/auth0_apps_update.md
@@ -70,6 +70,7 @@ auth0 apps update [flags]
 - [auth0 apps delete](auth0_apps_delete.md) - Delete an application
 - [auth0 apps list](auth0_apps_list.md) - List your applications
 - [auth0 apps open](auth0_apps_open.md) - Open the settings page of an application
+- [auth0 apps session-transfer](auth0_apps_session-transfer.md) - Manage session transfer settings for an application
 - [auth0 apps show](auth0_apps_show.md) - Show an application
 - [auth0 apps update](auth0_apps_update.md) - Update an application
 - [auth0 apps use](auth0_apps_use.md) - Choose a default application for the Auth0 CLI
diff --git a/docs/auth0_apps_use.md b/docs/auth0_apps_use.md
@@ -44,6 +44,7 @@ auth0 apps use [flags]
 - [auth0 apps delete](auth0_apps_delete.md) - Delete an application
 - [auth0 apps list](auth0_apps_list.md) - List your applications
 - [auth0 apps open](auth0_apps_open.md) - Open the settings page of an application
+- [auth0 apps session-transfer](auth0_apps_session-transfer.md) - Manage session transfer settings for an application
 - [auth0 apps show](auth0_apps_show.md) - Show an application
 - [auth0 apps update](auth0_apps_update.md) - Update an application
 - [auth0 apps use](auth0_apps_use.md) - Choose a default application for the Auth0 CLI
diff --git a/internal/cli/apps.go b/internal/cli/apps.go
@@ -135,6 +135,27 @@ var (
 		ShortForm: "n",
 		Help:      "Number of apps to retrieve. Minimum 1, maximum 1000.",
 	}
+	appSTCanCreateToken = Flag{
+		Name:         "Can Create Token",
+		LongForm:     "can-create-token",
+		ShortForm:    "t",
+		Help:         "Allow creation of session transfer tokens.",
+		AlwaysPrompt: true,
+	}
+	appSTAllowedAuthMethods = Flag{
+		Name:         "Allowed Auth Methods",
+		LongForm:     "allowed-auth-methods",
+		ShortForm:    "m",
+		Help:         "Comma-separated list of authentication methods (e.g., cookie, query).",
+		AlwaysPrompt: true,
+	}
+	appSTEnforceDeviceBinding = Flag{
+		Name:         "Enforce Device Binding",
+		LongForm:     "enforce-device-binding",
+		ShortForm:    "e",
+		Help:         "Device binding enforcement: 'none', 'ip', or 'asn'.",
+		AlwaysPrompt: true,
+	}
 	refreshToken = Flag{
 		Name:      "Refresh Token",
 		LongForm:  "refresh-token",
@@ -161,6 +182,7 @@ func appsCmd(cli *cli) *cobra.Command {
 	cmd.AddCommand(updateAppCmd(cli))
 	cmd.AddCommand(deleteAppCmd(cli))
 	cmd.AddCommand(openAppCmd(cli))
+	cmd.AddCommand(appsSessionTransferCmd(cli))
 
 	return cmd
 }
@@ -969,3 +991,159 @@ func (c *cli) appPickerOptions(requestOpts ...management.RequestOption) pickerOp
 		return append(priorityOpts, opts...), nil
 	}
 }
+
+// Session Transfer.
+func appsSessionTransferCmd(cli *cli) *cobra.Command {
+	cmd := &cobra.Command{
+		Use:   "session-transfer",
+		Short: "Manage session transfer settings for an application",
+	}
+
+	cmd.SetUsageTemplate(resourceUsageTemplate())
+	cmd.AddCommand(appsSessionTransferShowCmd(cli))
+	cmd.AddCommand(appsSessionTransferUpdateCmd(cli))
+
+	return cmd
+}
+
+func appsSessionTransferShowCmd(cli *cli) *cobra.Command {
+	var inputs struct {
+		ID string
+	}
+
+	cmd := &cobra.Command{
+		Use:   "show",
+		Args:  cobra.MaximumNArgs(1),
+		Short: "Show session transfer settings for an app",
+		Example: `auth0 apps session-transfer show
+  auth0 apps session-transfer show <app-id>
+  auth0 apps session-transfer show <app-id> --json`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) == 0 {
+				err := appID.Pick(cmd, &inputs.ID, cli.appPickerOptions())
+				if err != nil {
+					return err
+				}
+			} else {
+				inputs.ID = args[0]
+			}
+
+			var client *management.Client
+			if err := ansi.Waiting(func() error {
+				var err error
+				client, err = cli.api.Client.Read(cmd.Context(), inputs.ID)
+				return err
+			}); err != nil {
+				return fmt.Errorf("failed to read application: %w", err)
+			}
+
+			if client.SessionTransfer == nil {
+				cli.renderer.Infof("No session transfer settings configured for app %s", ansi.Faint(inputs.ID))
+				return nil
+			}
+
+			cli.renderer.SessionTransferShow(client)
+
+			return nil
+		},
+	}
+
+	cmd.Flags().BoolVar(&cli.json, "json", false, "Output in json format.")
+	return cmd
+}
+
+func appsSessionTransferUpdateCmd(cli *cli) *cobra.Command {
+	var inputs struct {
+		ID                   string
+		CanCreateToken       bool
+		AllowedAuthMethods   []string
+		EnforceDeviceBinding string
+	}
+
+	cmd := &cobra.Command{
+		Use:   "update",
+		Args:  cobra.MaximumNArgs(1),
+		Short: "Update session transfer settings for an app",
+		Example: ` auth0 apps session-transfer update 
+  auth0 apps session-transfer update <app-id>
+  auth0 apps session-transfer update <app-id> --can-create-token --json
+  auth0 apps session-transfer update <app-id> --can-create-token=true --allowed-auth-methods=cookie,query --enforce-device-binding=ip`,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) == 0 {
+				err := appID.Pick(cmd, &inputs.ID, cli.appPickerOptions())
+				if err != nil {
+					return err
+				}
+			} else {
+				inputs.ID = args[0]
+			}
+
+			var (
+				current *management.Client
+				st      management.SessionTransfer
+			)
+
+			if err := ansi.Waiting(func() (err error) {
+				current, err = cli.api.Client.Read(cmd.Context(), inputs.ID)
+				return err
+			}); err != nil {
+				return fmt.Errorf("failed to find application with ID %q: %w", inputs.ID, err)
+			}
+
+			if current.SessionTransfer == nil {
+				current.SessionTransfer = &management.SessionTransfer{
+					CanCreateSessionTransferToken: auth0.Bool(false),
+					AllowedAuthenticationMethods:  &[]string{},
+					EnforceDeviceBinding:          auth0.String("ip"),
+				}
+			}
+
+			if err := appSTCanCreateToken.AskBoolU(cmd, &inputs.CanCreateToken, current.SessionTransfer.CanCreateSessionTransferToken); err != nil {
+				return err
+			}
+
+			defaultVal := stringSliceToCommaSeparatedString(current.SessionTransfer.GetAllowedAuthenticationMethods())
+			if err := appSTAllowedAuthMethods.AskManyU(cmd, &inputs.AllowedAuthMethods, &defaultVal); err != nil {
+				return err
+			}
+
+			if err := appSTEnforceDeviceBinding.SelectU(cmd, &inputs.EnforceDeviceBinding, []string{"none", "ip", "asn"}, current.SessionTransfer.EnforceDeviceBinding); err != nil {
+				return err
+			}
+
+			// Set the flag if it was supplied or entered by the prompt.
+			if appSTCanCreateToken.IsSet(cmd) || shouldPromptWhenNoLocalFlagsSet(cmd) {
+				st.CanCreateSessionTransferToken = &inputs.CanCreateToken
+			}
+
+			if len(inputs.AllowedAuthMethods) > 0 {
+				st.AllowedAuthenticationMethods = &inputs.AllowedAuthMethods
+			}
+
+			if inputs.EnforceDeviceBinding != "" {
+				st.EnforceDeviceBinding = &inputs.EnforceDeviceBinding
+			} else {
+				st.EnforceDeviceBinding = current.SessionTransfer.EnforceDeviceBinding
+			}
+
+			// Send update request.
+			clientST := &management.Client{SessionTransfer: &st}
+			if err := ansi.Waiting(func() error {
+				return cli.api.Client.Update(cmd.Context(), inputs.ID, clientST)
+			}); err != nil {
+				return fmt.Errorf("failed to update session transfer: %w", err)
+			}
+
+			cli.renderer.SessionTransferUpdate(clientST, inputs.ID)
+			return nil
+		},
+	}
+	cmd.Flags().BoolVar(&cli.json, "json", false, "Output in json format.")
+
+	// Register CLI flags.
+	appSTCanCreateToken.RegisterBoolU(cmd, &inputs.CanCreateToken, false)
+	appSTAllowedAuthMethods.RegisterStringSliceU(cmd, &inputs.AllowedAuthMethods, nil)
+	appSTEnforceDeviceBinding.RegisterStringU(cmd, &inputs.EnforceDeviceBinding, "")
+
+	return cmd
+}
diff --git a/internal/display/apps_session_transfer.go b/internal/display/apps_session_transfer.go
diff --git a/test/integration/apps-test-cases.yaml b/test/integration/apps-test-cases.yaml
