Announcing the Distilled Auth0 SDK
Administer Auth0 tenants, users, clients, connections, organizations, and logs through Effect.
Identity administration is both automation-friendly and security-sensitive. Provisioning users, inspecting clients, rotating configuration, and investigating logs all benefit from a boundary that treats credentials and failures deliberately. @kevinmichaelchen/distilled-auth0 brings 451 Auth0 Management API operations into Effect.
Auth0, at a glance
Auth0 is an identity platform for authentication and authorization. The Management API v2 lets trusted backends perform administrative work across users, clients, connections, organizations, roles, permissions, logs, actions, branding, and tenant configuration. Auth0’s official Node client lives at auth0/node-auth0.
Auth0
Management API
Official Node SDK
Distilled implementation
Why Effect and Distilled?
Identity-management failures should not disappear into generic exceptions. Distilled maps known Auth0 statuses, validates supported schemas, redacts Management API tokens and sensitive response fields, and exposes retry behavior. Effect lets a provisioning workflow compose those failures with timeouts, backoff, tracing, concurrency limits, and compensating logic.
Configuration is a layer rather than a hidden singleton. Tests can replace the tenant credentials or HTTP client, and production programs can share one explicit dependency graph.
How we made the SDK
Mirror Auth0's official OpenAPI
Generate the administrative surface
Respect the complexity guard
Add tenant-aware runtime policy
https://<tenant>/api/v2, injects bearer authentication, redacts secrets, and decodes Auth0 errors.Code Examples
Set AUTH0_DOMAIN and AUTH0_MANAGEMENT_TOKEN, then install:
npm install @kevinmichaelchen/distilled-auth0 effectpnpm add @kevinmichaelchen/distilled-auth0 effectbun add @kevinmichaelchen/distilled-auth0 effectimport * as Effect from "effect/Effect";
import * as Layer from "effect/Layer";
import * as Redacted from "effect/Redacted";
import * as FetchHttpClient from "effect/unstable/http/FetchHttpClient";
import {
CredentialsFromEnv,
getLogs,
getUsers,
postUsers,
} from "@kevinmichaelchen/distilled-auth0";
const Auth0Live = Layer.mergeAll(FetchHttpClient.layer, CredentialsFromEnv);
Search for blocked users
Find accounts that need security or support follow-up while requesting only the fields the workflow consumes.
const blockedUsers = getUsers({
q: "blocked:true",
search_engine: "v3",
fields: "user_id,email,blocked,last_login",
include_fields: true,
per_page: 50,
});
const findBlockedUsers = blockedUsers.pipe(Effect.provide(Auth0Live));
Provision a database user
Create an account in a database connection while keeping the initial password redacted in Effect logs and diagnostics.
const provisionDatabaseUser = postUsers({
connection: "Username-Password-Authentication",
email: "new.user@example.com",
password: Redacted.make("replace-with-a-generated-secret"),
verify_email: true,
}).pipe(Effect.provide(Auth0Live));
Inspect recent tenant errors
Pull recent failure events for an operational dashboard or incident workflow.
const inspectRecentTenantErrors = getLogs({
search: "type:f OR type:fe OR type:fu",
sort: "date:-1",
per_page: 100,
include_totals: true,
}).pipe(Effect.provide(Auth0Live));
From the same runtime you can manage roles and permissions, configure connections, administer organizations, and revoke sessions or refresh tokens.
Available now
Read the Auth0 SDK guide, inspect the implementation, browse the spec mirror, or install @kevinmichaelchen/distilled-auth0.