AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS does not take into account Client Grants

[rybon]

Checklist

• I have looked into the README and have not found a suitable solution or answer.
• I have looked into the documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have upgraded to the latest version of this tool and the issue still persists.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS was added recently to ensure AUTH0_ALLOW_DELETE=true does not accidentally delete third-party clients. However, it appears the client grants associated with those third-party clients still get deleted when using AUTH0_ALLOW_DELETE=true

Expectation

AUTH0_EXCLUDE_THIRD_PARTY_CLIENTS should ensure third-party clients and their associated client grants are not affected

Reproduction

• Create a third-party client in the UI and grant it access to an API
• Run the CLI with both flags enabled

The third-party client should still be there, however its grant is gone

Deploy CLI version

8.25.0

Node version

22

[kushalshit27]

Thank you for reporting this issue! Our team is currently investigating the issue.