New client not added to connection's enabled_clients when created in the same deploy

[raihans8379]

Checklist

• I have looked into the README and have not found a suitable solution or answer.
• I have looked into the documentation and have not found a suitable solution or answer.
• I have searched the issues and have not found a suitable solution or answer.
• I have upgraded to the latest version of this tool and the issue still persists.
• I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• I agree to the terms within the Auth0 Code of Conduct.

Description

Description:

Since 8.10.0 when a deploy creates a brand new client AND adds that client's name to a connection's enabled_clients list in the same import run, the client gets created but is not enabled on the connection.

Why this happens:

The deploy-cli processes resources in a fixed order. Since v8.10.0, enabled_clients on connections/databases are managed via dedicated endpoints (PATCH /api/v2/connections/{id}/clients) instead of the legacy enabled_clients field on the connection PATCH payload.
The connection handler resolves client names to client IDs when building the list of clients to enable. If a client was just created earlier in the same deploy run, it seems like the connection handler either:

1. Uses a stale cache of clients fetched at the start of the run (before the new client existed), or
2. Processes connections before clients are fully registered

Either way, the new client's name can't be resolved to a client ID, so it gets silently skipped.

Workaround:

Deploy twice. The second run picks up the client that was created in the first run and enables it on the connection.
Version: 8.29.3 (also likely affects 8.10.0+ since that's when the dedicated endpoints were introduced)

Expectation

Deploy the new client and name it under enabled_clients once. The new client should be created and also enabled in database.json. Prior to 8.10.0, this is how it worked.

Reproduction

1. Add a new client JSON file (e.g. clients/my-new-app.json)
2. Add "My New App" to enabled_clients in a connection or database (e.g. database-connections/Username-Password-Authentication/database.json)
3. Run a0deploy import
4. The client is created, but it is NOT enabled on the connection
5. Run a0deploy import a second time -- now it works because the client already exists

Deploy CLI version

8.29.0

Node version

20

[ankita10119]

Hi @raihans8379
Thanks for reporting this! I'll look into it and provide an update as soon as I have one.

[ankita10119]

Hi @raihans8379
I investigated and wasn't able to reproduce this on my tenant. Client was enabled on the connection on the first deploy run. This suggests the issue may be environment-specific, likely related to a brief propagation delay on Auth0's side before a just-created client appears in GET /clients list responses.

Before I dig further, could you help narrow it down:

1. Are you still seeing this on the latest version (v8.30.0)?
2. Can you confirm the client name in your clients: section exactly matches the name used in enabled_clients:? (A subtle mismatch would cause silent failure with a similar symptom.)
3. Is this consistently reproducible on your tenant or intermittent?