auth0 · bkiran6398 · Feb 27, 2026 · Feb 16, 2026 · Feb 16, 2026 · Feb 16, 2026
@@ -7,7 +7,7 @@ require (
 	github.com/PuerkitoBio/rehttp v1.4.0
 	github.com/atotto/clipboard v0.1.4
 	github.com/auth0/go-auth0 v1.34.0
-	github.com/auth0/go-auth0/v2 v2.5.0
+	github.com/auth0/go-auth0/v2 v2.6.0
 	github.com/briandowns/spinner v1.23.2
 	github.com/charmbracelet/glamour v0.10.0
 	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e

@@ -22,10 +22,10 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew
 github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
 github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4=
 github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI=
-github.com/auth0/go-auth0/v2 v2.5.0 h1:IBfiYGsqFwOu4hsxV1JDtB6+ayRinybUIUCU/fRBE8Y=
-github.com/auth0/go-auth0/v2 v2.5.0/go.mod h1:XVRck9fw1EIw1z4guYcbKFGmElnexb+xOvQ/0U1hHd0=
 github.com/auth0/go-auth0 v1.34.0 h1:5rtel4yYbYp+NYlVf3ryxSRaDHWxJubtVc+cqdLMa7o=
 github.com/auth0/go-auth0 v1.34.0/go.mod h1:32sQB1uAn+99fJo6N819EniKq8h785p0ag0lMWhiTaE=
+github.com/auth0/go-auth0/v2 v2.6.0 h1:KCoLxTcH8qXPYbwKZxxFrL/6P+P+Zc58BQPL6w0Kt30=
+github.com/auth0/go-auth0/v2 v2.6.0/go.mod h1:XVRck9fw1EIw1z4guYcbKFGmElnexb+xOvQ/0U1hHd0=
 github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0 h1:0NmehRCgyk5rljDQLKUO+cRJCnduDyn11+zGZIc9Z48=
 github.com/aybabtme/iocontrol v0.0.0-20150809002002-ad15bcfc95a0/go.mod h1:6L7zgvqo0idzI7IO8de6ZC051AfXb5ipkIJ7bIA2tGA=
 github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
@@ -142,8 +142,8 @@ github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNU
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/lestrrat-go/blackmagic v1.0.4 h1:IwQibdnf8l2KoO+qC3uT4OaTWsW7tuRQXy9TRN9QanA=
@@ -214,8 +214,8 @@ github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJ
 github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
 github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
-github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
-github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/schollz/progressbar/v3 v3.19.0 h1:Ea18xuIRQXLAUidVDox3AbwfUhD0/1IvohyTutOIFoc=
 github.com/schollz/progressbar/v3 v3.19.0/go.mod h1:IsO3lpbaGuzh8zIMzgY3+J8l4C8GjO0Y9S69eFvNsec=

@@ -155,7 +155,9 @@ func updateBreachedPasswordDetectionCmdRun(
 		if err := bpdFlags.Enabled.AskBoolU(cmd, &inputs.Enabled, bpd.Enabled); err != nil {
 			return err
 		}
-		bpd.Enabled = &inputs.Enabled
+		if bpdFlags.Enabled.IsSet(cmd) || noLocalFlagSet(cmd) {
+			bpd.Enabled = &inputs.Enabled
+		}
 
 		shieldsString := strings.Join(bpd.GetShields(), ",")
 		if err := bpdFlags.Shields.AskManyU(cmd, &inputs.Shields, &shieldsString); err != nil {

@@ -166,7 +166,9 @@ func updateBruteForceDetectionCmdRun(
 		if err := bfpFlags.Enabled.AskBoolU(cmd, &inputs.Enabled, bfp.Enabled); err != nil {
 			return err
 		}
-		bfp.Enabled = &inputs.Enabled
+		if bfpFlags.Enabled.IsSet(cmd) || noLocalFlagSet(cmd) {
+			bfp.Enabled = &inputs.Enabled
+		}
 
 		shieldsString := strings.Join(bfp.GetShields(), ",")
 		if err := bfpFlags.Shields.AskManyU(cmd, &inputs.Shields, &shieldsString); err != nil {

@@ -189,7 +189,9 @@ func updateSuspiciousIPThrottlingCmdRun(
 		if err := sitFlags.Enabled.AskBoolU(cmd, &inputs.Enabled, sit.Enabled); err != nil {
 			return err
 		}
-		sit.Enabled = &inputs.Enabled
+		if sitFlags.Enabled.IsSet(cmd) || noLocalFlagSet(cmd) {
+			sit.Enabled = &inputs.Enabled
+		}
 
 		shieldsString := strings.Join(sit.GetShields(), ",")
 		if err := sitFlags.Shields.AskManyU(cmd, &inputs.Shields, &shieldsString); err != nil {

@@ -356,7 +356,7 @@ func updateEmailProviderCmd(cli *cli) *cobra.Command {
 			}
 
 			// Set the flag if it was supplied or entered by the prompt.
-			if canPrompt(cmd) || emailProviderEnabled.IsSet(cmd) {
+			if emailProviderEnabled.IsSet(cmd) || noLocalFlagSet(cmd) {
 				emailProvider.Enabled = &inputs.enabled
 			}
 

@@ -253,10 +253,12 @@ func updateEmailTemplateCmd(cli *cli) *cobra.Command {
 
 			template := apiEmailTemplateFor(inputs.Template)
 			emailTemplate := &management.EmailTemplate{
-				Enabled:  &inputs.Enabled,
 				Template: &template,
 				Syntax:   oldTemplate.Syntax,
 			}
+			if emailTemplateEnabled.IsSet(cmd) || noLocalFlagSet(cmd) {
+				emailTemplate.Enabled = &inputs.Enabled
+			}
 			if inputs.Body != "" {
 				emailTemplate.Body = &inputs.Body
 			}

@@ -247,7 +247,9 @@ func updateLogStreamsSplunkCmd(cli *cli) *cobra.Command {
 			if inputs.splunkPort != "" {
 				splunkSink.Port = &inputs.splunkPort
 			}
-			splunkSink.Secure = &inputs.splunkVerifyTLS
+			if splunkVerifyTLS.IsSet(cmd) || noLocalFlagSet(cmd) {
+				splunkSink.Secure = &inputs.splunkVerifyTLS
+			}
 			updatedLogStream.Sink = splunkSink
 
 			if inputs.piiConfig != "{}" {

@@ -343,7 +343,7 @@ func updateBrandingPhoneProviderCmd(cli *cli) *cobra.Command {
 			}
 
 			// Set the flag if it was supplied or entered by the prompt.
-			if canPrompt(cmd) || phoneProviderDisabled.IsSet(cmd) {
+			if phoneProviderDisabled.IsSet(cmd) || noLocalFlagSet(cmd) {
 				phoneProvider.Disabled = &inputs.disabled
 			}
 

@@ -387,7 +387,9 @@ func updateRuleCmd(cli *cli) *cobra.Command {
 					}
 				}
 
-				updatedRule.Enabled = &inputs.Enabled
+				if ruleEnabled.IsSet(cmd) || noLocalFlagSet(cmd) {
+					updatedRule.Enabled = &inputs.Enabled
+				}
 				if inputs.Name != "" {
 					updatedRule.Name = &inputs.Name
 				}

@@ -300,25 +300,33 @@ tests:
         can_create_session_transfer_token: "true"
         allowed_authentication_methods: "[cookie query]"
         enforce_device_binding: asn
+
+  040 - it successfully updates only specified value of the application session-transfer without affecting can_create_session_transfer_token boolean value:
+    command: auth0 apps session-transfer update $(./test/integration/scripts/get-app-id.sh) --enforce-device-binding=ip --json
+    exit-code: 0
+    stdout:
+      json:
+        can_create_session_transfer_token: "true"
+        enforce_device_binding: ip
 
-  040 - it successfully renders the session-transfer of an application:
+  041 - it successfully renders the session-transfer of an application:
     command: auth0 apps session-transfer show $(./test/integration/scripts/get-app-id.sh)
     exit-code: 0
     stdout:
       contains:
         - CAN CREATE TOKEN  ✓
         - ALLOWED METHODS   cookie, query
-        - DEVICE BINDING    asn
+        - DEVICE BINDING    ip
 
-  041 - given a test app, it successfully deletes the app:
+  042 - given a test app, it successfully deletes the app:
     command: auth0 apps delete $(./test/integration/scripts/get-app-id.sh) --force
     exit-code: 0
 
-  042 - it successfully creates a resource server app with resource-server-identifier:
+  043 - it successfully creates a resource server app with resource-server-identifier:
     command: ./test/integration/scripts/get-resource-server-app-id.sh
     exit-code: 0
 
-  043 - it successfully creates a resource server app with resource-server-identifier and outputs in json:
+  044 - it successfully creates a resource server app with resource-server-identifier and outputs in json:
     command: auth0 apps show $(./test/integration/scripts/get-resource-server-app-id.sh) --json
     exit-code: 0
     stdout:
@@ -327,21 +335,21 @@ tests:
         app_type: resource_server
         resource_server_identifier: http://integration-test-api-newapi
 
-  044 - it shows resource server app with resource-server-identifier:
+  045 - it shows resource server app with resource-server-identifier:
     command: auth0 apps show $(./test/integration/scripts/get-resource-server-app-id.sh)
     exit-code: 0
     stdout:
       contains:
         - TYPE                        Resource Server
         - RESOURCE SERVER IDENTIFIER  http://integration-test-api-newapi
 
-  045 - it fails to update resource-server-identifier (immutable property):
+  046 - it fails to update resource-server-identifier (immutable property):
     command: auth0 apps update $(./test/integration/scripts/get-resource-server-app-id.sh) --resource-server-identifier http://new-api.localhost --json
     exit-code: 1
     stderr:
       contains:
         - "Unknown flag: --resource-server-identifier"
 
-  046 - given a resource server app, it successfully deletes the app:
+  047 - given a resource server app, it successfully deletes the app:
     command: auth0 apps delete $(./test/integration/scripts/get-resource-server-app-id.sh) --force
     exit-code: 0
@@ -55,37 +55,53 @@ tests:
     command: auth0 email provider update --enabled --default-from-address='admin@auth0.invalid'
     exit-code: 0
 
-  012 - it successfully shows the email provider:
+  012 - update only specified value without affecting the enabled boolean value:
+    command: auth0 email provider update --default-from-address='test@auth0.invalid'
+    exit-code: 0
+    stdout:
+      contains:
+        - ENABLED               ✓
+        - DEFAULT FROM ADDRESS  test@auth0.invalid
+
+  013 - it successfully shows the email provider:
     command: auth0 email provider show
     exit-code: 0
     stdout:
       contains:
         - PROVIDER              mandrill
         - ENABLED               ✓
-        - DEFAULT FROM ADDRESS  admin@auth0.invalid
+        - DEFAULT FROM ADDRESS  test@auth0.invalid
         - SETTINGS              {"message":{"view_content_link":false}}
 
   100 - it successfully updates welcome email template:
     command: auth0 email templates update welcome --enabled --body "<h1>Welcome!</h1>" --from "welcome@travel0.com" --lifetime 6100 --subject "Welcome to Travel0" --url "travel0.com" --force
     exit-code: 0
 
-  101 - it successfully shows welcome email template:
+  101 - it successfully updates only specified value without affecting the enabled boolean flag:
+    command: auth0 email templates update welcome --url "test.travel0.com"
+    exit-code: 0
+    stdout:
+      contains:
+        - RESULT URL           test.travel0.com
+        - ENABLED              ✓
+
+  102 - it successfully shows welcome email template:
     command: auth0 email templates show welcome
     exit-code: 0
     stdout:
       contains:
         - TEMPLATE             Welcome Email
         - FROM                 welcome@travel0.com
         - SUBJECT              Welcome to Travel0
-        - RESULT URL           travel0.com
+        - RESULT URL           test.travel0.com
         - RESULT URL LIFETIME  6100
         - ENABLED              ✓
 
-  102 - it successfully updates verify-link email template:
+  103 - it successfully updates verify-link email template:
     command: auth0 email templates update verify-link --enabled --body "<h1>Verify link</h1>" --from "verify@travel0.com" --lifetime 6100 --subject "Verify link" --url "travel0.com" --force
     exit-code: 0
 
-  103 - it successfully shows verify-link email template:
+  104 - it successfully shows verify-link email template:
     command: auth0 email templates show verify-link
     exit-code: 0
     stdout:
@@ -96,11 +112,11 @@ tests:
         - RESULT URL           travel0.com
         - RESULT URL LIFETIME  6100
         - ENABLED              ✓
-  104 - it successfully updates verify-code email template:
+  105 - it successfully updates verify-code email template:
     command: auth0 email templates update verify-code --enabled --body "<h1>Verify code</h1>" --from "verify@travel0.com" --lifetime 6100 --subject "Verify code" --url "travel0.com" --force
     exit-code: 0
 
-  105 - it successfully shows verify-code email template:
+  106 - it successfully shows verify-code email template:
     command: auth0 email templates show verify-code
     exit-code: 0
     stdout:
@@ -111,11 +127,11 @@ tests:
         - RESULT URL           travel0.com
         - RESULT URL LIFETIME  6100
         - ENABLED              ✓
-  106 - it successfully updates change-password email template:
+  107 - it successfully updates change-password email template:
     command: auth0 email templates update change-password --enabled --body "<h1>Change password</h1>" --from "change-password@travel0.com" --lifetime 6100 --subject "Change password" --url "travel0.com" --force
     exit-code: 0
 
-  107 - it successfully shows change-password email template:
+  108 - it successfully shows change-password email template:
     command: auth0 email templates show change-password
     exit-code: 0
     stdout:
@@ -126,11 +142,11 @@ tests:
         - RESULT URL           travel0.com
         - RESULT URL LIFETIME  6100
         - ENABLED              ✓
-  108 - it successfully updates blocked-account email template:
+  109 - it successfully updates blocked-account email template:
     command: auth0 email templates update blocked-account --enabled --body "<h1>Change password</h1>" --from "blocked@travel0.com" --lifetime 6100 --subject "Blocked!" --url "travel0.com" --force
     exit-code: 0
 
-  109 - it successfully shows blocked-account email template:
+  110 - it successfully shows blocked-account email template:
     command: auth0 email templates show blocked-account
     exit-code: 0
     stdout:
@@ -141,11 +157,11 @@ tests:
         - RESULT URL           travel0.com
         - RESULT URL LIFETIME  6100
         - ENABLED              ✓
-  110 - it successfully updates password-breach email template:
+  111 - it successfully updates password-breach email template:
     command: auth0 email templates update password-breach --enabled --body "<h1>Password breached</h1>" --from "security@travel0.com" --lifetime 6100 --subject "Breached Password!" --url "travel0.com" --force
     exit-code: 0
 
-  111 - it successfully shows password-breach email template:
+  112 - it successfully shows password-breach email template:
     command: auth0 email templates show password-breach
     exit-code: 0
     stdout:
@@ -156,11 +172,11 @@ tests:
         - RESULT URL           travel0.com
         - RESULT URL LIFETIME  6100
         - ENABLED              ✓
-  112 - it successfully updates mfa-enrollment email template:
+  113 - it successfully updates mfa-enrollment email template:
     command: auth0 email templates update mfa-enrollment --enabled --body "<h1>Enroll in MFA</h1>" --from "security@travel0.com" --lifetime 6100 --subject "Enroll in MFA!" --url "travel0.com" --force
     exit-code: 0
 
-  113 - it successfully shows mfa-enrollment email template:
+  114 - it successfully shows mfa-enrollment email template:
     command: auth0 email templates show mfa-enrollment
     exit-code: 0
     stdout:
@@ -171,11 +187,11 @@ tests:
         - RESULT URL           travel0.com
         - RESULT URL LIFETIME  6100
         - ENABLED              ✓
-  114 - it successfully updates mfa-code email template:
+  115 - it successfully updates mfa-code email template:
     command: auth0 email templates update mfa-code --enabled --body "<h1>MFA Enrollment code</h1>" --from "security@travel0.com" --lifetime 6100 --subject "MFA Enrollment Code" --url "travel0.com" --force
     exit-code: 0
 
-  115 - it successfully shows mfa-code email template:
+  116 - it successfully shows mfa-code email template:
     command: auth0 email templates show mfa-code
     exit-code: 0
     stdout:
@@ -186,11 +202,11 @@ tests:
         - RESULT URL           travel0.com
         - RESULT URL LIFETIME  6100
         - ENABLED              ✓
-  116 - it successfully updates user-invitation email template:
+  117 - it successfully updates user-invitation email template:
     command: auth0 email templates update user-invitation --enabled --body "<h1>You are invited!</h1>" --from "invited@travel0.com" --lifetime 6100 --subject "You are invited!" --url "travel0.com" --force
     exit-code: 0
 
-  117 - it successfully shows user-invitation email template:
+  118 - it successfully shows user-invitation email template:
     command: auth0 email templates show user-invitation
     exit-code: 0
     stdout:
@@ -201,7 +217,7 @@ tests:
         - RESULT URL           travel0.com
         - RESULT URL LIFETIME  6100
         - ENABLED              ✓
-  118 - it successfully shows user-invitation email template (json):
+  119 - it successfully shows user-invitation email template (json):
     command: "auth0 email templates show user-invitation --json | jq ."
     exit-code: 0
     stdout:
@@ -214,11 +230,11 @@ tests:
         syntax: "liquid"
         urlLifetimeInSeconds: "6100"
         enabled: "true"
-  119 - it successfully updates async-approval email template:
+  120 - it successfully updates async-approval email template:
     command: auth0 email templates update async-approval --enabled --body "<h1>Async Approval Required</h1>" --from "approval@travel0.com" --lifetime 6100 --subject "Approval Required" --url "travel0.com" --force
     exit-code: 0
 
-  120 - it successfully shows async-approval email template:
+  121 - it successfully shows async-approval email template:
     command: auth0 email templates show async-approval
     exit-code: 0
     stdout: