auth0 · developerkunal · Oct 10, 2025 · Oct 9, 2025
@@ -172,6 +172,7 @@ func New(ctx context.Context, domain string, options ...Option) (*Authentication
 
 	a.http = client.Wrap(
 		a.http,
+		client.WithUserAgent(client.UserAgent),
 		client.WithDebug(a.debug),
 		client.WithAuth0ClientInfo(a.auth0ClientInfo),
 		client.WithRetries(a.retryStrategy),

@@ -406,9 +406,18 @@ func DebugTransport(base http.RoundTripper, debug bool) http.RoundTripper {
 	}
 
 	return RoundTripFunc(func(req *http.Request) (*http.Response, error) {
+		// Note: We cannot dump the request here because inner transports
+		// (UserAgent, Auth0Client, etc.) haven't modified it yet.
+		// DumpRequestOut creates a wire representation, but transports
+		// set headers during RoundTrip, not before.
+		// So we log the request info manually after it's been prepared.
+		// Call the base transport which will trigger all inner transports
+		res, err := base.RoundTrip(req)
+
+		// Now dump the request after transports have modified it
+		// We do this before checking error so we can see what was attempted
 		dumpRequest(req)
 
-		res, err := base.RoundTrip(req)
 		if err != nil {
 			return res, err
 		}

@@ -1,8 +1,6 @@
 package client
 
 import (
-	"encoding/base64"
-	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -50,20 +48,16 @@ func New(domain string, options ...option.RequestOption) (*Management, error) {
 	// Build the base options that will be passed to NewWithOptions
 	baseOptions := []option.RequestOption{
 		option.WithBaseURL(u.String() + "/api/v2"),
-		option.WithHTTPClient(http.DefaultClient),
-		option.WithHTTPHeader(http.Header{
-			"User-Agent": []string{internal.UserAgent},
-		}),
 		option.WithMaxAttempts(uint(retryOptions.MaxRetries)),
 	}
 
-	// Apply CustomDomainHeaderTransport to support request-level custom domain headers
-	// Pass empty string for client-level domain; request-level will use the hint header
-	httpClient := *http.DefaultClient // Clone to avoid modifying the global client
-	httpClient.Transport = internal.CustomDomainHeaderTransport(http.DefaultClient.Transport, "")
-	baseOptions = append(baseOptions, option.WithHTTPClient(&httpClient))
+	// Clone DefaultClient to avoid modifying the global client
+	httpClient := *http.DefaultClient
+
+	// Apply transports in order: UserAgent, Auth0-Client (if needed), then CustomDomain
+	httpClient.Transport = internal.UserAgentTransport(http.DefaultClient.Transport, internal.UserAgent)
 
-	// Only add Auth0-Client header if NoAuth0ClientInfo is not set
+	// Only add Auth0-Client header transport if NoAuth0ClientInfo is not set
 	if !noAuth0ClientInfo {
 		// Process env options if any were found
 		envOpts := core.NewRequestOptions(envOnlyOptions...)
@@ -85,18 +79,18 @@ func New(domain string, options ...option.RequestOption) (*Management, error) {
 			auth0ClientInfo.Env[k] = v
 		}
 
-		auth0ClientJSON, err := json.Marshal(auth0ClientInfo)
+		// Apply Auth0ClientInfo transport
+		transport, err := internal.Auth0ClientInfoTransport(httpClient.Transport, auth0ClientInfo)
 		if err != nil {
 			return nil, err
 		}
+		httpClient.Transport = transport
+	}
 
-		auth0ClientEncoded := base64.StdEncoding.EncodeToString(auth0ClientJSON)
+	// Apply CustomDomainHeaderTransport last (pass empty string for client-level domain; request-level will use the hint header)
+	httpClient.Transport = internal.CustomDomainHeaderTransport(httpClient.Transport, "")
 
-		// Add the Auth0-Client header
-		baseOptions = append(baseOptions, option.WithHTTPHeader(http.Header{
-			"Auth0-Client": []string{auth0ClientEncoded},
-		}))
-	}
+	baseOptions = append(baseOptions, option.WithHTTPClient(&httpClient))
 
 	m := NewWithOptions(append(baseOptions, options...)...)