Auth0 API

Clients

clients

Methods

Create A Client ->
Client
post/clients

Create a new client (application or SSO integration). For more information, read Create Applications API Endpoints for Single Sign-On.

Notes:

  • We recommend leaving the client_secret parameter unspecified to allow the generation of a safe secret.
  • The client_authentication_methods and token_endpoint_auth_method properties are mutually exclusive. Use client_authentication_methods to configure the client with Private Key JWT authentication method. Otherwise, use token_endpoint_auth_method to configure the client with client secret (basic or post) or with no authentication method (none).
  • When using client_authentication_methods to configure the client with Private Key JWT authentication method, specify fully defined credentials. These credentials will be automatically enabled for Private Key JWT authentication on the client.
  • To configure client_authentication_methods, the create:client_credentials scope is required.
  • To configure client_authentication_methods, the property jwt_configuration.alg must be set to RS256.
SSO Integrations created via this endpoint will accept login requests and share user profile information.
Delete A Client ->
delete/clients/{client_id}

Delete a client and related configuration (rules, connections, etc).

Get Clients -> ClientsPageNumberPage<
Client
>
get/clients

Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified. For more information, read Applications in Auth0 and Single Sign-On.

  • The following can be retrieved with any scope: client_id, app_type, name, and description.
  • The following properties can only be retrieved with the read:clients or read:client_keys scope: callbacks, oidc_logout, allowed_origins, web_origins, tenant, global, config_route, callback_url_template, jwt_configuration, jwt_configuration.lifetime_in_seconds, jwt_configuration.secret_encoded, jwt_configuration.scopes, jwt_configuration.alg, api_type, logo_uri, allowed_clients, owners, custom_login_page, custom_login_page_off, sso, addons, form_template, custom_login_page_codeview, resource_servers, client_metadata, mobile, mobile.android, mobile.ios, allowed_logout_urls, token_endpoint_auth_method, is_first_party, oidc_conformant, is_token_endpoint_ip_header_trusted, initiate_login_uri, grant_types, refresh_token, refresh_token.rotation_type, refresh_token.expiration_type, refresh_token.leeway, refresh_token.token_lifetime, organization_usage, organization_require_behavior.
  • The following properties can only be retrieved with the read:client_keys or read:client_credentials scope: encryption_key, encryption_key.pub, encryption_key.cert, client_secret, client_authentication_methods and signing_key.
Get Client By ID ->
Client
get/clients/{client_id}

Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified. For more information, read Applications in Auth0 and Single Sign-On.

  • The following properties can be retrieved with any of the scopes: client_id, app_type, name, and description.
  • The following properties can only be retrieved with the read:clients or read:client_keys scopes: callbacks, oidc_logout, allowed_origins, web_origins, tenant, global, config_route, callback_url_template, jwt_configuration, jwt_configuration.lifetime_in_seconds, jwt_configuration.secret_encoded, jwt_configuration.scopes, jwt_configuration.alg, api_type, logo_uri, allowed_clients, owners, custom_login_page, custom_login_page_off, sso, addons, form_template, custom_login_page_codeview, resource_servers, client_metadata, mobile, mobile.android, mobile.ios, allowed_logout_urls, token_endpoint_auth_method, is_first_party, oidc_conformant, is_token_endpoint_ip_header_trusted, initiate_login_uri, grant_types, refresh_token, refresh_token.rotation_type, refresh_token.expiration_type, refresh_token.leeway, refresh_token.token_lifetime, organization_usage, organization_require_behavior.
  • The following properties can only be retrieved with the read:client_keys or read:client_credentials scopes: encryption_key, encryption_key.pub, encryption_key.cert, client_secret, client_authentication_methods and signing_key.
Rotate A Client Secret ->
Client
post/clients/{client_id}/rotate-secret

Rotate a client secret.

This endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt).

Note: The generated secret is NOT base64 encoded.

Update A Client ->
Client
patch/clients/{client_id}

Updates a client's settings. For more information, read Applications in Auth0 and Single Sign-On.

Notes:

  • The client_secret and signing_key attributes can only be updated with the update:client_keys scope.
  • The client_authentication_methods and token_endpoint_auth_method properties are mutually exclusive. Use client_authentication_methods to configure the client with Private Key JWT authentication method. Otherwise, use token_endpoint_auth_method to configure the client with client secret (basic or post) or with no authentication method (none).
  • When using client_authentication_methods to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
  • To configure client_authentication_methods, the update:client_credentials scope is required.
  • To configure client_authentication_methods, the property jwt_configuration.alg must be set to RS256.
Clients

Credentials

clients.credentials

Methods

Create A Client Credential -> { id, alg, created_at, 7 more... }
post/clients/{client_id}/credentials

Create a client credential associated to your application. The credential will be created but not yet enabled for use with Private Key JWT authentication method. To enable the credential, set the client_authentication_methods property on the client. For more information, read Configure Private Key JWT Authentication.

Delete A Client Credential ->
delete/clients/{client_id}/credentials/{credential_id}

Delete a client credential you previously created. May be enabled or disabled. For more information, read Client Credential Flow.

Get Client Credentials -> Array<
ClientCredential
>
get/clients/{client_id}/credentials

Get the details of a client credential.

Important: To enable credentials to be used for Private Key JWT authentication method, set the client_authentication_methods property on the client.

Get Client Credential Details -> { id, alg, created_at, 7 more... }
get/clients/{client_id}/credentials/{credential_id}

Get the details of a client credential.

Important: To enable credentials to be used for Private Key JWT authentication method, set the client_authentication_methods property on the client.

Update A Client Credential -> { id, alg, created_at, 7 more... }
patch/clients/{client_id}/credentials/{credential_id}

Change a client credential you previously created. May be enabled or disabled. For more information, read Client Credential Flow.

Domain types

ClientCredential = { id, alg, created_at, 7 more... }