Class ClientsManager

Create a new client (application or SSO integration). For more information, read Create Applications API Endpoints for Single Sign-On.

Notes:

• We recommend leaving the client_secret parameter unspecified to allow the generation of a safe secret.
• The client_authentication_methods and token_endpoint_auth_method properties are mutually exclusive. Use client_authentication_methods to configure the client with Private Key JWT authentication method. Otherwise, use token_endpoint_auth_method to configure the client with client secret (basic or post) or with no authentication method (none).
• When using client_authentication_methods to configure the client with Private Key JWT authentication method, specify fully defined credentials. These credentials will be automatically enabled for Private Key JWT authentication on the client.
• To configure client_authentication_methods, the create:client_credentials scope is required.
• To configure client_authentication_methods, the property jwt_configuration.alg must be set to RS256.

Create a client

Throws

Create a client credential associated to your application. The credential will be created but not yet enabled for use with Private Key JWT authentication method. To enable the credential, set the client_authentication_methods property on the client. For more information, read Configure Private Key JWT Authentication. Create a client credential

Throws

Delete a client and related configuration (rules, connections, etc). Delete a client

Throws

Delete a client credential you previously created. May be enabled or disabled. For more information, read Client Credential Flow. Delete a client credential

Throws

Retrieve client details by ID. Clients are SSO connections or Applications linked with your Auth0 tenant. A list of fields to include or exclude may also be specified. For more information, read Applications in Auth0 and Single Sign-On.

• The following properties can be retrieved with any of the scopes: client_id, app_type, name, and description.
• The following properties can only be retrieved with the read:clients or read:client_keys scopes: callbacks, oidc_logout, allowed_origins, web_origins, tenant, global, config_route, callback_url_template, jwt_configuration, jwt_configuration.lifetime_in_seconds, jwt_configuration.secret_encoded, jwt_configuration.scopes, jwt_configuration.alg, api_type, logo_uri, allowed_clients, owners, custom_login_page, custom_login_page_off, sso, addons, form_template, custom_login_page_codeview, resource_servers, client_metadata, mobile, mobile.android, mobile.ios, allowed_logout_urls, token_endpoint_auth_method, is_first_party, oidc_conformant, is_token_endpoint_ip_header_trusted, initiate_login_uri, grant_types, refresh_token, refresh_token.rotation_type, refresh_token.expiration_type, refresh_token.leeway, refresh_token.token_lifetime, refresh_token.policies, organization_usage, organization_require_behavior.
• The following properties can only be retrieved with the read:client_keys or read:client_credentials scopes: encryption_key, encryption_key.pub, encryption_key.cert, client_secret, client_authentication_methods and signing_key.

Get client by ID

Throws

Retrieve clients (applications and SSO integrations) matching provided filters. A list of fields to include or exclude may also be specified. For more information, read Applications in Auth0 and Single Sign-On.

• The following can be retrieved with any scope: client_id, app_type, name, and description.
• The following properties can only be retrieved with the read:clients or read:client_keys scope: callbacks, oidc_logout, allowed_origins, web_origins, tenant, global, config_route, callback_url_template, jwt_configuration, jwt_configuration.lifetime_in_seconds, jwt_configuration.secret_encoded, jwt_configuration.scopes, jwt_configuration.alg, api_type, logo_uri, allowed_clients, owners, custom_login_page, custom_login_page_off, sso, addons, form_template, custom_login_page_codeview, resource_servers, client_metadata, mobile, mobile.android, mobile.ios, allowed_logout_urls, token_endpoint_auth_method, is_first_party, oidc_conformant, is_token_endpoint_ip_header_trusted, initiate_login_uri, grant_types, refresh_token, refresh_token.rotation_type, refresh_token.expiration_type, refresh_token.leeway, refresh_token.token_lifetime, refresh_token.policies, organization_usage, organization_require_behavior.
• The following properties can only be retrieved with the read:client_keys or read:client_credentials scope: encryption_key, encryption_key.pub, encryption_key.cert, client_secret, client_authentication_methods and signing_key.

Get clients

Throws

Get the details of a client credential.

Important: To enable credentials to be used for Private Key JWT authentication method, set the client_authentication_methods property on the client. Get client credential details

Throws

Get the details of a client credential.

Important: To enable credentials to be used for Private Key JWT authentication method, set the client_authentication_methods property on the client. Get client credentials

Throws

Retrieve all connections that are enabled for the specified Application, using checkpoint pagination. A list of fields to include or exclude for each connection may also be specified.

• This endpoint requires the read:connections scope and any one of read:clients or read:client_summary.
• Note: The first time you call this endpoint, omit the from parameter. If there are more results, a next value is included in the response. You can use this for subsequent API calls. When next is no longer included in the response, no further results are remaining.

Get enabled connections for a client

Throws

Rotate a client secret.

This endpoint cannot be used with clients configured with Private Key JWT authentication method (client_authentication_methods configured with private_key_jwt).

Note: The generated secret is NOT base64 encoded.

Rotate a client secret

Throws

Updates a client's settings. For more information, read Applications in Auth0 and Single Sign-On.

Notes:

• The client_secret and signing_key attributes can only be updated with the update:client_keys scope.
• The client_authentication_methods and token_endpoint_auth_method properties are mutually exclusive. Use client_authentication_methods to configure the client with Private Key JWT authentication method. Otherwise, use token_endpoint_auth_method to configure the client with client secret (basic or post) or with no authentication method (none).
• When using client_authentication_methods to configure the client with Private Key JWT authentication method, only specify the credential IDs that were generated when creating the credentials on the client.
• To configure client_authentication_methods, the update:client_credentials scope is required.
• To configure client_authentication_methods, the property jwt_configuration.alg must be set to RS256. Update a client

Throws

Change a client credential you previously created. May be enabled or disabled. For more information, read Client Credential Flow. Update a client credential

Throws