The Credentials tab may not be visible in your tenant if you have a public application. To learn more about confidential applications versus public applications, read Confidential and Public Applications.
Authentication Methods
Auth0 offers the following ways your application can authenticate with the :- Private Key : An asymmetric authentication method for confidential applications. In Private Key JWT, you generate a pair of keys, public and private, to use as credentials. You provide the public key and securely store the private key in your own system without sharing it with Auth0. You use the private key to sign the request sent to the authorization server. You can manage the public keys below in the Available Credentials section.
-
: A symmetrical authentication method. In Client Secret authentication, you provide the Client Secret Auth0 assigned when you created the application. You can view and copy the
client_secretdirectly from this section.- Client Secret (Basic): Use Basic for a confidential application using the
HTTP BASICauthentication scheme to send a Client Secret. - Client Secret (Post): Use Post for a confidential application using request body parameters to send a Client Secret.
- Client Secret (Basic): Use Basic for a confidential application using the
Available Credentials
- Name: Name of the credential. For example: 4096.
- Key ID: Unique Auth0-generated credential identifier. The same credential can’t be uploaded more than once.
- Algorithm: Algorithm you select for each credential. We support RS256, PS256, and RS384.
- Expires At:
datetimewhen the credential is invalid for the declared use. The credential will not be deleted, but will be inoperable. This can be configured in the UI by enabling the Set an explicit expiry date for this credential checkbox.
