Set up a Client Credentials Grant using the Dashboard
Open the Auth0 Management Dashboard and browse to the Clients section.
Create a new client of type Non Interactive for each of the applications that will consume the API you want to generate access tokens for.
- Navigate to the API section and create a new API.
Enable APIs Section
Enter a friendly name and an identifier. Ideally, this identifier should be the public endpoint of the API, but any valid URN is acceptable. This API will be represented by your Resource Server.
The selection of the Signing Algorithm will dictate how the API will validate the access tokens it receives:
- HS256 (symmetric): signed using the resource server's signing secret
- RS256 (asymmetric): signed using Auth0's private key for your account. Verification is done using the corresponding public key, which can be found at the following standard JWKS (JSON Web Key set) URL: https://YOUR_AUTH0_DOMAIN/.well-known/jwks.json
NOTE: There will already be an Auth0 Management API that represents Auth0's APIv2. You can authorize client applications to request tokens from this API as well.
- (Optional) Define some scopes by browsing to the Scopes tab. A scope is a claim that may be issued as part of the access token. With this information, the API can enforce fine-grained authorization.
- Authorize a consumer client. Under the Non Interactive Clients tab, you can authorize your clients that will be the consumers of the API. This will create a
client grantfor each client and will allow you to generate access tokens for these clients to call your API. Optionally, you can select a subset of scopes to be granted to this client as part of the access token. Scopes allow the API to enforce fine-grained authorization.
- Setup your API to accept access tokens. The Quickstart tab provides you with code snippets for different languages and will guide you through bootstrapping your API, depending on the selected Signing Algorithm.