Set up a Client Credentials Grant using the Dashboard

Heads up! As part of our efforts to improve security and standards-based interoperability, we have implemented several new features in our authentication flows and made changes to existing ones. For an overview of these changes, and details on how you adopt them, refer to Introducing OIDC Conformant Authentication.

  1. Open the Auth0 Management Dashboard and browse to the Clients section.

  2. Create a new client of type Non Interactive for each of the applications that will consume the API you want to generate access tokens for.

Create a Client

  1. Navigate to the API section and create a new API.

Enter a friendly name and an identifier. Ideally, this identifier should be the public endpoint of the API, but any valid URN is acceptable. This API will be represented by your Resource Server.

The selection of the Signing Algorithm will dictate how the API will validate the access tokens it receives:

Create an API

There will already be an Auth0 Management API that represents Auth0's APIv2. You can authorize client applications to request tokens from this API as well.

  1. (Optional) Define some scopes by browsing to the Scopes tab. A scope is a claim that may be issued as part of the access token. With this information, the API can enforce fine-grained authorization.

Define Scopes

  1. Authorize a consumer client. Under the Non Interactive Clients tab, you can authorize your clients that will be the consumers of the API. This will create a client grant for each client and will allow you to generate access tokens for these clients to call your API. Optionally, you can select a subset of scopes to be granted to this client as part of the access token. Scopes allow the API to enforce fine-grained authorization.

Authorize the Client

  1. Setup your API to accept access tokens. The Quickstart tab provides you with code snippets for different languages and will guide you through bootstrapping your API, depending on the selected Signing Algorithm.