</noscript></div><div data-swiftype-index="false" class="docs-single"><div id="app"><div class="docs-application" data-reactroot=""><header class=" header--3gcmp showSearch--3PZux "><div class="container headerContainer--1Osh9 flexRow--2n9x1"><div class="col-md-3"><h1 class="brand--2Ou8K"><a href="https://auth0.com/"><svg class="logo--xgzNN" viewBox="196 38 89 32" xmlns="http://www.w3.org/2000/svg"><g fill="none" fill-rule="evenodd"><path d="M279.706 46.402c-1.556 0-2.873.725-3.807 2.096-.93 1.363-1.42 3.266-1.42 5.502 0 2.236.49 4.14 1.42 5.502.93 1.37 2.25 2.096 3.8 2.096s2.87-.725 3.8-2.096c.93-1.363 1.42-3.266 1.42-5.502 0-2.236-.49-4.14-1.42-5.502-.94-1.37-2.25-2.096-3.81-2.096zm0 13.313c-.744 0-1.332-.416-1.798-1.272-.562-1.035-.872-2.613-.872-4.443 0-1.83.31-3.408.872-4.443.466-.856 1.054-1.272 1.798-1.272.743 0 1.33.416 1.797 1.272.562 1.035.872 2.612.872 4.443 0 1.83-.31 3.41-.872 4.443-.466.856-1.054 1.272-1.797 1.272zm-33.725-7.777v6.535c0 1.723 1.42 3.125 3.16 3.125 1.52 0 2.67-.746 3.1-1.066.03-.018.06-.024.09-.015.03.01.05.03.06.06l.257.825h1.883v-9.464h-2.42v7.076c0 .034-.02.064-.05.08-.455.232-1.35.62-2.25.62-.768 0-1.39-.615-1.39-1.374v-6.402H246zm24.24 9.464h2.42v-6.536c0-1.723-1.41-3.125-3.16-3.125-1.28 0-2.31.55-2.81.87-.03.02-.06.02-.09.01s-.05-.04-.05-.08V46.6h-2.42v14.804h2.42v-7.077c0-.034.02-.064.05-.08.46-.232 1.36-.62 2.26-.62.37 0 .72.142.983.4.263.26.407.607.407.974v6.4zm-13.96-7.582h1.48c.05 0 .09.04.09.09v5.206c0 1.368 1.13 2.482 2.51 2.482.506 0 1-.072 1.477-.213v-1.71c-.28.025-.597.04-.823.04-.407 0-.74-.328-.74-.732V53.91c0-.05.04-.09.09-.09h1.474v-1.883h-1.473c-.05 0-.09-.04-.09-.09v-3.124h-2.42v3.125c0 .05-.04.09-.09.09h-1.472v1.882zm-14.14 7.582h2.52L240.8 48.2c-.307-1.06-1.3-1.798-2.413-1.798-1.114 0-2.107.74-2.414 1.798l-3.828 13.202h2.517l1.108-3.82c.012-.04.047-.066.087-.066h5.06c.04 0 .075.026.086.065l1.108 3.83zm-1.79-5.768h-3.86c-.026 0-.053-.014-.07-.036-.02-.022-.022-.052-.015-.078l1.933-6.66c.01-.04.046-.065.087-.065.04 0 .072.026.083.064l1.93 6.66c.01.02.005.05-.012.07s-.042.03-.07.03z" fill="#15214D"></path><path d="M219.03 63.878l-3.245-9.88 8.497-6.102H213.78l-3.247-9.88v-.002h10.504l3.247 9.88h.002c1.886 5.73-.056 12.25-5.255 15.984zm-16.996 0l-.003.002 8.5 6.106 8.5-6.108-8.49-6.105-8.5 6.105zm-5.253-15.985c-1.98 6.042.32 12.445 5.26 15.986v-.01l3.25-9.88-8.49-6.11h10.5l3.247-9.88.003-.006h-10.51l-3.25 9.88z" fill="#EB5424"></path></g></svg></a><a href="/docs" class="title--1hjaL">Docs</a><button type="button" class="toggleButton--39Kkb "><span class="screenReaderOnly--1h9yr">Toggle navigation</span><span class="iconBar--1Dzsz"></span><span class="iconBar--1Dzsz"></span><span class="iconBar--1Dzsz"></span><span class="iconBar--1Dzsz"></span></button></h1></div><nav class="flexRow--2n9x1"><div class="flexNav--2f79F"><ul class="navbarLinks--1LeJb"><li class="active"><a href="/docs/getting-started">Articles</a></li><li class=""><a href="/docs/quickstarts">QuickStarts</a></li><li class=""><a href="/docs/api/info">Auth0 APIs</a></li><li class=""><a href="/docs/libraries">Libraries</a></li><li class=""><a href="/docs/videos">Videos</a></li><li class=""><a href="/docs/identity-labs">Identity Labs</a></li></ul><div class="form-group search-control navbarSearch--2Xu1M"><form id="search" role="search" class="search-form" autoComplete="off"><div><i class="icon-budicon-489"></i><input type="text" id="search-input" class="search-input form-control" placeholder="Search" value=""/></div></form></div></div><div class="actions--vMRkw"><button class="talkToSales--2pGPn btn btn-transparent btn-sml">Talk to Sales</button><button class="login-link btn btn-transparent btn-sm">Login</button><button class="login-button btn btn-success btn-sm">Sign up</button></div></nav></div></header><div class=" docs-article doc-with-sidebar docs-with-toc "><div><div><div></div><div class="stickyNav--3Xwr-"><div class="container--1aI5J container"><h3 class="title--2GBV6">Execute an Authorization Code Grant Flow</h3><div class="buttons--3gxAI"><a href="https://auth0.com/get-started" class="btn--1d7ou btn btn-primary"><svg width="24" height="14" viewBox="5 0 14 14" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M13 6.505a5.301 5.301 0 0 1-.6 2.46 5.567 5.567 0 0 1-2.088 2.222 5.791 5.791 0 0 1-2.979.822 5.721 5.721 0 0 1-2.533-.582L1 12.657l1.267-3.691a5.3 5.3 0 0 1-.6-2.461c0-1.022.293-2.024.847-2.893A5.61 5.61 0 0 1 4.8 1.582 5.721 5.721 0 0 1 7.333 1h.334a5.73 5.73 0 0 1 3.686 1.6A5.422 5.422 0 0 1 13 6.181v.324z" stroke="#fff" stroke-linecap="round" stroke-linejoin="round"></path></svg>Talk to Sales</a></div></div></div></div><div class="document"><div><div class="js-doc-template container" style="margin-bottom:40px"><div class="row"><div class="sidebar-container col-md-3"><div><div></div><div class=""><div class="sidebar is-article"><div class="section-title">articles</div><ul class=" sidebar-item-list sidebar-item-list-depth0 "><div class="mobile-dropdown-trigger" role="button"><h5 class="mobile-dropdown-title"><span></span></h5><i class="mobile-dropdown-icon icon-budicon-460"></i></div><div class="mobile-dropdown-content scrollable"><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/getting-started">Get Started</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/getting-started/overview">Auth0 Overview</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/getting-started/the-basics">Learn the Basics</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/getting-started/dashboard-overview">Dashboard Overview</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/getting-started/create-tenant">Create a Tenant</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/getting-started/set-up-app">Set Up An App</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/applications/register-app-regular-web">Regular Web App</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/applications/register-app-native">Native App</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/applications/register-app-spa">Single-Page App</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/applications/register-app-m2m">Backend/Service</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/getting-started/set-up-api">Set Up an API</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/getting-started/deployment-models">Deployment Models</a></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/architecture-scenarios">Architecture Scenarios</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/architecture-scenarios/b2c">Business to Consumer</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2c/b2c-architecture">Architecture</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2c/b2c-provisioning">Provisioning</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2c/b2c-authentication">Authentication</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2c/b2c-branding">Branding</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2c/b2c-deployment">Deployment Automation</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2c/b2c-qa">Quality Assurance</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2c/b2c-profile-mgmt">Profile Management</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2c/b2c-authorization">Authorization</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2c/b2c-logout">Logout</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2c/b2c-operations">Operations</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2c/b2c-launch">Launch Preparation</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/architecture-scenarios/b2b">Business to Business</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2b/b2b-architecture">Architecture</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2b/b2b-provisioning">Provisioning</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2b/b2b-authentication">Authentication</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2b/b2b-branding">Branding</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2b/b2b-deployment">Deployment Automation</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2b/b2b-qa">Quality Assurance</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2b/b2b-profile-mgmt">Profile Management</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2b/b2b-authorization">Authorization</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2b/b2b-logout">Logout</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2b/b2b-operations">Operations</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/implementation/b2b/b2b-launch">Launch Preparation</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/architecture-scenarios/b2e">Business to Employees</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/architecture-scenarios/web-app-sso">SSO for Regular Web Apps</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/web-app-sso/part-1">Solution Overview</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/web-app-sso/part-2">Configuration</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/web-app-sso/part-3">Implementation</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/web-app-sso/part-4">Conclusion</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/architecture-scenarios/server-api">Server Application + API</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/server-api/part-1">Solution Overview</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/server-api/part-2">Configuration</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/server-api/part-3">Implementation</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/server-api/part-4">Conclusion</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/architecture-scenarios/spa-api">SPA + API</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/spa-api/part-1">Solution Overview</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/spa-api/part-2">Configuration</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/spa-api/part-3">Implementation</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/spa-api/part-4">Conclusion</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/architecture-scenarios/mobile-api">Mobile + API</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/mobile-api/part-1">Solution Overview</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/mobile-api/part-2">Configuration</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/mobile-api/part-3">Implementation</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/architecture-scenarios/mobile-api/part-4">Conclusion</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/architecture-scenarios/checklists">Implementation Checklists</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/architecture-scenarios/implementation-resources">Implementation Resources</a></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/login">Login</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/universal-login">Universal Login</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/universal-login/new">New Experience</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/universal-login/classic">Classic Experience</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/universal-login/password-reset">Password Reset</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/universal-login/multifactor-authentication">Multi-factor Authentication</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/universal-login/configure-login-page-passwordless">Passwordless</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/universal-login/error-pages">Error Pages</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/universal-login/text-customization">Text Customization</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/universal-login/i18n">Internationalization</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/universal-login/default-login-url">Default Login URL</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/universal-login/version-control">Version Control</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/guides/login/universal-vs-embedded">Universal vs Embedded Login</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/login/embedded">Embedded Login</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/libraries/lock/v11">Lock for Web</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/libraries/auth0js/v9">Auth0.js</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/cross-origin-authentication">Cross-Origin Authentication</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/flows">Authentication Flows</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/flows/guides/auth-code/add-login-auth-code">Regular Web App</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/flows/guides/implicit/add-login-implicit">Single-Page App</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/flows/guides/auth-code-pkce/add-login-auth-code-pkce">Native App</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/multifactor-authentication">Multi-Factor Authentication</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/multifactor-authentication">Overview</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/multifactor-authentication/factors">Factors</a><ul class="sidebar-item-list sidebar-item-list-depth3 "></ul></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/multifactor-authentication/custom">Custom</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/multifactor-authentication/step-up-authentication">Step-Up</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/multifactor-authentication/api">MFA API</a><ul class="sidebar-item-list sidebar-item-list-depth3 "></ul></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/api-auth/tutorials/silent-authentication">Silent Authentication</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/users/guides/redirect-users-after-login">Redirect After Login</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/logout">Logout</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/logout/guides/logout-applications">Apps</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/logout/guides/logout-auth0">Auth0</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/logout/guides/logout-idps">Identity Providers</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/logout/guides/logout-saml-idps">SAML Identity Providers</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/logout/guides/redirect-users-after-logout">Redirect After Logout</a></li></ul></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/connections">Connections</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/connections/identity-providers-social">Social Identity Providers</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/connections/identity-providers-enterprise">Enterprise Identity Providers</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/connections/identity-providers-legal">Legal Identity Providers</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/connections/database">Database</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/connections/database">Auth0 User Store</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/connections/database/custom-db">Your User Store</a><ul class="sidebar-item-list sidebar-item-list-depth3 "></ul></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/connections/database/password-options">Password Policies</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/connections/database/password-strength">Password Strength</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/protocols/saml/identity-providers/">SAML Identity Providers</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/connections/pass-parameters-to-idps">Pass Parameters to Identity Providers</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/connections/passwordless">Passwordless</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/connections/passwordless">Authentication Factors</a><ul class="sidebar-item-list sidebar-item-list-depth3 "><li class="sidebar-item sidebar-item-depth3 undefined "><a class="" href="/docs/connections/passwordless/guides/email-otp">Email</a></li><li class="sidebar-item sidebar-item-depth3 undefined "><a class="" href="/docs/connections/passwordless/guides/email-magic-link">Magic Link</a></li><li class="sidebar-item sidebar-item-depth3 undefined "><a class="" href="/docs/connections/passwordless/guides/sms-otp">SMS</a></li></ul></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/connections/passwordless/guides/universal-login">Universal Login</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/connections/passwordless/guides/embedded-login">Embedded Login</a><ul class="sidebar-item-list sidebar-item-list-depth3 "><li class="sidebar-item sidebar-item-depth3 undefined "><a class="" href="/docs/connections/passwordless/reference/relevant-api-endpoints">Passwordless APIs</a></li><li class="sidebar-item sidebar-item-depth3 undefined "><a class="" href="/docs/connections/passwordless/guides/embedded-login-native">Native Apps</a></li><li class="sidebar-item sidebar-item-depth3 undefined "><a class="" href="/docs/connections/passwordless/guides/embedded-login-webapps">Web Apps</a></li><li class="sidebar-item sidebar-item-depth3 undefined "><a class="" href="/docs/connections/passwordless/guides/embedded-login-spa">SPAs</a></li></ul></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/connections/passwordless/guides/best-practices">Best Practices</a></li></ul></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/authorization">Authorization</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/flows">Authorization Flows</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/flows/guides/auth-code/call-api-auth-code">Authorization Code</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/flows/guides/auth-code-pkce/call-api-auth-code-pkce">Authorization Code with PKCE</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/flows/guides/client-credentials/call-api-client-credentials">Client Credentials</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/flows/guides/device-auth/call-api-device-auth">Device Authorization</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/flows/guides/implicit/call-api-implicit">Implicit</a><ul class="sidebar-item-list sidebar-item-list-depth3 "></ul></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/authorization/concepts/rbac">Role-based Access Control (RBAC)</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/authorization/concepts/policies">Authorization Policies</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/authorization/concepts/authz-rules">Rules for Authorization Policies</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/authorization/concepts/sample-use-cases-rbac">Sample Use Cases - RBAC</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/authorization/concepts/sample-use-cases-rules">Sample Use Cases - Rules</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/authorization/concepts/core-vs-extension">Authz Core vs. Authz Extension</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/authorization/guides/how-to">How to Configure Core RBAC</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/authorization/guides/manage-roles">Manage Roles</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/authorization/guides/manage-users">Manage RBAC Users</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/authorization/guides/manage-permissions">Manage RBAC Permissions</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/apis/enable-rbac">Enable RBAC for APIs</a></li></ul></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/configure">Configuration</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/dashboard/dashboard-tenant-settings">Tenant Configuration</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/manage-dashboard-admins">Manage Tenant Administrators</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/tenants/configure-session-lifetime-settings">Configure Session Lifetime Settings</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/tenants/enable-sso-tenant">Enable SSO for Tenants</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/tenants/configure-device-user-code-settings">Configure Device User Code Settings</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/best-practices/tenant-settings">Recommended Settings</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/api-auth/dynamic-client-registration">Dynamic Client Registration</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/dashboard/reference/settings-application">Application Configuration</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/applications/enable-sso-app">Enable SSO for Applications</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/applications/update-grant-types">Update Grant Types</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/applications/enable-android-app-links">Android App Links</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/applications/enable-universal-links">Apple Universal Links</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/applications/set-up-addons">Set Up Add-ons</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/applications/remove-app">Remove Applications</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/applications/view-app-type-confidential-public">Check App Type</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/guides/applications/rotate-client-secret">Rotate Client Secret</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/applications/reference/wildcard-subdomains">Wildcards for Subdomains</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/best-practices/application-settings">Recommended Settings</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/dashboard/reference/settings-api">API Configuration</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/applications/concepts/signing-algorithms">Signing Algorithms</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/api-auth/tutorials/represent-multiple-apis">Represent Multiple APIs with a Single API</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/dashboard/reference/views-api">Dashboard Views for APIs</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/sso/current">Single Sign-On</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/sso/current/inbound">Inbound SSO</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/sso/current/outbound">Outbound SSO</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/sso/current/relevant-api-endpoints">Relevant API Endpoints</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/anomaly-detection">Anomaly Detection</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/anomaly-detection/concepts/breached-passwords">Breached Password Security</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/anomaly-detection/guides/set-anomaly-detection-preferences">Set Preferences</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/anomaly-detection/guides/customize-blocked-account-emails">Customize Emails</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/anomaly-detection/guides/enable-disable-brute-force-protection">Enable/Disable Brute Force Protection</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/anomaly-detection/references/breached-password-detection-triggers-actions">Breached Password Triggers</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/anomaly-detection/references/brute-force-protection-triggers-actions">Brute-Force Protection Triggers</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/anomaly-detection/guides/use-tenant-data-for-anomaly-detection">View Anomaly Detection Events</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/protocols/saml">SAML Configuration</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/protocols/saml/saml-configuration">Overview</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/protocols/saml/saml-configuration/auth0-as-service-provider">Configure Auth0 as a Service Provider</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/protocols/saml/saml-configuration/auth0-as-identity-provider">Configure Auth0 as an Identity Provider</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/protocols/saml/saml-configuration/auth0-as-identity-and-service-provider">Configure Auth0 as Both Service and Identity Provider</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/protocols/saml/saml-configuration/design-considerations">SAML Design Considerations</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/protocols/saml/saml-configuration/supported-options-and-bindings">Supported SAML Options and Bindings</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/protocols/saml/saml-configuration/saml-assertions">Customize SAML Assertions</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/protocols/saml/saml-configuration/logout">Logout</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/protocols/saml/saml-configuration/deprovision-users">Deprovision Users</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/protocols/saml/saml-apps">SAML Configurations for SSO Integrations</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/protocols/saml/saml-configuration/special-configuration-scenarios">Special SAML Configuration Scenarios</a><ul class="sidebar-item-list sidebar-item-list-depth3 "></ul></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/guides/ip-whitelist">Whitelist IP Addresses</a></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/users">Manage Users</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/users/concepts/overview-user-profile">User Profiles</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/normalized/auth0">Normalized User Profile</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/guides/update-user-profiles-using-your-database">Update Profiles Using Your Database</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/concepts/overview-progressive-profiling">Progressive Profiling</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/references/user-profile-structure">User Profile Structure</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/users/concepts/overview-user-metadata">Metadata</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/guides/manage-user-metadata">Manage User Metadata</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/guides/read-metadata">Read Metadata</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/guides/set-metadata-properties-on-creation">Set Metadata Properties on Creation</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/guides/update-metadata-properties-with-management-api">Update Metadata with the Management API</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/best-practices/metadata-best-practices">Metadata Best Practices</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/sessions">Sessions & Cookies</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/users/guides/manage-users-using-the-dashboard">Using the Dashboard</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/users/guides/manage-users-using-the-management-api">Using the API</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/users/concepts/overview-user-account-linking">Link User Accounts</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/guides/link-user-accounts">Link User Accounts</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/guides/unlink-user-accounts">Unlink User Accounts</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/references/link-accounts-client-side-scenario">Client-Side SPA Scenario</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/references/link-accounts-server-side-scenario">Server-Side Regular Web App Scenario</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/references/link-accounts-user-initiated-scenario">Initiated by Users Scenario</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/security/blacklisting-attributes">Blacklist User Attributes</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/users/concepts/overview-user-migration">Import & Export Users</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/references/bulk-import-database-schema-examples">File Schema</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/guides/configure-automatic-migration">Automatic</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/guides/bulk-user-imports">Bulk Import</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/guides/bulk-user-exports">Bulk Export</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/extensions/user-import-export">User Import/Export Extension</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/references/user-migration-scenarios">Examples</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/users/search/v3">User Search</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/search/v3/get-users-endpoint">Get Users</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/search/v3/get-users-by-email-endpoint">Get Users by Email</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/search/v3/get-users-by-id-endpoint">Get Users by ID</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/search/v3/sort-search-results">Sort Search Results</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/search/v3/view-search-results-by-page">View Search Results</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/users/search/v3/query-syntax">Query Syntax</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/best-practices/search-best-practices">Best Practices</a></li></ul></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/branding-customization">Brand & Customize</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/custom-domains">Custom Domains</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/custom-domains/auth0-managed-certificates">Auth0-Managed Certificates</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/custom-domains/self-managed-certificates">Self-Managed Certificates</a><ul class="sidebar-item-list sidebar-item-list-depth3 "><li class="sidebar-item sidebar-item-depth3 undefined "><a class="" href="/docs/custom-domains/set-up-cloudflare">Cloudflare Reverse Proxy</a></li><li class="sidebar-item sidebar-item-depth3 undefined "><a class="" href="/docs/custom-domains/set-up-cloudfront">Cloudfront Reverse Proxy</a></li><li class="sidebar-item sidebar-item-depth3 undefined "><a class="" href="/docs/custom-domains/set-up-azure-cdn">Azure CDN Reverse Proxy</a></li></ul></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/custom-domains/additional-configuration">Specific Features</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/custom-domains/troubleshoot">Troubleshooting</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/email">Email</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/email/custom">Custom Email Handling</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/email/templates">Customizing Your Emails</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/email/providers">Use your own SMTP Email Provider</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/email/liquid-syntax">Liquid Syntax in Email Templates</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/email/testing">Set up a Test SMTP Provider</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/scopes/current/guides/customize-consent-prompt">Consent Prompt</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/i18n">Internationalization</a></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/rules">Rules</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/dashboard/guides/rules/create-rules">Create a New Rule</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/rules/references/use-cases">Rules Use Cases</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/rules/guides/configuration">Store Configuration for Rules</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/rules/guides/cache-resources">Cache Expensive Resources</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/rules/guides/debug">Debug Rules</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/rules/guides/management-api">Management API in Rules</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/rules/guides/metadata">Metadata in Rules</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/rules/guides/csharp">C# in Rules</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/rules/guides/redirect">Redirect Users from Rules</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/rules/references/user-object">User Object</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/rules/references/context-object">Context Object</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/rules/references/modules">Available Node.js Modules</a></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/hooks">Hooks</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/hooks/create">Create Hooks</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/hooks/update">Update Hooks</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/hooks/delete">Delete Hooks</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/hooks/enable-disable">Enable/Disable Hooks</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/hooks/view">View Hooks</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/hooks/view-logs">View Logs</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/hooks/extensibility-points">Extensibility Points</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/hooks/extensibility-points/client-credentials-exchange">Client Credentials Exchange</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/hooks/extensibility-points/post-change-password">Post Change Password</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/hooks/extensibility-points/post-user-registration">Post User Registration</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/hooks/extensibility-points/pre-user-registration">Pre User Registration</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/hooks/secrets">Hook Secrets</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/hooks/secrets/create">Create Secrets</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/hooks/secrets/update">Update Secrets</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/hooks/secrets/delete">Delete Secrets</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/hooks/secrets/view">View Secrets</a></li></ul></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/extensions">Extensions</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/authorization-extension/v2">Authorization Extension</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/delegated-admin/v3">Delegated Administration</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/custom-social-extensions">Custom Social Connections</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/sso-dashboard">SSO Dashboard Extension</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/authentication-api-webhooks">Authentication API Webhooks</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/management-api-webhooks">Management API Webhooks</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/github-deploy">GitHub Deployments</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/bitbucket-deploy">Bitbucket Deployments</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/gitlab-deploy">GitLab Deployments</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/visual-studio-team-services-deploy">Visual Studio Team Services Deployments</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/authentication-api-debugger">Authentication API Debugger</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/adldap-connector">AD/LDAP Connector Health Monitor</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/realtime-webtask-logs">Real-time Webtask Logs</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/application-insight">Auth0 Logs to Application Insights</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/cloudwatch">Auth0 Logs to AWS Cloudwatch</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/azure-blog-storage">Auth0 Logs to Azure Blob Storage</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/logentries">Auth0 Logs to Logentries</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/loggly">Auth0 Logs to Loggly</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/logstash">Auth0 Logs to Logstash</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/mixpanel">Auth0 Logs to Mixpanel</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/papertrail">Auth0 Logs to Papertrail</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/sumologic">Auth0 Logs to Sumo Logic</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/splunk">Auth0 Logs to Splunk</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/addons">Add-ons</a></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/integrations">Integrations</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/analytics">Analytics</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/analytics/guides/facebook-analytics">Facebook Analytics</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/analytics/guides/google-analytics">Google Analytics</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/integrations/aws">Amazon Web Services (AWS)</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/integrations/aws-api-gateway/custom-authorizers">AWS API Gateway</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/integrations/azure-api-management">Azure API Management</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/integrations/google-cloud-platform">Google Cloud Endpoints</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/integrations/sso">Single Sign-On</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/ad-rms">Active Directory RMS</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/box">Box</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/cloudbees">CloudBees</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/concur">Concur</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/dropbox">Dropbox</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/dynamics-crm">Microsoft Dynamics CRM</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/echosign">Adobe Echosign</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/egnyte">Egnyte</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/new-relic">New Relic</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/office-365">Office 365</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/salesforce">SalesForce</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/sentry">Sentry</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/sharepoint">SharePoint</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/slack">Slack</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/springcm">SpringCM</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/zendesk">Zendesk</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/sso/zoom">Zoom</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/integrations/marketing">Marketing</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/marketing/adobe-campaign">Adobe Campaign</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/marketing/alterian">Alterian</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/marketing/constant-contact">Constant Contact</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/marketing/eloqua">Oracle Eloqua</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/marketing/mailchimp">MailChimp</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/marketing/marketo">Marketo</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/marketing/sailthru">Sailthru</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/marketing/salesforce">Salesforce</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/marketing/salesforce-marketing-cloud">Salesforce Marketing Cloud</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/integrations/marketing/watson-campaign-automation">Watson Campaign Automation</a></li></ul></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/logs">Logs</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/logs/streams">Log Streams</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/logs/streams/http-event">HTTP Event Streams</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/logs/streams/aws-eventbridge">AWS EventBridge</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/logs/references/log-data-retention">Log Data Retention</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/logs/guides/view-log-data-dashboard">View Log Data in the Dashboard</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/logs/references/log-event-filters">Log Event Filters</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/logs/guides/retrieve-logs-mgmt-api">Retrieve Logs Using the Management API</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/logs/references/log-event-type-codes">Log Event Type Codes</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/logs/references/query-syntax">Log Search Query Syntax</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/logs/concepts/logs-admins-devs">Log Usage Examples</a></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/monitoring">Monitor</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/monitoring/guides/check-status">Check Auth0 Status</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/monitoring/guides/test-testall-endpoints">Check Supporting Services Status</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/monitoring/guides/check-external-services">Check External Services Status</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/monitoring/guides/monitor-applications">Monitor Applications</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/monitoring/guides/monitor-using-SCOM">Monitor Using SCOM</a></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/deploy">Deploy</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/getting-started/deployment-models">Deployment Options</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/deploy/checklist">Deploy Checklist</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/pre-deployment">Pre-Deployment</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/pre-deployment/how-to-run-test">Run Checks</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/pre-deployment/prelaunch-tips">Pre-Launch Tips</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/deploy-cli">Deploy CLI Tool</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/extensions/deploy-cli/guides/install-deploy-cli">Install Deploy CLI</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/extensions/deploy-cli/guides/call-deploy-cli-programmatically">Call Deploy CLI</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/extensions/deploy-cli/guides/incorporate-deploy-cli-into-build-environment">Incorporate into Build</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/extensions/deploy-cli/guides/import-export-directory-structure">Import/Export Directory Structure</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/extensions/deploy-cli/guides/import-export-yaml-file">Import/Export YAML File</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/extensions/deploy-cli/references/environment-variables-keyword-mappings">Environment Variables</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/extensions/deploy-cli/references/deploy-cli-options">Deploy CLI Options</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/extensions/deploy-cli/references/whats-new">What's New</a></li></ul></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/troubleshoot">Troubleshoot</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/troubleshoot/concepts/basics">Basic Issues</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/troubleshoot/guides/verify-platform">Verify Platform</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/troubleshoot/guides/verify-connections">Verify Connections</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/troubleshoot/guides/verify-domain">Verify Domain</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/troubleshoot/guides/verify-rules">Verify Rules</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/troubleshoot/guides/check-error-messages">Check Error Messages</a><ul class="sidebar-item-list sidebar-item-list-depth3 "></ul></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/troubleshoot/concepts/auth-issues">Authentication Issues</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/troubleshoot/guides/check-api-calls">API Calls</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/troubleshoot/guides/check-login-logout-issues">Login and Logout Issues</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/troubleshoot/guides/check-user-profiles">User Profiles</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/authorization/concepts/troubleshooting">RBAC</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/multifactor-authentication/troubleshooting">MFA</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/protocols/saml/saml-configuration/troubleshoot">SAML</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/extensions/authorization-extension/v2/troubleshooting">Authorization Extension</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/troubleshoot/concepts/integration-extensibility-issues">Integration and Extensibility Issues</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/connections/how-to-test-partner-connection">Test Partner Connections</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/connections/apple-siwa/troubleshooting">Sign in With Apple</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/connections/database/custom-db/error-handling">Custom Databases</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/connector/troubleshooting">Active Directory/LDAP Connector</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/extensions/troubleshoot">Extensions</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/libraries/auth0-php/troubleshooting">Auth0 PHP SDK</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/troubleshoot/guides/generate-har-files">Generate and Analyze HAR Files</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/extensions/authentication-api-debugger">Authentication API Debugger</a></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/private-cloud">Private Cloud Deployments</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/onboarding/enterprise-support">Enterprise Support</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="arrow-item" href="https://auth0.com/releases/">Release Notes<i class="icon-budicon-519"></i></a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/private-cloud/standard-private-cloud">Private Cloud</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/private-cloud/managed-private-cloud">Managed Private Cloud</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/private-cloud/managed-private-cloud/zones">Managed Private Cloud Zones</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/private-cloud/add-ons">Add-Ons for Private Cloud Deployments</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/private-cloud/custom-domain-migration">Custom Domain Migration</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/private-cloud/onboarding">Onboarding</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/private-cloud/onboarding/private-cloud">Private Cloud Onboarding</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/private-cloud/onboarding/managed-private-cloud">Managed Private Cloud Onboarding</a></li></ul></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/product-lifecycle">Product Lifecycle</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/product-lifecycle/deprecation-eol">Deprecation and End Of Life</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/product-lifecycle/migrations">Migrations</a></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/security">Security</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/security/bulletins">Bulletins</a><ul class="sidebar-item-list sidebar-item-list-depth2 "></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/tokens">Tokens</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/tokens/concepts/id-tokens">ID Tokens</a><ul class="sidebar-item-list sidebar-item-list-depth3 "></ul></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/tokens/concepts/access-tokens">Access Tokens</a><ul class="sidebar-item-list sidebar-item-list-depth3 "></ul></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/tokens/concepts/refresh-tokens">Refresh Tokens</a><ul class="sidebar-item-list sidebar-item-list-depth3 "></ul></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/tokens/guides/store-tokens">Store Tokens</a></li><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/tokens/guides/revoke-tokens">Revoke Tokens</a></li></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/sessions/concepts/cookies">Cookies</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/security/common-threats">Common Threats</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/security/blacklisting-attributes">Blacklist User Attributes</a></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/compliance">Data Privacy</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/compliance/gdpr">GDPR</a><ul class="sidebar-item-list sidebar-item-list-depth2 "><li class="sidebar-item sidebar-item-depth2 undefined "><a class="" href="/docs/compliance/gdpr/features-aiding-compliance">How Auth0 can help</a><ul class="sidebar-item-list sidebar-item-list-depth3 "></ul></li></ul></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/best-practices">Best Practices</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/best-practices/operations">General Usage and Operations</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/best-practices/connection-settings">Connection Settings</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/best-practices/custom-db-connections">Custom Databases and Scripts</a><ul class="sidebar-item-list sidebar-item-list-depth2 "></ul></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/best-practices/metadata-best-practices">Metadata</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/best-practices/rules">Rules</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/best-practices/search-best-practices">Search</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/best-practices/token-best-practices">Tokens</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/best-practices/user-data-storage-best-practices">User Data Storage</a></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/support">Support</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/support">Support Options</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/support/matrix">Support Matrix</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/support/sla">SLA</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/support/tickets">Tickets</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/support/subscription">Manage Subscription</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/policies">Operational Policies</a></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="" href="/docs/services">Professional Services</a><ul class="sidebar-item-list sidebar-item-list-depth1 "><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/services/discover-and-design">Discover & Design</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/services/implement">Implement</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/services/maintain-and-improve">Maintain and Improve</a></li><li class="sidebar-item sidebar-item-depth1 undefined "><a class="" href="/docs/services/packages">Packages</a></li></ul></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="arrow-item" href="https://community.auth0.com/">Auth0 Community<i class="icon-budicon-519"></i></a></li><li class="sidebar-item sidebar-item-depth0 undefined "><a class="arrow-item" href="https://auth0.com/blog/">Auth0 Blog<i class="icon-budicon-519"></i></a></li></div></ul></div></div></div></div><div class="col-md-9 docs-content-container"><div><ul class="breadcrumb" itemscope="" itemType="http://schema.org/BreadcrumbList"><li itemProp="itemListElement" itemscope="" itemType="http://schema.org/ListItem"><a href="/docs"><span class="text" itemProp="name">Docs</span><meta itemProp="position" content="5"/></a></li><li itemProp="itemListElement" itemscope="" itemType="http://schema.org/ListItem"><a href="/docs/getting-started"><span class="text" itemProp="name">Articles</span><meta itemProp="position" content="5"/></a></li><li itemProp="itemListElement" itemscope="" itemType="http://schema.org/ListItem"><a href="https://auth0.com/docs/api-auth"><span class="text" itemProp="name">API Authorization</span><meta itemProp="position" content="5"/></a></li><li itemProp="itemListElement" itemscope="" itemType="http://schema.org/ListItem"><a href="https://auth0.com/docs/api-auth/tutorials/authorization-code-grant"><span class="text" itemProp="name">Execute an Authorization Code Grant Flow</span><meta itemProp="position" content="5"/></a></li></ul><article class="docs-content " data-swiftype-name="body" data-swiftype-type="text" data-swiftype-index="true"><div><div><div id="portal-header-wrapper"><div class="headerWrapper--2UXKN" data-react-universal-portal=""><div class=" tocBar--2h2ft "><h1 class="title--1dLg4">Execute an Authorization Code Grant Flow</h1><div><span role="button" tabindex="0" aria-haspopup="true" aria-expanded="false" class="dropdownButton--3ms3m"><span class="dropdownButtonText--35nCB">In this article</span><i class="dropdownButtonIcon--263xY icon icon-budicon-460"></i></span></div></div></div></div> <div class="alert alert-default alert-with-icon"> <i class="icon-budicon-724 alert-icon"></i> <div class="alert-content"> <p>This tutorial will help you implement the Authorization Code grant. If you are looking for some theory on the flow refer to <a href="https://auth0.com/docs/api-auth/grant/authorization-code">Calling APIs from Server-side Web Apps</a>.</p> </div></div> <p>The <strong>Authorization Code</strong> is an OAuth 2.0 grant that <a href="https://auth0.com/docs/quickstart/webapp">regular web apps</a> use in order to access an API. In this document we will work through the steps needed in order to implement this: get the user's authorization, get a token and access the API using the token.</p> <p>Before beginning this tutorial, please:</p> <ul> <li>Check that your Application's <a href="https://auth0.com/docs/applications/concepts/application-grant-types">Grant Type property</a> is set appropriately</li> <li><a href="https://auth0.com/docs/apis#how-to-configure-an-api-in-auth0">Register the API</a> with Auth0</li> </ul> <div id="portal-title-0"><div id="1-get-the-user-s-authorization" class="header-wrapper header-level-h2" data-react-universal-portal=""><h2 id="1-get-the-users-authorization" class="anchor-heading"><span class="anchor"><i class="icon icon-budicon-345"></i></span>1. Get the User's Authorization</h2></div></div> <p>To begin an Authorization Code flow, your web application should first send the user to the <a href="https://auth0.com/docs/api/authentication#authorization-code-grant">authorization URL</a>:</p> <div id="portal-code-block-0"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="language-text">https://YOUR_DOMAIN/authorize? audience=YOUR_API_AUDIENCE& scope=YOUR_SCOPE& response_type=code& client_id=YOUR_CLIENT_ID& redirect_uri=https://YOUR_APP/callback& state=YOUR_OPAQUE_VALUE </code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> <p>Where:</p> <ul> <li> <p><code>audience</code>: The unique identifier of the API the web app wants to access. Use the <strong>Identifier</strong> value on the <a href="https://manage.auth0.com/#/apis">Settings</a> tab for the API you created as part of the prerequisites for this tutorial.</p> </li> <li> <p><code>scope</code>: The <dfn id="react-containers-DefinitionTooltip-0"><span class="underlinedWord--28Rsv" data-react-universal-portal="">scopes</span></dfn> which you want to request authorization for. These must be separated by a space. You can request any of the <a href="https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">standard OpenID Connect (OIDC) scopes</a> about users, such as <code>profile</code> and <code>email</code>, custom claims that must <a href="https://auth0.com/docs/tokens/guides/create-namespaced-custom-claims">conform to a namespaced format</a>, or any scopes supported by the target API (for example, <code>read:contacts</code>). Include <code>offline_access</code> to get a <dfn id="react-containers-DefinitionTooltip-1"><span class="underlinedWord--28Rsv" data-react-universal-portal="">Refresh Token</span></dfn> (make sure that the <strong>Allow Offline Access</strong> field is enabled in the <a href="https://manage.auth0.com/#/apis">API Settings</a>).</p> </li> <li> <p><code>response_type</code>: Denotes the kind of credential that Auth0 will return (code vs token). For this flow, the value must be <code>code</code>.</p> </li> <li> <p><code>client_id</code>: Your application's Client ID. You can find this value at your <a href="https://manage.auth0.com/#/applications/YOUR_CLIENT_ID/settings">Application's Settings</a>.</p> </li> <li> <p><code>state</code>: An opaque value the application adds to the initial request that Auth0 includes when redirecting back to the application. This value must be used by the application to prevent CSRF attacks. For more information, see <a href="https://auth0.com/docs/protocols/oauth-state">State Parameter</a>.</p> </li> <li> <p><code>redirect_uri</code>: The URL to which Auth0 will redirect the browser after authorization has been granted by the user. The Authorization Code will be available in the <code>code</code> URL parameter. This URL must be specified as a valid callback URL under your <a href="https://manage.auth0.com/#/applications/YOUR_CLIENT_ID/settings">Application's Settings</a>.</p> </li> </ul> <p>For example:</p> <div id="portal-code-block-1"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="language-html"><a href="https://YOUR_DOMAIN/authorize?scope=appointments%20contacts&audience=appointments:api&response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=https://YOUR_APP/callback"> Sign In </a> </code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> <p>The purpose of this call is to obtain consent from the user to invoke the API (specified in <code>audience</code>) to do certain things (specified in <code>scope</code>) on behalf of the user. Auth0 will authenticate the user and obtain consent, unless consent has been previously given.</p> <p>Note that if you alter the value in <code>scope</code>, Auth0 will require consent to be given again.</p> <div id="portal-title-1"><div id="2-exchange-the-authorization-code-for-an-access-token" class="header-wrapper header-level-h2" data-react-universal-portal=""><h2 id="2-exchange-the-authorization-code-for-an-access-token" class="anchor-heading"><span class="anchor"><i class="icon icon-budicon-345"></i></span>2. Exchange the Authorization Code for an Access Token</h2></div></div> <p>Now that you have an Authorization Code, you must exchange it for an <dfn id="react-containers-DefinitionTooltip-2"><span class="underlinedWord--28Rsv" data-react-universal-portal="">Access Token</span></dfn> that can be used to call your API. Using the Authorization Code (<code>code</code>) from the previous step, you will need to <code>POST</code> to the <a href="https://auth0.com/docs/api/authentication?http#authorization-code">Token URL</a>:</p> <pre style="display: none;"></pre> <div class="code-picker"> <div class="languages-bar"> <ul> <li class="active"><a href="#6c789f0324a94fd1b7e00e362623c4fd_shell" role="tab" data-toggle="tab">cURL</a></li> <li class=""><a href="#6c789f0324a94fd1b7e00e362623c4fd_csharp" role="tab" data-toggle="tab">C#</a></li> <li class=""><a href="#6c789f0324a94fd1b7e00e362623c4fd_go" role="tab" data-toggle="tab">Go</a></li> <li class=""><a href="#6c789f0324a94fd1b7e00e362623c4fd_java" role="tab" data-toggle="tab">Java</a></li> <li class=""><a href="#6c789f0324a94fd1b7e00e362623c4fd_node" role="tab" data-toggle="tab">Node.JS</a></li> <li class=""><a href="#6c789f0324a94fd1b7e00e362623c4fd_objc" role="tab" data-toggle="tab">Obj-C</a></li> <li class="dropdown"><a href="#" data-toggle="dropdown" class="more-dots">...</a> <ul class="dropdown-menu"> <li class=""><a href="#6c789f0324a94fd1b7e00e362623c4fd_php" role="tab" data-toggle="tab">PHP</a></li> <li class=""><a href="#6c789f0324a94fd1b7e00e362623c4fd_python" role="tab" data-toggle="tab">Python</a></li> <li class=""><a href="#6c789f0324a94fd1b7e00e362623c4fd_ruby" role="tab" data-toggle="tab">Ruby</a></li> <li class=""><a href="#6c789f0324a94fd1b7e00e362623c4fd_swift" role="tab" data-toggle="tab">Swift</a></li> </ul> </li> <!-- <li class="pull-right"> <div class="btn btn-sm btn-transparent btn-copy"><span class="btn-icon icon-budicon-450"></span>Copy</div> </li> --> </ul> </div> <!-- Tab panes --> <div class="tab-content"> <div role="tabpanel" class="tab-pane active" id="6c789f0324a94fd1b7e00e362623c4fd_shell"> <div id="portal-code-block-2"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="text no-lines">curl --request POST \ --url 'https://YOUR_DOMAIN/oauth/token' \ --header 'content-type: application/x-www-form-urlencoded' \ --data grant_type=authorization_code \ --data 'client_id=YOUR_CLIENT_ID' \ --data client_secret=YOUR_CLIENT_SECRET \ --data code=YOUR_AUTHORIZATION_CODE \ --data 'redirect_uri=https://YOUR_APP/callback'</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="6c789f0324a94fd1b7e00e362623c4fd_csharp"> <div id="portal-code-block-3"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="csharp no-lines">var client = new RestClient("https://YOUR_DOMAIN/oauth/token"); var request = new RestRequest(Method.POST); request.AddHeader("content-type", "application/x-www-form-urlencoded"); request.AddParameter("application/x-www-form-urlencoded", "grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D", ParameterType.RequestBody); IRestResponse response = client.Execute(request);</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="6c789f0324a94fd1b7e00e362623c4fd_go"> <div id="portal-code-block-4"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="go no-lines">package main import ( "fmt" "strings" "net/http" "io/ioutil" ) func main() { url := "https://YOUR_DOMAIN/oauth/token" payload := strings.NewReader("grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D") req, _ := http.NewRequest("POST", url, payload) req.Header.Add("content-type", "application/x-www-form-urlencoded") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := ioutil.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) }</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="6c789f0324a94fd1b7e00e362623c4fd_java"> <div id="portal-code-block-5"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="java no-lines">HttpResponse<String> response = Unirest.post("https://YOUR_DOMAIN/oauth/token") .header("content-type", "application/x-www-form-urlencoded") .body("grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D") .asString();</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="6c789f0324a94fd1b7e00e362623c4fd_node"> <div id="portal-code-block-6"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="javascript no-lines">var request = require("request"); var options = { method: 'POST', url: 'https://YOUR_DOMAIN/oauth/token', headers: {'content-type': 'application/x-www-form-urlencoded'}, form: { grant_type: 'authorization_code', client_id: 'YOUR_CLIENT_ID', client_secret: 'YOUR_CLIENT_SECRET', code: 'YOUR_AUTHORIZATION_CODE', redirect_uri: 'https://YOUR_APP/callback' } }; request(options, function (error, response, body) { if (error) throw new Error(error); console.log(body); }); </code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="6c789f0324a94fd1b7e00e362623c4fd_objc"> <div id="portal-code-block-7"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="objective-c no-lines">#import <Foundation/Foundation.h> NSDictionary *headers = @{ @"content-type": @"application/x-www-form-urlencoded" }; NSMutableData *postData = [[NSMutableData alloc] initWithData:[@"grant_type=authorization_code" dataUsingEncoding:NSUTF8StringEncoding]]; [postData appendData:[@"&client_id=YOUR_CLIENT_ID" dataUsingEncoding:NSUTF8StringEncoding]]; [postData appendData:[@"&client_secret=YOUR_CLIENT_SECRET" dataUsingEncoding:NSUTF8StringEncoding]]; [postData appendData:[@"&code=YOUR_AUTHORIZATION_CODE" dataUsingEncoding:NSUTF8StringEncoding]]; [postData appendData:[@"&redirect_uri=https://YOUR_APP/callback" dataUsingEncoding:NSUTF8StringEncoding]]; NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://YOUR_DOMAIN/oauth/token"] cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:10.0]; [request setHTTPMethod:@"POST"]; [request setAllHTTPHeaderFields:headers]; [request setHTTPBody:postData]; NSURLSession *session = [NSURLSession sharedSession]; NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) { if (error) { NSLog(@"%@", error); } else { NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response; NSLog(@"%@", httpResponse); } }]; [dataTask resume];</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="6c789f0324a94fd1b7e00e362623c4fd_php"> <div id="portal-code-block-8"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="php no-lines">$curl = curl_init(); curl_setopt_array($curl, array( CURLOPT_URL => "https://YOUR_DOMAIN/oauth/token", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D", CURLOPT_HTTPHEADER => array( "content-type: application/x-www-form-urlencoded" ), )); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="6c789f0324a94fd1b7e00e362623c4fd_python"> <div id="portal-code-block-9"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="python no-lines">import http.client conn = http.client.HTTPSConnection("") payload = "grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D" headers = { 'content-type': "application/x-www-form-urlencoded" } conn.request("POST", "/YOUR_DOMAIN/oauth/token", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="6c789f0324a94fd1b7e00e362623c4fd_ruby"> <div id="portal-code-block-10"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="ruby no-lines">require 'uri' require 'net/http' require 'openssl' url = URI("https://YOUR_DOMAIN/oauth/token") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["content-type"] = 'application/x-www-form-urlencoded' request.body = "grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D" response = http.request(request) puts response.read_body</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="6c789f0324a94fd1b7e00e362623c4fd_swift"> <div id="portal-code-block-11"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="swift no-lines">import Foundation let headers = ["content-type": "application/x-www-form-urlencoded"] let postData = NSMutableData(data: "grant_type=authorization_code".data(using: String.Encoding.utf8)!) postData.append("&client_id=YOUR_CLIENT_ID".data(using: String.Encoding.utf8)!) postData.append("&client_secret=YOUR_CLIENT_SECRET".data(using: String.Encoding.utf8)!) postData.append("&code=YOUR_AUTHORIZATION_CODE".data(using: String.Encoding.utf8)!) postData.append("&redirect_uri=https://YOUR_APP/callback".data(using: String.Encoding.utf8)!) let request = NSMutableURLRequest(url: NSURL(string: "https://YOUR_DOMAIN/oauth/token")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> </div> </div> <p>Where:</p> <ul> <li><code>grant_type</code>: This must be <code>authorization_code</code>.</li> <li><code>client_id</code>: Your application's Client ID.</li> <li><code>client_secret</code>: Your application's Client Secret.</li> <li><code>code</code>: The Authorization Code received from the initial <code>authorize</code> call.</li> <li><code>redirect_uri</code>: The URL must match exactly the <code>redirect_uri</code> passed to <code>/authorize</code>.</li> </ul> <p>The response contains the <code>access_token</code>, <code>refresh_token</code>, <code>id_token</code>, and <code>token_type</code> values, for example:</p> <div id="portal-code-block-12"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="language-js">{ "access_token": "eyJz93a...k4laUWw", "refresh_token": "GEbRxBN...edjnXbL", "id_token": "eyJ0XAi...4faeEoQ", "token_type": "Bearer" } </code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> <p>Note that <code>refresh_token</code> will only be present in the response if you included the <code>offline_access</code> scope AND enabled <strong>Allow Offline Access</strong> for your API in the Dashboard. See <a href="https://auth0.com/docs/tokens/concepts/refresh-tokens">Refresh Tokens</a> for more information.</p> <div class="panel panel-warning"> <div class="panel-heading"> <h3 class="panel-title">Security Warning</h3> </div> <div class="panel-body"> <p>It is important to understand that the Authorization Code flow should only be used in cases such as a Regular Web Application where the Client Secret can be safely stored. In cases such as a Single-Page Application, the Client Secret is available to the application (in the web browser), so the integrity of the Client Secret cannot be maintained. That is why the <a href="https://auth0.com/docs/flows/concepts/auth-code-pkce">Authorization Code Flow with PKCE </a> is more appropriate in that case.</p> </div></div> <div id="portal-title-2"><div id="3-call-the-api" class="header-wrapper header-level-h2" data-react-universal-portal=""><h2 id="3-call-the-api" class="anchor-heading"><span class="anchor"><i class="icon icon-budicon-345"></i></span>3. Call the API</h2></div></div> <p>Once the Access Token has been obtained it can be used to make calls to the API by passing it as a Bearer Token in the <code>Authorization</code> header of the HTTP request:</p> <pre style="display: none;"></pre> <div class="code-picker"> <div class="languages-bar"> <ul> <li class="active"><a href="#e5e29ae33dff489fa6add6282fed1315_shell" role="tab" data-toggle="tab">cURL</a></li> <li class=""><a href="#e5e29ae33dff489fa6add6282fed1315_csharp" role="tab" data-toggle="tab">C#</a></li> <li class=""><a href="#e5e29ae33dff489fa6add6282fed1315_go" role="tab" data-toggle="tab">Go</a></li> <li class=""><a href="#e5e29ae33dff489fa6add6282fed1315_java" role="tab" data-toggle="tab">Java</a></li> <li class=""><a href="#e5e29ae33dff489fa6add6282fed1315_node" role="tab" data-toggle="tab">Node.JS</a></li> <li class=""><a href="#e5e29ae33dff489fa6add6282fed1315_objc" role="tab" data-toggle="tab">Obj-C</a></li> <li class="dropdown"><a href="#" data-toggle="dropdown" class="more-dots">...</a> <ul class="dropdown-menu"> <li class=""><a href="#e5e29ae33dff489fa6add6282fed1315_php" role="tab" data-toggle="tab">PHP</a></li> <li class=""><a href="#e5e29ae33dff489fa6add6282fed1315_python" role="tab" data-toggle="tab">Python</a></li> <li class=""><a href="#e5e29ae33dff489fa6add6282fed1315_ruby" role="tab" data-toggle="tab">Ruby</a></li> <li class=""><a href="#e5e29ae33dff489fa6add6282fed1315_swift" role="tab" data-toggle="tab">Swift</a></li> </ul> </li> <!-- <li class="pull-right"> <div class="btn btn-sm btn-transparent btn-copy"><span class="btn-icon icon-budicon-450"></span>Copy</div> </li> --> </ul> </div> <!-- Tab panes --> <div class="tab-content"> <div role="tabpanel" class="tab-pane active" id="e5e29ae33dff489fa6add6282fed1315_shell"> <div id="portal-code-block-13"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="text no-lines">curl --request GET \ --url https://someapi.com/api \ --header 'authorization: Bearer ACCESS_TOKEN' \ --header 'content-type: application/json'</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="e5e29ae33dff489fa6add6282fed1315_csharp"> <div id="portal-code-block-14"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="csharp no-lines">var client = new RestClient("https://someapi.com/api"); var request = new RestRequest(Method.GET); request.AddHeader("content-type", "application/json"); request.AddHeader("authorization", "Bearer ACCESS_TOKEN"); IRestResponse response = client.Execute(request);</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="e5e29ae33dff489fa6add6282fed1315_go"> <div id="portal-code-block-15"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="go no-lines">package main import ( "fmt" "net/http" "io/ioutil" ) func main() { url := "https://someapi.com/api" req, _ := http.NewRequest("GET", url, nil) req.Header.Add("content-type", "application/json") req.Header.Add("authorization", "Bearer ACCESS_TOKEN") res, _ := http.DefaultClient.Do(req) defer res.Body.Close() body, _ := ioutil.ReadAll(res.Body) fmt.Println(res) fmt.Println(string(body)) }</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="e5e29ae33dff489fa6add6282fed1315_java"> <div id="portal-code-block-16"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="java no-lines">HttpResponse<String> response = Unirest.get("https://someapi.com/api") .header("content-type", "application/json") .header("authorization", "Bearer ACCESS_TOKEN") .asString();</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="e5e29ae33dff489fa6add6282fed1315_node"> <div id="portal-code-block-17"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="javascript no-lines">var request = require("request"); var options = { method: 'GET', url: 'https://someapi.com/api', headers: {'content-type': 'application/json', authorization: 'Bearer ACCESS_TOKEN'} }; request(options, function (error, response, body) { if (error) throw new Error(error); console.log(body); }); </code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="e5e29ae33dff489fa6add6282fed1315_objc"> <div id="portal-code-block-18"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="objective-c no-lines">#import <Foundation/Foundation.h> NSDictionary *headers = @{ @"content-type": @"application/json", @"authorization": @"Bearer ACCESS_TOKEN" }; NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://someapi.com/api"] cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:10.0]; [request setHTTPMethod:@"GET"]; [request setAllHTTPHeaderFields:headers]; NSURLSession *session = [NSURLSession sharedSession]; NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) { if (error) { NSLog(@"%@", error); } else { NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response; NSLog(@"%@", httpResponse); } }]; [dataTask resume];</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="e5e29ae33dff489fa6add6282fed1315_php"> <div id="portal-code-block-19"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="php no-lines">$curl = curl_init(); curl_setopt_array($curl, array( CURLOPT_URL => "https://someapi.com/api", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "GET", CURLOPT_HTTPHEADER => array( "authorization: Bearer ACCESS_TOKEN", "content-type: application/json" ), )); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="e5e29ae33dff489fa6add6282fed1315_python"> <div id="portal-code-block-20"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="python no-lines">import http.client conn = http.client.HTTPSConnection("someapi.com") headers = { 'content-type': "application/json", 'authorization': "Bearer ACCESS_TOKEN" } conn.request("GET", "/api", headers=headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="e5e29ae33dff489fa6add6282fed1315_ruby"> <div id="portal-code-block-21"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="ruby no-lines">require 'uri' require 'net/http' require 'openssl' url = URI("https://someapi.com/api") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Get.new(url) request["content-type"] = 'application/json' request["authorization"] = 'Bearer ACCESS_TOKEN' response = http.request(request) puts response.read_body</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> <div role="tabpanel" class="tab-pane " id="e5e29ae33dff489fa6add6282fed1315_swift"> <div id="portal-code-block-22"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="swift no-lines">import Foundation let headers = [ "content-type": "application/json", "authorization": "Bearer ACCESS_TOKEN" ] let request = NSMutableURLRequest(url: NSURL(string: "https://someapi.com/api")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "GET" request.allHTTPHeaderFields = headers let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()</code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> </div> </div> </div> <div id="portal-title-3"><div id="4-verify-the-token" class="header-wrapper header-level-h2" data-react-universal-portal=""><h2 id="4-verify-the-token" class="anchor-heading"><span class="anchor"><i class="icon icon-budicon-345"></i></span>4. Verify the Token</h2></div></div> <p>Once your API receives a request with a Bearer Access Token, the first thing to do is to validate the token. This consists of a series of steps, and if any of these fails then the request <em>must</em> be rejected.</p> <p>For details on the validations that should be performed, see <a href="https://auth0.com/docs/tokens/guides/validate-access-tokens">Validate Access Tokens</a>.</p> <div id="portal-title-4"><div id="optional-customize-the-tokens" class="header-wrapper header-level-h2" data-react-universal-portal=""><h2 id="optional-customize-the-tokens" class="anchor-heading"><span class="anchor"><i class="icon icon-budicon-345"></i></span>Optional: Customize the Tokens</h2></div></div> <div class="includes-wrapper"><p>You can use <a href="https://auth0.com/docs/rules">Rules</a> to change the returned scopes of the Access Token and/or add claims to it (and the ID Token) with a script like this:</p> <div id="portal-code-block-23"><div class="codeBlock--2nPRx" data-react-universal-portal=""><div class="codeSection--l3D_7"><button class="copy-button btn btn-sm overlay--qmJws btn-default"><span class="icon-budicon-338"></span></button><div><pre class="code--2exA6"><code class="language-javascript">function(user, context, callback) { // add custom claims to Access Token and ID Token context.accessToken['http://foo/bar'] = 'value'; context.idToken['http://fiz/baz'] = 'some other value'; // change scope context.accessToken.scope = ['array', 'of', 'strings']; callback(null, user, context); } </code></pre></div></div><div class="feedback--2WYTe"><div><span>Was this helpful?</span><button class="text--9gWDi">Yes</button><span>/</span><button class="text--9gWDi">No</button></div></div></div></div> <div class="panel panel-warning"> <div class="panel-heading"> <h3 class="panel-title">Namespacing Custom Claims</h3> </div> <div class="panel-body"> <p>Auth0 returns profile information in a <a href="https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims">structured claim format as defined by the OpenID Connect (OIDC) specification</a>. This means that in order to add custom claims to ID Tokens or Access Tokens, they must <a href="https://auth0.com/docs/tokens/guides/create-namespaced-custom-claims">conform to a namespaced format</a> to avoid possible collisions with standard OIDC claims. You can <a href="#optional-customize-the-tokens">add namespaced claims using Rules</a>.</p> </div></div> </div> <p>If you wish to execute special logic unique to the Authorization Code grant, you can look at the <code>context.protocol</code> property in your rule. If the value is <code>oidc-basic-profile</code>, then the rule is running during the Authorization Code grant.</p> <div id="portal-title-5"><div id="keep-reading" class="header-wrapper header-level-h2" data-react-universal-portal=""><h2 id="keep-reading" class="anchor-heading"><span class="anchor"><i class="icon icon-budicon-345"></i></span>Keep Reading</h2></div></div> <ul> <li><a href="https://auth0.com/docs/tokens/concepts/refresh-token">Refresh Tokens</a></li> <li><a href="https://auth0.com/docs/apis">How to configure an API in Auth0</a></li> <li><a href="https://auth0.com/docs/application-auth/server-side-web">Application Authentication for Server-side Web Apps</a></li> <li><a href="https://auth0.com/docs/tokens">Tokens</a></li> </ul> </div></div></article><div class="articleFooter--2MwGd article-footer"><div><div class="topContent--1beFf"><div><h5 class="title--29FAx">Was this article helpful?</h5><div class="buttons--2INTF"><button class="button--2bLX_ buttonYes--4KXLG btn btn-transparent btn-sm"><span class="buttonIcon--1QKm5 btn-icon icon-budicon-470"></span>Yes</button><button class="button--2bLX_ buttonNo--3pD4h btn btn-transparent btn-sm"><span class="buttonIcon--1QKm5 btn-icon icon-budicon-471"></span>No</button></div></div><div class="suggestions--1C9Np"><span>Any suggestion or typo? </span><a class="editLink--3QjMO" href="https://github.com/auth0/docs/edit/master/articles/api-auth/tutorials/authorization-code-grant.md" target="_blank" rel="noreferrer noopener nofollow">Edit on GitHub</a></div></div></div></div></div></div></div></div></div></div></div></div></div></div><footer class="sc-footer" role="contentinfo"><div class="container"><div class="sc-footer__logo"><img class="sc-footer__logo-image" src="https://cdn.auth0.com/styleguide/components/1.0.8/media/logos/img/badge.png" width="30" alt=""/></div><div class="sc-footer__grid"><div class="sc-footer__column sc-footer__column--grid"><div class="sc-footer__item"><h6 class="sc-footer__title">Product</h6></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://auth0.com/pricing">Pricing</a></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://auth0.com/why-auth0">Why Auth0</a></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://auth0.com/how-it-works">How It Works</a></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://auth0.com/lock">Lock</a></div></div><div class="sc-footer__column sc-footer__column--grid"><div class="sc-footer__item"><h6 class="sc-footer__title">Company</h6></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://auth0.com/about">About Us</a></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://auth0.com/blog">Blog</a></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://auth0.com/jobs">Jobs</a></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://auth0.com/press">Press</a></div></div><div class="sc-footer__column sc-footer__column--grid"><div class="sc-footer__item"><h6 class="sc-footer__title">Learn</h6></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://auth0.com/availability-trust">Availability & Trust</a></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://auth0.com/security">Security</a></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://auth0.com/whitehat">White Hat</a></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://auth0.com/docs/apiv2">API Explorer</a></div></div><div class="sc-footer__column sc-footer__column--grid"><div class="sc-footer__item"><h6 class="sc-footer__title">More</h6></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://support.auth0.com">Help & Support</a></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://auth0.com/docs/services">Professional Services</a></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://auth0.com/docs">Documentation</a></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://auth0.com/opensource">Open Source</a></div><div class="sc-footer__item"><a class="sc-footer__link sc-footer__link--featured" href="https://auth0.com/wordpress">WordPress</a></div></div><div class="sc-footer__column sc-footer__column--contact"><div class="sc-footer__contact-column sc-footer__contact-column--address"><div class="sc-footer__item"><h6 class="sc-footer__title">Contact</h6></div><div class="sc-footer__item sc-footer__item--text">10800 NE 8th Street<br/>Suite 600<br/>Bellevue, WA 98004</div></div><div class="sc-footer__contact-column sc-footer__contact-column--phone"><div class="sc-footer__item sc-footer__item--small"><a class="sc-footer__link sc-footer__phone" href="tel:+18882352699">+1 (888) 235-2699</a></div><div class="sc-footer__item sc-footer__item--small"><a class="sc-footer__link sc-footer__phone" href="tel:+14253126521">+1 (425) 312-6521</a></div><div class="sc-footer__item sc-footer__item--small"><a class="sc-footer__link sc-footer__phone" href="tel:+4403332341966">+44 (0) 33-3234-1966</a></div></div></div></div><div class="sc-footer__colophon"><div class="sc-footer__column"><ul class="list-inline sc-footer__list sc-footer__like-buttons-container"><li class="sc-footer__list-item"><a class="sc-footer__like-buttons__link sc-footer__like-buttons__link--twitter" href="https://twitter.com/auth0" target="_blank" rel="noopener noreferrer"><span class="sc-footer__like-buttons__icon-container"><svg class="sc-footer__like-buttons__icon" viewBox="0 0 72 72"><path fill="none" d="M0 0h72v72H0z"></path><path fill="#fff" d="M68.812 15.14c-2.348 1.04-4.87 1.744-7.52 2.06 2.704-1.62 4.78-4.186 5.757-7.243-2.53 1.5-5.33 2.592-8.314 3.176C56.35 10.59 52.948 9 49.182 9c-7.23 0-13.092 5.86-13.092 13.093 0 1.026.118 2.02.338 2.98C25.543 24.527 15.9 19.318 9.44 11.396c-1.125 1.936-1.77 4.184-1.77 6.58 0 4.543 2.312 8.552 5.824 10.9-2.146-.07-4.165-.658-5.93-1.64-.002.056-.002.11-.002.163 0 6.345 4.513 11.638 10.504 12.84-1.1.298-2.256.457-3.45.457-.845 0-1.666-.078-2.464-.23 1.667 5.2 6.5 8.985 12.23 9.09-4.482 3.51-10.13 5.605-16.26 5.605-1.055 0-2.096-.06-3.122-.184 5.794 3.717 12.676 5.882 20.067 5.882 24.083 0 37.25-19.95 37.25-37.25 0-.565-.013-1.133-.038-1.693 2.558-1.847 4.778-4.15 6.532-6.774z"></path></svg></span><span class="sc-footer__like-buttons__action">Follow</span><span class="sr-only"> us on Twitter, along with </span><span class="sc-footer__like-buttons__counter sr-only">many</span><span class="sr-only"> followers!</span></a></li><li class="sc-footer__list-item"><a class="sc-footer__like-buttons__link sc-footer__like-buttons__link--linkedin" href="https://www.linkedin.com/company/auth0" target="_blank" rel="noopener noreferrer"><span class="sc-footer__like-buttons__icon-container"><svg class="sc-footer__like-buttons__icon" viewBox="0 50 512 512"><path fill="#ffffff" d="M150.65 100.682c0 27.992-22.508 50.683-50.273 50.683-27.765 0-50.273-22.69-50.273-50.683C50.104 72.692 72.612 50 100.377 50c27.766 0 50.273 22.69 50.273 50.682zm-7.356 86.65H58.277V462h85.017V187.333zm135.9 0h-81.54V462h81.54V317.82c0-38.625 17.78-61.616 51.808-61.616 31.268 0 46.29 22.07 46.29 61.615V462h84.604V288.085s-41.69-109.13-99.934-109.13-82.768 45.368-82.768 45.368v-36.99z"></path></svg></span><span class="sc-footer__like-buttons__action">Follow</span><span class="sr-only"> us on LinkedIn, along with </span><span class="sc-footer__like-buttons__counter sr-only">many</span><span class="sr-only"> followers!</span></a></li><li class="sc-footer__list-item"><a class="sc-footer__like-buttons__link sc-footer__like-buttons__link--facebook" href="https://www.facebook.com/getauth0" target="_blank" rel="noopener noreferrer"><span class="sc-footer__like-buttons__icon-container"><svg class="sc-footer__like-buttons__icon" viewBox="0 0 16 16"><path fill="#fff" fill-rule="evenodd" d="M4.55 7c.248 0 .45.234.45.522v5.956c0 .288-.202.522-.45.522h-2.1c-.248 0-.45-.234-.45-.522V7.522C2 7.234 2.202 7 2.45 7h2.1zm1.995 6.2c-.305-.036-.528-.302-.545-.626.017 0 .013-2.906 0-4.43.013-.525.108-1.458.398-1.87.708-1.008 1.205-1.666 1.494-2.048.29-.382.636-.755.646-1.04.013-.384 0-.39 0-.83 0-.44.208-.856.733-.856.257 0 .46.057.65.3.304.356.516.92.516 1.81S9.51 6.173 9.51 6.18h4.037c.618-.004.954.545.954 1.117 0 .536-.364.982-.844 1.057.29.14.5.47.5.852 0 .476-.325.872-.756.94.23.145.375.406.375.702 0 .398-.26.733-.615.813.21.14.346.396.346.685 0 .452-.334.823-.763.857H6.545z"></path></svg></span><span class="sc-footer__like-buttons__action">Like</span><span class="sr-only"> our Facebook page, along with </span><span class="sc-footer__like-buttons__counter sr-only">many</span><span class="sr-only"> people!</span></a></li></ul></div><script src="https://cdn.auth0.com/website/auth0-footer-counters.min.js" async="" defer=""></script><div class="sc-footer__column"><ul class="list-inline text-right sc-footer__list"><li class="sc-footer__list-item"><a class="sc-footer__link" href="https://auth0.com/privacy">Privacy Policy</a></li><li class="sc-footer__list-item"><a class="sc-footer__link" href="https://auth0.com/terms">Terms of Service</a></li><li class="sc-footer__list-item"><span>© 2013-2018 Auth0®, Inc. All Rights Reserved.</span></li></ul></div></div></div></footer></div><script>window.App={"context":{"dispatcher":{"stores":{"RouteStore":{"currentNavigate":{"transactionId":3969471166280116,"method":"get","url":"\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","route":{"path":"\u002Fdocs\u002F*","method":"get","handler":function StoreConnector(props, context) { React.Component.apply(this, arguments); this.state = this.getStateFromStores(); this._onStoreChange = null; this._isMounted = false; },"action":function loadDocument(context, payload) { var logger = context.getService('LoggingService'); var url = (0, _normalizeUrl.default)(payload.url); context.dispatch('DOCUMENT_SELECTED', { url: url }); var success = function success(doc) { if (!doc.meta.quickstart) { context.dispatch('UPDATE_PAGE_METADATA', { pageTitle: doc.meta.title, pageDescription: doc.meta.description }); } if (payload.name === 'article') { context.dispatch('ARTICLE_LOAD_SUCCESS', { url: url, doc: doc }); } context.dispatch('DOCUMENT_LOAD_SUCCESS', { url: url, doc: doc }); logger.debug('Document loaded successfully.', { url: url }); return Promise.resolve(); }; var failure = function failure(err) { context.dispatch('DOCUMENT_LOAD_FAILURE', { url: url, err: err }); logger.warn('Error loading document.', { url: url, err: err }); return Promise.resolve(); }; // First, check to see if the doc has already been loaded. var doc = context.getStore(_DocumentStore.default).getDocument(url); if (doc) { if (doc.state === _LoadState.default.LOADED) { // If it has been loaded, just return it. return success(doc); } else if (doc.state === _LoadState.default.LOADING) { // If it's already being loaded, don't load it again. return Promise.resolve(); } } // If the document hasn't been loaded (or a previous load resulted in // an error), try to load it using the DocumentService. context.dispatch('DOCUMENT_LOADING', { url: url }); return context.getService('DocumentService').load(url).then(success).catch(failure); },"name":"article","url":"\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","params":{"0":"api-auth\u002Ftutorials\u002Fauthorization-code-grant"},"query":{}},"error":null,"isComplete":true},"routes":null},"ApplicationStore":{"flags":{"framed":false,"singleQuickstart":false},"pageTitle":"Execute an Authorization Code Grant Flow","pageDescription":"How to execute an Authorization Code Grant flow from a Regular Web application","domainUrlApp":"https:\u002F\u002Fmanage.auth0.com","dashboardUrl":"https:\u002F\u002Fmanage.auth0.com\u002F#","domainUrlDocs":"https:\u002F\u002Fauth0.com\u002Fdocs","domainUrlSignup":"https:\u002F\u002Fauth0.com\u002Fsignup?&signUpData=%7B%22category%22%3A%22docs%22%7D"},"QuickstartStore":{"flags":{"framed":false,"singleQuickstart":false},"sidebarItems":[],"breadcrumbs":[],"sidebarBreadcrumbs":[]},"DocumentStore":{"docs":{"\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant":{"state":"LOADED","originalHtml":"\u003Cdiv id=\"portal-header-wrapper\"\u003E\u003Cdiv class=\"headerWrapper--2UXKN\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"\n tocBar--2h2ft\n \n \"\u003E\u003Ch1 class=\"title--1dLg4\"\u003EExecute an Authorization Code Grant Flow\u003C\u002Fh1\u003E\u003Cdiv\u003E\u003Cspan role=\"button\" tabindex=\"0\" aria-haspopup=\"true\" aria-expanded=\"false\" class=\"dropdownButton--3ms3m\"\u003E\u003Cspan class=\"dropdownButtonText--35nCB\"\u003EIn this article\u003C\u002Fspan\u003E\u003Ci class=\"dropdownButtonIcon--263xY icon icon-budicon-460\"\u003E\u003C\u002Fi\u003E\u003C\u002Fspan\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n\u003Cdiv class=\"alert alert-default alert-with-icon\"\u003E\n \u003Ci class=\"icon-budicon-724 alert-icon\"\u003E\u003C\u002Fi\u003E\n \u003Cdiv class=\"alert-content\"\u003E\n \u003Cp\u003EThis tutorial will help you implement the Authorization Code grant. If you are looking for some theory on the flow refer to \u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Fgrant\u002Fauthorization-code\"\u003ECalling APIs from Server-side Web Apps\u003C\u002Fa\u003E.\u003C\u002Fp\u003E\n\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n\u003Cp\u003EThe \u003Cstrong\u003EAuthorization Code\u003C\u002Fstrong\u003E is an OAuth 2.0 grant that \u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fquickstart\u002Fwebapp\"\u003Eregular web apps\u003C\u002Fa\u003E use in order to access an API. In this document we will work through the steps needed in order to implement this: get the user's authorization, get a token and access the API using the token.\u003C\u002Fp\u003E\n\u003Cp\u003EBefore beginning this tutorial, please:\u003C\u002Fp\u003E\n\u003Cul\u003E\n\u003Cli\u003ECheck that your Application's \u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapplications\u002Fconcepts\u002Fapplication-grant-types\"\u003EGrant Type property\u003C\u002Fa\u003E is set appropriately\u003C\u002Fli\u003E\n\u003Cli\u003E\u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapis#how-to-configure-an-api-in-auth0\"\u003ERegister the API\u003C\u002Fa\u003E with Auth0\u003C\u002Fli\u003E\n\u003C\u002Ful\u003E\n\u003Cdiv id=\"portal-title-0\"\u003E\u003Cdiv id=\"1-get-the-user-s-authorization\" class=\"header-wrapper header-level-h2\" data-react-universal-portal=\"\"\u003E\u003Ch2 id=\"1-get-the-users-authorization\" class=\"anchor-heading\"\u003E\u003Cspan class=\"anchor\"\u003E\u003Ci class=\"icon icon-budicon-345\"\u003E\u003C\u002Fi\u003E\u003C\u002Fspan\u003E1. Get the User's Authorization\u003C\u002Fh2\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n\u003Cp\u003ETo begin an Authorization Code flow, your web application should first send the user to the \u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi\u002Fauthentication#authorization-code-grant\"\u003Eauthorization URL\u003C\u002Fa\u003E:\u003C\u002Fp\u003E\n\u003Cdiv id=\"portal-code-block-0\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"language-text\"\u003Ehttps:\u002F\u002F__AUTH0_NAMESPACE__\u002Fauthorize?\n audience=YOUR_API_AUDIENCE&\n scope=YOUR_SCOPE&\n response_type=code&\n client_id=__AUTH0_CLIENT_ID__&\n redirect_uri=__AUTH0_CALLBACK__&\n state=YOUR_OPAQUE_VALUE\n\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n\u003Cp\u003EWhere:\u003C\u002Fp\u003E\n\u003Cul\u003E\n\u003Cli\u003E\n\u003Cp\u003E\u003Ccode\u003Eaudience\u003C\u002Fcode\u003E: The unique identifier of the API the web app wants to access. Use the \u003Cstrong\u003EIdentifier\u003C\u002Fstrong\u003E value on the \u003Ca href=\"https:\u002F\u002F__AUTH0_MANAGE_URL__\u002F#\u002Fapis\"\u003ESettings\u003C\u002Fa\u003E tab for the API you created as part of the prerequisites for this tutorial.\u003C\u002Fp\u003E\n\u003C\u002Fli\u003E\n\u003Cli\u003E\n\u003Cp\u003E\u003Ccode\u003Escope\u003C\u002Fcode\u003E: The \u003Cdfn id=\"react-containers-DefinitionTooltip-0\"\u003E\u003Cspan class=\"underlinedWord--28Rsv\" data-react-universal-portal=\"\"\u003Escopes\u003C\u002Fspan\u003E\u003C\u002Fdfn\u003E which you want to request authorization for. These must be separated by a space. You can request any of the \u003Ca href=\"https:\u002F\u002Fopenid.net\u002Fspecs\u002Fopenid-connect-core-1_0.html#StandardClaims\"\u003Estandard OpenID Connect (OIDC) scopes\u003C\u002Fa\u003E about users, such as \u003Ccode\u003Eprofile\u003C\u002Fcode\u003E and \u003Ccode\u003Eemail\u003C\u002Fcode\u003E, custom claims that must \u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Ftokens\u002Fguides\u002Fcreate-namespaced-custom-claims\"\u003Econform to a namespaced format\u003C\u002Fa\u003E, or any scopes supported by the target API (for example, \u003Ccode\u003Eread:contacts\u003C\u002Fcode\u003E). Include \u003Ccode\u003Eoffline_access\u003C\u002Fcode\u003E to get a \u003Cdfn id=\"react-containers-DefinitionTooltip-1\"\u003E\u003Cspan class=\"underlinedWord--28Rsv\" data-react-universal-portal=\"\"\u003ERefresh Token\u003C\u002Fspan\u003E\u003C\u002Fdfn\u003E (make sure that the \u003Cstrong\u003EAllow Offline Access\u003C\u002Fstrong\u003E field is enabled in the \u003Ca href=\"https:\u002F\u002F__AUTH0_MANAGE_URL__\u002F#\u002Fapis\"\u003EAPI Settings\u003C\u002Fa\u003E).\u003C\u002Fp\u003E\n\u003C\u002Fli\u003E\n\u003Cli\u003E\n\u003Cp\u003E\u003Ccode\u003Eresponse_type\u003C\u002Fcode\u003E: Denotes the kind of credential that Auth0 will return (code vs token). For this flow, the value must be \u003Ccode\u003Ecode\u003C\u002Fcode\u003E.\u003C\u002Fp\u003E\n\u003C\u002Fli\u003E\n\u003Cli\u003E\n\u003Cp\u003E\u003Ccode\u003Eclient_id\u003C\u002Fcode\u003E: Your application's Client ID. You can find this value at your \u003Ca href=\"https:\u002F\u002F__AUTH0_MANAGE_URL__\u002F#\u002Fapplications\u002F__AUTH0_CLIENT_ID__\u002Fsettings\"\u003EApplication's Settings\u003C\u002Fa\u003E.\u003C\u002Fp\u003E\n\u003C\u002Fli\u003E\n\u003Cli\u003E\n\u003Cp\u003E\u003Ccode\u003Estate\u003C\u002Fcode\u003E: An opaque value the application adds to the initial request that Auth0 includes when redirecting back to the application. This value must be used by the application to prevent CSRF attacks. For more information, see \u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fprotocols\u002Foauth-state\"\u003EState Parameter\u003C\u002Fa\u003E.\u003C\u002Fp\u003E\n\u003C\u002Fli\u003E\n\u003Cli\u003E\n\u003Cp\u003E\u003Ccode\u003Eredirect_uri\u003C\u002Fcode\u003E: The URL to which Auth0 will redirect the browser after authorization has been granted by the user. The Authorization Code will be available in the \u003Ccode\u003Ecode\u003C\u002Fcode\u003E URL parameter. This URL must be specified as a valid callback URL under your \u003Ca href=\"https:\u002F\u002F__AUTH0_MANAGE_URL__\u002F#\u002Fapplications\u002F__AUTH0_CLIENT_ID__\u002Fsettings\"\u003EApplication's Settings\u003C\u002Fa\u003E.\u003C\u002Fp\u003E\n\u003C\u002Fli\u003E\n\u003C\u002Ful\u003E\n\u003Cp\u003EFor example:\u003C\u002Fp\u003E\n\u003Cdiv id=\"portal-code-block-1\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"language-html\"\u003E<a href="https:\u002F\u002F__AUTH0_NAMESPACE__\u002Fauthorize?scope=appointments%20contacts&audience=appointments:api&response_type=code&client_id=__AUTH0_CLIENT_ID__&redirect_uri=__AUTH0_CALLBACK__">\n Sign In\n<\u002Fa>\n\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n\u003Cp\u003EThe purpose of this call is to obtain consent from the user to invoke the API (specified in \u003Ccode\u003Eaudience\u003C\u002Fcode\u003E) to do certain things (specified in \u003Ccode\u003Escope\u003C\u002Fcode\u003E) on behalf of the user. Auth0 will authenticate the user and obtain consent, unless consent has been previously given.\u003C\u002Fp\u003E\n\u003Cp\u003ENote that if you alter the value in \u003Ccode\u003Escope\u003C\u002Fcode\u003E, Auth0 will require consent to be given again.\u003C\u002Fp\u003E\n\u003Cdiv id=\"portal-title-1\"\u003E\u003Cdiv id=\"2-exchange-the-authorization-code-for-an-access-token\" class=\"header-wrapper header-level-h2\" data-react-universal-portal=\"\"\u003E\u003Ch2 id=\"2-exchange-the-authorization-code-for-an-access-token\" class=\"anchor-heading\"\u003E\u003Cspan class=\"anchor\"\u003E\u003Ci class=\"icon icon-budicon-345\"\u003E\u003C\u002Fi\u003E\u003C\u002Fspan\u003E2. Exchange the Authorization Code for an Access Token\u003C\u002Fh2\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n\u003Cp\u003ENow that you have an Authorization Code, you must exchange it for an \u003Cdfn id=\"react-containers-DefinitionTooltip-2\"\u003E\u003Cspan class=\"underlinedWord--28Rsv\" data-react-universal-portal=\"\"\u003EAccess Token\u003C\u002Fspan\u003E\u003C\u002Fdfn\u003E that can be used to call your API. Using the Authorization Code (\u003Ccode\u003Ecode\u003C\u002Fcode\u003E) from the previous step, you will need to \u003Ccode\u003EPOST\u003C\u002Fcode\u003E to the \u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi\u002Fauthentication?http#authorization-code\"\u003EToken URL\u003C\u002Fa\u003E:\u003C\u002Fp\u003E\n\u003Cpre style=\"display: none;\"\u003E\u003C\u002Fpre\u003E\n\u003Cdiv class=\"code-picker\"\u003E\n \u003Cdiv class=\"languages-bar\"\u003E\n \u003Cul\u003E\n \n \n \u003Cli class=\"active\"\u003E\u003Ca href=\"#6c789f0324a94fd1b7e00e362623c4fd_shell\" role=\"tab\" data-toggle=\"tab\"\u003EcURL\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#6c789f0324a94fd1b7e00e362623c4fd_csharp\" role=\"tab\" data-toggle=\"tab\"\u003EC#\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#6c789f0324a94fd1b7e00e362623c4fd_go\" role=\"tab\" data-toggle=\"tab\"\u003EGo\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#6c789f0324a94fd1b7e00e362623c4fd_java\" role=\"tab\" data-toggle=\"tab\"\u003EJava\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#6c789f0324a94fd1b7e00e362623c4fd_node\" role=\"tab\" data-toggle=\"tab\"\u003ENode.JS\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#6c789f0324a94fd1b7e00e362623c4fd_objc\" role=\"tab\" data-toggle=\"tab\"\u003EObj-C\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"dropdown\"\u003E\u003Ca href=\"#\" data-toggle=\"dropdown\" class=\"more-dots\"\u003E...\u003C\u002Fa\u003E\n \u003Cul class=\"dropdown-menu\"\u003E\n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#6c789f0324a94fd1b7e00e362623c4fd_php\" role=\"tab\" data-toggle=\"tab\"\u003EPHP\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#6c789f0324a94fd1b7e00e362623c4fd_python\" role=\"tab\" data-toggle=\"tab\"\u003EPython\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#6c789f0324a94fd1b7e00e362623c4fd_ruby\" role=\"tab\" data-toggle=\"tab\"\u003ERuby\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#6c789f0324a94fd1b7e00e362623c4fd_swift\" role=\"tab\" data-toggle=\"tab\"\u003ESwift\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \u003C\u002Ful\u003E\n \u003C\u002Fli\u003E\n \n \n \u003C!-- \u003Cli class=\"pull-right\"\u003E\n \u003Cdiv class=\"btn btn-sm btn-transparent btn-copy\"\u003E\u003Cspan class=\"btn-icon icon-budicon-450\"\u003E\u003C\u002Fspan\u003ECopy\u003C\u002Fdiv\u003E\n \u003C\u002Fli\u003E --\u003E\n \u003C\u002Ful\u003E\n \u003C\u002Fdiv\u003E\n\n \u003C!-- Tab panes --\u003E\n \u003Cdiv class=\"tab-content\"\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane active\" id=\"6c789f0324a94fd1b7e00e362623c4fd_shell\"\u003E\n \u003Cdiv id=\"portal-code-block-2\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"text no-lines\"\u003Ecurl --request POST \\\n --url 'https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken' \\\n --header 'content-type: application\u002Fx-www-form-urlencoded' \\\n --data grant_type=authorization_code \\\n --data 'client_id=__AUTH0_CLIENT_ID__' \\\n --data client_secret=YOUR_CLIENT_SECRET \\\n --data code=YOUR_AUTHORIZATION_CODE \\\n --data 'redirect_uri=__AUTH0_CALLBACK__'\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"6c789f0324a94fd1b7e00e362623c4fd_csharp\"\u003E\n \u003Cdiv id=\"portal-code-block-3\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"csharp no-lines\"\u003Evar client = new RestClient("https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken");\nvar request = new RestRequest(Method.POST);\nrequest.AddHeader("content-type", "application\u002Fx-www-form-urlencoded");\nrequest.AddParameter("application\u002Fx-www-form-urlencoded", "grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D", ParameterType.RequestBody);\nIRestResponse response = client.Execute(request);\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"6c789f0324a94fd1b7e00e362623c4fd_go\"\u003E\n \u003Cdiv id=\"portal-code-block-4\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"go no-lines\"\u003Epackage main\n\nimport (\n\t"fmt"\n\t"strings"\n\t"net\u002Fhttp"\n\t"io\u002Fioutil"\n)\n\nfunc main() {\n\n\turl := "https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken"\n\n\tpayload := strings.NewReader("grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D")\n\n\treq, _ := http.NewRequest("POST", url, payload)\n\n\treq.Header.Add("content-type", "application\u002Fx-www-form-urlencoded")\n\n\tres, _ := http.DefaultClient.Do(req)\n\n\tdefer res.Body.Close()\n\tbody, _ := ioutil.ReadAll(res.Body)\n\n\tfmt.Println(res)\n\tfmt.Println(string(body))\n\n}\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"6c789f0324a94fd1b7e00e362623c4fd_java\"\u003E\n \u003Cdiv id=\"portal-code-block-5\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"java no-lines\"\u003EHttpResponse<String> response = Unirest.post("https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken")\n .header("content-type", "application\u002Fx-www-form-urlencoded")\n .body("grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D")\n .asString();\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"6c789f0324a94fd1b7e00e362623c4fd_node\"\u003E\n \u003Cdiv id=\"portal-code-block-6\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"javascript no-lines\"\u003Evar request = require("request");\n\nvar options = {\n method: 'POST',\n url: 'https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken',\n headers: {'content-type': 'application\u002Fx-www-form-urlencoded'},\n form: {\n grant_type: 'authorization_code',\n client_id: '__AUTH0_CLIENT_ID__',\n client_secret: 'YOUR_CLIENT_SECRET',\n code: 'YOUR_AUTHORIZATION_CODE',\n redirect_uri: '__AUTH0_CALLBACK__'\n }\n};\n\nrequest(options, function (error, response, body) {\n if (error) throw new Error(error);\n\n console.log(body);\n});\n\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"6c789f0324a94fd1b7e00e362623c4fd_objc\"\u003E\n \u003Cdiv id=\"portal-code-block-7\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"objective-c no-lines\"\u003E#import <Foundation\u002FFoundation.h>\n\nNSDictionary *headers = @{ @"content-type": @"application\u002Fx-www-form-urlencoded" };\n\nNSMutableData *postData = [[NSMutableData alloc] initWithData:[@"grant_type=authorization_code" dataUsingEncoding:NSUTF8StringEncoding]];\n[postData appendData:[@"&client_id=__AUTH0_CLIENT_ID__" dataUsingEncoding:NSUTF8StringEncoding]];\n[postData appendData:[@"&client_secret=YOUR_CLIENT_SECRET" dataUsingEncoding:NSUTF8StringEncoding]];\n[postData appendData:[@"&code=YOUR_AUTHORIZATION_CODE" dataUsingEncoding:NSUTF8StringEncoding]];\n[postData appendData:[@"&redirect_uri=__AUTH0_CALLBACK__" dataUsingEncoding:NSUTF8StringEncoding]];\n\nNSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken"]\n cachePolicy:NSURLRequestUseProtocolCachePolicy\n timeoutInterval:10.0];\n[request setHTTPMethod:@"POST"];\n[request setAllHTTPHeaderFields:headers];\n[request setHTTPBody:postData];\n\nNSURLSession *session = [NSURLSession sharedSession];\nNSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request\n completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {\n if (error) {\n NSLog(@"%@", error);\n } else {\n NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;\n NSLog(@"%@", httpResponse);\n }\n }];\n[dataTask resume];\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"6c789f0324a94fd1b7e00e362623c4fd_php\"\u003E\n \u003Cdiv id=\"portal-code-block-8\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"php no-lines\"\u003E$curl = curl_init();\n\ncurl_setopt_array($curl, array(\n CURLOPT_URL => "https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken",\n CURLOPT_RETURNTRANSFER => true,\n CURLOPT_ENCODING => "",\n CURLOPT_MAXREDIRS => 10,\n CURLOPT_TIMEOUT => 30,\n CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,\n CURLOPT_CUSTOMREQUEST => "POST",\n CURLOPT_POSTFIELDS => "grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D",\n CURLOPT_HTTPHEADER => array(\n "content-type: application\u002Fx-www-form-urlencoded"\n ),\n));\n\n$response = curl_exec($curl);\n$err = curl_error($curl);\n\ncurl_close($curl);\n\nif ($err) {\n echo "cURL Error #:" . $err;\n} else {\n echo $response;\n}\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"6c789f0324a94fd1b7e00e362623c4fd_python\"\u003E\n \u003Cdiv id=\"portal-code-block-9\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"python no-lines\"\u003Eimport http.client\n\nconn = http.client.HTTPSConnection("")\n\npayload = "grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D"\n\nheaders = { 'content-type': "application\u002Fx-www-form-urlencoded" }\n\nconn.request("POST", "\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken", payload, headers)\n\nres = conn.getresponse()\ndata = res.read()\n\nprint(data.decode("utf-8"))\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"6c789f0324a94fd1b7e00e362623c4fd_ruby\"\u003E\n \u003Cdiv id=\"portal-code-block-10\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"ruby no-lines\"\u003Erequire 'uri'\nrequire 'net\u002Fhttp'\nrequire 'openssl'\n\nurl = URI("https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken")\n\nhttp = Net::HTTP.new(url.host, url.port)\nhttp.use_ssl = true\nhttp.verify_mode = OpenSSL::SSL::VERIFY_NONE\n\nrequest = Net::HTTP::Post.new(url)\nrequest["content-type"] = 'application\u002Fx-www-form-urlencoded'\nrequest.body = "grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D"\n\nresponse = http.request(request)\nputs response.read_body\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"6c789f0324a94fd1b7e00e362623c4fd_swift\"\u003E\n \u003Cdiv id=\"portal-code-block-11\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"swift no-lines\"\u003Eimport Foundation\n\nlet headers = ["content-type": "application\u002Fx-www-form-urlencoded"]\n\nlet postData = NSMutableData(data: "grant_type=authorization_code".data(using: String.Encoding.utf8)!)\npostData.append("&client_id=__AUTH0_CLIENT_ID__".data(using: String.Encoding.utf8)!)\npostData.append("&client_secret=YOUR_CLIENT_SECRET".data(using: String.Encoding.utf8)!)\npostData.append("&code=YOUR_AUTHORIZATION_CODE".data(using: String.Encoding.utf8)!)\npostData.append("&redirect_uri=__AUTH0_CALLBACK__".data(using: String.Encoding.utf8)!)\n\nlet request = NSMutableURLRequest(url: NSURL(string: "https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken")! as URL,\n cachePolicy: .useProtocolCachePolicy,\n timeoutInterval: 10.0)\nrequest.httpMethod = "POST"\nrequest.allHTTPHeaderFields = headers\nrequest.httpBody = postData as Data\n\nlet session = URLSession.shared\nlet dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in\n if (error != nil) {\n print(error)\n } else {\n let httpResponse = response as? HTTPURLResponse\n print(httpResponse)\n }\n})\n\ndataTask.resume()\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003C\u002Fdiv\u003E\n\u003C\u002Fdiv\u003E\n\n\u003Cp\u003EWhere:\u003C\u002Fp\u003E\n\u003Cul\u003E\n\u003Cli\u003E\u003Ccode\u003Egrant_type\u003C\u002Fcode\u003E: This must be \u003Ccode\u003Eauthorization_code\u003C\u002Fcode\u003E.\u003C\u002Fli\u003E\n\u003Cli\u003E\u003Ccode\u003Eclient_id\u003C\u002Fcode\u003E: Your application's Client ID.\u003C\u002Fli\u003E\n\u003Cli\u003E\u003Ccode\u003Eclient_secret\u003C\u002Fcode\u003E: Your application's Client Secret.\u003C\u002Fli\u003E\n\u003Cli\u003E\u003Ccode\u003Ecode\u003C\u002Fcode\u003E: The Authorization Code received from the initial \u003Ccode\u003Eauthorize\u003C\u002Fcode\u003E call.\u003C\u002Fli\u003E\n\u003Cli\u003E\u003Ccode\u003Eredirect_uri\u003C\u002Fcode\u003E: The URL must match exactly the \u003Ccode\u003Eredirect_uri\u003C\u002Fcode\u003E passed to \u003Ccode\u003E\u002Fauthorize\u003C\u002Fcode\u003E.\u003C\u002Fli\u003E\n\u003C\u002Ful\u003E\n\u003Cp\u003EThe response contains the \u003Ccode\u003Eaccess_token\u003C\u002Fcode\u003E, \u003Ccode\u003Erefresh_token\u003C\u002Fcode\u003E, \u003Ccode\u003Eid_token\u003C\u002Fcode\u003E, and \u003Ccode\u003Etoken_type\u003C\u002Fcode\u003E values, for example:\u003C\u002Fp\u003E\n\u003Cdiv id=\"portal-code-block-12\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"language-js\"\u003E{\n "access_token": "eyJz93a...k4laUWw",\n "refresh_token": "GEbRxBN...edjnXbL",\n "id_token": "eyJ0XAi...4faeEoQ",\n "token_type": "Bearer"\n}\n\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n\u003Cp\u003ENote that \u003Ccode\u003Erefresh_token\u003C\u002Fcode\u003E will only be present in the response if you included the \u003Ccode\u003Eoffline_access\u003C\u002Fcode\u003E scope AND enabled \u003Cstrong\u003EAllow Offline Access\u003C\u002Fstrong\u003E for your API in the Dashboard. See \u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Ftokens\u002Fconcepts\u002Frefresh-tokens\"\u003ERefresh Tokens\u003C\u002Fa\u003E for more information.\u003C\u002Fp\u003E\n\u003Cdiv class=\"panel panel-warning\"\u003E\n \u003Cdiv class=\"panel-heading\"\u003E\n \u003Ch3 class=\"panel-title\"\u003ESecurity Warning\u003C\u002Fh3\u003E\n \u003C\u002Fdiv\u003E\n \u003Cdiv class=\"panel-body\"\u003E\n \u003Cp\u003EIt is important to understand that the Authorization Code flow should only be used in cases such as a Regular Web Application where the Client Secret can be safely stored. In cases such as a Single-Page Application, the Client Secret is available to the application (in the web browser), so the integrity of the Client Secret cannot be maintained. That is why the \u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fflows\u002Fconcepts\u002Fauth-code-pkce\"\u003EAuthorization Code Flow with PKCE \u003C\u002Fa\u003E is more appropriate in that case.\u003C\u002Fp\u003E\n\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n\u003Cdiv id=\"portal-title-2\"\u003E\u003Cdiv id=\"3-call-the-api\" class=\"header-wrapper header-level-h2\" data-react-universal-portal=\"\"\u003E\u003Ch2 id=\"3-call-the-api\" class=\"anchor-heading\"\u003E\u003Cspan class=\"anchor\"\u003E\u003Ci class=\"icon icon-budicon-345\"\u003E\u003C\u002Fi\u003E\u003C\u002Fspan\u003E3. Call the API\u003C\u002Fh2\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n\u003Cp\u003EOnce the Access Token has been obtained it can be used to make calls to the API by passing it as a Bearer Token in the \u003Ccode\u003EAuthorization\u003C\u002Fcode\u003E header of the HTTP request:\u003C\u002Fp\u003E\n\u003Cpre style=\"display: none;\"\u003E\u003C\u002Fpre\u003E\n\u003Cdiv class=\"code-picker\"\u003E\n \u003Cdiv class=\"languages-bar\"\u003E\n \u003Cul\u003E\n \n \n \u003Cli class=\"active\"\u003E\u003Ca href=\"#e5e29ae33dff489fa6add6282fed1315_shell\" role=\"tab\" data-toggle=\"tab\"\u003EcURL\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#e5e29ae33dff489fa6add6282fed1315_csharp\" role=\"tab\" data-toggle=\"tab\"\u003EC#\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#e5e29ae33dff489fa6add6282fed1315_go\" role=\"tab\" data-toggle=\"tab\"\u003EGo\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#e5e29ae33dff489fa6add6282fed1315_java\" role=\"tab\" data-toggle=\"tab\"\u003EJava\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#e5e29ae33dff489fa6add6282fed1315_node\" role=\"tab\" data-toggle=\"tab\"\u003ENode.JS\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#e5e29ae33dff489fa6add6282fed1315_objc\" role=\"tab\" data-toggle=\"tab\"\u003EObj-C\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"dropdown\"\u003E\u003Ca href=\"#\" data-toggle=\"dropdown\" class=\"more-dots\"\u003E...\u003C\u002Fa\u003E\n \u003Cul class=\"dropdown-menu\"\u003E\n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#e5e29ae33dff489fa6add6282fed1315_php\" role=\"tab\" data-toggle=\"tab\"\u003EPHP\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#e5e29ae33dff489fa6add6282fed1315_python\" role=\"tab\" data-toggle=\"tab\"\u003EPython\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#e5e29ae33dff489fa6add6282fed1315_ruby\" role=\"tab\" data-toggle=\"tab\"\u003ERuby\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \n \n \u003Cli class=\"\"\u003E\u003Ca href=\"#e5e29ae33dff489fa6add6282fed1315_swift\" role=\"tab\" data-toggle=\"tab\"\u003ESwift\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n \n \u003C\u002Ful\u003E\n \u003C\u002Fli\u003E\n \n \n \u003C!-- \u003Cli class=\"pull-right\"\u003E\n \u003Cdiv class=\"btn btn-sm btn-transparent btn-copy\"\u003E\u003Cspan class=\"btn-icon icon-budicon-450\"\u003E\u003C\u002Fspan\u003ECopy\u003C\u002Fdiv\u003E\n \u003C\u002Fli\u003E --\u003E\n \u003C\u002Ful\u003E\n \u003C\u002Fdiv\u003E\n\n \u003C!-- Tab panes --\u003E\n \u003Cdiv class=\"tab-content\"\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane active\" id=\"e5e29ae33dff489fa6add6282fed1315_shell\"\u003E\n \u003Cdiv id=\"portal-code-block-13\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"text no-lines\"\u003Ecurl --request GET \\\n --url https:\u002F\u002Fsomeapi.com\u002Fapi \\\n --header 'authorization: Bearer ACCESS_TOKEN' \\\n --header 'content-type: application\u002Fjson'\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"e5e29ae33dff489fa6add6282fed1315_csharp\"\u003E\n \u003Cdiv id=\"portal-code-block-14\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"csharp no-lines\"\u003Evar client = new RestClient("https:\u002F\u002Fsomeapi.com\u002Fapi");\nvar request = new RestRequest(Method.GET);\nrequest.AddHeader("content-type", "application\u002Fjson");\nrequest.AddHeader("authorization", "Bearer ACCESS_TOKEN");\nIRestResponse response = client.Execute(request);\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"e5e29ae33dff489fa6add6282fed1315_go\"\u003E\n \u003Cdiv id=\"portal-code-block-15\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"go no-lines\"\u003Epackage main\n\nimport (\n\t"fmt"\n\t"net\u002Fhttp"\n\t"io\u002Fioutil"\n)\n\nfunc main() {\n\n\turl := "https:\u002F\u002Fsomeapi.com\u002Fapi"\n\n\treq, _ := http.NewRequest("GET", url, nil)\n\n\treq.Header.Add("content-type", "application\u002Fjson")\n\treq.Header.Add("authorization", "Bearer ACCESS_TOKEN")\n\n\tres, _ := http.DefaultClient.Do(req)\n\n\tdefer res.Body.Close()\n\tbody, _ := ioutil.ReadAll(res.Body)\n\n\tfmt.Println(res)\n\tfmt.Println(string(body))\n\n}\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"e5e29ae33dff489fa6add6282fed1315_java\"\u003E\n \u003Cdiv id=\"portal-code-block-16\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"java no-lines\"\u003EHttpResponse<String> response = Unirest.get("https:\u002F\u002Fsomeapi.com\u002Fapi")\n .header("content-type", "application\u002Fjson")\n .header("authorization", "Bearer ACCESS_TOKEN")\n .asString();\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"e5e29ae33dff489fa6add6282fed1315_node\"\u003E\n \u003Cdiv id=\"portal-code-block-17\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"javascript no-lines\"\u003Evar request = require("request");\n\nvar options = {\n method: 'GET',\n url: 'https:\u002F\u002Fsomeapi.com\u002Fapi',\n headers: {'content-type': 'application\u002Fjson', authorization: 'Bearer ACCESS_TOKEN'}\n};\n\nrequest(options, function (error, response, body) {\n if (error) throw new Error(error);\n\n console.log(body);\n});\n\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"e5e29ae33dff489fa6add6282fed1315_objc\"\u003E\n \u003Cdiv id=\"portal-code-block-18\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"objective-c no-lines\"\u003E#import <Foundation\u002FFoundation.h>\n\nNSDictionary *headers = @{ @"content-type": @"application\u002Fjson",\n @"authorization": @"Bearer ACCESS_TOKEN" };\n\nNSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https:\u002F\u002Fsomeapi.com\u002Fapi"]\n cachePolicy:NSURLRequestUseProtocolCachePolicy\n timeoutInterval:10.0];\n[request setHTTPMethod:@"GET"];\n[request setAllHTTPHeaderFields:headers];\n\nNSURLSession *session = [NSURLSession sharedSession];\nNSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request\n completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {\n if (error) {\n NSLog(@"%@", error);\n } else {\n NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;\n NSLog(@"%@", httpResponse);\n }\n }];\n[dataTask resume];\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"e5e29ae33dff489fa6add6282fed1315_php\"\u003E\n \u003Cdiv id=\"portal-code-block-19\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"php no-lines\"\u003E$curl = curl_init();\n\ncurl_setopt_array($curl, array(\n CURLOPT_URL => "https:\u002F\u002Fsomeapi.com\u002Fapi",\n CURLOPT_RETURNTRANSFER => true,\n CURLOPT_ENCODING => "",\n CURLOPT_MAXREDIRS => 10,\n CURLOPT_TIMEOUT => 30,\n CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,\n CURLOPT_CUSTOMREQUEST => "GET",\n CURLOPT_HTTPHEADER => array(\n "authorization: Bearer ACCESS_TOKEN",\n "content-type: application\u002Fjson"\n ),\n));\n\n$response = curl_exec($curl);\n$err = curl_error($curl);\n\ncurl_close($curl);\n\nif ($err) {\n echo "cURL Error #:" . $err;\n} else {\n echo $response;\n}\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"e5e29ae33dff489fa6add6282fed1315_python\"\u003E\n \u003Cdiv id=\"portal-code-block-20\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"python no-lines\"\u003Eimport http.client\n\nconn = http.client.HTTPSConnection("someapi.com")\n\nheaders = {\n 'content-type': "application\u002Fjson",\n 'authorization': "Bearer ACCESS_TOKEN"\n }\n\nconn.request("GET", "\u002Fapi", headers=headers)\n\nres = conn.getresponse()\ndata = res.read()\n\nprint(data.decode("utf-8"))\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"e5e29ae33dff489fa6add6282fed1315_ruby\"\u003E\n \u003Cdiv id=\"portal-code-block-21\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"ruby no-lines\"\u003Erequire 'uri'\nrequire 'net\u002Fhttp'\nrequire 'openssl'\n\nurl = URI("https:\u002F\u002Fsomeapi.com\u002Fapi")\n\nhttp = Net::HTTP.new(url.host, url.port)\nhttp.use_ssl = true\nhttp.verify_mode = OpenSSL::SSL::VERIFY_NONE\n\nrequest = Net::HTTP::Get.new(url)\nrequest["content-type"] = 'application\u002Fjson'\nrequest["authorization"] = 'Bearer ACCESS_TOKEN'\n\nresponse = http.request(request)\nputs response.read_body\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003Cdiv role=\"tabpanel\" class=\"tab-pane \" id=\"e5e29ae33dff489fa6add6282fed1315_swift\"\u003E\n \u003Cdiv id=\"portal-code-block-22\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"swift no-lines\"\u003Eimport Foundation\n\nlet headers = [\n "content-type": "application\u002Fjson",\n "authorization": "Bearer ACCESS_TOKEN"\n]\n\nlet request = NSMutableURLRequest(url: NSURL(string: "https:\u002F\u002Fsomeapi.com\u002Fapi")! as URL,\n cachePolicy: .useProtocolCachePolicy,\n timeoutInterval: 10.0)\nrequest.httpMethod = "GET"\nrequest.allHTTPHeaderFields = headers\n\nlet session = URLSession.shared\nlet dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in\n if (error != nil) {\n print(error)\n } else {\n let httpResponse = response as? HTTPURLResponse\n print(httpResponse)\n }\n})\n\ndataTask.resume()\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n \u003C\u002Fdiv\u003E\n \n \u003C\u002Fdiv\u003E\n\u003C\u002Fdiv\u003E\n\n\u003Cdiv id=\"portal-title-3\"\u003E\u003Cdiv id=\"4-verify-the-token\" class=\"header-wrapper header-level-h2\" data-react-universal-portal=\"\"\u003E\u003Ch2 id=\"4-verify-the-token\" class=\"anchor-heading\"\u003E\u003Cspan class=\"anchor\"\u003E\u003Ci class=\"icon icon-budicon-345\"\u003E\u003C\u002Fi\u003E\u003C\u002Fspan\u003E4. Verify the Token\u003C\u002Fh2\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n\u003Cp\u003EOnce your API receives a request with a Bearer Access Token, the first thing to do is to validate the token. This consists of a series of steps, and if any of these fails then the request \u003Cem\u003Emust\u003C\u002Fem\u003E be rejected.\u003C\u002Fp\u003E\n\u003Cp\u003EFor details on the validations that should be performed, see \u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Ftokens\u002Fguides\u002Fvalidate-access-tokens\"\u003EValidate Access Tokens\u003C\u002Fa\u003E.\u003C\u002Fp\u003E\n\u003Cdiv id=\"portal-title-4\"\u003E\u003Cdiv id=\"optional-customize-the-tokens\" class=\"header-wrapper header-level-h2\" data-react-universal-portal=\"\"\u003E\u003Ch2 id=\"optional-customize-the-tokens\" class=\"anchor-heading\"\u003E\u003Cspan class=\"anchor\"\u003E\u003Ci class=\"icon icon-budicon-345\"\u003E\u003C\u002Fi\u003E\u003C\u002Fspan\u003EOptional: Customize the Tokens\u003C\u002Fh2\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n\u003Cdiv class=\"includes-wrapper\"\u003E\u003Cp\u003EYou can use \u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Frules\"\u003ERules\u003C\u002Fa\u003E to change the returned scopes of the Access Token and\u002For add claims to it (and the ID Token) with a script like this:\u003C\u002Fp\u003E\n\u003Cdiv id=\"portal-code-block-23\"\u003E\u003Cdiv class=\"codeBlock--2nPRx\" data-react-universal-portal=\"\"\u003E\u003Cdiv class=\"codeSection--l3D_7\"\u003E\u003Cbutton class=\"copy-button btn btn-sm overlay--qmJws btn-default\"\u003E\u003Cspan class=\"icon-budicon-338\"\u003E\u003C\u002Fspan\u003E\u003C\u002Fbutton\u003E\u003Cdiv\u003E\u003Cpre class=\"code--2exA6\"\u003E\u003Ccode class=\"language-javascript\"\u003Efunction(user, context, callback) {\n\n \u002F\u002F add custom claims to Access Token and ID Token\n context.accessToken['http:\u002F\u002Ffoo\u002Fbar'] = 'value';\n context.idToken['http:\u002F\u002Ffiz\u002Fbaz'] = 'some other value';\n\n \u002F\u002F change scope\n context.accessToken.scope = ['array', 'of', 'strings'];\n\n callback(null, user, context);\n}\n\u003C\u002Fcode\u003E\u003C\u002Fpre\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003Cdiv class=\"feedback--2WYTe\"\u003E\u003Cdiv\u003E\u003Cspan\u003EWas this helpful?\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003EYes\u003C\u002Fbutton\u003E\u003Cspan\u003E\u002F\u003C\u002Fspan\u003E\u003Cbutton class=\"text--9gWDi\"\u003ENo\u003C\u002Fbutton\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n\u003Cdiv class=\"panel panel-warning\"\u003E\n \u003Cdiv class=\"panel-heading\"\u003E\n \u003Ch3 class=\"panel-title\"\u003ENamespacing Custom Claims\u003C\u002Fh3\u003E\n \u003C\u002Fdiv\u003E\n \u003Cdiv class=\"panel-body\"\u003E\n \u003Cp\u003EAuth0 returns profile information in a \u003Ca href=\"https:\u002F\u002Fopenid.net\u002Fspecs\u002Fopenid-connect-core-1_0.html#StandardClaims\"\u003Estructured claim format as defined by the OpenID Connect (OIDC) specification\u003C\u002Fa\u003E. This means that in order to add custom claims to ID Tokens or Access Tokens, they must \u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Ftokens\u002Fguides\u002Fcreate-namespaced-custom-claims\"\u003Econform to a namespaced format\u003C\u002Fa\u003E to avoid possible collisions with standard OIDC claims. You can \u003Ca href=\"#optional-customize-the-tokens\"\u003Eadd namespaced claims using Rules\u003C\u002Fa\u003E.\u003C\u002Fp\u003E\n\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n\u003C\u002Fdiv\u003E\n\u003Cp\u003EIf you wish to execute special logic unique to the Authorization Code grant, you can look at the \u003Ccode\u003Econtext.protocol\u003C\u002Fcode\u003E property in your rule. If the value is \u003Ccode\u003Eoidc-basic-profile\u003C\u002Fcode\u003E, then the rule is running during the Authorization Code grant.\u003C\u002Fp\u003E\n\u003Cdiv id=\"portal-title-5\"\u003E\u003Cdiv id=\"keep-reading\" class=\"header-wrapper header-level-h2\" data-react-universal-portal=\"\"\u003E\u003Ch2 id=\"keep-reading\" class=\"anchor-heading\"\u003E\u003Cspan class=\"anchor\"\u003E\u003Ci class=\"icon icon-budicon-345\"\u003E\u003C\u002Fi\u003E\u003C\u002Fspan\u003EKeep Reading\u003C\u002Fh2\u003E\u003C\u002Fdiv\u003E\u003C\u002Fdiv\u003E\n\u003Cul\u003E\n\u003Cli\u003E\u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Ftokens\u002Fconcepts\u002Frefresh-token\"\u003ERefresh Tokens\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n\u003Cli\u003E\u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapis\"\u003EHow to configure an API in Auth0\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n\u003Cli\u003E\u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapplication-auth\u002Fserver-side-web\"\u003EApplication Authentication for Server-side Web Apps\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n\u003Cli\u003E\u003Ca href=\"https:\u002F\u002Fauth0.com\u002Fdocs\u002Ftokens\"\u003ETokens\u003C\u002Fa\u003E\u003C\u002Fli\u003E\n\u003C\u002Ful\u003E\n","meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}],"portals":[{"component":"Title","containerID":"portal-title-0","props":{"children":"\u003Ch2 id=\"1-get-the-users-authorization\" class=\"anchor-heading\"\u003E\u003Cspan class=\"anchor\"\u003E\u003Ci class=\"icon icon-budicon-345\"\u003E\u003C\u002Fi\u003E\u003C\u002Fspan\u003E1. Get the User's Authorization\u003C\u002Fh2\u003E","anchor":"1-get-the-user-s-authorization","tag":"h2","meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"Title","containerID":"portal-title-1","props":{"children":"\u003Ch2 id=\"2-exchange-the-authorization-code-for-an-access-token\" class=\"anchor-heading\"\u003E\u003Cspan class=\"anchor\"\u003E\u003Ci class=\"icon icon-budicon-345\"\u003E\u003C\u002Fi\u003E\u003C\u002Fspan\u003E2. Exchange the Authorization Code for an Access Token\u003C\u002Fh2\u003E","anchor":"2-exchange-the-authorization-code-for-an-access-token","tag":"h2","meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"Title","containerID":"portal-title-2","props":{"children":"\u003Ch2 id=\"3-call-the-api\" class=\"anchor-heading\"\u003E\u003Cspan class=\"anchor\"\u003E\u003Ci class=\"icon icon-budicon-345\"\u003E\u003C\u002Fi\u003E\u003C\u002Fspan\u003E3. Call the API\u003C\u002Fh2\u003E","anchor":"3-call-the-api","tag":"h2","meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"Title","containerID":"portal-title-3","props":{"children":"\u003Ch2 id=\"4-verify-the-token\" class=\"anchor-heading\"\u003E\u003Cspan class=\"anchor\"\u003E\u003Ci class=\"icon icon-budicon-345\"\u003E\u003C\u002Fi\u003E\u003C\u002Fspan\u003E4. Verify the Token\u003C\u002Fh2\u003E","anchor":"4-verify-the-token","tag":"h2","meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"Title","containerID":"portal-title-4","props":{"children":"\u003Ch2 id=\"optional-customize-the-tokens\" class=\"anchor-heading\"\u003E\u003Cspan class=\"anchor\"\u003E\u003Ci class=\"icon icon-budicon-345\"\u003E\u003C\u002Fi\u003E\u003C\u002Fspan\u003EOptional: Customize the Tokens\u003C\u002Fh2\u003E","anchor":"optional-customize-the-tokens","tag":"h2","meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"Title","containerID":"portal-title-5","props":{"children":"\u003Ch2 id=\"keep-reading\" class=\"anchor-heading\"\u003E\u003Cspan class=\"anchor\"\u003E\u003Ci class=\"icon icon-budicon-345\"\u003E\u003C\u002Fi\u003E\u003C\u002Fspan\u003EKeep Reading\u003C\u002Fh2\u003E","anchor":"keep-reading","tag":"h2","meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"DefinitionTooltip","containerID":"react-containers-DefinitionTooltip-0","props":{"index":0,"children":"scopes","key":"scope","dataKey":"scope"}},{"component":"DefinitionTooltip","containerID":"react-containers-DefinitionTooltip-1","props":{"index":1,"children":"Refresh Token","key":"refresh-token","dataKey":"refresh-token"}},{"component":"DefinitionTooltip","containerID":"react-containers-DefinitionTooltip-2","props":{"index":2,"children":"Access Token","key":"access-token","dataKey":"access-token"}},{"component":"HeaderWrapper","containerID":"portal-header-wrapper","props":{"children":"Execute an Authorization Code Grant Flow","meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-0","props":{"children":"\u003Ccode class=\"language-text\"\u003Ehttps:\u002F\u002F__AUTH0_NAMESPACE__\u002Fauthorize?\n audience=YOUR_API_AUDIENCE&\n scope=YOUR_SCOPE&\n response_type=code&\n client_id=__AUTH0_CLIENT_ID__&\n redirect_uri=__AUTH0_CALLBACK__&\n state=YOUR_OPAQUE_VALUE\n\u003C\u002Fcode\u003E","code":"https:\u002F\u002F__AUTH0_NAMESPACE__\u002Fauthorize?\n audience=YOUR_API_AUDIENCE&\n scope=YOUR_SCOPE&\n response_type=code&\n client_id=__AUTH0_CLIENT_ID__&\n redirect_uri=__AUTH0_CALLBACK__&\n state=YOUR_OPAQUE_VALUE","tabPaneFooter":"","index":0,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-1","props":{"children":"\u003Ccode class=\"language-html\"\u003E<a href="https:\u002F\u002F__AUTH0_NAMESPACE__\u002Fauthorize?scope=appointments%20contacts&audience=appointments:api&response_type=code&client_id=__AUTH0_CLIENT_ID__&redirect_uri=__AUTH0_CALLBACK__">\n Sign In\n<\u002Fa>\n\u003C\u002Fcode\u003E","code":"\u003Ca href=\"https:\u002F\u002F__AUTH0_NAMESPACE__\u002Fauthorize?scope=appointments%20contacts&audience=appointments:api&response_type=code&client_id=__AUTH0_CLIENT_ID__&redirect_uri=__AUTH0_CALLBACK__\"\u003E\n Sign In\n\u003C\u002Fa\u003E","tabPaneFooter":"","index":1,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-2","props":{"children":"\u003Ccode class=\"text no-lines\"\u003Ecurl --request POST \\\n --url 'https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken' \\\n --header 'content-type: application\u002Fx-www-form-urlencoded' \\\n --data grant_type=authorization_code \\\n --data 'client_id=__AUTH0_CLIENT_ID__' \\\n --data client_secret=YOUR_CLIENT_SECRET \\\n --data code=YOUR_AUTHORIZATION_CODE \\\n --data 'redirect_uri=__AUTH0_CALLBACK__'\u003C\u002Fcode\u003E","code":"curl --request POST \\\n --url 'https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken' \\\n --header 'content-type: application\u002Fx-www-form-urlencoded' \\\n --data grant_type=authorization_code \\\n --data 'client_id=__AUTH0_CLIENT_ID__' \\\n --data client_secret=YOUR_CLIENT_SECRET \\\n --data code=YOUR_AUTHORIZATION_CODE \\\n --data 'redirect_uri=__AUTH0_CALLBACK__'","tabPaneFooter":"","index":2,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-3","props":{"children":"\u003Ccode class=\"csharp no-lines\"\u003Evar client = new RestClient("https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken");\nvar request = new RestRequest(Method.POST);\nrequest.AddHeader("content-type", "application\u002Fx-www-form-urlencoded");\nrequest.AddParameter("application\u002Fx-www-form-urlencoded", "grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D", ParameterType.RequestBody);\nIRestResponse response = client.Execute(request);\u003C\u002Fcode\u003E","code":"var client = new RestClient(\"https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken\");\nvar request = new RestRequest(Method.POST);\nrequest.AddHeader(\"content-type\", \"application\u002Fx-www-form-urlencoded\");\nrequest.AddParameter(\"application\u002Fx-www-form-urlencoded\", \"grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D\", ParameterType.RequestBody);\nIRestResponse response = client.Execute(request);","tabPaneFooter":"","index":3,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-4","props":{"children":"\u003Ccode class=\"go no-lines\"\u003Epackage main\n\nimport (\n\t"fmt"\n\t"strings"\n\t"net\u002Fhttp"\n\t"io\u002Fioutil"\n)\n\nfunc main() {\n\n\turl := "https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken"\n\n\tpayload := strings.NewReader("grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D")\n\n\treq, _ := http.NewRequest("POST", url, payload)\n\n\treq.Header.Add("content-type", "application\u002Fx-www-form-urlencoded")\n\n\tres, _ := http.DefaultClient.Do(req)\n\n\tdefer res.Body.Close()\n\tbody, _ := ioutil.ReadAll(res.Body)\n\n\tfmt.Println(res)\n\tfmt.Println(string(body))\n\n}\u003C\u002Fcode\u003E","code":"package main\n\nimport (\n\t\"fmt\"\n\t\"strings\"\n\t\"net\u002Fhttp\"\n\t\"io\u002Fioutil\"\n)\n\nfunc main() {\n\n\turl := \"https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken\"\n\n\tpayload := strings.NewReader(\"grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D\")\n\n\treq, _ := http.NewRequest(\"POST\", url, payload)\n\n\treq.Header.Add(\"content-type\", \"application\u002Fx-www-form-urlencoded\")\n\n\tres, _ := http.DefaultClient.Do(req)\n\n\tdefer res.Body.Close()\n\tbody, _ := ioutil.ReadAll(res.Body)\n\n\tfmt.Println(res)\n\tfmt.Println(string(body))\n\n}","tabPaneFooter":"","index":4,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-5","props":{"children":"\u003Ccode class=\"java no-lines\"\u003EHttpResponse<String> response = Unirest.post("https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken")\n .header("content-type", "application\u002Fx-www-form-urlencoded")\n .body("grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D")\n .asString();\u003C\u002Fcode\u003E","code":"HttpResponse\u003CString\u003E response = Unirest.post(\"https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken\")\n .header(\"content-type\", \"application\u002Fx-www-form-urlencoded\")\n .body(\"grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D\")\n .asString();","tabPaneFooter":"","index":5,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-6","props":{"children":"\u003Ccode class=\"javascript no-lines\"\u003Evar request = require("request");\n\nvar options = {\n method: 'POST',\n url: 'https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken',\n headers: {'content-type': 'application\u002Fx-www-form-urlencoded'},\n form: {\n grant_type: 'authorization_code',\n client_id: '__AUTH0_CLIENT_ID__',\n client_secret: 'YOUR_CLIENT_SECRET',\n code: 'YOUR_AUTHORIZATION_CODE',\n redirect_uri: '__AUTH0_CALLBACK__'\n }\n};\n\nrequest(options, function (error, response, body) {\n if (error) throw new Error(error);\n\n console.log(body);\n});\n\u003C\u002Fcode\u003E","code":"var request = require(\"request\");\n\nvar options = {\n method: 'POST',\n url: 'https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken',\n headers: {'content-type': 'application\u002Fx-www-form-urlencoded'},\n form: {\n grant_type: 'authorization_code',\n client_id: '__AUTH0_CLIENT_ID__',\n client_secret: 'YOUR_CLIENT_SECRET',\n code: 'YOUR_AUTHORIZATION_CODE',\n redirect_uri: '__AUTH0_CALLBACK__'\n }\n};\n\nrequest(options, function (error, response, body) {\n if (error) throw new Error(error);\n\n console.log(body);\n});","tabPaneFooter":"","index":6,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-7","props":{"children":"\u003Ccode class=\"objective-c no-lines\"\u003E#import <Foundation\u002FFoundation.h>\n\nNSDictionary *headers = @{ @"content-type": @"application\u002Fx-www-form-urlencoded" };\n\nNSMutableData *postData = [[NSMutableData alloc] initWithData:[@"grant_type=authorization_code" dataUsingEncoding:NSUTF8StringEncoding]];\n[postData appendData:[@"&client_id=__AUTH0_CLIENT_ID__" dataUsingEncoding:NSUTF8StringEncoding]];\n[postData appendData:[@"&client_secret=YOUR_CLIENT_SECRET" dataUsingEncoding:NSUTF8StringEncoding]];\n[postData appendData:[@"&code=YOUR_AUTHORIZATION_CODE" dataUsingEncoding:NSUTF8StringEncoding]];\n[postData appendData:[@"&redirect_uri=__AUTH0_CALLBACK__" dataUsingEncoding:NSUTF8StringEncoding]];\n\nNSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken"]\n cachePolicy:NSURLRequestUseProtocolCachePolicy\n timeoutInterval:10.0];\n[request setHTTPMethod:@"POST"];\n[request setAllHTTPHeaderFields:headers];\n[request setHTTPBody:postData];\n\nNSURLSession *session = [NSURLSession sharedSession];\nNSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request\n completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {\n if (error) {\n NSLog(@"%@", error);\n } else {\n NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;\n NSLog(@"%@", httpResponse);\n }\n }];\n[dataTask resume];\u003C\u002Fcode\u003E","code":"#import \u003CFoundation\u002FFoundation.h\u003E\n\nNSDictionary *headers = @{ @\"content-type\": @\"application\u002Fx-www-form-urlencoded\" };\n\nNSMutableData *postData = [[NSMutableData alloc] initWithData:[@\"grant_type=authorization_code\" dataUsingEncoding:NSUTF8StringEncoding]];\n[postData appendData:[@\"&client_id=__AUTH0_CLIENT_ID__\" dataUsingEncoding:NSUTF8StringEncoding]];\n[postData appendData:[@\"&client_secret=YOUR_CLIENT_SECRET\" dataUsingEncoding:NSUTF8StringEncoding]];\n[postData appendData:[@\"&code=YOUR_AUTHORIZATION_CODE\" dataUsingEncoding:NSUTF8StringEncoding]];\n[postData appendData:[@\"&redirect_uri=__AUTH0_CALLBACK__\" dataUsingEncoding:NSUTF8StringEncoding]];\n\nNSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@\"https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken\"]\n cachePolicy:NSURLRequestUseProtocolCachePolicy\n timeoutInterval:10.0];\n[request setHTTPMethod:@\"POST\"];\n[request setAllHTTPHeaderFields:headers];\n[request setHTTPBody:postData];\n\nNSURLSession *session = [NSURLSession sharedSession];\nNSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request\n completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {\n if (error) {\n NSLog(@\"%@\", error);\n } else {\n NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;\n NSLog(@\"%@\", httpResponse);\n }\n }];\n[dataTask resume];","tabPaneFooter":"","index":7,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-8","props":{"children":"\u003Ccode class=\"php no-lines\"\u003E$curl = curl_init();\n\ncurl_setopt_array($curl, array(\n CURLOPT_URL => "https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken",\n CURLOPT_RETURNTRANSFER => true,\n CURLOPT_ENCODING => "",\n CURLOPT_MAXREDIRS => 10,\n CURLOPT_TIMEOUT => 30,\n CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,\n CURLOPT_CUSTOMREQUEST => "POST",\n CURLOPT_POSTFIELDS => "grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D",\n CURLOPT_HTTPHEADER => array(\n "content-type: application\u002Fx-www-form-urlencoded"\n ),\n));\n\n$response = curl_exec($curl);\n$err = curl_error($curl);\n\ncurl_close($curl);\n\nif ($err) {\n echo "cURL Error #:" . $err;\n} else {\n echo $response;\n}\u003C\u002Fcode\u003E","code":"$curl = curl_init();\n\ncurl_setopt_array($curl, array(\n CURLOPT_URL =\u003E \"https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken\",\n CURLOPT_RETURNTRANSFER =\u003E true,\n CURLOPT_ENCODING =\u003E \"\",\n CURLOPT_MAXREDIRS =\u003E 10,\n CURLOPT_TIMEOUT =\u003E 30,\n CURLOPT_HTTP_VERSION =\u003E CURL_HTTP_VERSION_1_1,\n CURLOPT_CUSTOMREQUEST =\u003E \"POST\",\n CURLOPT_POSTFIELDS =\u003E \"grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D\",\n CURLOPT_HTTPHEADER =\u003E array(\n \"content-type: application\u002Fx-www-form-urlencoded\"\n ),\n));\n\n$response = curl_exec($curl);\n$err = curl_error($curl);\n\ncurl_close($curl);\n\nif ($err) {\n echo \"cURL Error #:\" . $err;\n} else {\n echo $response;\n}","tabPaneFooter":"","index":8,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-9","props":{"children":"\u003Ccode class=\"python no-lines\"\u003Eimport http.client\n\nconn = http.client.HTTPSConnection("")\n\npayload = "grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D"\n\nheaders = { 'content-type': "application\u002Fx-www-form-urlencoded" }\n\nconn.request("POST", "\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken", payload, headers)\n\nres = conn.getresponse()\ndata = res.read()\n\nprint(data.decode("utf-8"))\u003C\u002Fcode\u003E","code":"import http.client\n\nconn = http.client.HTTPSConnection(\"\")\n\npayload = \"grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D\"\n\nheaders = { 'content-type': \"application\u002Fx-www-form-urlencoded\" }\n\nconn.request(\"POST\", \"\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken\", payload, headers)\n\nres = conn.getresponse()\ndata = res.read()\n\nprint(data.decode(\"utf-8\"))","tabPaneFooter":"","index":9,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-10","props":{"children":"\u003Ccode class=\"ruby no-lines\"\u003Erequire 'uri'\nrequire 'net\u002Fhttp'\nrequire 'openssl'\n\nurl = URI("https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken")\n\nhttp = Net::HTTP.new(url.host, url.port)\nhttp.use_ssl = true\nhttp.verify_mode = OpenSSL::SSL::VERIFY_NONE\n\nrequest = Net::HTTP::Post.new(url)\nrequest["content-type"] = 'application\u002Fx-www-form-urlencoded'\nrequest.body = "grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D"\n\nresponse = http.request(request)\nputs response.read_body\u003C\u002Fcode\u003E","code":"require 'uri'\nrequire 'net\u002Fhttp'\nrequire 'openssl'\n\nurl = URI(\"https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken\")\n\nhttp = Net::HTTP.new(url.host, url.port)\nhttp.use_ssl = true\nhttp.verify_mode = OpenSSL::SSL::VERIFY_NONE\n\nrequest = Net::HTTP::Post.new(url)\nrequest[\"content-type\"] = 'application\u002Fx-www-form-urlencoded'\nrequest.body = \"grant_type=authorization_code&client_id=%24%7Baccount.clientId%7D&client_secret=YOUR_CLIENT_SECRET&code=YOUR_AUTHORIZATION_CODE&redirect_uri=%24%7Baccount.callback%7D\"\n\nresponse = http.request(request)\nputs response.read_body","tabPaneFooter":"","index":10,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-11","props":{"children":"\u003Ccode class=\"swift no-lines\"\u003Eimport Foundation\n\nlet headers = ["content-type": "application\u002Fx-www-form-urlencoded"]\n\nlet postData = NSMutableData(data: "grant_type=authorization_code".data(using: String.Encoding.utf8)!)\npostData.append("&client_id=__AUTH0_CLIENT_ID__".data(using: String.Encoding.utf8)!)\npostData.append("&client_secret=YOUR_CLIENT_SECRET".data(using: String.Encoding.utf8)!)\npostData.append("&code=YOUR_AUTHORIZATION_CODE".data(using: String.Encoding.utf8)!)\npostData.append("&redirect_uri=__AUTH0_CALLBACK__".data(using: String.Encoding.utf8)!)\n\nlet request = NSMutableURLRequest(url: NSURL(string: "https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken")! as URL,\n cachePolicy: .useProtocolCachePolicy,\n timeoutInterval: 10.0)\nrequest.httpMethod = "POST"\nrequest.allHTTPHeaderFields = headers\nrequest.httpBody = postData as Data\n\nlet session = URLSession.shared\nlet dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in\n if (error != nil) {\n print(error)\n } else {\n let httpResponse = response as? HTTPURLResponse\n print(httpResponse)\n }\n})\n\ndataTask.resume()\u003C\u002Fcode\u003E","code":"import Foundation\n\nlet headers = [\"content-type\": \"application\u002Fx-www-form-urlencoded\"]\n\nlet postData = NSMutableData(data: \"grant_type=authorization_code\".data(using: String.Encoding.utf8)!)\npostData.append(\"&client_id=__AUTH0_CLIENT_ID__\".data(using: String.Encoding.utf8)!)\npostData.append(\"&client_secret=YOUR_CLIENT_SECRET\".data(using: String.Encoding.utf8)!)\npostData.append(\"&code=YOUR_AUTHORIZATION_CODE\".data(using: String.Encoding.utf8)!)\npostData.append(\"&redirect_uri=__AUTH0_CALLBACK__\".data(using: String.Encoding.utf8)!)\n\nlet request = NSMutableURLRequest(url: NSURL(string: \"https:\u002F\u002F__AUTH0_NAMESPACE__\u002Foauth\u002Ftoken\")! as URL,\n cachePolicy: .useProtocolCachePolicy,\n timeoutInterval: 10.0)\nrequest.httpMethod = \"POST\"\nrequest.allHTTPHeaderFields = headers\nrequest.httpBody = postData as Data\n\nlet session = URLSession.shared\nlet dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -\u003E Void in\n if (error != nil) {\n print(error)\n } else {\n let httpResponse = response as? HTTPURLResponse\n print(httpResponse)\n }\n})\n\ndataTask.resume()","tabPaneFooter":"","index":11,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-12","props":{"children":"\u003Ccode class=\"language-js\"\u003E{\n "access_token": "eyJz93a...k4laUWw",\n "refresh_token": "GEbRxBN...edjnXbL",\n "id_token": "eyJ0XAi...4faeEoQ",\n "token_type": "Bearer"\n}\n\u003C\u002Fcode\u003E","code":"{\n \"access_token\": \"eyJz93a...k4laUWw\",\n \"refresh_token\": \"GEbRxBN...edjnXbL\",\n \"id_token\": \"eyJ0XAi...4faeEoQ\",\n \"token_type\": \"Bearer\"\n}","tabPaneFooter":"","index":12,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-13","props":{"children":"\u003Ccode class=\"text no-lines\"\u003Ecurl --request GET \\\n --url https:\u002F\u002Fsomeapi.com\u002Fapi \\\n --header 'authorization: Bearer ACCESS_TOKEN' \\\n --header 'content-type: application\u002Fjson'\u003C\u002Fcode\u003E","code":"curl --request GET \\\n --url https:\u002F\u002Fsomeapi.com\u002Fapi \\\n --header 'authorization: Bearer ACCESS_TOKEN' \\\n --header 'content-type: application\u002Fjson'","tabPaneFooter":"","index":13,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-14","props":{"children":"\u003Ccode class=\"csharp no-lines\"\u003Evar client = new RestClient("https:\u002F\u002Fsomeapi.com\u002Fapi");\nvar request = new RestRequest(Method.GET);\nrequest.AddHeader("content-type", "application\u002Fjson");\nrequest.AddHeader("authorization", "Bearer ACCESS_TOKEN");\nIRestResponse response = client.Execute(request);\u003C\u002Fcode\u003E","code":"var client = new RestClient(\"https:\u002F\u002Fsomeapi.com\u002Fapi\");\nvar request = new RestRequest(Method.GET);\nrequest.AddHeader(\"content-type\", \"application\u002Fjson\");\nrequest.AddHeader(\"authorization\", \"Bearer ACCESS_TOKEN\");\nIRestResponse response = client.Execute(request);","tabPaneFooter":"","index":14,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-15","props":{"children":"\u003Ccode class=\"go no-lines\"\u003Epackage main\n\nimport (\n\t"fmt"\n\t"net\u002Fhttp"\n\t"io\u002Fioutil"\n)\n\nfunc main() {\n\n\turl := "https:\u002F\u002Fsomeapi.com\u002Fapi"\n\n\treq, _ := http.NewRequest("GET", url, nil)\n\n\treq.Header.Add("content-type", "application\u002Fjson")\n\treq.Header.Add("authorization", "Bearer ACCESS_TOKEN")\n\n\tres, _ := http.DefaultClient.Do(req)\n\n\tdefer res.Body.Close()\n\tbody, _ := ioutil.ReadAll(res.Body)\n\n\tfmt.Println(res)\n\tfmt.Println(string(body))\n\n}\u003C\u002Fcode\u003E","code":"package main\n\nimport (\n\t\"fmt\"\n\t\"net\u002Fhttp\"\n\t\"io\u002Fioutil\"\n)\n\nfunc main() {\n\n\turl := \"https:\u002F\u002Fsomeapi.com\u002Fapi\"\n\n\treq, _ := http.NewRequest(\"GET\", url, nil)\n\n\treq.Header.Add(\"content-type\", \"application\u002Fjson\")\n\treq.Header.Add(\"authorization\", \"Bearer ACCESS_TOKEN\")\n\n\tres, _ := http.DefaultClient.Do(req)\n\n\tdefer res.Body.Close()\n\tbody, _ := ioutil.ReadAll(res.Body)\n\n\tfmt.Println(res)\n\tfmt.Println(string(body))\n\n}","tabPaneFooter":"","index":15,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-16","props":{"children":"\u003Ccode class=\"java no-lines\"\u003EHttpResponse<String> response = Unirest.get("https:\u002F\u002Fsomeapi.com\u002Fapi")\n .header("content-type", "application\u002Fjson")\n .header("authorization", "Bearer ACCESS_TOKEN")\n .asString();\u003C\u002Fcode\u003E","code":"HttpResponse\u003CString\u003E response = Unirest.get(\"https:\u002F\u002Fsomeapi.com\u002Fapi\")\n .header(\"content-type\", \"application\u002Fjson\")\n .header(\"authorization\", \"Bearer ACCESS_TOKEN\")\n .asString();","tabPaneFooter":"","index":16,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-17","props":{"children":"\u003Ccode class=\"javascript no-lines\"\u003Evar request = require("request");\n\nvar options = {\n method: 'GET',\n url: 'https:\u002F\u002Fsomeapi.com\u002Fapi',\n headers: {'content-type': 'application\u002Fjson', authorization: 'Bearer ACCESS_TOKEN'}\n};\n\nrequest(options, function (error, response, body) {\n if (error) throw new Error(error);\n\n console.log(body);\n});\n\u003C\u002Fcode\u003E","code":"var request = require(\"request\");\n\nvar options = {\n method: 'GET',\n url: 'https:\u002F\u002Fsomeapi.com\u002Fapi',\n headers: {'content-type': 'application\u002Fjson', authorization: 'Bearer ACCESS_TOKEN'}\n};\n\nrequest(options, function (error, response, body) {\n if (error) throw new Error(error);\n\n console.log(body);\n});","tabPaneFooter":"","index":17,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-18","props":{"children":"\u003Ccode class=\"objective-c no-lines\"\u003E#import <Foundation\u002FFoundation.h>\n\nNSDictionary *headers = @{ @"content-type": @"application\u002Fjson",\n @"authorization": @"Bearer ACCESS_TOKEN" };\n\nNSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https:\u002F\u002Fsomeapi.com\u002Fapi"]\n cachePolicy:NSURLRequestUseProtocolCachePolicy\n timeoutInterval:10.0];\n[request setHTTPMethod:@"GET"];\n[request setAllHTTPHeaderFields:headers];\n\nNSURLSession *session = [NSURLSession sharedSession];\nNSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request\n completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {\n if (error) {\n NSLog(@"%@", error);\n } else {\n NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;\n NSLog(@"%@", httpResponse);\n }\n }];\n[dataTask resume];\u003C\u002Fcode\u003E","code":"#import \u003CFoundation\u002FFoundation.h\u003E\n\nNSDictionary *headers = @{ @\"content-type\": @\"application\u002Fjson\",\n @\"authorization\": @\"Bearer ACCESS_TOKEN\" };\n\nNSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@\"https:\u002F\u002Fsomeapi.com\u002Fapi\"]\n cachePolicy:NSURLRequestUseProtocolCachePolicy\n timeoutInterval:10.0];\n[request setHTTPMethod:@\"GET\"];\n[request setAllHTTPHeaderFields:headers];\n\nNSURLSession *session = [NSURLSession sharedSession];\nNSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request\n completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {\n if (error) {\n NSLog(@\"%@\", error);\n } else {\n NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;\n NSLog(@\"%@\", httpResponse);\n }\n }];\n[dataTask resume];","tabPaneFooter":"","index":18,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-19","props":{"children":"\u003Ccode class=\"php no-lines\"\u003E$curl = curl_init();\n\ncurl_setopt_array($curl, array(\n CURLOPT_URL => "https:\u002F\u002Fsomeapi.com\u002Fapi",\n CURLOPT_RETURNTRANSFER => true,\n CURLOPT_ENCODING => "",\n CURLOPT_MAXREDIRS => 10,\n CURLOPT_TIMEOUT => 30,\n CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,\n CURLOPT_CUSTOMREQUEST => "GET",\n CURLOPT_HTTPHEADER => array(\n "authorization: Bearer ACCESS_TOKEN",\n "content-type: application\u002Fjson"\n ),\n));\n\n$response = curl_exec($curl);\n$err = curl_error($curl);\n\ncurl_close($curl);\n\nif ($err) {\n echo "cURL Error #:" . $err;\n} else {\n echo $response;\n}\u003C\u002Fcode\u003E","code":"$curl = curl_init();\n\ncurl_setopt_array($curl, array(\n CURLOPT_URL =\u003E \"https:\u002F\u002Fsomeapi.com\u002Fapi\",\n CURLOPT_RETURNTRANSFER =\u003E true,\n CURLOPT_ENCODING =\u003E \"\",\n CURLOPT_MAXREDIRS =\u003E 10,\n CURLOPT_TIMEOUT =\u003E 30,\n CURLOPT_HTTP_VERSION =\u003E CURL_HTTP_VERSION_1_1,\n CURLOPT_CUSTOMREQUEST =\u003E \"GET\",\n CURLOPT_HTTPHEADER =\u003E array(\n \"authorization: Bearer ACCESS_TOKEN\",\n \"content-type: application\u002Fjson\"\n ),\n));\n\n$response = curl_exec($curl);\n$err = curl_error($curl);\n\ncurl_close($curl);\n\nif ($err) {\n echo \"cURL Error #:\" . $err;\n} else {\n echo $response;\n}","tabPaneFooter":"","index":19,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-20","props":{"children":"\u003Ccode class=\"python no-lines\"\u003Eimport http.client\n\nconn = http.client.HTTPSConnection("someapi.com")\n\nheaders = {\n 'content-type': "application\u002Fjson",\n 'authorization': "Bearer ACCESS_TOKEN"\n }\n\nconn.request("GET", "\u002Fapi", headers=headers)\n\nres = conn.getresponse()\ndata = res.read()\n\nprint(data.decode("utf-8"))\u003C\u002Fcode\u003E","code":"import http.client\n\nconn = http.client.HTTPSConnection(\"someapi.com\")\n\nheaders = {\n 'content-type': \"application\u002Fjson\",\n 'authorization': \"Bearer ACCESS_TOKEN\"\n }\n\nconn.request(\"GET\", \"\u002Fapi\", headers=headers)\n\nres = conn.getresponse()\ndata = res.read()\n\nprint(data.decode(\"utf-8\"))","tabPaneFooter":"","index":20,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-21","props":{"children":"\u003Ccode class=\"ruby no-lines\"\u003Erequire 'uri'\nrequire 'net\u002Fhttp'\nrequire 'openssl'\n\nurl = URI("https:\u002F\u002Fsomeapi.com\u002Fapi")\n\nhttp = Net::HTTP.new(url.host, url.port)\nhttp.use_ssl = true\nhttp.verify_mode = OpenSSL::SSL::VERIFY_NONE\n\nrequest = Net::HTTP::Get.new(url)\nrequest["content-type"] = 'application\u002Fjson'\nrequest["authorization"] = 'Bearer ACCESS_TOKEN'\n\nresponse = http.request(request)\nputs response.read_body\u003C\u002Fcode\u003E","code":"require 'uri'\nrequire 'net\u002Fhttp'\nrequire 'openssl'\n\nurl = URI(\"https:\u002F\u002Fsomeapi.com\u002Fapi\")\n\nhttp = Net::HTTP.new(url.host, url.port)\nhttp.use_ssl = true\nhttp.verify_mode = OpenSSL::SSL::VERIFY_NONE\n\nrequest = Net::HTTP::Get.new(url)\nrequest[\"content-type\"] = 'application\u002Fjson'\nrequest[\"authorization\"] = 'Bearer ACCESS_TOKEN'\n\nresponse = http.request(request)\nputs response.read_body","tabPaneFooter":"","index":21,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-22","props":{"children":"\u003Ccode class=\"swift no-lines\"\u003Eimport Foundation\n\nlet headers = [\n "content-type": "application\u002Fjson",\n "authorization": "Bearer ACCESS_TOKEN"\n]\n\nlet request = NSMutableURLRequest(url: NSURL(string: "https:\u002F\u002Fsomeapi.com\u002Fapi")! as URL,\n cachePolicy: .useProtocolCachePolicy,\n timeoutInterval: 10.0)\nrequest.httpMethod = "GET"\nrequest.allHTTPHeaderFields = headers\n\nlet session = URLSession.shared\nlet dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in\n if (error != nil) {\n print(error)\n } else {\n let httpResponse = response as? HTTPURLResponse\n print(httpResponse)\n }\n})\n\ndataTask.resume()\u003C\u002Fcode\u003E","code":"import Foundation\n\nlet headers = [\n \"content-type\": \"application\u002Fjson\",\n \"authorization\": \"Bearer ACCESS_TOKEN\"\n]\n\nlet request = NSMutableURLRequest(url: NSURL(string: \"https:\u002F\u002Fsomeapi.com\u002Fapi\")! as URL,\n cachePolicy: .useProtocolCachePolicy,\n timeoutInterval: 10.0)\nrequest.httpMethod = \"GET\"\nrequest.allHTTPHeaderFields = headers\n\nlet session = URLSession.shared\nlet dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -\u003E Void in\n if (error != nil) {\n print(error)\n } else {\n let httpResponse = response as? HTTPURLResponse\n print(httpResponse)\n }\n})\n\ndataTask.resume()","tabPaneFooter":"","index":22,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}},{"component":"CodeBlock","containerID":"portal-code-block-23","props":{"children":"\u003Ccode class=\"language-javascript\"\u003Efunction(user, context, callback) {\n\n \u002F\u002F add custom claims to Access Token and ID Token\n context.accessToken['http:\u002F\u002Ffoo\u002Fbar'] = 'value';\n context.idToken['http:\u002F\u002Ffiz\u002Fbaz'] = 'some other value';\n\n \u002F\u002F change scope\n context.accessToken.scope = ['array', 'of', 'strings'];\n\n callback(null, user, context);\n}\n\u003C\u002Fcode\u003E","code":"function(user, context, callback) {\n\n \u002F\u002F add custom claims to Access Token and ID Token\n context.accessToken['http:\u002F\u002Ffoo\u002Fbar'] = 'value';\n context.idToken['http:\u002F\u002Ffiz\u002Fbaz'] = 'some other value';\n\n \u002F\u002F change scope\n context.accessToken.scope = ['array', 'of', 'strings'];\n\n callback(null, user, context);\n}","tabPaneFooter":"","index":23,"meta":{"public":true,"description":"How to execute an Authorization Code Grant flow from a Regular Web application","toc":true,"topics":["api-authentication","oidc","authorization-code"],"contentType":"tutorial","useCase":["secure-api","call-api"],"sitemap":true,"title":"Execute an Authorization Code Grant Flow","editUrl":"https:\u002F\u002Fgithub.com\u002Fauth0\u002Fdocs\u002Fedit\u002Fmaster\u002Farticles\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant.md","section":"articles","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant","routeName":"article","titles":[{"content":"1. Get the User's Authorization","anchor":"1-get-the-user-s-authorization","level":2},{"content":"2. Exchange the Authorization Code for an Access Token","anchor":"2-exchange-the-authorization-code-for-an-access-token","level":2},{"content":"3. Call the API","anchor":"3-call-the-api","level":2},{"content":"4. Verify the Token","anchor":"4-verify-the-token","level":2},{"content":"Optional: Customize the Tokens","anchor":"optional-customize-the-tokens","level":2},{"content":"Keep Reading","anchor":"keep-reading","level":2}],"breadcrumbs":[{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}]}}}]}}},"user":{"isAuthenticated":false,"account":{"userName":"","appName":"YOUR_APP_NAME","tenant":"YOUR_TENANT","namespace":"YOUR_DOMAIN","clientId":"YOUR_CLIENT_ID","clientSecret":"YOUR_CLIENT_SECRET","callback":"https:\u002F\u002FYOUR_APP\u002Fcallback"},"connectionName":"YOUR_CONNECTION_NAME","apiIdentifier":"YOUR_API_IDENTIFIER","manage_url":"https:\u002F\u002Fmanage.auth0.com\u002F#","userResources":{"nonGlobalClients":[],"nonGlobalApis":[],"selectedClientId":"YOUR_CLIENT_ID","selectedApiId":"YOUR_API_IDENTIFIER","clientsSortedByType":{}},"profile":{}},"userResources":{"nonGlobalClients":[],"nonGlobalApis":[],"selectedClientId":"YOUR_CLIENT_ID","selectedApiId":"YOUR_API_IDENTIFIER","clientsSortedByType":{}}},"UserStore":{"user":{"isAuthenticated":false,"account":{"userName":"","appName":"YOUR_APP_NAME","tenant":"YOUR_TENANT","namespace":"YOUR_DOMAIN","clientId":"YOUR_CLIENT_ID","clientSecret":"YOUR_CLIENT_SECRET","callback":"https:\u002F\u002FYOUR_APP\u002Fcallback"},"connectionName":"YOUR_CONNECTION_NAME","apiIdentifier":"YOUR_API_IDENTIFIER","manage_url":"https:\u002F\u002Fmanage.auth0.com\u002F#","userResources":{"nonGlobalClients":[],"nonGlobalApis":[],"selectedClientId":"YOUR_CLIENT_ID","selectedApiId":"YOUR_API_IDENTIFIER","clientsSortedByType":{}},"profile":{}},"profile":{},"userResources":{"nonGlobalClients":[],"nonGlobalApis":[],"selectedClientId":"YOUR_CLIENT_ID","selectedApiId":"YOUR_API_IDENTIFIER","clientsSortedByType":{}}},"NavigationStore":{"navigation":{"sections":[{"id":"articles","title":"Articles","url":"\u002Fdocs\u002Fgetting-started","folder":"","default":true},{"id":"quickstarts","title":"QuickStarts","url":"\u002Fdocs\u002Fquickstarts","folder":"quickstart"},{"id":"apis","title":"Auth0 APIs","url":"\u002Fdocs\u002Fapi\u002Finfo","folder":"api"},{"id":"libraries","title":"Libraries","url":"\u002Fdocs\u002Flibraries","folder":"libraries"},{"id":"videos","title":"Videos","url":"\u002Fdocs\u002Fvideos","folder":"videos"},{"id":"identity-labs","title":"Identity Labs","url":"\u002Fdocs\u002Fidentity-labs","folder":"identity-labs"}],"sidebar":{"articles":[{"title":"Get Started","url":"\u002Fdocs\u002Fgetting-started","children":[{"title":"Auth0 Overview","url":"\u002Fdocs\u002Fgetting-started\u002Foverview","isActiveUrl":false},{"title":"Learn the Basics","url":"\u002Fdocs\u002Fgetting-started\u002Fthe-basics","isActiveUrl":false},{"title":"Dashboard Overview","url":"\u002Fdocs\u002Fgetting-started\u002Fdashboard-overview","isActiveUrl":false},{"title":"Create a Tenant","url":"\u002Fdocs\u002Fgetting-started\u002Fcreate-tenant","isActiveUrl":false},{"title":"Set Up An App","url":"\u002Fdocs\u002Fgetting-started\u002Fset-up-app","children":[{"title":"Regular Web App","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Fapplications\u002Fregister-app-regular-web","isActiveUrl":false},{"title":"Native App","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Fapplications\u002Fregister-app-native","isActiveUrl":false},{"title":"Single-Page App","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Fapplications\u002Fregister-app-spa","isActiveUrl":false},{"title":"Backend\u002FService","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Fapplications\u002Fregister-app-m2m","isActiveUrl":false}],"isActiveUrl":false},{"title":"Set Up an API","url":"\u002Fdocs\u002Fgetting-started\u002Fset-up-api","isActiveUrl":false},{"title":"Set Up Multiple Environments","url":"\u002Fdocs\u002Fdev-lifecycle\u002Fsetting-up-env","hidden":true,"isActiveUrl":false},{"title":"Deployment Models","url":"\u002Fdocs\u002Fgetting-started\u002Fdeployment-models","isActiveUrl":false}],"isActiveUrl":false},{"title":"Architecture Scenarios","url":"\u002Fdocs\u002Farchitecture-scenarios","children":[{"title":"Business to Consumer","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fb2c","children":[{"title":"Architecture","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2c\u002Fb2c-architecture","isActiveUrl":false},{"title":"Provisioning","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2c\u002Fb2c-provisioning","isActiveUrl":false},{"title":"Authentication","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2c\u002Fb2c-authentication","isActiveUrl":false},{"title":"Branding","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2c\u002Fb2c-branding","isActiveUrl":false},{"title":"Deployment Automation","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2c\u002Fb2c-deployment","isActiveUrl":false},{"title":"Quality Assurance","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2c\u002Fb2c-qa","isActiveUrl":false},{"title":"Profile Management","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2c\u002Fb2c-profile-mgmt","isActiveUrl":false},{"title":"Authorization","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2c\u002Fb2c-authorization","isActiveUrl":false},{"title":"Logout","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2c\u002Fb2c-logout","isActiveUrl":false},{"title":"Operations","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2c\u002Fb2c-operations","isActiveUrl":false},{"title":"Launch Preparation","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2c\u002Fb2c-launch","isActiveUrl":false}],"isActiveUrl":false},{"title":"Business to Business","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fb2b","children":[{"title":"Architecture","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2b\u002Fb2b-architecture","isActiveUrl":false},{"title":"Provisioning","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2b\u002Fb2b-provisioning","isActiveUrl":false},{"title":"Authentication","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2b\u002Fb2b-authentication","isActiveUrl":false},{"title":"Branding","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2b\u002Fb2b-branding","isActiveUrl":false},{"title":"Deployment Automation","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2b\u002Fb2b-deployment","isActiveUrl":false},{"title":"Quality Assurance","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2b\u002Fb2b-qa","isActiveUrl":false},{"title":"Profile Management","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2b\u002Fb2b-profile-mgmt","isActiveUrl":false},{"title":"Authorization","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2b\u002Fb2b-authorization","isActiveUrl":false},{"title":"Logout","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2b\u002Fb2b-logout","isActiveUrl":false},{"title":"Operations","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2b\u002Fb2b-operations","isActiveUrl":false},{"title":"Launch Preparation","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation\u002Fb2b\u002Fb2b-launch","isActiveUrl":false}],"isActiveUrl":false},{"title":"Business to Employees","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fb2e","isActiveUrl":false},{"title":"SSO for Regular Web Apps","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fweb-app-sso","children":[{"title":"Solution Overview","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fweb-app-sso\u002Fpart-1","isActiveUrl":false},{"title":"Configuration","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fweb-app-sso\u002Fpart-2","isActiveUrl":false},{"title":"Implementation","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fweb-app-sso\u002Fpart-3","isActiveUrl":false},{"title":"Conclusion","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fweb-app-sso\u002Fpart-4","isActiveUrl":false}],"isActiveUrl":false},{"title":"Server Application + API","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fserver-api","children":[{"title":"Solution Overview","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fserver-api\u002Fpart-1","isActiveUrl":false},{"title":"Configuration","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fserver-api\u002Fpart-2","isActiveUrl":false},{"title":"Implementation","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fserver-api\u002Fpart-3","isActiveUrl":false},{"title":"Conclusion","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fserver-api\u002Fpart-4","isActiveUrl":false}],"isActiveUrl":false},{"title":"SPA + API","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fspa-api","children":[{"title":"Solution Overview","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fspa-api\u002Fpart-1","isActiveUrl":false},{"title":"Configuration","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fspa-api\u002Fpart-2","isActiveUrl":false},{"title":"Implementation","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fspa-api\u002Fpart-3","isActiveUrl":false},{"title":"Conclusion","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fspa-api\u002Fpart-4","isActiveUrl":false}],"isActiveUrl":false},{"title":"Mobile + API","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fmobile-api","children":[{"title":"Solution Overview","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fmobile-api\u002Fpart-1","isActiveUrl":false},{"title":"Configuration","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fmobile-api\u002Fpart-2","isActiveUrl":false},{"title":"Implementation","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fmobile-api\u002Fpart-3","isActiveUrl":false},{"title":"Conclusion","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fmobile-api\u002Fpart-4","isActiveUrl":false}],"isActiveUrl":false},{"title":"Implementation Checklists","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fchecklists","isActiveUrl":false},{"title":"Implementation Resources","url":"\u002Fdocs\u002Farchitecture-scenarios\u002Fimplementation-resources","isActiveUrl":false}],"isActiveUrl":false},{"title":"Login","url":"\u002Fdocs\u002Flogin","children":[{"title":"Universal Login","url":"\u002Fdocs\u002Funiversal-login","children":[{"title":"New Experience","url":"\u002Fdocs\u002Funiversal-login\u002Fnew","isActiveUrl":false},{"title":"Classic Experience","url":"\u002Fdocs\u002Funiversal-login\u002Fclassic","isActiveUrl":false},{"title":"Password Reset","url":"\u002Fdocs\u002Funiversal-login\u002Fpassword-reset","isActiveUrl":false},{"title":"Multi-factor Authentication","url":"\u002Fdocs\u002Funiversal-login\u002Fmultifactor-authentication","isActiveUrl":false},{"title":"Passwordless","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Funiversal-login\u002Fconfigure-login-page-passwordless","isActiveUrl":false},{"title":"Error Pages","url":"\u002Fdocs\u002Funiversal-login\u002Ferror-pages","isActiveUrl":false},{"title":"Text Customization","url":"\u002Fdocs\u002Funiversal-login\u002Ftext-customization","isActiveUrl":false},{"title":"Internationalization","url":"\u002Fdocs\u002Funiversal-login\u002Fi18n","isActiveUrl":false},{"title":"Default Login URL","url":"\u002Fdocs\u002Funiversal-login\u002Fdefault-login-url","isActiveUrl":false},{"title":"Version Control","url":"\u002Fdocs\u002Funiversal-login\u002Fversion-control","isActiveUrl":false}],"isActiveUrl":false},{"title":"Universal vs Embedded Login","url":"\u002Fdocs\u002Fguides\u002Flogin\u002Funiversal-vs-embedded","isActiveUrl":false},{"title":"Embedded Login","url":"\u002Fdocs\u002Flogin\u002Fembedded","children":[{"title":"Lock for Web","url":"\u002Fdocs\u002Flibraries\u002Flock\u002Fv11","isActiveUrl":false},{"title":"Auth0.js","url":"\u002Fdocs\u002Flibraries\u002Fauth0js\u002Fv9","isActiveUrl":false},{"title":"Cross-Origin Authentication","url":"\u002Fdocs\u002Fcross-origin-authentication","isActiveUrl":false}],"isActiveUrl":false},{"title":"Authentication Flows","url":"\u002Fdocs\u002Fflows","children":[{"title":"Regular Web App","url":"\u002Fdocs\u002Fflows\u002Fguides\u002Fauth-code\u002Fadd-login-auth-code","isActiveUrl":false},{"title":"Single-Page App","url":"\u002Fdocs\u002Fflows\u002Fguides\u002Fimplicit\u002Fadd-login-implicit","isActiveUrl":false},{"title":"Native App","url":"\u002Fdocs\u002Fflows\u002Fguides\u002Fauth-code-pkce\u002Fadd-login-auth-code-pkce","isActiveUrl":false}],"isActiveUrl":false},{"title":"Multi-Factor Authentication","url":"\u002Fdocs\u002Fmultifactor-authentication","children":[{"title":"Overview","url":"\u002Fdocs\u002Fmultifactor-authentication","isActiveUrl":false},{"title":"Factors","url":"\u002Fdocs\u002Fmultifactor-authentication\u002Ffactors","children":[{"title":"Push","url":"\u002Fdocs\u002Fmultifactor-authentication\u002Ffactors\u002Fpush","hidden":true,"isActiveUrl":false},{"title":"OTP","url":"\u002Fdocs\u002Fmultifactor-authentication\u002Ffactors\u002Fotp","hidden":true,"isActiveUrl":false},{"title":"SMS","url":"\u002Fdocs\u002Fmultifactor-authentication\u002Ffactors\u002Fsms","hidden":true,"isActiveUrl":false},{"title":"Duo","url":"\u002Fdocs\u002Fmultifactor-authentication\u002Ffactors\u002Fduo","hidden":true,"isActiveUrl":false},{"title":"Email","url":"\u002Fdocs\u002Fmultifactor-authentication\u002Ffactors\u002Femail","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"Custom","url":"\u002Fdocs\u002Fmultifactor-authentication\u002Fcustom","isActiveUrl":false},{"title":"Step-Up","url":"\u002Fdocs\u002Fmultifactor-authentication\u002Fstep-up-authentication","isActiveUrl":false},{"title":"MFA API","url":"\u002Fdocs\u002Fmultifactor-authentication\u002Fapi","children":[{"title":"Trigger MFA","url":"\u002Fdocs\u002Fmultifactor-authentication\u002Fapi\u002Fchallenges","hidden":true,"isActiveUrl":false},{"title":"One-Time Password Challenge","url":"\u002Fdocs\u002Fmultifactor-authentication\u002Fapi\u002Fotp","hidden":true,"isActiveUrl":false},{"title":"SMS Message Challenge","url":"\u002Fdocs\u002Fmultifactor-authentication\u002Fapi\u002Foob","hidden":true,"isActiveUrl":false},{"title":"Email Authenticator","url":"\u002Fdocs\u002Fmultifactor-authentication\u002Fapi\u002Femail","hidden":true,"isActiveUrl":false},{"title":"Manage Authenticators","url":"\u002Fdocs\u002Fmultifactor-authentication\u002Fapi\u002Fmanage","hidden":true,"isActiveUrl":false},{"title":"FAQ","url":"\u002Fdocs\u002Fmultifactor-authentication\u002Fapi\u002Ffaq","hidden":true,"isActiveUrl":false}],"isActiveUrl":false}],"isActiveUrl":false},{"title":"Silent Authentication","url":"\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fsilent-authentication","isActiveUrl":false},{"title":"Redirect After Login","url":"\u002Fdocs\u002Fusers\u002Fguides\u002Fredirect-users-after-login","isActiveUrl":false},{"title":"Logout","url":"\u002Fdocs\u002Flogout","children":[{"title":"Apps","url":"\u002Fdocs\u002Flogout\u002Fguides\u002Flogout-applications","isActiveUrl":false},{"title":"Auth0","url":"\u002Fdocs\u002Flogout\u002Fguides\u002Flogout-auth0","isActiveUrl":false},{"title":"Identity Providers","url":"\u002Fdocs\u002Flogout\u002Fguides\u002Flogout-idps","isActiveUrl":false},{"title":"SAML Identity Providers","url":"\u002Fdocs\u002Flogout\u002Fguides\u002Flogout-saml-idps","isActiveUrl":false},{"title":"Redirect After Logout","url":"\u002Fdocs\u002Flogout\u002Fguides\u002Fredirect-users-after-logout","isActiveUrl":false}],"isActiveUrl":false}],"isActiveUrl":false},{"title":"Connections","url":"\u002Fdocs\u002Fconnections","children":[{"title":"Social Identity Providers","url":"\u002Fdocs\u002Fconnections\u002Fidentity-providers-social","isActiveUrl":false},{"title":"Enterprise Identity Providers","url":"\u002Fdocs\u002Fconnections\u002Fidentity-providers-enterprise","isActiveUrl":false},{"title":"Legal Identity Providers","url":"\u002Fdocs\u002Fconnections\u002Fidentity-providers-legal","isActiveUrl":false},{"title":"Database","url":"\u002Fdocs\u002Fconnections\u002Fdatabase","children":[{"title":"Auth0 User Store","url":"\u002Fdocs\u002Fconnections\u002Fdatabase#using-the-auth0-user-store","isActiveUrl":false},{"title":"Your User Store","url":"\u002Fdocs\u002Fconnections\u002Fdatabase\u002Fcustom-db","children":[{"title":"Overview","url":"\u002Fdocs\u002Fconnections\u002Fdatabase\u002Fcustom-db\u002Foverview-custom-db-connections","hidden":true,"isActiveUrl":false},{"title":"Create Connections","url":"\u002Fdocs\u002Fconnections\u002Fdatabase\u002Fcustom-db\u002Fcreate-db-connections","hidden":true,"isActiveUrl":false},{"title":"Scripts","url":"\u002Fdocs\u002Fconnections\u002Fdatabase\u002Fcustom-db\u002Ftemplates","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"Password Policies","url":"\u002Fdocs\u002Fconnections\u002Fdatabase\u002Fpassword-options","isActiveUrl":false},{"title":"Password Strength","url":"\u002Fdocs\u002Fconnections\u002Fdatabase\u002Fpassword-strength","isActiveUrl":false}],"isActiveUrl":false},{"title":"SAML Identity Providers","url":"\u002Fdocs\u002Fprotocols\u002Fsaml\u002Fidentity-providers\u002F","isActiveUrl":false},{"title":"Pass Parameters to Identity Providers","url":"\u002Fdocs\u002Fconnections\u002Fpass-parameters-to-idps","isActiveUrl":false},{"title":"Passwordless","url":"\u002Fdocs\u002Fconnections\u002Fpasswordless","children":[{"title":"Authentication Factors","url":"\u002Fdocs\u002Fconnections\u002Fpasswordless","children":[{"title":"Email","url":"\u002Fdocs\u002Fconnections\u002Fpasswordless\u002Fguides\u002Femail-otp","isActiveUrl":false},{"title":"Magic Link","url":"\u002Fdocs\u002Fconnections\u002Fpasswordless\u002Fguides\u002Femail-magic-link","isActiveUrl":false},{"title":"SMS","url":"\u002Fdocs\u002Fconnections\u002Fpasswordless\u002Fguides\u002Fsms-otp","isActiveUrl":false}],"isActiveUrl":false},{"title":"Universal Login","url":"\u002Fdocs\u002Fconnections\u002Fpasswordless\u002Fguides\u002Funiversal-login","isActiveUrl":false},{"title":"Embedded Login","url":"\u002Fdocs\u002Fconnections\u002Fpasswordless\u002Fguides\u002Fembedded-login","children":[{"title":"Passwordless APIs","url":"\u002Fdocs\u002Fconnections\u002Fpasswordless\u002Freference\u002Frelevant-api-endpoints","isActiveUrl":false},{"title":"Native Apps","url":"\u002Fdocs\u002Fconnections\u002Fpasswordless\u002Fguides\u002Fembedded-login-native","isActiveUrl":false},{"title":"Web Apps","url":"\u002Fdocs\u002Fconnections\u002Fpasswordless\u002Fguides\u002Fembedded-login-webapps","isActiveUrl":false},{"title":"SPAs","url":"\u002Fdocs\u002Fconnections\u002Fpasswordless\u002Fguides\u002Fembedded-login-spa","isActiveUrl":false}],"isActiveUrl":false},{"title":"Best Practices","url":"\u002Fdocs\u002Fconnections\u002Fpasswordless\u002Fguides\u002Fbest-practices","isActiveUrl":false}],"isActiveUrl":false}],"isActiveUrl":false},{"title":"Authorization","url":"\u002Fdocs\u002Fauthorization","children":[{"title":"Authorization Flows","url":"\u002Fdocs\u002Fflows","children":[{"title":"Authorization Code","url":"\u002Fdocs\u002Fflows\u002Fguides\u002Fauth-code\u002Fcall-api-auth-code","isActiveUrl":false},{"title":"Authorization Code with PKCE","url":"\u002Fdocs\u002Fflows\u002Fguides\u002Fauth-code-pkce\u002Fcall-api-auth-code-pkce","isActiveUrl":false},{"title":"Client Credentials","url":"\u002Fdocs\u002Fflows\u002Fguides\u002Fclient-credentials\u002Fcall-api-client-credentials","isActiveUrl":false},{"title":"Device Authorization","url":"\u002Fdocs\u002Fflows\u002Fguides\u002Fdevice-auth\u002Fcall-api-device-auth","isActiveUrl":false},{"title":"Implicit","url":"\u002Fdocs\u002Fflows\u002Fguides\u002Fimplicit\u002Fcall-api-implicit","children":[{"title":"Mitigate Replay Attacks","url":"\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fnonce","hidden":true,"isActiveUrl":false}],"isActiveUrl":false}],"isActiveUrl":false},{"title":"Role-based Access Control (RBAC)","url":"\u002Fdocs\u002Fauthorization\u002Fconcepts\u002Frbac","isActiveUrl":false},{"title":"Authorization Policies","url":"\u002Fdocs\u002Fauthorization\u002Fconcepts\u002Fpolicies","isActiveUrl":false},{"title":"Rules for Authorization Policies","url":"\u002Fdocs\u002Fauthorization\u002Fconcepts\u002Fauthz-rules","isActiveUrl":false},{"title":"Sample Use Cases - RBAC","url":"\u002Fdocs\u002Fauthorization\u002Fconcepts\u002Fsample-use-cases-rbac","isActiveUrl":false},{"title":"Sample Use Cases - Rules","url":"\u002Fdocs\u002Fauthorization\u002Fconcepts\u002Fsample-use-cases-rules","isActiveUrl":false},{"title":"Authz Core vs. Authz Extension","url":"\u002Fdocs\u002Fauthorization\u002Fconcepts\u002Fcore-vs-extension","isActiveUrl":false},{"title":"How to Configure Core RBAC","url":"\u002Fdocs\u002Fauthorization\u002Fguides\u002Fhow-to","children":[{"title":"Manage Roles","url":"\u002Fdocs\u002Fauthorization\u002Fguides\u002Fmanage-roles","isActiveUrl":false},{"title":"Manage RBAC Users","url":"\u002Fdocs\u002Fauthorization\u002Fguides\u002Fmanage-users","isActiveUrl":false},{"title":"Manage RBAC Permissions","url":"\u002Fdocs\u002Fauthorization\u002Fguides\u002Fmanage-permissions","isActiveUrl":false},{"title":"Enable RBAC for APIs","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Fapis\u002Fenable-rbac","isActiveUrl":false}],"isActiveUrl":false}],"isActiveUrl":false},{"title":"Configuration","url":"\u002Fdocs\u002Fconfigure","children":[{"title":"Tenant Configuration","url":"\u002Fdocs\u002Fdashboard\u002Fdashboard-tenant-settings","children":[{"title":"Manage Tenant Administrators","url":"\u002Fdocs\u002Fdashboard\u002Fmanage-dashboard-admins","isActiveUrl":false},{"title":"Configure Session Lifetime Settings","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Ftenants\u002Fconfigure-session-lifetime-settings","isActiveUrl":false},{"title":"Enable SSO for Tenants","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Ftenants\u002Fenable-sso-tenant","isActiveUrl":false},{"title":"Configure Device User Code Settings","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Ftenants\u002Fconfigure-device-user-code-settings","isActiveUrl":false},{"title":"Recommended Settings","url":"\u002Fdocs\u002Fbest-practices\u002Ftenant-settings","isActiveUrl":false},{"title":"Dynamic Client Registration","url":"\u002Fdocs\u002Fapi-auth\u002Fdynamic-client-registration","isActiveUrl":false},{"title":"Create Multiple Tenants","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Ftenants\u002Fcreate-multiple-tenants","hidden":true,"isActiveUrl":false},{"title":"Child Tenant Request Process","url":"\u002Fdocs\u002Fdev-lifecycle\u002Fchild-tenants","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"Application Configuration","url":"\u002Fdocs\u002Fdashboard\u002Freference\u002Fsettings-application","children":[{"title":"Enable SSO for Applications","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Fapplications\u002Fenable-sso-app","isActiveUrl":false},{"title":"Update Grant Types","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Fapplications\u002Fupdate-grant-types","isActiveUrl":false},{"title":"Android App Links","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Fapplications\u002Fenable-android-app-links","isActiveUrl":false},{"title":"Apple Universal Links","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Fapplications\u002Fenable-universal-links","isActiveUrl":false},{"title":"Set Up Add-ons","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Fapplications\u002Fset-up-addons","isActiveUrl":false},{"title":"Remove Applications","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Fapplications\u002Fremove-app","isActiveUrl":false},{"title":"Check App Type","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Fapplications\u002Fview-app-type-confidential-public","isActiveUrl":false},{"title":"Rotate Client Secret","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Fapplications\u002Frotate-client-secret","isActiveUrl":false},{"title":"Wildcards for Subdomains","url":"\u002Fdocs\u002Fapplications\u002Freference\u002Fwildcard-subdomains","isActiveUrl":false},{"title":"Recommended Settings","url":"\u002Fdocs\u002Fbest-practices\u002Fapplication-settings","isActiveUrl":false}],"isActiveUrl":false},{"title":"API Configuration","url":"\u002Fdocs\u002Fdashboard\u002Freference\u002Fsettings-api","children":[{"title":"Signing Algorithms","url":"\u002Fdocs\u002Fapplications\u002Fconcepts\u002Fsigning-algorithms","isActiveUrl":false},{"title":"Represent Multiple APIs with a Single API","url":"\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Frepresent-multiple-apis","isActiveUrl":false},{"title":"Dashboard Views for APIs","url":"\u002Fdocs\u002Fdashboard\u002Freference\u002Fviews-api","isActiveUrl":false}],"isActiveUrl":false},{"title":"Single Sign-On","url":"\u002Fdocs\u002Fsso\u002Fcurrent","children":[{"title":"Inbound SSO","url":"\u002Fdocs\u002Fsso\u002Fcurrent\u002Finbound","isActiveUrl":false},{"title":"Outbound SSO","url":"\u002Fdocs\u002Fsso\u002Fcurrent\u002Foutbound","isActiveUrl":false},{"title":"Relevant API Endpoints","url":"\u002Fdocs\u002Fsso\u002Fcurrent\u002Frelevant-api-endpoints","isActiveUrl":false},{"title":"Single Sign-On with Auth0","url":"\u002Fdocs\u002Fsso\u002Fcurrent\u002Fsso-auth0","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"Anomaly Detection","url":"\u002Fdocs\u002Fanomaly-detection","children":[{"title":"Breached Password Security","url":"\u002Fdocs\u002Fanomaly-detection\u002Fconcepts\u002Fbreached-passwords","isActiveUrl":false},{"title":"Set Preferences","url":"\u002Fdocs\u002Fanomaly-detection\u002Fguides\u002Fset-anomaly-detection-preferences","isActiveUrl":false},{"title":"Customize Emails","url":"\u002Fdocs\u002Fanomaly-detection\u002Fguides\u002Fcustomize-blocked-account-emails","isActiveUrl":false},{"title":"Enable\u002FDisable Brute Force Protection","url":"\u002Fdocs\u002Fanomaly-detection\u002Fguides\u002Fenable-disable-brute-force-protection","isActiveUrl":false},{"title":"Breached Password Triggers","url":"\u002Fdocs\u002Fanomaly-detection\u002Freferences\u002Fbreached-password-detection-triggers-actions","isActiveUrl":false},{"title":"Brute-Force Protection Triggers","url":"\u002Fdocs\u002Fanomaly-detection\u002Freferences\u002Fbrute-force-protection-triggers-actions","isActiveUrl":false},{"title":"View Anomaly Detection Events","url":"\u002Fdocs\u002Fanomaly-detection\u002Fguides\u002Fuse-tenant-data-for-anomaly-detection","isActiveUrl":false}],"isActiveUrl":false},{"title":"SAML Configuration","url":"\u002Fdocs\u002Fprotocols\u002Fsaml","children":[{"title":"Overview","url":"\u002Fdocs\u002Fprotocols\u002Fsaml\u002Fsaml-configuration","isActiveUrl":false},{"title":"Configure Auth0 as a Service Provider","url":"\u002Fdocs\u002Fprotocols\u002Fsaml\u002Fsaml-configuration\u002Fauth0-as-service-provider","isActiveUrl":false},{"title":"Configure Auth0 as an Identity Provider","url":"\u002Fdocs\u002Fprotocols\u002Fsaml\u002Fsaml-configuration\u002Fauth0-as-identity-provider","isActiveUrl":false},{"title":"Configure Auth0 as Both Service and Identity Provider","url":"\u002Fdocs\u002Fprotocols\u002Fsaml\u002Fsaml-configuration\u002Fauth0-as-identity-and-service-provider","isActiveUrl":false},{"title":"SAML Design Considerations","url":"\u002Fdocs\u002Fprotocols\u002Fsaml\u002Fsaml-configuration\u002Fdesign-considerations","isActiveUrl":false},{"title":"Supported SAML Options and Bindings","url":"\u002Fdocs\u002Fprotocols\u002Fsaml\u002Fsaml-configuration\u002Fsupported-options-and-bindings","isActiveUrl":false},{"title":"Customize SAML Assertions","url":"\u002Fdocs\u002Fprotocols\u002Fsaml\u002Fsaml-configuration\u002Fsaml-assertions","isActiveUrl":false},{"title":"Logout","url":"\u002Fdocs\u002Fprotocols\u002Fsaml\u002Fsaml-configuration\u002Flogout","isActiveUrl":false},{"title":"Deprovision Users","url":"\u002Fdocs\u002Fprotocols\u002Fsaml\u002Fsaml-configuration\u002Fdeprovision-users","isActiveUrl":false},{"title":"SAML Configurations for SSO Integrations","url":"\u002Fdocs\u002Fprotocols\u002Fsaml\u002Fsaml-apps","isActiveUrl":false},{"title":"Special SAML Configuration Scenarios","url":"\u002Fdocs\u002Fprotocols\u002Fsaml\u002Fsaml-configuration\u002Fspecial-configuration-scenarios","children":[{"title":"IdP-Initiated Single Sign-On","url":"\u002Fdocs\u002Fprotocols\u002Fsaml\u002Fsaml-configuration\u002Fspecial-configuration-scenarios\u002Fidp-initiated-sso","hidden":true,"isActiveUrl":false},{"title":"Signing and Encrypting SAML Requests","url":"\u002Fdocs\u002Fprotocols\u002Fsaml\u002Fsaml-configuration\u002Fspecial-configuration-scenarios\u002Fsigning-and-encrypting-saml-requests","hidden":true,"isActiveUrl":false}],"isActiveUrl":false}],"isActiveUrl":false},{"title":"Whitelist IP Addresses","url":"\u002Fdocs\u002Fguides\u002Fip-whitelist","isActiveUrl":false}],"isActiveUrl":false},{"title":"Manage Users","url":"\u002Fdocs\u002Fusers","children":[{"title":"User Profiles","url":"\u002Fdocs\u002Fusers\u002Fconcepts\u002Foverview-user-profile","children":[{"title":"Normalized User Profile","url":"\u002Fdocs\u002Fusers\u002Fnormalized\u002Fauth0","isActiveUrl":false},{"title":"Update Profiles Using Your Database","url":"\u002Fdocs\u002Fusers\u002Fguides\u002Fupdate-user-profiles-using-your-database","isActiveUrl":false},{"title":"Progressive Profiling","url":"\u002Fdocs\u002Fusers\u002Fconcepts\u002Foverview-progressive-profiling","isActiveUrl":false},{"title":"User Profile Structure","url":"\u002Fdocs\u002Fusers\u002Freferences\u002Fuser-profile-structure","isActiveUrl":false}],"isActiveUrl":false},{"title":"Metadata","url":"\u002Fdocs\u002Fusers\u002Fconcepts\u002Foverview-user-metadata","children":[{"title":"Manage User Metadata","url":"\u002Fdocs\u002Fusers\u002Fguides\u002Fmanage-user-metadata","isActiveUrl":false},{"title":"Read Metadata","url":"\u002Fdocs\u002Fusers\u002Fguides\u002Fread-metadata","isActiveUrl":false},{"title":"Set Metadata Properties on Creation","url":"\u002Fdocs\u002Fusers\u002Fguides\u002Fset-metadata-properties-on-creation","isActiveUrl":false},{"title":"Update Metadata with the Management API","url":"\u002Fdocs\u002Fusers\u002Fguides\u002Fupdate-metadata-properties-with-management-api","isActiveUrl":false},{"title":"Metadata Best Practices","url":"\u002Fdocs\u002Fbest-practices\u002Fmetadata-best-practices","isActiveUrl":false}],"isActiveUrl":false},{"title":"Sessions & Cookies","url":"\u002Fdocs\u002Fsessions","isActiveUrl":false},{"title":"Using the Dashboard","url":"\u002Fdocs\u002Fusers\u002Fguides\u002Fmanage-users-using-the-dashboard","isActiveUrl":false},{"title":"Using the API","url":"\u002Fdocs\u002Fusers\u002Fguides\u002Fmanage-users-using-the-management-api","isActiveUrl":false},{"title":"Link User Accounts","url":"\u002Fdocs\u002Fusers\u002Fconcepts\u002Foverview-user-account-linking","children":[{"title":"Link User Accounts","url":"\u002Fdocs\u002Fusers\u002Fguides\u002Flink-user-accounts","isActiveUrl":false},{"title":"Unlink User Accounts","url":"\u002Fdocs\u002Fusers\u002Fguides\u002Funlink-user-accounts","isActiveUrl":false},{"title":"Link Accounts using Authentication API","url":"\u002Fdocs\u002Fusers\u002Fguides\u002Flink-user-accounts-auth-api","hidden":true,"isActiveUrl":false},{"title":"Client-Side SPA Scenario","url":"\u002Fdocs\u002Fusers\u002Freferences\u002Flink-accounts-client-side-scenario","isActiveUrl":false},{"title":"Server-Side Regular Web App Scenario","url":"\u002Fdocs\u002Fusers\u002Freferences\u002Flink-accounts-server-side-scenario","isActiveUrl":false},{"title":"Initiated by Users Scenario","url":"\u002Fdocs\u002Fusers\u002Freferences\u002Flink-accounts-user-initiated-scenario","isActiveUrl":false}],"isActiveUrl":false},{"title":"Blacklist User Attributes","url":"\u002Fdocs\u002Fsecurity\u002Fblacklisting-attributes","isActiveUrl":false},{"title":"Import & Export Users","url":"\u002Fdocs\u002Fusers\u002Fconcepts\u002Foverview-user-migration","children":[{"title":"File Schema","url":"\u002Fdocs\u002Fusers\u002Freferences\u002Fbulk-import-database-schema-examples","isActiveUrl":false},{"title":"Automatic","url":"\u002Fdocs\u002Fusers\u002Fguides\u002Fconfigure-automatic-migration","isActiveUrl":false},{"title":"Bulk Import","url":"\u002Fdocs\u002Fusers\u002Fguides\u002Fbulk-user-imports","isActiveUrl":false},{"title":"Bulk Export","url":"\u002Fdocs\u002Fusers\u002Fguides\u002Fbulk-user-exports","isActiveUrl":false},{"title":"User Import\u002FExport Extension","url":"\u002Fdocs\u002Fextensions\u002Fuser-import-export","isActiveUrl":false},{"title":"Examples","url":"\u002Fdocs\u002Fusers\u002Freferences\u002Fuser-migration-scenarios","isActiveUrl":false}],"isActiveUrl":false},{"title":"User Search","url":"\u002Fdocs\u002Fusers\u002Fsearch\u002Fv3","children":[{"title":"Get Users","url":"\u002Fdocs\u002Fusers\u002Fsearch\u002Fv3\u002Fget-users-endpoint","isActiveUrl":false},{"title":"Get Users by Email","url":"\u002Fdocs\u002Fusers\u002Fsearch\u002Fv3\u002Fget-users-by-email-endpoint","isActiveUrl":false},{"title":"Get Users by ID","url":"\u002Fdocs\u002Fusers\u002Fsearch\u002Fv3\u002Fget-users-by-id-endpoint","isActiveUrl":false},{"title":"Sort Search Results","url":"\u002Fdocs\u002Fusers\u002Fsearch\u002Fv3\u002Fsort-search-results","isActiveUrl":false},{"title":"View Search Results","url":"\u002Fdocs\u002Fusers\u002Fsearch\u002Fv3\u002Fview-search-results-by-page","isActiveUrl":false},{"title":"Query Syntax","url":"\u002Fdocs\u002Fusers\u002Fsearch\u002Fv3\u002Fquery-syntax","isActiveUrl":false},{"title":"Best Practices","url":"\u002Fdocs\u002Fbest-practices\u002Fsearch-best-practices","isActiveUrl":false},{"title":"Migrate from Search v2 to V3","url":"\u002Fdocs\u002Fusers\u002Fsearch\u002Fv3\u002Fmigrate-search-v2-v3","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"User Search","url":"\u002Fdocs\u002Fusers\u002Fsearch\u002Fv2","hidden":true,"children":[{"title":"Query Syntax","url":"\u002Fdocs\u002Fusers\u002Fsearch\u002Fv2\u002Fquery-syntax","hidden":true,"isActiveUrl":false},{"title":"Best Practices","url":"\u002Fdocs\u002Fbest-practices\u002Fsearch-best-practices","hidden":true,"isActiveUrl":false}],"isActiveUrl":false}],"isActiveUrl":false},{"title":"Brand & Customize","url":"\u002Fdocs\u002Fbranding-customization","children":[{"title":"Custom Domains","url":"\u002Fdocs\u002Fcustom-domains","children":[{"title":"Auth0-Managed Certificates","url":"\u002Fdocs\u002Fcustom-domains\u002Fauth0-managed-certificates","isActiveUrl":false},{"title":"Self-Managed Certificates","url":"\u002Fdocs\u002Fcustom-domains\u002Fself-managed-certificates","children":[{"title":"Cloudflare Reverse Proxy","url":"\u002Fdocs\u002Fcustom-domains\u002Fset-up-cloudflare","isActiveUrl":false},{"title":"Cloudfront Reverse Proxy","url":"\u002Fdocs\u002Fcustom-domains\u002Fset-up-cloudfront","isActiveUrl":false},{"title":"Azure CDN Reverse Proxy","url":"\u002Fdocs\u002Fcustom-domains\u002Fset-up-azure-cdn","isActiveUrl":false}],"isActiveUrl":false},{"title":"Specific Features","url":"\u002Fdocs\u002Fcustom-domains\u002Fadditional-configuration","isActiveUrl":false},{"title":"Troubleshooting","url":"\u002Fdocs\u002Fcustom-domains\u002Ftroubleshoot","isActiveUrl":false}],"isActiveUrl":false},{"title":"Email","url":"\u002Fdocs\u002Femail","children":[{"title":"Custom Email Handling","url":"\u002Fdocs\u002Femail\u002Fcustom","isActiveUrl":false},{"title":"Customizing Your Emails","url":"\u002Fdocs\u002Femail\u002Ftemplates","isActiveUrl":false},{"title":"Use your own SMTP Email Provider","url":"\u002Fdocs\u002Femail\u002Fproviders","isActiveUrl":false},{"title":"Liquid Syntax in Email Templates","url":"\u002Fdocs\u002Femail\u002Fliquid-syntax","isActiveUrl":false},{"title":"Set up a Test SMTP Provider","url":"\u002Fdocs\u002Femail\u002Ftesting","isActiveUrl":false}],"isActiveUrl":false},{"title":"Consent Prompt","url":"\u002Fdocs\u002Fscopes\u002Fcurrent\u002Fguides\u002Fcustomize-consent-prompt","isActiveUrl":false},{"title":"Internationalization","url":"\u002Fdocs\u002Fi18n","isActiveUrl":false}],"isActiveUrl":false},{"title":"Rules","url":"\u002Fdocs\u002Frules","children":[{"title":"Create a New Rule","url":"\u002Fdocs\u002Fdashboard\u002Fguides\u002Frules\u002Fcreate-rules","isActiveUrl":false},{"title":"Rules Use Cases","url":"\u002Fdocs\u002Frules\u002Freferences\u002Fuse-cases","isActiveUrl":false},{"title":"Store Configuration for Rules","url":"\u002Fdocs\u002Frules\u002Fguides\u002Fconfiguration","isActiveUrl":false},{"title":"Cache Expensive Resources","url":"\u002Fdocs\u002Frules\u002Fguides\u002Fcache-resources","isActiveUrl":false},{"title":"Debug Rules","url":"\u002Fdocs\u002Frules\u002Fguides\u002Fdebug","isActiveUrl":false},{"title":"Management API in Rules","url":"\u002Fdocs\u002Frules\u002Fguides\u002Fmanagement-api","isActiveUrl":false},{"title":"Metadata in Rules","url":"\u002Fdocs\u002Frules\u002Fguides\u002Fmetadata","isActiveUrl":false},{"title":"C# in Rules","url":"\u002Fdocs\u002Frules\u002Fguides\u002Fcsharp","isActiveUrl":false},{"title":"Redirect Users from Rules","url":"\u002Fdocs\u002Frules\u002Fguides\u002Fredirect","isActiveUrl":false},{"title":"User Object","url":"\u002Fdocs\u002Frules\u002Freferences\u002Fuser-object","isActiveUrl":false},{"title":"Context Object","url":"\u002Fdocs\u002Frules\u002Freferences\u002Fcontext-object","isActiveUrl":false},{"title":"Available Node.js Modules","url":"\u002Fdocs\u002Frules\u002Freferences\u002Fmodules","isActiveUrl":false},{"title":"Deploy Rules with Bitbucket","url":"\u002Fdocs\u002Fextensions\u002Fbitbucket-deploy","hidden":true,"isActiveUrl":false},{"title":"Deploy Rules with GitLab","url":"\u002Fdocs\u002Fextensions\u002Fgitlab-deploy","hidden":true,"isActiveUrl":false},{"title":"Deploy Rules with Github","url":"\u002Fdocs\u002Fextensions\u002Fgithub-deploy","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"Hooks","url":"\u002Fdocs\u002Fhooks","children":[{"title":"Create Hooks","url":"\u002Fdocs\u002Fhooks\u002Fcreate","isActiveUrl":false},{"title":"Update Hooks","url":"\u002Fdocs\u002Fhooks\u002Fupdate","isActiveUrl":false},{"title":"Delete Hooks","url":"\u002Fdocs\u002Fhooks\u002Fdelete","isActiveUrl":false},{"title":"Enable\u002FDisable Hooks","url":"\u002Fdocs\u002Fhooks\u002Fenable-disable","isActiveUrl":false},{"title":"View Hooks","url":"\u002Fdocs\u002Fhooks\u002Fview","isActiveUrl":false},{"title":"View Logs","url":"\u002Fdocs\u002Fhooks\u002Fview-logs","isActiveUrl":false},{"title":"Extensibility Points","url":"\u002Fdocs\u002Fhooks\u002Fextensibility-points","children":[{"title":"Client Credentials Exchange","url":"\u002Fdocs\u002Fhooks\u002Fextensibility-points\u002Fclient-credentials-exchange","isActiveUrl":false},{"title":"Post Change Password","url":"\u002Fdocs\u002Fhooks\u002Fextensibility-points\u002Fpost-change-password","isActiveUrl":false},{"title":"Post User Registration","url":"\u002Fdocs\u002Fhooks\u002Fextensibility-points\u002Fpost-user-registration","isActiveUrl":false},{"title":"Pre User Registration","url":"\u002Fdocs\u002Fhooks\u002Fextensibility-points\u002Fpre-user-registration","isActiveUrl":false}],"isActiveUrl":false},{"title":"Hook Secrets","url":"\u002Fdocs\u002Fhooks\u002Fsecrets","children":[{"title":"Create Secrets","url":"\u002Fdocs\u002Fhooks\u002Fsecrets\u002Fcreate","isActiveUrl":false},{"title":"Update Secrets","url":"\u002Fdocs\u002Fhooks\u002Fsecrets\u002Fupdate","isActiveUrl":false},{"title":"Delete Secrets","url":"\u002Fdocs\u002Fhooks\u002Fsecrets\u002Fdelete","isActiveUrl":false},{"title":"View Secrets","url":"\u002Fdocs\u002Fhooks\u002Fsecrets\u002Fview","isActiveUrl":false}],"isActiveUrl":false}],"isActiveUrl":false},{"title":"Extensions","url":"\u002Fdocs\u002Fextensions","children":[{"title":"Authorization Extension","url":"\u002Fdocs\u002Fextensions\u002Fauthorization-extension\u002Fv2","isActiveUrl":false},{"title":"Delegated Administration","url":"\u002Fdocs\u002Fextensions\u002Fdelegated-admin\u002Fv3","isActiveUrl":false},{"title":"Custom Social Connections","url":"\u002Fdocs\u002Fextensions\u002Fcustom-social-extensions","isActiveUrl":false},{"title":"SSO Dashboard Extension","url":"\u002Fdocs\u002Fextensions\u002Fsso-dashboard","isActiveUrl":false},{"title":"Authentication API Webhooks","url":"\u002Fdocs\u002Fextensions\u002Fauthentication-api-webhooks","isActiveUrl":false},{"title":"Management API Webhooks","url":"\u002Fdocs\u002Fextensions\u002Fmanagement-api-webhooks","isActiveUrl":false},{"title":"GitHub Deployments","url":"\u002Fdocs\u002Fextensions\u002Fgithub-deploy","isActiveUrl":false},{"title":"Bitbucket Deployments","url":"\u002Fdocs\u002Fextensions\u002Fbitbucket-deploy","isActiveUrl":false},{"title":"GitLab Deployments","url":"\u002Fdocs\u002Fextensions\u002Fgitlab-deploy","isActiveUrl":false},{"title":"Visual Studio Team Services Deployments","url":"\u002Fdocs\u002Fextensions\u002Fvisual-studio-team-services-deploy","isActiveUrl":false},{"title":"Authentication API Debugger","url":"\u002Fdocs\u002Fextensions\u002Fauthentication-api-debugger","isActiveUrl":false},{"title":"AD\u002FLDAP Connector Health Monitor","url":"\u002Fdocs\u002Fextensions\u002Fadldap-connector","isActiveUrl":false},{"title":"Real-time Webtask Logs","url":"\u002Fdocs\u002Fextensions\u002Frealtime-webtask-logs","isActiveUrl":false},{"title":"Auth0 Logs to Application Insights","url":"\u002Fdocs\u002Fextensions\u002Fapplication-insight","isActiveUrl":false},{"title":"Auth0 Logs to AWS Cloudwatch","url":"\u002Fdocs\u002Fextensions\u002Fcloudwatch","isActiveUrl":false},{"title":"Auth0 Logs to Azure Blob Storage","url":"\u002Fdocs\u002Fextensions\u002Fazure-blog-storage","isActiveUrl":false},{"title":"Auth0 Logs to Logentries","url":"\u002Fdocs\u002Fextensions\u002Flogentries","isActiveUrl":false},{"title":"Auth0 Logs to Loggly","url":"\u002Fdocs\u002Fextensions\u002Floggly","isActiveUrl":false},{"title":"Auth0 Logs to Logstash","url":"\u002Fdocs\u002Fextensions\u002Flogstash","isActiveUrl":false},{"title":"Auth0 Logs to Mixpanel","url":"\u002Fdocs\u002Fextensions\u002Fmixpanel","isActiveUrl":false},{"title":"Auth0 Logs to Papertrail","url":"\u002Fdocs\u002Fextensions\u002Fpapertrail","isActiveUrl":false},{"title":"Auth0 Logs to Sumo Logic","url":"\u002Fdocs\u002Fextensions\u002Fsumologic","isActiveUrl":false},{"title":"Auth0 Logs to Splunk","url":"\u002Fdocs\u002Fextensions\u002Fsplunk","isActiveUrl":false},{"title":"Add-ons","url":"\u002Fdocs\u002Faddons","isActiveUrl":false}],"isActiveUrl":false},{"title":"Integrations","url":"\u002Fdocs\u002Fintegrations","children":[{"title":"Analytics","url":"\u002Fdocs\u002Fanalytics","children":[{"title":"Facebook Analytics","url":"\u002Fdocs\u002Fanalytics\u002Fguides\u002Ffacebook-analytics","isActiveUrl":false},{"title":"Google Analytics","url":"\u002Fdocs\u002Fanalytics\u002Fguides\u002Fgoogle-analytics","isActiveUrl":false}],"isActiveUrl":false},{"title":"Amazon Web Services (AWS)","url":"\u002Fdocs\u002Fintegrations\u002Faws","isActiveUrl":false},{"title":"AWS API Gateway","url":"\u002Fdocs\u002Fintegrations\u002Faws-api-gateway\u002Fcustom-authorizers","isActiveUrl":false},{"title":"Azure API Management","url":"\u002Fdocs\u002Fintegrations\u002Fazure-api-management","isActiveUrl":false},{"title":"Google Cloud Endpoints","url":"\u002Fdocs\u002Fintegrations\u002Fgoogle-cloud-platform","isActiveUrl":false},{"title":"Single Sign-On","url":"\u002Fdocs\u002Fintegrations\u002Fsso","children":[{"title":"Active Directory RMS","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Fad-rms","isActiveUrl":false},{"title":"Box","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Fbox","isActiveUrl":false},{"title":"CloudBees","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Fcloudbees","isActiveUrl":false},{"title":"Concur","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Fconcur","isActiveUrl":false},{"title":"Dropbox","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Fdropbox","isActiveUrl":false},{"title":"Microsoft Dynamics CRM","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Fdynamics-crm","isActiveUrl":false},{"title":"Adobe Echosign","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Fechosign","isActiveUrl":false},{"title":"Egnyte","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Fegnyte","isActiveUrl":false},{"title":"New Relic","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Fnew-relic","isActiveUrl":false},{"title":"Office 365","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Foffice-365","isActiveUrl":false},{"title":"SalesForce","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Fsalesforce","isActiveUrl":false},{"title":"Sentry","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Fsentry","isActiveUrl":false},{"title":"SharePoint","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Fsharepoint","isActiveUrl":false},{"title":"Slack","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Fslack","isActiveUrl":false},{"title":"SpringCM","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Fspringcm","isActiveUrl":false},{"title":"Zendesk","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Fzendesk","isActiveUrl":false},{"title":"Zoom","url":"\u002Fdocs\u002Fintegrations\u002Fsso\u002Fzoom","isActiveUrl":false}],"isActiveUrl":false},{"title":"Marketing","url":"\u002Fdocs\u002Fintegrations\u002Fmarketing","children":[{"title":"Adobe Campaign","url":"\u002Fdocs\u002Fintegrations\u002Fmarketing\u002Fadobe-campaign","isActiveUrl":false},{"title":"Alterian","url":"\u002Fdocs\u002Fintegrations\u002Fmarketing\u002Falterian","isActiveUrl":false},{"title":"Constant Contact","url":"\u002Fdocs\u002Fintegrations\u002Fmarketing\u002Fconstant-contact","isActiveUrl":false},{"title":"Oracle Eloqua","url":"\u002Fdocs\u002Fintegrations\u002Fmarketing\u002Feloqua","isActiveUrl":false},{"title":"MailChimp","url":"\u002Fdocs\u002Fintegrations\u002Fmarketing\u002Fmailchimp","isActiveUrl":false},{"title":"Marketo","url":"\u002Fdocs\u002Fintegrations\u002Fmarketing\u002Fmarketo","isActiveUrl":false},{"title":"Sailthru","url":"\u002Fdocs\u002Fintegrations\u002Fmarketing\u002Fsailthru","isActiveUrl":false},{"title":"Salesforce","url":"\u002Fdocs\u002Fintegrations\u002Fmarketing\u002Fsalesforce","isActiveUrl":false},{"title":"Salesforce Marketing Cloud","url":"\u002Fdocs\u002Fintegrations\u002Fmarketing\u002Fsalesforce-marketing-cloud","isActiveUrl":false},{"title":"Watson Campaign Automation","url":"\u002Fdocs\u002Fintegrations\u002Fmarketing\u002Fwatson-campaign-automation","isActiveUrl":false}],"isActiveUrl":false}],"isActiveUrl":false},{"title":"Logs","url":"\u002Fdocs\u002Flogs","children":[{"title":"Log Streams","url":"\u002Fdocs\u002Flogs\u002Fstreams","children":[{"title":"HTTP Event Streams","url":"\u002Fdocs\u002Flogs\u002Fstreams\u002Fhttp-event","isActiveUrl":false},{"title":"AWS EventBridge","url":"\u002Fdocs\u002Flogs\u002Fstreams\u002Faws-eventbridge","isActiveUrl":false}],"isActiveUrl":false},{"title":"Log Data Retention","url":"\u002Fdocs\u002Flogs\u002Freferences\u002Flog-data-retention","isActiveUrl":false},{"title":"View Log Data in the Dashboard","url":"\u002Fdocs\u002Flogs\u002Fguides\u002Fview-log-data-dashboard","isActiveUrl":false},{"title":"Log Event Filters","url":"\u002Fdocs\u002Flogs\u002Freferences\u002Flog-event-filters","isActiveUrl":false},{"title":"Retrieve Logs Using the Management API","url":"\u002Fdocs\u002Flogs\u002Fguides\u002Fretrieve-logs-mgmt-api","isActiveUrl":false},{"title":"Log Event Type Codes","url":"\u002Fdocs\u002Flogs\u002Freferences\u002Flog-event-type-codes","isActiveUrl":false},{"title":"Log Search Query Syntax","url":"\u002Fdocs\u002Flogs\u002Freferences\u002Fquery-syntax","isActiveUrl":false},{"title":"Log Usage Examples","url":"\u002Fdocs\u002Flogs\u002Fconcepts\u002Flogs-admins-devs","isActiveUrl":false},{"title":"Migrate from Logs Search v2 to v3","url":"\u002Fdocs\u002Fmonitor\u002Flogs\u002Fmigrate-logs-v2-v3","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"Monitor","url":"\u002Fdocs\u002Fmonitoring","children":[{"title":"Check Auth0 Status","url":"\u002Fdocs\u002Fmonitoring\u002Fguides\u002Fcheck-status","isActiveUrl":false},{"title":"Check Supporting Services Status","url":"\u002Fdocs\u002Fmonitoring\u002Fguides\u002Ftest-testall-endpoints","isActiveUrl":false},{"title":"Check External Services Status","url":"\u002Fdocs\u002Fmonitoring\u002Fguides\u002Fcheck-external-services","isActiveUrl":false},{"title":"Monitor Applications","url":"\u002Fdocs\u002Fmonitoring\u002Fguides\u002Fmonitor-applications","isActiveUrl":false},{"title":"Monitor Using SCOM","url":"\u002Fdocs\u002Fmonitoring\u002Fguides\u002Fmonitor-using-SCOM","isActiveUrl":false},{"title":"Monitoring the AD\u002FLDAP Connector with System Center Operations Manager","url":"\u002Fdocs\u002Fconnector\u002Fscom-monitoring","hidden":true,"isActiveUrl":false},{"title":"AD\u002FLDAP Connector Health Monitor","url":"\u002Fdocs\u002Fextensions\u002Fadldap-connector","hidden":true,"isActiveUrl":false},{"title":"Send Events to Keen","url":"\u002Fdocs\u002Fmonitoring\u002Fguides\u002Fsend-events-to-keenio","hidden":true,"isActiveUrl":false},{"title":"Send Events to Segment","url":"\u002Fdocs\u002Fmonitoring\u002Fguides\u002Fsend-events-to-segmentio","hidden":true,"isActiveUrl":false},{"title":"Send Events to Splunk","url":"\u002Fdocs\u002Fmonitoring\u002Fguides\u002Fsend-events-to-splunk","hidden":true,"isActiveUrl":false},{"title":"Track New Leads in Salesforce","url":"\u002Fdocs\u002Fmonitoring\u002Fguides\u002Ftrack-leads-salesforce","hidden":true,"isActiveUrl":false},{"title":"Track New Sign-ups in Salesforce","url":"\u002Fdocs\u002Fmonitoring\u002Fguides\u002Ftrack-signups-salesforce","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"Deploy","url":"\u002Fdocs\u002Fdeploy","children":[{"title":"Deployment Options","url":"\u002Fdocs\u002Fgetting-started\u002Fdeployment-models","isActiveUrl":false},{"title":"Deploy Checklist","url":"\u002Fdocs\u002Fdeploy\u002Fchecklist","isActiveUrl":false},{"title":"Pre-Deployment","url":"\u002Fdocs\u002Fpre-deployment","children":[{"title":"Run Checks","url":"\u002Fdocs\u002Fpre-deployment\u002Fhow-to-run-test","isActiveUrl":false},{"title":"Pre-Launch Tips","url":"\u002Fdocs\u002Fpre-deployment\u002Fprelaunch-tips","isActiveUrl":false}],"isActiveUrl":false},{"title":"Deploy CLI Tool","url":"\u002Fdocs\u002Fextensions\u002Fdeploy-cli","children":[{"title":"Install Deploy CLI","url":"\u002Fdocs\u002Fextensions\u002Fdeploy-cli\u002Fguides\u002Finstall-deploy-cli","isActiveUrl":false},{"title":"Call Deploy CLI","url":"\u002Fdocs\u002Fextensions\u002Fdeploy-cli\u002Fguides\u002Fcall-deploy-cli-programmatically","isActiveUrl":false},{"title":"Incorporate into Build","url":"\u002Fdocs\u002Fextensions\u002Fdeploy-cli\u002Fguides\u002Fincorporate-deploy-cli-into-build-environment","isActiveUrl":false},{"title":"Import\u002FExport Directory Structure","url":"\u002Fdocs\u002Fextensions\u002Fdeploy-cli\u002Fguides\u002Fimport-export-directory-structure","isActiveUrl":false},{"title":"Import\u002FExport YAML File","url":"\u002Fdocs\u002Fextensions\u002Fdeploy-cli\u002Fguides\u002Fimport-export-yaml-file","isActiveUrl":false},{"title":"Environment Variables","url":"\u002Fdocs\u002Fextensions\u002Fdeploy-cli\u002Freferences\u002Fenvironment-variables-keyword-mappings","isActiveUrl":false},{"title":"Deploy CLI Options","url":"\u002Fdocs\u002Fextensions\u002Fdeploy-cli\u002Freferences\u002Fdeploy-cli-options","isActiveUrl":false},{"title":"What's New","url":"\u002Fdocs\u002Fextensions\u002Fdeploy-cli\u002Freferences\u002Fwhats-new","isActiveUrl":false},{"title":"Troubleshoot Deploy CLI","url":"\u002Fdocs\u002Fextensions\u002Fdeploy-cli\u002Freferences\u002Ftroubleshooting","hidden":true,"isActiveUrl":false}],"isActiveUrl":false}],"isActiveUrl":false},{"title":"Troubleshoot","url":"\u002Fdocs\u002Ftroubleshoot","children":[{"title":"Basic Issues","url":"\u002Fdocs\u002Ftroubleshoot\u002Fconcepts\u002Fbasics","children":[{"title":"Verify Platform","url":"\u002Fdocs\u002Ftroubleshoot\u002Fguides\u002Fverify-platform","isActiveUrl":false},{"title":"Verify Connections","url":"\u002Fdocs\u002Ftroubleshoot\u002Fguides\u002Fverify-connections","isActiveUrl":false},{"title":"Verify Domain","url":"\u002Fdocs\u002Ftroubleshoot\u002Fguides\u002Fverify-domain","isActiveUrl":false},{"title":"Verify Rules","url":"\u002Fdocs\u002Ftroubleshoot\u002Fguides\u002Fverify-rules","isActiveUrl":false},{"title":"Check Error Messages","url":"\u002Fdocs\u002Ftroubleshoot\u002Fguides\u002Fcheck-error-messages","children":[{"title":"Deprecation Errors","url":"\u002Fdocs\u002Ftroubleshoot\u002Fguides\u002Fcheck-deprecation-errors","hidden":true,"isActiveUrl":false}],"isActiveUrl":false}],"isActiveUrl":false},{"title":"Authentication Issues","url":"\u002Fdocs\u002Ftroubleshoot\u002Fconcepts\u002Fauth-issues","children":[{"title":"API Calls","url":"\u002Fdocs\u002Ftroubleshoot\u002Fguides\u002Fcheck-api-calls","isActiveUrl":false},{"title":"Login and Logout Issues","url":"\u002Fdocs\u002Ftroubleshoot\u002Fguides\u002Fcheck-login-logout-issues","isActiveUrl":false},{"title":"User Profiles","url":"\u002Fdocs\u002Ftroubleshoot\u002Fguides\u002Fcheck-user-profiles","isActiveUrl":false},{"title":"RBAC","url":"\u002Fdocs\u002Fauthorization\u002Fconcepts\u002Ftroubleshooting","isActiveUrl":false},{"title":"MFA","url":"\u002Fdocs\u002Fmultifactor-authentication\u002Ftroubleshooting","isActiveUrl":false},{"title":"SAML","url":"\u002Fdocs\u002Fprotocols\u002Fsaml\u002Fsaml-configuration\u002Ftroubleshoot","isActiveUrl":false},{"title":"Authorization Extension","url":"\u002Fdocs\u002Fextensions\u002Fauthorization-extension\u002Fv2\u002Ftroubleshooting","isActiveUrl":false}],"isActiveUrl":false},{"title":"Integration and Extensibility Issues","url":"\u002Fdocs\u002Ftroubleshoot\u002Fconcepts\u002Fintegration-extensibility-issues","children":[{"title":"Test Partner Connections","url":"\u002Fdocs\u002Fconnections\u002Fhow-to-test-partner-connection","isActiveUrl":false},{"title":"Sign in With Apple","url":"\u002Fdocs\u002Fconnections\u002Fapple-siwa\u002Ftroubleshooting","isActiveUrl":false},{"title":"Custom Databases","url":"\u002Fdocs\u002Fconnections\u002Fdatabase\u002Fcustom-db\u002Ferror-handling","isActiveUrl":false},{"title":"Active Directory\u002FLDAP Connector","url":"\u002Fdocs\u002Fconnector\u002Ftroubleshooting","isActiveUrl":false},{"title":"Extensions","url":"\u002Fdocs\u002Fextensions\u002Ftroubleshoot","isActiveUrl":false},{"title":"Auth0 PHP SDK","url":"\u002Fdocs\u002Flibraries\u002Fauth0-php\u002Ftroubleshooting","isActiveUrl":false}],"isActiveUrl":false},{"title":"Generate and Analyze HAR Files","url":"\u002Fdocs\u002Ftroubleshoot\u002Fguides\u002Fgenerate-har-files","isActiveUrl":false},{"title":"Authentication API Debugger","url":"\u002Fdocs\u002Fextensions\u002Fauthentication-api-debugger","isActiveUrl":false}],"isActiveUrl":false},{"title":"Private Cloud Deployments","url":"\u002Fdocs\u002Fprivate-cloud","children":[{"title":"Enterprise Support","url":"\u002Fdocs\u002Fonboarding\u002Fenterprise-support","isActiveUrl":false},{"title":"Release Notes","url":"https:\u002F\u002Fauth0.com\u002Freleases\u002F","external":true,"forceFullReload":true,"isActiveUrl":false},{"title":"Private Cloud","url":"\u002Fdocs\u002Fprivate-cloud\u002Fstandard-private-cloud","isActiveUrl":false},{"title":"Managed Private Cloud","url":"\u002Fdocs\u002Fprivate-cloud\u002Fmanaged-private-cloud","children":[{"title":"Managed Private Cloud Zones","url":"\u002Fdocs\u002Fprivate-cloud\u002Fmanaged-private-cloud\u002Fzones","isActiveUrl":false}],"isActiveUrl":false},{"title":"Add-Ons for Private Cloud Deployments","url":"\u002Fdocs\u002Fprivate-cloud\u002Fadd-ons","isActiveUrl":false},{"title":"Custom Domain Migration","url":"\u002Fdocs\u002Fprivate-cloud\u002Fcustom-domain-migration","isActiveUrl":false},{"title":"Onboarding","url":"\u002Fdocs\u002Fprivate-cloud\u002Fonboarding","children":[{"title":"Private Cloud Onboarding","url":"\u002Fdocs\u002Fprivate-cloud\u002Fonboarding\u002Fprivate-cloud","isActiveUrl":false},{"title":"Managed Private Cloud Onboarding","url":"\u002Fdocs\u002Fprivate-cloud\u002Fonboarding\u002Fmanaged-private-cloud","isActiveUrl":false}],"isActiveUrl":false}],"isActiveUrl":false},{"title":"Product Lifecycle","url":"\u002Fdocs\u002Fproduct-lifecycle","children":[{"title":"Deprecation and End Of Life","url":"\u002Fdocs\u002Fproduct-lifecycle\u002Fdeprecation-eol","isActiveUrl":false},{"title":"Migrations","url":"\u002Fdocs\u002Fproduct-lifecycle\u002Fmigrations","isActiveUrl":false}],"isActiveUrl":false},{"title":"Security","url":"\u002Fdocs\u002Fsecurity","children":[{"title":"Bulletins","url":"\u002Fdocs\u002Fsecurity\u002Fbulletins","children":[{"title":"CVE 2018-6874","url":"\u002Fdocs\u002Fsecurity\u002Fbulletins\u002Fcve-2018-6874","hidden":true,"isActiveUrl":false},{"title":"CVE 2018-6873","url":"\u002Fdocs\u002Fsecurity\u002Fbulletins\u002Fcve-2018-6873","hidden":true,"isActiveUrl":false},{"title":"CVE 2018-7307","url":"\u002Fdocs\u002Fsecurity\u002Fbulletins\u002Fcve-2018-7307","hidden":true,"isActiveUrl":false},{"title":"CVE 2017-16897","url":"\u002Fdocs\u002Fsecurity\u002Fbulletins\u002Fcve-2017-16897","hidden":true,"isActiveUrl":false},{"title":"CVE 2017-17068","url":"\u002Fdocs\u002Fsecurity\u002Fbulletins\u002Fcve-2017-17068","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"Tokens","url":"\u002Fdocs\u002Ftokens","children":[{"title":"ID Tokens","url":"\u002Fdocs\u002Ftokens\u002Fconcepts\u002Fid-tokens","children":[{"title":"Get ID Tokens","url":"\u002Fdocs\u002Ftokens\u002Fguides\u002Fget-id-tokens","hidden":true,"isActiveUrl":false},{"title":"Validate ID Tokens","url":"\u002Fdocs\u002Ftokens\u002Fguides\u002Fvalidate-id-tokens","hidden":true,"isActiveUrl":false},{"title":"ID Token Structure","url":"\u002Fdocs\u002Ftokens\u002Freferences\u002Fid-token-structure","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"Access Tokens","url":"\u002Fdocs\u002Ftokens\u002Fconcepts\u002Faccess-tokens","children":[{"title":"IDP Access Tokens","url":"\u002Fdocs\u002Ftokens\u002Fconcepts\u002Fidp-access-tokens","hidden":true,"isActiveUrl":false},{"title":"Get Access Tokens","url":"\u002Fdocs\u002Ftokens\u002Fguides\u002Fget-access-tokens","hidden":true,"isActiveUrl":false},{"title":"Use Access Tokens","url":"\u002Fdocs\u002Ftokens\u002Fguides\u002Fuse-access-tokens","hidden":true,"isActiveUrl":false},{"title":"Validate Access Tokens","url":"\u002Fdocs\u002Ftokens\u002Fguides\u002Fvalidate-access-tokens","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"Refresh Tokens","url":"\u002Fdocs\u002Ftokens\u002Fconcepts\u002Frefresh-tokens","children":[{"title":"Get Refresh Tokens","url":"\u002Fdocs\u002Ftokens\u002Fguides\u002Fget-refresh-tokens","hidden":true,"isActiveUrl":false},{"title":"Use Refresh Tokens","url":"\u002Fdocs\u002Ftokens\u002Fguides\u002Fuse-refresh-tokens","hidden":true,"isActiveUrl":false},{"title":"Revoke Refresh Tokens","url":"\u002Fdocs\u002Ftokens\u002Fguides\u002Frevoke-refresh-tokens","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"Delegation Tokens","url":"\u002Fdocs\u002Ftokens\u002Fconcepts\u002Fdelegation-tokens","hidden":true,"isActiveUrl":false},{"title":"JSON Web Tokens","url":"\u002Fdocs\u002Ftokens\u002Fconcepts\u002Fjwts","hidden":true,"children":[{"title":"Validate JSON Web Tokens","url":"\u002Fdocs\u002Ftokens\u002Fguides\u002Fvalidate-jwts","hidden":true,"isActiveUrl":false},{"title":"JSON Web Key Sets","url":"\u002Fdocs\u002Ftokens\u002Fconcepts\u002Fjwks","hidden":true,"children":[{"title":"Locate JSON Web Key Sets","url":"\u002Fdocs\u002Ftokens\u002Fguides\u002Flocate-jwks","hidden":true,"isActiveUrl":false},{"title":"JSON Web Key Set Properties","url":"\u002Fdocs\u002Ftokens\u002Freferences\u002Fjwks-properties","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"JSON Web Token Claims","url":"\u002Fdocs\u002Ftokens\u002Fconcepts\u002Fjwt-claims","hidden":true,"children":[{"title":"Create Namespaced Custom Claims","url":"\u002Fdocs\u002Ftokens\u002Fguides\u002Fcreate-namespaced-custom-claims","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"Signing Algorithms","url":"\u002Fdocs\u002Ftokens\u002Fconcepts\u002Fsigning-algorithms","hidden":true,"isActiveUrl":false},{"title":"JSON Web Token Structure","url":"\u002Fdocs\u002Ftokens\u002Freferences\u002Fjwt-structure","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"Store Tokens","url":"\u002Fdocs\u002Ftokens\u002Fguides\u002Fstore-tokens","isActiveUrl":false},{"title":"Revoke Tokens","url":"\u002Fdocs\u002Ftokens\u002Fguides\u002Frevoke-tokens","isActiveUrl":false}],"isActiveUrl":false},{"title":"Cookies","url":"\u002Fdocs\u002Fsessions\u002Fconcepts\u002Fcookies","isActiveUrl":false},{"title":"Common Threats","url":"\u002Fdocs\u002Fsecurity\u002Fcommon-threats","isActiveUrl":false},{"title":"Blacklist User Attributes","url":"\u002Fdocs\u002Fsecurity\u002Fblacklisting-attributes","isActiveUrl":false}],"isActiveUrl":false},{"title":"Data Privacy","url":"\u002Fdocs\u002Fcompliance","children":[{"title":"GDPR","url":"\u002Fdocs\u002Fcompliance\u002Fgdpr","children":[{"title":"Terminology","hidden":true,"url":"\u002Fdocs\u002Fcompliance\u002Fgdpr\u002Fdefinitions","isActiveUrl":false},{"title":"Summary","hidden":true,"url":"\u002Fdocs\u002Fcompliance\u002Fgdpr\u002Fgdpr-summary","isActiveUrl":false},{"title":"Roles and Responsibilities","hidden":true,"url":"\u002Fdocs\u002Fcompliance\u002Fgdpr\u002Froles-responsibilities","isActiveUrl":false},{"title":"Auth0 Data Processing","hidden":true,"url":"\u002Fdocs\u002Fcompliance\u002Fgdpr\u002Fdata-processing","isActiveUrl":false},{"title":"How Auth0 can help","url":"\u002Fdocs\u002Fcompliance\u002Fgdpr\u002Ffeatures-aiding-compliance","children":[{"title":"User Consent","hidden":true,"url":"\u002Fdocs\u002Fcompliance\u002Fgdpr\u002Ffeatures-aiding-compliance\u002Fuser-consent","children":[{"title":"Track Consent with Lock","hidden":true,"url":"\u002Fdocs\u002Fcompliance\u002Fgdpr\u002Ffeatures-aiding-compliance\u002Fuser-consent\u002Ftrack-consent-with-lock","isActiveUrl":false},{"title":"Track Consent with custom UI","hidden":true,"url":"\u002Fdocs\u002Fcompliance\u002Fgdpr\u002Ffeatures-aiding-compliance\u002Fuser-consent\u002Ftrack-consent-with-custom-ui","isActiveUrl":false}],"isActiveUrl":false},{"title":"Access, correct, and erase data","hidden":true,"url":"\u002Fdocs\u002Fcompliance\u002Fgdpr\u002Ffeatures-aiding-compliance\u002Fright-to-access-data","isActiveUrl":false},{"title":"Data Minimization","hidden":true,"url":"\u002Fdocs\u002Fcompliance\u002Fgdpr\u002Ffeatures-aiding-compliance\u002Fdata-minimization","isActiveUrl":false},{"title":"Data Portability","hidden":true,"url":"\u002Fdocs\u002Fcompliance\u002Fgdpr\u002Ffeatures-aiding-compliance\u002Fdata-portability","isActiveUrl":false},{"title":"Protect and secure user data","hidden":true,"url":"\u002Fdocs\u002Fcompliance\u002Fgdpr\u002Ffeatures-aiding-compliance\u002Fprotect-user-data","isActiveUrl":false}],"isActiveUrl":false},{"title":"Security Advice","hidden":true,"url":"\u002Fdocs\u002Fcompliance\u002Fgdpr\u002Fsecurity-advice-for-customers","isActiveUrl":false}],"isActiveUrl":false}],"isActiveUrl":false},{"title":"Best Practices","url":"\u002Fdocs\u002Fbest-practices","children":[{"title":"General Usage and Operations","url":"\u002Fdocs\u002Fbest-practices\u002Foperations","isActiveUrl":false},{"title":"Application Settings","url":"\u002Fdocs\u002Fbest-practices\u002Fapplication-settings","hidden":true,"isActiveUrl":false},{"title":"Connection Settings","url":"\u002Fdocs\u002Fbest-practices\u002Fconnection-settings","isActiveUrl":false},{"title":"Custom Databases and Scripts","url":"\u002Fdocs\u002Fbest-practices\u002Fcustom-db-connections","children":[{"title":"Custom Database Connection Anatomy","url":"\u002Fdocs\u002Fbest-practices\u002Fcustom-db-connections\u002Fanatomy","hidden":true,"isActiveUrl":false},{"title":"Custom Database Action Script Size","url":"\u002Fdocs\u002Fbest-practices\u002Fcustom-db-connections\u002Fsize","hidden":true,"isActiveUrl":false},{"title":"Custom Database Action Script Environment","url":"\u002Fdocs\u002Fbest-practices\u002Fcustom-db-connections\u002Fenvironment","hidden":true,"isActiveUrl":false},{"title":"Error Handling","url":"\u002Fdocs\u002Fbest-practices\u002Ferror-handling","hidden":true,"isActiveUrl":false},{"title":"Debugging","url":"\u002Fdocs\u002Fbest-practices\u002Fdebugging","hidden":true,"isActiveUrl":false},{"title":"Testing","url":"\u002Fdocs\u002Fbest-practices\u002Ftesting","hidden":true,"isActiveUrl":false},{"title":"Deployment","url":"\u002Fdocs\u002Fbest-practices\u002Fdeployment","hidden":true,"isActiveUrl":false},{"title":"Performance","url":"\u002Fdocs\u002Fbest-practices\u002Fperformance","hidden":true,"isActiveUrl":false},{"title":"Security","url":"\u002Fdocs\u002Fbest-practices\u002Fcustom-db-connections\u002Fsecurity","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"Metadata","url":"\u002Fdocs\u002Fbest-practices\u002Fmetadata-best-practices","isActiveUrl":false},{"title":"Rules","url":"\u002Fdocs\u002Fbest-practices\u002Frules","isActiveUrl":false},{"title":"Search","url":"\u002Fdocs\u002Fbest-practices\u002Fsearch-best-practices","isActiveUrl":false},{"title":"Tenant Settings","url":"\u002Fdocs\u002Fbest-practices\u002Ftenant-settings","hidden":true,"isActiveUrl":false},{"title":"Tokens","url":"\u002Fdocs\u002Fbest-practices\u002Ftoken-best-practices","isActiveUrl":false},{"title":"User Data Storage","url":"\u002Fdocs\u002Fbest-practices\u002Fuser-data-storage-best-practices","isActiveUrl":false}],"isActiveUrl":false},{"title":"Support","url":"\u002Fdocs\u002Fsupport","children":[{"title":"Support Options","url":"\u002Fdocs\u002Fsupport","isActiveUrl":false},{"title":"Support Matrix","url":"\u002Fdocs\u002Fsupport\u002Fmatrix","isActiveUrl":false},{"title":"SLA","url":"\u002Fdocs\u002Fsupport\u002Fsla","isActiveUrl":false},{"title":"Tickets","url":"\u002Fdocs\u002Fsupport\u002Ftickets","isActiveUrl":false},{"title":"Manage Subscription","url":"\u002Fdocs\u002Fsupport\u002Fsubscription","isActiveUrl":false},{"title":"Operational Policies","url":"\u002Fdocs\u002Fpolicies","isActiveUrl":false}],"isActiveUrl":false},{"title":"Professional Services","url":"\u002Fdocs\u002Fservices","children":[{"title":"Discover & Design","url":"\u002Fdocs\u002Fservices\u002Fdiscover-and-design","isActiveUrl":false},{"title":"Implement","url":"\u002Fdocs\u002Fservices\u002Fimplement","isActiveUrl":false},{"title":"Maintain and Improve","url":"\u002Fdocs\u002Fservices\u002Fmaintain-and-improve","isActiveUrl":false},{"title":"Packages","url":"\u002Fdocs\u002Fservices\u002Fpackages","isActiveUrl":false},{"title":"Architectural Design Sessions","url":"\u002Fdocs\u002Fservices\u002Farchitectural-design","hidden":true,"isActiveUrl":false},{"title":"Performance and Scalability","url":"\u002Fdocs\u002Fservices\u002Fperformance-scalability","hidden":true,"isActiveUrl":false},{"title":"Scenario guidance","url":"\u002Fdocs\u002Fservices\u002Fscenario-guidance","hidden":true,"isActiveUrl":false},{"title":"Code Review","url":"\u002Fdocs\u002Fservices\u002Fcode-review","hidden":true,"isActiveUrl":false},{"title":"Pair Programming","url":"\u002Fdocs\u002Fservices\u002Fpair-programming","hidden":true,"isActiveUrl":false},{"title":"Private Cloud reconfiguration","url":"\u002Fdocs\u002Fservices\u002Fprivate-cloud-configuration","hidden":true,"isActiveUrl":false},{"title":"Auth0 Introduction","url":"\u002Fdocs\u002Fservices\u002Fauth0-introduction","hidden":true,"isActiveUrl":false},{"title":"Auth0 Advanced Topics","url":"\u002Fdocs\u002Fservices\u002Fauth0-advanced","hidden":true,"isActiveUrl":false},{"title":"Private Cloud Management Workshop","url":"\u002Fdocs\u002Fservices\u002Fprivate-cloud-management","hidden":true,"isActiveUrl":false}],"isActiveUrl":false},{"title":"Auth0 Community","external":true,"forceFullReload":true,"url":"https:\u002F\u002Fcommunity.auth0.com\u002F","isActiveUrl":false},{"title":"Auth0 Blog","external":true,"forceFullReload":true,"url":"https:\u002F\u002Fauth0.com\u002Fblog\u002F","isActiveUrl":false}],"apis":[{"title":"Overview","url":"\u002Fdocs\u002Fapi\u002Finfo","isActiveUrl":false},{"title":"Testing with Postman","url":"\u002Fdocs\u002Fapi\u002Fpostman","isActiveUrl":false},{"title":"Authentication API","url":"\u002Fdocs\u002Fapi\u002Fauthentication","external":true,"forceFullReload":true,"isActiveUrl":false},{"title":"Management API","url":"\u002Fdocs\u002Fapi\u002Fmanagement\u002Fv2\u002Ftokens","forceFullReload":true,"expanded":1,"children":[{"title":"API Tokens","url":"\u002Fdocs\u002Fapi\u002Fmanagement\u002Fv2\u002Ftokens","forceFullReload":true,"children":[{"title":"Changes","url":"\u002Fdocs\u002Fapi\u002Fmanagement\u002Fv2\u002Ftokens-flows","isActiveUrl":false}],"isActiveUrl":false},{"title":"Changes in v2","url":"\u002Fdocs\u002Fapi\u002Fmanagement\u002Fv2\u002Fchanges","forceFullReload":true,"isActiveUrl":false},{"title":"API Explorer","url":"\u002Fdocs\u002Fapi\u002Fmanagement\u002Fv2\u002F","forceFullReload":true,"external":true,"isActiveUrl":false}],"isActiveUrl":false}],"libraries":[{"title":"Overview","url":"\u002Fdocs\u002Flibraries","isActiveUrl":false},{"title":"Auth0 Single Page App SDK","url":"\u002Fdocs\u002Flibraries\u002Fauth0-spa-js","children":[{"title":"Migrate from auth0.js","url":"\u002Fdocs\u002Flibraries\u002Fauth0-spa-js\u002Fmigrate-from-auth0js","isActiveUrl":false}],"isActiveUrl":false},{"title":"Lock for Web","url":"\u002Fdocs\u002Flibraries\u002Flock\u002Fv11","children":[{"title":"Overview","url":"\u002Fdocs\u002Flibraries\u002Flock\u002Fv11","isActiveUrl":false},{"title":"Configuration Options","url":"\u002Fdocs\u002Flibraries\u002Flock\u002Fv11\u002Fconfiguration","isActiveUrl":true},{"title":"API Reference","url":"\u002Fdocs\u002Flibraries\u002Flock\u002Fv11\u002Fapi","isActiveUrl":false},{"title":"UI Customization","url":"\u002Fdocs\u002Flibraries\u002Flock\u002Fv11\u002Fui-customization","isActiveUrl":false},{"title":"Migration Guide","url":"\u002Fdocs\u002Flibraries\u002Flock\u002Fv11\u002Fmigration-guide","isActiveUrl":false},{"title":"Internationalization","url":"\u002Fdocs\u002Flibraries\u002Flock\u002Fv11\u002Fi18n","isActiveUrl":false},{"title":"Customizing Errors","url":"\u002Fdocs\u002Flibraries\u002Flock\u002Fv11\u002Fcustomizing-error-messages","isActiveUrl":false},{"title":"Authentication Modes","url":"\u002Fdocs\u002Flibraries\u002Flock\u002Fv11\u002Fauthentication-modes","isActiveUrl":false}],"isActiveUrl":true},{"title":"Lock for iOS","url":"\u002Fdocs\u002Flibraries\u002Flock-ios\u002Fv2","children":[{"title":"Overview","url":"\u002Fdocs\u002Flibraries\u002Flock-ios\u002Fv2","isActiveUrl":false},{"title":"Styles Customization","url":"\u002Fdocs\u002Flibraries\u002Flock-ios\u002Fv2\u002Fcustomization","isActiveUrl":false},{"title":"Behavior Configuration","url":"\u002Fdocs\u002Flibraries\u002Flock-ios\u002Fv2\u002Fconfiguration","isActiveUrl":false},{"title":"Custom Fields","url":"\u002Fdocs\u002Flibraries\u002Flock-ios\u002Fv2\u002Fcustom-fields","isActiveUrl":false},{"title":"Internationalization","url":"\u002Fdocs\u002Flibraries\u002Flock-ios\u002Fv2\u002Finternationalization","isActiveUrl":false},{"title":"Migration Guide","url":"\u002Fdocs\u002Flibraries\u002Flock-ios\u002Fv2\u002Fmigration","isActiveUrl":false}],"isActiveUrl":false},{"title":"Lock for Android","url":"\u002Fdocs\u002Flibraries\u002Flock-android\u002Fv2","children":[{"title":"Overview","url":"\u002Fdocs\u002Flibraries\u002Flock-android\u002Fv2","isActiveUrl":false},{"title":"Configuration Options","url":"\u002Fdocs\u002Flibraries\u002Flock-android\u002Fv2\u002Fconfiguration","isActiveUrl":false},{"title":"Custom Auth Providers","url":"\u002Fdocs\u002Flibraries\u002Flock-android\u002Fv2\u002Fcustom-authentication-providers","isActiveUrl":false},{"title":"Android Dev Keystores","url":"\u002Fdocs\u002Flibraries\u002Flock-android\u002Fv2\u002Fkeystore","isActiveUrl":false},{"title":"Custom Signup Fields","url":"\u002Fdocs\u002Flibraries\u002Flock-android\u002Fv2\u002Fcustom-fields","isActiveUrl":false},{"title":"Custom Theming","url":"\u002Fdocs\u002Flibraries\u002Flock-android\u002Fv2\u002Fcustom-theming","isActiveUrl":false},{"title":"Migration v1 to v2","url":"\u002Fdocs\u002Flibraries\u002Flock-android\u002Fv2\u002Fmigration-guide","isActiveUrl":false},{"title":"Internationalization","url":"\u002Fdocs\u002Flibraries\u002Flock-android\u002Fv2\u002Finternationalization","isActiveUrl":false}],"isActiveUrl":false},{"title":"Lock vs. Custom UI","url":"\u002Fdocs\u002Flibraries\u002Fwhen-to-use-lock","isActiveUrl":false},{"title":"Auth0 SDK for Web","url":"\u002Fdocs\u002Flibraries\u002Fauth0js\u002Fv9","children":[{"title":"Auth0.js","url":"\u002Fdocs\u002Flibraries\u002Fauth0js\u002Fv9","isActiveUrl":false},{"title":"Migration Guide","url":"\u002Fdocs\u002Flibraries\u002Fauth0js\u002Fv9\u002Fmigration-guide","isActiveUrl":false}],"isActiveUrl":false},{"title":"Auth0 SDK for iOS","url":"\u002Fdocs\u002Flibraries\u002Fauth0-swift","children":[{"title":"Overview","url":"\u002Fdocs\u002Flibraries\u002Fauth0-swift","isActiveUrl":false},{"title":"Database Authentication","url":"\u002Fdocs\u002Flibraries\u002Fauth0-swift\u002Fdatabase-authentication","isActiveUrl":false},{"title":"User Management","url":"\u002Fdocs\u002Flibraries\u002Fauth0-swift\u002Fuser-management","isActiveUrl":false},{"title":"Refresh Tokens","url":"\u002Fdocs\u002Flibraries\u002Fauth0-swift\u002Fsave-and-refresh-jwt-tokens","isActiveUrl":false},{"title":"TouchID","url":"\u002Fdocs\u002Flibraries\u002Fauth0-swift\u002Ftouchid-authentication","isActiveUrl":false}],"isActiveUrl":false},{"title":"Auth0 SDK for Android","url":"\u002Fdocs\u002Flibraries\u002Fauth0-android","children":[{"title":"Overview","url":"\u002Fdocs\u002Flibraries\u002Fauth0-android","isActiveUrl":false},{"title":"Configuration","url":"\u002Fdocs\u002Flibraries\u002Fauth0-android\u002Fconfiguration","isActiveUrl":false},{"title":"Database Authentication","url":"\u002Fdocs\u002Flibraries\u002Fauth0-android\u002Fdatabase-authentication","isActiveUrl":false},{"title":"User Management","url":"\u002Fdocs\u002Flibraries\u002Fauth0-android\u002Fuser-management","isActiveUrl":false},{"title":"Refresh Tokens","url":"\u002Fdocs\u002Flibraries\u002Fauth0-android\u002Fsave-and-refresh-tokens","isActiveUrl":false}],"isActiveUrl":false}],"videos":[{"title":"Learn Identity","url":"\u002Fdocs\u002Fvideos\u002Flearn-identity","children":[{"title":"Introduction to Identity","url":"\u002Fdocs\u002Fvideos\u002Flearn-identity\u002F01-introduction-to-identity","isActiveUrl":false},{"title":"OpenID Connect and OAuth2","url":"\u002Fdocs\u002Fvideos\u002Flearn-identity\u002F02-oidc-and-oauth","isActiveUrl":false},{"title":"Web Sign-In","url":"\u002Fdocs\u002Fvideos\u002Flearn-identity\u002F03-web-sign-in","isActiveUrl":false},{"title":"Calling an API","url":"\u002Fdocs\u002Fvideos\u002Flearn-identity\u002F04-calling-an-api","isActiveUrl":false},{"title":"Desktop and Mobile Apps","url":"\u002Fdocs\u002Fvideos\u002Flearn-identity\u002F05-desktop-and-mobile-apps","isActiveUrl":false},{"title":"Single Page Apps","url":"\u002Fdocs\u002Fvideos\u002Flearn-identity\u002F06-single-page-apps","isActiveUrl":false}],"isActiveUrl":false},{"title":"Get Started","url":"\u002Fdocs\u002Fvideos\u002Fget-started","children":[{"title":"Architect: Your Tenant","url":"\u002Fdocs\u002Fvideos\u002Fget-started\u002F01-architecture-your-tenant","isActiveUrl":false},{"title":"Provision: User Stores","url":"\u002Fdocs\u002Fvideos\u002Fget-started\u002F02-provision-user-stores","isActiveUrl":false},{"title":"Provision: Import Users","url":"\u002Fdocs\u002Fvideos\u002Fget-started\u002F03-provision-import-users","isActiveUrl":false},{"title":"Authenticate: How It Works","url":"\u002Fdocs\u002Fvideos\u002Fget-started\u002F04_01-authenticate-how-it-works","isActiveUrl":false},{"title":"Authenticate: SPA Example","url":"\u002Fdocs\u002Fvideos\u002Fget-started\u002F04_02-authenticate-spa-example","isActiveUrl":false},{"title":"Authorize: ID Tokens and Access Control","url":"\u002Fdocs\u002Fvideos\u002Fget-started\u002F05_01-authorize-id-tokens-access-control","isActiveUrl":false},{"title":"Authorize: Get and Validate ID Tokens","url":"\u002Fdocs\u002Fvideos\u002Fget-started\u002F05_02-authorize-get-validate-id-tokens","isActiveUrl":false},{"title":"User Profiles","url":"\u002Fdocs\u002Fvideos\u002Fget-started\u002F06-user-profiles","isActiveUrl":false},{"title":"Brand: How It Works","url":"\u002Fdocs\u002Fvideos\u002Fget-started\u002F07_01-brand-how-it-works","isActiveUrl":false},{"title":"Brand: Sign Up and Login Pages","url":"\u002Fdocs\u002Fvideos\u002Fget-started\u002F07_02-brand-signup-login-pages","isActiveUrl":false},{"title":"Brand: Emails and Error Pages","url":"\u002Fdocs\u002Fvideos\u002Fget-started\u002F08-brand-emails-error-pages","isActiveUrl":true},{"title":"Logout","url":"\u002Fdocs\u002Fvideos\u002Fget-started\u002F10-logout","isActiveUrl":false}],"isActiveUrl":true}],"identity-labs":[{"title":"Digital Identity Labs","url":"\u002Fdocs\u002Fidentity-labs","children":[{"title":"Lab 1: Web Sign-In","url":"\u002Fdocs\u002Fidentity-labs\u002F01-web-sign-in","children":[{"title":"Exercise 1","url":"\u002Fdocs\u002Fidentity-labs\u002F01-web-sign-in\u002Fexercise-01","isActiveUrl":false},{"title":"Exercise 2","url":"\u002Fdocs\u002Fidentity-labs\u002F01-web-sign-in\u002Fexercise-02","isActiveUrl":false}],"isActiveUrl":true},{"title":"Lab 2: Calling an API","url":"\u002Fdocs\u002Fidentity-labs\u002F02-calling-an-api","children":[{"title":"Exercise 1","url":"\u002Fdocs\u002Fidentity-labs\u002F02-calling-an-api\u002Fexercise-01","isActiveUrl":false},{"title":"Exercise 2","url":"\u002Fdocs\u002Fidentity-labs\u002F02-calling-an-api\u002Fexercise-02","isActiveUrl":false},{"title":"Exercise 3","url":"\u002Fdocs\u002Fidentity-labs\u002F02-calling-an-api\u002Fexercise-03","isActiveUrl":false}],"isActiveUrl":false},{"title":"Lab 3: Mobile Native App","url":"\u002Fdocs\u002Fidentity-labs\u002F03-mobile-native-app","children":[{"title":"Exercise 1","url":"\u002Fdocs\u002Fidentity-labs\u002F03-mobile-native-app\u002Fexercise-01","isActiveUrl":false},{"title":"Exercise 2","url":"\u002Fdocs\u002Fidentity-labs\u002F03-mobile-native-app\u002Fexercise-02","isActiveUrl":false},{"title":"Exercise 3","url":"\u002Fdocs\u002Fidentity-labs\u002F03-mobile-native-app\u002Fexercise-03","isActiveUrl":false}],"isActiveUrl":false},{"title":"Lab 4: Single Page App","url":"\u002Fdocs\u002Fidentity-labs\u002F04-single-page-app","children":[{"title":"Exercise 1","url":"\u002Fdocs\u002Fidentity-labs\u002F04-single-page-app\u002Fexercise-01","isActiveUrl":true},{"title":"Exercise 2","url":"\u002Fdocs\u002Fidentity-labs\u002F04-single-page-app\u002Fexercise-02","isActiveUrl":true}],"isActiveUrl":true}],"isActiveUrl":true}]}},"cards":null,"glossary":{"terms":[{"id":"access-token","title":"Access Token","definition":"A credential that can be used by an application to access an API. It informs the API that the bearer of the token has been authorized to access the API and perform specific actions specified by the scope that has been granted. An Access Token can be in any format, but two popular options include opaque strings and JSON Web Tokens (JWT). They should be transmitted to the API as a Bearer credential in an HTTP Authorization header.","short":"An authorization credential, in the form of an opaque string or JWT, used to access an API."},{"id":"audience","title":"Audience","definition":"The unique identifier of the audience for an issued token, identified within a JSON Web Token as the `aud` claim. The audience value is either the application (`Client ID`) for an ID Token or the API that is being called (`API Identifier`) for an Access Token. At Auth0, the Audience value sent in a request for an Access Token dictates whether that token is returned in an opaque or JWT format.","short":"A unique identifier, \u003Cb\u003Eaud\u003C\u002Fb\u003E in a token, for an application (ID Token) or an API (Access Token)."},{"id":"authorization-code","title":"Authorization Code","definition":"A random string generated by the authorization server and returned to the application as part of the authorization response. The authorization code is relatively short-lived and is exchanged for an Access Token at the token endpoint when using the Authorization Code Flow.","short":"A random string generated by the authorization server and returned to the application as part of the authorization response. The authorization code is relatively short-lived and is exchanged for an Access Token at the token endpoint when using the Authorization Code Flow."},{"id":"callback","title":"Callback","definition":"The URL to which Auth0 sends its response after authentication. It is often the same URL to which a user is redirected after authentication.","short":"The URL to which Auth0 sends its response after an API call and sometimes where a user is redirected after authentication."},{"id":"claim","title":"Claim","definition":"An attribute packaged in a security token which represents a claim that the provider of the token is making about an entity.","short":"An attribute packaged in a security token which represents a claim that the provider of the token is making about an entity."},{"id":"client-secret","title":"Client Secret","definition":"A secret used by a client (application) to authenticate with the Authorization Server; it should be known to only the client and the Authorization Server and must be sufficiently random to not be guessable.","short":"A secret used by a client (application) to authenticate with the Authorization Server; it should be known to only the client and the Authorization Server and must be sufficiently random to be not guessable."},{"id":"confidential-client","title":"Confidential Client","definition":"According to the OAuth 2.0 protocol, clients (applications) can be classified as either confidential or public depending on whether or not they are able to hold credentials (such as a client ID and secret) securely. Confidential clients can hold credentials in a secure way without exposing them to unauthorized parties and require a trusted backend server to do so. They can use grant types that require them to authenticate by specifying their client ID and secret when calling the token endpoint and can have tokens issued to them that have been signed either symmetrically or asymmetrically.","short":"A client (application) that can hold credentials securely by using a trusted backend server. Examples include a web application with a secure backend and a machine-to-machine (M2M) application."},{"id":"confused-deputy","title":"Confused Deputy","definition":"The term confused deputy refers to a situation in which an attacker tricks a client or service into performing an action on their behalf.","short":"The term confused deputy refers to a situation in which an attacker tricks a client or service into performing an action on their behalf."},{"id":"digital-identity","title":"Digital Identity","definition":"The set of attributes that define a particular user in the context of a function which is delivered by a particular application.","short":"The set of attributes that define a particular user in the context of a function which is delivered by a particular application."},{"id":"digital-signature","title":"Digital Signature","definition":"A digital signature protects bits in a token from tampering. If the bits are changed or tampered with, the signature will no longer be able to be verified and it will be rejected.","short":"A digital signature protects bits in a token from tampering."},{"id":"directory","title":"Directory","definition":"A centralized repository of users (the most well-known of which is Active Directory) which centralizes credentials and attributes and makes it unnecessary for each application to have their own local identity setup and pool of users. Allows single sign on to all applications that use the same directory of users.","short":"A centralized repository of users that allows single sign on to all applications that use the same directory."},{"id":"id-token","title":"ID Token","definition":"An ID Token is a token meant for the client itself, rather than for accessing a resource. It has a fixed format that clients can parse and validate.","short":"An ID Token is a token meant for the client itself, rather than for accessing a resource."},{"id":"json-web-token","title":"JSON Web Token (JWT)","definition":"An open, industry standard \u003Ca href='https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519'\u003ERFC 7519\u003C\u002Fa\u003E method for representing claims securely between two parties. At Auth0, ID Tokens are always returned in JWT format, and Access Tokens are often in JWT format. You may decode well-formed JWTs at \u003Ca href='https:\u002F\u002Fjwt.io'\u003EJWT.io\u003C\u002Fa\u003E to view their claims. See \u003Ca href='\u002Fdocs\u002Fjwt'\u003EJSON Web Tokens\u003C\u002Fa\u003E.","short":"The standard ID Token format and often Access Token format used to represent claims securely between two parties."},{"id":"lock","title":"Lock","definition":"Auth0's UI widget for authenticating users. It is ready to go as-is and is the default face of the Classic Universal Login experience. Lock allows you to customize minor behavioral and appearance options, but its primary goal is ease of use. See \u003Ca href='\u002Fdocs\u002Flock'\u003ELock\u003C\u002Fa\u003E.","short":"A UI widget for authenticating users."},{"id":"multifactor-authentication","title":"Multi-factor authentication (MFA)","definition":"An authentication process that considers multiple factors. Typically at Auth0, the first factor is the standard username\u002Fpassword exchange, and the second is a code or link via email or SMS, a one-time-password via an app such as Authy or Google Authenticator, or a push notification via a phone app such as Guardian or Duo. Using multiple factors allows your account to remain secure if someone captures one or the other factor--acquires your password or steals your phone, for example. See \u003Ca href='\u002Fdocs\u002Fmultifactor-authentication'\u003EMulti-factor Authentication\u003C\u002Fa\u003E.","short":"A user authentication process that uses a factor in addition to username and password such as a code via SMS."},{"id":"nonce","title":"Nonce","definition":"An arbitrary (often random or pseudo-random) number issued in an authentication protocol that can be used to help detect and mitigate replay attacks using old communications. In other words, the nonce is only issued once, so if an attacker attempts to replay a transaction with a different nonce, its false transaction can be detected more easily. See \u003Ca href='\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fnonce'\u003ENonce\u003C\u002Fa\u003E.","short":"An arbitrary number issued once in an authentication protocol to detect and prevent replay attacks."},{"id":"openid","title":"OpenID","definition":"An open standard for authentication that allows applications to verify users are who they say they are without needing to collect, store, and therefore become liable for a user’s login information. See \u003Ca href='\u002Fdocs\u002Fprotocols\u002Foidc'\u003EOpenID Connect (OIDC)\u003C\u002Fa\u003E.","short":"An open standard for authentication that allows applications to verify users' identities without collecting and storing login information."},{"id":"passwordless","title":"Passwordless","definition":"A form of authentication where the first factor is not a password. Instead, it could be a one-time password received by email or SMS, a push notification, or a biometric sensor. Passwordless uses one-time passwords, so users are less susceptible to the typical password-based attacks (e.g., dictionary or credential stuffing) than with traditional username\u002Fpassword logins. See \u003Ca href='\u002Fdocs\u002Fconnections\u002Fpasswordless'\u003EPasswordless\u003C\u002Fa\u003E.","short":"A form of authentication that does not rely on a password as the first factor."},{"id":"perimeter","title":"Perimeter","definition":"A set of boundaries that encompass a directory, all of its users, and all of the applications which use the directory. In some implementations, this perimeter is a physical location; in others, it is a set of networks or devices connected via VPN.","short":"A set of boundaries that encompass a directory, all of its users, and all of the applications which use the directory."},{"id":"public-client","title":"Public Client","definition":"According to the OAuth 2.0 protocol, clients (applications) can be classified as either confidential or public depending on whether or not they are able to hold credentials (such as a client ID and secret) securely. Public clients cannot hold credentials securely, so should only use grant types that do not require the use of their client secret. ID Tokens issued to them must be signed asymmetrically using a private key (RS256) and verified using the public key corresponding to the private key used to sign the token. See \u003Ca href=‘\u002Fapplications\u002Fconcepts\u002Fapp-types-confidential-public'\u003EApplication Types - Confidential vs. Public\u003C\u002Fa\u003E.","short":"A client (application) that cannot hold credentials securely. Examples include a native desktop or mobile application and a JavaScript-based client-side web application (such as a single-page app (SPA))."},{"id":"raw-credentials","title":"Raw Credentials","definition":"A shared secret or set of information that are agreed upon between the user and the resource that allow the resource to verify the identity of a user.","short":"A shared secret or set of information that are agreed upon between the user and the resource that allow the resource to verify the identity of a user."},{"id":"refresh-token","title":"Refresh Token","definition":"A special kind of token that can be used to obtain a renewed Access Token. It is useful for renewing expiring Access Tokens without forcing the user to log in again. Using the Refresh Token, you can request a new Access Token at any time until the Refresh Token is blacklisted. See \u003Ca href='\u002Ftokens\u002Fconcepts\u002Frefresh-tokens'\u003ERefresh Tokens\u003C\u002Fa\u003E.","short":"A token used to obtain a renewed Access Token without forcing users to log in again."},{"id":"role","title":"Role","definition":"An aspect of a user’s identity assigned to the user to indicate the level of access they should have to the system. Roles are essentially collections of permissions. See \u003Ca href='\u002Fdocs\u002Fauthorization\u002Fconcepts\u002Frbac'\u003ERole-based Access Control (RBAC)\u003C\u002Fa\u003E.","short":"An aspect of a user’s identity assigned to the user to give them a certain set of permissions."},{"id":"scope","title":"Scope","definition":"A mechanism that defines the specific actions applications can be allowed to do or information that they can request on a user’s behalf. Often, applications will want to make use of the information that has already been created in an online resource. To do so, the application must ask for authorization to access this information on a user’s behalf. When an app requests permission to access a resource through an authorization server, it uses the Scope parameter to specify what access it needs, and the authorization server uses the Scope parameter to respond with the access that was actually granted. See \u003Ca href='\u002Fdocs\u002Fscopes'\u003EScopes\u003C\u002Fa\u003E.","short":"A mechanism that determines actions applications can perform on a user's behalf with information previously created in an online resource."},{"id":"security-assertion-markup-language","title":"Security Assertion Markup Language (SAML)","definition":"An XML-based standardized protocol by which two parties can exchange authentication information without the use of a password. See \u003Ca href='\u002Fdocs\u002Fprotocols\u002Fsaml'\u003ESAML\u003C\u002Fa\u003E.","short":"A standardized protocol allowing two parties to exchange authentication information without a password."},{"id":"security-token","title":"Security Token","definition":"A digitally signed artifact which is used to prove that the user was successfully authenticated","short":"A digitally signed artifact which is used to prove that the user was successfully authenticated"},{"id":"session-cookie","title":"Session Cookie","definition":"An entity emitted by a middleware after it establishes that the token it is receiving is signed, valid, and comes from a trusted source (the identity provider). This entity represents the fact that successful authentication occurred with the identity provider. This cookie prevents this process with tokens from needing to be continually repeated, by allowing the user to be considered authenticated as long as the cookie is present.","short":"An entity that, when present, allows the user to be considered authenticated."},{"id":"shadow-accounts","title":"Shadow Accounts","definition":"A difficult to sustain practice of manually provisioning a user from a local directory separately in a remote directory (essentially creating a copy, or shadow, of the original account) when they need access to remote applications.","short":"A difficult to sustain practice of manually provisioning a user from a local directory separately in a remote directory."},{"id":"single-sign-on","title":"Single Sign-On (SSO)","definition":"A service that, after a user logs into one application, automatically logs that user in to other applications, regardless of the platform, technology, or domain the user is using. The user signs in only one time (hence the name of the feature). Similarly, Single Logout (SLO) occurs when, after a user logs out from one application, they are logged out of each application or service where they were logged in. SSO and SLO are possible through the use of sessions. See \u003Ca href='\u002Fdocs\u002Fsso'\u003ESingle Sign-On and Single Logout\u003C\u002Fa\u003E.","short":"A service that, after a user logs into one applicaton, automatically logs that user in to other applications."},{"id":"token-endpoint","title":"Token Endpoint","definition":"The endpoint on the Authorization Server that is used to programmatically request tokens.","short":"The endpoint on the Authorization Server that is used to programmatically request tokens."},{"id":"trust","title":"Trust","definition":"A resource trusts an identity provider or authority when that resource is willing to believe what the authority says about its users.","short":"A resource trusts an identity provider or authority when that resource is willing to believe what the authority says about its users."},{"id":"universal-login","title":"Universal Login","definition":"Auth0’s implementation of the authentication flow, which is the key feature of an Authorization Server. Each time a user needs to prove their identity, your applications redirect to Universal Login, and Auth0 will do what’s needed to guarantee the user’s identity. See \u003Ca href='\u002Fdocs\u002Funiversal-login'\u003EAuth0 Universal Login\u003C\u002Fa\u003E.","short":"Your application redirects to Universal Login, hosted on Auth0's Authorization Server, to verify a user's identity."}],"termsByLetter":{"A":[{"id":"access-token","title":"Access Token","definition":"A credential that can be used by an application to access an API. It informs the API that the bearer of the token has been authorized to access the API and perform specific actions specified by the scope that has been granted. An Access Token can be in any format, but two popular options include opaque strings and JSON Web Tokens (JWT). They should be transmitted to the API as a Bearer credential in an HTTP Authorization header.","short":"An authorization credential, in the form of an opaque string or JWT, used to access an API."},{"id":"audience","title":"Audience","definition":"The unique identifier of the audience for an issued token, identified within a JSON Web Token as the `aud` claim. The audience value is either the application (`Client ID`) for an ID Token or the API that is being called (`API Identifier`) for an Access Token. At Auth0, the Audience value sent in a request for an Access Token dictates whether that token is returned in an opaque or JWT format.","short":"A unique identifier, \u003Cb\u003Eaud\u003C\u002Fb\u003E in a token, for an application (ID Token) or an API (Access Token)."},{"id":"authorization-code","title":"Authorization Code","definition":"A random string generated by the authorization server and returned to the application as part of the authorization response. The authorization code is relatively short-lived and is exchanged for an Access Token at the token endpoint when using the Authorization Code Flow.","short":"A random string generated by the authorization server and returned to the application as part of the authorization response. The authorization code is relatively short-lived and is exchanged for an Access Token at the token endpoint when using the Authorization Code Flow."}],"C":[{"id":"callback","title":"Callback","definition":"The URL to which Auth0 sends its response after authentication. It is often the same URL to which a user is redirected after authentication.","short":"The URL to which Auth0 sends its response after an API call and sometimes where a user is redirected after authentication."},{"id":"claim","title":"Claim","definition":"An attribute packaged in a security token which represents a claim that the provider of the token is making about an entity.","short":"An attribute packaged in a security token which represents a claim that the provider of the token is making about an entity."},{"id":"client-secret","title":"Client Secret","definition":"A secret used by a client (application) to authenticate with the Authorization Server; it should be known to only the client and the Authorization Server and must be sufficiently random to not be guessable.","short":"A secret used by a client (application) to authenticate with the Authorization Server; it should be known to only the client and the Authorization Server and must be sufficiently random to be not guessable."},{"id":"confidential-client","title":"Confidential Client","definition":"According to the OAuth 2.0 protocol, clients (applications) can be classified as either confidential or public depending on whether or not they are able to hold credentials (such as a client ID and secret) securely. Confidential clients can hold credentials in a secure way without exposing them to unauthorized parties and require a trusted backend server to do so. They can use grant types that require them to authenticate by specifying their client ID and secret when calling the token endpoint and can have tokens issued to them that have been signed either symmetrically or asymmetrically.","short":"A client (application) that can hold credentials securely by using a trusted backend server. Examples include a web application with a secure backend and a machine-to-machine (M2M) application."},{"id":"confused-deputy","title":"Confused Deputy","definition":"The term confused deputy refers to a situation in which an attacker tricks a client or service into performing an action on their behalf.","short":"The term confused deputy refers to a situation in which an attacker tricks a client or service into performing an action on their behalf."}],"D":[{"id":"digital-identity","title":"Digital Identity","definition":"The set of attributes that define a particular user in the context of a function which is delivered by a particular application.","short":"The set of attributes that define a particular user in the context of a function which is delivered by a particular application."},{"id":"digital-signature","title":"Digital Signature","definition":"A digital signature protects bits in a token from tampering. If the bits are changed or tampered with, the signature will no longer be able to be verified and it will be rejected.","short":"A digital signature protects bits in a token from tampering."},{"id":"directory","title":"Directory","definition":"A centralized repository of users (the most well-known of which is Active Directory) which centralizes credentials and attributes and makes it unnecessary for each application to have their own local identity setup and pool of users. Allows single sign on to all applications that use the same directory of users.","short":"A centralized repository of users that allows single sign on to all applications that use the same directory."}],"I":[{"id":"id-token","title":"ID Token","definition":"An ID Token is a token meant for the client itself, rather than for accessing a resource. It has a fixed format that clients can parse and validate.","short":"An ID Token is a token meant for the client itself, rather than for accessing a resource."}],"J":[{"id":"json-web-token","title":"JSON Web Token (JWT)","definition":"An open, industry standard \u003Ca href='https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519'\u003ERFC 7519\u003C\u002Fa\u003E method for representing claims securely between two parties. At Auth0, ID Tokens are always returned in JWT format, and Access Tokens are often in JWT format. You may decode well-formed JWTs at \u003Ca href='https:\u002F\u002Fjwt.io'\u003EJWT.io\u003C\u002Fa\u003E to view their claims. See \u003Ca href='\u002Fdocs\u002Fjwt'\u003EJSON Web Tokens\u003C\u002Fa\u003E.","short":"The standard ID Token format and often Access Token format used to represent claims securely between two parties."}],"L":[{"id":"lock","title":"Lock","definition":"Auth0's UI widget for authenticating users. It is ready to go as-is and is the default face of the Classic Universal Login experience. Lock allows you to customize minor behavioral and appearance options, but its primary goal is ease of use. See \u003Ca href='\u002Fdocs\u002Flock'\u003ELock\u003C\u002Fa\u003E.","short":"A UI widget for authenticating users."}],"M":[{"id":"multifactor-authentication","title":"Multi-factor authentication (MFA)","definition":"An authentication process that considers multiple factors. Typically at Auth0, the first factor is the standard username\u002Fpassword exchange, and the second is a code or link via email or SMS, a one-time-password via an app such as Authy or Google Authenticator, or a push notification via a phone app such as Guardian or Duo. Using multiple factors allows your account to remain secure if someone captures one or the other factor--acquires your password or steals your phone, for example. See \u003Ca href='\u002Fdocs\u002Fmultifactor-authentication'\u003EMulti-factor Authentication\u003C\u002Fa\u003E.","short":"A user authentication process that uses a factor in addition to username and password such as a code via SMS."}],"N":[{"id":"nonce","title":"Nonce","definition":"An arbitrary (often random or pseudo-random) number issued in an authentication protocol that can be used to help detect and mitigate replay attacks using old communications. In other words, the nonce is only issued once, so if an attacker attempts to replay a transaction with a different nonce, its false transaction can be detected more easily. See \u003Ca href='\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fnonce'\u003ENonce\u003C\u002Fa\u003E.","short":"An arbitrary number issued once in an authentication protocol to detect and prevent replay attacks."}],"O":[{"id":"openid","title":"OpenID","definition":"An open standard for authentication that allows applications to verify users are who they say they are without needing to collect, store, and therefore become liable for a user’s login information. See \u003Ca href='\u002Fdocs\u002Fprotocols\u002Foidc'\u003EOpenID Connect (OIDC)\u003C\u002Fa\u003E.","short":"An open standard for authentication that allows applications to verify users' identities without collecting and storing login information."}],"P":[{"id":"passwordless","title":"Passwordless","definition":"A form of authentication where the first factor is not a password. Instead, it could be a one-time password received by email or SMS, a push notification, or a biometric sensor. Passwordless uses one-time passwords, so users are less susceptible to the typical password-based attacks (e.g., dictionary or credential stuffing) than with traditional username\u002Fpassword logins. See \u003Ca href='\u002Fdocs\u002Fconnections\u002Fpasswordless'\u003EPasswordless\u003C\u002Fa\u003E.","short":"A form of authentication that does not rely on a password as the first factor."},{"id":"perimeter","title":"Perimeter","definition":"A set of boundaries that encompass a directory, all of its users, and all of the applications which use the directory. In some implementations, this perimeter is a physical location; in others, it is a set of networks or devices connected via VPN.","short":"A set of boundaries that encompass a directory, all of its users, and all of the applications which use the directory."},{"id":"public-client","title":"Public Client","definition":"According to the OAuth 2.0 protocol, clients (applications) can be classified as either confidential or public depending on whether or not they are able to hold credentials (such as a client ID and secret) securely. Public clients cannot hold credentials securely, so should only use grant types that do not require the use of their client secret. ID Tokens issued to them must be signed asymmetrically using a private key (RS256) and verified using the public key corresponding to the private key used to sign the token. See \u003Ca href=‘\u002Fapplications\u002Fconcepts\u002Fapp-types-confidential-public'\u003EApplication Types - Confidential vs. Public\u003C\u002Fa\u003E.","short":"A client (application) that cannot hold credentials securely. Examples include a native desktop or mobile application and a JavaScript-based client-side web application (such as a single-page app (SPA))."}],"R":[{"id":"raw-credentials","title":"Raw Credentials","definition":"A shared secret or set of information that are agreed upon between the user and the resource that allow the resource to verify the identity of a user.","short":"A shared secret or set of information that are agreed upon between the user and the resource that allow the resource to verify the identity of a user."},{"id":"refresh-token","title":"Refresh Token","definition":"A special kind of token that can be used to obtain a renewed Access Token. It is useful for renewing expiring Access Tokens without forcing the user to log in again. Using the Refresh Token, you can request a new Access Token at any time until the Refresh Token is blacklisted. See \u003Ca href='\u002Ftokens\u002Fconcepts\u002Frefresh-tokens'\u003ERefresh Tokens\u003C\u002Fa\u003E.","short":"A token used to obtain a renewed Access Token without forcing users to log in again."},{"id":"role","title":"Role","definition":"An aspect of a user’s identity assigned to the user to indicate the level of access they should have to the system. Roles are essentially collections of permissions. See \u003Ca href='\u002Fdocs\u002Fauthorization\u002Fconcepts\u002Frbac'\u003ERole-based Access Control (RBAC)\u003C\u002Fa\u003E.","short":"An aspect of a user’s identity assigned to the user to give them a certain set of permissions."}],"S":[{"id":"scope","title":"Scope","definition":"A mechanism that defines the specific actions applications can be allowed to do or information that they can request on a user’s behalf. Often, applications will want to make use of the information that has already been created in an online resource. To do so, the application must ask for authorization to access this information on a user’s behalf. When an app requests permission to access a resource through an authorization server, it uses the Scope parameter to specify what access it needs, and the authorization server uses the Scope parameter to respond with the access that was actually granted. See \u003Ca href='\u002Fdocs\u002Fscopes'\u003EScopes\u003C\u002Fa\u003E.","short":"A mechanism that determines actions applications can perform on a user's behalf with information previously created in an online resource."},{"id":"security-assertion-markup-language","title":"Security Assertion Markup Language (SAML)","definition":"An XML-based standardized protocol by which two parties can exchange authentication information without the use of a password. See \u003Ca href='\u002Fdocs\u002Fprotocols\u002Fsaml'\u003ESAML\u003C\u002Fa\u003E.","short":"A standardized protocol allowing two parties to exchange authentication information without a password."},{"id":"security-token","title":"Security Token","definition":"A digitally signed artifact which is used to prove that the user was successfully authenticated","short":"A digitally signed artifact which is used to prove that the user was successfully authenticated"},{"id":"session-cookie","title":"Session Cookie","definition":"An entity emitted by a middleware after it establishes that the token it is receiving is signed, valid, and comes from a trusted source (the identity provider). This entity represents the fact that successful authentication occurred with the identity provider. This cookie prevents this process with tokens from needing to be continually repeated, by allowing the user to be considered authenticated as long as the cookie is present.","short":"An entity that, when present, allows the user to be considered authenticated."},{"id":"shadow-accounts","title":"Shadow Accounts","definition":"A difficult to sustain practice of manually provisioning a user from a local directory separately in a remote directory (essentially creating a copy, or shadow, of the original account) when they need access to remote applications.","short":"A difficult to sustain practice of manually provisioning a user from a local directory separately in a remote directory."},{"id":"single-sign-on","title":"Single Sign-On (SSO)","definition":"A service that, after a user logs into one application, automatically logs that user in to other applications, regardless of the platform, technology, or domain the user is using. The user signs in only one time (hence the name of the feature). Similarly, Single Logout (SLO) occurs when, after a user logs out from one application, they are logged out of each application or service where they were logged in. SSO and SLO are possible through the use of sessions. See \u003Ca href='\u002Fdocs\u002Fsso'\u003ESingle Sign-On and Single Logout\u003C\u002Fa\u003E.","short":"A service that, after a user logs into one applicaton, automatically logs that user in to other applications."}],"T":[{"id":"token-endpoint","title":"Token Endpoint","definition":"The endpoint on the Authorization Server that is used to programmatically request tokens.","short":"The endpoint on the Authorization Server that is used to programmatically request tokens."},{"id":"trust","title":"Trust","definition":"A resource trusts an identity provider or authority when that resource is willing to believe what the authority says about its users.","short":"A resource trusts an identity provider or authority when that resource is willing to believe what the authority says about its users."}],"U":[{"id":"universal-login","title":"Universal Login","definition":"Auth0’s implementation of the authentication flow, which is the key feature of an Authorization Server. Each time a user needs to prove their identity, your applications redirect to Universal Login, and Auth0 will do what’s needed to guarantee the user’s identity. See \u003Ca href='\u002Fdocs\u002Funiversal-login'\u003EAuth0 Universal Login\u003C\u002Fa\u003E.","short":"Your application redirects to Universal Login, hosted on Auth0's Authorization Server, to verify a user's identity."}]},"termsById":{"access-token":{"title":"Access Token","definition":"A credential that can be used by an application to access an API. It informs the API that the bearer of the token has been authorized to access the API and perform specific actions specified by the scope that has been granted. An Access Token can be in any format, but two popular options include opaque strings and JSON Web Tokens (JWT). They should be transmitted to the API as a Bearer credential in an HTTP Authorization header.","short":"An authorization credential, in the form of an opaque string or JWT, used to access an API."},"audience":{"title":"Audience","definition":"The unique identifier of the audience for an issued token, identified within a JSON Web Token as the `aud` claim. The audience value is either the application (`Client ID`) for an ID Token or the API that is being called (`API Identifier`) for an Access Token. At Auth0, the Audience value sent in a request for an Access Token dictates whether that token is returned in an opaque or JWT format.","short":"A unique identifier, \u003Cb\u003Eaud\u003C\u002Fb\u003E in a token, for an application (ID Token) or an API (Access Token)."},"authorization-code":{"title":"Authorization Code","definition":"A random string generated by the authorization server and returned to the application as part of the authorization response. The authorization code is relatively short-lived and is exchanged for an Access Token at the token endpoint when using the Authorization Code Flow.","short":"A random string generated by the authorization server and returned to the application as part of the authorization response. The authorization code is relatively short-lived and is exchanged for an Access Token at the token endpoint when using the Authorization Code Flow."},"callback":{"title":"Callback","definition":"The URL to which Auth0 sends its response after authentication. It is often the same URL to which a user is redirected after authentication.","short":"The URL to which Auth0 sends its response after an API call and sometimes where a user is redirected after authentication."},"claim":{"title":"Claim","definition":"An attribute packaged in a security token which represents a claim that the provider of the token is making about an entity.","short":"An attribute packaged in a security token which represents a claim that the provider of the token is making about an entity."},"client-secret":{"title":"Client Secret","definition":"A secret used by a client (application) to authenticate with the Authorization Server; it should be known to only the client and the Authorization Server and must be sufficiently random to not be guessable.","short":"A secret used by a client (application) to authenticate with the Authorization Server; it should be known to only the client and the Authorization Server and must be sufficiently random to be not guessable."},"confidential-client":{"title":"Confidential Client","definition":"According to the OAuth 2.0 protocol, clients (applications) can be classified as either confidential or public depending on whether or not they are able to hold credentials (such as a client ID and secret) securely. Confidential clients can hold credentials in a secure way without exposing them to unauthorized parties and require a trusted backend server to do so. They can use grant types that require them to authenticate by specifying their client ID and secret when calling the token endpoint and can have tokens issued to them that have been signed either symmetrically or asymmetrically.","short":"A client (application) that can hold credentials securely by using a trusted backend server. Examples include a web application with a secure backend and a machine-to-machine (M2M) application."},"confused-deputy":{"title":"Confused Deputy","definition":"The term confused deputy refers to a situation in which an attacker tricks a client or service into performing an action on their behalf.","short":"The term confused deputy refers to a situation in which an attacker tricks a client or service into performing an action on their behalf."},"digital-identity":{"title":"Digital Identity","definition":"The set of attributes that define a particular user in the context of a function which is delivered by a particular application.","short":"The set of attributes that define a particular user in the context of a function which is delivered by a particular application."},"digital-signature":{"title":"Digital Signature","definition":"A digital signature protects bits in a token from tampering. If the bits are changed or tampered with, the signature will no longer be able to be verified and it will be rejected.","short":"A digital signature protects bits in a token from tampering."},"directory":{"title":"Directory","definition":"A centralized repository of users (the most well-known of which is Active Directory) which centralizes credentials and attributes and makes it unnecessary for each application to have their own local identity setup and pool of users. Allows single sign on to all applications that use the same directory of users.","short":"A centralized repository of users that allows single sign on to all applications that use the same directory."},"id-token":{"title":"ID Token","definition":"An ID Token is a token meant for the client itself, rather than for accessing a resource. It has a fixed format that clients can parse and validate.","short":"An ID Token is a token meant for the client itself, rather than for accessing a resource."},"json-web-token":{"title":"JSON Web Token (JWT)","definition":"An open, industry standard \u003Ca href='https:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc7519'\u003ERFC 7519\u003C\u002Fa\u003E method for representing claims securely between two parties. At Auth0, ID Tokens are always returned in JWT format, and Access Tokens are often in JWT format. You may decode well-formed JWTs at \u003Ca href='https:\u002F\u002Fjwt.io'\u003EJWT.io\u003C\u002Fa\u003E to view their claims. See \u003Ca href='\u002Fdocs\u002Fjwt'\u003EJSON Web Tokens\u003C\u002Fa\u003E.","short":"The standard ID Token format and often Access Token format used to represent claims securely between two parties."},"lock":{"title":"Lock","definition":"Auth0's UI widget for authenticating users. It is ready to go as-is and is the default face of the Classic Universal Login experience. Lock allows you to customize minor behavioral and appearance options, but its primary goal is ease of use. See \u003Ca href='\u002Fdocs\u002Flock'\u003ELock\u003C\u002Fa\u003E.","short":"A UI widget for authenticating users."},"multifactor-authentication":{"title":"Multi-factor authentication (MFA)","definition":"An authentication process that considers multiple factors. Typically at Auth0, the first factor is the standard username\u002Fpassword exchange, and the second is a code or link via email or SMS, a one-time-password via an app such as Authy or Google Authenticator, or a push notification via a phone app such as Guardian or Duo. Using multiple factors allows your account to remain secure if someone captures one or the other factor--acquires your password or steals your phone, for example. See \u003Ca href='\u002Fdocs\u002Fmultifactor-authentication'\u003EMulti-factor Authentication\u003C\u002Fa\u003E.","short":"A user authentication process that uses a factor in addition to username and password such as a code via SMS."},"nonce":{"title":"Nonce","definition":"An arbitrary (often random or pseudo-random) number issued in an authentication protocol that can be used to help detect and mitigate replay attacks using old communications. In other words, the nonce is only issued once, so if an attacker attempts to replay a transaction with a different nonce, its false transaction can be detected more easily. See \u003Ca href='\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fnonce'\u003ENonce\u003C\u002Fa\u003E.","short":"An arbitrary number issued once in an authentication protocol to detect and prevent replay attacks."},"openid":{"title":"OpenID","definition":"An open standard for authentication that allows applications to verify users are who they say they are without needing to collect, store, and therefore become liable for a user’s login information. See \u003Ca href='\u002Fdocs\u002Fprotocols\u002Foidc'\u003EOpenID Connect (OIDC)\u003C\u002Fa\u003E.","short":"An open standard for authentication that allows applications to verify users' identities without collecting and storing login information."},"passwordless":{"title":"Passwordless","definition":"A form of authentication where the first factor is not a password. Instead, it could be a one-time password received by email or SMS, a push notification, or a biometric sensor. Passwordless uses one-time passwords, so users are less susceptible to the typical password-based attacks (e.g., dictionary or credential stuffing) than with traditional username\u002Fpassword logins. See \u003Ca href='\u002Fdocs\u002Fconnections\u002Fpasswordless'\u003EPasswordless\u003C\u002Fa\u003E.","short":"A form of authentication that does not rely on a password as the first factor."},"perimeter":{"title":"Perimeter","definition":"A set of boundaries that encompass a directory, all of its users, and all of the applications which use the directory. In some implementations, this perimeter is a physical location; in others, it is a set of networks or devices connected via VPN.","short":"A set of boundaries that encompass a directory, all of its users, and all of the applications which use the directory."},"public-client":{"title":"Public Client","definition":"According to the OAuth 2.0 protocol, clients (applications) can be classified as either confidential or public depending on whether or not they are able to hold credentials (such as a client ID and secret) securely. Public clients cannot hold credentials securely, so should only use grant types that do not require the use of their client secret. ID Tokens issued to them must be signed asymmetrically using a private key (RS256) and verified using the public key corresponding to the private key used to sign the token. See \u003Ca href=‘\u002Fapplications\u002Fconcepts\u002Fapp-types-confidential-public'\u003EApplication Types - Confidential vs. Public\u003C\u002Fa\u003E.","short":"A client (application) that cannot hold credentials securely. Examples include a native desktop or mobile application and a JavaScript-based client-side web application (such as a single-page app (SPA))."},"raw-credentials":{"title":"Raw Credentials","definition":"A shared secret or set of information that are agreed upon between the user and the resource that allow the resource to verify the identity of a user.","short":"A shared secret or set of information that are agreed upon between the user and the resource that allow the resource to verify the identity of a user."},"refresh-token":{"title":"Refresh Token","definition":"A special kind of token that can be used to obtain a renewed Access Token. It is useful for renewing expiring Access Tokens without forcing the user to log in again. Using the Refresh Token, you can request a new Access Token at any time until the Refresh Token is blacklisted. See \u003Ca href='\u002Ftokens\u002Fconcepts\u002Frefresh-tokens'\u003ERefresh Tokens\u003C\u002Fa\u003E.","short":"A token used to obtain a renewed Access Token without forcing users to log in again."},"role":{"title":"Role","definition":"An aspect of a user’s identity assigned to the user to indicate the level of access they should have to the system. Roles are essentially collections of permissions. See \u003Ca href='\u002Fdocs\u002Fauthorization\u002Fconcepts\u002Frbac'\u003ERole-based Access Control (RBAC)\u003C\u002Fa\u003E.","short":"An aspect of a user’s identity assigned to the user to give them a certain set of permissions."},"scope":{"title":"Scope","definition":"A mechanism that defines the specific actions applications can be allowed to do or information that they can request on a user’s behalf. Often, applications will want to make use of the information that has already been created in an online resource. To do so, the application must ask for authorization to access this information on a user’s behalf. When an app requests permission to access a resource through an authorization server, it uses the Scope parameter to specify what access it needs, and the authorization server uses the Scope parameter to respond with the access that was actually granted. See \u003Ca href='\u002Fdocs\u002Fscopes'\u003EScopes\u003C\u002Fa\u003E.","short":"A mechanism that determines actions applications can perform on a user's behalf with information previously created in an online resource."},"security-assertion-markup-language":{"title":"Security Assertion Markup Language (SAML)","definition":"An XML-based standardized protocol by which two parties can exchange authentication information without the use of a password. See \u003Ca href='\u002Fdocs\u002Fprotocols\u002Fsaml'\u003ESAML\u003C\u002Fa\u003E.","short":"A standardized protocol allowing two parties to exchange authentication information without a password."},"security-token":{"title":"Security Token","definition":"A digitally signed artifact which is used to prove that the user was successfully authenticated","short":"A digitally signed artifact which is used to prove that the user was successfully authenticated"},"session-cookie":{"title":"Session Cookie","definition":"An entity emitted by a middleware after it establishes that the token it is receiving is signed, valid, and comes from a trusted source (the identity provider). This entity represents the fact that successful authentication occurred with the identity provider. This cookie prevents this process with tokens from needing to be continually repeated, by allowing the user to be considered authenticated as long as the cookie is present.","short":"An entity that, when present, allows the user to be considered authenticated."},"shadow-accounts":{"title":"Shadow Accounts","definition":"A difficult to sustain practice of manually provisioning a user from a local directory separately in a remote directory (essentially creating a copy, or shadow, of the original account) when they need access to remote applications.","short":"A difficult to sustain practice of manually provisioning a user from a local directory separately in a remote directory."},"single-sign-on":{"title":"Single Sign-On (SSO)","definition":"A service that, after a user logs into one application, automatically logs that user in to other applications, regardless of the platform, technology, or domain the user is using. The user signs in only one time (hence the name of the feature). Similarly, Single Logout (SLO) occurs when, after a user logs out from one application, they are logged out of each application or service where they were logged in. SSO and SLO are possible through the use of sessions. See \u003Ca href='\u002Fdocs\u002Fsso'\u003ESingle Sign-On and Single Logout\u003C\u002Fa\u003E.","short":"A service that, after a user logs into one applicaton, automatically logs that user in to other applications."},"token-endpoint":{"title":"Token Endpoint","definition":"The endpoint on the Authorization Server that is used to programmatically request tokens.","short":"The endpoint on the Authorization Server that is used to programmatically request tokens."},"trust":{"title":"Trust","definition":"A resource trusts an identity provider or authority when that resource is willing to believe what the authority says about its users.","short":"A resource trusts an identity provider or authority when that resource is willing to believe what the authority says about its users."},"universal-login":{"title":"Universal Login","definition":"Auth0’s implementation of the authentication flow, which is the key feature of an Authorization Server. Each time a user needs to prove their identity, your applications redirect to Universal Login, and Auth0 will do what’s needed to guarantee the user’s identity. See \u003Ca href='\u002Fdocs\u002Funiversal-login'\u003EAuth0 Universal Login\u003C\u002Fa\u003E.","short":"Your application redirects to Universal Login, hosted on Auth0's Authorization Server, to verify a user's identity."}},"termLetters":["A","C","D","I","J","L","M","N","O","P","R","S","T","U"]},"breadcrumbs":[{"title":"Docs","url":"\u002Fdocs"},{"title":"Articles","url":"\u002Fdocs\u002Fgetting-started"},{"title":"API Authorization","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth"},{"title":"Execute an Authorization Code Grant Flow","url":"https:\u002F\u002Fauth0.com\u002Fdocs\u002Fapi-auth\u002Ftutorials\u002Fauthorization-code-grant"}],"sidebarBreadcrumbs":[]},"AbStore":{"docExperiments":{"feedbackWidget":"original"}}}},"options":{"optimizePromiseCallback":false},"plugins":{"DevToolsPlugin":{"actionHistory":[],"enableDebug":false}}},"plugins":{"ServiceProxyPlugin":{}}};</script><script src="https://cdn2.auth0.com/docs/js/client.4669cebf77bd7fc6177e.bundle.js"></script><script> _linkedin_data_partner_id = "30812"; (function () { var s = document.getElementsByTagName("script")[0]; var b = document.createElement("script"); b.type = "text/javascript"; b.async = true; b.src = "https://snap.licdn.com/li.lms-analytics/insight.min.js"; s.parentNode.insertBefore(b, s); })(); </script></body></html>