Applications in Auth0
The term application or app in Auth0 does not imply any particular implementation characteristics. For example, it could be a native app that executes on a mobile device, a single-page app that executes on a browser, or a regular web app that executes on a server.
Auth0 categorizes apps based on these characteristics:
What type of app is it?: To add authentication to your app, you must register it in the Auth0 Dashboard and select from one of the following app types:
- Regular web app: Traditional web apps that perform most of their application logic on the server (such as Express.js or ASP.NET).
- Native app: Mobile or Desktop apps that run natively in a device (such as iOS or Android).
- Machine-to-machine (M2M) app: Non-interactive apps, such as command-line tools, daemons, IoT devices, or services running on your back-end. Typically, you use this option if you have a service that requires access to an API.
Can the app securely hold credentials?: According to the OAuth 2.0 spec, apps can be classified as either public or confidential; confidential apps can hold credentials securely, while public apps cannot. See Confidential and Public Applications for details.
Who owns the app?: Whether an app is classified as first- or third-party depends on the app ownership and control. First-party apps are controlled by the same organization or person that owns the Auth0 domain. Third-party apps enable external parties or partners to securely access protected resources behind your API. See First-Party and Third-Party Applications for details.
Manage app settings
In addition to setting up apps in the Dashboard, you can also set up apps programmatically as described in the OpenID Connect (OIDC) Dynamic Client Registration 1.0 specification. See Dynamic Client Registration for details.
You can set up up a more complex configuration that allows users to log in differently for different apps. See Using Auth0 to Secure Your Multi-Tenant Applications and Create Multiple Tenants.
By default, Auth0 enables all connections associated with your tenant when you create a new application. To change this, update application connections in the Application Settings in the Dashboard.
You can monitor apps and perform end-to-end testing using your own tests. Auth0 stores log data including Dashboard administrator actions, successful and failed user authentications, and password change requests. You can use Auth0 Extensions to export your log data and use tools like Sumo Logic, Splunk, or Loggly to analyze and store your log data.
Manage client secrets
Auth0 provides many different authentication and authorization grant types or flows and allows you to indicate which grant types are appropriate based on the
grant_types property of your Auth0-registered app. See Application Grant Types for more details.