Using Passwordless Authentication on Android with SMS
Application Types - First-party vs. third-party
Applications can be classified as either first-party or third-party, which refers to the ownership of the application. The main difference relates to who has administrative access to your Auth0 domain.
First-party applications are those controlled by the same organization or person who owns the Auth0 domain.
For example, let's say you created both a Contoso API and an application that logs into
contoso.com and consumes the Contoso API. You would register both the API and application under the same Auth0 domain, and the application would be a first-party application.
By default, all applications created via the Auth0 Dashboard are first-party applications.
Open an account with Twilio
Third-party applications are controlled by someone who most likely should not have administrative access to your Auth0 domain. Third-party applications enable external parties or partners to securely access protected resources behind your API.
For example, let's say you created a developer center that allows users to obtain credentials so they can integrate their apps with your API. (This functionality is similar to the log-in capabilities provided by well-known APIs such as Facebook, Twitter, and GitHub.) In this case, the applications calling your developer center would be third-party applications.
Third-party applications must be created through the Auth0 Management API by setting
Configure the connection
Characteristics of Third-Party Applications
Third-party applications cannot skip user consent when consuming APIs. Because anyone can create an application, requiring a final user to provide consent improves security.
ID Tokens generated for third-party applications hold minimum user profile information.
Enable your apps
Third-party applications can use only tenant-level connections (domain connections). Learn how to enable third-party applications.
When used with the Management APIv2
read:current_user: List or search users, Get a user, Get user MFA enrollments
update:current_user_metadata: Update a user, Delete a user's multi-factor provider
create:current_user_device_credentials: Create a device public key
delete:current_user_device_credentials: Delete a device credential
update:current_user_identities: Link a user account, Unlink a user identity
- Learn how to check whether an application is first-party or third-party at View Application Ownership
- Learn about other application categories, such as confidential vs. public and Auth0 application types.
- Explore the grant types available for different application types at Auth0 Grant Types Mapping.