Single Page Applications
You'll need to define a Single Page Application if you want to integrate Auth0 with front-end apps (built using technologies like Angular, jQuery, or React) that run in a browser.
The Create Application window opens. Set a descriptive name for your application and select Single Page Web Applications.
After you set the name and application type, click Create.
A new Single Page Web application will be created and you will be redirected to this application's view that has the four tabs described below.
The Quick Start tab shows all the available examples for Single Page Web applications.
Add-ons are extensions associated with applications. They are typically third-party APIs used by the application(s) for which Auth0 generates Access Tokens. For more details refer to: Addons.
Connections are sources of users. They are categorized into Database, Social and Enterprise and can be shared among different applications. For more details refer to: Connections. For a detailed list on the supported Identity Providers refer to: Identity Providers Supported by Auth0.
Name: The name of your application. This information is editable and you will see in the portal, emails, logs, and so on.
Domain: Your Auth0 tenant name. Note that the domain name is chosen when you create a new Auth0 tenant and cannot be changed. If you need a different one you have to register for a new tenant by selecting + Create Tenant in the top right menu.
Client ID: The unique identifier for your application. This is the ID you will use with when configuring authentication with Auth0. It is generated by the system when you create a new application and it cannot be modified.
Client Secret: A string used to sign and validate ID Tokens for authentication flows and to gain access to select Auth0 API endpoints. By default, the value is hidden, so check the Reveal Client Secret box to see this value.
Description: A free-text description of the Application's purpose with a maximum of 140 characters.
Application Logo: The URL to a logo (recommended size: 150x150 pixels) to be displayed for the application. This will appear in several areas, including the list of applications in the Dashboard, as well as things like customized consent forms.
Allowed Callback URLs: Set of URLs to which Auth0 is allowed to redirect the users after they authenticate. You can specify multiple valid URLs by comma-separating them (typically to handle different environments like QA or testing). For production environments, verify that the URLs do not point to localhost. You can use the star symbol as a wildcard for subdomains (
*.google.com). Make sure to specify the protocol,
https://, otherwise the callback may fail in some cases.
Allowed Web Origins: List of URLs from where an authorization request, using
web_messageas the response mode, can originate from. You can specify multiple valid URLs by comma-separating them. For production environments, verify that the URLs do not point to localhost.
Allowed Logout URLs: After a user logs out from Auth0 you can redirect them with the
returnToquery parameter. The URL that you use in
returnTomust be listed here. You can specify multiple valid URLs by comma-separating them. For production environments, verify that the URLs do not point to localhost. You can use the star symbol as a wildcard for subdomains (
*.google.com). Notice that querystrings and hash information are not taken into account when validating these URLs. Read more about this at: Logout.
*.google.com). Notice that paths, querystrings and hash information are not taken into account when validating these URLs (and may, in fact, cause the match to fail).
JWT Expiration (seconds): The amount of time (in seconds) before the Auth0 ID Token expires. The default value is
36000, which maps to 10 hours.
Use Auth0 instead of the IdP to do Single Sign On: If enabled, this setting prevents Auth0 from redirecting authenticated users with valid sessions to the identity provider (such as Facebook, ADFS, and so on).
The Advanced Settings section allows you to:
- Manage or add Application Metadata, Mobile, OAuth, and WS-Federation settings
- Obtain certificates and token endpoint information
- Set the grant type(s) for the Application
Application metadata are custom string keys and values (each of which has a character maximum of 255), set on a per application basis. Metadata is exposed in the Application object as client_metadata, and in Rules as context.clientMetadata
You can create up to 10 sets of metadata.
Set the OAuth-related settings on this tab:
By default, all apps/APIs can make a delegation request, but if you want to explicitly grant permissions to selected apps/APIs, you can do so in Allowed APPs/APIs.
Set the algorithm used (HS256 or RS256) for signing your JSON Web Tokens.
Toggle the switch to indicate if your application is OIDC Conformant or not.