Check if Application is Confidential or Public

You can check whether an application is registered with Auth0 as a confidential or public application. To learn more, read Confidential and Public Application. Auth0 determines this based on the Token Endpoint Authentication Method setting, which defines how an application authenticates against the Authentication API /get_token endpoint.

  1. Go to Dashboard > Applications > Applications and select the name of the application to view.

  2. Under Application Properties, locate the Token Endpoint Authentication Method field.

    Dashboard Applications Application Settings Tab Application Properties

The methods have the following meanings:

  • None: Public application without a client secret.

  • Post: Application using request body parameters to send a client secret.

  • Basic: Application using the HTTP BASIC authentication scheme.

These values map to confidential and public applications as follows:

Application Type Example Token Endpoint Authentication Method
Public Single-page or native None
Confidential Regular web or machine-to-machine Basic, Post, unspecified

Public applications cannot maintain the confidentiality of the credentials required for Token endpoint authentication methods like Post and Basic.