Docs

Errors with code 'invalid_token'

Server + API: Solution Overview

Auth0 Deployment Models

Validating JWTs with Auth0-PHP

OpenID Connect

HooksBeta

auth0.js v9 Reference

Versionv9

OpenID Connect Scopes

Versioncurrent

Breached Password Detection Triggers and Actions

Migrate from Auth0.js to the Auth0 Single Page App SDK

Redirect Users After Login

Tenant Settings

Authorization Code Flow with Proof Key for Code Exchange (PKCE)

Refresh Tokens

Versioncurrent

Lock v11 for Web

Versionv11

Authorization Code Flow with Proof Key for Code Exchange (PKCE)

OpenID Connect and OAuth2

JSON Web Key Set

SAML

SAML

General Data Protection Regulation (GDPR) - A Summary

In this article, we summarize the rights and responsibilities of those affected by GDPR, as well as provide a high-level overview of enforcement information.

Parsing an HS256-Signed ID Token Without an Access Token

API Authentication and Authorization

Operational Differences

Read more

How it works

Extensibility points

Ready-to-go example

Configure Auth0

Standard claims

Project Planning Guide

Trigger

Functionality that cannot be migrated

Configure Auth0 APIs

Configure Auth0 APIs

Keep reading

General

Configure Auth0

How it works

Overview

Lock Installation

How it works

Jump to Section

Configure Auth0

Configure Auth0

Before you Start

Keep reading

Common settings:

Configure Auth0

Common settings:

Applicability

GDPR applies to a wide scope of territory -- it includes non-EU based services/companies that possess data on EU residents.

Why this error occurred

Client Credentials Grant

Feature Differences

Access Tokens

Network firewall

Setup and initialization

Get Your Application Keys

Keep reading

Multiple Organization Architecture (Multitenancy)

Actions

Authentication Parameters are not modified anymore

Create an API

Create an API

Basic Settings

Get Your Application Keys

How to implement it

Restrictions on Refresh Token Usage

Installation Sources

How to implement it

Up Next

Get Your Application Keys

Get Your Application Keys

Configure Auth0

Encrypted assertions:

Get Your Application Keys

Encrypted assertions:

Before you collect personal data from your end users, you must obtain their consent to do so. When requesting consent, your notifications must:

  • Be clear and easy to understand
  • State the purpose of the data involved and how it will be processed

You must also:

  • Explicitly request consent
  • Make it as easy for your end-user to revoke their consent as it is to grant consent

Ways to fix this error

ID Tokens

Manage Hooks

Configure your Auth0 application for embedded login

Configure Callback URLs

Get started

Remove block

Create the client

Define Permissions

Define Permissions

API Authorization Settings

Configure Callback URLs

Keep reading

Get a Refresh Token

Mobile

Keep reading

Configure Callback URLs

Configure Callback URLs

Get Your Application Keys

IdP-initiated Single Sign-on

Configure Callback URLs

IdP-initiated Single Sign-on

Rights of Individuals

Your end users, as individuals, have the right to:

  • See the data the company has about them
  • Know how their data will be processed or used
  • Be forgotten (the individual may ask the controller of their data to erase the data in question, cease disseminating the data, or halt further data processing)
  • Portability (the individual can ask for their data in a standard, machine-readable format and can transit their data to another data controller)
  • Not be subjected to automatic decision making (a process typically called profiling)

Claims

Installation options

Configure Logout URLs

Implementation planning checklists

Keep reading

auth0.js

Validate Access Tokens

Configure the Sample project

Error Pages

Configure your application to use Auth0

Use a Refresh Token

Bundling Dependencies

Configure Logout URLs

Configure Logout URLs

Configure Callback URLs

Metadata

Configure Logout URLs

Metadata

Privacy by Design and Privacy by Default

As the data controller, you must design your app to abide by both privacy by design and privacy by default principles.

Privacy by design means that each new implementation that uses personal data must take the protection of such data into consideration.

Privacy by default means that the strictest privacy settings automatically apply once the end user acquires a new product or service (that is, without any manual change required on the part of the user).

Keep reading

Initialization

Configure JSON Web Token Signature Algorithm

auth0-spa-js

Install dependencies

Validate Access Tokens

Languages

Install and configure the OpenID Connect middleware

Revoke a Refresh Token

Cross-Origin Authentication

Configure Allowed Web Origins

Add the Auth0 Android Dependency

Install Dependencies

Create a Django Application configured to use Auth0

Requirements for Data Processors and Controllers

As the data controller, you must:

  • Do due diligence to ensure that your data processors provide adequate protection of provided data

Auth0, as the data processor, must:

  • Comply with instructions provided by data controllers
  • Maintain adequate documentation
  • Implement adequate security
  • Conduct data protection impact assessments
  • Appoint a data protection officer or establish a privacy office
  • Comply with rules on international data transfers
  • Agree to and sign a written data processing agreement that meets GDPR requirements

Available parameters

Configure your application to use Auth0

Redirect to the Universal Login Page

Create a JsonWebToken class

Install dependencies

Subscription

Trigger Authentication

Use the Authentication API

Usage

Integrate Auth0 in your Application

Add Auth0 to Gradle

Carthage

Install the Dependencies

Enforcement

  • GDPR mandates that data controllers release notifications regarding data breaches within 72 hours of the incident
  • Fines for non-compliance are much higher and are determined using a tiered system
  • Supervisory authorities in the European Union have greater investigative powers
  • Organizations controlling data must appoint a Data Protection Officer, while organizations processing data should have a Data Privacy Office