Pass Parameters to Identity Providers
How to Use Auth0's Core Authorization Feature Set
Configuring Custom Multi-factor Authentication
User consent and third-party applications
Authentication API Debugger Extension
Enterprise Identity Providers
Test Social Connections with Auth0 Developer Keys
When using any of the available Social Identity Providers, you need to register your application with the relevant Identity Provider in order to obtain a Client ID and Client Secret.
Auth0 allows you to test a Social Identity Provider without specifying your own Client ID and Client Secret by using Auth0 developer keys. This allows you to quickly enable and test a specific Social Identity Provider, but it should not be used in production.
Auth0 developer keys are not available in Private Cloud deployments.
For production environments, make sure to follow the steps for your chosen provider to obtain the Client ID and Client secret from the provider, this will avoid the limitations of using developer keys.
Custom Developer keys
One or more connections are using Auth0 development keys which are only intended for use in development and testing. The connections should be configured with your own Developer Keys to enable the consent page to show your logo instead of Auth0's and to configure multi-factor authentication (MFA)Access TokenJSON Web Tokens (JWT)scopesscopesSingle Sign-on (SSO) for these connections. Auth0 development keys are not recommended for Production environments.
Client ID and Client Secret
The exact terminology of a Client ID / Client Secret may differ between various Identity Providers. For example, Twitter refers to these as a Consumer Key / Consumer Secret and LinkedIn refers to an API Key / Secret Key.
The provider setting
How it works
Types of applications
Ways to use API scopes
Install the Extension
Limitations of Developer Keys
The Auth0 developer keys are to be used for testing purposes so there are a few caveats you need to be aware of when using them. These may cause your application to behave differently - or some functionality to not work at all - depending on whether you use your own Client ID and Client Secret, or whether you use the Auth0 developer keys.
When using the Auth0 developer keys, the authentication flow for the various Identity Providers will at times display Auth0's name, logo and information to your users. When you register your own application, you have the opportunity to use your own logo and other application information instead.
Implementing contextual MFA
Restrictions on Refresh Token Usage
Get Your Application Keys
Creating a third-party application
Example: An API called by a third-party application
Limitations of Developer Keys when using Classic Universal Login
If you are using the Classic Universal Login experience, these limitations also apply:
You cannot use developer keys with custom domains.
Single Sign-on will not function properly when using the Auth0 developer keys. The reason for this is that the Auth0 developer applications with all the relevant Identity Providers are configured to call back to the URL
https://login.auth0.com/login/callbackinstead of the Lock
audienceAccess TokenAllowed Callback URLsrolecallback URL for your own tenant, for example
This results in the SSO cookie not being set on your own tenant domain, so the next time a user authenticates no SSO cookie will be detected, even if you configured your application to Use Auth0 instead of the Identity Provider to do Single Sign-on (legacy tenants only).
Redirecting users from Rules will not function properly. This is because redirect rules are resumed on the endpoint
https://YOUR_DOMAIN/continue. When using Auth0's developer keys, the session is established on a special endpoint that is generic and tenant agnostic, and calling
/continuewill not find your previous session, resulting in an error.
Federated Logout does not work. When using the Auth0 developer keys, calling
/v2/logout?federatedwill sign the user out of Auth0, but not out of the Social Identity Provider.
If Auth0 is acting as a scopescopesSAML Identity Provider and you use a social connection with the Auth0 developer keys, the generated SAML response will have some errors, like a missing
InResponseToattribute or an empty