Update Grant Types

You can change your application's grant types using the Auth0 Dashboard or the Management API.

Use the Dashboard

  1. Go to Dashboard > Applications > Applications and select the name of the application to view.

    Dashboard Applications List

  2. Scroll to the bottom of the page, and select Show Advanced Settings.

  3. Select Grant Types, and enable or disable the appropriate grants for the application. When finished, select Save Changes. The device code grant type is only available for native apps.

    Dashboard Applications Application Settings Tab Advanced Settings Grant Types tab

Use the Management API

Make a PATCH call to the /Clients/patch_clients_by_id endpoint. Be sure to replace {yourClientId}, {yourManagementApiAccessToken}, and {grantType} placeholder values with your client ID, Management API access token, and desired grant type, respectively.




  


  
  
curl --request PATCH \
  --url 'https://{yourDomain}/api/v2/clients/%7ByourClientId%7D' \
  --header 'authorization: Bearer {yourMgmtApiAccessToken}' \
  --header 'cache-control: no-cache' \
  --header 'content-type: application/json' \
  --data '{ "grant_types": "{grantTypes}" }'
feedbackSection.helpful
/
var client = new RestClient("https://{yourDomain}/api/v2/clients/%7ByourClientId%7D");
var request = new RestRequest(Method.PATCH);
request.AddHeader("content-type", "application/json");
request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");
request.AddHeader("cache-control", "no-cache");
request.AddParameter("application/json", "{ \"grant_types\": \"{grantTypes}\" }", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);
feedbackSection.helpful
/
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://{yourDomain}/api/v2/clients/%7ByourClientId%7D"

	payload := strings.NewReader("{ \"grant_types\": \"{grantTypes}\" }")

	req, _ := http.NewRequest("PATCH", url, payload)

	req.Header.Add("content-type", "application/json")
	req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")
	req.Header.Add("cache-control", "no-cache")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
feedbackSection.helpful
/
HttpResponse<String> response = Unirest.patch("https://{yourDomain}/api/v2/clients/%7ByourClientId%7D")
  .header("content-type", "application/json")
  .header("authorization", "Bearer {yourMgmtApiAccessToken}")
  .header("cache-control", "no-cache")
  .body("{ \"grant_types\": \"{grantTypes}\" }")
  .asString();
feedbackSection.helpful
/
var axios = require("axios").default;

var options = {
  method: 'PATCH',
  url: 'https://{yourDomain}/api/v2/clients/%7ByourClientId%7D',
  headers: {
    'content-type': 'application/json',
    authorization: 'Bearer {yourMgmtApiAccessToken}',
    'cache-control': 'no-cache'
  },
  data: {grant_types: '{grantTypes}'}
};

axios.request(options).then(function (response) {
  console.log(response.data);
}).catch(function (error) {
  console.error(error);
});
feedbackSection.helpful
/
#import <Foundation/Foundation.h>

NSDictionary *headers = @{ @"content-type": @"application/json",
                           @"authorization": @"Bearer {yourMgmtApiAccessToken}",
                           @"cache-control": @"no-cache" };
NSDictionary *parameters = @{ @"grant_types": @"{grantTypes}" };

NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/api/v2/clients/%7ByourClientId%7D"]
                                                       cachePolicy:NSURLRequestUseProtocolCachePolicy
                                                   timeoutInterval:10.0];
[request setHTTPMethod:@"PATCH"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];

NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
                                            completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
                                                if (error) {
                                                    NSLog(@"%@", error);
                                                } else {
                                                    NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
                                                    NSLog(@"%@", httpResponse);
                                                }
                                            }];
[dataTask resume];
feedbackSection.helpful
/
$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://{yourDomain}/api/v2/clients/%7ByourClientId%7D",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "PATCH",
  CURLOPT_POSTFIELDS => "{ \"grant_types\": \"{grantTypes}\" }",
  CURLOPT_HTTPHEADER => [
    "authorization: Bearer {yourMgmtApiAccessToken}",
    "cache-control: no-cache",
    "content-type: application/json"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}
feedbackSection.helpful
/
import http.client

conn = http.client.HTTPSConnection("")

payload = "{ \"grant_types\": \"{grantTypes}\" }"

headers = {
    'content-type': "application/json",
    'authorization': "Bearer {yourMgmtApiAccessToken}",
    'cache-control': "no-cache"
    }

conn.request("PATCH", "/{yourDomain}/api/v2/clients/%7ByourClientId%7D", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))
feedbackSection.helpful
/
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://{yourDomain}/api/v2/clients/%7ByourClientId%7D")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Patch.new(url)
request["content-type"] = 'application/json'
request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'
request["cache-control"] = 'no-cache'
request.body = "{ \"grant_types\": \"{grantTypes}\" }"

response = http.request(request)
puts response.read_body
feedbackSection.helpful
/
import Foundation

let headers = [
  "content-type": "application/json",
  "authorization": "Bearer {yourMgmtApiAccessToken}",
  "cache-control": "no-cache"
]
let parameters = ["grant_types": "{grantTypes}"] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/api/v2/clients/%7ByourClientId%7D")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "PATCH"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()
feedbackSection.helpful
/






Value
Description






YOUR_CLIENT_ID
Τhe ID of the application to be updated.




MGMT_API_ACCESS_TOKEN
Access Tokens for the Management API with the scope update:clients.




GRANT_TYPES
The grant types you would like to enable for the specified application.




Troubleshoot
Attempting to use a flow with an application lacking the appropriate grant_types for that flow (or with the field empty) will result in the following error: 
Grant type `grant_type` not allowed for the client.
Learn more