Authentication and Authorization Flows

Auth0 uses OpenID Connect (OIDC) and OAuth 2.0 to authenticate users and get their authorization to access protected resources. With Auth0, you can easily support different flows in your own applications and APIs without worrying about the OAuth 2.0/OIDC specification, or the other technical aspects of authentication and authorization.

We support scenarios for server-side, mobile, desktop, client-side, machine-to-machine, and device applications:

• Authorization Code Flow

  • Add Login Using the Authorization Code Flow
  • Call API Using the Authorization Code Flow

• Authorization Code Flow with Proof Key for Code Exchange (PKCE)

  • Add Login Using the Authorization Code Flow with PKCE
  • Call API Using the Authorization Code Flow with PKCE

• Single-Page App Login Flow

  • Add Login Using the Implicit Flow
  • Call API Using the Implicit Flow

• Client Credentials Flow

  • Call API Using the Client Credentials Flow

• Device Authorization Flow

  • Add Authorization Using the Device Authorization Flow