Skip to main content
Auth0 categorizes applications based on these characteristics:
  • Application type, which can be either regular web applications, single-page web applications, native applications, or machine-to-machine applications.
    • Regular web applications are traditional web apps that perform most of their application logic on the server (such as Express.js or ASP.NET).
    • Single-page web applications (SPAs) are JavaScript apps that perform most of their user interface logic in a web browser, communicating with a web server primarily using APIs (such as AngularJS + Node.js or React).
    • Native applications are mobile or desktop applications that run natively on a device (such as iOS or Android).
    • Machine-to-machine (M2M) applications are non-interactive applications, such as command-line tools, daemons, IoT devices, or services running on your backend. Typically, you use this option if you have a service that requires access to an API.
  • Credential security describes the app’s ability to store secrets. Apps can be public or confidential.
    • Public applications cannot securely store credentials.
    • Confidential applications can securely store credentials.
  • Ownership describes the app’s trust relationship (who owns and operates the application), which can be either first-party or third-party.
    • First-party apps are controlled by the same organization or person that owns the Auth0 domain.
    • Third-party apps enable external parties or partners to securely access protected resources behind your API.

Manage application settings

You register applications in Dashboard > Applications > Applications. In addition to setting up applications in the Dashboard, you can also set up applications programmatically as described in the OpenID Connect (OIDC) Dynamic Client Registration 1.0 specification. You can set up a more complex configuration that allows users to log in differently for different apps. To learn more, read Multi-Tenant Application Best Practices and Create Multiple Tenants. By default, Auth0 enables all connections associated with your tenant when you create a new application. To change this, update application connections in the Application Settings in the Dashboard.

Monitor applications

You can monitor apps and perform end-to-end testing using your own tests. Auth0 stores log data including Dashboard administrator actions, successful and failed user authentications, and password change requests. You can use log streaming in Auth0 Marketplace to export your log data and use tools like Sumo Logic, Splunk, or Mixpanel to analyze and store your log data.

Manage client secrets

A is a secret known only to your application and the . It protects your resources by only granting tokens to authorized requestors. Protect your client secrets and never include them in mobile or browser-based apps. If your client secret is ever compromised, you should rotate to a new one and update all authorized apps with the new client secret.

Grant types

Auth0 provides many different authentication and authorization grant types or flows and allows you to indicate which grant types are appropriate based on the grant_types property of your Auth0-registered app. To learn more, read Application Grant Types.