> ## Documentation Index
> Fetch the complete documentation index at: https://auth0-docs-applications-ia-reorg.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Application Types on Auth0

> Learn about application types and the basics of registering and configuring applications on Auth0.

Auth0 categorizes applications based on these characteristics:

* **Application type**, which can be either regular web applications, single-page web applications, native applications, or machine-to-machine applications.

  * [Regular web applications](/docs/get-started/auth0-overview/create-applications/regular-web-apps) are traditional web apps that perform most of their application logic on the server (such as Express.js or ASP.NET).

  * [Single-page web applications (SPAs)](/docs/get-started/auth0-overview/create-applications/single-page-web-apps) are JavaScript apps that perform most of their user interface logic in a web browser, communicating with a web server primarily using APIs (such as AngularJS + Node.js or React).

  * [Native applications](/docs/get-started/auth0-overview/create-applications/native-apps) are mobile or desktop applications that run natively on a device (such as iOS or Android).

  * [Machine-to-machine (M2M) applications](/docs/get-started/auth0-overview/create-applications/machine-to-machine-apps) are non-interactive applications, such as command-line tools, daemons, IoT devices, or services running on your backend. Typically, you use this option if you have a service that requires access to an API.

* **Credential security** describes the app's ability to store secrets. Apps can be [public or confidential](/docs/get-started/applications/confidential-and-public-applications).

  * Public applications cannot securely store credentials.

  * Confidential applications can securely store credentials.

* **Ownership** describes the app's trust relationship (who owns and operates the application), which can be either [first-party or third-party](/docs/get-started/applications/first-party-and-third-party-applications).

  * First-party apps are controlled by the same organization or person that owns the Auth0 domain.

  * Third-party apps enable external parties or partners to securely access protected resources behind your API.

## Manage application settings

You register applications in [Dashboard > Applications > Applications](https://manage.auth0.com/#/applications/\{yourClientId}/settings). In addition to setting up applications in the Dashboard, you can also set up applications programmatically as described in the [OpenID Connect (OIDC) Dynamic Client Registration 1.0](https://openid.net/specs/openid-connect-registration-1_0.html) specification.

You can set up a more complex configuration that allows users to log in differently for different apps. To learn more, read [Multi-Tenant Application Best Practices](/docs/get-started/auth0-overview/create-tenants/multi-tenant-apps-best-practices) and [Create Multiple Tenants](/docs/get-started/auth0-overview/create-tenants/create-multiple-tenants).

By default, Auth0 enables all connections associated with your tenant when you create a new application. To change this, [update application connections](/docs/get-started/applications/update-application-connections) in the **Application Settings** in the Dashboard.

## Monitor applications

You can [monitor apps](/docs/deploy-monitor/monitor/monitor-applications) and perform end-to-end testing using your own tests. Auth0 stores [log data](/docs/deploy-monitor/logs) including Dashboard administrator actions, successful and failed user authentications, and password change requests. You can use log streaming in [Auth0 Marketplace](https://marketplace.auth0.com/features/log-streaming) to export your log data and use tools like Sumo Logic, Splunk, or Mixpanel to analyze and store your log data.

## Manage client secrets

A <Tooltip tip="Authorization Server: Centralized server that contributes to defining the boundaries of a user’s access. For example, your authorization server can control the data, tasks, and features available to a user." cta="View Glossary" href="/docs/glossary?term=client+secret">client secret</Tooltip> is a secret known only to your application and the <Tooltip tip="Client Secret: Secret used by a client (application) to authenticate with the Authorization Server; it should be known to only the client and the Authorization Server and must be sufficiently random to not be guessable." cta="View Glossary" href="/docs/glossary?term=authorization+server">authorization server</Tooltip>. It protects your resources by only granting [tokens](/docs/secure/tokens) to authorized requestors.

Protect your client secrets and **never** include them in mobile or browser-based apps. If your client secret is ever compromised, you should [rotate to a new one](/docs/get-started/applications/rotate-client-secret) and update all authorized apps with the new client secret.

## Grant types

Auth0 provides many different authentication and authorization grant types or flows and allows you to indicate which grant types are appropriate based on the `grant_types` property of your Auth0-registered app. To learn more, read [Application Grant Types](/docs/get-started/applications/application-grant-types).
