Hi @danderson
Welcome to the Auth0 Community!
I believe the reason why a new application is created each time a user logs could be because your application is calling the Dynamic Client Registration endpoint ( oidc/register ) on each login. This endpoint is designed to create a new application each time it is called.
My recommendation is to store and reuse the client_id and client_secret from each third-party application after it’s initial registration. This way, when a login attempt is made from the same third-party app, your system should retrieve the stored client_id and client_secret from your database and use them for the authentication flow, rather than calling the DCR endpoint again.
Allow me to share some documentations that outline some additional information on this matter:
- Dynamic Client Registration and Quota;
- Dynamic Client Registration (DCR) Tagging;
- Model Context Protocol (MCP) Common Questions.
In addition to this, I cannot confirm that it’s directly related, but I was able to find the following bug reported on GitHub regarding Claude Desktop that breaks custom OAuth Connectors. Sharing it in case this might be related and to provide visibility.
Hope this helped!
Gerald