Are application keys (domain and cliendID) supposed to be kept secret?

ian.s.mcb · March 30, 2020, 1:37am

I am planning on releasing a frontend JS app that uses Auth0 and I am not sure if I should be keeping my domain and clientID secret.

I came across one Stack Overflow post with the same question as mine, and I wanted to confirm the answer given there.

konrad.sopala · March 30, 2020, 7:49am

I just reached out to our engineering team regarding that. Will let you know soon!

konrad.sopala · March 30, 2020, 8:34am

I just got it confirmed.

Neither the OIDC/OAuth 2.0 domain or client identifier are considered confidential information so it’s okay if others know this.

Topic		Replies	Views
Safe management of Auth0 information in source control Get Help api , spa	4	5244	August 28, 2019
What client and API credentials fields should be kept out of public config file? Get Help auth0 , api , clients , credential-managemen	2	3998	March 2, 2018
Where Do you Suggest Storing the Auth0 Domain and Client ID in a WPF Application? Get Help	7	5620	February 26, 2019
Is it okay to have auth0 client information accessible over a public API? Get Help auth0 , client , public	5	7094	March 2, 2018
Best deployment practice for securing ClientID and Secret Get Help auth0 , deployment , management-api	3	3928	April 13, 2019