auth0Client Parameter in Authentication API Endpoints

Last Updated: Aug 26, 2024

Overview

This article explains the auth0Client parameter observed in the query string or the “Auth0-Client” header in various Authentication API endpoints, e.g.,/authorize, /login, or /oauth/token.

Applies To

  • auth0Client Parameter
  • Authentication API endpoints

Solution

The auth0client parameter contains the telemetry information sent by the Auth0 SDK.

It can be decoded with base64 to reveal the information it carries.

Sample value:  eyJuYW1lIjoiYXV0aDAuanMiLCJ2ZXJzaW9uIjoiOS4xMy40In0
Base 64 decoded: {"name":"auth0.js","version":"9.13.4"}

The below links are from the auth0.js SDK source code related to the telemetry data:

As shown in the above code, by setting _sendTelemetry to false when initializing the SDK, telemetry data can be disabled, e.g.:

var webAuth = new auth0.WebAuth({
domain: AUTH0_DOMAIN,
clientID: AUTH0_CLIENT_ID,
_sendTelemetry:false,
// other parameters
});