Problem statement
We notice the auth0Client
in the query string, the Auth0-Client
header in the request to authentication API endpoints, and in the tenant logs, e.g. /authorize, or /login, or /oauth/token. What is it?
Solution
The auth0client
parameter contains the telemetry information sent by the Auth0 SDK. It can be decoded with base64 to reveal the information it carries.
For example, here is the source code related to the telemetry data in the auth0.js
SDK:
As shown in the above code, you can disable sending the telemetry data by setting _sendTelemetry
to false when initializing the SDK, e.g.:
var webAuth = new auth0.WebAuth({
domain: AUTH0_DOMAIN,
clientID: AUTH0_CLIENT_ID,
_sendTelemetry:false,
// other parameters
});