`auth0Client` parameter in the /authorize request

Problem statement

We notice the auth0Client in the query string, the Auth0-Client header in the request to authentication API endpoints, and in the tenant logs, e.g. /authorize, or /login, or /oauth/token. What is it?


The auth0client parameter contains the telemetry information sent by the Auth0 SDK. It can be decoded with base64 to reveal the information it carries.

For example, here is the source code related to the telemetry data in the auth0.js SDK:

As shown in the above code, you can disable sending the telemetry data by setting _sendTelemetry to false when initializing the SDK, e.g.:

var webAuth = new auth0.WebAuth({
domain: AUTH0_DOMAIN,
// other parameters