Overview
When using the client credentials grant in Auth0 with middleware, it may be necessary to log both the originating client’s IP address and the middleware’s IP address. By default, Auth0 logs only the IP address making the request, potentially losing the original client’s IP in this scenario. This article describes how to log both IP addresses using the auth0-forwarded-for header.
Applies To
- Client Credentials Grant Authentication
- Middleware
Cause
Solution
To ensure both IPs are captured correctly in Auth0 logs:
- Ensure the request is made by a confidential application (one that includes a client_secret).
- Include the client secret in the authentication request.
- Enable Trust Token Endpoint IP Header in Auth0 settings:
- Navigate the Auth0 Dashboard and select Applications
- Select the application to make the request
- Select Advanced Settings > OAuth
- Toggle Trust Token Endpoint IP Header to Enabled
- Modify the client credentials request to include the
auth0-forwarded-for header:
POST https://{auth0_domain}/oauth/token
Content-Type: application/json
auth0-forwarded-for: <original_client_ip>
{
"grant_type": "client_credentials",
"client_id": "<your_client_id>",
"client_secret": "<your_client_secret>",
"audience": "<your_api_audience>"
}
- Verify the logs in Auth0
1. Navigate to Logs in the Auth0 Dashboard
2. data.client_ip represents the original client IP and data.ip represents the middleware IP