Client Secret Per App Instance

ddavis · December 5, 2022, 3:44pm

Is there a way to have a different client secret per instance of the client application with Auth0 as suggested in this article?

Client Authentication vs. PKCE: Do you need both? (scottbrady91.com)

“A client secret specific to that instance of the client application would be better. You could generate a secret as part of a bootstrapping process such as dynamic client registration. In this case, the public client becomes a credentialed client, a client that has a secret but who cannot be trusted based on the secret alone.”

tyf · December 7, 2022, 10:56pm

Hey there @ddavis welcome to the community!

In order to have multiple sets of credentials (client_id/client_secret) you’d need to have multiple applications created in Auth0 - Typically, a client application is keyed to a single application in the context of Auth0 and thus has 1 set of credentials.

I’m not sure if that answers your question or not, but the more context you can provide on your desired use case the better!

system · December 22, 2022, 12:20am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Oauth2 client secret, each account require a new application? Help configuration , application	4	889	May 6, 2023
Multiple Application Secrets Help client-secret	9	4514	March 24, 2022
Setup application that provides Client ID & Secret to User Help management-api , users	2	586	November 20, 2023
How to implement API keys using Auth0? Help auth0 , architecture , api-keys	11	32568	March 2, 2018
API Services - machine-to-machine authentication - multiple client secrets needed Help management-api , users	2	732	November 14, 2023

Client Secret Per App Instance

Related topics