Client Secret Per App Instance

ddavis · December 5, 2022, 3:44pm

Is there a way to have a different client secret per instance of the client application with Auth0 as suggested in this article?

Client Authentication vs. PKCE: Do you need both? (scottbrady91.com)

“A client secret specific to that instance of the client application would be better. You could generate a secret as part of a bootstrapping process such as dynamic client registration. In this case, the public client becomes a credentialed client, a client that has a secret but who cannot be trusted based on the secret alone.”

ty.frith · December 7, 2022, 10:56pm

Hey there @ddavis welcome to the community!

In order to have multiple sets of credentials (client_id/client_secret) you’d need to have multiple applications created in Auth0 - Typically, a client application is keyed to a single application in the context of Auth0 and thus has 1 set of credentials.

I’m not sure if that answers your question or not, but the more context you can provide on your desired use case the better!

Topic		Replies	Views
Oauth2 client secret, each account require a new application? Get Help configuration , application	4	1023	May 6, 2023
API Services - machine-to-machine authentication - multiple client secrets needed Get Help management-api , users	2	999	November 14, 2023
Multiple non-interactive clients per user (account) Get Help clients , non-interactive	4	4467	March 2, 2018
Single M2M app to give access to API to many users Get Help forum	6	3309	June 13, 2022
Setup application that provides Client ID & Secret to User Get Help management-api , users	2	793	November 20, 2023

Client Secret Per App Instance

Related topics