Client Secret Per App Instance

Is there a way to have a different client secret per instance of the client application with Auth0 as suggested in this article?

Client Authentication vs. PKCE: Do you need both? (

“A client secret specific to that instance of the client application would be better. You could generate a secret as part of a bootstrapping process such as dynamic client registration. In this case, the public client becomes a credentialed client, a client that has a secret but who cannot be trusted based on the secret alone.”

Hey there @ddavis welcome to the community!

In order to have multiple sets of credentials (client_id/client_secret) you’d need to have multiple applications created in Auth0 - Typically, a client application is keyed to a single application in the context of Auth0 and thus has 1 set of credentials.

I’m not sure if that answers your question or not, but the more context you can provide on your desired use case the better!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.