Auth0 Home Blog Docs

Constraints on client name



When trying to create a client in Auth0 with a name like “” we’re getting the error message:

String does not match pattern
^^<>]+$: ’ on property name
(The name of the client. Must contain
at least one character. Does not allow
’<’ or ‘>’)

Is this (and any other constraint) documented anywhere?

A secondary question is why does this particular constraint of not allowing characters exist?


To my knowledge, that constraint associated to the name field is not documented. The bad request scenario is covered in the Management API explorer, but for details about the root cause it defers to the actual error message that you would obtain after calling the endpoint with invalid data. I know there are some items in the backlog that are associated with more detailed information in that API explorer, however, I’m not sure if it’s for more specific coverage of all the bad request possible scenarios; I would have to check.

In relation to the second point, I’m assuming there was some mangling of characters done by the forum platform and the second question:

constraint of not allowing characters exist?

would in reality refer to (given other character are allowed):

constraint of not allowing <> characters exist?

I honestly don’t know the reasoning behind it as it been there from the start; if I had to guess I would say it would be to remove any risks associated with HTML related processing of that value.