Help understanding use of credentials?

We are investigating using Auth0 for our machine-to-machine authentication and I want to check that I understand the credentials flow correctly.

Is this the correct approach? (as described in the Client Credentials Flow docs):

  1. For each client service an application is created, which generates a clientid and secret.
  2. The client service generates a token using the clientid and secret.
  3. The client service calls our service API using the token.

This seems straightforward, however I note that in the .NET SDK there is a CreateCredentialsAsync API. Is this related to the M2M authentication flow, or is it is irrelevant? When would this API be used?

When would the Credential object be used?

Hi @oclipa,

Welcome to the Auth0 Community!

Yes, you have understood the client credentials flow correctly! :clap:

As for the CreateCredentialsAsync method you shared, it is used to create a new client credential, which is separate from the client credentials grant flow.

Please read our Application Credentials documentation for more details.


Ah, OK, thanks.

So, if I understand correctly, that API is relevant to Private Key/Certificate credentials and allows a new credential to be created for an application. It is not relevant in the case where a client secret is used.

Does the new credential replace any existing credential, or is it an additional credential?

Hi @oclipa,

Thanks for the reply.

You can have a maximum of 2 credentials configured. This is mentioned in: Configure Private Key JWT Authentication.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.