Help understanding use of credentials?

oclipa · March 25, 2024, 7:49am

We are investigating using Auth0 for our machine-to-machine authentication and I want to check that I understand the credentials flow correctly.

Is this the correct approach? (as described in the Client Credentials Flow docs):

For each client service an application is created, which generates a clientid and secret.
The client service generates a token using the clientid and secret.
The client service calls our service API using the token.

This seems straightforward, however I note that in the .NET SDK there is a CreateCredentialsAsync API. Is this related to the M2M authentication flow, or is it is irrelevant? When would this API be used?

When would the Credential object be used?

rueben.tiow · March 25, 2024, 11:22pm

Hi @oclipa,

Welcome to the Auth0 Community!

Yes, you have understood the client credentials flow correctly!

As for the CreateCredentialsAsync method you shared, it is used to create a new client credential, which is separate from the client credentials grant flow.

Please read our Application Credentials documentation for more details.

Thanks,
Rueben

oclipa · March 26, 2024, 7:56am

Ah, OK, thanks.

So, if I understand correctly, that API is relevant to Private Key/Certificate credentials and allows a new credential to be created for an application. It is not relevant in the case where a client secret is used.

Does the new credential replace any existing credential, or is it an additional credential?

rueben.tiow · March 27, 2024, 5:01pm

Hi @oclipa,

Thanks for the reply.

You can have a maximum of 2 credentials configured. This is mentioned in: Configure Private Key JWT Authentication.

Cheers,
Rueben

system · April 10, 2024, 5:02pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.