Last Updated: Nov 22, 2024
Overview
This article explains why newly created applications have certain connections enabled by default.
Applies To
- Connections
- Applications
Cause
This occurs when the Enable Application Connections setting is enabled.
Solution
In the Tenant Settings > Advanced > Enable Application Connections.
Disable the Enable Application Connections setting. If this setting is enabled, all configured connections will be automatically enabled for any new application that is created. As a result, users may be able to log in to the application through connections that were not intended to be available. Disable this setting so the connections can be explicitly enabled appropriately for each application.
If creating new applications using the Auth0 Deploy CLI, in the connection’s settings in the import files, add the new application’s name to the enabled_clients list for each connection users should be able to use to authenticate into the new application.
An example for YAML (source)
databases:
- name: "users"
enabled_clients:
- "My SPA"
Other connection types use the same enabled_clients attribute: auth0-deploy-cli/examples/yaml/tenant.yaml at master · auth0/auth0-deploy-cli · GitHub
In Directory format, the connections each have their own JSON file, which has the enabled_clients list within:
"strategy": "facebook",
"name": "facebook",
"is_domain_connection": false,
"enabled_clients": [
"My SPA"
]
As the Deploy CLI looks up applications by name rather than client_id, it is possible to add a newly created application to the enabled clients list without the importer needing prior knowledge of the auto-generated client ID.
Please note that it is not possible to set connections within an application’s settings when using the Deploy CLI, similar to how the dashboard can operate. The dashboard performs these updates on the connection behind the scenes, not the application itself. The applications that can use a connection are specified within the relevant connection’s “enabled_clients” attribute only.