Possibility to Access Auth0 Using HTTP Instead of HTTPS or a Port Other than 443

Overview

This article clarifies whether it is possible to access Auth0 using HTTP instead of HTTPS or a port other than 443.

Applies To

  • Ports and Protocol

Cause

A secure transport layer is required on all communication flows used in the authorization protocols supported by Auth0: OAuth2, OIDC, SAML, and WS-Federation.

Solution

This is not possible.

This ensures the security of items such as credentials, tokens, and personally identifiable information.

HTTPS is also mandatory for the administration dashboard and every related service. Again, it would not make sense to exchange information used to secure systems over an insecure protocol.

There is also a rule in place that prevents traffic on ports other than 443 from reaching our origin.