Overview
This article clarifies whether it is possible to access Auth0 using HTTP instead of HTTPS or a port other than 443.
Applies To
- Ports and Protocol
Cause
A secure transport layer is required on all communication flows used in the authorization protocols supported by Auth0: OAuth2, OIDC, SAML, and WS-Federation.
Solution
This is not possible.
This ensures the security of items such as credentials, tokens, and personally identifiable information.
HTTPS is also mandatory for the administration dashboard and every related service. Again, it would not make sense to exchange information used to secure systems over an insecure protocol.
There is also a rule in place that prevents traffic on ports other than 443 from reaching our origin.