Overview
This article explains best practices and recommendations for using the same Auth0 Application (client ID) across more than one app if Auth0 is used to connect to multiple apps.
Solution
There are cases where it is possible to reuse the same application (same client ID) across multiple apps, but it is highly recommended to create separate Auth0 applications for each end-user app. Some reasons are:
- Better security
- Separate applications make it possible to maintain individual configurations for each app, such as allowed grant types and callback URLs. Allowing all of them for all apps can create security loopholes.
- Authorization logic
- Having separate applications means separate client IDs for each app. This is very helpful for maintaining authorization logic for the apps, for example with Post-Login Actions. It is easier to branch off logic based on the client ID.
- Monitoring
- Having separate client IDs makes monitoring much easier as the Auth0 logs will contain the client ID that makes it possible to understand which application generated a particular event. It also makes it easier to monitor usage and trends across applications.