Ruby on Rails with Private Key JWT

Hi, The application credentials documentation says Client Secret authentication is the default in Auth0. This warning is highlighted “To ​​improve your security posture, we recommend using the Private Key JWT authentication method.”

The authorization code flow documentation says “Auth0’s SDK sends authorization code, application’s client ID, and application’s credentials, such as client secret or Private Key JWT, to Auth0 Authorization Server”. Is the private key JWT supported in the ruby SDK?

The example applications in the Ruby on Rails documentation use Client Secret. Does the omniauth-auth0 support private key JWT? Setup for the provider takes the client secret. I am overlooking something.

Hi @davidk1,

Welcome to the Auth0 Community!

Yes, you should be able to configure your M2M application to use the private key JWT, regardless of the SDK you use.

You can do so by going to your Application Settings.

Let me know if you have any follow-up questions.

Thanks,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.