What are the possible attacks if someone able acquire all the organization ids

Hi all,
Thanks for this nice community,
I have following question.
We are planning to expose public and open service, which can retrieve Auth0 organization id (e.g: org_JYONr9aEzpCJxxxx) based on the user’s email address. What are the possible threats that we can face incase someone able retrieve the organization id ?
is that value considered as a secret ?
Thank you.

Hi there @ruwan-gee welcome to the community!

The Org ID is similar to a Client ID in that they’re just identifiers for the client you’re using for Authentication - These aren’t necessarily confidential. In this context you are Authenticating a user through an Organization where both the client_id and org_id are included in the authorize request.

Hope this helps!

Hope this helps!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.