Hi, we want to let our customers programatically sign to our app using their username/password. I figured out the http://auth0.com/oauth/grant-type/password-realm grant type is way to go. In order to fetch the tokens, one has to send request such as this one: curl --location --request POST 'https:/…

hi @lukashavrlant It is fine to create a separate application for your client (per client) and share your client’s secret with your customers as long as you: Restrict their applications/clients to connections only as required. Only give scopes/permissions as required. Make sure their applications…

What is the purpose of a client secret?

Get Help

lukashavrlant April 27, 2022, 8:09am 13

One final question: how can we make sure the application has no access to management API? What should we disable or what should we check to be absolutely sure?

Topic		Replies	Views
Question re: Client Credentials Get Help jwt , auth0 , client-credentials	3	3815	August 26, 2019
How to authorise an API user without using client secret Get Help api , login , access-token	4	6885	December 8, 2021
What use is the client secret of an OIDC compliant SPA Get Help apis , application	2	18	May 14, 2025
How to implement API keys using Auth0? Get Help auth0 , architecture , api-keys	11	34024	March 2, 2018
REST Api auth0 realm log in Get Help	1	2345	May 9, 2023

What is the purpose of a client secret?

Related topics