Nexus
Nexus APIs
PATCH
/v1/tenants/{tenantId}/clients/{clientId}
Updates an auth client by ID.
Requires the client.write or client.write.all permission.
A Client can only be updated if:
- The caller has the
client.writepermission, and their User Id, or at least one member role must be listed on theownersattribute of the client. - OR The caller has the
client.writepermission, and the client is in the caller's Product scope. - OR The caller has the
client.write.allpermission.
Parameters
| Name | In | Required | Description |
|---|---|---|---|
tenantId |
path | Yes | |
clientId |
path | Yes |
Request body
Request payload
Example
{
"mobile": {
"ios": {
"team_id": "string",
"app_bundle_identifier": "string"
},
"android": {
"keystore_hash": "string",
"app_package_name": "string"
}
},
"owners": [
"string"
],
"productName": "string",
"callbackUrls": [
"string"
],
"client_upn_key": "string",
"applicationName": "string",
"allowedLogoutUrls": [
"string"
],
"allowedWebOrigins": [
"string"
],
"allowedCorsOrigins": [
"string"
]
}Schema
| Name | Type | Attributes | Description | Extensions |
|---|---|---|---|---|
allowedCorsOrigins
|
string[]
|
nullable | Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. | — |
allowedLogoutUrls
|
string[]
|
nullable | A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. | — |
allowedWebOrigins
|
string[]
|
nullable | Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. | — |
applicationName
|
string
|
nullable | The name of the application associated with the client. | — |
callbackUrls
|
string[]
|
nullable | Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. | — |
client_upn_key
|
string
|
nullable | The client UPN key for user principal name mapping. | — |
mobile
|
— | Mobile device settings for Auth0 client applications. | — | |
owners
|
string[]
|
nullable | A list of roles or user IDs who have permissions over this client. | — |
productName
|
string
|
nullable | The name of the product associated with the client. | — |
Example
{
"mobile": {
"ios": {
"team_id": "string",
"app_bundle_identifier": "string"
},
"android": {
"keystore_hash": "string",
"app_package_name": "string"
}
},
"owners": [
"string"
],
"productName": "string",
"callbackUrls": [
"string"
],
"client_upn_key": "string",
"applicationName": "string",
"allowedLogoutUrls": [
"string"
],
"allowedWebOrigins": [
"string"
],
"allowedCorsOrigins": [
"string"
]
}Schema
| Name | Type | Attributes | Description | Extensions |
|---|---|---|---|---|
allowedCorsOrigins
|
string[]
|
nullable | Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. | — |
allowedLogoutUrls
|
string[]
|
nullable | A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. | — |
allowedWebOrigins
|
string[]
|
nullable | Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. | — |
applicationName
|
string
|
nullable | The name of the application associated with the client. | — |
callbackUrls
|
string[]
|
nullable | Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. | — |
client_upn_key
|
string
|
nullable | The client UPN key for user principal name mapping. | — |
mobile
|
— | Mobile device settings for Auth0 client applications. | — | |
owners
|
string[]
|
nullable | A list of roles or user IDs who have permissions over this client. | — |
productName
|
string
|
nullable | The name of the product associated with the client. | — |
Example
{
"mobile": {
"ios": {
"team_id": "string",
"app_bundle_identifier": "string"
},
"android": {
"keystore_hash": "string",
"app_package_name": "string"
}
},
"owners": [
"string"
],
"productName": "string",
"callbackUrls": [
"string"
],
"client_upn_key": "string",
"applicationName": "string",
"allowedLogoutUrls": [
"string"
],
"allowedWebOrigins": [
"string"
],
"allowedCorsOrigins": [
"string"
]
}Schema
| Name | Type | Attributes | Description | Extensions |
|---|---|---|---|---|
allowedCorsOrigins
|
string[]
|
nullable | Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. | — |
allowedLogoutUrls
|
string[]
|
nullable | A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. | — |
allowedWebOrigins
|
string[]
|
nullable | Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. | — |
applicationName
|
string
|
nullable | The name of the application associated with the client. | — |
callbackUrls
|
string[]
|
nullable | Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. | — |
client_upn_key
|
string
|
nullable | The client UPN key for user principal name mapping. | — |
mobile
|
— | Mobile device settings for Auth0 client applications. | — | |
owners
|
string[]
|
nullable | A list of roles or user IDs who have permissions over this client. | — |
productName
|
string
|
nullable | The name of the product associated with the client. | — |
Example
{
"mobile": {
"ios": {
"team_id": "string",
"app_bundle_identifier": "string"
},
"android": {
"keystore_hash": "string",
"app_package_name": "string"
}
},
"owners": [
"string"
],
"productName": "string",
"callbackUrls": [
"string"
],
"client_upn_key": "string",
"applicationName": "string",
"allowedLogoutUrls": [
"string"
],
"allowedWebOrigins": [
"string"
],
"allowedCorsOrigins": [
"string"
]
}Schema
| Name | Type | Attributes | Description | Extensions |
|---|---|---|---|---|
allowedCorsOrigins
|
string[]
|
nullable | Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. | — |
allowedLogoutUrls
|
string[]
|
nullable | A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. | — |
allowedWebOrigins
|
string[]
|
nullable | Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. | — |
applicationName
|
string
|
nullable | The name of the application associated with the client. | — |
callbackUrls
|
string[]
|
nullable | Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. | — |
client_upn_key
|
string
|
nullable | The client UPN key for user principal name mapping. | — |
mobile
|
— | Mobile device settings for Auth0 client applications. | — | |
owners
|
string[]
|
nullable | A list of roles or user IDs who have permissions over this client. | — |
productName
|
string
|
nullable | The name of the product associated with the client. | — |
Example
{
"mobile": {
"ios": {
"team_id": "string",
"app_bundle_identifier": "string"
},
"android": {
"keystore_hash": "string",
"app_package_name": "string"
}
},
"owners": [
"string"
],
"productName": "string",
"callbackUrls": [
"string"
],
"client_upn_key": "string",
"applicationName": "string",
"allowedLogoutUrls": [
"string"
],
"allowedWebOrigins": [
"string"
],
"allowedCorsOrigins": [
"string"
]
}Schema
| Name | Type | Attributes | Description | Extensions |
|---|---|---|---|---|
allowedCorsOrigins
|
string[]
|
nullable | Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. | — |
allowedLogoutUrls
|
string[]
|
nullable | A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. | — |
allowedWebOrigins
|
string[]
|
nullable | Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. | — |
applicationName
|
string
|
nullable | The name of the application associated with the client. | — |
callbackUrls
|
string[]
|
nullable | Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. | — |
client_upn_key
|
string
|
nullable | The client UPN key for user principal name mapping. | — |
mobile
|
— | Mobile device settings for Auth0 client applications. | — | |
owners
|
string[]
|
nullable | A list of roles or user IDs who have permissions over this client. | — |
productName
|
string
|
nullable | The name of the product associated with the client. | — |
Example
{
"mobile": {
"ios": {
"team_id": "string",
"app_bundle_identifier": "string"
},
"android": {
"keystore_hash": "string",
"app_package_name": "string"
}
},
"owners": [
"string"
],
"productName": "string",
"callbackUrls": [
"string"
],
"client_upn_key": "string",
"applicationName": "string",
"allowedLogoutUrls": [
"string"
],
"allowedWebOrigins": [
"string"
],
"allowedCorsOrigins": [
"string"
]
}Schema
| Name | Type | Attributes | Description | Extensions |
|---|---|---|---|---|
allowedCorsOrigins
|
string[]
|
nullable | Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. | — |
allowedLogoutUrls
|
string[]
|
nullable | A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. | — |
allowedWebOrigins
|
string[]
|
nullable | Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. | — |
applicationName
|
string
|
nullable | The name of the application associated with the client. | — |
callbackUrls
|
string[]
|
nullable | Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. | — |
client_upn_key
|
string
|
nullable | The client UPN key for user principal name mapping. | — |
mobile
|
— | Mobile device settings for Auth0 client applications. | — | |
owners
|
string[]
|
nullable | A list of roles or user IDs who have permissions over this client. | — |
productName
|
string
|
nullable | The name of the product associated with the client. | — |
Example
{
"mobile": {
"ios": {
"team_id": "string",
"app_bundle_identifier": "string"
},
"android": {
"keystore_hash": "string",
"app_package_name": "string"
}
},
"owners": [
"string"
],
"productName": "string",
"callbackUrls": [
"string"
],
"client_upn_key": "string",
"applicationName": "string",
"allowedLogoutUrls": [
"string"
],
"allowedWebOrigins": [
"string"
],
"allowedCorsOrigins": [
"string"
]
}Schema
| Name | Type | Attributes | Description | Extensions |
|---|---|---|---|---|
allowedCorsOrigins
|
string[]
|
nullable | Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. | — |
allowedLogoutUrls
|
string[]
|
nullable | A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. | — |
allowedWebOrigins
|
string[]
|
nullable | Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. | — |
applicationName
|
string
|
nullable | The name of the application associated with the client. | — |
callbackUrls
|
string[]
|
nullable | Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. | — |
client_upn_key
|
string
|
nullable | The client UPN key for user principal name mapping. | — |
mobile
|
— | Mobile device settings for Auth0 client applications. | — | |
owners
|
string[]
|
nullable | A list of roles or user IDs who have permissions over this client. | — |
productName
|
string
|
nullable | The name of the product associated with the client. | — |
Example
{
"mobile": {
"ios": {
"team_id": "string",
"app_bundle_identifier": "string"
},
"android": {
"keystore_hash": "string",
"app_package_name": "string"
}
},
"owners": [
"string"
],
"productName": "string",
"callbackUrls": [
"string"
],
"client_upn_key": "string",
"applicationName": "string",
"allowedLogoutUrls": [
"string"
],
"allowedWebOrigins": [
"string"
],
"allowedCorsOrigins": [
"string"
]
}Schema
| Name | Type | Attributes | Description | Extensions |
|---|---|---|---|---|
allowedCorsOrigins
|
string[]
|
nullable | Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. | — |
allowedLogoutUrls
|
string[]
|
nullable | A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. | — |
allowedWebOrigins
|
string[]
|
nullable | Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. | — |
applicationName
|
string
|
nullable | The name of the application associated with the client. | — |
callbackUrls
|
string[]
|
nullable | Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. | — |
client_upn_key
|
string
|
nullable | The client UPN key for user principal name mapping. | — |
mobile
|
— | Mobile device settings for Auth0 client applications. | — | |
owners
|
string[]
|
nullable | A list of roles or user IDs who have permissions over this client. | — |
productName
|
string
|
nullable | The name of the product associated with the client. | — |
Responses
200
Example
{
"id": "string",
"name": "string",
"type": "string",
"mobile": {
"ios": {
"team_id": "string",
"app_bundle_identifier": "string"
},
"android": {
"keystore_hash": "string",
"app_package_name": "string"
}
},
"owners": [
"string"
],
"secret": "string",
"logoUrl": "string",
"grantTypes": [
"string"
],
"productName": "string",
"callbackUrls": [
"string"
],
"client_upn_key": "string",
"applicationName": "string",
"manuallyCreated": false,
"clientAuthMethod": "string",
"allowedLogoutUrls": [
"string"
],
"allowedWebOrigins": [
"string"
],
"idTokenExpiration": 0,
"allowedCorsOrigins": [
"string"
],
"refreshTokenReuseInterval": 0,
"refreshTokenAbsoluteLifetime": 0,
"isRefreshTokenRotationEnabled": false,
"allowCrossOriginAuthentication": false,
"refreshTokenInactivityLifetime": 0,
"isRefreshTokenAbsoluteExpirationEnabled": false,
"isRefreshTokenInactivityLifetimeEnabled": false
}Schema
| Name | Type | Attributes | Description | Extensions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
allowCrossOriginAuthentication
|
boolean
|
nullable | When allowed, cross-origin authentication allows applications to make authentication requests when the Lock widget or custom HTML is used. | — | ||||||||
allowedCorsOrigins
|
string[]
|
nullable | Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. | — | ||||||||
allowedLogoutUrls
|
string[]
|
nullable | A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. | — | ||||||||
allowedWebOrigins
|
string[]
|
nullable | Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. | — | ||||||||
applicationName
|
string
|
nullable | The name of the application associated with the client. | — | ||||||||
callbackUrls
|
string[]
|
nullable | Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. | — | ||||||||
clientAuthMethod
|
ClientAuthMethod
|
— |
The method a client applicaiton uses to authenticate with Auth0 when necessary (such as when using the token endpoint)
|
— | ||||||||
client_upn_key
|
string
|
nullable | The client UPN key for user principal name mapping. | — | ||||||||
grantTypes
|
string[]
|
nullable | The grant types supported for this application | — | ||||||||
id
|
string
|
nullable | The unique identifier that is also used in OAuth/OIDC authorization flows. | — | ||||||||
idTokenExpiration
|
integer (int32)
|
nullable | This setting allows you to set the lifetime of the id_token (in seconds) | — | ||||||||
isRefreshTokenAbsoluteExpirationEnabled
|
boolean
|
nullable | When enabled, a refresh_token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is enabled, an expiration lifetime must be set. | — | ||||||||
isRefreshTokenInactivityLifetimeEnabled
|
boolean
|
nullable | When enabled, a refresh_token will expire based on a specified inactivity lifetime, after which the token can no longer be used. | — | ||||||||
isRefreshTokenRotationEnabled
|
boolean
|
nullable | When enabled, as a result of exchanging a refresh token, a new refresh token will be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. In addition, an absolute expiration lifetime must be set. | — | ||||||||
logoUrl
|
string
|
nullable | A URL to a logo for the client. | — | ||||||||
manuallyCreated
|
boolean
|
— | Indicates whether the client was created manually (true) or via Terraform (false). | — | ||||||||
mobile
|
— | Mobile device settings for Auth0 client applications. | — | |||||||||
name
|
string
|
nullable | The name of the client. | — | ||||||||
owners
|
string[]
|
nullable | A list of roles or user IDs who have permissions over this client. | — | ||||||||
productName
|
string
|
nullable | The name of the product associated with the client. | — | ||||||||
refreshTokenAbsoluteLifetime
|
integer (int32)
|
nullable | Sets the absolute lifetime of a refresh_token (in seconds). | — | ||||||||
refreshTokenInactivityLifetime
|
integer (int32)
|
nullable | Sets the inactivity lifetime of a refresh_token (in seconds). | — | ||||||||
refreshTokenReuseInterval
|
integer (int32)
|
nullable | The allowable leeway time that the same refresh_token can be used to request an access_token without triggering automatic reuse detection. | — | ||||||||
secret
|
string
|
nullable | A client secret is a secret passphrase that proves to the authentication server that the client app is authorized to make a request on behalf of the user. | — | ||||||||
type
|
string
|
nullable | The type of client. | — |
Example
{
"id": "string",
"name": "string",
"type": "string",
"mobile": {
"ios": {
"team_id": "string",
"app_bundle_identifier": "string"
},
"android": {
"keystore_hash": "string",
"app_package_name": "string"
}
},
"owners": [
"string"
],
"secret": "string",
"logoUrl": "string",
"grantTypes": [
"string"
],
"productName": "string",
"callbackUrls": [
"string"
],
"client_upn_key": "string",
"applicationName": "string",
"manuallyCreated": false,
"clientAuthMethod": "string",
"allowedLogoutUrls": [
"string"
],
"allowedWebOrigins": [
"string"
],
"idTokenExpiration": 0,
"allowedCorsOrigins": [
"string"
],
"refreshTokenReuseInterval": 0,
"refreshTokenAbsoluteLifetime": 0,
"isRefreshTokenRotationEnabled": false,
"allowCrossOriginAuthentication": false,
"refreshTokenInactivityLifetime": 0,
"isRefreshTokenAbsoluteExpirationEnabled": false,
"isRefreshTokenInactivityLifetimeEnabled": false
}Schema
| Name | Type | Attributes | Description | Extensions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
allowCrossOriginAuthentication
|
boolean
|
nullable | When allowed, cross-origin authentication allows applications to make authentication requests when the Lock widget or custom HTML is used. | — | ||||||||
allowedCorsOrigins
|
string[]
|
nullable | Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. | — | ||||||||
allowedLogoutUrls
|
string[]
|
nullable | A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. | — | ||||||||
allowedWebOrigins
|
string[]
|
nullable | Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. | — | ||||||||
applicationName
|
string
|
nullable | The name of the application associated with the client. | — | ||||||||
callbackUrls
|
string[]
|
nullable | Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. | — | ||||||||
clientAuthMethod
|
ClientAuthMethod
|
— |
The method a client applicaiton uses to authenticate with Auth0 when necessary (such as when using the token endpoint)
|
— | ||||||||
client_upn_key
|
string
|
nullable | The client UPN key for user principal name mapping. | — | ||||||||
grantTypes
|
string[]
|
nullable | The grant types supported for this application | — | ||||||||
id
|
string
|
nullable | The unique identifier that is also used in OAuth/OIDC authorization flows. | — | ||||||||
idTokenExpiration
|
integer (int32)
|
nullable | This setting allows you to set the lifetime of the id_token (in seconds) | — | ||||||||
isRefreshTokenAbsoluteExpirationEnabled
|
boolean
|
nullable | When enabled, a refresh_token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is enabled, an expiration lifetime must be set. | — | ||||||||
isRefreshTokenInactivityLifetimeEnabled
|
boolean
|
nullable | When enabled, a refresh_token will expire based on a specified inactivity lifetime, after which the token can no longer be used. | — | ||||||||
isRefreshTokenRotationEnabled
|
boolean
|
nullable | When enabled, as a result of exchanging a refresh token, a new refresh token will be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. In addition, an absolute expiration lifetime must be set. | — | ||||||||
logoUrl
|
string
|
nullable | A URL to a logo for the client. | — | ||||||||
manuallyCreated
|
boolean
|
— | Indicates whether the client was created manually (true) or via Terraform (false). | — | ||||||||
mobile
|
— | Mobile device settings for Auth0 client applications. | — | |||||||||
name
|
string
|
nullable | The name of the client. | — | ||||||||
owners
|
string[]
|
nullable | A list of roles or user IDs who have permissions over this client. | — | ||||||||
productName
|
string
|
nullable | The name of the product associated with the client. | — | ||||||||
refreshTokenAbsoluteLifetime
|
integer (int32)
|
nullable | Sets the absolute lifetime of a refresh_token (in seconds). | — | ||||||||
refreshTokenInactivityLifetime
|
integer (int32)
|
nullable | Sets the inactivity lifetime of a refresh_token (in seconds). | — | ||||||||
refreshTokenReuseInterval
|
integer (int32)
|
nullable | The allowable leeway time that the same refresh_token can be used to request an access_token without triggering automatic reuse detection. | — | ||||||||
secret
|
string
|
nullable | A client secret is a secret passphrase that proves to the authentication server that the client app is authorized to make a request on behalf of the user. | — | ||||||||
type
|
string
|
nullable | The type of client. | — |
Example
{
"id": "string",
"name": "string",
"type": "string",
"mobile": {
"ios": {
"team_id": "string",
"app_bundle_identifier": "string"
},
"android": {
"keystore_hash": "string",
"app_package_name": "string"
}
},
"owners": [
"string"
],
"secret": "string",
"logoUrl": "string",
"grantTypes": [
"string"
],
"productName": "string",
"callbackUrls": [
"string"
],
"client_upn_key": "string",
"applicationName": "string",
"manuallyCreated": false,
"clientAuthMethod": "string",
"allowedLogoutUrls": [
"string"
],
"allowedWebOrigins": [
"string"
],
"idTokenExpiration": 0,
"allowedCorsOrigins": [
"string"
],
"refreshTokenReuseInterval": 0,
"refreshTokenAbsoluteLifetime": 0,
"isRefreshTokenRotationEnabled": false,
"allowCrossOriginAuthentication": false,
"refreshTokenInactivityLifetime": 0,
"isRefreshTokenAbsoluteExpirationEnabled": false,
"isRefreshTokenInactivityLifetimeEnabled": false
}Schema
| Name | Type | Attributes | Description | Extensions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
allowCrossOriginAuthentication
|
boolean
|
nullable | When allowed, cross-origin authentication allows applications to make authentication requests when the Lock widget or custom HTML is used. | — | ||||||||
allowedCorsOrigins
|
string[]
|
nullable | Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. | — | ||||||||
allowedLogoutUrls
|
string[]
|
nullable | A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. | — | ||||||||
allowedWebOrigins
|
string[]
|
nullable | Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. | — | ||||||||
applicationName
|
string
|
nullable | The name of the application associated with the client. | — | ||||||||
callbackUrls
|
string[]
|
nullable | Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. | — | ||||||||
clientAuthMethod
|
ClientAuthMethod
|
— |
The method a client applicaiton uses to authenticate with Auth0 when necessary (such as when using the token endpoint)
|
— | ||||||||
client_upn_key
|
string
|
nullable | The client UPN key for user principal name mapping. | — | ||||||||
grantTypes
|
string[]
|
nullable | The grant types supported for this application | — | ||||||||
id
|
string
|
nullable | The unique identifier that is also used in OAuth/OIDC authorization flows. | — | ||||||||
idTokenExpiration
|
integer (int32)
|
nullable | This setting allows you to set the lifetime of the id_token (in seconds) | — | ||||||||
isRefreshTokenAbsoluteExpirationEnabled
|
boolean
|
nullable | When enabled, a refresh_token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is enabled, an expiration lifetime must be set. | — | ||||||||
isRefreshTokenInactivityLifetimeEnabled
|
boolean
|
nullable | When enabled, a refresh_token will expire based on a specified inactivity lifetime, after which the token can no longer be used. | — | ||||||||
isRefreshTokenRotationEnabled
|
boolean
|
nullable | When enabled, as a result of exchanging a refresh token, a new refresh token will be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. In addition, an absolute expiration lifetime must be set. | — | ||||||||
logoUrl
|
string
|
nullable | A URL to a logo for the client. | — | ||||||||
manuallyCreated
|
boolean
|
— | Indicates whether the client was created manually (true) or via Terraform (false). | — | ||||||||
mobile
|
— | Mobile device settings for Auth0 client applications. | — | |||||||||
name
|
string
|
nullable | The name of the client. | — | ||||||||
owners
|
string[]
|
nullable | A list of roles or user IDs who have permissions over this client. | — | ||||||||
productName
|
string
|
nullable | The name of the product associated with the client. | — | ||||||||
refreshTokenAbsoluteLifetime
|
integer (int32)
|
nullable | Sets the absolute lifetime of a refresh_token (in seconds). | — | ||||||||
refreshTokenInactivityLifetime
|
integer (int32)
|
nullable | Sets the inactivity lifetime of a refresh_token (in seconds). | — | ||||||||
refreshTokenReuseInterval
|
integer (int32)
|
nullable | The allowable leeway time that the same refresh_token can be used to request an access_token without triggering automatic reuse detection. | — | ||||||||
secret
|
string
|
nullable | A client secret is a secret passphrase that proves to the authentication server that the client app is authorized to make a request on behalf of the user. | — | ||||||||
type
|
string
|
nullable | The type of client. | — |
Example
{
"id": "string",
"name": "string",
"type": "string",
"mobile": {
"ios": {
"team_id": "string",
"app_bundle_identifier": "string"
},
"android": {
"keystore_hash": "string",
"app_package_name": "string"
}
},
"owners": [
"string"
],
"secret": "string",
"logoUrl": "string",
"grantTypes": [
"string"
],
"productName": "string",
"callbackUrls": [
"string"
],
"client_upn_key": "string",
"applicationName": "string",
"manuallyCreated": false,
"clientAuthMethod": "string",
"allowedLogoutUrls": [
"string"
],
"allowedWebOrigins": [
"string"
],
"idTokenExpiration": 0,
"allowedCorsOrigins": [
"string"
],
"refreshTokenReuseInterval": 0,
"refreshTokenAbsoluteLifetime": 0,
"isRefreshTokenRotationEnabled": false,
"allowCrossOriginAuthentication": false,
"refreshTokenInactivityLifetime": 0,
"isRefreshTokenAbsoluteExpirationEnabled": false,
"isRefreshTokenInactivityLifetimeEnabled": false
}Schema
| Name | Type | Attributes | Description | Extensions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
allowCrossOriginAuthentication
|
boolean
|
nullable | When allowed, cross-origin authentication allows applications to make authentication requests when the Lock widget or custom HTML is used. | — | ||||||||
allowedCorsOrigins
|
string[]
|
nullable | Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. | — | ||||||||
allowedLogoutUrls
|
string[]
|
nullable | A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. | — | ||||||||
allowedWebOrigins
|
string[]
|
nullable | Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. | — | ||||||||
applicationName
|
string
|
nullable | The name of the application associated with the client. | — | ||||||||
callbackUrls
|
string[]
|
nullable | Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. | — | ||||||||
clientAuthMethod
|
ClientAuthMethod
|
— |
The method a client applicaiton uses to authenticate with Auth0 when necessary (such as when using the token endpoint)
|
— | ||||||||
client_upn_key
|
string
|
nullable | The client UPN key for user principal name mapping. | — | ||||||||
grantTypes
|
string[]
|
nullable | The grant types supported for this application | — | ||||||||
id
|
string
|
nullable | The unique identifier that is also used in OAuth/OIDC authorization flows. | — | ||||||||
idTokenExpiration
|
integer (int32)
|
nullable | This setting allows you to set the lifetime of the id_token (in seconds) | — | ||||||||
isRefreshTokenAbsoluteExpirationEnabled
|
boolean
|
nullable | When enabled, a refresh_token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is enabled, an expiration lifetime must be set. | — | ||||||||
isRefreshTokenInactivityLifetimeEnabled
|
boolean
|
nullable | When enabled, a refresh_token will expire based on a specified inactivity lifetime, after which the token can no longer be used. | — | ||||||||
isRefreshTokenRotationEnabled
|
boolean
|
nullable | When enabled, as a result of exchanging a refresh token, a new refresh token will be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. In addition, an absolute expiration lifetime must be set. | — | ||||||||
logoUrl
|
string
|
nullable | A URL to a logo for the client. | — | ||||||||
manuallyCreated
|
boolean
|
— | Indicates whether the client was created manually (true) or via Terraform (false). | — | ||||||||
mobile
|
— | Mobile device settings for Auth0 client applications. | — | |||||||||
name
|
string
|
nullable | The name of the client. | — | ||||||||
owners
|
string[]
|
nullable | A list of roles or user IDs who have permissions over this client. | — | ||||||||
productName
|
string
|
nullable | The name of the product associated with the client. | — | ||||||||
refreshTokenAbsoluteLifetime
|
integer (int32)
|
nullable | Sets the absolute lifetime of a refresh_token (in seconds). | — | ||||||||
refreshTokenInactivityLifetime
|
integer (int32)
|
nullable | Sets the inactivity lifetime of a refresh_token (in seconds). | — | ||||||||
refreshTokenReuseInterval
|
integer (int32)
|
nullable | The allowable leeway time that the same refresh_token can be used to request an access_token without triggering automatic reuse detection. | — | ||||||||
secret
|
string
|
nullable | A client secret is a secret passphrase that proves to the authentication server that the client app is authorized to make a request on behalf of the user. | — | ||||||||
type
|
string
|
nullable | The type of client. | — |
Example
{
"id": "string",
"name": "string",
"type": "string",
"mobile": {
"ios": {
"team_id": "string",
"app_bundle_identifier": "string"
},
"android": {
"keystore_hash": "string",
"app_package_name": "string"
}
},
"owners": [
"string"
],
"secret": "string",
"logoUrl": "string",
"grantTypes": [
"string"
],
"productName": "string",
"callbackUrls": [
"string"
],
"client_upn_key": "string",
"applicationName": "string",
"manuallyCreated": false,
"clientAuthMethod": "string",
"allowedLogoutUrls": [
"string"
],
"allowedWebOrigins": [
"string"
],
"idTokenExpiration": 0,
"allowedCorsOrigins": [
"string"
],
"refreshTokenReuseInterval": 0,
"refreshTokenAbsoluteLifetime": 0,
"isRefreshTokenRotationEnabled": false,
"allowCrossOriginAuthentication": false,
"refreshTokenInactivityLifetime": 0,
"isRefreshTokenAbsoluteExpirationEnabled": false,
"isRefreshTokenInactivityLifetimeEnabled": false
}Schema
| Name | Type | Attributes | Description | Extensions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
allowCrossOriginAuthentication
|
boolean
|
nullable | When allowed, cross-origin authentication allows applications to make authentication requests when the Lock widget or custom HTML is used. | — | ||||||||
allowedCorsOrigins
|
string[]
|
nullable | Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. | — | ||||||||
allowedLogoutUrls
|
string[]
|
nullable | A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. | — | ||||||||
allowedWebOrigins
|
string[]
|
nullable | Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. | — | ||||||||
applicationName
|
string
|
nullable | The name of the application associated with the client. | — | ||||||||
callbackUrls
|
string[]
|
nullable | Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. | — | ||||||||
clientAuthMethod
|
ClientAuthMethod
|
— |
The method a client applicaiton uses to authenticate with Auth0 when necessary (such as when using the token endpoint)
|
— | ||||||||
client_upn_key
|
string
|
nullable | The client UPN key for user principal name mapping. | — | ||||||||
grantTypes
|
string[]
|
nullable | The grant types supported for this application | — | ||||||||
id
|
string
|
nullable | The unique identifier that is also used in OAuth/OIDC authorization flows. | — | ||||||||
idTokenExpiration
|
integer (int32)
|
nullable | This setting allows you to set the lifetime of the id_token (in seconds) | — | ||||||||
isRefreshTokenAbsoluteExpirationEnabled
|
boolean
|
nullable | When enabled, a refresh_token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is enabled, an expiration lifetime must be set. | — | ||||||||
isRefreshTokenInactivityLifetimeEnabled
|
boolean
|
nullable | When enabled, a refresh_token will expire based on a specified inactivity lifetime, after which the token can no longer be used. | — | ||||||||
isRefreshTokenRotationEnabled
|
boolean
|
nullable | When enabled, as a result of exchanging a refresh token, a new refresh token will be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. In addition, an absolute expiration lifetime must be set. | — | ||||||||
logoUrl
|
string
|
nullable | A URL to a logo for the client. | — | ||||||||
manuallyCreated
|
boolean
|
— | Indicates whether the client was created manually (true) or via Terraform (false). | — | ||||||||
mobile
|
— | Mobile device settings for Auth0 client applications. | — | |||||||||
name
|
string
|
nullable | The name of the client. | — | ||||||||
owners
|
string[]
|
nullable | A list of roles or user IDs who have permissions over this client. | — | ||||||||
productName
|
string
|
nullable | The name of the product associated with the client. | — | ||||||||
refreshTokenAbsoluteLifetime
|
integer (int32)
|
nullable | Sets the absolute lifetime of a refresh_token (in seconds). | — | ||||||||
refreshTokenInactivityLifetime
|
integer (int32)
|
nullable | Sets the inactivity lifetime of a refresh_token (in seconds). | — | ||||||||
refreshTokenReuseInterval
|
integer (int32)
|
nullable | The allowable leeway time that the same refresh_token can be used to request an access_token without triggering automatic reuse detection. | — | ||||||||
secret
|
string
|
nullable | A client secret is a secret passphrase that proves to the authentication server that the client app is authorized to make a request on behalf of the user. | — | ||||||||
type
|
string
|
nullable | The type of client. | — |
Example
{
"id": "string",
"name": "string",
"type": "string",
"mobile": {
"ios": {
"team_id": "string",
"app_bundle_identifier": "string"
},
"android": {
"keystore_hash": "string",
"app_package_name": "string"
}
},
"owners": [
"string"
],
"secret": "string",
"logoUrl": "string",
"grantTypes": [
"string"
],
"productName": "string",
"callbackUrls": [
"string"
],
"client_upn_key": "string",
"applicationName": "string",
"manuallyCreated": false,
"clientAuthMethod": "string",
"allowedLogoutUrls": [
"string"
],
"allowedWebOrigins": [
"string"
],
"idTokenExpiration": 0,
"allowedCorsOrigins": [
"string"
],
"refreshTokenReuseInterval": 0,
"refreshTokenAbsoluteLifetime": 0,
"isRefreshTokenRotationEnabled": false,
"allowCrossOriginAuthentication": false,
"refreshTokenInactivityLifetime": 0,
"isRefreshTokenAbsoluteExpirationEnabled": false,
"isRefreshTokenInactivityLifetimeEnabled": false
}Schema
| Name | Type | Attributes | Description | Extensions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
allowCrossOriginAuthentication
|
boolean
|
nullable | When allowed, cross-origin authentication allows applications to make authentication requests when the Lock widget or custom HTML is used. | — | ||||||||
allowedCorsOrigins
|
string[]
|
nullable | Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. | — | ||||||||
allowedLogoutUrls
|
string[]
|
nullable | A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. | — | ||||||||
allowedWebOrigins
|
string[]
|
nullable | Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. | — | ||||||||
applicationName
|
string
|
nullable | The name of the application associated with the client. | — | ||||||||
callbackUrls
|
string[]
|
nullable | Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. | — | ||||||||
clientAuthMethod
|
ClientAuthMethod
|
— |
The method a client applicaiton uses to authenticate with Auth0 when necessary (such as when using the token endpoint)
|
— | ||||||||
client_upn_key
|
string
|
nullable | The client UPN key for user principal name mapping. | — | ||||||||
grantTypes
|
string[]
|
nullable | The grant types supported for this application | — | ||||||||
id
|
string
|
nullable | The unique identifier that is also used in OAuth/OIDC authorization flows. | — | ||||||||
idTokenExpiration
|
integer (int32)
|
nullable | This setting allows you to set the lifetime of the id_token (in seconds) | — | ||||||||
isRefreshTokenAbsoluteExpirationEnabled
|
boolean
|
nullable | When enabled, a refresh_token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is enabled, an expiration lifetime must be set. | — | ||||||||
isRefreshTokenInactivityLifetimeEnabled
|
boolean
|
nullable | When enabled, a refresh_token will expire based on a specified inactivity lifetime, after which the token can no longer be used. | — | ||||||||
isRefreshTokenRotationEnabled
|
boolean
|
nullable | When enabled, as a result of exchanging a refresh token, a new refresh token will be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. In addition, an absolute expiration lifetime must be set. | — | ||||||||
logoUrl
|
string
|
nullable | A URL to a logo for the client. | — | ||||||||
manuallyCreated
|
boolean
|
— | Indicates whether the client was created manually (true) or via Terraform (false). | — | ||||||||
mobile
|
— | Mobile device settings for Auth0 client applications. | — | |||||||||
name
|
string
|
nullable | The name of the client. | — | ||||||||
owners
|
string[]
|
nullable | A list of roles or user IDs who have permissions over this client. | — | ||||||||
productName
|
string
|
nullable | The name of the product associated with the client. | — | ||||||||
refreshTokenAbsoluteLifetime
|
integer (int32)
|
nullable | Sets the absolute lifetime of a refresh_token (in seconds). | — | ||||||||
refreshTokenInactivityLifetime
|
integer (int32)
|
nullable | Sets the inactivity lifetime of a refresh_token (in seconds). | — | ||||||||
refreshTokenReuseInterval
|
integer (int32)
|
nullable | The allowable leeway time that the same refresh_token can be used to request an access_token without triggering automatic reuse detection. | — | ||||||||
secret
|
string
|
nullable | A client secret is a secret passphrase that proves to the authentication server that the client app is authorized to make a request on behalf of the user. | — | ||||||||
type
|
string
|
nullable | The type of client. | — |
Example
{
"id": "string",
"name": "string",
"type": "string",
"mobile": {
"ios": {
"team_id": "string",
"app_bundle_identifier": "string"
},
"android": {
"keystore_hash": "string",
"app_package_name": "string"
}
},
"owners": [
"string"
],
"secret": "string",
"logoUrl": "string",
"grantTypes": [
"string"
],
"productName": "string",
"callbackUrls": [
"string"
],
"client_upn_key": "string",
"applicationName": "string",
"manuallyCreated": false,
"clientAuthMethod": "string",
"allowedLogoutUrls": [
"string"
],
"allowedWebOrigins": [
"string"
],
"idTokenExpiration": 0,
"allowedCorsOrigins": [
"string"
],
"refreshTokenReuseInterval": 0,
"refreshTokenAbsoluteLifetime": 0,
"isRefreshTokenRotationEnabled": false,
"allowCrossOriginAuthentication": false,
"refreshTokenInactivityLifetime": 0,
"isRefreshTokenAbsoluteExpirationEnabled": false,
"isRefreshTokenInactivityLifetimeEnabled": false
}Schema
| Name | Type | Attributes | Description | Extensions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
allowCrossOriginAuthentication
|
boolean
|
nullable | When allowed, cross-origin authentication allows applications to make authentication requests when the Lock widget or custom HTML is used. | — | ||||||||
allowedCorsOrigins
|
string[]
|
nullable | Additional origins allowed to make cross-origin resource sharing (CORS) requests. Allowed callback URLs are already included in this list. | — | ||||||||
allowedLogoutUrls
|
string[]
|
nullable | A set of URLs that are valid to redirect to after logout from Auth0. Multiple values should be comma separated. | — | ||||||||
allowedWebOrigins
|
string[]
|
nullable | Comma-separated list of allowed origins for use with Cross-Origin Authentication, Device Flow, and web message response mode. | — | ||||||||
applicationName
|
string
|
nullable | The name of the application associated with the client. | — | ||||||||
callbackUrls
|
string[]
|
nullable | Callback URLs for the OAuth2 authentication process. Multiple values should be comma separated. | — | ||||||||
clientAuthMethod
|
ClientAuthMethod
|
— |
The method a client applicaiton uses to authenticate with Auth0 when necessary (such as when using the token endpoint)
|
— | ||||||||
client_upn_key
|
string
|
nullable | The client UPN key for user principal name mapping. | — | ||||||||
grantTypes
|
string[]
|
nullable | The grant types supported for this application | — | ||||||||
id
|
string
|
nullable | The unique identifier that is also used in OAuth/OIDC authorization flows. | — | ||||||||
idTokenExpiration
|
integer (int32)
|
nullable | This setting allows you to set the lifetime of the id_token (in seconds) | — | ||||||||
isRefreshTokenAbsoluteExpirationEnabled
|
boolean
|
nullable | When enabled, a refresh_token will expire based on an absolute lifetime, after which the token can no longer be used. If rotation is enabled, an expiration lifetime must be set. | — | ||||||||
isRefreshTokenInactivityLifetimeEnabled
|
boolean
|
nullable | When enabled, a refresh_token will expire based on a specified inactivity lifetime, after which the token can no longer be used. | — | ||||||||
isRefreshTokenRotationEnabled
|
boolean
|
nullable | When enabled, as a result of exchanging a refresh token, a new refresh token will be issued and the existing token will be invalidated. This allows for automatic detection of token reuse if the token is leaked. In addition, an absolute expiration lifetime must be set. | — | ||||||||
logoUrl
|
string
|
nullable | A URL to a logo for the client. | — | ||||||||
manuallyCreated
|
boolean
|
— | Indicates whether the client was created manually (true) or via Terraform (false). | — | ||||||||
mobile
|
— | Mobile device settings for Auth0 client applications. | — | |||||||||
name
|
string
|
nullable | The name of the client. | — | ||||||||
owners
|
string[]
|
nullable | A list of roles or user IDs who have permissions over this client. | — | ||||||||
productName
|
string
|
nullable | The name of the product associated with the client. | — | ||||||||
refreshTokenAbsoluteLifetime
|
integer (int32)
|
nullable | Sets the absolute lifetime of a refresh_token (in seconds). | — | ||||||||
refreshTokenInactivityLifetime
|
integer (int32)
|
nullable | Sets the inactivity lifetime of a refresh_token (in seconds). | — | ||||||||
refreshTokenReuseInterval
|
integer (int32)
|
nullable | The allowable leeway time that the same refresh_token can be used to request an access_token without triggering automatic reuse detection. | — | ||||||||
secret
|
string
|
nullable | A client secret is a secret passphrase that proves to the authentication server that the client app is authorized to make a request on behalf of the user. | — | ||||||||
type
|
string
|
nullable | The type of client. | — |
404
Example
{
"type": "string",
"title": "string",
"detail": "string",
"status": 0,
"instance": "string"
}Schema
| Name | Type | Attributes | Description | Extensions |
|---|---|---|---|---|
detail
|
string
|
nullable | — | — |
instance
|
string
|
nullable | — | — |
status
|
integer (int32)
|
nullable | — | — |
title
|
string
|
nullable | — | — |
type
|
string
|
nullable | — | — |
Example
{
"type": "string",
"title": "string",
"detail": "string",
"status": 0,
"instance": "string"
}Schema
| Name | Type | Attributes | Description | Extensions |
|---|---|---|---|---|
detail
|
string
|
nullable | — | — |
instance
|
string
|
nullable | — | — |
status
|
integer (int32)
|
nullable | — | — |
title
|
string
|
nullable | — | — |
type
|
string
|
nullable | — | — |
Example
{
"type": "string",
"title": "string",
"detail": "string",
"status": 0,
"instance": "string"
}Schema
| Name | Type | Attributes | Description | Extensions |
|---|---|---|---|---|
detail
|
string
|
nullable | — | — |
instance
|
string
|
nullable | — | — |
status
|
integer (int32)
|
nullable | — | — |
title
|
string
|
nullable | — | — |
type
|
string
|
nullable | — | — |
Example
{
"type": "string",
"title": "string",
"detail": "string",
"status": 0,
"instance": "string"
}Schema
| Name | Type | Attributes | Description | Extensions |
|---|---|---|---|---|
detail
|
string
|
nullable | — | — |
instance
|
string
|
nullable | — | — |
status
|
integer (int32)
|
nullable | — | — |
title
|
string
|
nullable | — | — |
type
|
string
|
nullable | — | — |
Example
{
"type": "string",
"title": "string",
"detail": "string",
"status": 0,
"instance": "string"
}Schema
| Name | Type | Attributes | Description | Extensions |
|---|---|---|---|---|
detail
|
string
|
nullable | — | — |
instance
|
string
|
nullable | — | — |
status
|
integer (int32)
|
nullable | — | — |
title
|
string
|
nullable | — | — |
type
|
string
|
nullable | — | — |
Example
{
"type": "string",
"title": "string",
"detail": "string",
"status": 0,
"instance": "string"
}Schema
| Name | Type | Attributes | Description | Extensions |
|---|---|---|---|---|
detail
|
string
|
nullable | — | — |
instance
|
string
|
nullable | — | — |
status
|
integer (int32)
|
nullable | — | — |
title
|
string
|
nullable | — | — |
type
|
string
|
nullable | — | — |
Example
{
"type": "string",
"title": "string",
"detail": "string",
"status": 0,
"instance": "string"
}Schema
| Name | Type | Attributes | Description | Extensions |
|---|---|---|---|---|
detail
|
string
|
nullable | — | — |
instance
|
string
|
nullable | — | — |
status
|
integer (int32)
|
nullable | — | — |
title
|
string
|
nullable | — | — |
type
|
string
|
nullable | — | — |
Security
Authentication is required for this operation.
Source: default
Requirements (any one option may satisfy)
- Bearer and ApplicationToken
- Basic