Enable Third-Party Applications
You can enable third-party applications for your tenant. See First-Party and Third-Party Applications for details on the differences between the two types of applications.
Update your application's ownership to third-party in Auth0.
By default, applications registered in Auth0 are first-party applications. If you want your application to be a third-party application, you must update its ownership.
Promote the connections you will use with third-party applications to domain level in Auth0.
Third-party applications can only authenticate users from connections flagged as domain-level connections. Domain-level connections can be enabled for selected first-party applications while also being open to all third-party application users for authentication.
Update your application's login page. If you use Lock in the Universal Login Page, you must also:
Upgrade to Lock version 11 or later.
Set the
__useTenantInfo: config.isThirdPartyClient
flag when instantiating Lock.For Private Cloud users only: Set the
configurationBaseUrl
option tohttps://{config.auth0Domain}/
when instantiating Lock.
Access token current_user_* scopes
Neither first- nor third-party applications can use ID tokens to invoke Management API endpoints. Instead, they should get access tokens with the following current_user_*
scopes required by each endpoint:
Scope | Endpoint |
---|---|
read:current_user |
List or search users |
Get a user | |
Get user MFA enrollments | |
update:current_user_metadata |
Update a user |
Delete a user's multi-factor provider | |
create:current_user_device_credentials |
Create a device public key |
delete:current_user_device_credentials |
Delete a device credential |
update:current_user_identities |
Link a user account |
Unlink a user identity |
Script example
<script src="https://cdn.auth0.com/js/lock/11.x.y/lock.min.js"></script>
...
<script>
// Decode utf8 characters properly
var config = JSON.parse(decodeURIComponent(escape(window.atob('@@config@@'))));
var connection = config.connection;
var prompt = config.prompt;
var languageDictionary;
var language;
if (config.dict && config.dict.signin && config.dict.signin.title) {
languageDictionary = { title: config.dict.signin.title };
} else if (typeof config.dict === 'string') {
language = config.dict;
}
var lock = new Auth0Lock(config.clientID, config.auth0Domain, {
auth: {
redirectUrl: config.callbackURL,
responseType: config.callbackOnLocationHash ? 'token' : 'code',
params: config.internalOptions
},
assetsUrl: config.assetsUrl,
allowedConnections: connection ? [connection] : null,
configurationBaseUrl: 'https://' + config.auth0Domain + '/', // for PSaaS only
rememberLastLogin: !prompt,
language: language,
languageDictionary: languageDictionary,
closable: false,
__useTenantInfo: config.isThirdPartyClient // required for all Tenants
});
lock.show();
</script>
Was this helpful?