Check if Application is Confidential or Public
You can check whether an application is registered with Auth0 as a confidential or public application. To learn more, read Confidential and Public Application.
Auth0 determines if an application is confidential or public based on the Authentication Method setting, which defines how an application authenticates against the Auth0 Authentication API Get Token endpoint.
In the Auth0 Dashboard, go to Applications > Applications, and then select the name of the application to view.
If the Credentials view is not available, the application is a public application.
If the Credentials view is available, then select it and locate the Authentication Method field.
Use the applicable method:
None: Public application without a client secret.
Client Secret Post: Application using POST request body parameters to send a client secret.
Client Secret Basic: Application using the HTTP BASIC authentication scheme to send a client secret.
Private Key JWT: Application using asymmetric authentication.
These values map to confidential and public applications as follows:
Application Type | Example | Token Endpoint Authentication Method |
---|---|---|
Public | Single-page or native | None |
Confidential | Regular web or machine-to-machine | Basic, Post, Private Key JWT, Unspecified |
Public applications cannot maintain the confidentiality of the credentials required for Token endpoint authentication methods like Post and Basic.