Configure Client for Sender Constraining
When you require Sender Constraining for a client application, access tokens are constrained to that application. Auth0 verifies requests to ensure that only the application that requested the token can use it to access the associated resource. To learn more, read Configure Sender Constraining.
Go to Dashboard>Applications>Applications. Select the application you want to configure.
Under Settings, scroll to Token Sender-Constraining.
Toggle on to Require Sender Constraining. Toggle off to remove the requirement for Sender Constraining for the application.
To configure a client for Sender Constraining, use the Management API.
To require Sender Constraining for a client, send a PATCH request to update the client's settings. Set the require_proof_of_possession
parameter to true
.
"require_proof_of_possession": true
Was this helpful?
To remove the requirement for Sender Constraining, set the require_proof_of_possession
parameter to false
.
"require_proof_of_possession": false
Was this helpful?