Update Grant Types

You can change your application's grant types using the Auth0 Dashboard or the Management API.

Use the Dashboard

  1. Go to Dashboard > Applications > Applications and select the name of the application to view.

    Dashboard Applications List
  2. Scroll to the bottom of the page, and select Show Advanced Settings.

  3. Select Grant Types, and enable or disable the appropriate grants for the application. When finished, select Save Changes. The device code grant type is only available for native apps.

    Dashboard Applications Application Settings Tab Advanced Settings Grant Types tab

Use the Management API

Make a PATCH call to the /Clients/patch_clients_by_id endpoint. Be sure to replace {yourClientId}, {yourManagementApiAccessToken}, and {grantType} placeholder values with your client ID, Management API access token, and desired grant type, respectively.


curl --request PATCH \
  --url 'https://{yourDomain}/api/v2/clients/%7ByourClientId%7D' \
  --header 'authorization: Bearer {yourMgmtApiAccessToken}' \
  --header 'cache-control: no-cache' \
  --header 'content-type: application/json' \
  --data '{ "grant_types": "{grantTypes}" }'

Was this helpful?

/
var client = new RestClient("https://{yourDomain}/api/v2/clients/%7ByourClientId%7D");
var request = new RestRequest(Method.PATCH);
request.AddHeader("content-type", "application/json");
request.AddHeader("authorization", "Bearer {yourMgmtApiAccessToken}");
request.AddHeader("cache-control", "no-cache");
request.AddParameter("application/json", "{ \"grant_types\": \"{grantTypes}\" }", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);

Was this helpful?

/
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://{yourDomain}/api/v2/clients/%7ByourClientId%7D"

	payload := strings.NewReader("{ \"grant_types\": \"{grantTypes}\" }")

	req, _ := http.NewRequest("PATCH", url, payload)

	req.Header.Add("content-type", "application/json")
	req.Header.Add("authorization", "Bearer {yourMgmtApiAccessToken}")
	req.Header.Add("cache-control", "no-cache")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Was this helpful?

/
HttpResponse<String> response = Unirest.patch("https://{yourDomain}/api/v2/clients/%7ByourClientId%7D")
  .header("content-type", "application/json")
  .header("authorization", "Bearer {yourMgmtApiAccessToken}")
  .header("cache-control", "no-cache")
  .body("{ \"grant_types\": \"{grantTypes}\" }")
  .asString();

Was this helpful?

/
var axios = require("axios").default;

var options = {
  method: 'PATCH',
  url: 'https://{yourDomain}/api/v2/clients/%7ByourClientId%7D',
  headers: {
    'content-type': 'application/json',
    authorization: 'Bearer {yourMgmtApiAccessToken}',
    'cache-control': 'no-cache'
  },
  data: {grant_types: '{grantTypes}'}
};

axios.request(options).then(function (response) {
  console.log(response.data);
}).catch(function (error) {
  console.error(error);
});

Was this helpful?

/
#import <Foundation/Foundation.h>

NSDictionary *headers = @{ @"content-type": @"application/json",
                           @"authorization": @"Bearer {yourMgmtApiAccessToken}",
                           @"cache-control": @"no-cache" };
NSDictionary *parameters = @{ @"grant_types": @"{grantTypes}" };

NSData *postData = [NSJSONSerialization dataWithJSONObject:parameters options:0 error:nil];

NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://{yourDomain}/api/v2/clients/%7ByourClientId%7D"]
                                                       cachePolicy:NSURLRequestUseProtocolCachePolicy
                                                   timeoutInterval:10.0];
[request setHTTPMethod:@"PATCH"];
[request setAllHTTPHeaderFields:headers];
[request setHTTPBody:postData];

NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
                                            completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
                                                if (error) {
                                                    NSLog(@"%@", error);
                                                } else {
                                                    NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
                                                    NSLog(@"%@", httpResponse);
                                                }
                                            }];
[dataTask resume];

Was this helpful?

/
$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://{yourDomain}/api/v2/clients/%7ByourClientId%7D",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "PATCH",
  CURLOPT_POSTFIELDS => "{ \"grant_types\": \"{grantTypes}\" }",
  CURLOPT_HTTPHEADER => [
    "authorization: Bearer {yourMgmtApiAccessToken}",
    "cache-control: no-cache",
    "content-type: application/json"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

Was this helpful?

/
import http.client

conn = http.client.HTTPSConnection("")

payload = "{ \"grant_types\": \"{grantTypes}\" }"

headers = {
    'content-type': "application/json",
    'authorization': "Bearer {yourMgmtApiAccessToken}",
    'cache-control': "no-cache"
    }

conn.request("PATCH", "/{yourDomain}/api/v2/clients/%7ByourClientId%7D", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

Was this helpful?

/
require 'uri'
require 'net/http'
require 'openssl'

url = URI("https://{yourDomain}/api/v2/clients/%7ByourClientId%7D")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Patch.new(url)
request["content-type"] = 'application/json'
request["authorization"] = 'Bearer {yourMgmtApiAccessToken}'
request["cache-control"] = 'no-cache'
request.body = "{ \"grant_types\": \"{grantTypes}\" }"

response = http.request(request)
puts response.read_body

Was this helpful?

/
import Foundation

let headers = [
  "content-type": "application/json",
  "authorization": "Bearer {yourMgmtApiAccessToken}",
  "cache-control": "no-cache"
]
let parameters = ["grant_types": "{grantTypes}"] as [String : Any]

let postData = JSONSerialization.data(withJSONObject: parameters, options: [])

let request = NSMutableURLRequest(url: NSURL(string: "https://{yourDomain}/api/v2/clients/%7ByourClientId%7D")! as URL,
                                        cachePolicy: .useProtocolCachePolicy,
                                    timeoutInterval: 10.0)
request.httpMethod = "PATCH"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data

let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
  if (error != nil) {
    print(error)
  } else {
    let httpResponse = response as? HTTPURLResponse
    print(httpResponse)
  }
})

dataTask.resume()

Was this helpful?

/

Value Description
YOUR_CLIENT_ID Τhe ID of the application to be updated.
MGMT_API_ACCESS_TOKEN Access Tokens for the Management API with the scope update:clients.
GRANT_TYPES The grant types you would like to enable for the specified application.

Troubleshoot

Attempting to use a flow with an application lacking the appropriate grant_types for that flow (or with the field empty) will result in the following error: Grant type `grant_type` not allowed for the client.

Learn more