Check if Application is Confidential or Public
You can check whether an application is registered with Auth0 as a confidential or public application. To learn more, read Confidential and Public Application. Auth0 determines this based on the Token Endpoint Authentication Method setting, which defines how an application authenticates against the Authentication API /get_token
endpoint.
Go to Dashboard > Applications > Applications and select the name of the application to view.
Under Application Properties, locate the Token Endpoint Authentication Method field.
The methods have the following meanings:
None: Public application without a client secret.
Post: Application using request body parameters to send a client secret.
Basic: Application using the HTTP BASIC authentication scheme.
These values map to confidential and public applications as follows:
Application Type | Example | Token Endpoint Authentication Method |
---|---|---|
Public | Single-page or native | None |
Confidential | Regular web or machine-to-machine | Basic, Post, unspecified |
Public applications cannot maintain the confidentiality of the credentials required for Token endpoint authentication methods like Post and Basic.