Beginner’s Guide to Auth0
Auth0 is a user friendly, drop-in solution to add authentication and authorization services to your applications. Your team and organization can avoid the cost, time, and risk that come with building your own solution to authenticate and authorize users. It is a flexible solution to add authentication services to your application.
Authentication is the process of verifying a user and authorization is the process of verifying what they have access to.
An application in Auth0 can be a native app that executes on a mobile device, a single-page web app that executes on a browser, or a regular web application that executes on a server.
When you create an application in the Auth0 Dashboard, Auth0 assigns it a user ID which is an alphanumeric string that is the unique identifier for your application. You will use this ID in your application code when you call Auth0 APIs. You can’t modify the client ID.
Moreover, another important piece of information is the client secret. It must be kept confidential at all times. If anyone gains access to your application’s client secret, then they can impersonate your application and access protected resources. It is important that you select the correct application type to help Auth0 check for certain security risks.
Note: A secret used by a client (application) to authenticate with the Authorization Server. It should be known to only the client and the Authorization Server and must not be guessable.
To integrate Auth0 with a machine-to-machine (M2M) application, you must first register your app with Auth0 using the Auth0 Dashboard. These apps may include non-interactive apps, such as command-line tools, daemons, IoT devices, or services running on your back-end.
M2M apps are linked to an API and its permissions or scopes, which are selected from pre-defined values.