Create a client credential
Create a client credential associated to your application. Credentials can be used to configure Private Key JWT and mTLS authentication methods, as well as for JWT-secured Authorization requests.
Public Key
Public Key credentials can be used to set up Private Key JWT client authentication and JWT-secured Authorization requests.
Sample:
{
"credential_type": "public_key",
"name": "string",
"pem": "string",
"alg": "RS256",
"parse_expiry_from_cert": false,
"expires_at": "2022-12-31T23:59:59Z"
}
Certificate (CA-signed & self-signed)
Certificate credentials can be used to set up mTLS client authentication. CA-signed certificates can be configured either with a signed certificate or with just the certificate Subject DN.
CA-signed Certificate Sample (pem):
{
"credential_type": "x509_cert",
"name": "string",
"pem": "string"
}
CA-signed Certificate Sample (subject_dn):
{
"credential_type": "cert_subject_dn",
"name": "string",
"subject_dn": "string"
}
Self-signed Certificate Sample:
{
"credential_type": "cert_subject_dn",
"name": "string",
"pem": "string"
}
The credential will be created but not yet enabled for use until you set the corresponding properties in the client:
- To enable the credential for Private Key JWT or mTLS authentication methods, set the
client_authentication_methodsproperty on the client. For more information, read Configure Private Key JWT Authentication and Configure mTLS Authentication - To enable the credential for JWT-secured Authorization requests, set the
signed_request_objectproperty on the client. For more information, read Configure JWT-secured Authorization Requests (JAR)
Documentation Index
Fetch the complete documentation index at: https://docs-dev.auth0-mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Path Parameters
ID of the client.
Body
The type of credential.
public_key, cert_subject_dn, x509_cert Friendly name for a credential.
128Subject Distinguished Name. Mutually exclusive with pem property. Applies to cert_subject_dn credential type.
1 - 256PEM-formatted public key (SPKI and PKCS1) or X509 certificate. Must be JSON escaped.
Algorithm which will be used with the credential. Can be one of RS256, RS384, PS256. If not specified, RS256 will be used. Applies to public_key credential type.
RS256, RS384, PS256 Parse expiry from x509 certificate. If true, attempts to parse the expiry date from the provided PEM. Applies to public_key credential type.
The ISO 8601 formatted date representing the expiration of the credential. If not specified (not recommended), the credential never expires. Applies to public_key credential type.
Optional kid (Key ID), used to uniquely identify the credential. If not specified, a kid value will be auto-generated. The kid header parameter in JWTs sent by your client should match this value. Valid format is [0-9a-zA-Z-_]{10,64}
10 - 64^([0-9a-zA-Z-_]{10,64})$Response
Credential successfully created.
ID of the credential. Generated on creation.
The name given to the credential by the user.
The key identifier of the credential, generated on creation.
Algorithm which will be used with the credential. Supported algorithms: RS256,RS384,PS256
RS256, RS384, PS256 The type of credential.
public_key, cert_subject_dn, x509_cert The X509 certificate's Subject Distinguished Name
The X509 certificate's SHA256 thumbprint
The ISO 8601 formatted date the credential was created.
The ISO 8601 formatted date the credential was updated.
The ISO 8601 formatted date representing the expiration of the credential.