You can check whether an application is registered with Auth0 as a confidential or public application. To learn more, read Confidential and Public Application. Auth0 determines if an application is confidential or public based on the Authentication Method setting, which defines how an application authenticates against the Auth0 Authentication API Get Token endpoint.
  1. In the Auth0 Dashboard, go to Applications > Applications, and then select the name of the application to view.
  2. If the Credentials view is not available, the application is a public application.
  3. If the Credentials view is available, then select it and locate the Authentication Method field.
    Configure Private Key JWT Authentication - Auth0 Dashboard instructions
Use the applicable method:
  • None: Public application without a .
  • Client Secret Post: Application using POST request body parameters to send a client secret.
  • Client Secret Basic: Application using the HTTP BASIC authentication scheme to send a client secret.
  • Private Key : Application using asymmetric authentication.
These values map to confidential and public applications as follows:
Application TypeExampleToken Endpoint Authentication Method
PublicSingle-page or nativeNone
ConfidentialRegular web or machine-to-machineBasic, Post, Private Key JWT, Unspecified
Public applications cannot maintain the confidentiality of the credentials required for authentication methods like Post and Basic.