Skip to main content

Auth0 Keys

Description#

General#

  • Documentation: https://auth0.com/docs/
  • Summary: Auth0 is a SaaS solution that adds authentication and authorization services to software applications. It allows users to sign up to only one application and be authenticated on multiple (also called Single Sign-On). This detector searches for application credentials. These credentials could give access to users information, including personally identifiable information.
  • IPs allowlist: This feature is not currently available.
  • Scopes: It is possible to configure specific scopes when creating the keys.

Revoke the secret#

This can be done from Auth0 dashboard.

Check for suspicious activity#

Auth0 provides access logs in the dashboard or through the Management API.

Details for Auth0 keys#

  • Category: Identity provider

  • Company: Auth0

  • High recall: False

  • Validity check available: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 3

  • Occurrences found for one million commits: 8.1

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r)?html5?~?$  - ^[aps]?cssc?~?$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - auth0\.com

Examples#

- text: |    i=JTvXRY1pCeLp1tyXdDDgk1KyUu1VIXTc    s=_Yzv7l7Z8DdZ79JfR40JJWhabWSTp5XWFDRuTlGqTLMtMXwzrml81Z5CRpYJ3XSj    d=gg-test.auth0.com  domain: gg-test.auth0.com  client_id: JTvXRY1pCeLp1tyXdDDgk1KyUu1VIXTc  client_secret: _Yzv7l7Z8DdZ79JfR40JJWhabWSTp5XWFDRuTlGqTLMtMXwzrml81Z5CRpYJ3XSj