Auth0 Keys
#
Description#
General- Documentation: https://auth0.com/docs/
- Summary: Auth0 is a SaaS solution that adds authentication and authorization services to software applications. It allows users to sign up to only one application and be authenticated on multiple (also called
Single Sign-On
). This detector searches for application credentials. These credentials could give access to users information, including personally identifiable information. - IPs allowlist: This feature is not currently available.
- Scopes: It is possible to configure specific scopes when creating the keys.
#
Revoke the secretThis can be done from Auth0 dashboard.
#
Check for suspicious activityAuth0 provides access logs in the dashboard or through the Management API.
Auth0 keys
#
Details for Family: Api
Category: Identity provider
Company: Auth0
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: True
Minimum number of matches: 3
Occurrences found for one million commits: 10.78
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: false- type: ContentWhitelistPreValidator patterns: - auth0\.com
#
Examples- text: | i=STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc s=_Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr d=gg-test.auth0.com domain: gg-test.auth0.com client_id: STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc client_secret: _Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr- text: | i=STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc s=_Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr d=gg-test.auth0.com
domain: gg-test.auth0.com client_id: STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc client_secret: _Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr filename: some_file.md