Skip to main content

Auth0 Keys

Description#

General#

  • Documentation: https://auth0.com/docs/
  • Summary: Auth0 is a SaaS solution that adds authentication and authorization services to software applications. It allows users to sign up to only one application and be authenticated on multiple (also called Single Sign-On). This detector searches for application credentials. These credentials could give access to users information, including personally identifiable information.
  • IPs allowlist: This feature is not currently available.
  • Scopes: It is possible to configure specific scopes when creating the keys.

Revoke the secret#

This can be done from Auth0 dashboard.

Check for suspicious activity#

Auth0 provides access logs in the dashboard or through the Management API.

Details for Auth0 keys#

  • Family: Api

  • Category: Identity provider

  • Company: Auth0

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 3

  • Occurrences found for one million commits: 10.78

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - auth0\.com

Examples#

- text: |    i=STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc    s=_Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr    d=gg-test.auth0.com  domain: gg-test.auth0.com  client_id: STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc  client_secret: _Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr- text: |    i=STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc    s=_Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr    d=gg-test.auth0.com
  domain: gg-test.auth0.com  client_id: STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc  client_secret: _Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr  filename: some_file.md