Skip to main content

Auth0 Keys

Description

General

  • Documentation: https://auth0.com/docs/
  • Summary: Auth0 is a SaaS solution that adds authentication and authorization services to software applications. It allows users to sign up to only one application and be authenticated on multiple (also called Single Sign-On). This detector searches for application credentials. These credentials could give access to users information, including personally identifiable information.
  • IPs allowlist: This feature is not currently available.
  • Scopes: It is possible to configure specific scopes when creating the keys.

Revoke the secret

This can be done from Auth0 dashboard.

Check for suspicious activity

Auth0 provides access logs in the dashboard or through the Management API.

Details for Auth0 keys

  • Family: credentials

  • Category: identity_provider

  • Company: Auth0

  • High recall: False

  • Validity check available: True

  • Analyzer available: True

  • On-premise instances exist: True

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 3

  • Occurrences found for one million commits: 9.62

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - auth0

Examples

- text: |
    i=STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc
    s=_Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr
    d=gg-test.auth0.com
  domain: gg-test.auth0.com
  client_id: STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc
  client_secret: _Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr
- text: |
    ```
    i=STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc
    s=_Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr
    d=gg-test.auth0.com
    ```
  domain: gg-test.auth0.com
  client_id: STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc
  client_secret: _Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr
- text: |
    i=STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc
    s=_Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr
    auth0_issuer_base_url=https://gg-test.com
  domain: gg-test.com
  client_id: STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc
  client_secret: _Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr

Secret Analyzer

Analysis Method

  • Provider allows scopes enumeration: False
  • Total network call count: 2
  • Total call count may vary: True

HTTP Calls

Requests are designed to capture metadata and not to function effectively.

  • POST: /oauth/token

Other Calls

No other calls for this analyzer.

Last updated on

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status