Auth0 Keys

Description

General

• Documentation: https://auth0.com/docs/
• Summary: Auth0 is a SaaS solution that adds authentication and authorization services to software applications. It allows users to sign up to only one application and be authenticated on multiple (also called Single Sign-On). This detector searches for application credentials. These credentials could give access to users information, including personally identifiable information.
• IPs allowlist: This feature is not currently available.
• Scopes: It is possible to configure specific scopes when creating the keys.

Revoke the secret

This can be done from Auth0 dashboard.

Check for suspicious activity

Auth0 provides access logs in the dashboard or through the Management API.

Details for Auth0 keys

• Family: Api

• Category: Identity provider

• Company: Auth0

• High recall: False

• Validity check available: True

• On-premise instances exist: True

• Only valid secrets raise an alert: True

• Minimum number of matches: 3

• Occurrences found for one million commits: 9.62

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions: []
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - auth0\.com

Examples

- text: |
    i=STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc
    s=_Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr
    d=gg-test.auth0.com
  domain: gg-test.auth0.com
  client_id: STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc
  client_secret: _Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr
- text: |
    ```
    i=STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc
    s=_Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr
    d=gg-test.auth0.com
    ```
  domain: gg-test.auth0.com
  client_id: STvPYZ1pCeJp2tyVdDDgm9DySu1VIPTc
  client_secret: _Foy7l7Z8DdZ09YfR95JJWaabWVFp5XAEDZbTlHqTDMtMXwlrnl21Z5ARqYJ3XSr