steampipe plugin install auth0

Table: auth0_client - Query Auth0 Clients using SQL

Auth0 is a flexible, drop-in solution to add authentication and authorization services to your applications. It provides a platform to authenticate, authorize, and secure access for applications, devices, and users. With Auth0, you can manage authentication of users and enable the integration of social identity providers.

Table Usage Guide

The auth0_client table provides insights into the clients within Auth0. As a DevOps engineer or a security analyst, explore client-specific details through this table, including client types, grant types, and associated metadata. Utilize it to uncover information about clients, such as their callback URLs, allowed origins, and client secrets, aiding in the configuration and management of these resources.

Examples

Number of clients by type

Determine the distribution of client types within your application ecosystem. This can provide insights into the variety and prevalence of different client types, aiding in strategic decision-making and resource allocation.

select
app_type,
count(1)
from
auth0_client
group by
app_type;
select
app_type,
count(1)
from
auth0_client
group by
app_type;

Token lifetime

Assess the elements within your Auth0 clients to understand the lifespan of their tokens. This can be useful to manage session durations and enhance security by determining the idle and active lifetimes of tokens.

select
client_id,
name,
refresh_token ->> 'token_lifetime' as token_lifetime,
refresh_token ->> 'idle_token_lifetime' as idle_token_lifetime
from
auth0_client
order by
name;
select
client_id,
name,
json_extract(refresh_token, '$.token_lifetime') as token_lifetime,
json_extract(refresh_token, '$.idle_token_lifetime') as idle_token_lifetime
from
auth0_client
order by
name;

Grant types of a client

Analyze the types of authorizations granted to a specific client in the Auth0 platform. This can be useful for assessing security settings and understanding the level of access a client has.

select
g as grant_types
from
auth0_client c,
jsonb_array_elements(grant_types) g
where
client_id = 'Jh5ap2mN94TJmZZ1sVeVmtW9Fpaim190';
select
g.value as grant_types
from
auth0_client c,
json_each(grant_types) g
where
client_id = 'Jh5ap2mN94TJmZZ1sVeVmtW9Fpaim190';

Schema for auth0_client

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
addonsjsonbAddons for our client.
allowed_clientsjsonbAllowed clients.
allowed_logout_urlsjsonbA set of URLs that are valid to redirect to after logout from Auth0.
allowed_originsjsonbThe allowed origin URLs.
app_typetextThe type of application this client represents.
callbacksjsonbThe URLs that Auth0 can use to as a callback for the client.
client_aliasesjsonbClient aliases.
client_idtext=The ID of the client.
client_metadatajsonbMetadata associated with the client.
client_secrettextThe client secret, it must not be public.
cross_origin_authbooleanTrue if this client can be used to make cross-origin authentication requests, false otherwise (default: false).
cross_origin_locationtextURL for the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page.
custom_login_pagetextThe custom login page to be used.
custom_login_page_onbooleanTrue if the custom login page is to be used, false otherwise. Defaults to true.
custom_login_page_previewtextThe custom login page preview to be used.
descriptiontextFree text description of the purpose of the Client.
domain_nametext=, !=, ~~, ~~*, !~~, !~~*The name of the domain.
encryption_keyjsonbClient encryption key.
form_templatetextThe form template to be used.
grant_typesjsonbList of acceptable Grant Types for this Client.
initiate_login_uritextInitiate login uri, must be https and cannot contain a fragment.
is_first_partybooleanWhether this client a first party client or not.
is_token_endpoint_ip_header_trustedbooleanSet header `auth0-forwarded-for` as trusted to be used as source of end user ip for brute-force-protection on token endpoint.
jwt_configurationjsonbJSON web token configuration.
logo_uritextThe URL of the client logo (recommended size: 150x150).
mobilejsonbMobile app settings.
nametextThe name of the client.
native_social_loginjsonbNative Social Login settings.
oidc_conformantbooleanWhether this client will conform to strict OIDC specifications.
organization_require_behaviortextOrganization Require Behavior.
organization_usagetextOrganization Usage.
refresh_tokenjsonbRefresh Token settings for our Client.
signing_keysjsonbClient signing keys.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
ssobooleanClient single sign-on.
sso_disabledbooleanTrue to disable Single Sign On, false otherwise (default: false).
token_endpoint_auth_methodtextDefines the requested authentication method for the token endpoint.
web_originsjsonbA set of URLs that represents valid web origins for use with web message response mode.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- auth0

You can pass the configuration to the command with the --config argument:

steampipe_export_auth0 --config '<your_config>' auth0_client