Table: auth0_client - Query Auth0 Clients using SQL
Auth0 is a flexible, drop-in solution to add authentication and authorization services to your applications. It provides a platform to authenticate, authorize, and secure access for applications, devices, and users. With Auth0, you can manage authentication of users and enable the integration of social identity providers.
Table Usage Guide
The auth0_client table provides insights into the clients within Auth0. As a DevOps engineer or a security analyst, explore client-specific details through this table, including client types, grant types, and associated metadata. Utilize it to uncover information about clients, such as their callback URLs, allowed origins, and client secrets, aiding in the configuration and management of these resources.
Examples
Number of clients by type
Determine the distribution of client types within your application ecosystem. This can provide insights into the variety and prevalence of different client types, aiding in strategic decision-making and resource allocation.
select app_type, count(1)from auth0_clientgroup by app_type;select app_type, count(1)from auth0_clientgroup by app_type;Token lifetime
Assess the elements within your Auth0 clients to understand the lifespan of their tokens. This can be useful to manage session durations and enhance security by determining the idle and active lifetimes of tokens.
select client_id, name, refresh_token ->> 'token_lifetime' as token_lifetime, refresh_token ->> 'idle_token_lifetime' as idle_token_lifetimefrom auth0_clientorder by name;select client_id, name, json_extract(refresh_token, '$.token_lifetime') as token_lifetime, json_extract(refresh_token, '$.idle_token_lifetime') as idle_token_lifetimefrom auth0_clientorder by name;Grant types of a client
Analyze the types of authorizations granted to a specific client in the Auth0 platform. This can be useful for assessing security settings and understanding the level of access a client has.
select g as grant_typesfrom auth0_client c, jsonb_array_elements(grant_types) gwhere client_id = 'Jh5ap2mN94TJmZZ1sVeVmtW9Fpaim190';select g.value as grant_typesfrom auth0_client c, json_each(grant_types) gwhere client_id = 'Jh5ap2mN94TJmZZ1sVeVmtW9Fpaim190';Schema for auth0_client
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| addons | jsonb | Addons for our client. | |
| allowed_clients | jsonb | Allowed clients. | |
| allowed_logout_urls | jsonb | A set of URLs that are valid to redirect to after logout from Auth0. | |
| allowed_origins | jsonb | The allowed origin URLs. | |
| app_type | text | The type of application this client represents. | |
| callbacks | jsonb | The URLs that Auth0 can use to as a callback for the client. | |
| client_aliases | jsonb | Client aliases. | |
| client_id | text | = | The ID of the client. |
| client_metadata | jsonb | Metadata associated with the client. | |
| client_secret | text | The client secret, it must not be public. | |
| cross_origin_auth | boolean | True if this client can be used to make cross-origin authentication requests, false otherwise (default: false). | |
| cross_origin_location | text | URL for the location in your site where the cross origin verification takes place for the cross-origin auth flow when performing Auth in your own domain instead of Auth0 hosted login page. | |
| custom_login_page | text | The custom login page to be used. | |
| custom_login_page_on | boolean | True if the custom login page is to be used, false otherwise. Defaults to true. | |
| custom_login_page_preview | text | The custom login page preview to be used. | |
| description | text | Free text description of the purpose of the Client. | |
| encryption_key | jsonb | Client encryption key. | |
| form_template | text | The form template to be used. | |
| grant_types | jsonb | List of acceptable Grant Types for this Client. | |
| initiate_login_uri | text | Initiate login uri, must be https and cannot contain a fragment. | |
| is_first_party | boolean | Whether this client a first party client or not. | |
| is_token_endpoint_ip_header_trusted | boolean | Set header `auth0-forwarded-for` as trusted to be used as source of end user ip for brute-force-protection on token endpoint. | |
| jwt_configuration | jsonb | JSON web token configuration. | |
| logo_uri | text | The URL of the client logo (recommended size: 150x150). | |
| mobile | jsonb | Mobile app settings. | |
| name | text | The name of the client. | |
| native_social_login | jsonb | Native Social Login settings. | |
| oidc_conformant | boolean | Whether this client will conform to strict OIDC specifications. | |
| organization_require_behavior | text | Organization Require Behavior. | |
| organization_usage | text | Organization Usage. | |
| refresh_token | jsonb | Refresh Token settings for our Client. | |
| signing_keys | jsonb | Client signing keys. | |
| sso | boolean | Client single sign-on. | |
| sso_disabled | boolean | True to disable Single Sign On, false otherwise (default: false). | |
| token_endpoint_auth_method | text | Defines the requested authentication method for the token endpoint. | |
| web_origins | jsonb | A set of URLs that represents valid web origins for use with web message response mode. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- auth0You can pass the configuration to the command with the --config argument:
steampipe_export_auth0 --config '<your_config>' auth0_client