Frequently Asked Questions
What is Auth0?
Auth0 is a flexible, drop-in solution to add authentication and authorization services to your applications. A team and organization can avoid the cost, time, and risk that come with building your own solution to authenticate and authorize users.
What Authentication and Authorization Flows does Auth0 use?
Auth0 uses the OpenID Connect (OIDC) Protocol and OAuth 2.0 Authorization Framework to authenticate users and get their authorization to access protected resources. With Auth0, you can easily support different flows in your own applications and APIs without worrying about OIDC/OAuth 2.0 specifications or other technical aspects of authentication and authorization.
What is an Access Token?
An Access Token (also referred to as access_token) is an opaque string representing an authorization issued to the application. It may denote an identifier used to retrieve the authorization information or may self-contain the authorization information (for example, the user's identity, permissions, and so forth) in a verifiable manner.
It is quite common for Access Tokens to be implemented as JSON Web Tokens.
What are Scopes?
Each Access Token may include a list of the permissions that have been granted to the client. When a client authenticates with Auth0, it will specify the list of scopes (or permissions) it is requesting. If those scopes are authorized, then the Access Token will contain a list of authorized scopes.
What is an API endpoint?
An API endpoint is a unique URL that represents an object. To interact with this object, you need to point your application to its URL. For example, if you had an API that could return either orders or customers, you might configure two endpoints: /orders and /customers. Your application would interact with these endpoints using different HTTP methods; for example, POST /orders could create a new order or GET /orders could retrieve the dataset of one or more orders.