Connecting to Auth0
Using OAuth Authentication
To authenticate to Auth0, you need to create a Machine to Machine application in your Auth0 Dashboard. Navigate to Applications > Create Application and select Machine to Machine Applications. After creating the application, authorize it for the Auth0 Management API and configure the required scopes such as read:users, read:clients, read:connections, and read:roles.
You will also need to specify your Auth0 tenant domain. For example, if your Auth0 dashboard URL is https://your-tenant.auth0.com, then the Domain should be your-tenant.auth0.com.
After setting the following connection properties, you are ready to connect:
- AuthScheme: Set this to OAuth.
- OAuthClientId: Set this to the Client ID from your Auth0 Machine to Machine application.
- OAuthClientSecret: Set this to the Client Secret from your Auth0 Machine to Machine application.
- Domain: Set this to your Auth0 tenant domain (e.g., your-tenant.auth0.com).
- Scope: Set this to the required OAuth scopes for accessing Auth0 Management API resources.
Example OAuth Connection String
Profile=C:\profiles\Auth0.apip;ProfileSettings="Domain=your-tenant.auth0.com";AuthScheme=OAuth;OAuthClientId=your_client_id;OAuthClientSecret=your_client_secret;Scope="read:users read:clients read:connections read:roles read:resource_servers read:logs read:organizations read:actions";
Usage Examples
Query all action bindings:
SELECT * FROM ActionBindings WHERE TriggerId = 'post-login'
Query all actions:
SELECT * FROM Actions WHERE IsDeployed = 'true'
Query all action triggers:
SELECT * FROM ActionTriggers
Query all action versions:
SELECT * FROM ActionVersions WHERE ActionId = 'act_123456'
Query all applications:
SELECT * FROM Applications WHERE IsFirstParty = 'true'
Query attack protection settings:
SELECT * FROM AttackProtection WHERE IsEnabled = 'true'
Query branding settings:
SELECT * FROM Branding
Query brute force protection settings:
SELECT * FROM BruteForceProtection WHERE IsEnabled = 'true'
Query all client grants:
SELECT * FROM ClientGrants WHERE ClientId = 'abc123'
Query all connections:
SELECT * FROM Connections WHERE Strategy = 'auth0'
Query all custom domains:
SELECT * FROM CustomDomains WHERE CustomDomainId = 'cd_123456'
Query all device credentials:
SELECT * FROM DeviceCredentials
Query email provider settings:
SELECT * FROM Emails WHERE IsEnabled = 'true'
Query all email templates:
SELECT * FROM EmailTemplates WHERE Template = 'welcome_email'
Query all event streams:
SELECT * FROM EventStreams WHERE Id = 'evs_123456'
Query all flows:
SELECT * FROM Flows WHERE ShouldSynchronous = 'true'
Query all forms:
SELECT * FROM Forms WHERE Id = 'form_123'
Query all grants:
SELECT * FROM Grants WHERE UserId = 'auth0|123456'
Query Guardian factors:
SELECT * FROM Guardian WHERE IsEnabled = 'true'
Query Guardian enrollments:
SELECT * FROM GuardianEnrollments WHERE Id = 'dev_123456'
Query all jobs:
SELECT * FROM Jobs WHERE Id = 'job_123456'
Query all signing keys:
SELECT * FROM Keys WHERE KeyId = 'key_123456'
Query authentication logs:
SELECT * FROM Logs WHERE Type = 'success_login'
Query all log streams:
SELECT * FROM LogStreams WHERE Id = 'ls_123456'
Query network ACLs:
SELECT * FROM NetworkAcls WHERE Id = 'acl_123456'
Query organization connections:
SELECT * FROM OrganizationConnections WHERE OrganizationId = 'org_123456'
Query organization invitations:
SELECT * FROM OrganizationInvitations WHERE OrganizationId = 'org_123456'
Query organization member roles:
SELECT * FROM OrganizationMemberRoles WHERE OrganizationId = 'org_123456' AND UserId = 'auth0|123456'
Query organization members:
SELECT * FROM OrganizationMembers WHERE OrganizationId = 'org_123456'
Query all organizations:
SELECT * FROM Organizations WHERE Id = 'org_123456'
Query prompt settings:
SELECT * FROM Prompts
Query refresh tokens:
SELECT * FROM RefreshTokens WHERE IsRotating = 'true'
Query resource servers:
SELECT * FROM ResourceServers WHERE IsSystem = 'false'
Query all roles:
SELECT * FROM Roles WHERE Id = 'rol_123456'
Query all rules:
SELECT * FROM Rules WHERE IsEnabled = 'true'
Query self-service profiles:
SELECT * FROM SelfServiceProfiles WHERE Id = 'ssp_123456'
Query user sessions:
SELECT * FROM Sessions WHERE Id = 'sess_123456'
Query daily statistics:
SELECT * FROM StatsDaily WHERE Date >= '2024-01-01'
Query suspicious IP throttling:
SELECT * FROM SuspiciousIpThrottling WHERE IsEnabled = 'true'
Query tenant settings:
SELECT * FROM TenantSettings
Query token exchange profiles:
SELECT * FROM TokenExchangeProfiles WHERE Id = 'tep_123456'
Query user attribute profiles:
SELECT * FROM UserAttributeProfiles WHERE Id = 'uap_123456'
Query user permissions:
SELECT * FROM UserPermissions WHERE UserId = 'auth0|123456'
Query user roles:
SELECT * FROM UserRoles WHERE UserId = 'auth0|123456'
Query all users:
SELECT * FROM Users WHERE IsBlocked = 'false'
Query users by email:
SELECT * FROM UsersByEmail WHERE Email = '[email protected]'
Connection Properties
The connection string properties are the various options that can be used to establish a connection. This section provides a complete list of the options you can configure in the connection string for this provider.
| Property | Description |
| AuthScheme | The scheme used for authentication. Accepted entries are OAuth, or None. Allowed values are: BASIC, NONE, NTLM, OAUTH, APIKEY, OAUTH_CLIENT |
| CallbackURL | Identifies the URL users return to after authenticating to API via OAuth (Custom OAuth applications only). |
| Domain | Your Auth0 tenant domain. This should be the domain from your Auth0 Dashboard URL. |
| InitiateOAuth | Specifies the process for obtaining or refreshing the OAuth access token, which maintains user access while an authenticated, authorized user is working. Allowed values are: OFF, GETANDREFRESH, REFRESH |
| OAuthClientId | Specifies the client ID (also known as the consumer key) assigned to your custom OAuth application. This ID is required to identify the application to the OAuth authorization server during authentication. |
| OAuthClientSecret | Specifies the client secret assigned to your custom OAuth application. This confidential value is used to authenticate the application to the OAuth authorization server. (Custom OAuth applications only.). |
| Scope | Scope(s) to use when authenticating, that control access to specific information. |