Skip to content

Commit

Permalink
Added mTLS authentication as an authentication method (#10382)
Browse files Browse the repository at this point in the history 
* Added mTLS authentication as an authentication method

* Added confidential applications

* Removed supported auth api endpoints
  • Loading branch information
@lrzhou25
lrzhou25 authored Mar 12, 2024
1 parent fe877bf commit 9b1a42f
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion articles/api/authentication/_introduction.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,12 @@ The Authentication API is served over HTTPS. All URLs referenced in the document

## Authentication methods

You have four options for authenticating with this API:
You have five options for authenticating with this API:
- OAuth2 <dfn data-key="access-token">Access Token</dfn>
- Client ID and Client Assertion (confidential applications)
- Client ID and Client Secret (confidential applications)
- Client ID (public applications)
- mTLS Authentication (confidential applications)

### OAuth2 Access Token

Expand All @@ -45,6 +46,18 @@ Send the Client ID. For public applications (applications that cannot hold crede

An example is the [Implicit Grant](#implicit-grant).

### mTLS Authentication

Generate a certificate, either [self-signed](https://auth0.com/docs/get-started/applications/configure-mtls/configure-mtls-for-a-client#self-signed-certificates) or [certificate authority signed](https://auth0.com/docs/get-started/applications/configure-mtls/configure-mtls-for-a-client#certificate-authority-signed-certificates). Then, [set up the customer edge network](https://auth0.com/docs/get-started/applications/configure-mtls/set-up-the-customer-edge) that performs the mTLS handshake.

Once your edge network verifies the certificate, forward the request to the Auth0 edge network with the following headers:

- The Custom Domain API key as the `cname-api-key` header.
- The client certificate as the `client-certificate` header.
- The client certificate CA verification status as the `client-certificate-ca-verified` header. For more information, see [Forward the Request](https://auth0.com/docs/get-started/applications/configure-mtls/set-up-the-customer-edge#forward-the-request-).

To learn more, read [Authenticate with mTLS](https://auth0.com/docs/get-started/authentication-and-authorization-flow/authenticate-with-mtls).

## Parameters

For GET requests, any parameters not specified as a segment in the path can be passed as an HTTP query string parameter:
Expand Down

0 comments on commit 9b1a42f

Please sign in to comment.