Auth0
Auth0 (now part of Okta) is a leading identity-as-a-service platform providing authentication and authorization for applications, APIs, and AI agents. It implements OpenID Connect, OAuth 2.0, SAML 2.0, WS-Federation, and SCIM, and exposes a Management API (OpenAPI 3.1, 221 paths, 2,567 schemas), an Authentication API, a My Account API, a My Organization API, FGA (Fine-Grained Authorization, OpenFGA / Zanzibar-based), and Auth0 for AI Agents — covering Token Vault, asynchronous authorization, Auth for MCP, and FGA for RAG.
6 APIs
26 Features
AI AgentsAuthenticationAuthorizationFGAIdentity ManagementMCPOAuthOktaOpenID ConnectSAMLSecuritySCIM
Free: 25,000 MAUs, passwordless, social connections, SCIM, Self-Service SSO
Essentials: $35/mo (B2C) or $150/mo (B2B) starting at 500 MAUs
Professional: $240/mo (B2C) or $800/mo (B2B)
Enterprise custom: 99.99% SLA, private deployment
Authentication API (OAuth 2.0 / OIDC / SAML / WS-Federation)
Management API (OpenAPI 3.1 Beta, 221 paths, 2,567 schemas)
My Account API (user self-service)
My Organization API (B2B org self-service, SCIM)
FGA — Fine-Grained Authorization (OpenFGA / Zanzibar)
Auth0 for AI Agents — Token Vault, async auth, Auth for MCP, FGA for RAG (GA, 50% of base)
M2M Tokens add-on ($30–$1,200/mo)
Authentication API: 100 RPS Free, 200 RPS Paid
Management API: 2 RPS Free, 15 RPS Paid
Public Performance Burst — Enterprise add-on (2x/3x/4x for up to 48h/month)
Universal Login + Lock customizable UI + ACUL Screen Generator
Actions for custom auth pipeline logic (Node.js)
Event Streams (GA) to EventBridge, Actions, webhooks
Multi-Resource Refresh Tokens (MRRT) GA
Online Refresh Tokens (Beta, session-bound for SPAs)
FGA Permissions Index (Developer Preview)
Organization Discovery by Domain (GA)
Tenant log streaming to SIEM
Bot Detection and Anomaly Detection
Self-Service SSO with SCIM provisioning
Verifiable Credentials
3B+ attacks blocked monthly; 10B+ authentications monthly; 99.99% uptime SLA
aid: auth0
name: Auth0
description: >
Auth0 (now part of Okta) is a leading identity-as-a-service platform providing authentication and authorization for
applications, APIs, and AI agents. It implements OpenID Connect, OAuth 2.0, SAML 2.0, WS-Federation, and SCIM, and
exposes a Management API (OpenAPI 3.1, 221 paths, 2,567 schemas), an Authentication API, a My Account API, a My
Organization API, FGA (Fine-Grained Authorization, OpenFGA / Zanzibar-based), and Auth0 for AI Agents — covering Token
Vault, asynchronous authorization, Auth for MCP, and FGA for RAG.
type: Index
image: https://kinlane-productions.s3.amazonaws.com/apis-json/apis-json-logo.jpg
tags:
- AI Agents
- Authentication
- Authorization
- FGA
- Identity Management
- MCP
- OAuth
- Okta
- OpenID Connect
- SAML
- Security
- SCIM
url: https://raw.githubusercontent.com/api-evangelist/auth0/refs/heads/main/apis.yml
created: '2024-04-14'
modified: '2026-05-30'
specificationVersion: '0.19'
apis:
- aid: auth0:auth0-management-api
name: Auth0 Management API
description: >
Comprehensive administrative API for managing Auth0 tenants — users, clients, connections, organizations, actions,
event streams, branding, logs, roles, resource servers, and more. Published as OpenAPI 3.1 (Beta) with 221 paths
and 2,567 schemas. Requires Management API access tokens (Bearer JWT or OAuth 2.0 client credentials).
humanURL: https://auth0.com/docs/api/management/v2
baseURL: https://your-tenant.auth0.com/api/v2
tags:
- Authentication
- Identity
- Management
- User Management
properties:
- type: Documentation
url: https://auth0.com/docs/api/management/v2
- type: APIReference
url: https://auth0.com/docs/api/management/v2
- type: GettingStarted
url: https://auth0.com/docs/get-started
- type: Authentication
url: https://auth0.com/docs/secure/tokens
- type: OpenAPI
url: openapi/auth0-management-api-openapi.yml
- type: OpenAPISource
url: https://auth0.com/docs/api/management/openapi.json
- type: AsyncAPI
url: asyncapi/auth0-log-streams-and-actions-asyncapi.yml
- type: SpectralRules
url: rules/auth0-management-rules.yml
- url: graphql/auth0-graphql.md
type: GraphQL
- aid: auth0:auth0-authentication-api
name: Auth0 Authentication API
description: >
Authentication endpoints implementing OpenID Connect, OAuth 2.0, SAML 2.0, WS-Federation, and Passwordless. Covers
/authorize, /oauth/token (including Token Exchange and Device Code), /v2/logout, /samlp/*, /mfa/*,
/passwordless/*, /userinfo, and /dbconnections/*.
humanURL: https://auth0.com/docs/api/authentication
baseURL: https://your-tenant.auth0.com
tags:
- Authentication
- OAuth
- OpenID Connect
- SAML
- WS-Federation
- Passwordless
- MFA
properties:
- type: Documentation
url: https://auth0.com/docs/api/authentication
- type: APIReference
url: https://auth0.com/docs/api/authentication
- type: OpenAPI
url: openapi/auth0-authentication-api-openapi.yml
- type: SpectralRules
url: rules/auth0-authentication-rules.yml
- aid: auth0:auth0-my-account-api
name: Auth0 My Account API
description: >
User self-service endpoints for managing authentication factors and account settings. Recently extended with ACR
enforcement for sensitive scopes.
humanURL: https://auth0.com/docs/api/myaccount
baseURL: https://your-tenant.auth0.com
tags:
- Account Management
- Authentication
- MFA
- Self-Service
properties:
- type: Documentation
url: https://auth0.com/docs/api/myaccount
- aid: auth0:auth0-my-organization-api
name: Auth0 My Organization API
description: >
Organization-scoped endpoints for B2B customers to manage their own Organizations — IdP configuration, SCIM
provisioning, and Home Realm Discovery.
humanURL: https://auth0.com/docs/api/myorganization
baseURL: https://your-tenant.auth0.com
tags:
- Authentication
- B2B
- Identity
- Organizations
- SCIM
properties:
- type: Documentation
url: https://auth0.com/docs/api/myorganization
- aid: auth0:auth0-fga
name: Auth0 FGA (Fine-Grained Authorization)
description: >
Auth0 FGA is the hosted offering of OpenFGA, the CNCF authorization service inspired by Google's Zanzibar.
Provides relationship-based access control via stores, authorization models, tuples, check, expand, list-objects,
and list-users endpoints. Used for B2B hierarchical permissions and FGA for RAG in AI agent retrieval pipelines.
humanURL: https://docs.fga.dev
baseURL: https://api.{region}.fga.dev
tags:
- Authorization
- FGA
- OpenFGA
- Zanzibar
- ReBAC
properties:
- type: Documentation
url: https://docs.fga.dev
- type: OpenAPI
url: openapi/auth0-fga-openapi.yml
- type: SpectralRules
url: rules/auth0-fga-rules.yml
- type: Project
url: https://openfga.dev
- type: Repository
url: https://github.com/openfga/openfga
- aid: auth0:auth0-for-ai-agents
name: Auth0 for AI Agents
description: >
Identity and authorization product line for AI agents. Bundles Token Vault (delegated API credentials for
Google/GitHub/Slack etc.), asynchronous authorization (human-in-the-loop), Fine-Grained Authorization for RAG, and
Auth for MCP (Client ID Metadata Registration + On-Behalf-Of Token Exchange + Resource Parameter Compatibility
Mode). GA as of 2026.
humanURL: https://auth0.com/ai
tags:
- AI Agents
- MCP
- Token Vault
- GenAI
- RAG
properties:
- type: Documentation
url: https://auth0.com/ai
- type: MCPServer
url: https://github.com/auth0/auth0-mcp-server
- type: AgentSkill
url: https://github.com/auth0/agent-skills
- type: SDK
url: https://auth0.com/docs/libraries
common:
- type: PostmanWorkspace
url: https://www.postman.com/kinlaneapi/auth0/overview
- type: ArazzoWorkflows
url: arazzo/
workflows:
- url: arazzo/auth0-create-client-create-connection-enable-workflow.yml
name: Auth0 Create Client, Create Connection and Enable
summary: Create a client application, create a connection, and enable the connection for the new client.
- url: arazzo/auth0-create-client-grant-to-api-workflow.yml
name: Auth0 Create Client and Grant Access to an Existing API
summary: Create a client application, grant it access to an existing API audience, then read the grant back.
- url: arazzo/auth0-create-connection-enable-client-workflow.yml
name: Auth0 Create Connection and Enable for a Client
summary: Create an identity connection, enable it for a client application, then list the connection's enabled clients.
- url: arazzo/auth0-create-org-add-connection-workflow.yml
name: Auth0 Create Organization and Add Connection
summary: Create an organization, associate an existing connection with it, then read the association back.
- url: arazzo/auth0-create-org-add-members-workflow.yml
name: Auth0 Create Organization and Add Members
summary: Create an organization, add existing users as members, then list the members.
- url: arazzo/auth0-create-org-assign-member-roles-workflow.yml
name: Auth0 Create Organization, Add Member and Assign Member Roles
summary: Create an organization, add a single user as a member, and assign that member organization-scoped roles.
- url: arazzo/auth0-create-org-connection-and-invite-workflow.yml
name: Auth0 Create Organization, Attach Connection and Invite a User
summary: Create an organization, attach an existing connection, and invite a user to authenticate through it.
- url: arazzo/auth0-create-resource-server-role-permissions-workflow.yml
name: Auth0 Create API, Role and Bind Permissions
summary: Register an API with scopes, create a role, and associate the API's scopes with that role as permissions.
- url: arazzo/auth0-create-role-add-permissions-workflow.yml
name: Auth0 Create Role and Add Permissions
summary: Create a role, associate API permissions with it, then list the role's permissions to confirm.
- url: arazzo/auth0-create-role-assign-to-user-workflow.yml
name: Auth0 Create Role and Assign to a User
summary: Create a role, assign an existing user to it, then list the role's users.
- url: arazzo/auth0-create-user-add-to-org-with-roles-workflow.yml
name: Auth0 Create User, Add to Organization with Roles
summary: >-
Create a database user, add them as a member of an existing organization, and assign organization-scoped
roles.
- url: arazzo/auth0-create-user-assign-permissions-workflow.yml
name: Auth0 Create User and Assign Direct Permissions
summary: Create a database user, assign direct API permissions, then list those permissions.
- url: arazzo/auth0-create-user-assign-roles-workflow.yml
name: Auth0 Create User and Assign Roles
summary: Create a database user, assign one or more tenant roles, then read the enriched profile back.
- url: arazzo/auth0-find-role-assign-users-workflow.yml
name: Auth0 Find Role by Name and Assign Users
summary: Resolve a role by name filter and, when found, assign users to it.
- url: arazzo/auth0-find-user-add-to-org-workflow.yml
name: Auth0 Find User by Email and Add to an Organization
summary: Resolve a user by email and, when found, add them as a member of an existing organization.
- url: arazzo/auth0-find-user-assign-role-workflow.yml
name: Auth0 Find User by Email and Assign Role
summary: Look up a user by email and, when found, assign tenant roles to that user.
- url: arazzo/auth0-invite-user-to-org-workflow.yml
name: Auth0 Create Organization and Invite a User
summary: Create an organization, create an invitation for a new member, then read the invitation back.
- url: arazzo/auth0-offboard-user-revoke-grants-workflow.yml
name: Auth0 Offboard User and Revoke Grants
summary: Find a user by email, list their authorization grants, and revoke the first grant when present.
- url: arazzo/auth0-provision-m2m-app-workflow.yml
name: Auth0 Provision Machine-to-Machine Application
summary: Create an API (resource server), create a non-interactive client, and grant the client access to the API.
- type: LinkedIn
url: https://www.linkedin.com/company/auth0
- type: Website
url: https://auth0.com/
- type: Documentation
url: https://auth0.com/docs/
- type: GettingStarted
url: https://auth0.com/docs/get-started
- type: Blog
url: https://auth0.com/blog/
- type: SignUp
url: https://auth0.com/signup
- type: Login
url: https://manage.auth0.com/
- type: Pricing
url: https://auth0.com/pricing
- type: Plans
url: plans/auth0-plans-pricing.yml
- type: RateLimits
url: rate-limits/auth0-rate-limits.yml
- type: FinOps
url: finops/auth0-finops.yml
- type: GitHubOrganization
url: https://github.com/auth0
- type: StatusPage
url: https://status.auth0.com/
- type: Community
url: https://community.auth0.com/
- type: Support
url: https://support.auth0.com/
- type: TermsOfService
url: https://auth0.com/legal/tos
- type: PrivacyPolicy
url: https://auth0.com/privacy
- type: SDK
url: https://auth0.com/docs/libraries
- type: ChangeLog
url: https://auth0.com/changelog
- type: AI
url: https://auth0.com/ai
- type: MCPServer
url: https://github.com/auth0/auth0-mcp-server
- type: AgentSkill
url: https://github.com/auth0/agent-skills
- type: Vocabulary
url: vocabulary/auth0-vocabulary.yml
- type: JSONLD
url: json-ld/auth0-context.jsonld
- type: SDKLanguages
data:
- name: JavaScript / TypeScript
repos: auth0-spa-js, auth0-react, auth0.js, nextjs-auth0, node-auth0
- name: Go
repos: go-jwt-middleware (1,203 stars)
- name: Java
repos: auth0-java (319 stars)
- name: Swift
repos: Auth0.swift (445 stars)
- name: Kotlin
repos: Auth0.Android (287 stars)
- name: Ruby
repos: ruby-auth0 (204 stars)
- name: Python
repos: auth0-python
- name: PHP
repos: auth0-PHP
- name: .NET
repos: auth0.net
- name: Terraform
repos: terraform-provider-auth0 (213 stars)
- type: Features
data:
- 'Free: 25,000 MAUs, passwordless, social connections, SCIM, Self-Service SSO'
- 'Essentials: $35/mo (B2C) or $150/mo (B2B) starting at 500 MAUs'
- 'Professional: $240/mo (B2C) or $800/mo (B2B)'
- 'Enterprise custom: 99.99% SLA, private deployment'
- Authentication API (OAuth 2.0 / OIDC / SAML / WS-Federation)
- Management API (OpenAPI 3.1 Beta, 221 paths, 2,567 schemas)
- My Account API (user self-service)
- My Organization API (B2B org self-service, SCIM)
- FGA — Fine-Grained Authorization (OpenFGA / Zanzibar)
- Auth0 for AI Agents — Token Vault, async auth, Auth for MCP, FGA for RAG (GA, 50% of base)
- M2M Tokens add-on ($30–$1,200/mo)
- 'Authentication API: 100 RPS Free, 200 RPS Paid'
- 'Management API: 2 RPS Free, 15 RPS Paid'
- Public Performance Burst — Enterprise add-on (2x/3x/4x for up to 48h/month)
- Universal Login + Lock customizable UI + ACUL Screen Generator
- Actions for custom auth pipeline logic (Node.js)
- Event Streams (GA) to EventBridge, Actions, webhooks
- Multi-Resource Refresh Tokens (MRRT) GA
- Online Refresh Tokens (Beta, session-bound for SPAs)
- FGA Permissions Index (Developer Preview)
- Organization Discovery by Domain (GA)
- Tenant log streaming to SIEM
- Bot Detection and Anomaly Detection
- Self-Service SSO with SCIM provisioning
- Verifiable Credentials
- 3B+ attacks blocked monthly; 10B+ authentications monthly; 99.99% uptime SLA
sources:
- https://auth0.com/
- https://auth0.com/pricing
- https://auth0.com/changelog
- https://auth0.com/ai
updated: '2026-05-22'
- type: UseCases
data:
- name: Customer Identity
description: >-
Add secure, scalable authentication to customer-facing web and mobile applications with social login and
passwordless options.
- name: Workforce Identity
description: Federate with enterprise IdPs for employee authentication with SSO, MFA, and SCIM provisioning.
- name: B2B Identity
description: >-
Provide multi-tenant identity for SaaS applications with per-customer organization management and custom login
flows.
- name: API Authorization
description: Secure REST and GraphQL APIs using OAuth 2.0 access tokens with audience and scope validation.
- name: Machine-to-Machine Auth
description: Issue OAuth 2.0 client credentials tokens for service-to-service API authentication without user involvement.
- name: AI Agent Identity
description: >-
Issue dedicated agent identities; broker user-delegated tokens to third-party APIs via Token Vault; enforce
FGA on RAG retrieval.
- name: MCP Server Authentication
description: >-
Auth for MCP (GA) secures Model Context Protocol servers using Client ID Metadata Registration and
On-Behalf-Of Token Exchange.
- type: Integrations
data:
- name: Okta
description: Auth0 is part of Okta, enabling combined workforce and customer identity capabilities.
- name: Active Directory / LDAP
description: Connect on-premises Active Directory and LDAP directories for enterprise user authentication.
- name: Azure AD / Entra ID
description: Federate with Azure Active Directory for Microsoft ecosystem authentication and SSO.
- name: Salesforce
description: Use Auth0 as identity provider for Salesforce apps and customer communities.
- name: AWS
description: >-
Secure AWS API Gateway and Lambda functions with Auth0-issued JWT access tokens; deliver Event Streams to
EventBridge.
- name: Twilio
description: Send OTP and MFA verification codes via Twilio SMS and voice using Auth0 MFA integration.
- name: Stripe
description: Auth0 is available in the Stripe Projects developer preview.
- name: LangChain / LlamaIndex / Vercel AI SDK / Cloudflare Agents / Firebase Genkit
description: Auth0 for AI Agents ships SDKs and adapters for the major agent frameworks.
- name: Claude Code / Cursor / GitHub Copilot
description: >-
27 Auth0 Agent Skills usable with Claude Code, Cursor, GitHub Copilot, and 40+ Agent-Skills-compatible coding
assistants.
- type: Solutions
data:
- name: Customer Identity Access Management
description: >-
Comprehensive CIAM solution for customer-facing applications with self-service registration, social login, and
adaptive MFA.
- name: Workforce Identity
description: Enterprise identity management for employees with federation, MFA, and SSO across all applications.
- name: B2B SaaS Identity
description: >-
Multi-tenant identity infrastructure for SaaS platforms requiring per-customer branding, SSO, and user
management.
- name: AI Agent Security
description: >-
Secure agent identity, token vaulting, async authorization, and FGA-powered RAG; named "Most Innovative AI
Infrastructure Security Solution 2026."
maintainers:
- FN: Kin Lane
email: [email protected]