Note As part of our ongoing commitment to best security practices, we have rotated the signing keys used to sign previous releases of this SDK. As a result, new patch builds have been released using the new signing key. Please upgrade at your earliest convenience.

While this change won't affect most developers, if you have implemented a dependency signature validation step in your build process, you may notice a warning that past releases can't be verified. This is expected, and a result of the key rotation process. Updating to the latest version will resolve this for you.

We are improving our API specs which introduces minor breaking changes.

📚 Documentation - 🚀 Getting Started - 💻 API Reference 💬 Feedback

Documentation

• Reference - code samples for Management APIs.
• Examples - code samples for common auth0-java scenarios.
• Migration Guide - guidance for updating your application to use version 3 of auth0-java.
• Docs site - explore our docs site and learn more about Auth0.

Getting Started

Requirements

Java 8 or above.

auth0-java is intended for server-side JVM applications. Android applications should use the Auth0.Android SDK.

Installation

Add the dependency via Maven:

<dependency>
  <groupId>com.auth0</groupId>
  <artifactId>auth0</artifactId>
  <version>3.2.0</version>
</dependency>

or Gradle:

implementation 'com.auth0:auth0:3.2.0'

Configure the SDK

Authentication API Client

The Authentication API client is based on the Auth0 Authentication API.

Create an AuthAPI instance by providing the Application details from the dashboard.

AuthAPI auth = AuthAPI.newBuilder("{YOUR_DOMAIN}", "{YOUR_CLIENT_ID}", "{YOUR_CLIENT_SECRET}").build();

Management API Client

The Management API client is based on the Management API Docs. In v3, the Management API is Fern-generated and uses ManagementApi as the entry point.

Create a ManagementApi instance with a static token:

ManagementApi mgmt = ManagementApi.builder()
        .domain("{YOUR_DOMAIN}")
        .token("{YOUR_API_TOKEN}")
        .build();

Or use client credentials for automatic token management (recommended for server-to-server applications):

ManagementApi mgmt = ManagementApi.builder()
        .domain("{YOUR_DOMAIN}")
        .clientCredentials("{YOUR_CLIENT_ID}", "{YOUR_CLIENT_SECRET}")
        .build();

The Management API is organized into resource clients. Methods return typed response objects directly:

GetUserResponseContent user = mgmt.users().get("user_id");
GetRoleResponseContent role = mgmt.roles().get("role_id");

You can also obtain a token via the Authentication API and use it with the Management API client:

AuthAPI authAPI = AuthAPI.newBuilder("{YOUR_DOMAIN}", "{YOUR_CLIENT_ID}", "{YOUR_CLIENT_SECRET}").build();
TokenRequest tokenRequest = authAPI.requestToken("https://{YOUR_DOMAIN}/api/v2/");
TokenHolder holder = tokenRequest.execute().getBody();
String accessToken = holder.getAccessToken();
ManagementApi mgmt = ManagementApi.builder()
        .domain("{YOUR_DOMAIN}")
        .token(accessToken)
        .build();

See the Auth0 Management API documentation for more information on how to obtain API Tokens.

API Reference

• AuthAPI
• ManagementApi

Feedback

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please see the following:

• Auth0's general contribution guidelines
• Auth0's code of conduct guidelines

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

Vulnerability Reporting

Please do not report security vulnerabilities on the public Github issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

---

Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?

This project is licensed under the MIT license. See the LICENSE file for more info.