Note As part of our ongoing commitment to best security practices, we have rotated the signing keys used to sign previous releases of this SDK. As a result, new patch builds have been released using the new signing key. Please upgrade at your earliest convenience.

While this change won't affect most developers, if you have implemented a dependency signature validation step in your build process, you may notice a warning that past releases can't be verified. This is expected, and a result of the key rotation process. Updating to the latest version will resolve this for you.

📚 Documentation - 🚀 Getting Started - 💻 API Reference 💬 Feedback

Documentation

• Examples - code samples for common auth0-java scenarios.
• Migration Guide - guidance for updating your application to use version 2 of auth0-java.
• Docs site - explore our docs site and learn more about Auth0.

Getting Started

Requirements

Java 8 or above.

auth0-java is intended for server-side JVM applications. Android applications should use the Auth0.Android SDK.

Installation

Add the dependency via Maven:

<dependency>
  <groupId>com.auth0</groupId>
  <artifactId>auth0</artifactId>
  <version>2.15.0</version>
</dependency>

or Gradle:

implementation 'com.auth0:auth0:2.15.0'

Configure the SDK

Authentication API Client

The Authentication API client is based on the Auth0 Authentication API.

Create an AuthAPI instance by providing the Application details from the dashboard.

AuthAPI auth = AuthAPI.newBuilder("{YOUR_DOMAIN}", "{YOUR_CLIENT_ID}", "{YOUR_CLIENT_SECRET}").build();

Management API Client

The Management API client is based on the Management API Docs.

Create a ManagementAPI instance by providing the domain from the Application dashboard and a valid API Token.

ManagementAPI mgmt = ManagementAPI.newBuilder("{YOUR_DOMAIN}", "{YOUR_API_TOKEN}").build();

The Management API is organized by entities represented by the Auth0 Management API objects.

User user = mgmt.users().get("auth0|user-id", new UserFilter()).execute().getBody();
Role role = mgmt.roles().get("role-id").execute().getBody();

You can use the Authentication API to obtain a token for a previously authorized Application:

AuthAPI authAPI = AuthAPI.newBuilder("{YOUR_DOMAIN}", "{YOUR_CLIENT_ID}", "{YOUR_CLIENT_SECRET}").build();
TokenRequest tokenRequest = authAPI.requestToken("https://{YOUR_DOMAIN}/api/v2/");
TokenHolder holder = tokenRequest.execute().getBody();
String accessToken = holder.getAccessToken();
ManagementAPI mgmt = ManagementAPI.newBuilder("{YOUR_DOMAIN}", accessToken).build();

An expired token for an existing ManagementAPI instance can be replaced by calling the setApiToken method with the new token.

See the Auth0 Management API documentation for more information on how to obtain API Tokens.

API Reference

• AuthAPI
• ManagementAPI

Feedback

Contributing

We appreciate feedback and contribution to this repo! Before you get started, please see the following:

• Auth0's general contribution guidelines
• Auth0's code of conduct guidelines

Raise an issue

To provide feedback or report a bug, please raise an issue on our issue tracker.

Vulnerability Reporting

Please do not report security vulnerabilities on the public Github issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.

---

Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?

This project is licensed under the MIT license. See the LICENSE file for more info.