Note
As part of our ongoing commitment to best security practices, we have rotated the signing keys used to sign previous releases of this SDK. As a result, new patch builds have been released using the new signing key. Please upgrade at your earliest convenience.
While this change won't affect most developers, if you have implemented a dependency signature validation step in your build process, you may notice a warning that past releases can't be verified. This is expected, and a result of the key rotation process. Updating to the latest version will resolve this for you.
📚 Documentation - 🚀 Getting Started - 💻 API Reference 💬 Feedback
Documentation
- Examples - code samples for common auth0-java scenarios.
- Migration Guide - guidance for updating your application to use version 2 of auth0-java.
- Docs site - explore our docs site and learn more about Auth0.
Getting Started
Requirements
Java 8 or above.
auth0-java
is intended for server-side JVM applications. Android applications should use the Auth0.Android SDK.
Installation
Add the dependency via Maven:
<dependency>
<groupId>com.auth0</groupId>
<artifactId>auth0</artifactId>
<version>2.5.0</version>
</dependency>
or Gradle:
implementation 'com.auth0:auth0:2.5.0'
Configure the SDK
Authentication API Client
The Authentication API client is based on the Auth0 Authentication API.
Create an AuthAPI
instance by providing the Application details from the dashboard.
AuthAPI auth = AuthAPI.newBuilder("{YOUR_DOMAIN}", "{YOUR_CLIENT_ID}", "{YOUR_CLIENT_SECRET}").build();
Management API Client
The Management API client is based on the Management API Docs.
Create a ManagementAPI
instance by providing the domain from the Application dashboard and a valid API Token.
ManagementAPI mgmt = ManagementAPI.newBuilder("{YOUR_DOMAIN}", "{YOUR_API_TOKEN}").build();
The Management API is organized by entities represented by the Auth0 Management API objects.
User user = mgmt.users().get("auth0|user-id", new UserFilter()).execute().getBody();
Role role = mgmt.roles().get("role-id").execute().getBody();
You can use the Authentication API to obtain a token for a previously authorized Application:
AuthAPI authAPI = AuthAPI.newBuilder("{YOUR_DOMAIN}", "{YOUR_CLIENT_ID}", "{YOUR_CLIENT_SECRET}").build();
TokenRequest tokenRequest = authAPI.requestToken("https://{YOUR_DOMAIN}/api/v2/");
TokenHolder holder = tokenRequest.execute().getBody();
String accessToken = holder.getAccessToken();
ManagementAPI mgmt = ManagementAPI.newBuilder("{YOUR_DOMAIN}", accessToken).build();
An expired token for an existing ManagementAPI
instance can be replaced by calling the setApiToken
method with the new token.
See the Auth0 Management API documentation for more information on how to obtain API Tokens.
API Reference
Feedback
Contributing
We appreciate feedback and contribution to this repo! Before you get started, please see the following:
Raise an issue
To provide feedback or report a bug, please raise an issue on our issue tracker.
Vulnerability Reporting
Please do not report security vulnerabilities on the public Github issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 is an easy to implement, adaptable authentication and authorization platform. To learn more checkout Why Auth0?
This project is licensed under the MIT license. See the LICENSE file for more info.