Skip to main content
Unlisted page
This page is unlisted. Search engines will not index it, and only users having a direct link can access it.

Auth0

This documentation for the Auth0 integration describes the technical capabilities of this integration, including authorization, scopes/permissions, and utilized endpoints. For more information on how to integrate Auth0, visit our connection instructions.

Version

This integration utilizes the Auth0 Management API v2.

Base URL

The base URL used for all Auth0 API endpoints contains the Subdomain:
https://subdomain.auth0.com/api/v2/

Authentication & Authorization

The DataGrail Auth0 integration connects using OAuth 2.0 with the following credentials: Client ID and Client Secret.

Sensitive Credentials
Publicly exposing your API credentials can allow unauthorized access to Auth0 API endpoints by a third party. DataGrail stores your API credentials encrypted and protected.

Scopes

The Auth0 integration requires specific scopes that must be granted in order to function for a given capability.

ScopeAccessDeletionSystem Detection
read:email_provider
read:resource_servers
read:connections
read:users
read:users_app_metadata
read:client_grants
read:clients
read:client_keys
read:logs
read:logs_users
delete:users

Endpoints Utilized

DataGrail uses the following endpoints to authorize and test the connection:

MethodEndpointPurposeDocs
POSThttps://subdomain.auth0.com/oauth/tokenGet token
POSThttps://auth0.com/oauth/tokenRefresh access token

Limits

Limits in Auth0 are calculated using the leaky bucket algorithm. All requests that are made after rate limits have been exceeded are throttled and an HTTP 429 Too Many Requests error is returned. Requests succeed again after enough requests have emptied out of the bucket.

  • DataGrail supports requests throttling to stay within 70-80% of specified service rate limits.
  • DataGrail processes API responses with HTTP 429 status to interrupt requests, waiting and retrying (using an exponential backoff strategy).

Capabilities

Access

DataGrail's Auth0 integration provides Synchronous Access capabilities for the following supported identifier category: Email.

Data Interactions

For Access requests, DataGrail will take the following actions:

  1. Find a user via email.
  2. Fetch logs for the user.

Endpoints Utilized

MethodEndpointPurposeDocs
GET/users-by-emailSearch users by email
GET/users/user_id/logsGet user's log events

Deletion

DataGrail's Auth0 integration provides Synchronous Deletion capabilities for the following supported identifier category: Email.

Data Interactions

For Deletion requests, DataGrail will take the following actions:

  1. Delete a user permanently from Auth0.

Endpoints Utilized

MethodEndpointPurposeDocs
DEL/users/user_idDelete a user

System Detection

DataGrail provides continuous system detection, delivering a real-time inventory of your data assets.

Data Interactions

DataGrail's System Detection process runs once daily and performs the following actions:

  1. Retrieve clients (applications and SSO integrations) of "non_interactive" and "auth0" types.
  2. Retrieve connections, excluding auth0, datagrail and Username-Password-Authentication.
  3. Retrieve APIs (resource servers), excluding datagrail.io and auth0.com.
  4. Retrieve email provider details.

Endpoints Utilized

MethodEndpointPurposeDocs
GET/clientsGet clients
GET/connectionsGet all connections
GET/emails/providerGet email provider
GET/resource-serversGet resource servers

 

Need help?
If you have any questions, please reach out to your dedicated Account Manager or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.