To use Highly Regulated Identity features, you must have an Enterprise Plan with the Highly Regulated Identity add-on. Refer to Auth0 Pricing for details.
-Secured Authorization Requests (JAR) allow OAuth2 authorization request parameters to be packaged into a single JWT request parameter which is then signed for integrity protection.

Prerequisites

Before configuring your application for using JAR, you must generate an RSA key pair.
You should generate a separate key pair for each type of credential usage. For example, do not reuse the same key pairs for both JAR and Private Key JWT Authentication.

Configure JAR for an application

You can configure JAR for an application with the and the .
Use the Auth0 Dashboard to configure your application to use JAR with previously generated RSA keys.
  1. Navigate to Auth0 Dashboard > Applications.
  2. Select the application you want to use with JAR.
  3. Select the Application Settings tab.
  4. In the Authorization Requests section, enable Require JWT-Secured Authorization Requests.
  5. If no credential is assigned and there are credentials available, you will be prompted to assign an existing credential.
    Dashboard > Application > Settings > Assign Existing Credentials
  6. You will also have the option to assign a new credential.
    Auth0 Dashboard > Applications > Settings > Assign New Credentials
  7. Add and assign a new credential by uploading a previously generated RSA key pair. When prompted, enter the following:
    • Name: a name to identify the credential
    • Public Key: public key of the X.509 certificate in PEM format
    • Algorithm: select the JAR signature algorithm
    • Expiration Date: set the expiration date of the credential

Learn more