Auth0 | Bridged User Guide

Auth0 Integration Guide

Overview

This guide explains how to connect Bridged with Auth0 to read user profile data, identity information, and user metadata. The integration supports reading this data for activation, qualification, and nurture playbooks where user identity and authentication context are needed.

Auth0 is a cloud-based identity and access management platform that supports social logins, multi-factor authentication, and user management . It provides a RESTful Management API v2 for programmatic access to user data and tenant configuration .

Primary Use Case: Read User Data

For Bridged's identity and registration integrations, the primary use case is reading user-related data, including:

Data Type	Use in Bridged
User profiles	Personalize outreach and qualification conversations
User metadata	Access custom user attributes stored in Auth0
Identity provider links	Understand which social/enterprise IdPs users have used
User activity	Track login history and authentication events

Prerequisites

Before starting, ensure you have:

An Auth0 tenant with admin access
A Machine-to-Machine Application registered in Auth0 for API access
The Management API enabled with appropriate permissions
Your Auth0 Domain (e.g., your-tenant.auth0.com)

Note: To call the Auth0 Management API, you need a Management API access token. Machine-to-Machine (M2M) applications are the recommended approach for server-to-server integration .

Connection Methods

Method	Best for	Setup complexity
OAuth 2.0 Client Credentials (M2M - Preferred)	Server-to-server automated access	Medium
Authorization Code Flow	User-specific operations requiring end-user context	Medium
Management API Token	Direct API access with limited scope	Medium

Recommendation: Use OAuth 2.0 Client Credentials (Machine-to-Machine) for automated syncs. This is the standard approach for server-side integrations without user interaction .

Step 1: Create a Machine-to-Machine Application

Log in to your Auth0 Dashboard
Navigate to Applications → Applications
Click Create Application
Enter an application name (e.g., Bridged Integration)
Select Machine-to-Machine Applications as the application type
Click Create

Step 2: Authorize the Management API

After creating the M2M application:

On the API selection screen, choose Auth0 Management API
Select the following permissions (scopes):

Scope	Description	Required for
`read:users`	Search and retrieve user records	Reading user profiles
`read:user_idp_tokens`	Retrieve identity provider tokens	User identity info
`read:users_app_metadata`	Read application metadata	Custom user attributes

Click Authorize

Important: The read:users scope is required to query user data via the /api/v2/users and /api/v2/users-by-email endpoints .

Step 3: Obtain Client Credentials

Navigate to Applications → Applications → select your M2M app
Locate the following credentials:
- Client ID
- Client Secret
Note your Auth0 Domain from the Settings tab (e.g., dev-abc123.auth0.com)

Step 4: Configure Bridged to Connect to Auth0

Log in to your Bridged dashboard
Navigate to the Integrations section. If you do not see this section, contact support@bridged.media
Click Auth0 → Connect Account
Select OAuth 2.0 Client Credentials as your authentication method
Enter the following credentials:

Field	Description
Auth0 Domain	Your Auth0 tenant domain (e.g., `your-tenant.auth0.com`)
Client ID	From your M2M application
Client Secret	From your M2M application
Management API Audience	`https://{your-domain}/api/v2/` (e.g., `https://dev-abc123.auth0.com/api/v2/`)

Click Connect

Token Exchange Details

Bridged will automatically exchange credentials for an access token using the OAuth 2.0 Client Credentials grant:

bash

POST https://{your-domain}.auth0.com/oauth/token
Content-Type: application/json

{
  "client_id": "YOUR_CLIENT_ID",
  "client_secret": "YOUR_CLIENT_SECRET",
  "audience": "https://{your-domain}.auth0.com/api/v2/",
  "grant_type": "client_credentials"
}

The returned access token is included in the Authorization: Bearer header for all subsequent API calls .

Step 5: Available API Endpoints

Based on Auth0 Management API v2 documentation, the following endpoints are available for reading user data :

Endpoint	Method	Description	Key Parameters
`/api/v2/users`	GET	Get all users	`q`, `page`, `per_page`, `sort`
`/api/v2/users/{id}`	GET	Get user by ID	`user_id`
`/api/v2/users-by-email`	GET	Find users by email	`email`
`/api/v2/users/{id}/logins`	GET	Get user login history	`user_id`

Example: List Users

bash

curl -X GET "https://{your-domain}.auth0.com/api/v2/users?per_page=50" \
  -H "Authorization: Bearer {access_token}"

Example: Get User by Email

bash

curl -X GET "https://{your-domain}.auth0.com/api/v2/users-by-email?email=user@example.com" \
  -H "Authorization: Bearer {access_token}"

Example: Get User by ID

bash

curl -X GET "https://{your-domain}.auth0.com/api/v2/users/auth0|1234567890" \
  -H "Authorization: Bearer {access_token}"

Step 6: Configure Sync Settings

Setting	Options	Description
Data objects	Users, User Metadata, Logins	Which user data to read
Sync frequency	Hourly, Daily, Weekly	How often to refresh data
User filter	All users, Active only, By role	Filter which users to sync
Include metadata	Yes, No	Include user_metadata and app_metadata

Bulk sync limit: Each bulk operation is limited to 50 records per request. Use pagination (page and per_page parameters) to retrieve larger datasets.

Common Use Cases

Playbook	How User Data Is Used
Activation	Read user profiles to trigger authentication-related messages via WhatsApp
Qualification Agent	Read user metadata and identity provider links for lead scoring
Nurture & Conversion	Read user login history to identify engaged users for follow-up

Example Conversation Powered by Auth0 Data

When a support agent asks "What is this user's authentication method?", Bridged:

Reads user profile from Auth0 Management API (/api/v2/users/{id})
Identifies identity provider links from identities array
Returns authentication method information conversationally

Rate Limiting & Performance

Consideration	Details
API rate limits	Vary by subscription tier; enforce per API and endpoint
Management API limits	Stricter than Authentication API
Pagination	Use `per_page` (max 50) and `page` parameters
Bulk operations	Maximum 50 records per request
Cache recommendations	Cache access tokens to avoid hitting rate limits

Important: Auth0 enforces rate limits to ensure optimal performance. For Production tenants, limits are higher than Development tenants .

Security & Permissions

Auth0 uses OAuth 2.0 Client Credentials for M2M authentication
Access tokens are short-lived JWTs; Bridged automatically refreshes tokens
The access token's scopes claim determines permitted operations
All API calls should be made over TLS 1.2+
Credentials are encrypted and never stored in plain text

Required Scopes Summary

Scope	Required for
`read:users`	Reading user profiles and searching by email
`read:user_idp_tokens`	Accessing identity provider information
`read:users_app_metadata`	Reading custom application metadata

Alternative: User Account Linking Support

If your use case involves linking user accounts from multiple identity providers, the Management API supports account linking via server-side implementation . The process typically involves:

Searching for users with identical verified email addresses using /api/v2/users-by-email
Authenticating the target account
Linking accounts via the /api/v2/users/{id}/identities endpoint

This is useful for scenarios where attendees might have multiple authentication methods (Google, social login, email/password) for the same event registration.

Troubleshooting

Issue	Likely cause	Solution
Connection fails (401)	Invalid Client ID/Secret	Verify credentials in Auth0 Dashboard
Token generation fails	Wrong audience	Ensure audience is `https://{domain}.auth0.com/api/v2/`
No data returned (403)	Insufficient scopes	Add `read:users` permission to M2M app
Rate limiting (429)	Too many requests	Reduce sync frequency; implement caching
"Non-global clients" error	Audience not set	Configure default audience in Tenant Settings
User not found (404)	Wrong user ID format	Use correct format: `{connection_name}\|{user_id}`

Support

For integration support, contact your Bridged account manager or email support@bridged.media.

For Auth0-specific questions:

Auth0 Documentation: https://auth0.com/docs
Management API Reference: https://auth0.com/docs/api/management/v2
Support: Contact Auth0 Support via your account dashboard