When a web application uses Auth0 Dynamic Client Registration (DCR) for third-party application creation, Auth0 creates a new application on every login attempt. This occurs because the application calls the DCR endpoint on each login.

To resolve this issue, store and reuse the client credentials after the initial registration. The observable symptom is that the Auth0 tenant quickly reaches the allowed number of applications limit because a new application is generated during every user authentication.

• Dynamic Client Registration (DCR)
• Auth0

The application calls the DCR endpoint (oidc/register) on each login. This endpoint creates a new application each time it receives a call.

How is the application logic updated to prevent duplicate application creation?

Update the application logic to store the credentials in a database, retrieve them during login attempts, and use them for the authentication flow.

1. Store the client_id and client_secret from each third-party application in a database after the initial registration.
2. Retrieve the stored client_id and client_secret from the database when a login attempt occurs from the same third-party application.
3. Use the retrieved credentials for the authentication flow instead of calling the DCR endpoint again.

Related References

• Model Context Protocol (MCP) Common Questions