Possibility to Access Auth0 Using HTTP Instead of HTTPS or a Port Other than 443

Additional Features

Last Updated:

Overview

This article clarifies whether it is possible to access Auth0 using HTTP instead of HTTPS or a port that is not 443.
 

Applies To

  • Ports and Protocol

Cause

A secure transport layer is required on all communication flows used in the authorization protocols supported by Auth0: OAuth2, OIDC, SAML, and WS-Federation.

Solution

This is not possible.

This ensures the security of items such as credentials, tokens, and personally identifiable information.

HTTPS is also mandatory for the administration dashboard and every related service. Again, it would not make sense to exchange information used to secure systems over an insecure protocol.

There is also a rule in place that prevents traffic on ports other than 443 from reaching our origin.

Recommended content

No recommended content found...
Need more help? Visit the Community
Visit the Auth0 Community