First party application

First-party applications are those controlled by the same organization or person who owns the Auth0 domain. For example, let’s say you created both a Contoso API and an application that logs into contoso.com and consumes the Contoso API.

Third party applications

All applications created through Dynamic Client Registration will be third-party. Third-party applications cannot be created using the Dashboard, but must be created through the Auth0 Management API by setting is_first_party to false.

Third-party applications have the following unique characteristics:

• User Consent: You must require user consent when consuming APIs because anyone can create an application. Requiring the user to provide consent improves security.
• ID Tokens: ID tokens generated for third-party applications hold only minimum user profile information.
• Connections: You can only use tenant-level connections or domain connections. For more information, see