View Signing Certificates

You can view your tenant’s application and signing keys using the or the . The application signing key is used to sign , , assertions, and assertions sent to your application. These keys are different from those used to sign interactions with connections, including signing SAML requests to (IdPs) and encrypting responses from IdPs. By default, SAML assertions for IdP connections are signed, which we recommend. To learn more, read SAML Identity Provider Configuration Settings.

Use the Dashboard

Tenant settings

Go to Dashboard > Settings > Signing Keys.
In the Rotation Settings section, locate List of Valid Keys and List of Revoked Keys.
1. The List of Valid Keys section lists the current signing key being used by your tenant, plus the next signing key that will be assigned should you choose to rotate your signing keys. If you have previously rotated signing keys, this section also lists the previously-used keys.
2. The List of Revoked Keys section lists the last three revoked keys for your tenant.

Application settings

You can also view an application’s signing key and/or client secret depending on the type of you are using.

If using the RS256 signing algorithm

Go to Dashboard > Applications, and select the name of the application to view.
Scroll to the bottom of the Settings tab, and select Advanced Settings.
Go to the Certificates tab and locate the Signing Certificate field.

If using the HS256 signing algorithm

Go to Dashboard > Applications, and select the name of the application to view.
Under Basic Information, locate the Client Secret field for the client secret.

Use the Management API

Get all signing keys

Make a GET call to the /signing_keys/get_signing_keys endpoint. Be sure to replace the {yourMgmtApiAccessToken} placeholder value with your Management API Access Token.

Value	Description
`MGMT_API_ACCESS_TOKEN`	Access Token for the Management API with the scope `read:signing_keys`.

Get a single signing key

Make a GET call to the /signing_keys/get_signing_key endpoint. Be sure to replace the {yourKeyId} and {yourMgmtApiAccessToken} placeholder values with your signing key’s ID and Management API Access Token, respectively.

Value	Description
`YOUR_KEY_ID`	ID of the signing key to be viewed. To learn how to find your signing key ID, see Locate JSON Web Key Sets.
`MGMT_API_ACCESS_TOKEN`	Access Token for the Management API with the scope `read:signing_keys`.

Auth0 Onboarding

Learn the Basics

Configure Auth0

Plan and Design

Auth0 AI

Universal Components

View Signing Certificates

Use the Dashboard

Tenant settings

Application settings

If using the RS256 signing algorithm

If using the HS256 signing algorithm

Use the Management API

Get all signing keys

Get a single signing key

Learn more

Auth0 Onboarding

Learn the Basics

Configure Auth0

Plan and Design

Auth0 AI

Universal Components

Documentation Index

​Use the Dashboard

​Tenant settings

​Application settings

​If using the RS256 signing algorithm

​If using the HS256 signing algorithm

​Use the Management API

​Get all signing keys

​Get a single signing key

​Learn more

Use the Dashboard

Tenant settings

Application settings

If using the RS256 signing algorithm

If using the HS256 signing algorithm

Use the Management API

Get all signing keys

Get a single signing key

Learn more