auth0 · marcossegovia · May 8, 2025 · May 8, 2025 · Jul 26, 2025 · Jul 26, 2025
@@ -4,6 +4,7 @@
 - [HTTP Client configuration](#http-client-configuration)
 - [Verifying an ID token](#verifying-an-id-token)
 - [Organizations](#organizations)
+- [Client credential management](#client-credential-management)
 - [Asynchronous operations](#asynchronous-operations)
 
 ## Error handling
@@ -131,6 +132,59 @@ String url = auth.authorizeUrl("https://me.auth0.com/callback")
     .build();
 ```
 
+## Client credential management
+
+The SDK provides comprehensive support for managing client credentials used for machine-to-machine authentication and API access.
+
+### List client credentials
+
+```java
+ManagementAPI mgmt = ManagementAPI.newBuilder("{YOUR_DOMAIN}", "{YOUR_API_TOKEN}").build();
+Request<List<Credential>> request = mgmt.clients().listCredentials("{CLIENT_ID}");
+List<Credential> credentials = request.execute().getBody();
+```
+
+### Get a specific client credential
+
+```java
+Request<Credential> request = mgmt.clients().getCredential("{CLIENT_ID}", "{CREDENTIAL_ID}");
+Credential credential = request.execute().getBody();
+```
+
+### Create a new client credential
+
+```java
+Credential newCredential = new Credential("public_key", "{PEM_CONTENT}");
+newCredential.setName("My API Credential");
+Request<Credential> request = mgmt.clients().createCredential("{CLIENT_ID}", newCredential);
+Credential createdCredential = request.execute().getBody();
+```
+
+### Update an existing client credential
+
+```java
+Credential updates = new Credential();
+updates.setName("Updated credential name");
+// Note: expires_at can also be updated by setting a Date object
+Request<Credential> request = mgmt.clients().updateCredential("{CLIENT_ID}", "{CREDENTIAL_ID}", updates);
+Credential updatedCredential = request.execute().getBody();
+```
+
+### Delete a client credential
+
+```java
+Request<Void> request = mgmt.clients().deleteCredential("{CLIENT_ID}", "{CREDENTIAL_ID}");
+request.execute();
+```
+
+**Required Scopes**: 
+- `read:client_credentials` - for listing and getting credentials
+- `create:client_credentials` - for creating new credentials  
+- `update:client_credentials` - for updating existing credentials
+- `delete:client_credentials` - for deleting credentials
+
+For more information, see the [Auth0 Management API documentation](https://auth0.com/docs/api/management/v2/clients).
+
 ## Asynchronous operations
 
 Requests can be executed asynchronously, using the `executeAsync()` method, which returns a `CompletableFuture<T>`.

@@ -265,4 +265,32 @@ public Request<Void> deleteCredential(String clientId, String credentialId) {
             .toString();
         return new VoidRequest(client, tokenProvider,  url, HttpMethod.DELETE);
     }
+
+    /**
+     * Update an existing client credential. A token with scope update:client_credentials is needed.
+     * See https://auth0.com/docs/api/management/v2/clients/patch-credentials-by-credential-id
+     *
+     * @param clientId the application's client id.
+     * @param credentialId the ID of the credential.
+     * @param credential the credential to update.
+     * @return a Request to execute.
+     */
+    public Request<Credential> updateCredential(String clientId, String credentialId, Credential credential) {
+        Asserts.assertNotNull(clientId, "client id");
+        Asserts.assertNotNull(credentialId, "credential id");
+        Asserts.assertNotNull(credential, "credential");
+
+        String url = baseUrl
+            .newBuilder()
+            .addPathSegments("api/v2/clients")
+            .addPathSegment(clientId)
+            .addPathSegment("credentials")
+            .addPathSegment(credentialId)
+            .build()
+            .toString();
+        BaseRequest<Credential> request = new BaseRequest<>(this.client, tokenProvider, url, HttpMethod.PATCH, new TypeReference<Credential>() {
+        });
+        request.setBody(credential);
+        return request;
+    }
 }
@@ -461,4 +461,47 @@ public void shouldThrowOnDeleteCredentialsWithNullCredentialId() {
             () -> api.clients().deleteCredential("clientId", null),
             "'credential id' cannot be null!");
     }
+
+    @Test
+    public void shouldUpdateClientCredential() throws Exception {
+        Credential credential = new Credential();
+        credential.setName("Updated credential name");
+        Request<Credential> request = api.clients().updateCredential("clientId", "credId", credential);
+        assertThat(request, is(notNullValue()));
+
+        server.jsonResponse(MGMT_CLIENT_CREDENTIAL, 200);
+        Credential response = request.execute().getBody();
+        RecordedRequest recordedRequest = server.takeRequest();
+
+        assertThat(recordedRequest, hasMethodAndPath(HttpMethod.PATCH, "/api/v2/clients/clientId/credentials/credId"));
+        assertThat(recordedRequest, hasHeader("Content-Type", "application/json"));
+        assertThat(recordedRequest, hasHeader("Authorization", "Bearer apiToken"));
+
+        Map<String, Object> body = bodyFromRequest(recordedRequest);
+        assertThat(body.size(), is(1));
+        assertThat(body, hasEntry("name", "Updated credential name"));
+
+        assertThat(response, is(notNullValue()));
+    }
+
+    @Test
+    public void shouldThrowOnUpdateCredentialWithNullClientId() {
+        verifyThrows(IllegalArgumentException.class,
+            () -> api.clients().updateCredential(null, "credId", new Credential()),
+            "'client id' cannot be null!");
+    }
+
+    @Test
+    public void shouldThrowOnUpdateCredentialWithNullCredentialId() {
+        verifyThrows(IllegalArgumentException.class,
+            () -> api.clients().updateCredential("clientId", null, new Credential()),
+            "'credential id' cannot be null!");
+    }
+
+    @Test
+    public void shouldThrowOnUpdateCredentialWithNullCredential() {
+        verifyThrows(IllegalArgumentException.class,
+            () -> api.clients().updateCredential("clientId", "credId", null),
+            "'credential' cannot be null!");
+    }
 }