https://m5wl5r.com | Be more thought reader than leader. | Thoughts are my own.
You've probably landed here because you see one of the following listed in your Google Workspace OAuth logs somewhere:
FDR Social Dev Keys V2 App870216976608-q7pjgck3d643hi35crp0u49p3gtph36a.apps.googleusercontent.com
If you're anything like me you'll wonder "the hell is this?" and start digging.
These entries are related to developing on/against Auth0. I have been unable to find public documentation of Auth0's that claims this (a shame because it would have saved me so much time). I know at least two other security professionals that have looked at this in their environment, and claiming it is related to Auth0 lines up with them and the usages they see in their orgs.
I'm creating this post to hopefully have people land somewhere useful when they search for anything related to this. When I went down this rabbit hole, searching FDR Social Dev Keys V2 App turned up a lot of sketchy search results and one Reddit post that, in retrospect, was mostly giving me the answer, but it wasn't clear at the time:
In your case it said Auth0 as you were using the dev credentials for the google connection. Once an app is ready to move to production it would replace those keys for the Google generated ones for the app, and then instead of saying auth0.com, it would say something like 'The name of your app'. - /u/bajcmartinez
One of the things that extra gave this away for me was that one of the IPs in the Google Workspace OAuth logs was tracable back to Auth0-owned/maintained infrastructure on AWS.