We have a multi-tenant application which requires our clients (3rd parties) to access an API we expose. We can create a non-interactive client and expose the Auth0 clientId and secret to provide 3rd party access, however these new clients appear “Unauthorised” in the Auth0 API settings.
I cannot see any documentation on updating the API settings? How would we set the authorisation on the API for the new non-interactive clients we create via the API?
We are using .Net Core 2.0.
Having created the non-interactive client application you can then call the create client grant endpoint in order to authorize it to obtain access tokens for any API you have defined.
The payload would be something like:
{
"client_id": "[freshly_created_client_id]",
"audience": "[your_api_audience]",
"scope":
"[your_api_scope]"
]
}
Given you mention that the client applications are meant to be used by third-parties then don’t forget to flag them as third-party clients when you create them.