Accessing a Third Party Api Without Storing Credentials

Howdy!

We are trying to develop a solution where we have an OIDC API (authenticated via Auth0) that calls external web API(s) (e.g, zendesk, harvest, stripe, …). When we call these external APIs we must not store the third-party credentials.

How do we map a user Auth0 credentials to their external (e.g, zendesk, harvest, …) credentials without storing them locally or in Auth0 ?

Thanks!
Dave

Also - to be clear - we prefer a delegation flow for this type of authentication.