We’ve built an API that uses auth0 for authentication. So far the consumers of the the API are agencies working with our clients and so far they’ve had backend structures where they could generate access tokens using Machine to Machine application and client id and secret.
We’ve now got a 3rd party who wants to access the API directly from frontend, specifically from Sharepoint. We’re not sure how to address this using Auth0. Until now we’ve been unaware that they wanted to do it from frontend, so we’ve created a machine to machine application access for them, but that very quickly used our entire quota tokens.
I’ve only been able to find examples of this where users authenticate, which isn’t applicable to us. Only thing we’ve come up with so far is to create a SPA application and have 1 user, which is the frontend user, but this doesn’t feel right either.
If there’s any similar topics or documents I’ve missed, please just send me in that direction