Since the UI has changed, there is no way to force/check to see if the POD application uses the POD-DB connection as you can only configure API’s for machine to machine applications in the admin portal. The |Connection|Username-Password-Authentication| was the default one that was setup when I created the AUTH0 account.
I believe that this particular issue could be addressed, but you should have in mind that significant time has passed since that blog post was written and if I recall correctly it depends on a few things that may not be available for newer tenants. In particular, the /oauth/ro endpoint is deprecated and not available for newer tenants.
Having said that, for the particular issue you should ensure that the application does not have the Username-Password-Authentication connection enabled and instead only has the POD-DB database connection (in addition to the passwordless one).
Another point is that it is not correct to say that only machine to machine applications can configure API’s for client credentials. In particular, a regular web application which is considered an OAuth confidential client application can also be configured to call an API with client credentials.
Thanks for the reply. My comment about only Machine 2 machine was in regards to the settings options in the UI, you cannot define Connections when you admin a Machine2Machine application from what I can see.
I will try to see if that works but is there a newer example or docs of how to do the auth with Alexa or just have to keep trying testing it out? I am assuming its possible doing the Alexa auth via Auth0 right.
I’m unaware of any recent sample for it; I originally authored that blog post and from that point of view I can confirm there’s no revised/updated version of that specific sample, but unsure if someone else did something with Alexa.
From a feasibility perspective, the exact approach used to integrate with Alexa on that blog post will now not be possible for some tenants because newer tenants lack the /oauth/ro endpoint and there’s no equivalent replacement available at this time. In other words, I would start by checking if /oauth/ro is available to your tenant, if not, it may not be worthwhile to follow that specific blog post.