We are already successfully using Auth0 in combination with an Angular SPA. The users can login via the Auth0 login screen and we are identifying the user based on the sub attribute in the backen.
Now we want to give developers access to our API:
- We will register the developer as an Application (Client ID, Client Secret).
- The user should be able to fetch an Access token from an endpoint (currently I don’t see this option in the application page)
- We should be able to map the user to the application so he only has access to his entities. For this we should also get access to the sub-attribute.
Do we have to do this mapping between application (client id) and the user in our backend?
This this process somewhere documented? I feel a little bit lost right now.
Thank you very much,