Our API is protected using a JWT issues by Auth0. We also store some non-sensitive information about the user in the JWT
Now we need a way to allow some specific users to retrieve a JWT given an API Key. Each user can have maximum 1 API Key.
We are considering building a service that given a API Key, retrieves the users Auth0 email and password and logs the user in Auth0 returning a JWT. These users will only have permission to access some public information, security is not an issue but we don’t want to make the endpoint public.
Does Auth0 support any functionality that could do this for us?