I would like to replicate the behavior of shared documents in Microsoft 365, where someone can receive a token in the url which grants them access to content. However, it is not clear what best practice to follow for a feature like this. There is the option to abuse machine-to-machine tokens, but I was wondering if auth0 has an accepted pattern for this type of use case? Passwordless login is not quite applicable, because it would require 2 emails. One to share the content, and one to complete authentication.
Unfortunately, I don’t believe there is an established solution for this. It’d be great to get your use case in a feature request in our feedback category:
There have been a couple of discussions on this topic as well which you might find helpful:
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.