My company has a SPA backed by an API.
I have figured out how to use Auth0 using the Implicit Grant, and I can see how to manage users etc.
We also want to offer our customers direct system integration to our API - in other words our customers have their own ordering systems that would call our APIs directly.
It seems that the Client Credentials flow is the right one to use in this case, as the customer application is authenticating, and not a person.
It seems that for each customer, we will need to create a new Machine to Machine Application, and authorize it to our back end API. I’d expect several hundred customers to want to do this sort of thing.
Does this sound like the ‘right’ approach?
To automate this, we would plan to build a registration form on our site, and use the Auth0 management API for actually creating the M2M App for each customer.
I want to find out the ‘Auth0 way’ of doing this sort of thing - certainly don’t want to get told to stop doing this after we have built it!
I guess an alternative would be to implement an API gateway that supports oAuth?
Any feedback and suggestions welcomed - I’d rather use Auth0 than roll-my-own…