Thanks John. I just need the first token for testing purposes before the UI guys do their thing.
I’ve had a look through that guide before but thanks for confirming no round-trips are required per-request. Just to clarify this (risking the fact it may be a dumb question), am i right in assuming the client has 2 connections? The first to Auth0 running a session and providing (short-lived) access tokens, and the second to the vendor API (via access token)? I have to explain this to our JS team who haven’t used Auth0 before so am looking for a simplistic conceptual overview.
We’re not interested in our API doing any session management or login logic - just taking tokens and providing data to authorised clients.