API Only Authentication

Hello,

I’m having a hard time finding an example in the documentation of how I can implement an API only login flow using Auth0 (specifically not requiring a browser or redirect url). For example, I would like to provide my own ‘/api/login’ endpoint to a client. The server side implementation of this endpoint would then use the Auth0 SDK to verify the username/password and get a JWT that I can then return to the client as a response for use in subsequent calls to other endpoints. This way the client has no specific knowledge of Auth0 and only needs to know how to call our own login endpoint. Is this possible?

Thanks,
Ryan

You can use the Resource owner password grant for logging users. Note that this flow should only be used for highly trusted applications that cannot do redirects (Which is what you are after).

Find below the relevant docs:
https://auth0.com/docs/api-auth/tutorials/password-grant
https://auth0.com/docs/api/authentication#resource-owner-password

1 Like

Thank you, this is exactly what I was looking for.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.