I want to issue a unique client secret to each user in my Auth0 IdP (likely hundreds) so that they can call POST /oauth/token
to get a bearer token to then call my application API’s. There appears to be a restriction on the number of applications you can create per tenant (even on the enterprise version) so creating a unique app per user does not seem feasible.
The business problem we are trying to solve is having hundreds of 3rd party integrators calling our internal API’s. They will signup on a SPA (Single Page App) to create an “integrators” account on Auth0. I then want to issue each user/integrator with a unique client secret so that they can call our internal API using a bearer token issued by Auth0. I am trying to prevent sharing the same client secret between all the users/integrators. Out internal systems manage the authorisation (i.e. can this user call this api for this internal customer) - we want to user Auth0 to manage the authentication of the user making the API call.