The Auth0 service among others, supports the OAuth 2.0 protocol so it can act as the authorization server that client applications that want to call into your API’s will use to obtain the necessary access tokens.
The four core grants (implicit, authorization code, resource owner password credentials and client credentials) in OAuth 2.0 are supported so if client applications are already using any of those grants the migration should be simple. There’s also support for PKCE version of authorization code grant in case you have native client applications.
At this time, for API’s (resource servers) you register, the service supports issuing JWT access tokens using either HS256 or RS256 so again if your API’s were already accepting bearer access tokens in a JWT format and using one of those signing algorithms the migration will be straightforward. Have in mind that the recommended approach to send an access token to the associated API is to make use of the HTTP Authorization header so the OAuthAccessResourceRequest in Oltu probably just gets it from there, however, if you have access to the headers it should be simple to obtain the access token withou Oltu helpers either manually or using other more generic helpers.
The OAuth 2.0 endpoints would be available at:
-
Authorization endpoint -
https://[domain_name_you_pick].auth0.com/authorize -
Token endpoint -
https://[domain_name_you_pick].auth0.com/oauth/token
Have in mind that in addition to OAuth 2.0 the OpenID Connect protocol is also supported so client application can perform an end-user authentication and authorization request in one go and get both end-user profile information and the access token to call the relevant API.
Given your main scenario is API authorization you should check: Authentication and Authorization Flows