I have this scenario:
Our product logs in and captures the access token to be able to hit an API. When a user logs in through Azure AD, the API is able to find the Microsoft identity and do some Graph API requests (notably, upload a document to SharePoint).
We have a second product, the Client Portal, that does not use Auth0 to authenticate. The Client Portal is for our customers’ clients, so a different pool of users. A client user can upload a document to the Client Portal. We want these uploads to send an API request and ultimately upload to SharePoint.
I have been struggling to find a way to authorize a generic user. I can get an access token for the Auth0 Management API, but our product API is expecting to be able to get a Microsoft user from the access token. I looked into the Authorization Code Flow but I don’t want to show the client user any kind of UI because they aren’t part of the main product. Has anyone solved a problem like this?