I want to use Auth0 to authenticate my IoT devices. The devices won’t be able to securely store the credentials, so I can’t use my Client ID and Secret. The username and password authentication uses email and it doesn’t seem right to make email address (or use fake ones) for each one of my devices. I feel like I’m just not finding some sort of “key” credential type that I should be using. Anyone have a solution? Thanks in advance!
For machine-to-machine flows, you should be using the Client Credentials grant. This is based on the client itself as the resource owner:
Note, this requires the client to authenticate using the Client ID and Secret. The Client ID is not necessarily sensitive data, however you will need to securely store the Client Secret on the device.
Like I said, I won’t be able to securely store the credentials. Am I just stuck?