I am working on an app that uses auth0 for a few different login scenarios. Our app also has an API that we would like users to be able to use to build experiences for other users.
For context we have currently:
- a native app (electron) that uses the device flow
- a spa app that uses pkce for our own work.
- a library that makes it easy to auth into our app.
We would like to allow users of our apps / api to deploy experiences to other users. Lets call that type of user a “creator.” Creators would like to host their own sites that allow users to auth (using auth0) and then call our apis. To do so, they’d have to register their public urls for their apps with us (For callbacks in the pkce flow). Is there a way for us to do this in a programmatic way, or even to allow all possible origins (probably a good reason to not do the latter)?
What is the right model here?