We are in the process of implementing Auth0 as the authentication mechanism for a publicly facing API. It seems from the Auth0 documentation shows that we should create a separate application (Machine to Machine) for each client that will be generating Access Tokens for the given API. This all makes sense, and we have this portion up and running. My question is… Is this the best practice for long term / many consumers of the api. It seems that we could quickly have 100s of clients and thus 100s of Applications defined in Auth0 for consumers.
Would enjoy hearing others feedback. Does anyone have a better management strategy? How many MTM applications / consumers do you all have?