Is it possible in Auth0 to have a user grant access to a third party on behalf of an organisation?
We’ve tried using the Authorization Code flow with the organisation parameter. But the resulting token is for a user, not for an organisation. This distinction is important in our application because we want to allow multiple users to manage this integration. In the current prototype, we run into the problem that when a user leaves the organisation, the integration is no longer valid since the access token is for the user, not the organisation.
We like the Authorization Code flow since it contains the consent prompt for the user and is an open standard that is easy for third parties to implement. We are open to other OAuth 2.0 flows but would like to keep it as close to the standard as possible.