On the topic of IoT devices, this Auth0 blog post states
…you use the client credentials grant, giving each IoT device its own client ID and client secret
I can’t find a way to give each IoT device it’s own client ID and secret without creating a whole new machine-to-machine application, which seems like an odd organizational structure and makes it possible to accidentally give different devices different scopes. How is this use case expected to be supported?
To add a bit of context, “device” in our case refers to a kiosk application that we’d like to give heightened privileges to.
I would start by looking at the management API for creating Grants and Clients.
John
In addition to what John said, here are our docs on choosing the best flow:
Have you had a chance to go through the docs I provided?
Thanks, all. Client credentials grant is definitely the correct flow based on our situation. Sounds like the admin UI makes our situation a bit clunky, but we could script or write our own API for it using the management API.
Totally glad that you’re closer to your solution now!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.