Client Credentials Flow for api acces

ollivera · October 5, 2022, 7:16am

Hello,

We implemented passwordless authentication for our web application.
However we also need grant access to our API to users that are only interested in the data returned by the API.

What’s the recommended flow? We could use “Client Credentials Flow”, but how to track which user is doing the requests via the provided access token? Could the access token have a long lived life? Let’s say more than one months?

I guess we should create Applications programmatically (Auth0 Management API v2) but how we assign or authorize programmatically them in our Custom API (Machine to Machine Section)?

Would require a Grant to the created client? Auth0 Management API v2

Regards, Flavio

rueben.tiow · October 5, 2022, 5:49pm

Hi @ollivera,

Thanks for reaching out to the Auth0 Community!

The Client Credentials Flow works, but it does not have any user interaction. Instead, I recommend you to continue using the Authorization Code flow with Passwordless and specifying the audience query parameter in the request. In doing so, you can call your API for those users.

Please see the Call Your API Using the Authorization Code Flow documentation to learn more.

If you need any help with the implementation or have any further questions, please feel free to reach out.

Thanks,
Rueben

Topic		Replies	Views
Understanding client_credentials flow in terms of identity Get Help client_credentials	3	4776	March 2, 2018
Generate unique Client Credentials for API access Get Help apis , application	2	109	March 31, 2025
How to authorise an API user without using client secret Get Help api , login , access-token	4	7285	December 8, 2021
How to enable programmatic access to an API? Get Help apis , application	3	1502	January 2, 2024
How can a user access an API? Get Help jwt , api , auth0-users , users , api-authorization	4	6011	March 2, 2018

Client Credentials Flow for api acces

Related topics