My company is looking for a centralized way to manage authentication.
We have various APIs hosted by my company and its subsidiaries. One of our architects suggested auth0 for that purpose so I am reading through your documentations and examples online. To me, machine-to-machine flow fits for your model because our API is connected to our customers’ APIs or applications.
The problem is I do not see how user credentials are authenticated in that flow. Our customers pass user credentials so our API can process a request for the specific user. It is also money related so without user authentication, we cannot do much. Also, there will be no UI involved between customer’s app and our API, so we cannot really have interaction with user for asking uesrname/password.
Do you have concept of also authenticating user credentials in client credentials flow? If so, can you share the info from your documentation if available? I hope I have clearly explained the situation. If you have any question, please let me know and will add more info.