Confusion over what qualifies as a machine to machine connection


I’m confused about what qualifies as a machine-machine connection in Auth0, and specifically whether the Authorization Code Flow can be executed on the free plan.

My setup is a regular web app, communicating with a backend API. I had asked a similar question before, but had to put off implementing the flow. I’m now returning to it and it looks like your policy may have changed?

I’m also wondering if it’s possible to use password grant type login to give api access?


Hi swilks,

Auth Code Flow is not machine-to-machine. Machine to machine is also knows as Client Credentials, and it is very different.

I don’t see anything in the setup you describe that would require Client Credentials. This might come into the picture if you have any cron jobs doing maintenance tasks, but not in a normal web app with a backend API.

There are many reasons not to use the password grant - unless you have something compelling I’d suggest sticking with auth code