Thanks for the timely response.
I guess cron job/maintenance task describes pretty well, what we are trying to do. I’ll describe the situation in more detail.
We are in a B2B scenario, where each of our customers owns some piece of software that needs to communicate data to one of our backend systems. So they are a client of our API. Intuitively it makes sense to me to model this as an machine-to-machine application with client credential grants.
Talking about user consent: we definitely do not want to require manual intervention for each data transfer. Ideally the authentication should be setup only once when our customer connects their client to our API. From what I understand, we would create one client app (machine to machine) when a customer needs to give their software access to our API. Is that approach correct?
This client app should only be authorized to access that customer’s data though. How does my backend find out, which customer a client app belong to? Do I need to store the client ID? Or is there a way to attach metadata to the client app’s token?
And I think I found a solution for the auth0-deploy-cli by setting
AUTH0_EXCLUDED_CLIENTS in the config and giving every such client the same name.