Creating tokens for authenticating API calls outside the browser

I want my users to be able to execute some API calls from scripts, outside browsers, and I’m not sure about how to do it. This is the workflow I’d expect:

  1. A user logs into the web app.
  2. A token management window is opened, and they create a token there.
  3. They copy the token and they use it from the command line.

I think that (2) can be done with this instructions: Auth0 React SDK Quickstarts: Call an API . (A) Am I right?

Then, (B) should I store the tokens in my DB?
Finaly, (C) how should the tokens be refreshed?


Hola @juanignaciosl

You have a few options:

The script can open a browser window, execute the login flow and get the token.

The script can execute the device flow: Device Authorization Flow

You can use Client Credentials (machine to machine) instead of a user authorization flow. If you need the user to log in, this approach is not right.


Hi! Thank you for your support. I think that I didn’t get my point across: we want to enable our users to do raw curl requests to our API. We don’t want them to run an script or perform an authentication every time that they want to run a request. I think that your suggestions 1 and 2 don’t fit my needs because of that.

“Client Credentials Flow” might, but it feels like overengineering. The documentation says this: “the system authenticates and authorizes the app rather than a user”. That’s not our use case either, we want to authenticate users. We’d like users to log in normally and get a token within the web app. Then, they would use that token afterward with curl. Does it make sense?