We are new to Auth0 and looking for the correct authentication flow to use. Our primary use case is an Angular SPA → Django Rest Framework API, which is fully implemented and working using auth0-angular.
Now we want to extend functionality to Machine-to-Machine clients, we would expect the following steps:
1.) We provide credentials (either username and password, or API key/Secret) to the client
2.) The client visits our api endpoint “/generate_token” with provided credentials and they are issued an access or bearer token
3.) They then use that token to access other endpoints in our system
Step 3 is already complete as the DRF API is secured and bearer tokens from a Test M2M application work with no issues, but outside of that we are struggling to find the correct path to choose. Currently we are leaning towards Resource Owner Password Flow as detailed here. Is this the best flow to use or is there another that fits our use case better.
Thanks in advance