Problem statement
Certain use cases which involve multiple APIs and services, which are accessed by humans and non-human identities, such as Extract Transfer Load (ETL) jobs, Machine Learning (ML) training jobs, backend services, dynamically registered mobile devices, which do not act on behalf of a human user.
To achieve this some use cases will leverage the concept of service accounts. This entails having non-human identities as first class citizens in Auth0. Currently Auth0 is built to manage human identities very well. Non-human identities on the other hand can only be represented by Client Credentials.
Is there no support for federation of non-human identities or integration of Identity providers for non-human identities?
Solution
Currently Auth0 only supports the Client Credential flow for non-human entities. This will not address the use-case of a customer wanting to allow a non-human entity, such as machine service, to have credentials which would allow these services to authenticate via OIDC, or other protocol, in order to receive tokens to be used against an API.
The M2M flow only authenticates via an application’s client_id and client secret against the Auth0 ‘/oauth/token’ endpoint. There is no provision to include a ‘connection’ parameter for instance as these services are not associated with an Identity Provider.