I want to synchronize the locked state of a user from Auth0 with my internal database, which is exposed via an API. To achieve this, I plan to use log stream webhooks to send events from Auth0 to my API. However, I am required to specify a token or API key for authorization, which is neither secure nor convenient, as it requires manual rotation of the generated token or API key.
Does Auth0 provide a way to authenticate and authorize webhooks using the client credentials flow with any Identity Provider (ex: Azure EntraID), eliminating the need for manual token rotation?
I believe there isn’t an out-of-the-box solution for the use case that you outlined, but Auth0 does support calling an API using the Client Credentials flow, which could then be implemented on your end to call your protected APIs.
As this isn’t something that we have an implementation for, I recommend that you post a Product Feedback which others can vote for. This section is monitored by our Engineering team and if there is enough interest, the post would help push this feature.