I recently did some experimental work with Auth0 Hook to make Auth0 a chokepoint for multi Cloud WebAPI integration. My work was to let WebAPI client interact with Auth0 for authn/authz to get a bearer token of WebAPI.
Do you think this is a safe approach? Before moving forward, I would like to hear from the community if this approach is valid since I am not a specialist of authn/authz.
Thanks,
P.S.
I am also waiting for Hook come out of beta since it was very useful!