We have a bunch of administrative apis where we’re using Aurelia and Lock on the frontend to access them, and this works really well. The problem is that we’d also like to script against the same api using a multitude of scripting tools (these will be both interactive and non-interactive (eg api-to-api).
While could sorta get away with our current lock-based solution in interactive mode by having the user first grab his/her access token from an authenticated (SPA) session, this wouldn’t work in an api-to-api setting.
As far as I can see from the docs, the recommended way by auth0 is to create a separate auth0 client for each api that needs access to my “backend api”, but this solution seems fairly dreadful in terms of management - we’d end up with who knows how many clients.
Am I missing something, or is this the recommended (and only?) approach? I guess I’d really like to be able to create named users representing my “client apis” and somehow store api keys for each user instead - but from what I’ve seen that’s not currently an option with Auth0.
I’d appreciate if someone could confirm my assumptions.