Hi there!
I have a use case which users in my SPA choose to come on-board and install some resource.
In this case the user is interacting with the SPA that has Auth0 access token authentication and verification working great. The problem is that when i’m inviting him on-board to install my resource, I’m creating a template that he copies and then run on some cloud resource of his.
The template contains the access_token this user has at the moment, therefore if he’ll run the template file he’ll probably succeed connecting to my resource on cloud. The problem is that this user doesn’t run it at the moment and maybe waits with this template for a week or so. The token isn’t valid anymore.
I thought about generating a longer ttl access token at the backend (via Auth0 java SDK and maybe creating a new API and application from your dashboard app with greater expiration time - 30 days ±) that i’ll send to the frontend and the template i’ll show to my user would have this access token and not the user’s.
Is that a good approach? What do you think about the flow?
I’ll be glad to have feedback.
Thanks!
Ben