Hi there. What I have:
- SPA
- Backend with API
- Customers (i.e. users)
- Organizations (user might be in several organizations at the same time)
What I want:
- Implement some public API at my backend
- User want to have their own token to request my backend public API without my SPA (for example, user wants to make cron script)
- This token should be on Organization level (not for user, i.e. user with such privilege releases token for organization)
- This token should contain organization ID (my backend has to route this request into right organization)
What I don’t understand:
- All things (just a joke)
- How to create token? I found docs Get refresh tokens how to build similar system, but there no options. Does Auth0 support only this flow?
- What should I do if I want to use only one token (like access_token) for all time, without refreshing?
- May I release token without user’s request to auth0’s /authorize handler?
- Should I create any Auth0 Application for that case? Which one (Regular app, M2M, …)?
Hope, I was understandable