About to start implementing a new feature whereby owners/managers of a resource, can enter a list of emails, and share that resource with them. These emails aren’t in our system at all, they are considered guest viewers of this resource (medical images in this case). They will have limited permissions, and only on that specific resource.
Does anyone have any suggestions or ideas that jump to mind?
Is any of Auth0’s Passwordless stuff useful here? I haven’t thought too far ahead, but maybe we email them a link, and when they open that link, it prompts them to enter their email. This then creates some sort of anonymous user within Auth0 with limited scope. I should say I require a token with certain scopes in order to use our API.
Edit: Doing some research and I think what I am looking for is something like: https://firebase.google.com/docs/auth/web/anonymous-auth