Getting an access token on behalf of a user

Is it possible to use the management api (or some other api) to get an access token for a user without having them enter their username and password? Currently we have our SPA that calls our api https://api.mycompany.com/get_daily_sales. This API uses the identity from the token to filter our database for sales only for the user making the call. All good, easy setup.

Now we want to have a nightly job that runs for each user to get their daily sales and send them an email. I created an M2M application called EmailSender and can grab an access token for that pretty simply. The problem is it is calling the same API now just under the context of the application, and not tied to any user in particular.

Since this is a first party app I feel like we should be able to get an access_token on behalf of a user, am I missing something?

Hi @svickers,

Thank you for posting to Auth0 Community!

Retrieving an Access Token on behalf of a user is not supported by Auth0. You should be able to implement your use case using a different approach to getting the user’s daily sales.

Please let us know if you have further questions.

1 Like