Is it possible to use the management api (or some other api) to get an access token for a user without having them enter their username and password? Currently we have our SPA that calls our api
https://api.mycompany.com/get_daily_sales. This API uses the identity from the token to filter our database for sales only for the user making the call. All good, easy setup.
Now we want to have a nightly job that runs for each user to get their daily sales and send them an email. I created an M2M application called EmailSender and can grab an access token for that pretty simply. The problem is it is calling the same API now just under the context of the application, and not tied to any user in particular.
Since this is a first party app I feel like we should be able to get an access_token on behalf of a user, am I missing something?