We make API products to serve our customers.
I am looking at the following user journey:
- A user can register on my website to use the API
- A user can generate an access token through a console page
- A user can attach that token in the header during the HTTP call to an API endpoint
- The API endpoint can identify the user and authorize her upon receiving the token
- A user can manage all the access token through the console page, e.g., invalidating a token
My understanding is I can use auth0 standard flow to support the registration/login of users in step1.
But how shall I support the generation and management of user access tokens? My understanding is that I need to call some Auth0 management API from the backend side. But what particular APIs and flows should I look for?
Any suggestion is appreciated. Thanks!