I’m looking for a way to enable users of my application to access the API I provide programmatically.
I have an SPA that authenticates users with Auth0, and an API Gateway (krakend) that takes care of authd/authz.
Now, I’d like to know how to do a flow like an API key/Access tokens with Auth0. Ideally they request a token that last for a certain amount of time and that token is used to make calls to the API.
I’ve looked into creating M2M applications for each user, but doesn’t seem to be the way. Also the quota limit is not suited for this approach.
What other approaches could work for this?