I have an API defined on Auth0 which represents Resource Server Endpoints.
I have native clients for iOS & Android. The app supports both logged in & non logged in Users. Logged in users use case is quite straight forward, the request is authenticated against the user’s auth token.
However, in case of non logged in Users, I want the client apps to send some sort of access token to identify them as it is. But as there is no Client Credentials Grant for native app, how can this be achieved.
I looked at PKCE flow, but it doesn’t seem to be helpful as it redirects /authorize call to user login, which in first place not the scenario of this use case.