How to get user jwt token without password?

I want to create a user in auth0 database. But this user shouldn’t have password.

These users redirect to us from other system and we should give them our auth0 token and allow them to log in.

We don’t want to save their password in our database. We have user email, we have
clientId, clientSecret.

Do we can generate aceess, referesh tokens for user using clientId and secrets?
Or maybe generate managment api key and then query some endpoint?

Hi @amakarov,

Welcome to the Auth0 Community!

Unfortunately, you cannot create a database user without a password. You could always use a dummy password if needed or opt for an alternative connection method to login, like Passwordless.

Now, after reviewing your use-case, it seems that you might be interested in the client credentials flow. The client credentials flow is used to generate an access token for an application requesting access to a protected resource and it does not involve any user interaction.

If you’re looking to use the Management API, you can follow our documentation on getting access tokens for the Management API using the client credentials flow.

Reference Materials:

Please let me know if you have any questions.

Thanks,
Rueben

Hi @rueben.tiow. Thanks for your answer.

The link that you shared creates credentials for managing my API.
We already have a machine-to-machine application.

We want to query ${endpoint}/oauth/token because it will trigger post-login action and call our API where we put all customer metadata into metadata and pass it to jwt token.

So when a third party calls API with email we want to return an access token for this token but not keep the password in the database. So the Client Credential flow won’t help because it gives access to management API. But we need user access token with user metadata.

Do you have any examples of how to implement such a flow? Because our provider doesn’t have a generating token for the user. They only redirect them to us.
Maybe you can share url to some examples? As I mentioned we have client id and secrets

Even in case if we need create user in auth0 with database how then login into auth0 if we don’t want to store password in database?

1 Like

Hi @amakarov,

Thank you for the reply.

Yes, you can use the authorization code flow to do this. See our Call Your API Using the Authorization Code Flow documentation on this.

You could use a Passwordless login for this scenario.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.