Currently we are using Auth0 for centralized authentication to several APIs. Each user has app metadata that associates them to companies with different api/urls. The front end decodes the JWT to let the user know which APIs they are associated to.
We also have hundreds of hardware devices (IoT) that will be accessing this same APIs. Each device will be associated to only 1 api. One of the problems is sending which api/url a device is associated to.
This is the current approach I am working through:
- Using client credential grant.
- Get access token for machine to machine application (can this be linked to regular web application?)
- Use hook to add url of api to access token.
- The device can then decode the token and get the url. Requests can then be sent to correct api.
Does this approach possible? Does this need to have 1 machine to machine application for each api/url that I have?