How to setup OpenAI style service accounts using Auth0

Hello :wave:

I recently started using Auth0 for the securing my fastapi application. I currently have users that can sign in and use the token they receive back to access protected routes. All good but I am looking to improve my security posture and make it more user friendly inspired with OpenAI use of service accounts.

I would like to add users to organisations and limit what a user can do using the organisation she is a member off. For example when requesting a list I would like to ensure that the query response uses the organisation settings to limit what is returned to what its in the user her organisation.

Second OpenAI has service account tokens that can be requested once you are signed into the application. The tokens are shown only once and are throwaway. They dont expire which makes it convenient to use it in m2m communication.

What features in Auth0 would help me achieve these setups? Any advice or ideas are much appreciated.

Hi @robert_moyai

Welcome to the Auth0 Community!

Thank you for posting your question.

I would like to add users to organisations and limit what a user can do using the organisation she is a member off. For example when requesting a list I would like to ensure that the query response uses the organisation settings to limit what is returned to what its in the user her organisation.

You can achieve mentioned results with the usage or organization with role-based access control. Here are a few link that can help you:

Second OpenAI has service account tokens that can be requested once you are signed into the application. The tokens are shown only once and are throwaway. They dont expire which makes it convenient to use it in m2m communication.

The maximum you can set an access token is 30 days → Update Access Token Lifetime

Thanks
Dawid

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.