I recently started using Auth0 for the securing my fastapi application. I currently have users that can sign in and use the token they receive back to access protected routes. All good but I am looking to improve my security posture and make it more user friendly inspired with OpenAI use of service accounts.
I would like to add users to organisations and limit what a user can do using the organisation she is a member off. For example when requesting a list I would like to ensure that the query response uses the organisation settings to limit what is returned to what its in the user her organisation.
Second OpenAI has service account tokens that can be requested once you are signed into the application. The tokens are shown only once and are throwaway. They dont expire which makes it convenient to use it in m2m communication.
What features in Auth0 would help me achieve these setups? Any advice or ideas are much appreciated.
I would like to add users to organisations and limit what a user can do using the organisation she is a member off. For example when requesting a list I would like to ensure that the query response uses the organisation settings to limit what is returned to what its in the user her organisation.
You can achieve mentioned results with the usage or organization with role-based access control. Here are a few link that can help you:
Second OpenAI has service account tokens that can be requested once you are signed into the application. The tokens are shown only once and are throwaway. They dont expire which makes it convenient to use it in m2m communication.