Is ManagementClient able to authenticate users to generate one time access tokens?

woorea · March 9, 2019, 4:39pm

Hi,

I’m working in the following scenario:

The application is able to create new users using the Management API.

a) when the user is created we know the user password so we can ask for a token and id_token, this pair is associated with a UUID that we will keep in our database (24h or until the user reads the value). We use this UUID in a link that we will send the user, so the SPA will read the token from the database using this one time use UIDD

b) if we try to create a new user and the user already exists in the auth0 database we still need to send that one-time login email, but this time we don’t know what is the user password so we are not able to get token and id_token for that user

summary: can we get access_token and id_token from Management API or other available services in Auth0 without knowing the user password

Thanks

James.Morrison · March 21, 2019, 5:28pm

Hey there @woorea, sorry for the delay in response. I wanted to follow up and let you know that you are unable to get an access_token and id_token from the Management API or other services without knowing the user password. Please let me know if you have any additional questions on this front, thanks!

system · April 5, 2019, 5:28pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.