Following use case:
1 - My API-A authenticate on auth0 with the provided credentials M2M.
2 - My API-A create users on Auth0
3 - My API-A register a client secret with another (reduced) scope on (API-B)
4 - These users consume my API-B that authenticate through my API-A on auth0.
It’s possible to do this? Serve authentication for my users on my API endpoints?
Hi @marcelo.aimone,
Welcome to the Auth0 Community!
Yes, your use case is possible.
- Call Your API Using the Client Credentials Flow.
- Use API-A(Management API) to create users.
- Use API-A(Management API) to create API-B with reduced scope.
- For users to use API-B and authenticate through API-A, this requires authentication through two separate
audiences
. First, authenticate the users using the authorization code flow against API-A. Once that’s complete, you can silently authenticate the user against API-B to get a new set of tokens for API-B.
Let me know if you have any questions.
Thanks,
Rueben