I am looking into IAM.
I want to give Users the possibility to generate API-Tokens (technically it will be Client Credentials I assume) which gives them API-Access without ROPC. Ideally the long-therm token can be further restricted by the owner.
Is there a way to do this? Some therminology to search for?
How to generate tokens for API users? - Auth0 Community is basically the same request, but doesn’t contain meaningful responses (except from How to generate tokens for API users? - #7 by ruby but that seems to be too much of a workaround. I don’t assume that refresh-token are reliably valid for 1+ year).
Thanks in advance!