I want to give Users the possibility to generate API-Tokens (technically it will be Client Credentials I assume) which gives them API-Access without ROPC. Ideally the long-therm token can be further restricted by the owner.
We don’t currently support an API key like functionality. If you wanted to give your users access to an API, you would need to issue them a client ID and client secret (you would register one application per user), and they should implement the client credentials flow to obtain access tokens in their applications.
It’s possible to implement using Auth0, but it is not a feature we have turn-key support for. You would have to build out the UI and functionality yourself, Auth0 would just act as the auth server for issuing tokens and managing the user DB. You would need to create a dashboard, store user information about which users have been issued which client credentials, etc.