We have an SPA which uses our own API just fine with Auth0. Login and everything works great.
Now we have the request of some users that they want to access the API directly (from a python script e.x.). How does the user authenticate inside his script to access our API?
In other words: How to expose our API directly to the users?
Hi @developer3
You could use device flow (treating the Python script like a smart TV, it would display an URL and you’d go to that URL to complete the flow).
Or you can pop up a browser, doing the Auth Code + PKCE flow and get an access token. I have done this in Python, it works, but the challenge is the browser window (created by Python) stays open.
John
Thanks for your answer. Are there any best practise for letting the user directly access an API with Auth0? Something like POST username and password to retrieve a token? Do you have any advice for that?
Hi @developer3
There is ROPG (Resource Owner Password Grant), though I forget about this one.
ROPG is officially not recommended.
John