I’m using Auth0 as the authentication solution for a product I’m working. The issue I’m having is that every day developing when I want to query the backend in a way that is not from our frontend (i.e. through Postman or the Apollo Sandbox) I have to generate a new access token and manually add it. I was wondering if there is a way to generate a super long lasting token for a development tenant for this purpose?
Here are some solutions I have come up with and their drawbacks compared to a long-lasting token specifically for 3rd party request tools:
- Fulfill requests on backend with no token: This would work in theory but we derive some key information (specifically UID, user organization, and user permission scopes) from the Auth0 token. Not having this information would make fulfilling a lot of requests impossible.
- Increase tenent token expiration: We can extend the expiry for the token for the dev tenent to up to 30 days in Auth0. This is non-ideal since it would do this for all tokens, including those the frontend uses. Since we use tokens that expire after a single day in production, it would be ideal to reflect that behavior on the dev frontend.
If this isn’t a feature it is obviously feasible to keep generating any copying tokens for development as needed but figured I would raise this topic to see if others have a workaround for this situation