I have a custom REST API that takes in user & password and get an access token from Auth0 via a custom database connection, on successful login.
The Client app will send the access token to the server on every request and the server will fulfill the request after validating the token.
My question is how do we manage an anonymous user, in this case, since the user has not logged in, access token will not be issued to him.
I would like to recommend you to go through this doc which provides an overview to Auth0 and outlines some of its use cases
Thanks for the reply @prakharkumar79!
My actual concern is regarding the process, as the user would get an access token on the successful exchange of their username and password, and that token will be used by the server side to keep track of the user identity.
But for the anonymous user, there would be no exchange of username and password, so how will the server validate the user?
I can think of two solutions regarding this -
- Either to keep such requests separate from the token filter, ie those flows do not require user identity to be tracked.
- Or should we issue access tokens in exchange for client credentials for anonymous users?
Anonymous user flow is not a use case for Auth0 so I think you have to go for solution 1.