No interaction user authentication


I have what I think is a pretty straightforward OAuth-ish scenario, but I’m struggling to model it in Auth0.

My plan was:

  • Get ExternalApp to use the client credentials flow to authenticate itself to my API and receive an externalAppToken that expires in 24 hours, but receives a refresh token for itself
  • Depending on the ExternalApp, I want to be able to give it the auth.userToken.create permission
  • If the ExternalApp has the above permission, it can hit an endpoint on my API and receive a user token that expires in 2 hours
  • The ExternalApp can then use the userToken to go to the user API and fetch information about the user

Can someone point me to some docs or a blueprint of how I can accomplish this?

1 Like

Hi @lance.blais,

Welcome and thank you for posting in Auth0 Community!

Sorry for the huge delay in this, please let me know if you still need assistance. Have looked at this doc:

First, you have to make sure you follow these steps:

Please let me know if this helps!