Auth0 Home Blog Docs

No interaction user authentication

Hello,

I have what I think is a pretty straightforward OAuth-ish scenario, but I’m struggling to model it in Auth0.

My plan was:

  • Get ExternalApp to use the client credentials flow to authenticate itself to my API and receive an externalAppToken that expires in 24 hours, but receives a refresh token for itself
  • Depending on the ExternalApp, I want to be able to give it the auth.userToken.create permission
  • If the ExternalApp has the above permission, it can hit an endpoint on my API and receive a user token that expires in 2 hours
  • The ExternalApp can then use the userToken to go to the user API and fetch information about the user

Can someone point me to some docs or a blueprint of how I can accomplish this?