I want to accomplish the following user experience to access our API via a python library.
-
A user logs in their user profile at our website
login.domain.tld
using the Auth0 Login flow. -
In the user profile an access token is presented, which can be copied or regenerated.
-
The user copies the token and pastes in the python code to make requests to our API.
The access token:
-
contains a custom
role
claim -
contains a date of issuance
iat
and expirationexp
-
is renewed every time the user logs in at the above domain (the user profile)
-
can be used until it expired
The problem is that the maximum time of an access token is 30 days, which is a bit short for python CLI tools that access our API regularly and over long periods of time.
I have tried m2m tokens, but they seem to just be access tokens as well and device authentication for python CLI scripts, works, but only gives me an id token without role claim.
How can I solve the problem of renewing access tokens (or not letting them expire) without the users interaction to login again to regenerate a new token?