The client_id of the vendor will be sent as the subject (sub) claim in the the access token (which is a JWT) that is passed in the authorization header by the vendor when calling your API. So, you can have a table on your side that maps vendor client_ids to their respective vendors and proper permissions for that user principle.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| How do you use Auth0 to authenticate & authorize 3rd party vendors? | 4 | 4061 | March 2, 2018 | |
| How to implement API keys using Auth0? | 11 | 33868 | March 2, 2018 | |
| Setup application that provides Client ID & Secret to User | 2 | 671 | November 20, 2023 | |
| Creating API key and secret for clients -- is it still the suggested approach? | 2 | 6303 | December 4, 2018 | |
| Building a public facing API with Auth0 | 1 | 622 | April 25, 2024 |