I have a backend server that authenticates requests using jwt tokens included in the request.
I want to do some tests for the endpoints to simulate a new user doing actions using Postman, so I need to get a jwt token.
I saw that there is an auth0 authentication flow that lets you log in with a username and password, however there are warnings against it in the documentation.
Are the warnings only because users should not be giving an application their auth0 password or because there are some inherent flaws in keeping this authentication flow open in a production application?
Since I would be using a demo user and only running this from Postman, the password getting lost isn’t a problem.