Hi community, I am pretty new to OAuth and Auth0 in general.
Our team has a web application that produce data via REST API, that application doesn’t have a UI, users and downstream services invoke the API URL directly to get the data.
Our company has an okta supported authentication platform and OAM and LDAPs
Our new requirement is to secure the application and user/service identification as to who/what accessed the API, most importantly the what(service) since those can just invoke the API without any OAM injected headers for us to verify, in future we will also need to secure some API based on group of user/services access right(role), the application was written in java with spring boot, we tried to stay away from rolling out own authentication/user account/pass management.
Am I right that to say in my case, both the service and actual human user who invoke the endpoint is both the client application and resource owner since there is no end-user authorization needed.
What would be the best approach to adapt a appropriate framework to achieve this?