tyf
August 22, 2023, 11:55pm
3
Hey there @sergii1 welcome to the community!
sergii1:
Note: I assume creating an application and then sharing client id and client secret to get the token is not the way to go, as this should be repeated when token expires and there is a restriction to the amount of such apps (Allow third party access to API ). What we want is just providing a token once and that is it.
Client credentials and subsequent token is the recommended approach as Auth0 doesn’t currently offer a solution for API keys and/or personal access tokens.
Please see the following FAQ:
Problem statement: Does Auth0 support the concept of API keys or personal access tokens (think GitHub )?
Answer: Auth0 does not provide a solution for personal access tokens. If this is something you are interested in, please upvote this feedback request .
Regarding API keys: A client credentials grant is more or less equivalent to an API key - The primary difference being that API keys are typically validated by the API itself whereas client credentials are exchanged for a token at an authoriza…
Hope this helps!