Hi, I’ve run into a snag in the design of my apps authentication and I need a bump in the right direction.
I have Flask application which uses Auth0 to manage the user authentication. Last year I had partially developed a feature which would allow users to install a Wordpress plugin that would allow them to query the resources that they’ve uploaded into my App via an API.
This was done using the Client Crendentials flow. The user would register their website with my app which would create the ‘Application’ in Auth0 and return a client key and secret to the user to sign into their Wordpress plugin and store the access token and use it to query my API.
Since then, the Entity Limit Policy was introduced and I find that I’m limited to 100 potential WP plugin users using this method.
Now I’m looking for another way to achieve a similar result, and I need some perspective and ideas.
I could perhaps register a Regular Web App and keep modifying the allowed Origins fields to allow websites when a user registers them, but this could get messy 
Has anyone had experience with this?