Is there a way to use an existing token as credentials to fetch a new token (in an effort to get a token for a different audience)?
We have a number (N) of microservices which each require a token with a different audience (they all talk their own scopes). As ive seen mentioned before, two ways to handle this are, requiring the client to manage all N tokens, or try bring all services under a single Auth0 API (audience). I was hoping this could be solved in a 3rd way, using a token exchange process.
I setup an API Gateway that abstracts all the underlying microservice APIs. The API Gateway has a new Auth0 Api (audience). Clients get tokens for the API Gateways audience and make calls. When the calls reach the API Gateway, I take the token and attempt to exchange it for the token i need to call the specific microservice. If the user does not have permissions to access that API, the token exchange fails and i send back a 401. If the user does have permissions, the exchange succeeds, and i have a new token with the correct audience and scopes. I then forward the call to the microservice API using this new token.
Is there any chance Auth0 can do this?