Hello , We are planning to build a set of API and exposing them customers , now in order to authenticate these API we plan to use Auth0 , before invoking the API the user would would have to get a token , what is the best way to get a token ? there are multiple grant_types available but which one is best applied for this case ?
Hi @ankitp
Welcome back to the Auth0 Community!
Thank you for posting your question. I’ve done an investigation regarding your case, and the ideal scenario that you are probably looking for (PAT, similar to how GitHub allows you to store the keys) is not available, but there’s a feedback request that you can vote on and share your use case in the comment → Personal Access Tokens or API Keys.
Regarding other potential options, you can check this thread → Generating per-user API keys for services
To summarize the workaround, you would be essentially using client credentials via an M2M app per user (on the Auth0 side). The ability for end users to create applications would be through the use of Dynamic Client Registration: Dynamic Application Registration
Thanks
Dawid