Our tenant has the following setup whcich is good for a web app. We use the id and secret to authenticate with auth0 and then use the username and password with the login flow to get the auth token. Is there any way we can avoid using the users username, password and our apps id and secret to get access to our API’s. If you recommend a method then that should be able to give us the granularity that a username or password type login provides. The user should have access to only his projects.
You might want to explore using OAuth2 with client credentials or JWTs. These can authenticate your SDK without needing the user’s username and password, while still offering granular access control based on the user’s specific projects.
once you get authenticated to login you will still require a username and password. I was exploring the client credential flow, you will have to end up creating client credentials for each and every user