dear auth0 community,
i have been using auth0 for a little while now and currently thinking through a use case of our application which seems to break the basic patterns of authorization flows.
we will display our product at a few trade fairs in the near future and plan to give potential customers access to our application so they can judge its features on their own. we want to make the onboarding as quick and easy as possible and want to postpone registration and login procedures to a later stage.
i thought about giving out demo-codes printed on cards to interested people, to still restrict access, and also link metadata to it, like the name of the trade fair and other useful information. users could login in using this demo-code or scan a qr-code which resolves to a link to our application with the demo-code embedded.
and now the technicalities:
which authorization flow would suit my needs, if at all?
i thought of Resource Owner Password Grant which should generate an access-token and could set a demo-scope so our api can deny requests to resources not permitted by this scope.
but this still would require a user-password combination sent to the auth0-api and assumes a user is already registered.
an other option would be to send the signup code to our backend, verify it, and then generate an access token and a temporary user account and send the code back to client.
but i could not find a scenario in the docs which comes close to this procedure.
is there a better way to implement this?
im curious what you will suggest. thanks in advance,
leo