I would like to use the service to provide access to someone trying to login to an API I am building. Is there a way to forward login requests from a Flask application to Auth0 directly without a browser? It seems like M2M tokens might be the only way to make this work with the password grant enabled?
If you are just providing an API, there is no associated application, then M2M is the way to go - you would create an M2M application for each of your customers, and they would use the client credentials grant to gain an access token for the API.
If you have an application, you use that to authenticate and get an access token.