In my application (in ASP NET Core 2, if it matters):
(1) Administrator creates a User.
(2) User logs in to an admin page using a username/password, social login, Active Directory, etc.
(3) User creates multiple apikey/secret pairs in the admin page.
(4) User consumes the API using one of the apikey/secret pairs as Http Basic Auth.
(5) User revokes a specific apikey/secret pair in the admin page.
The apikeys are used to identify the User in the API and may have different permissions (to read, to write, etc) defined in the apikey creation (3).
I understand that Auth0 may help with the authentication and authorization of the administration page ie (1) and (2) above. But does it work for issuing, validating and revoking api keys ie (3) to (5) above?