Our application has a couple different authentication flows. We were hoping to use Auth0 with all of our flows, but one flow doesn’t seem to match perfectly up to Auth0’s use cases. In particular, we have a widget that our customers can expose (via a redirect or iframe). It will be exposed by a one-time use link. When the link is activated, the idea was our web app would get an access token from our backend in a widget context, so the widget could hit the some our backend endpoints without a user being authenticated.
By the looks of it, we could do this via the M2M Auth0 flow, however, I believe that’s only limited to a certain number of total tokens a month. Is that correct? If so, that won’t work for our use case, as the total widgets we open will be effectively 1-1 with the users in our database, so 1K a month should be blown by very quickly. Are there any recommendations as to other options within Auth0 we could pursue here?