There is some work happening at the moment to address this.
The current proposal is to all adminAuth
to provide a custom tokens
function that can be used to validate any Auth token that isn't recognised as one NR generated itself.
That would then allow you to create an admin-only Auth token that can be used independently of the main oauth login scheme.
I hope there will be a design note or PR that I can link in the near future.