Encountered an authentication issue that seems pretty unique and was wondering if we could get some pointers. We have a single page application written in Angular talking to a REST API on the backend. The normal flow is for the Angular client to log the user in, then send a Bearer token in the authorization header every time a request is made to the REST API, which does a check on its end before responding.
We also have two main types of users, those external to our company and our internal users. External users log in with the typical username/password and are stored in the Auth0 database, whereas internally we’ve set up an Enterprise ADFS connection to authenticate users and check group membership in our own Active Directory. Using the Angular client, both types of log in result in the client receiving a Bearer token that is then passed to the REST API on every request it makes
Our API test automation team is trying to develop a test suite that requires them to write cases specific to each type of user. For the external ones, it’s been easy enough use the Auth0 Authentication API’s /oauth/token endpoint and pass it grant_type = password along with username, password, and client_id to receive a bearer token.
The problem is we can’t figure out the equivalent thing to do for our internal users. Even though our ADFS setup does result in our internal users being stored in the Auth0 database after their initial login, using /oauth/token with grant_type = password does NOT work for this type of user the way it does for external ones (and also seems incorrect to attempt anyway based on the Authentication API documentation).
So the question is, how do we proceed to get a token for our internal users using the Authentication API? Our normal setup funnels folks through the ADFS authentication path if their email domain matches our company’s at the login prompt, but we’ve been having a heck of a time figuring out how to use the Authentication API to do something equivalent and also return a bearer token at the end of the process. To further complicate matters, our dev and test ADFS instance is configured to prompt for a user and password when you hit it (to let us mock authenticate as other company members in lower environments), and it’s not clear how to deal with that using your API.
Thanks in advance for your time. Any help is much appreciated!