Hi Friends,
I’m a bit new to using Auth0 so please bear with me here.
I’m looking to build an application in which my users are actually people who currently use Auth0 for their authentication/user management.
As part of the onboarding flow, I need these users to authorize use of their Management API (I assume via Oauth and receiving a bearer token similar to how many other apps authorize access).
I’m imaging the flow is:
(1) Have some sort of a direction to the UI to the following endpoint:
https://{theirAuth0Domain}.com/authorize?scope=openid profile email read:posts write:posts__&response_type=token&client_id={MY_CLIENT_ID}&redirect_uri={REDIRECT_LINK}
(2) Have the user authenticate (if necessary) and otherwise agree to consent
(3) Receive Bearer token from corresponding request sent back by Auth0
I’d like to verify this understanding is correct but also:
I’m a bit confused about how I can know their Auth0 domain at time of onboarding. Would I need to navigate them to some sort of Universal login to Auth0 first if they haven’t been authenticated?