I have a custom SignUp form, which has to be on www.myApp.com/signup (this is given due to SEO & UX etc)
The “SignUp” button does not actually access Auth0 API directly, but creates a ajax request to our API (there is some pre-processing that has to be done) which then, if pre-processing success, internally does request to Auth0 Application API to (https://our-tenant.eu.auth0.com/dbconnections/signup). Our API acts partially like a proxy.
After both, the pre-processing and proxy request are successfully done, I need to redirect new user directly to app, without a login (to secured.myApp.com). During the signup process, I have user’s email and password in memory, I can call some Auth0 Authorization API.
I did some research and there is quite a lot of posts about automatic login here, however none seems to be suitable for this situation.
Here @mathiasconradt sugests to use Resource Owner Password Grand. This grant returns a JWT in response. Indeed, I can proxy this JWT back to user’s broswer, and store it in memory, but after browser refresh the JWT is lost.
What may solve this is to get a redirect link from Auth0 with autorization token. Normally, login at myapp-tenant.auth0.com redirects user to secured.myApp.com/authorize?some-magic-codes-here=xxx
Can I get from Auth0 this redirect link? Does this make a sense? What is the ‘Auth0 way’ for such situations?
Thanks a lot