I have a use case where I need to authorize users based on a JWT that by website is passed (from an IFrame). My backend API can support this (create an “auth” endpoint that checks the token, provisions new accounts via the Auth0 management API, and returns an Auth0 JWT). However, I’m wondering if I can accomplish this without all the extra steps.
Ideally, I’d like to still take advantage of Lock by passing the token as a custom field or something, and using a rule to override the authentication? Would something like this work? At the end of the day, I would still like to use Auth0 to manage these users, along with my standard users (using a normal database connection), with minor modifications.