I’m planning to have a marketing page with embedded login which should be redirected to my web app when authentication of email and password is successful.
I’m trying to request on /outh/token with http://auth0.com/oauth/grant-type/password-realm as grant type. I’m getting the access token and id_token successfully. Is this the access_token I need for redirection to my web app? I’m kind of have no idea what to do next. Can someone enlighten me? Thanks
A couple of things: Resource Owner Password Grant isn’t recommended, instead we recommend using a redirect flow, so you can do SSO.
A redirect flow will also work nicely to redirect to your web app.
You may or may not need an access token, depending on the architecture of your web app.
Thanks for replying. I see, just one more question, when you said redirect flow,
did you mean Authorization Code Flow? Thanks again, John.
Yes, Auth Code flow (or one of the other flows, like Auth Code + PKCE…)
Thanks, John. Will try your suggestion today.
Let us know how it progress!