We want to allow an external customer application to access our APIs.
Below is the scenario:
- End users login to external customer web application.
- The web application should be able to make calls to our APIs directly from the web browser.
- API access should happen using token issued to user and we should be able to identify user.
Could you let me know which Oauth 2.0 flow would be applicable for this scenario? I think an Auth0 native application needs to be setup along with a customer IdP connection and this application will act as a SAML SP.
- If customer applications work under SSO will it work there for this flow also or we need some additional setting in Auth0 for this requirement?
I looked into documentation for details but could not find all information for this scenario as one document. I am finding it difficult to join the information. Please provide steps, docs link for those steps and if possible one small block diagram for the same.