Flow for IDP Initiated SSO/SAML

I’ve been playing around with using Auth0 as a service provider and wanted to confirm the flow that I setup is correct to create an authenticated session in a webapp. I initiate authentication from the IDP. This IDP is setup in my enterprise connections and setup to use a client with a Client Type Regular Web Application. The client has a callback URL setup that is an endpoint in my webapp.

The callback receives a code and on the server side uses it to make an API call to https://{tenant}.auth0.com/oauth/token to get an access token and id token. For the id_token to return in the callback in my connections setup I had to set the Query String in the idP-Initiated SSO to “scope=openid”. It then verifies the JWT signature, decodes it to get the user information, and creates a session in the webapp for that user. It then redirects them to an authenticated home page.

I based the flow off of the instructions here: Add Login Using the Authorization Code Flow but instead of calling the userinfo API to get the user details, I use the id token to reduce another API call. Is the userinfo endpoint the preferred way of getting user profile details? One thing to note is that there is potential for adding some attributes to the SAMLResponse that are not part of the default user profile.

Thanks in advance

Hey @rodr

As it has been more than a few months since this topic was opened and there has been no reply or further information provided from the community as to the existence of the issue we would like to check if you are still facing the described challenge?

We are more than happy to assist in any way! If the issue is still out there please let us know so we can create a new thread for better visibility, otherwise we’ll close this one in week’s time.

Thank you!

This topic was automatically closed after 6 days. New replies are no longer allowed.