My team is attempting to authenticate and create Auth0 sessions for users we have already authenticated via the Management API. Once we retrieve the user’s access_token and id_token, we are looking to verify and then sign those users into our WordPress sites via the PHP SDK.
So far we have been able to verify and validate the tokens received from the Management API but we haven’t found any information regarding using the SDK to actually sign-in the user programmatically on the backend. Is this possible to achieve?
Background:
We set users up with a device for which we create a new account for.
We automatically retrieve the user’s access_token and id_token from the Management API and pass those values to the device
We then set a cookie on the device’s web browser which is validated
We then want to automatically log the user into the site using the SDK so that SSO works across all the sites we have setup with the Auth0 WordPress plugin
It’s not possible to authenticate a user from the backend from the SDK. The SDK only supports users following through with the authentication flow, and directly sets up the end-user device with the necessary session/cookies. We don’t presently support any approach to doing this in a non-interactive manner.
The WordPress plugin also ties its authentication state to a native WordPress auth/session. It does not presently support setting the auth state up in a non-interactive manner that would support this.
You would need to write an entirely custom approach for this, and it would require reverse engineering the processes used by both the SDK and the plugin, and spinning it into your own library/plugin. I can’t guarentee that it would work, and this isn’t something we can provide support with. Sorry, I can’t provide a straightforward solution.