I am fairly new to Auth0, and I’m having a hell of a time figuring out how to implement Auth0 as our identity provider. Here is the simplest target architecture:
We have a REST API.
We create an Auth0 User, and use the Username-Password connection to give that user a username and password that is stored on LastPass’s server. We send the user their credentials.
A user sends a POST request to a /get-token/ endpoint, along with their username and password.
The API reaches out to Auth0 with these credentials, and gets back a JWT, as well as some information about the user.
The API returns the JWT to the user. Now, on subsequent requests to other API endpoints, the user can include the token with those requests, and the API can verify the token and use it to identify the user.
The step I’m struggling with is #3. I do not understand how Auth0 wants me to retrieve an access token on behalf of a user. Everything I can find wants me to redirect the user to the authorization page on Auth0, but I can’t redirect them to a URL when they are just interacting with me via Postman or a CLI or a library they wrote. What am I missing?