I am working with a partner company on an Oauth2 workflow for their users to log in to our application. As a part of this project the partner company has built their own IDP for the purpose.
They gave me their authorization URL, Token URL, client ID and Secret, etc. And when I test using those details I can get the Auth0 system to say “Yay it works!” - but that’s only when I put bogus details into the profile in the fetch-user profile script.
When I log out the ctx and accessToken from the fetch-user profile script, I get no useful data (outside of the standard ones that Auth0 provides: tokenURL, authorizationURL, etc.).
In other social connections I have setup with other similar partners - typically I’ve had an accessToken value, and there has been a JWT in the context object that holds the user’s data.
So here’s my question (and I know I probably need to give more context - just help me know what context is needed): it seems apparent that something is wrong with the IDPs setup - but how can I identify exactly what they are doing wrong? Are they naming some of their token response fields incorrectly? How can I confirm that? I haven’t build an IDP myself so I’m sinking or swimming here a bit.
Thanks in advance.