I have been able to get IdP initiated login to work using Auth0 as my SP and Okta as the IdP. My application is a ReactJS SPA.
However, something that puzzle me is that in our app we use Auth0Provider to handle all the token exchange for logins. This works fine for both login/password logins and currently we also have Google SSO. Auth0Provider works fine for both, but NOT for IdP initiated logins. Why is this?
In order to get IdP initiated logins to work, I had to create a dedicated route. I was finally able to figure this out by following the guidance here: SSO/SAML for React SPA
I am passing the SAML connection_id in the redirect_uri and using the connection id to call loginWithRedirect().
Is this a bug in Auth0Provider? Ideally, I would like Auth0Provider to handle this for me. I’d appreciate if someone can explain why it doesn’t.
Auth0Provider doesn’t handle IdP-initiated logins because it is specifically designed to handle user-initiated logins. For IdP-initiated flows, your app must manually handle the authentication response (such as a SAML assertion or OIDC token) and pass the relevant information to Auth0 to complete the login. This means using a dedicated route and calling loginWithRedirect() with the appropriate parameters.
It would be nice if there were more seamless support for IdP-initiated logins directly in Auth0Provider. I would recommend submitting feedback about that this following this guide: How to Submit Product Feedback or Feature Requests