We use Auth0 to secure mult-tenant SaaS based site, this works well for username and password authentication, no issues there. (This is a .Net Core implementation, using the new OIDC compliant method)
In addition to the above integration with Auth0, we would like to open part of our application up to 3rd party applications in 2 ways (3rd party applications could be any technology):
This will form back-end integration and we can secure this by means of an AP key (secret key) passed into all calls.
Q1 :Is there a better way using Auth0 since we will have a user (account owner user) who can authenticate via username and password? is that overkill? any thoughts on that?
A page/view via an iframe
Part of the application has a specific user interface that we want to expose via an iFrame, this effectively runs within our own site, but we need the 3rd party application to authenticate their user when the iframe loads.
Q2: Is this a candidate for Silent Authentication? any thoughts on this?
Q3: Will the 3rd party application need to create a user in our application (and we create additional Auth0 users and they use the auth0 credentials, eg username and password, or does this work differently?)
Thanks for your time.