Is it possible to build a request flow like "user <-> regular webapp <-> middleware service <-> auth0 tenant"?


I’m trying to investigate the feasibility to build a request flow like: user <-> regular webapp <-> middleware service <-> auth0 tenant. If there’s no middleware service here, the flow is quite classic and described in Authorization Code Flow.

But if we want to have a middleware service in between to talk to auth0 tenant, with the regular webapp no ware of the auth0 domain/client information. How should it work? I think the middleware service is able to generate the redirect url and send it back to the regular webapp, regular webapp can redirect user to auth0 login page. When the user logs in, the callback request should go to the middleware service, is it possible to get the tokens there and send them back to the regular webapp? Actually I’ve done some local tests and encountered a “The received state doesn’t match the expected one” error when the middleware service tries to verify the authentication code during the callback request.

So I start to suspect whether this flow is feasible because the middleware service seems to be not aware of the user browser session. I’m a beginner in this area so I tried to explain my situation and posted this topic here. Hope someone can help to answer the question. Thanks in advance!