Question: Is there a way for Auth0 to mediate the generation of AWS temporary tokens for use with the AWS API?
Is there a way for Auth0 to mediate the generation of AWS temporary tokens for use with the AWS API or CLI? I see references in the community forum to this now deprecated functionality
Our developers must generate such temporary tokens as they need to authenticate their command-line build tooling with various AWS servers.
Answer:
The delegation endpoint which mediates this flow is deprecated and isn’t available for new tenants.
However, you may still build this functionality on your own while using Auth0 as the SAML identity provider. The delegation endpoint behind the scenes uses the AWS Secure token service (STS) to get tokens from AWS. The following document from AWS explains the flow along with a sample python code.
Once all the pieces are integrated, Auth0 will be the SAML identity provider. Your CLI tool will be the SAML service provider. The CLI tool will use the SAML response from Auth0 to get a token from the AWS STS service to consume with AWS API.