Auth0 Home Blog Docs

Is there an API to get OIDC token

api
login

#1

Does Authentication API allow to emulate user’s login?
We are using a third-party service which, in turn, uses Auth0 to get OIDC token.
Upon login attempt, we are getting a pop-up windows prompting for username and password.
Is it possible to trigger authentication via API (golang, python)?
So far we have been using selenium to emulate user’s input for the username and password, but this approach cannot be reliably used in CI/CD pipeline.
Are there any alternatives?


#2

You can use the Resource Owner Password Grant:

This is the OAuth 2.0 grant that highly trusted apps use in order to access an API. In this flow the end-user is asked to fill in credentials (username/password) typically using an interactive form in the user-agent (browser). This information is sent to the backend and from there to Auth0. It is therefore imperative that the application is absolutely trusted with this information. For client side applications and mobile apps we recommend using web flows instead.


#3

I cannot use /oauth/token because I don’t have client_secret. The client_secret belongs to the third party.


#4

I missed that part, thanks for clarifying. I’m afraid there’s no other secure way of obtaining an access_token with username/password combinations in the same fashion a user would log in.

Could you describe more what’s the exact integration between this third-party service and your app that you’re attempting to test as part of your CI/CD pipeline?


#5

The third party is a client of yours. We are developing a service that integrates with the third party. The end-user (our customer) is interacting with the third party and is prompted to provide the OIDC token. The token is obtained via a browser by accessing GET /login?redirect_uri=urn:ieft:wg:oauth:2.0:oob.
For the purpose of testing pipeline, we wanted to “program” getting OIDC token without user’s interaction.
Do you have any recommendations?