We’re integrating our app with an OIDC Provider that has a large Cognito user pool. We’d like to set up Auth0 in between to make the login process look like:
- User clicks a “Login” button on the OIDC side. URL looks like https://<tenant_name>.us.auth0.com/authorize?accessToken=<access_token>&returnToken=<return_token>&response_type=token&client_id=<client_id>
- Auth0 redirects user to our app and includes an access token in the URL param.
- Our app parses access token, gets user info and logs user in.
We’ve set up this chain but Auth0 doesn’t include the access token on step (2), hence we cannot identify a user in our app.
As I understand, this is what’s called an IDP-initiated SSO, can we achieve that with OIDC?