Migrating from an old, on-prem system

Hi there,

I’m migrating from a legacy, single-tenant system that has it’s own proprietary auth scheme. To do this, we’re adopting the “strangler-fig” pattern (StranglerFigApplication) and trying to embed a brand new UI component in the equivalent of an iframe and pass some authentication context from the legacy component to the iframe.

One of the wrinkles is that I produce an access token which is specific to the user + organization in the legacy application, but there’s not a good flow for this (the m2m app type doesn’t get user/organization context, and I don’t want the user to have to log in again using the code flow). I’m obviously going to migrate the user into Auth0 ahead of this exchange, so they’ll have a logical record in Auth0 when it comes time to produce a token for them.

Is there a way to pass the contextually relevant information into auth0 so I can write a rule which does this? (aka, the Auth0 user’s id and an Auth0 organization identifier so that I can get an access token which represents that user’s permissions) Or maybe there’s another OAuth flow I can use?