Here is our scenario. We have a mobile app (setup as native in Auth0) that does it’s login through the app via Auth0. That mobile app then calls an API using the “Execute an Authorization Code Grant Flow with PKCE” found at https://auth0.com/docs/api-auth/tutorials/authorization-code-grant-pkce. The API is setup in Auth0 under APIs and the mobile app is successfully generating and passing an access_token.
The next step is the API needs to connect to a website endpoint (protected by the same Auth0 as the mobile app) as the user logged into the mobile app. So far I have been unable to make this work and am not sure how to proceed. At present it keeps redirecting me to the Auth0 login page. I’m unsure how to “authenticate” to Auth0 that the user is already logged in from the mobile app and we can hit the website endpoint with an SSO-like flow. Does anyone have any direction on how the API would interact with the website? I’ve passed the access_token, but that doesn’t appear to be working unless I need to do something else as well.