We currently have the following use case: a web application we wrote that has a front-end UI and back-end APIs, where user authentication is federated from an external IdP via OIDC to Auth0. After a user authenticates successfully, the user gets an ID Token for the UI access and an Access Token to access the back-end APIs. This part currently works fine.
The UI contains also a link to another 3rd party application that runs on our servers. We don’t have the source code of this 3rd party application
This application supports SAML and it is accessible via a browser via its own UI. The question is: how can a user authenticate on this application via the user’s browsers without having to re-enter the user’s credentials? OAuth2 Token Exchange comes to minds, however it appears it is not yet supported by Auth0. Is there any other way that this can be accomplished via Auth0 and that perhaps we are overlooking? Thanks.