Obtaining an SSO session via an access token

Joe_Tillotson · November 1, 2019, 3:54pm

Hello community, I’ll keep this short and sweet: based on a trusted service-based process within our own network, we have a small number of users who obtain a valid access_token. We would like to pass this access_token to one of our SPAs (that uses the Implicit flow, eventually the auth-code-w–pkce flow) and have that user obtain an SSO session based on the presence of this access_token.

So to be clear: I realize I could have the SPA store this token and use it successfully (e.g. in local storage or in memory) but that will only provide the poor human user with a short period of use. IOW, they will have no method for obtaining subsequent access tokens silently.

My simple question is: is there today (I don’t think so) or will Auth0 someday support a flow whereby a user can exchange an access_token for an SSO session?

I have heard people in the industry support this idea, but see no IETF-style recommendation for it?

dan.woda · November 8, 2019, 7:55pm

Hi @Joe_Tillotson,

I am going to repeat the information provided by our support team for future users with a similar question.

In short, this type of flow is not provided as an out-of-the box solution at this time. The SSO session leverages a cookie, and this cookie is set upon login. The SPA in this scenario would need to prompt for login.

Thanks for reaching out on this. Please provide further information to our feedback page.

Kind Regards,
Dan

dan.woda · November 22, 2019, 11:56pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.