Hello community, I’ll keep this short and sweet: based on a trusted service-based process within our own network, we have a small number of users who obtain a valid access_token. We would like to pass this access_token to one of our SPAs (that uses the Implicit flow, eventually the auth-code-w–pkce flow) and have that user obtain an SSO session based on the presence of this access_token.
So to be clear: I realize I could have the SPA store this token and use it successfully (e.g. in local storage or in memory) but that will only provide the poor human user with a short period of use. IOW, they will have no method for obtaining subsequent access tokens silently.
My simple question is: is there today (I don’t think so) or will Auth0 someday support a flow whereby a user can exchange an access_token for an SSO session?
I have heard people in the industry support this idea, but see no IETF-style recommendation for it?