Auth0 Home Blog Docs

Open Id Connect Token Exchange and Auth0


#1

Hello,

I am investigating if Auth0 is an alternative for the identity providers that we currently support (ADFS 4.0, AzureAD).

We have the following application setup:
• Frontend application that consists of a JavaScript angular application, and a frontend API
• Backend with a backend API

We currently have the following flow:

  1. Javascript application authenticates the user with the IDP using implicit flow and gets back an access token (token1)
  2. Javascript application calls the frontend API and passes token1
  3. Frontend API validates token1
  4. Frontend API exchanges token1 for an access token that can be used for the backend API (token2)
  5. Frontend API calls the backend API and passes token2
  6. Backend API validates token2 and processes the request

To implement step 4, we are using ‘token exchange’, see https://datatracker.ietf.org/doc/draft-ietf-oauth-token-exchange/

An earlier version of this draft is implemented by AzureAD and ADFS 4.0, see for instance this page: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-scenarios#daemon-or-server-application-to-web-api

I read elsewhere on this forum that this is not supported by Auth0, see : Token exchange multiple audiences

I have the following questions:

  1. Is the information still correct that Auth0 currently does not support such a feature?
  2. Can I find anywhere if such a feature is on the roadmap for Auth0?
  3. Do you have suggestions on how to handle our setup other than the ones already described in the post mentioned above?

Thank you,

Tim Jansen