Problem with IdP-initated SAML login flow

I’m really struggling with IdP initiated SAML login flow. I may be over complicating it, and I hope that’s what it is! I have tried two things:

  1. Using a SAML response type. This is fine enough, but I have no idea I can verify the request is from Auth0 itself. The only thing I can find is by compiling all of the SAML settings my user provided when we set up their enterprise connection, and doing the SAML verification manually…which seems to defeat the purpose of Auth0 entirely.
  2. Using the OpenID Connect Response Type. This is the only one I’ve kind of got working. By kind of I mean I can do the token exchange, but when I make a request to /userinfo , it returns a 200 empty response. This is strange, because I have this response_type=code&redirect_uri=http://localhost:8000/sso/redirect/saml&scope=openid%20email%20profile set as my querystring, which I thought was supposed to change the OpenID request when getting the auth token.

The different things I’ve tried for #2 is: not tried to url encode the space separations, change the redirect_uri so I know it’s picking up something in the query string.

I’m honestly OK with either solution, I’m just really struggling here