SAML auth flow and how to use the Code parameter

Hello there.

I’ve configured a SAML authentication and something is not what I was expecting, so here’s a recap of the flow:

  • the user land in oauth0 login page and is redirected to my IdP (in this test case is Azure, but in future I’ll need to configure also SiteMinder)
  • the user correctly log into Azure and the SAML response was then sent to auth0
  • auth0 correctly create the User with the information retrieved from the SAMLResponse
  • the flow ends with a final redirection on my redirect_uri, appending a CODE parameter in the URL’s query string.
    (For my experience, I think that the given CODE can be useful to retrieve a token that can help me retrieve the connected user info)

Now the question is:
In order to retrieve, from my redirection uri location (my server), the user that do this flow, how can I do? It seems that the CODE parameter is totally useless, but please let me know.
I also know that if I use my server as ACS and then configure the URL in my IdP, I’ll receive the SAMLResponse and can decode that, but this solution is a bit messy.

Thanks a lot.

Hey @sergio.sorgente , Welcome to the Auth0 Community!

Code is the authorization code received from the Auth0 Authorization server which can be
exchanged using the token endpoint from Auth0 server.
Auth0 acts as a Service Provider which Talks SAML with your IDP and Auth0 processes the SAML response from the service provider and provides you OIDC style code to your App.

The OIDC flow you have initiated using the /authorize command will dictate what type of response you
will receive from Auth0(code, tokens etc), check these flows:

Most of the time you can use our SDKs to automatically get tokens from code. Our quick starts implement most of the languages.

Let me know if this helps!

Regards,
sidharth

1 Like

Thanks for helping on this one Sid!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.