SAML SSO programatically


I need to be able to make REST calls on behalf of a user.
The third party data provider uses SAML SSO. The calls happen outside of browser context (think mobile clients).
At this point I’m not even sure if it’s doable as SAML SSO expects the requests to be made in browser to do redirects and to set cookies.

I was thinking that maybe I could turn our Federation Gateway into SAML IdP and add it as Enterprise Connection to Auth0. Then issue a SamlResponse and use IdP initiated flow. The part I’m not sure about is how to exchange my SamlResponse for OAuth token that can later be reused to make REST calls.