we have a slightly different flow for first time users in our app and would like to get help with how to do the login correct. the flow we have:
- the user installs our app via a some marketplace (where he is authenticated there, and we trust that he is authenticated)
- when installation is done, the marketplace redirects the user into our backend api
- we generate the user in our DB and also use auth0 sdk (python) to signup the user into our auth0 connection (we use DB in auth0)
- we use the auth0 sdk to make a login for this user (still in the backend code)
- then we would like to set the cookie\session and redirect the user into our webapp home page (next js client)
- we expect that at this point the user will be considered as logged in. we use the next-auth0 client withMiddlewareAuthRequired that enforces authenticated user at all routes.
what we struggle with is steps 5 & 6, where we couldn’t find a way to convert the login response we get from the server (access_token, id_token, token_type) into a valid auth0 session in a way that the middleware will identify.
any help is much appreciated