Please let us know is it possible to get the google/facebook email and password from user in front end and send it to our back end then get the access token via API calls without redirecting to the providers login page?
TL;DR: Don’t even try to see if it is possible or not; such approach should not be employed.
For the longer version, as far as I’m aware there is no endpoint in the Auth0 service that would accept a username and password and call Facebook/Google or other social provider directly to exchange that password.
The credentials of a user should only be given by the user to the entity that owns those credentials, so an end-user should only give their Facebook credentials to Facebook and never to a third-party that promises to only use them for the greater good.
In addition to that I know that at least Google will also NOT offer by default any endpoint that would accept a Google username/password and return tokens. I believe Google has the concept of less secure apps where such a scheme may be possible (https://support.google.com/accounts/answer/6010255?hl=en), but that is not something that you could leverage through Auth0.
In conclusion, you should not consider such scheme and if you do you’ll have to do it on your own and dependent of the social provider in question allowing it or not.
@jmangelo Thanku for your response…
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.