Hello. Our team is working on a somewhat interesting flow in order to integrate “Subscribe with google” https://developers.google.com/news/subscribe/ . The challenge of the flow is this:
- User lands on a page
- Either because user has subscription through google or because user just bought it - google sends a valid signed id token (along with the additional info about the purchase)
- The token should be validated on the backend to confirm correct signature
- If everything is correct, and that token is to be trusted - user has to be created with a link to the google account (as if user used login through google) WITHOUT any additional authentication screens.
As you might expect - #4 is the biggest challenge. We’ve searched through documentation and forums for Auth0, and yet were unable to find an answer for this. Basically we would like to know:
- Can the user be created with a social login link via the api or in any other way WITHOUT direct authentication?
- How could web user session be created WITHOUT direct authentication?