We are trying to access data from 3rd party resources (such as slack/microsoft graph api) on behalf of a user using OAuth2, but we don’t want to use the “log in with X” capability of auth0, all we want is to get the access_token to call the 3rd party api on our backend, but let auth0 store the tokens and handle the refresh.
For example, suppose a user is logged into their slack account already, and they are also logged into our website. With standard OAuth2 flow we would present the user with a link to slack to provide consent for us to access their slack data, and if they do provide consent then they would be re-directed to a redirect_uri which will then allow us to call slack’s token api to get auth_token and refresh_token.
Question: Is it possible for the redirect_uri to be handled by auth0, and let auth0 store the access_token, and refresh_token, such that whenever we need to access the 3rd party api, we ask auth0 for the user’s access_token (and also let auth0 handle the token refresh), without using the 3rd party as identity provider (i.e. we won’t log in through slack/microsoft ect).?
This question is similar to: How can we twitter OAuth without social login? - #6 by daiki44 except we want to use auth0 to store the auth_token and do the refresh (if that’s possible).