We use OIDC/OAuth to authenticate and authorize users of our services.
Our apis require a valid access token (JWT) with correct permissions set in the claims.
We are trying to integrate another tool in which we need to make requests to our apis, but the tool only supports SAML2 integration for SSO.
We have setup an application in our auth0 tenant with the saml2 addon enabled and authentication works fine.
Is there any way to use the saml response (assertions) to fetch an access token that can then be used to access our apis?
It’s not possible to convert a SAML response to an access token directly - however, you will be able to perform a silent authentication after the user logs in with SAML to get an access token. The audience of this second authentication request should be the API identifier of the API you need the access token for. You’ll be able to use one of Auth0’s SDKs to perform the request from the app.
2 Likes
Thanks for the reply Thameera! This was very useful.
Hope you don’t mind but I have a couple of follow up questions;
Does the silent authentication force a redirect/callback or can this happen completely silently?
Can you give me an idea of which endpoint we need to hit on auth0 (or an example of an sdk usage)?
Many thanks,
Alexander
No problem! The silent auth can be done silently - some of our SDKs do this in an iframe so it is transparent.
Either of these SDKs should work for your use case.
1 Like
Thanks for helping on this one Thameera!