We are currently using the for simple authentication across our platform i.e. users we store information about login and use our platform (this is working great).
However, we want to be able to enable one of our clients to integrate/call on of our APIs using user accounts they have already setup in their PingFederate. So the theory is we basically just validate their token and if it’s valid send back the data and if not send back a not authorised response.
Is this best done by creating a PingFederate SSO connection in the dashboard and then we call Auth0 from our API to validate the token? Or is it better to not use Auth0 and call straight to their PingFederate (I would rather go through our Auth0 if possible).