Hi @jeremybong,
Welcome to the Auth0 Community and thank you for your post!
Even though what you are specifying here is correct when it comes to standard OAuth 2.0 flows, this is not a standard way of processing SAML assertions in Auth0, so that is why the error mentioned shows up. When the assertion is validated in Auth0, a user session is created right away.
The recommended approach would be using one of our SDK’s, such as the Auth0-React in your use case ( you can check out the documentation here ) which handles the SAML response automatically, as well as generating the tokens. Then you can initiate the login using:
loginWithRedirect({
connection: "YOUR_SAML_CONNECTION_NAME",
})
I would also suggest checking this community posts that will better clarify the situation:
I hope this helps, so if you have any questions please let me know.
Thanks,
Remus