Hi there, We have to implement an openID connection where we give a connection for a user without any login connection in our IDP. Basically the flow would be • Auth0 redirect to O*ry* with a oauth2 code flow using pkce and a redirect URI to their server • Ory redirect instantly to Auth0 with an oauth2 code flow that open Auth0 sign-in where they will set the sub • Once logged-in, they redirect back to Ory where we recognize the sub and give a session for the designed user • We redirect back to their server and they retrieve a the information to get an Ory access token - The best would be to give them also a session cookie Basically, we want them to delegate the authentication to Auth0 but give an Ory session in the process. The client is using Auth0 and want to integrate our app into their app and sign both (their auth0 session and our ory session ). I'm trying to figure out the configuration but if anyone already implemented this and can help, that would be great 🙏

I am not sure I understand the flow, do you mean Login with Auth0?

The flow is rather complex, we implemented the other way around with a provider. Login with Auth0, I mean they use their Auth0 login page to authorize the auth2, not Ory.

These type of delegating flows, usually utilize OAuth2. If Auth0 supports Ory as an OAuth2 provider, you could configure Auth0 to use your Ory project via OAuth2.

• Ory redirect instantly to Auth0 with an oauth2 code flow that open Auth0 sign-in where they will set the sub

This can be done by configuring the OAuth2 client in Ory to skip consent (e.g. a first party client): https://www.ory.sh/docs/oauth2-oidc/skip-consent I don't know enough about Auth0 and their functionality here to give any other concrete advice, unfortunately.

Hi Jonas, I tried to rewrite the steps The client (using Auth0) wants to start an Oauth2 OpenID flow to get a session from our IDP (Ory) using only Auth0 sign-in : • Auth0 redirect to Ory initiating a oauth2 OpenID code flow using pkce and a redirect URI to their server • Ory redirects instantly (without consent) to Auth0 with an oauth2 code flow that opens Auth0 sign-in (where the user has his credentials) where they will set the sub • Once logged-in, they redirect back to Ory where we recognize the sub and give a session for the designed user (because Ory trusts Auth0 to authenticate our user) • We redirect back to their server, and they retrieve the code to get an Ory access token. The best would be to give them also a session cookie if possible because the client using Auth0 wants to use our API (with an access token) but also integrate some webview of our platform into theirs.