The client (using Auth0) wants to start an Oauth2 OpenID flow to get a session from our IDP (Ory) using only Auth0 sign-in.
- Auth0 redirect to Ory initiating a oauth2 OpenID code flow using pkce and a redirect URI to their server
- Ory redirects instantly (without consent) to Auth0 with an oauth2 code flow that opens Auth0 sign-in (where the user has his credentials) where they will set the sub
- Once logged-in, they redirect back to Ory where we recognize the sub and give a session for the designed user (because Ory trusts Auth0 to authenticate our user)
- We redirect back to their server, and they retrieve the code to get an Ory access token. The best would be to give them also a session cookie if possible because the client using Auth0 wants to use our API (with an access token) but also integrate some webview of our platform into theirs.