We currently have a SAML app setup that allows users to authenticate to it via SAML, it does not support OIDC. The user authenticates to the app and everything is great. But the app also needs to be able to get an access token from an auth server containing the authenticated users information. The app will then use this access token to make subsequent calls to an API.
We could in theory just generate a client id and secret for machine to machine authentication and then the application can get a token back. But the token will not contain the authenticated users information which the API is expecting in the access token.
Is there some other way to get an access token from an auth server containing user information?
I did attempt this but it seems that is only intended for a SAML assertion generated from an external IDP. When I try this with our Okta tenant being the IDP it just returns an error saying “‘Assertion’ is not a valid SAML 2.0 Assertion”
Why not just kick off a separate /authorize flow after the user has logged in via SAML? Since they already have an Okta session, they shouldn’t be prompted to re-authenticate and will instead be sent directly to the redirect_uri with either their code/token(s) (depending on the flow you use)?