This was provided by a customer who was working to implement authentication between one of their platforms and Auth0 (PeakCommerce IdP).
I downloaded an installed the Auth0 PHP library, and eventually got it working. SSO still did not work. After some research, I found this: https://dev.auth0.com/docs/api-auth/tutorials/silent-authentication
In a nutshell, for SSO to work, first you call authorize as you do now, with the extra parameter “&prompt=none”. If the user is already logged into Auth0, then he is not prompted for the username and password, and the normal callback is called with “?code=…&state=…”, and you can exchange the code for the access tokens as normal.
If the user isn’t logged into Auth0, then the callback is called with “&error=login_required&error_description=Login%20Required”, and so you redo the authorize call without the “&prompt=none”. The user is prompted for the username and password, and the normal callback is called with the code and the state.
