I want to use the Job Scheduler service on Cloud Foundry. A user should be able to issue an OAuth 2.0 Authorization Code Grant after authenticating with an IdP (eg via SAML 2.0) so in the future a repeating job will be able to access a onpremise destination on behalf of the user with principal propagation.
The job and the application should preferable be implented as a node.js application.
Unfortunatly I was not able to locate a documentation detailling the necessary steps to use an OAuth 2.0 Authorization Code Grant for such a scenario.
How can an application retrieve, store and use the per-user access and refresh tokens or is this handled automatically by some framework?
On the examples I see an application router component used with node.js applications on cloud foundry. However this only deals with current requests of the currently logged in user and not with future background access after the initial interaction with the user has ended.
Thanks for any help in this area!