We recently released the Tyk Identity Broker to help bridge the gap between IDMs and Tyk, you can can send your traffic to TIB, it will proxy or validate against the third party provider (there are various ways, and generic handlers are provided) and then use that validation to generate an API token for the user so hey can use Tyk.
While it does this, it embeds identity information within the token metadata in Tyk so that it can be used upstream in your services using our API, or header injection modules.
The Tyk Identity Broker is available open source and we encourage users to modify it to their needs. It acts very similarly to Amazons Secure Token Service for integrations like this.
We tested it against Auth0 here:
What kind of flow are you thinking of using?