I have a web application where users log in using their login an password.
I'm creating a Salesforce Community for those users, for them to ask questions, read articles, start discussions, etc.

I have a scheduled process now that synchronizes the users I have in my application to Salesforce. I'm extending that process to create contacts and community users, so my users won't have to manually register into the community.

In the next step, I'm going to add a link to my application where the users can click and be logged into the community, in a new window. As the users are already logged into my application, I don't whan them to provide their login again to communities. How can I achieve that?

I read a lot of Salesforce documentation on loggin in using SAML and OAuth and couldn't find anything that suits my needs. OAuth is all about authenticating the user and giving me an access token, so my application can perform actions in the community on the behalf of my user. I don't want that. I only want to login the user.

A solution could be use SAML to single sign on, but then I would need to manage my user in a SSO provider and I don't want to do that. Is there any way to log my user into the communities using only its email or Salesforce Id, without requiring them to provide credentials? Can I provide some secret or key from my application and log in any user I want?

I found something close to that with OAuth 2.0 JWT Bearer Token Flow, but even then I would need a user first authentication to get an authorization token.

Thank you