Thank you very much for this reply Nicolas. I definitely do not (yet) have a full understanding of what turning on “Enable seamless SSO” signifies vis-a-vis the flow between our app<->Auth0. I am used to the query param “prompt=none” being sent (in the call to /authorize) if/when using the auth0-js NPM package in a web (SPA) app.
A follow-up question. You mentioned in your answer:
“If your native iOS app needs to authenticate the user (because it’s the first time the user uses the app, or the refresh token is invalid),…”
Today we use refresh tokens and have (already) support for ‘forever login’ (as I mentioned above). It seems to me that if we instead switch to supporting SSO (which has a max session-length of 30 days) then that obviates the need/usage of refresh tokens? But, maybe I’m thinking about this incorrectly?
IOW: if I am using refresh tokens (which never ‘expire’), and I never require my users of App-A to re-authenticate, then if/when they install-and-first-use App-B, there will be no SSO session (very possibly, because their origial SSO session will have expired a ‘long time ago’) that will auto-authenticate the user at that point. Thus, it seems to me that ‘mixing’ refresh tokens with SSO is a bad match because SSO sessions don’t ‘live forever’. Do you have any thoughts on that?