Authentication flow from mobile to web within the same phone?

jereloh · April 25, 2022, 9:27am

I’m looking for a solution where user is able to login to mobile that is built with auth0, through the mobile app click on a link and be able to redirect to a website (through chrome website built with same auth0 stack) and be logged in automatically to the website on chrome with this redirection.

The assumption is that both mobile app and web is not login in first.

I understand from this that some form of token sharing is required, any one can point me to a “right” direction on how this can be achieved or share their opinions if this an impossible/ use-case? (e.g. high security risk) ?

john.gateley · April 25, 2022, 5:22pm

Hi @jereloh

The easiest way is to use the Auth Code flow - open the full system web browser on the mobile app, and then SSO just works. The session is stored in a cookie, and since you are using the full system web browser, that cookie can be accessed by both the mobile app and web app.

There are other ways but they are either very difficult or very insecure.

John

konrad.sopala · April 26, 2022, 9:52am

Thanks for help on this one John!