We are developing a new SPA web application in Angular with Auth0 New Universal Login.
We have a requirement where we need allow the logged in users to to continue their sessions on their mobile browsers without entering the credentials again.
One approach could be to generate an encrypted URL (along with the auth token) from their ongoing session in the desktop browser. Users will then enter the URL in their mobile browser to autologin and continue their session there.
I was wondering if it is possible to share the user session accross different devices? Note that New Universal Login is implemented using SDK longwithredirect method, so we don’t have much control there. If its not possible, what are my options to achive that?
Just to clarify - Users are logging in to a SPA on a different device (desktop) and then moving to a mobile browser, correct? Are they accessing the same SPA app or will there be a mobile app involved?
You should be able to achieve this by configuring silent authentication which will check for a session at the authorization server (Auth0) and return tokens accordingly. The Angular SDK has a getAccessTokenSilently method specifically for this use case.
Thanks. On the target mobile browser we tried calling getAccessTokenSilently instead of loginWithRedirect method but it landed us on the login page. Is there any additional configuration required at the tenant level?
Hey @demoauth0 thanks for confirming - I should’ve been more clear in my previous response in that this is only possible if the mobile browser/application is already aware of the user and/or the browser implements some sort of synchronization. Without one of these then the behavior you’ve described is expected. That is, without any knowledge of the user they will be prompted to login.