Our mobile app is built on Angular 1.x.x in Phonegap Cordova, and we are facing a couple of difficulties in implementing Lock.
- Google Social connection is blocking webview Oauth requests.
- Implementing Persistent authorization tokens using Lock (tokens that doesn’t expire, such as refresh_tokens)
Regarding (1), how can we work around this issue with Cordova? We are currently working with angular-lock and auth0-angular and our client in Auth0 is set to an SPA. So we are basically using lock as part of our angular application, as if it were a web application (non-strict mobile). Is it a bad approach? If we use the auth0-cordova integration with PKCE and hosted login page would it resolve this issue? Is this the best approach?
Regarding (2), if it is still possible to use lock in option (1), how can we configure it to use refresh_tokens? Or should we use silent authentication?