I have a NextJS app which is using symmetrically encrypted appSession, as far as I understood from the spec.
This appSession is stored in a cookie jar and used for getting user data in opaque way.
So far so good.
Now I have iOS app where I want to authenticate one time and just feed my tokens in to the Web app in WebView. I know that this is a discussion over years.
I can expose
access_token or even try to create
appSession with A256GCM encryption exposing Auth0Secret.
I don’t like that and I was thinking - if my above understanding is correct:
Can I somehow ask for appSession generated on Auth0 server(less) function and just inject it from iOS app to cookie jar?