How to enable SSO login from ios native app to a webview

Hi, I have an ios app that opens a webview using auth0-spa-js and would like to enable auto login on that webview.

read an old post wanting to achieve the same How to do SSO between iOS app and React SPA in same organization? - #2 by Abhishek_Hingnikar1
but I still can’t understand what’s the actionable in the context of ios and the webview.

  1. The user arrives to your app. Your app sees no session and initiates login using the WebAuth method in the iOS / Swift SDK. At this point your application will get a refresh_token which the app use to keep the user logged in.

Ok, i can get the refresh_token, what should I do with it?

  1. The user then goes to the webview say https://foo.com/ at this point foo.com will notice that there is no session that it has for the user, therefore it will redirect to Auth0 with prompt=none optimistically (using the renewAuth method in Auth0.js).

Is this done on the web application side or the webview url? Need more info on this please :grinning:

Thank you in advanced!

SDK: pod ‘Auth0’, ‘~> 1.13’, auth0-spa-js v1.15.0
Platform: ios 14.5

Hi @igorf7027 , is there anything i should add on my iOS & web app?

I’m also interested in hearing about this solution. Did you get any further with it @vinamelody ?
@igorf7027 any update?

what if the very same app contains embedded web view component which need to access resources using the same SSO on the same server in the same web apps as the native code where all resources require authentication for access?

UPSers

I have the same use case.

We have one native application that opens multiple web application using webview on user demand.

The same authentication method is used, in this case, OpenID Connect.

When the user first authenticate against the native application on iOS, it opens up a Safari Webview Controller, the user complete the authentication requirements, where their are redirected back to the native application.

Later on, the user click on a button and open a webview that displays a web application. We want this user to be able to authenticate on this web application. But cookies are not shared between the Webview and the Safari Webview Controller, so session isn’t found and user has to re-complete authentication requirements.

Is there any workaroud to share cookies sessions? Or at least, would the webview be able to open a Safari Webview Controller on authentication requested? So the cookies would be found?

But in this case, how to pass authentication code? Should we register yet another callback on the native side so the native application could pass the authentication code to the webview / web application and the web application could exchange that code to complete authentication?

It’s a bit overkilled, isn’t it?

Thats what i was looking for this worked?

Thanks for sharing this information. It was useful.

1 Like

What information are useful? Could you point us out to the right direction please?