How to enable SSO login from ios native app to a webview

vinamelody · June 24, 2021, 9:08am

Hi, I have an ios app that opens a webview using auth0-spa-js and would like to enable auto login on that webview.

read an old post wanting to achieve the same How to do SSO between iOS app and React SPA in same organization? - #2 by Abhishek_Hingnikar1
but I still can’t understand what’s the actionable in the context of ios and the webview.

The user arrives to your app. Your app sees no session and initiates login using the WebAuth method in the iOS / Swift SDK. At this point your application will get a refresh_token which the app use to keep the user logged in.

Ok, i can get the refresh_token, what should I do with it?

The user then goes to the webview say https://foo.com/ at this point foo.com will notice that there is no session that it has for the user, therefore it will redirect to Auth0 with prompt=none optimistically (using the renewAuth method in Auth0.js).

Is this done on the web application side or the webview url? Need more info on this please

Thank you in advanced!

SDK: pod ‘Auth0’, ‘~> 1.13’, auth0-spa-js v1.15.0
Platform: ios 14.5

vinamelody · June 25, 2021, 10:08am

Hi @igorf7027 , is there anything i should add on my iOS & web app?

alex32 · August 27, 2021, 12:47pm

I’m also interested in hearing about this solution. Did you get any further with it @vinamelody ?
@igorf7027 any update?

romain.billot · February 11, 2022, 2:13pm

I have the same use case.

We have one native application that opens multiple web application using webview on user demand.

The same authentication method is used, in this case, OpenID Connect.

When the user first authenticate against the native application on iOS, it opens up a Safari Webview Controller, the user complete the authentication requirements, where their are redirected back to the native application.

Later on, the user click on a button and open a webview that displays a web application. We want this user to be able to authenticate on this web application. But cookies are not shared between the Webview and the Safari Webview Controller, so session isn’t found and user has to re-complete authentication requirements.

Is there any workaroud to share cookies sessions? Or at least, would the webview be able to open a Safari Webview Controller on authentication requested? So the cookies would be found?

But in this case, how to pass authentication code? Should we register yet another callback on the native side so the native application could pass the authentication code to the webview / web application and the web application could exchange that code to complete authentication?

It’s a bit overkilled, isn’t it?

Keanu · February 12, 2022, 6:33am

Thats what i was looking for this worked?

romain.billot · February 17, 2022, 5:06pm

What information are useful? Could you point us out to the right direction please?