How to share authentication between mobile app and webview?


I was wondering and try to find a solution to open webview inside mobile application with the same authentication session or same users without any user interaction.

Now I was already implemented login for mobile with Oauth but if I have no idea to implement like the mentioned above with correctly solution.

I have some solution not sure is it the best practice and good for security.

  1. I will generate authorize url with a new client different from mobile app for the button in app but in this case, have a chance to allow the user login with a different account if the user doesn’t know that. It will make a mismatch between mobile and webview.
  2. I will pass id_token instead and let webview validate id_token with a public key if valid force login for webview.

FYI, I have implemented OIDC, too but not I can use it to support this case or not?

1 Like

OIDC error .