The renewAuth method was superseded by checkSession which gives similar behavior with reduced complexity so yes, you should use that one instead of renewAuth. In addition, although the recommendation is to make use of a single login page across applications (hosted login page), you should also be able to leverage those two methods if you implement an embedded login approach using: Cross-Origin Authentication