I have a problem in that after 24 hours, which is the token lifetime max, Safari on iOS doesn’t seem to do silent authentication. I wonder if it is due to this, which seems to be for MacOS, but not sure on iOS
I have a custom domain, with the domain being auth.XXXX.com, where XXXX is the name of the website XXXX.com.
If I use a Windows machine, or Chrome/Firefox through iOS, I don’t have such a problem. Is there anything I can do to make it so that the user doesn’t have to enter their login info every 24 hours on iOS default browser?
Hey there @airmaster, I apologize for the delay in response.
While you can leverage refresh tokens on a IOS device, this does enable the device to have secure access to your app that long term may not be desired result as referenced in our documentation here:
Refresh Tokens must be stored securely by an application since they allow a user to remain authenticated essentially forever.
I would also recommend giving the Authorization Code Grant with PKCE a look as well!
Due to the age of this topic I will keep it open for another ten days unless I hear otherwise from you. Thanks!
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.