We currently have an issue with keeping user logged in if i.e. - user logs in via native Android app using Auth0, but then he can reach another app, let’s say a responsive website app, where user is taken away from native app to mobile browser, so the issue in here is that user did not have a login session on auth0 sign in (lock) page and is asked to login again. The same question would apply if we have two native mobile apps and one native app takes user to another native app.
I do know about Silent Sign in, which we are using, but that works only if used on the same browser, where it keeps previous login session cookie for the same browser on auth0 lock page.
After a lot of searching I can find only this solution, which is not straightforward:
By the way would this solve the native app to responsive website auto login issue?
Assuming we cannot change the way user logins in the native app, what would be another approach to do seamless login?
Is it the only one possible option - native mobile app posts user’s id_token to responsive website app, where responsive website app decodes and verifies this jwt id_token and uses the decoded payload info to assume that’s the user? (https://auth0.com/docs/tokens/id-token)
Of course, this latter solution does not solve silent sign in issue, if user would land on auth0 lock sign in page - it would be still not aware about user’s session for this new browser.
Can you please verify this information and suggest any ideas and what other approaches are possible?
P.S. It would be nice to have Auth0 api (probably the same as current authenticate with callback is, just extra param like id_token) where you send this Id_token and auth0 verifies it, decodes it and signs in the user, by keeping user’s sign in session on auth0 lock page and of course re-using same callback to send all data as usual, if something like that exists - please let me know. We are using passport-auth0 plugin for auth0 SSO with callbacks.