Hi Jose,
We are currently in the situation, where native mobile app will not be changed in the way it authenticates a user, best thing we can achieve for now, native mobile app could share user’s id_token to the responsive website app.
We do use auth0 SSO via customized Universal Login, we have 3 separate web apps and a native mobile app. On web app is easy, as I can try Silent Authentication with prompt=none and under a failure, redirect to Universal Login again having to prompt for user login. So if user journey started from one of web apps and user is on the same browser and as long as web app attempts Silent Authentication it is all good. But if journey started from native mobile app and then user was taken out to responsive web app, this is where session does not exist with Universal Login, in order for web app to know about the user who came from mobile app - would be sharing id_token, so web app could decode the payload and basic user info and of course verify id_token if valid and get basic info about the user, but as long as user will click to from one web app to another web app - it will try Silent Auth again, and will fail, as Auth0 is still not aware about user session.
So is there something like to be able to initiate user session in auth0 Universal Login, by providing only user id_token, where Universal Login does token verification and under success initiates user auth session and redirects back to callback as it would be within normal authenticate flow? In this case, we don’t have to implement id_token verify and decode for each app, and we are able to properly use auth0 SSO across all web apps.
Thanks,
Egis